summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2013-01-04 14:35:46 -0800
committerAndrew Bartlett <abartlet@samba.org>2013-01-09 15:29:29 +1100
commit1abb5eb89b97fab5a4c625f5492b7d26b7f17e98 (patch)
treeb9ade9d81632732721a84c75406404635e89c8a7 /source3
parentea86f4e100b547c8facc5f27ac025de6b60eea94 (diff)
downloadsamba-1abb5eb89b97fab5a4c625f5492b7d26b7f17e98.tar.gz
samba-1abb5eb89b97fab5a4c625f5492b7d26b7f17e98.tar.bz2
samba-1abb5eb89b97fab5a4c625f5492b7d26b7f17e98.zip
Factor code out of check_user_ok() into a call to check_user_share_access().
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source3')
-rw-r--r--source3/smbd/uid.c41
1 files changed, 7 insertions, 34 deletions
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 98020561ac..efdd824342 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -151,6 +151,7 @@ static bool check_user_ok(connection_struct *conn,
bool admin_user = false;
struct vuid_cache_entry *ent = NULL;
uint32_t share_access = 0;
+ NTSTATUS status;
for (i=0; i<VUID_CACHE_SIZE; i++) {
ent = &conn->vuid_cache->array[i];
@@ -163,40 +164,12 @@ static bool check_user_ok(connection_struct *conn,
}
}
- if (!user_ok_token(session_info->unix_info->unix_name,
- session_info->info->domain_name,
- session_info->security_token, snum))
- return(False);
-
- readonly_share = is_share_read_only_for_token(
- session_info->unix_info->unix_name,
- session_info->info->domain_name,
- session_info->security_token,
- conn);
-
- share_access = create_share_access_mask(snum,
- readonly_share,
- session_info->security_token);
-
- if ((share_access & FILE_WRITE_DATA) == 0) {
- if ((share_access & FILE_READ_DATA) == 0) {
- /* No access, read or write. */
- DEBUG(0,("user %s connection to %s "
- "denied due to share security "
- "descriptor.\n",
- session_info->unix_info->unix_name,
- lp_servicename(talloc_tos(), snum)));
- return false;
- }
- }
-
- if (!readonly_share &&
- !(share_access & FILE_WRITE_DATA)) {
- /* smb.conf allows r/w, but the security descriptor denies
- * write. Fall back to looking at readonly. */
- readonly_share = True;
- DEBUG(5,("falling back to read-only access-evaluation due to "
- "security descriptor\n"));
+ status = check_user_share_access(conn,
+ session_info,
+ &share_access,
+ &readonly_share);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
}
admin_user = token_contains_name_in_list(