svn commit: samba r4134 - in branches/SAMBA_3_0/source/rpc_server: .

[jerry at samba.org]

Author: jerry
Date: 2004-12-10 21:08:34 +0000 (Fri, 10 Dec 2004)
New Revision: 4134

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4134

Log:
check the setprinter(3) based on the access permissions on the handle and avoid the call to print_access_chaeck()
Modified:
   branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c


Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c	2004-12-10 20:50:49 UTC (rev 4133)
+++ branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c	2004-12-10 21:08:34 UTC (rev 4134)
@@ -5860,7 +5860,18 @@
 		result = WERR_BADFID;
 		goto done;
 	}
+	
+	/* Check the user has permissions to change the security
+	   descriptor.  By experimentation with two NT machines, the user
+	   requires Full Access to the printer to change security
+	   information. */
 
+	if ( Printer->access_granted != PRINTER_ACCESS_ADMINISTER ) {
+		DEBUG(4,("update_printer_sec: updated denied by printer permissions\n"));
+		result = WERR_ACCESS_DENIED;
+		goto done;
+	}
+
 	/* NT seems to like setting the security descriptor even though
 	   nothing may have actually changed. */
 
@@ -5909,20 +5920,6 @@
 		goto done;
 	}
 
-	/* Work out which user is performing the operation */
-
-	get_current_user(&user, p);
-
-	/* Check the user has permissions to change the security
-	   descriptor.  By experimentation with two NT machines, the user
-	   requires Full Access to the printer to change security
-	   information. */
-
-	if (!print_access_check(&user, snum, PRINTER_ACCESS_ADMINISTER)) {
-		result = WERR_ACCESS_DENIED;
-		goto done;
-	}
-
 	result = nt_printing_setsec(Printer->sharename, new_secdesc_ctr);
 
  done: