diff options
-rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 109 |
1 files changed, 53 insertions, 56 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index b5dd459462..5fbb6d91b0 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -348,6 +348,58 @@ static BOOL close_printer_handle(pipes_struct *p, POLICY_HND *hnd) /**************************************************************************** Delete a printer given a handle. ****************************************************************************/ +WERROR delete_printer_hook( NT_USER_TOKEN *token, const char *sharename ) +{ + char *cmd = lp_deleteprinter_cmd(); + pstring command; + int ret; + SE_PRIV se_printop = SE_PRINT_OPERATOR; + BOOL is_print_op = False; + + /* can't fail if we don't try */ + + if ( !*cmd ) + return WERR_OK; + + pstr_sprintf(command, "%s \"%s\"", cmd, sharename); + + if ( token ) + is_print_op = user_has_privileges( token, &se_printop ); + + DEBUG(10,("Running [%s]\n", command)); + + /********** BEGIN SePrintOperatorPrivlege BLOCK **********/ + + if ( is_print_op ) + become_root(); + + if ( (ret = smbrun(command, NULL)) == 0 ) { + /* Tell everyone we updated smb.conf. */ + message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL); + } + + if ( is_print_op ) + unbecome_root(); + + /********** END SePrintOperatorPrivlege BLOCK **********/ + + DEBUGADD(10,("returned [%d]\n", ret)); + + if (ret != 0) + return WERR_BADFID; /* What to return here? */ + + /* go ahead and re-read the services immediately */ + reload_services( False ); + + if ( lp_servicenumber( sharename ) < 0 ) + return WERR_ACCESS_DENIED; + + return WERR_OK; +} + +/**************************************************************************** + Delete a printer given a handle. +****************************************************************************/ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd) { @@ -369,18 +421,6 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd) DEBUG(3, ("delete_printer_handle: denied by handle\n")); return WERR_ACCESS_DENIED; } - -#if 0 - /* Check calling user has permission to delete printer. Note that - since we set the snum parameter to -1 only administrators can - delete the printer. This stops people with the Full Control - permission from deleting the printer. */ - - if (!print_access_check(NULL, -1, PRINTER_ACCESS_ADMINISTER)) { - DEBUG(3, ("printer delete denied by security descriptor\n")); - return WERR_ACCESS_DENIED; - } -#endif /* this does not need a become root since the access check has been done on the handle already */ @@ -390,50 +430,7 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd) return WERR_BADFID; } - /* the delete printer script shoudl be run as root if the user has perms */ - - if (*lp_deleteprinter_cmd()) { - - char *cmd = lp_deleteprinter_cmd(); - pstring command; - int ret; - SE_PRIV se_printop = SE_PRINT_OPERATOR; - BOOL is_print_op; - - pstr_sprintf(command, "%s \"%s\"", cmd, Printer->sharename); - - is_print_op = user_has_privileges( p->pipe_user.nt_user_token, &se_printop ); - - DEBUG(10,("Running [%s]\n", command)); - - /********** BEGIN SePrintOperatorPrivlege BLOCK **********/ - - if ( is_print_op ) - become_root(); - - if ( (ret = smbrun(command, NULL)) == 0 ) { - /* Tell everyone we updated smb.conf. */ - message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL); - } - - if ( is_print_op ) - unbecome_root(); - - /********** END SePrintOperatorPrivlege BLOCK **********/ - - DEBUGADD(10,("returned [%d]\n", ret)); - - if (ret != 0) - return WERR_BADFID; /* What to return here? */ - - /* go ahead and re-read the services immediately */ - reload_services( False ); - - if ( lp_servicenumber( Printer->sharename ) < 0 ) - return WERR_ACCESS_DENIED; - } - - return WERR_OK; + return delete_printer_hook( p->pipe_user.nt_user_token, Printer->sharename ); } /**************************************************************************** |