diff options
author | Jeremy Allison <jra@samba.org> | 2010-03-15 12:18:04 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2010-03-15 14:49:20 -0700 |
commit | b32ce075f8b5a3a2ab0a72ffed16924cda90f423 (patch) | |
tree | 5d2bb484308700ceeb0e07862891a3404b42b5c0 /source3/smbd | |
parent | 984eee7e290cd0dd20baf8a531ed9afc142796ff (diff) | |
download | samba-b32ce075f8b5a3a2ab0a72ffed16924cda90f423.tar.gz samba-b32ce075f8b5a3a2ab0a72ffed16924cda90f423.tar.bz2 samba-b32ce075f8b5a3a2ab0a72ffed16924cda90f423.zip |
Simplify processing of "admin user". If a user is an admin_user ensure their conn token is uid 0.
This simplifies change_to_user() and removes special processing of the assignments
we pass to set_sec_ctx().
Jeremy.
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/uid.c | 29 |
1 files changed, 14 insertions, 15 deletions
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 5e3b84da50..9dc354bf5a 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -167,6 +167,9 @@ static bool check_user_ok(connection_struct *conn, conn->read_only = readonly_share; conn->admin_user = admin_user; + if (conn->admin_user) { + conn->server_info->utok.uid = sec_initial_uid(); + } return(True); } @@ -278,26 +281,22 @@ bool change_to_user(connection_struct *conn, uint16 vuid) return false; } + /* security = share sets force_user. */ + if (!conn->force_user && !vuser) { + DEBUG(2,("change_to_user: Invalid vuid used %d in accessing " + "share %s.\n",vuid, lp_servicename(snum) )); + return False; + } + /* * conn->server_info is now correctly set up with a copy we can mess * with for force_group etc. */ - if (conn->force_user) /* security = share sets this too */ { - uid = conn->server_info->utok.uid; - gid = conn->server_info->utok.gid; - group_list = conn->server_info->utok.groups; - num_groups = conn->server_info->utok.ngroups; - } else if (vuser) { - uid = conn->admin_user ? 0 : vuser->server_info->utok.uid; - gid = conn->server_info->utok.gid; - num_groups = conn->server_info->utok.ngroups; - group_list = conn->server_info->utok.groups; - } else { - DEBUG(2,("change_to_user: Invalid vuid used %d in accessing " - "share %s.\n",vuid, lp_servicename(snum) )); - return False; - } + uid = conn->server_info->utok.uid; + gid = conn->server_info->utok.gid; + num_groups = conn->server_info->utok.ngroups; + group_list = conn->server_info->utok.groups; /* * See if we should force group for this service. |