From c7a7dea3331c5d77f57fb0622303933ca7afb0f9 Mon Sep 17 00:00:00 2001 From: David O'Neill Date: Thu, 25 Jan 2001 20:15:32 +0000 Subject: Changes from APPLIANCE_HEAD: source/rpc_server/srv_spoolss_nt.c - Changed the se_access_check() call in _spoolss_open_printer_ex() to a print_access_check(). This allows the 'printer admins' smb.conf and other permission override parameters to affect the result of a printer open. - Don't perform access check when opening a handle on a print server as it breaks browsing the Printers folder. (This used to be commit bbe51d4b5f6da4c7668214511e25eff098bf03b1) --- source3/rpc_server/srv_spoolss_nt.c | 31 +++++++++++-------------------- 1 file changed, 11 insertions(+), 20 deletions(-) diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 4be338d4d6..0ffe172b0a 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -669,10 +669,8 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername, POLICY_HND *handle) { uint32 result = NT_STATUS_NO_PROBLEMO; - SEC_DESC_BUF *sec_desc = NULL; - uint32 acc_granted, status; fstring name; - extern struct current_user current_user; + int snum; if (printername == NULL) { result = ERROR_INVALID_PRINTER_NAME; @@ -729,29 +727,22 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername, } /* NT doesn't let us connect to a printer if the connecting user - doesn't have print permission. If no security descriptor just - return OK. */ + doesn't have print permission. */ - if (!nt_printing_getsec(name, &sec_desc)) { - goto done; - } - - /* Yuck - we should use the pipe_user rather than current_user but - it doesn't seem to be filled in correctly. )-: */ + if (!handle_is_printserver(handle)) { - map_printer_permissions(sec_desc->sec); + if (!get_printer_snum(handle, &snum)) + return ERROR_INVALID_HANDLE; - if (!se_access_check(sec_desc->sec, ¤t_user, PRINTER_ACCESS_USE, - &acc_granted, &status)) { - DEBUG(3, ("access DENIED for printer open\n")); - close_printer_handle(handle); - result = ERROR_ACCESS_DENIED; - goto done; + if (!print_access_check(NULL, snum, PRINTER_ACCESS_USE)) { + DEBUG(3, ("access DENIED for printer open\n")); + close_printer_handle(handle); + result = ERROR_ACCESS_DENIED; + goto done; + } } done: - free_sec_desc_buf(&sec_desc); - return result; } -- cgit