diff options
| author | Volker Lendecke <vl@samba.org> | 2008-06-14 16:55:02 +0200 |
|---|---|---|
| committer | Volker Lendecke <vl@samba.org> | 2008-06-14 19:49:49 +0200 |
| commit | 82d4806ce62a78b0eecc4805b7ecf7f77b196864 (patch) | |
| tree | ddbabce48f36afaffc548198fb30e0cd0afd2c65 | |
| parent | ee6ee96af2cf6a5bf2b825883a9cb5f2ff64de5b (diff) | |
| download | samba-82d4806ce62a78b0eecc4805b7ecf7f77b196864.tar.gz samba-82d4806ce62a78b0eecc4805b7ecf7f77b196864.tar.bz2 samba-82d4806ce62a78b0eecc4805b7ecf7f77b196864.zip | |
Slight refactoring for check_user_ok: It only needs vuid and server_info
(This used to be commit 68944ea1ea7a0a63b08cbfc703f5ee29d2627696)
| -rw-r--r-- | source3/smbd/uid.c | 38 |
1 files changed, 18 insertions, 20 deletions
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 54caca9405..bded780c49 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -61,7 +61,9 @@ bool change_to_guest(void) later code can then mess with. ********************************************************************/ -static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum) +static bool check_user_ok(connection_struct *conn, uint16_t vuid, + struct auth_serversupplied_info *server_info, + int snum) { unsigned int i; struct vuid_cache_entry *ent = NULL; @@ -70,7 +72,7 @@ static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum) for (i=0; i<VUID_CACHE_SIZE; i++) { ent = &conn->vuid_cache.array[i]; - if (ent->vuid == vuser->vuid) { + if (ent->vuid == vuid) { conn->server_info = ent->server_info; conn->read_only = ent->read_only; conn->admin_user = ent->admin_user; @@ -78,20 +80,18 @@ static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum) } } - if (!user_ok_token(vuser->server_info->unix_name, - pdb_get_domain(vuser->server_info->sam_account), - vuser->server_info->ptok, - snum)) + if (!user_ok_token(server_info->unix_name, + pdb_get_domain(server_info->sam_account), + server_info->ptok, snum)) return(False); readonly_share = is_share_read_only_for_token( - vuser->server_info->unix_name, - pdb_get_domain(vuser->server_info->sam_account), - vuser->server_info->ptok, - snum); + server_info->unix_name, + pdb_get_domain(server_info->sam_account), + server_info->ptok, snum); if (!readonly_share && - !share_access_check(vuser->server_info->ptok, lp_servicename(snum), + !share_access_check(server_info->ptok, lp_servicename(snum), FILE_WRITE_DATA)) { /* smb.conf allows r/w, but the security descriptor denies * write. Fall back to looking at readonly. */ @@ -100,17 +100,16 @@ static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum) "security descriptor\n")); } - if (!share_access_check(vuser->server_info->ptok, lp_servicename(snum), + if (!share_access_check(server_info->ptok, lp_servicename(snum), readonly_share ? FILE_READ_DATA : FILE_WRITE_DATA)) { return False; } admin_user = token_contains_name_in_list( - vuser->server_info->unix_name, - pdb_get_domain(vuser->server_info->sam_account), - NULL, vuser->server_info->ptok, - lp_admin_users(snum)); + server_info->unix_name, + pdb_get_domain(server_info->sam_account), + NULL, server_info->ptok, lp_admin_users(snum)); ent = &conn->vuid_cache.array[conn->vuid_cache.next_entry]; @@ -125,15 +124,14 @@ static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum) */ ent->server_info = copy_serverinfo( - conn, - conn->force_user ? conn->server_info : vuser->server_info); + conn, conn->force_user ? conn->server_info : server_info); if (ent->server_info == NULL) { ent->vuid = UID_FIELD_INVALID; return false; } - ent->vuid = vuser->vuid; + ent->vuid = vuid; ent->read_only = readonly_share; ent->admin_user = admin_user; @@ -186,7 +184,7 @@ bool change_to_user(connection_struct *conn, uint16 vuid) snum = SNUM(conn); - if ((vuser) && !check_user_ok(conn, vuser, snum)) { + if ((vuser) && !check_user_ok(conn, vuid, vuser->server_info, snum)) { DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) " "not permitted access to share %s.\n", vuser->server_info->sanitized_username, |