svn commit: samba r17096 - in branches/SAMBA_3_0/source: rpc_server
smbd
vlendec at samba.org
vlendec at samba.org
Mon Jul 17 19:50:59 GMT 2006
Author: vlendec
Date: 2006-07-17 19:50:59 +0000 (Mon, 17 Jul 2006)
New Revision: 17096
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17096
Log:
Simplify share_access_check a bit: It takes the sharename instead of the snum,
and the decision which token to use (conn or vuser) does not really belong
here, it is better done in the two places where this is called.
Volker
Modified:
branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c
branches/SAMBA_3_0/source/smbd/service.c
branches/SAMBA_3_0/source/smbd/uid.c
Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c 2006-07-17 19:31:01 UTC (rev 17095)
+++ branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c 2006-07-17 19:50:59 UTC (rev 17096)
@@ -320,36 +320,30 @@
Can this user access with share with the required permissions ?
********************************************************************/
-BOOL share_access_check(connection_struct *conn, int snum, user_struct *vuser, uint32 desired_access)
+BOOL share_access_check(const NT_USER_TOKEN *token, const char *sharename,
+ uint32 desired_access)
{
uint32 granted;
NTSTATUS status;
TALLOC_CTX *mem_ctx = NULL;
SEC_DESC *psd = NULL;
size_t sd_size;
- NT_USER_TOKEN *token = NULL;
BOOL ret = True;
- mem_ctx = talloc_init("share_access_check");
- if (mem_ctx == NULL)
+ if (!(mem_ctx = talloc_init("share_access_check"))) {
return False;
+ }
- psd = get_share_security(mem_ctx, lp_servicename(snum), &sd_size);
+ psd = get_share_security(mem_ctx, sharename, &sd_size);
- if (!psd)
- goto out;
+ if (!psd) {
+ TALLOC_FREE(mem_ctx);
+ return True;
+ }
- if (conn->nt_user_token)
- token = conn->nt_user_token;
- else
- token = vuser->nt_user_token;
-
ret = se_access_check(psd, token, desired_access, &granted, &status);
-out:
-
talloc_destroy(mem_ctx);
-
return ret;
}
Modified: branches/SAMBA_3_0/source/smbd/service.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/service.c 2006-07-17 19:31:01 UTC (rev 17095)
+++ branches/SAMBA_3_0/source/smbd/service.c 2006-07-17 19:50:59 UTC (rev 17096)
@@ -767,11 +767,16 @@
*/
{
- BOOL can_write = share_access_check(conn, snum, vuser,
+ NT_USER_TOKEN *token = conn->nt_user_token ?
+ conn->nt_user_token : vuser->nt_user_token;
+
+ BOOL can_write = share_access_check(token,
+ lp_servicename(snum),
FILE_WRITE_DATA);
if (!can_write) {
- if (!share_access_check(conn, snum, vuser,
+ if (!share_access_check(token,
+ lp_servicename(snum),
FILE_READ_DATA)) {
/* No access, read or write. */
DEBUG(0,("make_connection: connection to %s "
Modified: branches/SAMBA_3_0/source/smbd/uid.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/uid.c 2006-07-17 19:31:01 UTC (rev 17095)
+++ branches/SAMBA_3_0/source/smbd/uid.c 2006-07-17 19:50:59 UTC (rev 17096)
@@ -87,6 +87,7 @@
unsigned int i;
struct vuid_cache_entry *ent = NULL;
BOOL readonly_share;
+ NT_USER_TOKEN *token;
for (i=0;i<conn->vuid_cache.entries && i< VUID_CACHE_SIZE;i++) {
if (conn->vuid_cache.array[i].vuid == vuser->vuid) {
@@ -104,8 +105,12 @@
vuser->nt_user_token,
SNUM(conn));
+ token = conn->nt_user_token ?
+ conn->nt_user_token : vuser->nt_user_token;
+
if (!readonly_share &&
- !share_access_check(conn, snum, vuser, FILE_WRITE_DATA)) {
+ !share_access_check(token, lp_servicename(snum),
+ FILE_WRITE_DATA)) {
/* smb.conf allows r/w, but the security descriptor denies
* write. Fall back to looking at readonly. */
readonly_share = True;
@@ -113,7 +118,7 @@
"security descriptor\n"));
}
- if (!share_access_check(conn, snum, vuser,
+ if (!share_access_check(token, lp_servicename(snum),
readonly_share ?
FILE_READ_DATA : FILE_WRITE_DATA)) {
return False;
More information about the samba-cvs
mailing list