From e2c9ad93cb914186b89e2055f1bed3cceee1f768 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 16 Apr 2010 11:35:05 +0200
Subject: s3-spoolss: Migrated spoolss_AddPrinter and spoolss_SetPrinter.

Signed-off-by: Jim McDonough <jmcd@samba.org>
---
 source3/printing/nt_printing.c | 29 ++++++++++++++++++++---------
 1 file changed, 20 insertions(+), 9 deletions(-)

(limited to 'source3/printing/nt_printing.c')

diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index c65da830fb..beb1e45755 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -25,6 +25,7 @@
 #include "registry.h"
 #include "registry/reg_objects.h"
 #include "../librpc/gen_ndr/ndr_security.h"
+#include "rpc_server/srv_spoolss_util.h"
 
 static TDB_CONTEXT *tdb_forms; /* used for forms files */
 static TDB_CONTEXT *tdb_drivers; /* used for driver files */
@@ -5463,9 +5464,11 @@ void map_job_permissions(struct security_descriptor *sd)
 bool print_access_check(struct auth_serversupplied_info *server_info, int snum,
 			int access_type)
 {
-	struct sec_desc_buf *secdesc = NULL;
+	struct spoolss_security_descriptor *secdesc = NULL;
 	uint32 access_granted;
+	size_t sd_size;
 	NTSTATUS status;
+	WERROR result;
 	const char *pname;
 	TALLOC_CTX *mem_ctx = NULL;
 	SE_PRIV se_printop = SE_PRINT_OPERATOR;
@@ -5495,34 +5498,42 @@ bool print_access_check(struct auth_serversupplied_info *server_info, int snum,
 		return False;
 	}
 
-	if (!nt_printing_getsec(mem_ctx, pname, &secdesc)) {
+	result = winreg_get_printer_secdesc(mem_ctx,
+					    server_info,
+					    pname,
+					    &secdesc);
+	if (!W_ERROR_IS_OK(result)) {
 		talloc_destroy(mem_ctx);
 		errno = ENOMEM;
 		return False;
 	}
 
 	if (access_type == JOB_ACCESS_ADMINISTER) {
-		struct sec_desc_buf *parent_secdesc = secdesc;
+		struct spoolss_security_descriptor *parent_secdesc = secdesc;
 
 		/* Create a child security descriptor to check permissions
 		   against.  This is because print jobs are child objects
 		   objects of a printer. */
-
-		status = se_create_child_secdesc_buf(mem_ctx, &secdesc, parent_secdesc->sd, False);
-
+		status = se_create_child_secdesc(mem_ctx,
+						 &secdesc,
+						 &sd_size,
+						 parent_secdesc,
+						 parent_secdesc->owner_sid,
+						 parent_secdesc->group_sid,
+						 false);
 		if (!NT_STATUS_IS_OK(status)) {
 			talloc_destroy(mem_ctx);
 			errno = map_errno_from_nt_status(status);
 			return False;
 		}
 
-		map_job_permissions(secdesc->sd);
+		map_job_permissions(secdesc);
 	} else {
-		map_printer_permissions(secdesc->sd);
+		map_printer_permissions(secdesc);
 	}
 
 	/* Check access */
-	status = se_access_check(secdesc->sd, server_info->ptok, access_type,
+	status = se_access_check(secdesc, server_info->ptok, access_type,
 				 &access_granted);
 
 	DEBUG(4, ("access check was %s\n", NT_STATUS_IS_OK(status) ? "SUCCESS" : "FAILURE"));
-- 
cgit