summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c31
1 files changed, 11 insertions, 20 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 4be338d4d6..0ffe172b0a 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -669,10 +669,8 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername,
POLICY_HND *handle)
{
uint32 result = NT_STATUS_NO_PROBLEMO;
- SEC_DESC_BUF *sec_desc = NULL;
- uint32 acc_granted, status;
fstring name;
- extern struct current_user current_user;
+ int snum;
if (printername == NULL) {
result = ERROR_INVALID_PRINTER_NAME;
@@ -729,29 +727,22 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername,
}
/* NT doesn't let us connect to a printer if the connecting user
- doesn't have print permission. If no security descriptor just
- return OK. */
+ doesn't have print permission. */
- if (!nt_printing_getsec(name, &sec_desc)) {
- goto done;
- }
-
- /* Yuck - we should use the pipe_user rather than current_user but
- it doesn't seem to be filled in correctly. )-: */
+ if (!handle_is_printserver(handle)) {
- map_printer_permissions(sec_desc->sec);
+ if (!get_printer_snum(handle, &snum))
+ return ERROR_INVALID_HANDLE;
- if (!se_access_check(sec_desc->sec, &current_user, PRINTER_ACCESS_USE,
- &acc_granted, &status)) {
- DEBUG(3, ("access DENIED for printer open\n"));
- close_printer_handle(handle);
- result = ERROR_ACCESS_DENIED;
- goto done;
+ if (!print_access_check(NULL, snum, PRINTER_ACCESS_USE)) {
+ DEBUG(3, ("access DENIED for printer open\n"));
+ close_printer_handle(handle);
+ result = ERROR_ACCESS_DENIED;
+ goto done;
+ }
}
done:
- free_sec_desc_buf(&sec_desc);
-
return result;
}