summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2002-09-27 22:51:44 +0000
committerJeremy Allison <jra@samba.org>2002-09-27 22:51:44 +0000
commitc56213607cd1e9d8a4d98b3aa1e9c36b4d3b275a (patch)
tree651937999fa7b299dc87ba889f2de2d38ba42e47 /source3/rpc_server
parente72ea543eeb0ff629cab5c7efa68f802073349a6 (diff)
downloadsamba-c56213607cd1e9d8a4d98b3aa1e9c36b4d3b275a.tar.gz
It turns out that Windows allows delete printer on a handle
opened by an admin user, then used on a pipe handle created by an anonymous user..... but they're working on security.... riiight ! Jeremy. (This used to be commit e96e6a60b82b71714120ce7636fa8402007d4b03)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c14
1 files changed, 14 insertions, 0 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 2190215107a..e60a1d20638 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -318,6 +318,19 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
return WERR_BADFID;
}
+ /*
+ * It turns out that Windows allows delete printer on a handle
+ * opened by an admin user, then used on a pipe handle created
+ * by an anonymous user..... but they're working on security.... riiight !
+ * JRA.
+ */
+
+ if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) {
+ DEBUG(3, ("delete_printer_handle: denied by handle\n"));
+ return WERR_ACCESS_DENIED;
+ }
+
+#if 0
/* Check calling user has permission to delete printer. Note that
since we set the snum parameter to -1 only administrators can
delete the printer. This stops people with the Full Control
@@ -327,6 +340,7 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
DEBUG(3, ("printer delete denied by security descriptor\n"));
return WERR_ACCESS_DENIED;
}
+#endif
if (*lp_deleteprinter_cmd()) {