svn commit: samba r12318 - in trunk/source: printing rpc_server smbd
vlendec at samba.org
vlendec at samba.org
Sun Dec 18 21:27:40 GMT 2005
Author: vlendec
Date: 2005-12-18 21:27:37 +0000 (Sun, 18 Dec 2005)
New Revision: 12318
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12318
Log:
There's been three callers of user_in_list that actually did access controls
based on the token: The checks for lp_admin_users and lp_printer_admin. Both
can make direct use of token_contains_name_in_list.
Volker
Modified:
trunk/source/printing/nt_printing.c
trunk/source/rpc_server/srv_spoolss_nt.c
trunk/source/smbd/uid.c
Changeset:
Modified: trunk/source/printing/nt_printing.c
===================================================================
--- trunk/source/printing/nt_printing.c 2005-12-18 21:14:06 UTC (rev 12317)
+++ trunk/source/printing/nt_printing.c 2005-12-18 21:27:37 UTC (rev 12318)
@@ -5328,9 +5328,11 @@
/* see if we need to try the printer admin list */
- if ( access_granted == 0 ) {
- if ( user_in_list(uidtoname(user->uid), lp_printer_admin(snum), user->groups, user->ngroups) )
- return True;
+ if ((access_granted == 0) &&
+ (token_contains_name_in_list(uidtoname(user->uid), NULL,
+ user->nt_user_token,
+ lp_printer_admin(snum)))) {
+ return True;
}
talloc_destroy(mem_ctx);
Modified: trunk/source/rpc_server/srv_spoolss_nt.c
===================================================================
--- trunk/source/rpc_server/srv_spoolss_nt.c 2005-12-18 21:14:06 UTC (rev 12317)
+++ trunk/source/rpc_server/srv_spoolss_nt.c 2005-12-18 21:27:37 UTC (rev 12318)
@@ -1620,10 +1620,13 @@
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
- if ( user.uid != 0
- && !user_has_privileges( user.nt_user_token, &se_printop )
- && !user_in_list(uidtoname(user.uid), lp_printer_admin(snum), user.groups, user.ngroups) )
- {
+ if ((user.uid != 0) &&
+ !user_has_privileges(user.nt_user_token,
+ &se_printop ) &&
+ !token_contains_name_in_list(
+ uidtoname(user.uid), NULL,
+ user.nt_user_token,
+ lp_printer_admin(snum))) {
close_printer_handle(p, handle);
return WERR_ACCESS_DENIED;
}
Modified: trunk/source/smbd/uid.c
===================================================================
--- trunk/source/smbd/uid.c 2005-12-18 21:14:06 UTC (rev 12317)
+++ trunk/source/smbd/uid.c 2005-12-18 21:27:37 UTC (rev 12318)
@@ -123,11 +123,9 @@
ent->vuid = vuser->vuid;
ent->read_only = readonly_share;
- if (user_in_list(vuser->user.unix_name ,lp_admin_users(conn->service), vuser->groups, vuser->n_groups)) {
- ent->admin_user = True;
- } else {
- ent->admin_user = False;
- }
+ ent->admin_user = token_contains_name_in_list(
+ vuser->user.unix_name, NULL, vuser->nt_user_token,
+ lp_admin_users(conn->service));
conn->read_only = ent->read_only;
conn->admin_user = ent->admin_user;
More information about the samba-cvs
mailing list