From 98612fe79321ade72c23ca0c1d966a1c192ec977 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 15 Nov 2010 12:22:52 +0100 Subject: s3-spoolss: make sure members of "BUILTIN\Print Operators" can open printers with admin privileges. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Autobuild-User: Günther Deschner Autobuild-Date: Wed Nov 17 15:05:02 UTC 2010 on sn-devel-104 --- source3/rpc_server/srv_spoolss_nt.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 755d8fc473..01b4a75083 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -1791,6 +1791,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, if ((p->server_info->utok.uid != sec_initial_uid()) && !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) && + !nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->server_info->ptok) && !token_contains_name_in_list( uidtoname(p->server_info->utok.uid), p->server_info->info3->base.domain.string, @@ -1800,7 +1801,8 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, close_printer_handle(p, r->out.handle); ZERO_STRUCTP(r->out.handle); DEBUG(3,("access DENIED as user is not root, " - "has no printoperator privilege and " + "has no printoperator privilege, " + "not a member of the printoperater builtin group and " "is not in printer admin list")); return WERR_ACCESS_DENIED; } -- cgit