summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2010-03-15 12:18:04 -0700
committerJeremy Allison <jra@samba.org>2010-03-15 14:49:20 -0700
commitb32ce075f8b5a3a2ab0a72ffed16924cda90f423 (patch)
tree5d2bb484308700ceeb0e07862891a3404b42b5c0
parent984eee7e290cd0dd20baf8a531ed9afc142796ff (diff)
downloadsamba-b32ce075f8b5a3a2ab0a72ffed16924cda90f423.tar.gz
samba-b32ce075f8b5a3a2ab0a72ffed16924cda90f423.tar.bz2
samba-b32ce075f8b5a3a2ab0a72ffed16924cda90f423.zip
Simplify processing of "admin user". If a user is an admin_user ensure their conn token is uid 0.
This simplifies change_to_user() and removes special processing of the assignments we pass to set_sec_ctx(). Jeremy.
-rw-r--r--source3/smbd/uid.c29
1 files changed, 14 insertions, 15 deletions
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 5e3b84da50..9dc354bf5a 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -167,6 +167,9 @@ static bool check_user_ok(connection_struct *conn,
conn->read_only = readonly_share;
conn->admin_user = admin_user;
+ if (conn->admin_user) {
+ conn->server_info->utok.uid = sec_initial_uid();
+ }
return(True);
}
@@ -278,26 +281,22 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
return false;
}
+ /* security = share sets force_user. */
+ if (!conn->force_user && !vuser) {
+ DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
+ "share %s.\n",vuid, lp_servicename(snum) ));
+ return False;
+ }
+
/*
* conn->server_info is now correctly set up with a copy we can mess
* with for force_group etc.
*/
- if (conn->force_user) /* security = share sets this too */ {
- uid = conn->server_info->utok.uid;
- gid = conn->server_info->utok.gid;
- group_list = conn->server_info->utok.groups;
- num_groups = conn->server_info->utok.ngroups;
- } else if (vuser) {
- uid = conn->admin_user ? 0 : vuser->server_info->utok.uid;
- gid = conn->server_info->utok.gid;
- num_groups = conn->server_info->utok.ngroups;
- group_list = conn->server_info->utok.groups;
- } else {
- DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
- "share %s.\n",vuid, lp_servicename(snum) ));
- return False;
- }
+ uid = conn->server_info->utok.uid;
+ gid = conn->server_info->utok.gid;
+ num_groups = conn->server_info->utok.ngroups;
+ group_list = conn->server_info->utok.groups;
/*
* See if we should force group for this service.