summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c109
1 files changed, 53 insertions, 56 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index b5dd459462..5fbb6d91b0 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -348,6 +348,58 @@ static BOOL close_printer_handle(pipes_struct *p, POLICY_HND *hnd)
/****************************************************************************
Delete a printer given a handle.
****************************************************************************/
+WERROR delete_printer_hook( NT_USER_TOKEN *token, const char *sharename )
+{
+ char *cmd = lp_deleteprinter_cmd();
+ pstring command;
+ int ret;
+ SE_PRIV se_printop = SE_PRINT_OPERATOR;
+ BOOL is_print_op = False;
+
+ /* can't fail if we don't try */
+
+ if ( !*cmd )
+ return WERR_OK;
+
+ pstr_sprintf(command, "%s \"%s\"", cmd, sharename);
+
+ if ( token )
+ is_print_op = user_has_privileges( token, &se_printop );
+
+ DEBUG(10,("Running [%s]\n", command));
+
+ /********** BEGIN SePrintOperatorPrivlege BLOCK **********/
+
+ if ( is_print_op )
+ become_root();
+
+ if ( (ret = smbrun(command, NULL)) == 0 ) {
+ /* Tell everyone we updated smb.conf. */
+ message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL);
+ }
+
+ if ( is_print_op )
+ unbecome_root();
+
+ /********** END SePrintOperatorPrivlege BLOCK **********/
+
+ DEBUGADD(10,("returned [%d]\n", ret));
+
+ if (ret != 0)
+ return WERR_BADFID; /* What to return here? */
+
+ /* go ahead and re-read the services immediately */
+ reload_services( False );
+
+ if ( lp_servicenumber( sharename ) < 0 )
+ return WERR_ACCESS_DENIED;
+
+ return WERR_OK;
+}
+
+/****************************************************************************
+ Delete a printer given a handle.
+****************************************************************************/
static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
{
@@ -369,18 +421,6 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
DEBUG(3, ("delete_printer_handle: denied by handle\n"));
return WERR_ACCESS_DENIED;
}
-
-#if 0
- /* Check calling user has permission to delete printer. Note that
- since we set the snum parameter to -1 only administrators can
- delete the printer. This stops people with the Full Control
- permission from deleting the printer. */
-
- if (!print_access_check(NULL, -1, PRINTER_ACCESS_ADMINISTER)) {
- DEBUG(3, ("printer delete denied by security descriptor\n"));
- return WERR_ACCESS_DENIED;
- }
-#endif
/* this does not need a become root since the access check has been
done on the handle already */
@@ -390,50 +430,7 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
return WERR_BADFID;
}
- /* the delete printer script shoudl be run as root if the user has perms */
-
- if (*lp_deleteprinter_cmd()) {
-
- char *cmd = lp_deleteprinter_cmd();
- pstring command;
- int ret;
- SE_PRIV se_printop = SE_PRINT_OPERATOR;
- BOOL is_print_op;
-
- pstr_sprintf(command, "%s \"%s\"", cmd, Printer->sharename);
-
- is_print_op = user_has_privileges( p->pipe_user.nt_user_token, &se_printop );
-
- DEBUG(10,("Running [%s]\n", command));
-
- /********** BEGIN SePrintOperatorPrivlege BLOCK **********/
-
- if ( is_print_op )
- become_root();
-
- if ( (ret = smbrun(command, NULL)) == 0 ) {
- /* Tell everyone we updated smb.conf. */
- message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL);
- }
-
- if ( is_print_op )
- unbecome_root();
-
- /********** END SePrintOperatorPrivlege BLOCK **********/
-
- DEBUGADD(10,("returned [%d]\n", ret));
-
- if (ret != 0)
- return WERR_BADFID; /* What to return here? */
-
- /* go ahead and re-read the services immediately */
- reload_services( False );
-
- if ( lp_servicenumber( Printer->sharename ) < 0 )
- return WERR_ACCESS_DENIED;
- }
-
- return WERR_OK;
+ return delete_printer_hook( p->pipe_user.nt_user_token, Printer->sharename );
}
/****************************************************************************