r8326: factor out the delete printer code to a delete_printer_hook() for reuse

source/rpc_server/srv_spoolss_nt.c

@@ -348,61 +348,23 @@ static BOOL close_printer_handle(pipes_struct *p, POLICY_HND *hnd)
 /****************************************************************************
  Delete a printer given a handle.
 ****************************************************************************/
-
+WERROR delete_printer_hook( NT_USER_TOKEN *token, const char *sharename )
-static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
 {
-	Printer_entry *Printer = find_printer_index_by_hnd(p, hnd);
-
-	if (!Printer) {
-		DEBUG(2,("delete_printer_handle: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(hnd)));
-		return WERR_BADFID;
-	}
-
-	/* 
-	 * It turns out that Windows allows delete printer on a handle
-	 * opened by an admin user, then used on a pipe handle created
-	 * by an anonymous user..... but they're working on security.... riiight !
-	 * JRA.
-	 */
-
-	if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) {
-		DEBUG(3, ("delete_printer_handle: denied by handle\n"));
-		return WERR_ACCESS_DENIED;
-	}
-
-#if 0
-	/* Check calling user has permission to delete printer.  Note that
-	   since we set the snum parameter to -1 only administrators can
-	   delete the printer.  This stops people with the Full Control
-	   permission from deleting the printer. */
-
-	if (!print_access_check(NULL, -1, PRINTER_ACCESS_ADMINISTER)) {
-		DEBUG(3, ("printer delete denied by security descriptor\n"));
-		return WERR_ACCESS_DENIED;
-	}
-#endif
-	
-	/* this does not need a become root since the access check has been 
-	   done on the handle already */
-	   
-	if (del_a_printer( Printer->sharename ) != 0) {
-		DEBUG(3,("Error deleting printer %s\n", Printer->sharename));
-		return WERR_BADFID;
-	}
-
-	/* the delete printer script shoudl be run as root if the user has perms */
-	
-	if (*lp_deleteprinter_cmd()) {
-
 	char *cmd = lp_deleteprinter_cmd();
 	pstring command;
 	int ret;
 	SE_PRIV se_printop = SE_PRINT_OPERATOR;
-		BOOL is_print_op;
+	BOOL is_print_op = False;
 		
-		pstr_sprintf(command, "%s \"%s\"", cmd, Printer->sharename);
+	/* can't fail if we don't try */
 	
-		is_print_op = user_has_privileges( p->pipe_user.nt_user_token, &se_printop );
+	if ( !*cmd )
+		return WERR_OK;
+		
+	pstr_sprintf(command, "%s \"%s\"", cmd, sharename);
+
+	if ( token )
+		is_print_op = user_has_privileges( token, &se_printop );
 	
 	DEBUG(10,("Running [%s]\n", command));
 
@@ -429,11 +391,46 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
 	/* go ahead and re-read the services immediately */
 	reload_services( False );
 	
-		if ( lp_servicenumber( Printer->sharename )  < 0 )
+	if ( lp_servicenumber( sharename )  < 0 )
+		return WERR_ACCESS_DENIED;
+		
+	return WERR_OK;
+}
+
+/****************************************************************************
+ Delete a printer given a handle.
+****************************************************************************/
+
+static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
+{
+	Printer_entry *Printer = find_printer_index_by_hnd(p, hnd);
+
+	if (!Printer) {
+		DEBUG(2,("delete_printer_handle: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(hnd)));
+		return WERR_BADFID;
+	}
+
+	/* 
+	 * It turns out that Windows allows delete printer on a handle
+	 * opened by an admin user, then used on a pipe handle created
+	 * by an anonymous user..... but they're working on security.... riiight !
+	 * JRA.
+	 */
+
+	if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) {
+		DEBUG(3, ("delete_printer_handle: denied by handle\n"));
 		return WERR_ACCESS_DENIED;
 	}
 	
-	return WERR_OK;
+	/* this does not need a become root since the access check has been 
+	   done on the handle already */
+	   
+	if (del_a_printer( Printer->sharename ) != 0) {
+		DEBUG(3,("Error deleting printer %s\n", Printer->sharename));
+		return WERR_BADFID;
+	}
+
+	return delete_printer_hook( p->pipe_user.nt_user_token, Printer->sharename );
 }
 
 /****************************************************************************