Revert this commit :

s3: Make smbd aware of permission change of usershare. Since usershare are relatively volatile and non-previledge users must disconnect from smbd and reconnect to it to make share permission in effect. For now. This is a feature request and I think we need to design it a little differently so as not to touch core change_to_user() code. Jeremy.
author: Jeremy Allison <jra@samba.org> 2009-07-14 11:25:45 -0700
committer: Jeremy Allison <jra@samba.org> 2009-07-14 11:25:45 -0700
commit: d57e67f9eb5a6a05f0e173d48e86dd1fe050635e (patch)
tree: 4afa76c7ebeb407d9a7178f1747aafe413a9e5b7 /source3/smbd/uid.c
parent: 73e96935c3604d21552ba93dfd561eaf7606f52d (diff)
download: samba-d57e67f9eb5a6a05f0e173d48e86dd1fe050635e.tar.gz
samba-d57e67f9eb5a6a05f0e173d48e86dd1fe050635e.tar.bz2
samba-d57e67f9eb5a6a05f0e173d48e86dd1fe050635e.zip
1 files changed, 24 insertions, 72 deletions
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 8e5a386a2d..2ec50cd4d8 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -82,17 +82,12 @@ static void free_conn_server_info_if_unused(connection_struct *conn)
 static bool check_user_ok(connection_struct *conn,
 			uint16_t vuid,
 			const struct auth_serversupplied_info *server_info,
-			int snum, bool recheck, NTSTATUS *pstatus)
+			int snum)
 {
 	bool valid_vuid = (vuid != UID_FIELD_INVALID);
 	unsigned int i;
 	bool readonly_share;
 	bool admin_user;
-	struct vuid_cache_entry *ent0;
-
-	if (pstatus) {
-		*pstatus = NT_STATUS_OK;
-	}
 
 	if (valid_vuid) {
 		struct vuid_cache_entry *ent;
@@ -101,27 +96,18 @@ static bool check_user_ok(connection_struct *conn,
 			ent = &conn->vuid_cache.array[i];
 			if (ent->vuid == vuid) {
 				free_conn_server_info_if_unused(conn);
-				ent0 = ent;
-				if (!recheck) {
-					conn->server_info = ent->server_info;
-					conn->read_only = ent->read_only;
-					conn->admin_user = ent->admin_user;
-					return(True);
-				} else {
-					break;
-				}
+				conn->server_info = ent->server_info;
+				conn->read_only = ent->read_only;
+				conn->admin_user = ent->admin_user;
+				return(True);
 			}
 		}
 	}
 
 	if (!user_ok_token(server_info->unix_name,
 			   pdb_get_domain(server_info->sam_account),
-			   server_info->ptok, snum)) {
-		if (pstatus) {
-			*pstatus = NT_STATUS_ACCESS_DENIED;
-		}
+			   server_info->ptok, snum))
 		return(False);
-	}
 
 	readonly_share = is_share_read_only_for_token(
 		server_info->unix_name,
@@ -142,9 +128,6 @@ static bool check_user_ok(connection_struct *conn,
 	if (!share_access_check(server_info->ptok, lp_servicename(snum),
 				readonly_share ?
 				FILE_READ_DATA : FILE_WRITE_DATA)) {
-		if (pstatus) {
-			*pstatus = NT_STATUS_ACCESS_DENIED;
-		}
 		return False;
 	}
 
@@ -154,26 +137,13 @@ static bool check_user_ok(connection_struct *conn,
 		NULL, server_info->ptok, lp_admin_users(snum));
 
 	if (valid_vuid) {
-		struct vuid_cache_entry *ent = NULL;
-
-		if (!recheck || i == VUID_CACHE_SIZE) {
-			/* find a new entry and fill it. */
-			ent = &conn->vuid_cache.array[conn->vuid_cache.next_entry];
+		struct vuid_cache_entry *ent =
+			&conn->vuid_cache.array[conn->vuid_cache.next_entry];
 
-			conn->vuid_cache.next_entry =
-				(conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
+		conn->vuid_cache.next_entry =
+			(conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
 
-			TALLOC_FREE(ent->server_info);
-		} else if (recheck && (i < VUID_CACHE_SIZE) && (ent0->vuid == vuid)) {
-			/* she perform forced recheck, replace the old one. */
-			ent = ent0;
-		} else {
-			/* must not happen */
-			DEBUG(0, ("check_user_ok: recheck %s\n", recheck ? "true" : "false"));
-			DEBUG(0, ("check_user_ok: vuid cache %d -- %d\n", i, VUID_CACHE_SIZE));
-			DEBUG(0, ("check_user_ok: vuid %d -- %d\n", ent0->vuid, vuid));
-			smb_panic("should not happen");
-		}
+		TALLOC_FREE(ent->server_info);
 
 		/*
 		 * If force_user was set, all server_info's are based on the same
@@ -185,9 +155,6 @@ static bool check_user_ok(connection_struct *conn,
 
 		if (ent->server_info == NULL) {
 			ent->vuid = UID_FIELD_INVALID;
-			if (pstatus) {
-				*pstatus = NT_STATUS_NO_MEMORY;
-			}
 			return false;
 		}
 
@@ -254,8 +221,7 @@ void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
  stack, but modify the current_user entries.
 ****************************************************************************/
 
-bool change_to_user_force_recheck(connection_struct *conn, uint16 vuid,
-				  bool recheck, NTSTATUS *pstatus)
+bool change_to_user(connection_struct *conn, uint16 vuid)
 {
 	const struct auth_serversupplied_info *server_info = NULL;
 	struct smbd_server_connection *sconn = smbd_server_conn;
@@ -269,9 +235,6 @@ bool change_to_user_force_recheck(connection_struct *conn, uint16 vuid,
 
 	if (!conn) {
 		DEBUG(2,("change_to_user: Connection not open\n"));
-		if (pstatus) {
-			*pstatus = NT_STATUS_INVALID_HANDLE;
-		}
 		return(False);
 	}
 
@@ -282,19 +245,17 @@ bool change_to_user_force_recheck(connection_struct *conn, uint16 vuid,
 	 * SMB's - this hurts performance - Badly.
 	 */
 
-	if (!recheck) {
-		if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
-		   (current_user.ut.uid == conn->server_info->utok.uid)) {
-			DEBUG(4,("change_to_user: Skipping user change - already "
-				 "user\n"));
-			return(True);
-		} else if ((current_user.conn == conn) &&
-			   (vuser != NULL) && (current_user.vuid == vuid) &&
-			   (current_user.ut.uid == vuser->server_info->utok.uid)) {
-			DEBUG(4,("change_to_user: Skipping user change - already "
-				 "user\n"));
-			return(True);
-		}
+	if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
+	   (current_user.ut.uid == conn->server_info->utok.uid)) {
+		DEBUG(4,("change_to_user: Skipping user change - already "
+			 "user\n"));
+		return(True);
+	} else if ((current_user.conn == conn) && 
+		   (vuser != NULL) && (current_user.vuid == vuid) &&
+		   (current_user.ut.uid == vuser->server_info->utok.uid)) {
+		DEBUG(4,("change_to_user: Skipping user change - already "
+			 "user\n"));
+		return(True);
 	}
 
 	snum = SNUM(conn);
@@ -305,13 +266,10 @@ bool change_to_user_force_recheck(connection_struct *conn, uint16 vuid,
 		/* Invalid vuid sent - even with security = share. */
 		DEBUG(2,("change_to_user: Invalid vuid %d used on "
 			 "share %s.\n",vuid, lp_servicename(snum) ));
-		if (pstatus) {
-			*pstatus = NT_STATUS_ACCESS_VIOLATION;
-		}
 		return false;
 	}
 
-	if (!check_user_ok(conn, vuid, server_info, snum, recheck, pstatus)) {
+	if (!check_user_ok(conn, vuid, server_info, snum)) {
 		DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
 			 "not permitted access to share %s.\n",
 			 server_info->sanitized_username,
@@ -338,9 +296,6 @@ bool change_to_user_force_recheck(connection_struct *conn, uint16 vuid,
 	} else {
 		DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
 			 "share %s.\n",vuid, lp_servicename(snum) ));
-		if (pstatus) {
-			*pstatus = NT_STATUS_DOS(ERRSRV, ERRbaduid);
-		}
 		return False;
 	}
 
@@ -398,9 +353,6 @@ bool change_to_user_force_recheck(connection_struct *conn, uint16 vuid,
 	DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
 		 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
 
-	if (pstatus) {
-		*pstatus = NT_STATUS_OK;
-	}
 	return(True);
 }
author	Jeremy Allison <jra@samba.org>	2009-07-14 11:25:45 -0700
committer	Jeremy Allison <jra@samba.org>	2009-07-14 11:25:45 -0700
commit	d57e67f9eb5a6a05f0e173d48e86dd1fe050635e (patch)
tree	4afa76c7ebeb407d9a7178f1747aafe413a9e5b7 /source3/smbd/uid.c
parent	73e96935c3604d21552ba93dfd561eaf7606f52d (diff)
download	samba-d57e67f9eb5a6a05f0e173d48e86dd1fe050635e.tar.gz samba-d57e67f9eb5a6a05f0e173d48e86dd1fe050635e.tar.bz2 samba-d57e67f9eb5a6a05f0e173d48e86dd1fe050635e.zip