[Samba] No access check deleting printer drivers

Gerald (Jerry) Carter jerry at samba.org
Fri Feb 17 21:05:49 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cesar Hernandez wrote:

> I have the same poblem. I can delete any unused printer 
> driver from my samba server. I use samba-3.0.21b.

Please try this patch at let me know.  It should apply
to any 3.0.20 or 3.0.21 release.





cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD9jqtIR7qMdg1EfYRAlPYAJoDqYymY3Go5XCFsQC+uo2UFSHkOgCg2SpD
JsyzkiGmo3RvzfXpP8coyPE=
=zM1p
-----END PGP SIGNATURE-----
-------------- next part --------------
Index: printing/nt_printing.c
===================================================================
--- printing/nt_printing.c	(revision 13546)
+++ printing/nt_printing.c	(working copy)
@@ -4779,6 +4779,11 @@
 		return False;
 	}
 
+	if ( !CAN_WRITE(conn) ) {
+		DEBUG(3,("delete_driver_files: Cannot delete print driver when [print$] is read-only\n"));
+		return False;
+	}
+
         /* Save who we are - we are temporarily becoming the connection user. */
 
 	if ( !become_user(conn, conn->vuid) ) {
Index: rpc_server/srv_spoolss_nt.c
===================================================================
--- rpc_server/srv_spoolss_nt.c	(revision 13546)
+++ rpc_server/srv_spoolss_nt.c	(working copy)
@@ -1967,9 +1967,20 @@
 	struct current_user		user;
 	WERROR				status;
 	WERROR				status_win2k = WERR_ACCESS_DENIED;
+	SE_PRIV                         se_printop = SE_PRINT_OPERATOR;	
 	
 	get_current_user(&user, p);
 	 
+	/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
+	   and not a printer admin, then fail */
+			
+	if ( (user.uid != 0) 
+		&& !user_has_privileges(user.nt_user_token, &se_printop ) 
+		&& !user_in_list(uidtoname(user.uid), lp_printer_admin(-1), user.groups, user.ngroups) )
+	{
+		return WERR_ACCESS_DENIED;
+	}
+
 	unistr2_to_ascii(driver, &q_u->driver, sizeof(driver)-1 );
 	unistr2_to_ascii(arch,   &q_u->arch,   sizeof(arch)-1   );
 	
@@ -2053,9 +2064,20 @@
 	struct current_user		user;
 	WERROR				status;
 	WERROR				status_win2k = WERR_ACCESS_DENIED;
+	SE_PRIV                         se_printop = SE_PRINT_OPERATOR;	
 	
 	get_current_user(&user, p);
 	
+	/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
+	   and not a printer admin, then fail */
+			
+	if ( (user.uid != 0) 
+		&& !user_has_privileges(user.nt_user_token, &se_printop ) 
+		&& !user_in_list(uidtoname(user.uid), lp_printer_admin(-1), user.groups, user.ngroups) )
+	{
+		return WERR_ACCESS_DENIED;
+	}
+	
 	unistr2_to_ascii(driver, &q_u->driver, sizeof(driver)-1 );
 	unistr2_to_ascii(arch,   &q_u->arch,   sizeof(arch)-1   );
 


More information about the samba mailing list