summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h10
-rw-r--r--source3/param/loadparm.c4
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c30
3 files changed, 30 insertions, 14 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index f1183789f7..65174216b5 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1385,6 +1385,7 @@ BOOL lp_ssl_enabled(void);
BOOL lp_ssl_reqClientCert(void);
BOOL lp_ssl_reqServerCert(void);
BOOL lp_ssl_compatibility(void);
+BOOL lp_ms_add_printer_wizard(void);
BOOL lp_dns_proxy(void);
BOOL lp_wins_support(void);
BOOL lp_we_are_a_wins_server(void);
@@ -1977,15 +1978,6 @@ uint32 spoolss_getprinterdriverdir(fstring srv_name, fstring env_name, uint32 le
uint32 *needed);
uint32 spoolss_addprinterdriver(const char *srv_name, uint32 level, PRINTER_DRIVER_CTR *info);
-/*The following definitions come from rpc_client/cli_spoolss_notify.c */
-
-BOOL spoolss_disconnect_from_client( struct cli_state *cli);
-BOOL spoolss_connect_to_client( struct cli_state *cli, char *remote_machine);
-BOOL cli_spoolss_reply_open_printer(struct cli_state *cli, char *printer, uint32 localprinter, uint32 type, uint32 *status, POLICY_HND *handle);
-BOOL cli_spoolss_reply_rrpcn(struct cli_state *cli, POLICY_HND *handle,
- uint32 change_low, uint32 change_high, uint32 *status);
-BOOL cli_spoolss_reply_close_printer(struct cli_state *cli, POLICY_HND *handle, uint32 *status);
-
/*The following definitions come from rpc_client/cli_srvsvc.c */
BOOL do_srv_net_srv_conn_enum(struct cli_state *cli,
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 883d03f6a4..c03e1025b1 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -219,6 +219,7 @@ typedef struct
BOOL sslReqServerCert;
BOOL sslCompatibility;
#endif /* WITH_SSL */
+ BOOL bMsAddPrinterWizard;
BOOL bDNSproxy;
BOOL bWINSsupport;
BOOL bWINSproxy;
@@ -806,6 +807,7 @@ static struct parm_struct parm_table[] = {
{"enumports command", P_STRING, P_GLOBAL, &Globals.szEnumPortsCommand, NULL, NULL, 0},
{"addprinter command", P_STRING, P_GLOBAL, &Globals.szAddPrinterCommand, NULL, NULL, 0},
{"deleteprinter command", P_STRING, P_GLOBAL, &Globals.szDeletePrinterCommand, NULL, NULL, 0},
+ {"show add printer wizard", P_BOOL, P_GLOBAL, &Globals.bMsAddPrinterWizard, NULL, NULL, 0},
{"printer name", P_STRING, P_LOCAL, &sDefault.szPrintername, NULL, NULL, FLAG_PRINT},
{"printer", P_STRING, P_LOCAL, &sDefault.szPrintername, NULL, NULL, 0},
@@ -1231,6 +1233,7 @@ static void init_globals(void)
*/
+ Globals.bMsAddPrinterWizard = True;
Globals.bPreferredMaster = Auto; /* depending on bDomainMaster */
Globals.os_level = 20;
Globals.bLocalMaster = True;
@@ -1406,6 +1409,7 @@ FN_GLOBAL_BOOL(lp_ssl_reqServerCert, &Globals.sslReqServerCert);
FN_GLOBAL_BOOL(lp_ssl_compatibility, &Globals.sslCompatibility);
#endif /* WITH_SSL */
+FN_GLOBAL_BOOL(lp_ms_add_printer_wizard, &Globals.bMsAddPrinterWizard)
FN_GLOBAL_BOOL(lp_dns_proxy, &Globals.bDNSproxy)
FN_GLOBAL_BOOL(lp_wins_support, &Globals.bWINSsupport)
FN_GLOBAL_BOOL(lp_we_are_a_wins_server, &Globals.bWINSsupport)
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 2a25f615d8..821cdf30e5 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -196,6 +196,8 @@ static BOOL srv_spoolss_replycloseprinter(POLICY_HND *handle)
return False;
smb_connections--;
+
+ return True;
}
/****************************************************************************
@@ -280,7 +282,7 @@ static BOOL delete_printer_handle(POLICY_HND *hnd)
DEBUGADD(10,("Unlinking output file [%s]\n", tmp_file));
unlink(tmp_file);
- // Send SIGHUP to process group... is there a better way?
+ /* Send SIGHUP to process group... is there a better way? */
kill(0, SIGHUP);
if ( ( i = lp_servicenumber( Printer->dev.handlename ) ) >= 0 ) {
@@ -495,6 +497,7 @@ static BOOL open_printer_hnd(POLICY_HND *hnd, char *name)
{
Printer_entry *new_printer;
+ DEBUG(10,("open_printer_hnd: name [%s]\n", name));
clear_handle(hnd);
create_printer_hnd(hnd);
@@ -600,6 +603,8 @@ static BOOL srv_spoolss_receive_message(char *printer)
return False;
}
+
+ return True;
}
/***************************************************************************
@@ -622,6 +627,8 @@ static BOOL srv_spoolss_sendnotify(POLICY_HND *handle)
fstrcpy(printer, "");
srv_spoolss_receive_message(printer);
+
+ return True;
}
/********************************************************************
@@ -663,6 +670,17 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername,
return ERROR_ACCESS_DENIED;
}
+ /* Disallow MS AddPrinterWizard if access rights are insufficient OR
+ if parameter disables it. The client tries an OpenPrinterEx with
+ SERVER_ALL_ACCESS(0xf0003), which we force to fail. It then tries
+ OpenPrinterEx with SERVER_READ(0x20002) which we allow. This lets
+ it see any printers there, but does not show the MSAPW */
+ if (handle_is_printserver(handle) &&
+ printer_default->access_required != (SERVER_READ) &&
+ !lp_ms_add_printer_wizard() ) {
+ return ERROR_ACCESS_DENIED;
+ }
+
return NT_STATUS_NO_PROBLEMO;
}
@@ -1001,6 +1019,8 @@ static BOOL srv_spoolss_replyopenprinter(char *printer, uint32 localprinter, uin
if(!cli_spoolss_reply_open_printer(&cli, printer, localprinter, type, &status, handle))
return False;
+
+ return True;
}
/********************************************************************
@@ -3451,11 +3471,11 @@ static BOOL add_printer_hook(NT_PRINTER_INFO_LEVEL *printer)
unlink(tmp_file);
if(numlines) {
- // Set the portname to what the script says the portname should be
+ /* Set the portname to what the script says the portname should be. */
strncpy(printer->info_2->portname, qlines[0], sizeof(printer->info_2->portname));
DEBUGADD(6,("Line[0] = [%s]\n", qlines[0]));
- // Send SIGHUP to process group... is there a better way?
+ /* Send SIGHUP to process group... is there a better way? */
kill(0, SIGHUP);
add_all_printers();
}
@@ -4393,7 +4413,7 @@ static uint32 enumports_level_1(NEW_BUFFER *buffer, uint32 offered, uint32 *need
DEBUG(10,("Returned [%d]\n", ret));
if (ret != 0) {
unlink(tmp_file);
- // Is this the best error to return here?
+ /* Is this the best error to return here? */
return ERROR_ACCESS_DENIED;
}
@@ -4491,7 +4511,7 @@ static uint32 enumports_level_2(NEW_BUFFER *buffer, uint32 offered, uint32 *need
DEBUGADD(10,("returned [%d]\n", ret));
if (ret != 0) {
unlink(tmp_file);
- // Is this the best error to return here?
+ /* Is this the best error to return here? */
return ERROR_ACCESS_DENIED;
}