From db2445358161e1a0a68b80a7551ed88e7dcc38c6 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 9 Aug 2000 04:19:18 +0000
Subject: added printer admin option any user in that list can do anything to a
 printer (This used to be commit 7b5912be150dd590d6195be40b0976305b8716ba)

---
 source3/rpc_server/srv_spoolss_nt.c | 68 ++++++++++++++-----------------------
 1 file changed, 26 insertions(+), 42 deletions(-)

(limited to 'source3/rpc_server')

diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 4774375db4..d6c39fa022 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -3049,19 +3049,18 @@ static uint32 update_printer_sec(POLICY_HND *handle, uint32 level,
 				 const SPOOL_PRINTER_INFO_LEVEL *info,
 				 pipes_struct *p, SEC_DESC_BUF *secdesc_ctr)
 {
-	SEC_DESC_BUF *old_secdesc_ctr = NULL;
 	struct current_user user;
-	uint32 acc_granted, status, result;
+	uint32 result;
+	int snum;
 
 	Printer_entry *Printer = find_printer_index_by_hnd(handle);
 
-	if (!OPEN_HANDLE(Printer)) {
+	if (!OPEN_HANDLE(Printer) || !get_printer_snum(handle, &snum)) {
 		DEBUG(0,("update_printer_sec: Invalid handle (%s)\n", OUR_HANDLE(handle)));
 		return ERROR_INVALID_HANDLE;
 	}
 
 	/* Work out which user is performing the operation */
-
 	if (p->ntlmssp_auth_validated) {
 		memcpy(&user, &p->pipe_user, sizeof(user));
 	} else {
@@ -3069,32 +3068,18 @@ static uint32 update_printer_sec(POLICY_HND *handle, uint32 level,
 		memcpy(&user, &current_user, sizeof(user));
 	}
 
-	/* Get old security descriptor */
-
-	if (!nt_printing_getsec(Printer->dev.handlename, &old_secdesc_ctr)) {
-		DEBUG(3, ("could not get old security descriptor for "
-			  "printer %s", Printer->dev.handlename));
-		return ERROR_INVALID_FUNCTION;
-	}
-
 	/* Check the user has permissions to change the security
 	   descriptor.  By experimentation with two NT machines, the user
 	   requires Full Access to the printer to change security
 	   information. */ 
-
-	if (!se_access_check(old_secdesc_ctr->sec, &user,
-			     PRINTER_ACE_FULL_CONTROL, &acc_granted,
-			     &status)) {
-		DEBUG(3, ("security descriptor change denied by existing "
-			  "security descriptor\n"));
-		result = status;
+	if (!print_access_check(&user, snum, PRINTER_ACE_FULL_CONTROL)) {
+		result = NT_STATUS_ACCESS_DENIED;
 		goto done;
 	}
 
 	result = nt_printing_setsec(Printer->dev.handlename, secdesc_ctr);
 
  done:
-	free_sec_desc_buf(&old_secdesc_ctr);
 	return result;
 }
 
@@ -3144,9 +3129,7 @@ static uint32 update_printer(POLICY_HND *handle, uint32 level,
 	int snum;
 	NT_PRINTER_INFO_LEVEL *printer = NULL;
 	Printer_entry *Printer = find_printer_index_by_hnd(handle);
-	SEC_DESC_BUF *sd = NULL;
-	uint32 result, acc_granted;
-	extern struct current_user current_user;
+	uint32 result;
 
 	DEBUG(8,("update_printer\n"));
 	
@@ -3154,22 +3137,6 @@ static uint32 update_printer(POLICY_HND *handle, uint32 level,
 
 	/* Check calling user has permission to update printer description */ 
 
-#if 0 /* JFMTEST */
-	if (!nt_printing_getsec(Printer->dev.handlename, &sd)) {
-		DEBUG(3, ("Could not get security descriptor for printer %s",
-			  Printer->dev.handlename));
-		result = ERROR_INVALID_FUNCTION;
-		goto done;
-	}
-
-	if (!se_access_check(sd->sec, &current_user,
-			     PRINTER_ACE_FULL_CONTROL, &acc_granted,
-			     &result)) {
-		DEBUG(3, ("printer property change denied by security "
-			  "descriptor\n"));
-		goto done;
-	}
-#endif
 	if (level!=2) {
 		DEBUG(0,("Send a mail to samba@samba.org\n"));
 		DEBUGADD(0,("with the following message: update_printer: level!=2\n"));
@@ -3186,6 +3153,13 @@ static uint32 update_printer(POLICY_HND *handle, uint32 level,
 		result = ERROR_INVALID_HANDLE;
 		goto done;
 	}
+
+	if (!print_access_check(NULL, snum, PRINTER_ACE_FULL_CONTROL)) {
+		DEBUG(3, ("printer property change denied by security "
+			  "descriptor\n"));
+		result = NT_STATUS_ACCESS_DENIED;
+		goto done;
+	}
 	
 	if(get_a_printer(&printer, 2, lp_servicename(snum)) != 0) {
 		result = ERROR_INVALID_HANDLE;
@@ -3240,7 +3214,6 @@ static uint32 update_printer(POLICY_HND *handle, uint32 level,
 
  done:
 	free_a_printer(&printer, 2);
-	free_sec_desc_buf(&sd);
 
 	return result;
 }
@@ -4251,6 +4224,12 @@ static uint32 spoolss_addprinterex_level_2( const UNISTR2 *uni_srv_name,
 		free_a_printer(&printer,2);
 		return ERROR_ACCESS_DENIED;
 	}
+
+	/* you must be a printer admin to add a new printer */
+	if (!print_access_check(NULL, snum, PRINTER_ACE_FULL_CONTROL)) {
+		free_a_printer(&printer,2);
+		return ERROR_ACCESS_DENIED;		
+	}
 	
 	/*
 	 * Do sanity check on the requested changes for Samba.
@@ -4547,8 +4526,7 @@ uint32 _spoolss_setprinterdata( POLICY_HND *handle,
 				uint32 numeric_data)
 {
 	NT_PRINTER_INFO_LEVEL *printer = NULL;
-	NT_PRINTER_PARAM *param = NULL;
-		
+	NT_PRINTER_PARAM *param = NULL;		
 	int snum=0;
 	uint32 status = 0x0;
 	Printer_entry *Printer=find_printer_index_by_hnd(handle);
@@ -4564,6 +4542,12 @@ uint32 _spoolss_setprinterdata( POLICY_HND *handle,
 	if (!get_printer_snum(handle, &snum))
 		return ERROR_INVALID_HANDLE;
 
+	if (!print_access_check(NULL, snum, PRINTER_ACE_FULL_CONTROL)) {
+		DEBUG(3, ("security descriptor change denied by existing "
+			  "security descriptor\n"));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
 	status = get_a_printer(&printer, 2, lp_servicename(snum));
 	if (status != 0x0)
 		return ERROR_INVALID_NAME;
-- 
cgit