[SCM] Samba Shared Repository - branch master updated -
release-4-0-0alpha7-1022-g3ef0b86
Günther Deschner
gd at samba.org
Mon Apr 13 14:15:53 GMT 2009
The branch, master has been updated
via 3ef0b8671ddf246e32b479443ce97851a671a1a8 (commit)
from baeee974495d1be18c61f74ce49a93cd02eac538 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3ef0b8671ddf246e32b479443ce97851a671a1a8
Author: Günther Deschner <gd at samba.org>
Date: Mon Apr 13 15:20:47 2009 +0200
s3-spoolss: Fix permission checks for _spoolss_AddForm,SetForm and DelForm.
Found by smbtorture test.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/srv_spoolss_nt.c | 46 +++++++++++++++++++++++++---------
1 files changed, 34 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index faa155d..3edfca9 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -8085,6 +8085,7 @@ WERROR _spoolss_AddForm(pipes_struct *p,
int snum;
WERROR status = WERR_OK;
NT_PRINTER_INFO_LEVEL *printer = NULL;
+ SE_PRIV se_printop = SE_PRINT_OPERATOR;
int count=0;
nt_forms_struct *list=NULL;
@@ -8111,10 +8112,17 @@ WERROR _spoolss_AddForm(pipes_struct *p,
goto done;
}
- if ( !(Printer->access_granted & (PRINTER_ACCESS_ADMINISTER|SERVER_ACCESS_ADMINISTER)) ) {
- DEBUG(2,("_spoolss_addform: denied by handle permissions.\n"));
- status = WERR_ACCESS_DENIED;
- goto done;
+ /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
+ and not a printer admin, then fail */
+
+ if ((p->server_info->utok.uid != 0) &&
+ !user_has_privileges(p->server_info->ptok, &se_printop) &&
+ !token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
+ NULL, NULL,
+ p->server_info->ptok,
+ lp_printer_admin(snum))) {
+ DEBUG(2,("_spoolss_Addform: denied by insufficient permissions.\n"));
+ return WERR_ACCESS_DENIED;
}
/* can't add if builtin */
@@ -8163,6 +8171,7 @@ WERROR _spoolss_DeleteForm(pipes_struct *p,
int snum;
WERROR status = WERR_OK;
NT_PRINTER_INFO_LEVEL *printer = NULL;
+ SE_PRIV se_printop = SE_PRINT_OPERATOR;
DEBUG(5,("_spoolss_DeleteForm\n"));
@@ -8184,12 +8193,17 @@ WERROR _spoolss_DeleteForm(pipes_struct *p,
goto done;
}
- if ( !(Printer->access_granted & (PRINTER_ACCESS_ADMINISTER|SERVER_ACCESS_ADMINISTER)) ) {
- DEBUG(2,("_spoolss_DeleteForm: denied by handle permissions.\n"));
- status = WERR_ACCESS_DENIED;
- goto done;
+ if ((p->server_info->utok.uid != 0) &&
+ !user_has_privileges(p->server_info->ptok, &se_printop) &&
+ !token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
+ NULL, NULL,
+ p->server_info->ptok,
+ lp_printer_admin(snum))) {
+ DEBUG(2,("_spoolss_DeleteForm: denied by insufficient permissions.\n"));
+ return WERR_ACCESS_DENIED;
}
+
/* can't delete if builtin */
if (get_a_builtin_ntform_by_string(form_name,&tmpForm)) {
@@ -8229,6 +8243,7 @@ WERROR _spoolss_SetForm(pipes_struct *p,
int snum;
WERROR status = WERR_OK;
NT_PRINTER_INFO_LEVEL *printer = NULL;
+ SE_PRIV se_printop = SE_PRINT_OPERATOR;
int count=0;
nt_forms_struct *list=NULL;
@@ -8254,10 +8269,17 @@ WERROR _spoolss_SetForm(pipes_struct *p,
goto done;
}
- if ( !(Printer->access_granted & (PRINTER_ACCESS_ADMINISTER|SERVER_ACCESS_ADMINISTER)) ) {
- DEBUG(2,("_spoolss_SetForm: denied by handle permissions\n"));
- status = WERR_ACCESS_DENIED;
- goto done;
+ /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
+ and not a printer admin, then fail */
+
+ if ((p->server_info->utok.uid != 0) &&
+ !user_has_privileges(p->server_info->ptok, &se_printop) &&
+ !token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
+ NULL, NULL,
+ p->server_info->ptok,
+ lp_printer_admin(snum))) {
+ DEBUG(2,("_spoolss_Setform: denied by insufficient permissions.\n"));
+ return WERR_ACCESS_DENIED;
}
/* can't set if builtin */
--
Samba Shared Repository
More information about the samba-cvs
mailing list