mirror of
https://github.com/samba-team/samba.git
synced 2024-12-25 23:21:54 +03:00
r8326: factor out the delete printer code to a delete_printer_hook() for reuse
This commit is contained in:
parent
61f14cdcbd
commit
0689851a90
@ -348,61 +348,23 @@ static BOOL close_printer_handle(pipes_struct *p, POLICY_HND *hnd)
|
||||
/****************************************************************************
|
||||
Delete a printer given a handle.
|
||||
****************************************************************************/
|
||||
|
||||
static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
|
||||
WERROR delete_printer_hook( NT_USER_TOKEN *token, const char *sharename )
|
||||
{
|
||||
Printer_entry *Printer = find_printer_index_by_hnd(p, hnd);
|
||||
|
||||
if (!Printer) {
|
||||
DEBUG(2,("delete_printer_handle: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(hnd)));
|
||||
return WERR_BADFID;
|
||||
}
|
||||
|
||||
/*
|
||||
* It turns out that Windows allows delete printer on a handle
|
||||
* opened by an admin user, then used on a pipe handle created
|
||||
* by an anonymous user..... but they're working on security.... riiight !
|
||||
* JRA.
|
||||
*/
|
||||
|
||||
if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) {
|
||||
DEBUG(3, ("delete_printer_handle: denied by handle\n"));
|
||||
return WERR_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
#if 0
|
||||
/* Check calling user has permission to delete printer. Note that
|
||||
since we set the snum parameter to -1 only administrators can
|
||||
delete the printer. This stops people with the Full Control
|
||||
permission from deleting the printer. */
|
||||
|
||||
if (!print_access_check(NULL, -1, PRINTER_ACCESS_ADMINISTER)) {
|
||||
DEBUG(3, ("printer delete denied by security descriptor\n"));
|
||||
return WERR_ACCESS_DENIED;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* this does not need a become root since the access check has been
|
||||
done on the handle already */
|
||||
|
||||
if (del_a_printer( Printer->sharename ) != 0) {
|
||||
DEBUG(3,("Error deleting printer %s\n", Printer->sharename));
|
||||
return WERR_BADFID;
|
||||
}
|
||||
|
||||
/* the delete printer script shoudl be run as root if the user has perms */
|
||||
|
||||
if (*lp_deleteprinter_cmd()) {
|
||||
|
||||
char *cmd = lp_deleteprinter_cmd();
|
||||
pstring command;
|
||||
int ret;
|
||||
SE_PRIV se_printop = SE_PRINT_OPERATOR;
|
||||
BOOL is_print_op;
|
||||
BOOL is_print_op = False;
|
||||
|
||||
pstr_sprintf(command, "%s \"%s\"", cmd, Printer->sharename);
|
||||
/* can't fail if we don't try */
|
||||
|
||||
is_print_op = user_has_privileges( p->pipe_user.nt_user_token, &se_printop );
|
||||
if ( !*cmd )
|
||||
return WERR_OK;
|
||||
|
||||
pstr_sprintf(command, "%s \"%s\"", cmd, sharename);
|
||||
|
||||
if ( token )
|
||||
is_print_op = user_has_privileges( token, &se_printop );
|
||||
|
||||
DEBUG(10,("Running [%s]\n", command));
|
||||
|
||||
@ -429,11 +391,46 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
|
||||
/* go ahead and re-read the services immediately */
|
||||
reload_services( False );
|
||||
|
||||
if ( lp_servicenumber( Printer->sharename ) < 0 )
|
||||
if ( lp_servicenumber( sharename ) < 0 )
|
||||
return WERR_ACCESS_DENIED;
|
||||
|
||||
return WERR_OK;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Delete a printer given a handle.
|
||||
****************************************************************************/
|
||||
|
||||
static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
|
||||
{
|
||||
Printer_entry *Printer = find_printer_index_by_hnd(p, hnd);
|
||||
|
||||
if (!Printer) {
|
||||
DEBUG(2,("delete_printer_handle: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(hnd)));
|
||||
return WERR_BADFID;
|
||||
}
|
||||
|
||||
/*
|
||||
* It turns out that Windows allows delete printer on a handle
|
||||
* opened by an admin user, then used on a pipe handle created
|
||||
* by an anonymous user..... but they're working on security.... riiight !
|
||||
* JRA.
|
||||
*/
|
||||
|
||||
if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) {
|
||||
DEBUG(3, ("delete_printer_handle: denied by handle\n"));
|
||||
return WERR_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
return WERR_OK;
|
||||
/* this does not need a become root since the access check has been
|
||||
done on the handle already */
|
||||
|
||||
if (del_a_printer( Printer->sharename ) != 0) {
|
||||
DEBUG(3,("Error deleting printer %s\n", Printer->sharename));
|
||||
return WERR_BADFID;
|
||||
}
|
||||
|
||||
return delete_printer_hook( p->pipe_user.nt_user_token, Printer->sharename );
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
|
Loading…
Reference in New Issue
Block a user