From 85b1953f6dfb8a8219da1b4ee75ba22982853ffb Mon Sep 17 00:00:00 2001 From: David O'Neill Date: Fri, 5 Jan 2001 19:01:11 +0000 Subject: Changes from APPLIANCE_HEAD: source/rpc_server/srv_spoolss_nt.c - fixed printer policy handle leak in the allow MS printer wizard stuff. - mimic behaviour of NT on open_printer_ex() calls by not allowing call to succeed if connecting user doesn't have at least print permissions to the printer. Unfortunately, this seems to trigger a anonymous connection re-using bug so subsequent connects to the printer by a different user from the same machine always fail. Blame Tim. =^) (This used to be commit 33fc7f4527c34b39b1a0f3fee2f0697ea74f79c4) --- source3/rpc_server/srv_spoolss_nt.c | 57 ++++++++++++++++++++++++++++++------- 1 file changed, 47 insertions(+), 10 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index cd67a3b88a..bcd9b46256 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -655,10 +655,16 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername, uint32 user_switch, SPOOL_USER_CTR user_ctr, POLICY_HND *handle) { + uint32 result = NT_STATUS_NO_PROBLEMO; + SEC_DESC_BUF *sec_desc = NULL; + uint32 acc_granted, status; fstring name; + extern struct current_user current_user; - if (printername == NULL) - return ERROR_INVALID_PRINTER_NAME; + if (printername == NULL) { + result = ERROR_INVALID_PRINTER_NAME; + goto done; + } /* some sanity check because you can open a printer or a print server */ /* aka: \\server\printer or \\server */ @@ -666,8 +672,10 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername, DEBUGADD(3,("checking name: %s\n",name)); - if (!open_printer_hnd(handle, name)) - return ERROR_INVALID_PRINTER_NAME; + if (!open_printer_hnd(handle, name)) { + result = ERROR_INVALID_PRINTER_NAME; + goto done; + } /* if (printer_default->datatype_ptr != NULL) @@ -681,7 +689,8 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername, if (!set_printer_hnd_accesstype(handle, printer_default->access_required)) { close_printer_handle(handle); - return ERROR_ACCESS_DENIED; + result = ERROR_ACCESS_DENIED; + goto done; } /* Disallow MS AddPrinterWizard if parameter disables it. A Win2k @@ -696,13 +705,41 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername, if (handle_is_printserver(handle) && !lp_ms_add_printer_wizard()) { - if (printer_default->access_required == 0) - return NT_STATUS_NO_PROBLEMO; - else if (printer_default->access_required != (SERVER_READ)) - return ERROR_ACCESS_DENIED; + if (printer_default->access_required == 0) { + goto done; + } + else if (printer_default->access_required != (SERVER_READ)) { + close_printer_handle(handle); + result = ERROR_ACCESS_DENIED; + goto done; + } } - return NT_STATUS_NO_PROBLEMO; + /* NT doesn't let us connect to a printer if the connecting user + doesn't have print permission. If no security descriptor just + return OK. */ + + if (!nt_printing_getsec(name, &sec_desc)) { + goto done; + } + + /* Yuck - we should use the pipe_user rather than current_user but + it doesn't seem to be filled in correctly. )-: */ + + map_printer_permissions(sec_desc->sec); + + if (!se_access_check(sec_desc->sec, ¤t_user, PRINTER_ACCESS_USE, + &acc_granted, &status)) { + DEBUG(3, ("access DENIED for printer open\n")); + close_printer_handle(handle); + result = ERROR_ACCESS_DENIED; + goto done; + } + + done: + free_sec_desc_buf(&sec_desc); + + return result; } /**************************************************************************** -- cgit