sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code

s3-spoolss: Fix permission checks for _spoolss_AddForm,SetForm and DelForm.

Browse Source 
Found by smbtorture test.

Guenther
This commit is contained in:
Günther Deschner 2009-04-13 15:20:47 +02:00
parent baeee97449
commit 3ef0b8671d
1 changed files with 34 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
source3/rpc_server/srv_spoolss_nt.c
View File

@ -8085,6 +8085,7 @@ WERROR _spoolss_AddForm(pipes_struct *p,
int snum;
WERROR status = WERR_OK;
NT_PRINTER_INFO_LEVEL *printer = NULL;
SE_PRIV se_printop = SE_PRINT_OPERATOR;
int count=0;
nt_forms_struct *list=NULL;
@ -8111,10 +8112,17 @@ WERROR _spoolss_AddForm(pipes_struct *p,
goto done;
}
if ( !(Printer->access_granted & (PRINTER_ACCESS_ADMINISTER|SERVER_ACCESS_ADMINISTER)) ) {
DEBUG(2,("_spoolss_addform: denied by handle permissions.\n"));
status = WERR_ACCESS_DENIED;
goto done;
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
if ((p->server_info->utok.uid != 0) &&
!user_has_privileges(p->server_info->ptok, &se_printop) &&
!token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
NULL, NULL,
p->server_info->ptok,
lp_printer_admin(snum))) {
DEBUG(2,("_spoolss_Addform: denied by insufficient permissions.\n"));
return WERR_ACCESS_DENIED;
}
/* can't add if builtin */
@ -8163,6 +8171,7 @@ WERROR _spoolss_DeleteForm(pipes_struct *p,
int snum;
WERROR status = WERR_OK;
NT_PRINTER_INFO_LEVEL *printer = NULL;
SE_PRIV se_printop = SE_PRINT_OPERATOR;
DEBUG(5,("_spoolss_DeleteForm\n"));
@ -8184,12 +8193,17 @@ WERROR _spoolss_DeleteForm(pipes_struct *p,
goto done;
}
if ( !(Printer->access_granted & (PRINTER_ACCESS_ADMINISTER|SERVER_ACCESS_ADMINISTER)) ) {
DEBUG(2,("_spoolss_DeleteForm: denied by handle permissions.\n"));
status = WERR_ACCESS_DENIED;
goto done;
if ((p->server_info->utok.uid != 0) &&
!user_has_privileges(p->server_info->ptok, &se_printop) &&
!token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
NULL, NULL,
p->server_info->ptok,
lp_printer_admin(snum))) {
DEBUG(2,("_spoolss_DeleteForm: denied by insufficient permissions.\n"));
return WERR_ACCESS_DENIED;
}
/* can't delete if builtin */
if (get_a_builtin_ntform_by_string(form_name,&tmpForm)) {
@ -8229,6 +8243,7 @@ WERROR _spoolss_SetForm(pipes_struct *p,
int snum;
WERROR status = WERR_OK;
NT_PRINTER_INFO_LEVEL *printer = NULL;
SE_PRIV se_printop = SE_PRINT_OPERATOR;
int count=0;
nt_forms_struct *list=NULL;
@ -8254,10 +8269,17 @@ WERROR _spoolss_SetForm(pipes_struct *p,
goto done;
}
if ( !(Printer->access_granted & (PRINTER_ACCESS_ADMINISTER|SERVER_ACCESS_ADMINISTER)) ) {
DEBUG(2,("_spoolss_SetForm: denied by handle permissions\n"));
status = WERR_ACCESS_DENIED;
goto done;
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
if ((p->server_info->utok.uid != 0) &&
!user_has_privileges(p->server_info->ptok, &se_printop) &&
!token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
NULL, NULL,
p->server_info->ptok,
lp_printer_admin(snum))) {
DEBUG(2,("_spoolss_Setform: denied by insufficient permissions.\n"));
return WERR_ACCESS_DENIED;
}
/* can't set if builtin */