summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2001-09-19 02:28:15 +0000
committerAndrew Bartlett <abartlet@samba.org>2001-09-19 02:28:15 +0000
commit36939fcd248529efff9fbccdc45942c9b4454b93 (patch)
tree84713b0729bf074df30bb1d30bb1affca0fc3590
parente9479e8d8af6601650ca35cce4319440a0aff9a0 (diff)
downloadsamba-36939fcd248529efff9fbccdc45942c9b4454b93.tar.gz
samba-36939fcd248529efff9fbccdc45942c9b4454b93.tar.bz2
samba-36939fcd248529efff9fbccdc45942c9b4454b93.zip
Reverse some of the breakage I commited a day or two ago, as we need to
fill out the user_info struct (otherwise we don't have a vuid for make_connection()). Also add a become_user() call, becouse it really looks like it was missing (we must pass it anyway to finish make_connection()). Is there any reason not to be the user when reading an ACL? Finally, fix up some formatting to show that the two functions are almost identical. Andrew Bartlett (This used to be commit 00c667c0ad922a1bf388b8a2b8c6137fc7f0acaa)
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c26
1 files changed, 21 insertions, 5 deletions
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 70c6579f38..8de20d4abf 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -1601,6 +1601,7 @@ NTSTATUS _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDE
NTSTATUS nt_status;
struct current_user user;
connection_struct *conn = NULL;
+ BOOL became_user = False;
ZERO_STRUCT(st);
@@ -1611,6 +1612,8 @@ NTSTATUS _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDE
/* Null password is ok - we are already an authenticated user... */
*null_pw = '\0';
+ get_current_user(&user, p);
+
conn = make_connection(qualname, null_pw, 0, "A:", user.vuid, &nt_status);
if (conn == NULL) {
@@ -1619,16 +1622,24 @@ NTSTATUS _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDE
goto error_exit;
}
+ if (!become_user(conn, conn->vuid)) {
+ DEBUG(0,("_srv_net_file_set_secdesc: Can't become connected user!\n"));
+ r_u->status = NT_STATUS_ACCESS_DENIED;
+ goto error_exit;
+ }
+ became_user = True;
+
unistr2_to_ascii(filename, &q_u->uni_file_name, sizeof(filename));
unix_convert(filename, conn, NULL, &bad_path, &st);
+
fsp = open_file_shared(conn, filename, &st, SET_OPEN_MODE(DOS_OPEN_RDONLY),
- (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &action);
+ (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &action);
if (!fsp) {
/* Perhaps it is a directory */
if (errno == EISDIR)
fsp = open_directory(conn, filename, &st,
- (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, &action);
+ (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, &action);
if (!fsp) {
DEBUG(3,("_srv_net_file_query_secdesc: Unable to open file %s\n", filename));
@@ -1664,6 +1675,9 @@ NTSTATUS _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDE
close_file(fsp, True);
}
+ if (became_user)
+ unbecome_user();
+
if (conn)
close_cnum(conn, user.vuid);
@@ -1678,9 +1692,9 @@ NTSTATUS _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *
SRV_R_NET_FILE_SET_SECDESC *r_u)
{
BOOL ret;
+ fstring null_pw;
pstring filename;
pstring qualname;
- fstring null_pw;
files_struct *fsp = NULL;
SMB_STRUCT_STAT st;
BOOL bad_path;
@@ -1700,6 +1714,8 @@ NTSTATUS _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *
/* Null password is ok - we are already an authenticated user... */
*null_pw = '\0';
+ get_current_user(&user, p);
+
conn = make_connection(qualname, null_pw, 0, "A:", user.vuid, &nt_status);
if (conn == NULL) {
@@ -1719,13 +1735,13 @@ NTSTATUS _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *
unix_convert(filename, conn, NULL, &bad_path, &st);
fsp = open_file_shared(conn, filename, &st, SET_OPEN_MODE(DOS_OPEN_RDWR),
- (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &action);
+ (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &action);
if (!fsp) {
/* Perhaps it is a directory */
if (errno == EISDIR)
fsp = open_directory(conn, filename, &st,
- (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, &action);
+ (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, &action);
if (!fsp) {
DEBUG(3,("_srv_net_file_set_secdesc: Unable to open file %s\n", filename));