svn commit: samba r12316 - in trunk/source: rpc_server smbd
vlendec at samba.org
vlendec at samba.org
Sun Dec 18 21:08:14 GMT 2005
Author: vlendec
Date: 2005-12-18 21:08:13 +0000 (Sun, 18 Dec 2005)
New Revision: 12316
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12316
Log:
Make use of user_ok_token in all callers of user_ok except the
authorise_login. authorise_login is a bit more difficult and probably needs to
stay name-based, this is for 'security=share'.
This definitely needs inspection. I did test it, but I'm sure this breaks at
least some installations with funny user and group name combinations.
Benefits? From my point of view this might be a basis for a lot of internal
clean up. A bit of that will follow with the next checkins.
Volker
P.S: Thanks to version control all this can be reverted if anybody finds
serious holes in it. Please comment.
Modified:
trunk/source/rpc_server/srv_spoolss_nt.c
trunk/source/smbd/password.c
trunk/source/smbd/service.c
trunk/source/smbd/uid.c
Changeset:
Modified: trunk/source/rpc_server/srv_spoolss_nt.c
===================================================================
--- trunk/source/rpc_server/srv_spoolss_nt.c 2005-12-18 21:00:47 UTC (rev 12315)
+++ trunk/source/rpc_server/srv_spoolss_nt.c 2005-12-18 21:08:13 UTC (rev 12316)
@@ -1676,7 +1676,10 @@
return WERR_ACCESS_DENIED;
}
- if (!user_ok(uidtoname(user.uid), snum, user.groups, user.ngroups) || !print_access_check(&user, snum, printer_default->access_required)) {
+ if (!user_ok_token(uidtoname(user.uid), user.nt_user_token,
+ snum) ||
+ !print_access_check(&user, snum,
+ printer_default->access_required)) {
DEBUG(3, ("access DENIED for printer open\n"));
close_printer_handle(p, handle);
return WERR_ACCESS_DENIED;
Modified: trunk/source/smbd/password.c
===================================================================
--- trunk/source/smbd/password.c 2005-12-18 21:00:47 UTC (rev 12315)
+++ trunk/source/smbd/password.c 2005-12-18 21:08:13 UTC (rev 12316)
@@ -371,7 +371,7 @@
Check if a username is valid.
****************************************************************************/
-BOOL user_ok(const char *user,int snum, gid_t *groups, size_t n_groups)
+static BOOL user_ok(const char *user,int snum, gid_t *groups, size_t n_groups)
{
char **valid, **invalid;
BOOL ret;
Modified: trunk/source/smbd/service.c
===================================================================
--- trunk/source/smbd/service.c 2005-12-18 21:00:47 UTC (rev 12315)
+++ trunk/source/smbd/service.c 2005-12-18 21:08:13 UTC (rev 12316)
@@ -421,8 +421,8 @@
return NULL;
}
} else {
- if (!user_ok(vuser->user.unix_name, snum,
- vuser->groups, vuser->n_groups)) {
+ if (!user_ok_token(vuser->user.unix_name,
+ vuser->nt_user_token, snum)) {
DEBUG(2, ("user '%s' (from session setup) not "
"permitted to access this share "
"(%s)\n", vuser->user.unix_name,
Modified: trunk/source/smbd/uid.c
===================================================================
--- trunk/source/smbd/uid.c 2005-12-18 21:00:47 UTC (rev 12315)
+++ trunk/source/smbd/uid.c 2005-12-18 21:08:13 UTC (rev 12316)
@@ -151,7 +151,7 @@
}
}
- if (!user_ok(vuser->user.unix_name,snum, vuser->groups, vuser->n_groups))
+ if (!user_ok_token(vuser->user.unix_name, vuser->nt_user_token, snum))
return(False);
readonly_share = is_share_read_only_for_user(conn->service, vuser);
More information about the samba-cvs
mailing list