mirror of
https://github.com/samba-team/samba.git
synced 2024-12-25 23:21:54 +03:00
r8326: factor out the delete printer code to a delete_printer_hook() for reuse
This commit is contained in:
parent
61f14cdcbd
commit
0689851a90
@ -345,6 +345,58 @@ static BOOL close_printer_handle(pipes_struct *p, POLICY_HND *hnd)
|
||||
return True;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Delete a printer given a handle.
|
||||
****************************************************************************/
|
||||
WERROR delete_printer_hook( NT_USER_TOKEN *token, const char *sharename )
|
||||
{
|
||||
char *cmd = lp_deleteprinter_cmd();
|
||||
pstring command;
|
||||
int ret;
|
||||
SE_PRIV se_printop = SE_PRINT_OPERATOR;
|
||||
BOOL is_print_op = False;
|
||||
|
||||
/* can't fail if we don't try */
|
||||
|
||||
if ( !*cmd )
|
||||
return WERR_OK;
|
||||
|
||||
pstr_sprintf(command, "%s \"%s\"", cmd, sharename);
|
||||
|
||||
if ( token )
|
||||
is_print_op = user_has_privileges( token, &se_printop );
|
||||
|
||||
DEBUG(10,("Running [%s]\n", command));
|
||||
|
||||
/********** BEGIN SePrintOperatorPrivlege BLOCK **********/
|
||||
|
||||
if ( is_print_op )
|
||||
become_root();
|
||||
|
||||
if ( (ret = smbrun(command, NULL)) == 0 ) {
|
||||
/* Tell everyone we updated smb.conf. */
|
||||
message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL);
|
||||
}
|
||||
|
||||
if ( is_print_op )
|
||||
unbecome_root();
|
||||
|
||||
/********** END SePrintOperatorPrivlege BLOCK **********/
|
||||
|
||||
DEBUGADD(10,("returned [%d]\n", ret));
|
||||
|
||||
if (ret != 0)
|
||||
return WERR_BADFID; /* What to return here? */
|
||||
|
||||
/* go ahead and re-read the services immediately */
|
||||
reload_services( False );
|
||||
|
||||
if ( lp_servicenumber( sharename ) < 0 )
|
||||
return WERR_ACCESS_DENIED;
|
||||
|
||||
return WERR_OK;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Delete a printer given a handle.
|
||||
****************************************************************************/
|
||||
@ -370,18 +422,6 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
|
||||
return WERR_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
#if 0
|
||||
/* Check calling user has permission to delete printer. Note that
|
||||
since we set the snum parameter to -1 only administrators can
|
||||
delete the printer. This stops people with the Full Control
|
||||
permission from deleting the printer. */
|
||||
|
||||
if (!print_access_check(NULL, -1, PRINTER_ACCESS_ADMINISTER)) {
|
||||
DEBUG(3, ("printer delete denied by security descriptor\n"));
|
||||
return WERR_ACCESS_DENIED;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* this does not need a become root since the access check has been
|
||||
done on the handle already */
|
||||
|
||||
@ -390,50 +430,7 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
|
||||
return WERR_BADFID;
|
||||
}
|
||||
|
||||
/* the delete printer script shoudl be run as root if the user has perms */
|
||||
|
||||
if (*lp_deleteprinter_cmd()) {
|
||||
|
||||
char *cmd = lp_deleteprinter_cmd();
|
||||
pstring command;
|
||||
int ret;
|
||||
SE_PRIV se_printop = SE_PRINT_OPERATOR;
|
||||
BOOL is_print_op;
|
||||
|
||||
pstr_sprintf(command, "%s \"%s\"", cmd, Printer->sharename);
|
||||
|
||||
is_print_op = user_has_privileges( p->pipe_user.nt_user_token, &se_printop );
|
||||
|
||||
DEBUG(10,("Running [%s]\n", command));
|
||||
|
||||
/********** BEGIN SePrintOperatorPrivlege BLOCK **********/
|
||||
|
||||
if ( is_print_op )
|
||||
become_root();
|
||||
|
||||
if ( (ret = smbrun(command, NULL)) == 0 ) {
|
||||
/* Tell everyone we updated smb.conf. */
|
||||
message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL);
|
||||
}
|
||||
|
||||
if ( is_print_op )
|
||||
unbecome_root();
|
||||
|
||||
/********** END SePrintOperatorPrivlege BLOCK **********/
|
||||
|
||||
DEBUGADD(10,("returned [%d]\n", ret));
|
||||
|
||||
if (ret != 0)
|
||||
return WERR_BADFID; /* What to return here? */
|
||||
|
||||
/* go ahead and re-read the services immediately */
|
||||
reload_services( False );
|
||||
|
||||
if ( lp_servicenumber( Printer->sharename ) < 0 )
|
||||
return WERR_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
return WERR_OK;
|
||||
return delete_printer_hook( p->pipe_user.nt_user_token, Printer->sharename );
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
|
Loading…
Reference in New Issue
Block a user