diff options
| author | Günther Deschner <gd@samba.org> | 2010-06-11 11:24:06 +0200 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2010-06-16 12:15:24 +0200 |
| commit | 14f2525f9e72edffbc0530d3aa20a5a9b80b2ce2 (patch) | |
| tree | fba38a0dc08d1911fcabc6849ef58f78ea7ebea7 /source3 | |
| parent | 47ae4a518c5eb7c02d3f6c65f64d2ac490a90e83 (diff) | |
| download | samba-14f2525f9e72edffbc0530d3aa20a5a9b80b2ce2.tar.gz samba-14f2525f9e72edffbc0530d3aa20a5a9b80b2ce2.tar.xz samba-14f2525f9e72edffbc0530d3aa20a5a9b80b2ce2.zip | |
s3-printing: add BUILTIN\Print Operators as FULL CONTROL to default sd.
Guenther
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/printing/nt_printing.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 434311d665e..657db569741 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -2630,7 +2630,7 @@ WERROR spoolss_create_default_devmode(TALLOC_CTX *mem_ctx, WERROR spoolss_create_default_secdesc(TALLOC_CTX *mem_ctx, struct spoolss_security_descriptor **secdesc) { - struct security_ace ace[5]; /* max number of ace entries */ + struct security_ace ace[7]; /* max number of ace entries */ int i = 0; uint32_t sa; struct security_acl *psa = NULL; @@ -2680,6 +2680,16 @@ WERROR spoolss_create_default_secdesc(TALLOC_CTX *mem_ctx, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, SEC_ACE_FLAG_CONTAINER_INHERIT); + /* add BUILTIN\Print Operators as FULL CONTROL */ + + sa = PRINTER_ACE_FULL_CONTROL; + init_sec_ace(&ace[i++], &global_sid_Builtin_Print_Operators, + SEC_ACE_TYPE_ACCESS_ALLOWED, sa, + SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY); + init_sec_ace(&ace[i++], &global_sid_Builtin_Print_Operators, + SEC_ACE_TYPE_ACCESS_ALLOWED, + sa, SEC_ACE_FLAG_CONTAINER_INHERIT); + /* Make the security descriptor owned by the BUILTIN\Administrators */ /* The ACL revision number in rpc_secdesc.h differs from the one @@ -5317,7 +5327,7 @@ WERROR nt_printing_setsec(const char *sharename, struct sec_desc_buf *secdesc_ct static struct sec_desc_buf *construct_default_printer_sdb(TALLOC_CTX *ctx) { - struct security_ace ace[5]; /* max number of ace entries */ + struct security_ace ace[7]; /* max number of ace entries */ int i = 0; uint32_t sa; struct security_acl *psa = NULL; @@ -5368,6 +5378,16 @@ static struct sec_desc_buf *construct_default_printer_sdb(TALLOC_CTX *ctx) SEC_ACE_TYPE_ACCESS_ALLOWED, sa, SEC_ACE_FLAG_CONTAINER_INHERIT); + /* add BUILTIN\Print Operators as FULL CONTROL */ + + sa = PRINTER_ACE_FULL_CONTROL; + init_sec_ace(&ace[i++], &global_sid_Builtin_Print_Operators, + SEC_ACE_TYPE_ACCESS_ALLOWED, sa, + SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY); + init_sec_ace(&ace[i++], &global_sid_Builtin_Print_Operators, + SEC_ACE_TYPE_ACCESS_ALLOWED, + sa, SEC_ACE_FLAG_CONTAINER_INHERIT); + /* Make the security descriptor owned by the BUILTIN\Administrators */ /* The ACL revision number in rpc_secdesc.h differs from the one |