summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c21
1 files changed, 14 insertions, 7 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 5a724d6ab6..56de5375fb 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -680,14 +680,21 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername,
return ERROR_ACCESS_DENIED;
}
- /* Disallow MS AddPrinterWizard if access rights are insufficient OR
- if parameter disables it. The client tries an OpenPrinterEx with
- SERVER_ALL_ACCESS(0xf0003), which we force to fail. It then tries
- OpenPrinterEx with SERVER_READ(0x20002) which we allow. This lets
- it see any printers there, but does not show the MSAPW */
+ /* Disallow MS AddPrinterWizard if parameter disables it. A Win2k
+ client 1st tries an OpenPrinterEx with access==0, MUST be allowed.
+ Then both Win2k and WinNT clients try an OpenPrinterEx with
+ SERVER_ALL_ACCESS, which we force to fail. Then they try
+ OpenPrinterEx with SERVER_READ which we allow. This lets the
+ client view printer folder, but does not show the MSAPW.
+
+ Note: this test needs code to check access rights here too. Jeremy
+ could you look at this? */
+
if (handle_is_printserver(handle) &&
- printer_default->access_required != (SERVER_READ) &&
- !lp_ms_add_printer_wizard() ) {
+ !lp_ms_add_printer_wizard()) {
+ if (printer_default->access_required == 0)
+ return NT_STATUS_NO_PROBLEMO;
+ else if (printer_default->access_required != (SERVER_READ))
return ERROR_ACCESS_DENIED;
}