summaryrefslogtreecommitdiff
path: root/source3/printing
diff options
context:
space:
mode:
Diffstat (limited to 'source3/printing')
-rw-r--r--source3/printing/nt_printing.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index a3e4db2314..c7781c6510 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -2748,7 +2748,7 @@ uint32 nt_printing_setsec(char *printername, SEC_DESC_BUF *secdesc_ctr)
static SEC_DESC_BUF *construct_default_printer_sdb(void)
{
- SEC_ACE ace[2];
+ SEC_ACE ace[3];
SEC_ACCESS sa;
SEC_ACL *psa = NULL;
SEC_DESC_BUF *sdb = NULL;
@@ -2763,7 +2763,6 @@ static SEC_DESC_BUF *construct_default_printer_sdb(void)
init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
-
/* Make the security descriptor owned by the Administrators group
on the PDC of the domain. */
@@ -2783,8 +2782,13 @@ static SEC_DESC_BUF *construct_default_printer_sdb(void)
}
}
- init_sec_access(&sa, PRINTER_ACE_MANAGE_DOCUMENTS | PRINTER_ACE_PRINT);
+ init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL);
init_sec_ace(&ace[1], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
+ sa, SEC_ACE_FLAG_OBJECT_INHERIT |
+ SEC_ACE_FLAG_INHERIT_ONLY);
+
+ init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL);
+ init_sec_ace(&ace[2], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
/* The ACL revision number in rpc_secdesc.h differs from the one
@@ -2794,7 +2798,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(void)
#define NT4_ACL_REVISION 0x2
- if ((psa = make_sec_acl(NT4_ACL_REVISION, 2, ace)) != NULL) {
+ if ((psa = make_sec_acl(NT4_ACL_REVISION, 3, ace)) != NULL) {
psd = make_sec_desc(SEC_DESC_REVISION,
&owner_sid, NULL,
NULL, psa, &sd_size);