Re: [Samba] No access check deleting printer drivers

Gerald (Jerry) Carter Fri, 17 Feb 2006 13:08:26 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cesar Hernandez wrote:


> I have the same poblem. I can delete any unused printer 
> driver from my samba server. I use samba-3.0.21b.

Please try this patch at let me know.  It should apply
to any 3.0.20 or 3.0.21 release.





cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD9jqtIR7qMdg1EfYRAlPYAJoDqYymY3Go5XCFsQC+uo2UFSHkOgCg2SpD
JsyzkiGmo3RvzfXpP8coyPE=
=zM1p
-----END PGP SIGNATURE-----

Index: printing/nt_printing.c
===================================================================
--- printing/nt_printing.c      (revision 13546)
+++ printing/nt_printing.c      (working copy)
@@ -4779,6 +4779,11 @@
                return False;
        }
 
+       if ( !CAN_WRITE(conn) ) {
+               DEBUG(3,("delete_driver_files: Cannot delete print driver when 
[print$] is read-only\n"));
+               return False;
+       }
+
         /* Save who we are - we are temporarily becoming the connection user. 
*/
 
        if ( !become_user(conn, conn->vuid) ) {
Index: rpc_server/srv_spoolss_nt.c
===================================================================
--- rpc_server/srv_spoolss_nt.c (revision 13546)
+++ rpc_server/srv_spoolss_nt.c (working copy)
@@ -1967,9 +1967,20 @@
        struct current_user             user;
        WERROR                          status;
        WERROR                          status_win2k = WERR_ACCESS_DENIED;
+       SE_PRIV                         se_printop = SE_PRINT_OPERATOR; 
        
        get_current_user(&user, p);
         
+       /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
+          and not a printer admin, then fail */
+                       
+       if ( (user.uid != 0) 
+               && !user_has_privileges(user.nt_user_token, &se_printop ) 
+               && !user_in_list(uidtoname(user.uid), lp_printer_admin(-1), 
user.groups, user.ngroups) )
+       {
+               return WERR_ACCESS_DENIED;
+       }
+
        unistr2_to_ascii(driver, &q_u->driver, sizeof(driver)-1 );
        unistr2_to_ascii(arch,   &q_u->arch,   sizeof(arch)-1   );
        
@@ -2053,9 +2064,20 @@
        struct current_user             user;
        WERROR                          status;
        WERROR                          status_win2k = WERR_ACCESS_DENIED;
+       SE_PRIV                         se_printop = SE_PRINT_OPERATOR; 
        
        get_current_user(&user, p);
        
+       /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
+          and not a printer admin, then fail */
+                       
+       if ( (user.uid != 0) 
+               && !user_has_privileges(user.nt_user_token, &se_printop ) 
+               && !user_in_list(uidtoname(user.uid), lp_printer_admin(-1), 
user.groups, user.ngroups) )
+       {
+               return WERR_ACCESS_DENIED;
+       }
+       
        unistr2_to_ascii(driver, &q_u->driver, sizeof(driver)-1 );
        unistr2_to_ascii(arch,   &q_u->arch,   sizeof(arch)-1   );

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] No access check deleting printer drivers

Reply via email to