diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/proto.h | 10 | ||||
-rw-r--r-- | source3/param/loadparm.c | 4 | ||||
-rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 30 |
3 files changed, 30 insertions, 14 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index f1183789f7..65174216b5 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1385,6 +1385,7 @@ BOOL lp_ssl_enabled(void); BOOL lp_ssl_reqClientCert(void); BOOL lp_ssl_reqServerCert(void); BOOL lp_ssl_compatibility(void); +BOOL lp_ms_add_printer_wizard(void); BOOL lp_dns_proxy(void); BOOL lp_wins_support(void); BOOL lp_we_are_a_wins_server(void); @@ -1977,15 +1978,6 @@ uint32 spoolss_getprinterdriverdir(fstring srv_name, fstring env_name, uint32 le uint32 *needed); uint32 spoolss_addprinterdriver(const char *srv_name, uint32 level, PRINTER_DRIVER_CTR *info); -/*The following definitions come from rpc_client/cli_spoolss_notify.c */ - -BOOL spoolss_disconnect_from_client( struct cli_state *cli); -BOOL spoolss_connect_to_client( struct cli_state *cli, char *remote_machine); -BOOL cli_spoolss_reply_open_printer(struct cli_state *cli, char *printer, uint32 localprinter, uint32 type, uint32 *status, POLICY_HND *handle); -BOOL cli_spoolss_reply_rrpcn(struct cli_state *cli, POLICY_HND *handle, - uint32 change_low, uint32 change_high, uint32 *status); -BOOL cli_spoolss_reply_close_printer(struct cli_state *cli, POLICY_HND *handle, uint32 *status); - /*The following definitions come from rpc_client/cli_srvsvc.c */ BOOL do_srv_net_srv_conn_enum(struct cli_state *cli, diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 883d03f6a4..c03e1025b1 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -219,6 +219,7 @@ typedef struct BOOL sslReqServerCert; BOOL sslCompatibility; #endif /* WITH_SSL */ + BOOL bMsAddPrinterWizard; BOOL bDNSproxy; BOOL bWINSsupport; BOOL bWINSproxy; @@ -806,6 +807,7 @@ static struct parm_struct parm_table[] = { {"enumports command", P_STRING, P_GLOBAL, &Globals.szEnumPortsCommand, NULL, NULL, 0}, {"addprinter command", P_STRING, P_GLOBAL, &Globals.szAddPrinterCommand, NULL, NULL, 0}, {"deleteprinter command", P_STRING, P_GLOBAL, &Globals.szDeletePrinterCommand, NULL, NULL, 0}, + {"show add printer wizard", P_BOOL, P_GLOBAL, &Globals.bMsAddPrinterWizard, NULL, NULL, 0}, {"printer name", P_STRING, P_LOCAL, &sDefault.szPrintername, NULL, NULL, FLAG_PRINT}, {"printer", P_STRING, P_LOCAL, &sDefault.szPrintername, NULL, NULL, 0}, @@ -1231,6 +1233,7 @@ static void init_globals(void) */ + Globals.bMsAddPrinterWizard = True; Globals.bPreferredMaster = Auto; /* depending on bDomainMaster */ Globals.os_level = 20; Globals.bLocalMaster = True; @@ -1406,6 +1409,7 @@ FN_GLOBAL_BOOL(lp_ssl_reqServerCert, &Globals.sslReqServerCert); FN_GLOBAL_BOOL(lp_ssl_compatibility, &Globals.sslCompatibility); #endif /* WITH_SSL */ +FN_GLOBAL_BOOL(lp_ms_add_printer_wizard, &Globals.bMsAddPrinterWizard) FN_GLOBAL_BOOL(lp_dns_proxy, &Globals.bDNSproxy) FN_GLOBAL_BOOL(lp_wins_support, &Globals.bWINSsupport) FN_GLOBAL_BOOL(lp_we_are_a_wins_server, &Globals.bWINSsupport) diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 2a25f615d8..821cdf30e5 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -196,6 +196,8 @@ static BOOL srv_spoolss_replycloseprinter(POLICY_HND *handle) return False; smb_connections--; + + return True; } /**************************************************************************** @@ -280,7 +282,7 @@ static BOOL delete_printer_handle(POLICY_HND *hnd) DEBUGADD(10,("Unlinking output file [%s]\n", tmp_file)); unlink(tmp_file); - // Send SIGHUP to process group... is there a better way? + /* Send SIGHUP to process group... is there a better way? */ kill(0, SIGHUP); if ( ( i = lp_servicenumber( Printer->dev.handlename ) ) >= 0 ) { @@ -495,6 +497,7 @@ static BOOL open_printer_hnd(POLICY_HND *hnd, char *name) { Printer_entry *new_printer; + DEBUG(10,("open_printer_hnd: name [%s]\n", name)); clear_handle(hnd); create_printer_hnd(hnd); @@ -600,6 +603,8 @@ static BOOL srv_spoolss_receive_message(char *printer) return False; } + + return True; } /*************************************************************************** @@ -622,6 +627,8 @@ static BOOL srv_spoolss_sendnotify(POLICY_HND *handle) fstrcpy(printer, ""); srv_spoolss_receive_message(printer); + + return True; } /******************************************************************** @@ -663,6 +670,17 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername, return ERROR_ACCESS_DENIED; } + /* Disallow MS AddPrinterWizard if access rights are insufficient OR + if parameter disables it. The client tries an OpenPrinterEx with + SERVER_ALL_ACCESS(0xf0003), which we force to fail. It then tries + OpenPrinterEx with SERVER_READ(0x20002) which we allow. This lets + it see any printers there, but does not show the MSAPW */ + if (handle_is_printserver(handle) && + printer_default->access_required != (SERVER_READ) && + !lp_ms_add_printer_wizard() ) { + return ERROR_ACCESS_DENIED; + } + return NT_STATUS_NO_PROBLEMO; } @@ -1001,6 +1019,8 @@ static BOOL srv_spoolss_replyopenprinter(char *printer, uint32 localprinter, uin if(!cli_spoolss_reply_open_printer(&cli, printer, localprinter, type, &status, handle)) return False; + + return True; } /******************************************************************** @@ -3451,11 +3471,11 @@ static BOOL add_printer_hook(NT_PRINTER_INFO_LEVEL *printer) unlink(tmp_file); if(numlines) { - // Set the portname to what the script says the portname should be + /* Set the portname to what the script says the portname should be. */ strncpy(printer->info_2->portname, qlines[0], sizeof(printer->info_2->portname)); DEBUGADD(6,("Line[0] = [%s]\n", qlines[0])); - // Send SIGHUP to process group... is there a better way? + /* Send SIGHUP to process group... is there a better way? */ kill(0, SIGHUP); add_all_printers(); } @@ -4393,7 +4413,7 @@ static uint32 enumports_level_1(NEW_BUFFER *buffer, uint32 offered, uint32 *need DEBUG(10,("Returned [%d]\n", ret)); if (ret != 0) { unlink(tmp_file); - // Is this the best error to return here? + /* Is this the best error to return here? */ return ERROR_ACCESS_DENIED; } @@ -4491,7 +4511,7 @@ static uint32 enumports_level_2(NEW_BUFFER *buffer, uint32 offered, uint32 *need DEBUGADD(10,("returned [%d]\n", ret)); if (ret != 0) { unlink(tmp_file); - // Is this the best error to return here? + /* Is this the best error to return here? */ return ERROR_ACCESS_DENIED; } |