diff options
| author | Jeremy Allison <jra@samba.org> | 2002-09-27 22:51:44 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2002-09-27 22:51:44 +0000 |
| commit | e96e6a60b82b71714120ce7636fa8402007d4b03 (patch) | |
| tree | 3747896f70fecd3557d707807bd13b30c46cd5ae /source/rpc_server | |
| parent | cb89bcc935a39d9ca1ceb07a4ca85f0bda7f65fe (diff) | |
| download | samba-e96e6a60b82b71714120ce7636fa8402007d4b03.tar.gz samba-e96e6a60b82b71714120ce7636fa8402007d4b03.tar.xz samba-e96e6a60b82b71714120ce7636fa8402007d4b03.zip | |
It turns out that Windows allows delete printer on a handle
opened by an admin user, then used on a pipe handle created
by an anonymous user..... but they're working on security.... riiight !
Jeremy.
Diffstat (limited to 'source/rpc_server')
| -rw-r--r-- | source/rpc_server/srv_spoolss_nt.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c index 2190215107a..e60a1d20638 100644 --- a/source/rpc_server/srv_spoolss_nt.c +++ b/source/rpc_server/srv_spoolss_nt.c @@ -318,6 +318,19 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd) return WERR_BADFID; } + /* + * It turns out that Windows allows delete printer on a handle + * opened by an admin user, then used on a pipe handle created + * by an anonymous user..... but they're working on security.... riiight ! + * JRA. + */ + + if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) { + DEBUG(3, ("delete_printer_handle: denied by handle\n")); + return WERR_ACCESS_DENIED; + } + +#if 0 /* Check calling user has permission to delete printer. Note that since we set the snum parameter to -1 only administrators can delete the printer. This stops people with the Full Control @@ -327,6 +340,7 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd) DEBUG(3, ("printer delete denied by security descriptor\n")); return WERR_ACCESS_DENIED; } +#endif if (*lp_deleteprinter_cmd()) { |