s3-spoolss: handle SEC_FLAG_MAXIMUM_ALLOWED in spoolss_OpenPrinterEx.

In case someone (smbtorture4) requests SEC_FLAG_MAXIMUM_ALLOWED, translate it
to a request of PRINTER_ACCESS_ADMINISTER.

Guenther

diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 4a3f07f8492efb48ab070b0e7f9b503fea9f94c6..5b8a208a4be2ea4dd5da4cd811222d793fd38a1e 100644 (file)
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -1676,6 +1676,10 @@ WERROR _spoolss_OpenPrinterEx(pipes_struct *p,
                        return WERR_BADFID;
                }
 
+               if (r->in.access_mask == SEC_FLAG_MAXIMUM_ALLOWED) {
+                       r->in.access_mask = PRINTER_ACCESS_ADMINISTER;
+               }
+
                se_map_standard(&r->in.access_mask, &printer_std_mapping);
 
                /* map an empty access mask to the minimum access mask */