From f2ff8bed26cc8b0f2fffbc41a605a8f95163a382 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 11 Jul 2005 18:59:54 +0000 Subject: r8326: factor out the delete printer code to a delete_printer_hook() for reuse (This used to be commit 0689851a90fbd91ff30f6e2afc05d141f6ce082d) --- source3/rpc_server/srv_spoolss_nt.c | 109 ++++++++++++++++++------------------ 1 file changed, 53 insertions(+), 56 deletions(-) diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index b5dd459462..5fbb6d91b0 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -345,6 +345,58 @@ static BOOL close_printer_handle(pipes_struct *p, POLICY_HND *hnd) return True; } +/**************************************************************************** + Delete a printer given a handle. +****************************************************************************/ +WERROR delete_printer_hook( NT_USER_TOKEN *token, const char *sharename ) +{ + char *cmd = lp_deleteprinter_cmd(); + pstring command; + int ret; + SE_PRIV se_printop = SE_PRINT_OPERATOR; + BOOL is_print_op = False; + + /* can't fail if we don't try */ + + if ( !*cmd ) + return WERR_OK; + + pstr_sprintf(command, "%s \"%s\"", cmd, sharename); + + if ( token ) + is_print_op = user_has_privileges( token, &se_printop ); + + DEBUG(10,("Running [%s]\n", command)); + + /********** BEGIN SePrintOperatorPrivlege BLOCK **********/ + + if ( is_print_op ) + become_root(); + + if ( (ret = smbrun(command, NULL)) == 0 ) { + /* Tell everyone we updated smb.conf. */ + message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL); + } + + if ( is_print_op ) + unbecome_root(); + + /********** END SePrintOperatorPrivlege BLOCK **********/ + + DEBUGADD(10,("returned [%d]\n", ret)); + + if (ret != 0) + return WERR_BADFID; /* What to return here? */ + + /* go ahead and re-read the services immediately */ + reload_services( False ); + + if ( lp_servicenumber( sharename ) < 0 ) + return WERR_ACCESS_DENIED; + + return WERR_OK; +} + /**************************************************************************** Delete a printer given a handle. ****************************************************************************/ @@ -369,18 +421,6 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd) DEBUG(3, ("delete_printer_handle: denied by handle\n")); return WERR_ACCESS_DENIED; } - -#if 0 - /* Check calling user has permission to delete printer. Note that - since we set the snum parameter to -1 only administrators can - delete the printer. This stops people with the Full Control - permission from deleting the printer. */ - - if (!print_access_check(NULL, -1, PRINTER_ACCESS_ADMINISTER)) { - DEBUG(3, ("printer delete denied by security descriptor\n")); - return WERR_ACCESS_DENIED; - } -#endif /* this does not need a become root since the access check has been done on the handle already */ @@ -390,50 +430,7 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd) return WERR_BADFID; } - /* the delete printer script shoudl be run as root if the user has perms */ - - if (*lp_deleteprinter_cmd()) { - - char *cmd = lp_deleteprinter_cmd(); - pstring command; - int ret; - SE_PRIV se_printop = SE_PRINT_OPERATOR; - BOOL is_print_op; - - pstr_sprintf(command, "%s \"%s\"", cmd, Printer->sharename); - - is_print_op = user_has_privileges( p->pipe_user.nt_user_token, &se_printop ); - - DEBUG(10,("Running [%s]\n", command)); - - /********** BEGIN SePrintOperatorPrivlege BLOCK **********/ - - if ( is_print_op ) - become_root(); - - if ( (ret = smbrun(command, NULL)) == 0 ) { - /* Tell everyone we updated smb.conf. */ - message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL); - } - - if ( is_print_op ) - unbecome_root(); - - /********** END SePrintOperatorPrivlege BLOCK **********/ - - DEBUGADD(10,("returned [%d]\n", ret)); - - if (ret != 0) - return WERR_BADFID; /* What to return here? */ - - /* go ahead and re-read the services immediately */ - reload_services( False ); - - if ( lp_servicenumber( Printer->sharename ) < 0 ) - return WERR_ACCESS_DENIED; - } - - return WERR_OK; + return delete_printer_hook( p->pipe_user.nt_user_token, Printer->sharename ); } /**************************************************************************** -- cgit