s3: Calculate&store the maximum share access mask

Signed-off-by: Stefan Metzmacher <metze@samba.org>

2 files changed, 16 insertions, 22 deletions

diff --git a/source3/include/smb.h b/source3/include/smb.h
index a72e9ad29a..4319a1056d 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -402,6 +402,7 @@ typedef struct connection_struct {
 	bool printer;
 	bool ipc;
 	bool read_only; /* Attributes for the current user of the share. */
+	uint32_t share_access;
 	/* Does this filesystem honor
 	   sub second timestamps on files
 	   and directories when setting time ? */
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index c1d4dd1799..5c410be02a 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -641,28 +641,21 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
 	 *
 	 */
 
-	{
-		bool can_write = False;
-
-		can_write = share_access_check(
-			conn->session_info->security_token,
-			lp_servicename(snum), FILE_WRITE_DATA, NULL);
-
-		if (!can_write) {
-			if (!share_access_check(
-				    conn->session_info->security_token,
-				    lp_servicename(snum), FILE_READ_DATA,
-				    NULL)) {
-				/* No access, read or write. */
-				DEBUG(0,("make_connection: connection to %s "
-					 "denied due to security "
-					 "descriptor.\n",
-					  lp_servicename(snum)));
-				*pstatus = NT_STATUS_ACCESS_DENIED;
-				goto err_root_exit;
-			} else {
-				conn->read_only = True;
-			}
+	share_access_check(conn->session_info->security_token,
+			   lp_servicename(snum), MAXIMUM_ALLOWED_ACCESS,
+			   &conn->share_access);
+
+	if ((conn->share_access & FILE_WRITE_DATA) == 0) {
+		if ((conn->share_access & FILE_READ_DATA) == 0) {
+			/* No access, read or write. */
+			DEBUG(0,("make_connection: connection to %s "
+				 "denied due to security "
+				 "descriptor.\n",
+				 lp_servicename(snum)));
+			*pstatus = NT_STATUS_ACCESS_DENIED;
+			goto err_root_exit;
+		} else {
+			conn->read_only = True;
 		}
 	}
 	/* Initialise VFS function pointers */