sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00
Code

r13547: add earlier checks to deny deleting a printer driver. The previous

Browse Source 
code relied upon file permissions alone.  Now we check that
the user is a printer administrator and that the share has not been
marked read only for that user.
This commit is contained in:
Gerald Carter 2006-02-17 21:07:26 +00:00 committed by Gerald (Jerry) Carter
parent 380d89d148
commit 117d9fd9e1
2 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
source/printing/nt_printing.c
View File

@ -4783,6 +4783,11 @@ static BOOL delete_driver_files( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct
return False;
}
if ( !CAN_WRITE(conn) ) {
DEBUG(3,("delete_driver_files: Cannot delete print driver when [print$] is read-only\n"));
return False;
}
/* Save who we are - we are temporarily becoming the connection user. */
if ( !become_user(conn, conn->vuid) ) {

24
source/rpc_server/srv_spoolss_nt.c
View File

@ -1973,9 +1973,21 @@ WERROR _spoolss_deleteprinterdriver(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIVER
struct current_user user;
WERROR status;
WERROR status_win2k = WERR_ACCESS_DENIED;
SE_PRIV se_printop = SE_PRINT_OPERATOR;
get_current_user(&user, p);
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
if ( (user.ut.uid != 0)
&& !user_has_privileges(user.nt_user_token, &se_printop )
&& !token_contains_name_in_list( uidtoname(user.ut.uid),
NULL, user.nt_user_token, lp_printer_admin(-1)) )
{
return WERR_ACCESS_DENIED;
}
unistr2_to_ascii(driver, &q_u->driver, sizeof(driver)-1 );
unistr2_to_ascii(arch, &q_u->arch, sizeof(arch)-1 );
@ -2059,9 +2071,21 @@ WERROR _spoolss_deleteprinterdriverex(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIV
struct current_user user;
WERROR status;
WERROR status_win2k = WERR_ACCESS_DENIED;
SE_PRIV se_printop = SE_PRINT_OPERATOR;
get_current_user(&user, p);
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
if ( (user.ut.uid != 0)
&& !user_has_privileges(user.nt_user_token, &se_printop )
&& !token_contains_name_in_list( uidtoname(user.ut.uid),
NULL, user.nt_user_token, lp_printer_admin(-1)) )
{
return WERR_ACCESS_DENIED;
}
unistr2_to_ascii(driver, &q_u->driver, sizeof(driver)-1 );
unistr2_to_ascii(arch, &q_u->arch, sizeof(arch)-1 );