From c56213607cd1e9d8a4d98b3aa1e9c36b4d3b275a Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 27 Sep 2002 22:51:44 +0000
Subject: It turns out that Windows allows delete printer on a handle opened by
 an admin user, then used on a pipe handle created by an anonymous user.....
 but they're working on security.... riiight ! Jeremy. (This used to be commit
 e96e6a60b82b71714120ce7636fa8402007d4b03)

---
 source3/rpc_server/srv_spoolss_nt.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'source3')

diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 2190215107..e60a1d2063 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -318,6 +318,19 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
 		return WERR_BADFID;
 	}
 
+	/* 
+	 * It turns out that Windows allows delete printer on a handle
+	 * opened by an admin user, then used on a pipe handle created
+	 * by an anonymous user..... but they're working on security.... riiight !
+	 * JRA.
+	 */
+
+	if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) {
+		DEBUG(3, ("delete_printer_handle: denied by handle\n"));
+		return WERR_ACCESS_DENIED;
+	}
+
+#if 0
 	/* Check calling user has permission to delete printer.  Note that
 	   since we set the snum parameter to -1 only administrators can
 	   delete the printer.  This stops people with the Full Control
@@ -327,6 +340,7 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
 		DEBUG(3, ("printer delete denied by security descriptor\n"));
 		return WERR_ACCESS_DENIED;
 	}
+#endif
 
 	if (*lp_deleteprinter_cmd()) {
 
-- 
cgit