1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00

r8326: factor out the delete printer code to a delete_printer_hook() for reuse

This commit is contained in:
Gerald Carter 2005-07-11 18:59:54 +00:00 committed by Gerald (Jerry) Carter
parent 61f14cdcbd
commit 0689851a90

View File

@ -348,61 +348,23 @@ static BOOL close_printer_handle(pipes_struct *p, POLICY_HND *hnd)
/****************************************************************************
Delete a printer given a handle.
****************************************************************************/
static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
WERROR delete_printer_hook( NT_USER_TOKEN *token, const char *sharename )
{
Printer_entry *Printer = find_printer_index_by_hnd(p, hnd);
if (!Printer) {
DEBUG(2,("delete_printer_handle: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(hnd)));
return WERR_BADFID;
}
/*
* It turns out that Windows allows delete printer on a handle
* opened by an admin user, then used on a pipe handle created
* by an anonymous user..... but they're working on security.... riiight !
* JRA.
*/
if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) {
DEBUG(3, ("delete_printer_handle: denied by handle\n"));
return WERR_ACCESS_DENIED;
}
#if 0
/* Check calling user has permission to delete printer. Note that
since we set the snum parameter to -1 only administrators can
delete the printer. This stops people with the Full Control
permission from deleting the printer. */
if (!print_access_check(NULL, -1, PRINTER_ACCESS_ADMINISTER)) {
DEBUG(3, ("printer delete denied by security descriptor\n"));
return WERR_ACCESS_DENIED;
}
#endif
/* this does not need a become root since the access check has been
done on the handle already */
if (del_a_printer( Printer->sharename ) != 0) {
DEBUG(3,("Error deleting printer %s\n", Printer->sharename));
return WERR_BADFID;
}
/* the delete printer script shoudl be run as root if the user has perms */
if (*lp_deleteprinter_cmd()) {
char *cmd = lp_deleteprinter_cmd();
pstring command;
int ret;
SE_PRIV se_printop = SE_PRINT_OPERATOR;
BOOL is_print_op;
BOOL is_print_op = False;
pstr_sprintf(command, "%s \"%s\"", cmd, Printer->sharename);
/* can't fail if we don't try */
is_print_op = user_has_privileges( p->pipe_user.nt_user_token, &se_printop );
if ( !*cmd )
return WERR_OK;
pstr_sprintf(command, "%s \"%s\"", cmd, sharename);
if ( token )
is_print_op = user_has_privileges( token, &se_printop );
DEBUG(10,("Running [%s]\n", command));
@ -429,11 +391,46 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
/* go ahead and re-read the services immediately */
reload_services( False );
if ( lp_servicenumber( Printer->sharename ) < 0 )
if ( lp_servicenumber( sharename ) < 0 )
return WERR_ACCESS_DENIED;
return WERR_OK;
}
/****************************************************************************
Delete a printer given a handle.
****************************************************************************/
static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
{
Printer_entry *Printer = find_printer_index_by_hnd(p, hnd);
if (!Printer) {
DEBUG(2,("delete_printer_handle: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(hnd)));
return WERR_BADFID;
}
/*
* It turns out that Windows allows delete printer on a handle
* opened by an admin user, then used on a pipe handle created
* by an anonymous user..... but they're working on security.... riiight !
* JRA.
*/
if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) {
DEBUG(3, ("delete_printer_handle: denied by handle\n"));
return WERR_ACCESS_DENIED;
}
return WERR_OK;
/* this does not need a become root since the access check has been
done on the handle already */
if (del_a_printer( Printer->sharename ) != 0) {
DEBUG(3,("Error deleting printer %s\n", Printer->sharename));
return WERR_BADFID;
}
return delete_printer_hook( p->pipe_user.nt_user_token, Printer->sharename );
}
/****************************************************************************