From 543edfbeab9540cf819f09715b1bcf0fca9e99b1 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 27 Sep 2002 22:51:59 +0000 Subject: It turns out that Windows allows delete printer on a handle opened by an admin user, then used on a pipe handle created by an anonymous user..... but they're working on security.... riiight ! Jeremy. (This used to be commit 322d8b4c83439261cfd2ff79b557bddb1e784660) --- source3/rpc_server/srv_spoolss_nt.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index dcffa968d5..f942a685a1 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -313,6 +313,19 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd) return WERR_BADFID; } + /* + * It turns out that Windows allows delete printer on a handle + * opened by an admin user, then used on a pipe handle created + * by an anonymous user..... but they're working on security.... riiight ! + * JRA. + */ + + if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) { + DEBUG(3, ("delete_printer_handle: denied by handle\n")); + return WERR_ACCESS_DENIED; + } + +#if 0 /* Check calling user has permission to delete printer. Note that since we set the snum parameter to -1 only administrators can delete the printer. This stops people with the Full Control @@ -322,6 +335,7 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd) DEBUG(3, ("printer delete denied by security descriptor\n")); return WERR_ACCESS_DENIED; } +#endif if (del_a_printer(Printer->dev.handlename) != 0) { DEBUG(3,("Error deleting printer %s\n", Printer->dev.handlename)); -- cgit