summaryrefslogtreecommitdiff
path: root/source3/printing/nt_printing.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/printing/nt_printing.c')
-rw-r--r--source3/printing/nt_printing.c29
1 files changed, 20 insertions, 9 deletions
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index c65da830fb..beb1e45755 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -25,6 +25,7 @@
#include "registry.h"
#include "registry/reg_objects.h"
#include "../librpc/gen_ndr/ndr_security.h"
+#include "rpc_server/srv_spoolss_util.h"
static TDB_CONTEXT *tdb_forms; /* used for forms files */
static TDB_CONTEXT *tdb_drivers; /* used for driver files */
@@ -5463,9 +5464,11 @@ void map_job_permissions(struct security_descriptor *sd)
bool print_access_check(struct auth_serversupplied_info *server_info, int snum,
int access_type)
{
- struct sec_desc_buf *secdesc = NULL;
+ struct spoolss_security_descriptor *secdesc = NULL;
uint32 access_granted;
+ size_t sd_size;
NTSTATUS status;
+ WERROR result;
const char *pname;
TALLOC_CTX *mem_ctx = NULL;
SE_PRIV se_printop = SE_PRINT_OPERATOR;
@@ -5495,34 +5498,42 @@ bool print_access_check(struct auth_serversupplied_info *server_info, int snum,
return False;
}
- if (!nt_printing_getsec(mem_ctx, pname, &secdesc)) {
+ result = winreg_get_printer_secdesc(mem_ctx,
+ server_info,
+ pname,
+ &secdesc);
+ if (!W_ERROR_IS_OK(result)) {
talloc_destroy(mem_ctx);
errno = ENOMEM;
return False;
}
if (access_type == JOB_ACCESS_ADMINISTER) {
- struct sec_desc_buf *parent_secdesc = secdesc;
+ struct spoolss_security_descriptor *parent_secdesc = secdesc;
/* Create a child security descriptor to check permissions
against. This is because print jobs are child objects
objects of a printer. */
-
- status = se_create_child_secdesc_buf(mem_ctx, &secdesc, parent_secdesc->sd, False);
-
+ status = se_create_child_secdesc(mem_ctx,
+ &secdesc,
+ &sd_size,
+ parent_secdesc,
+ parent_secdesc->owner_sid,
+ parent_secdesc->group_sid,
+ false);
if (!NT_STATUS_IS_OK(status)) {
talloc_destroy(mem_ctx);
errno = map_errno_from_nt_status(status);
return False;
}
- map_job_permissions(secdesc->sd);
+ map_job_permissions(secdesc);
} else {
- map_printer_permissions(secdesc->sd);
+ map_printer_permissions(secdesc);
}
/* Check access */
- status = se_access_check(secdesc->sd, server_info->ptok, access_type,
+ status = se_access_check(secdesc, server_info->ptok, access_type,
&access_granted);
DEBUG(4, ("access check was %s\n", NT_STATUS_IS_OK(status) ? "SUCCESS" : "FAILURE"));