svn commit: samba r12318 - in trunk/source: printing rpc_server smbd

Sun Dec 18 21:27:40 GMT 2005

Author: vlendec
Date: 2005-12-18 21:27:37 +0000 (Sun, 18 Dec 2005)
New Revision: 12318

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12318

Log:
There's been three callers of user_in_list that actually did access controls
based on the token: The checks for lp_admin_users and lp_printer_admin. Both
can make direct use of token_contains_name_in_list.

Volker

Modified:
   trunk/source/printing/nt_printing.c
   trunk/source/rpc_server/srv_spoolss_nt.c
   trunk/source/smbd/uid.c


Changeset:
Modified: trunk/source/printing/nt_printing.c
===================================================================

--- trunk/source/printing/nt_printing.c	2005-12-18 21:14:06 UTC (rev 12317)
+++ trunk/source/printing/nt_printing.c	2005-12-18 21:27:37 UTC (rev 12318)
@@ -5328,9 +5328,11 @@
 
         /* see if we need to try the printer admin list */
 
-        if ( access_granted == 0 ) {
-                if ( user_in_list(uidtoname(user->uid), lp_printer_admin(snum), user->groups, user->ngroups) )
-                        return True;
+        if ((access_granted == 0) &&
+	    (token_contains_name_in_list(uidtoname(user->uid), NULL,
+					 user->nt_user_token,
+					 lp_printer_admin(snum)))) {
+		return True;
         }
 
 	talloc_destroy(mem_ctx);

Modified: trunk/source/rpc_server/srv_spoolss_nt.c
===================================================================
--- trunk/source/rpc_server/srv_spoolss_nt.c	2005-12-18 21:14:06 UTC (rev 12317)
+++ trunk/source/rpc_server/srv_spoolss_nt.c	2005-12-18 21:27:37 UTC (rev 12318)
@@ -1620,10 +1620,13 @@
 			/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
 			   and not a printer admin, then fail */
 			
-			if ( user.uid != 0
-				&& !user_has_privileges( user.nt_user_token, &se_printop )
-				&& !user_in_list(uidtoname(user.uid), lp_printer_admin(snum), user.groups, user.ngroups) )
-			{
+			if ((user.uid != 0) &&
+			    !user_has_privileges(user.nt_user_token,
+						 &se_printop ) &&
+			    !token_contains_name_in_list(
+				    uidtoname(user.uid), NULL,
+				    user.nt_user_token,
+				    lp_printer_admin(snum))) {
 				close_printer_handle(p, handle);
 				return WERR_ACCESS_DENIED;
 			}

Modified: trunk/source/smbd/uid.c
===================================================================
--- trunk/source/smbd/uid.c	2005-12-18 21:14:06 UTC (rev 12317)
+++ trunk/source/smbd/uid.c	2005-12-18 21:27:37 UTC (rev 12318)
@@ -123,11 +123,9 @@
 	ent->vuid = vuser->vuid;
 	ent->read_only = readonly_share;
 
-	if (user_in_list(vuser->user.unix_name ,lp_admin_users(conn->service), vuser->groups, vuser->n_groups)) {
-		ent->admin_user = True;
-	} else {
-		ent->admin_user = False;
-	}
+	ent->admin_user = token_contains_name_in_list(
+		vuser->user.unix_name, NULL, vuser->nt_user_token,
+		lp_admin_users(conn->service));
 
 	conn->read_only = ent->read_only;
 	conn->admin_user = ent->admin_user;

