summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2011-07-04 17:02:34 +0200
committerStefan Metzmacher <metze@samba.org>2011-07-05 13:28:03 +0200
commit1c022d2e414607633323e65abbc63bb3aeaaa6a4 (patch)
tree9ed522cee9c45097e7e96869b0b066eafbd025ce /source3
parentfe8fe384f35fcf827630061ceda553ae8867f4ad (diff)
downloadsamba-1c022d2e414607633323e65abbc63bb3aeaaa6a4.tar.gz
samba-1c022d2e414607633323e65abbc63bb3aeaaa6a4.tar.bz2
samba-1c022d2e414607633323e65abbc63bb3aeaaa6a4.zip
s3: Return "granted" from share_access_check
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3')
-rw-r--r--source3/include/proto.h6
-rw-r--r--source3/lib/sharesec.c10
-rw-r--r--source3/rpc_server/srvsvc/srv_srvsvc_nt.c4
-rw-r--r--source3/smbd/service.c13
-rw-r--r--source3/smbd/uid.c11
5 files changed, 28 insertions, 16 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 91905d3cbc..c6fd474978 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -244,8 +244,10 @@ struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *ser
size_t *psize);
bool set_share_security(const char *share_name, struct security_descriptor *psd);
bool delete_share_security(const char *servicename);
-bool share_access_check(const struct security_token *token, const char *sharename,
- uint32 desired_access);
+bool share_access_check(const struct security_token *token,
+ const char *sharename,
+ uint32 desired_access,
+ uint32_t *pgranted);
bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, struct security_descriptor **ppsd);
/* The following definitions come from lib/smbrun.c */
diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c
index ed971a97a6..0c06d7bbee 100644
--- a/source3/lib/sharesec.c
+++ b/source3/lib/sharesec.c
@@ -410,8 +410,10 @@ bool delete_share_security(const char *servicename)
Can this user access with share with the required permissions ?
********************************************************************/
-bool share_access_check(const struct security_token *token, const char *sharename,
- uint32 desired_access)
+bool share_access_check(const struct security_token *token,
+ const char *sharename,
+ uint32 desired_access,
+ uint32_t *pgranted)
{
uint32 granted;
NTSTATUS status;
@@ -428,6 +430,10 @@ bool share_access_check(const struct security_token *token, const char *sharenam
TALLOC_FREE(psd);
+ if (pgranted != NULL) {
+ *pgranted = granted;
+ }
+
return NT_STATUS_IS_OK(status);
}
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index 7299d4cb77..7d52a761b6 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -541,8 +541,8 @@ static bool is_enumeration_allowed(struct pipes_struct *p,
if (!lp_access_based_share_enum(snum))
return true;
- return share_access_check(p->session_info->security_token, lp_servicename(snum),
- FILE_READ_DATA);
+ return share_access_check(p->session_info->security_token,
+ lp_servicename(snum), FILE_READ_DATA, NULL);
}
/*******************************************************************
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 73c3c4f20c..c1d4dd1799 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -644,14 +644,15 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
{
bool can_write = False;
- can_write = share_access_check(conn->session_info->security_token,
- lp_servicename(snum),
- FILE_WRITE_DATA);
+ can_write = share_access_check(
+ conn->session_info->security_token,
+ lp_servicename(snum), FILE_WRITE_DATA, NULL);
if (!can_write) {
- if (!share_access_check(conn->session_info->security_token,
- lp_servicename(snum),
- FILE_READ_DATA)) {
+ if (!share_access_check(
+ conn->session_info->security_token,
+ lp_servicename(snum), FILE_READ_DATA,
+ NULL)) {
/* No access, read or write. */
DEBUG(0,("make_connection: connection to %s "
"denied due to security "
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 285b158a19..8114144574 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -121,8 +121,9 @@ static bool check_user_ok(connection_struct *conn,
conn);
if (!readonly_share &&
- !share_access_check(session_info->security_token, lp_servicename(snum),
- FILE_WRITE_DATA)) {
+ !share_access_check(session_info->security_token,
+ lp_servicename(snum), FILE_WRITE_DATA,
+ NULL)) {
/* smb.conf allows r/w, but the security descriptor denies
* write. Fall back to looking at readonly. */
readonly_share = True;
@@ -130,9 +131,11 @@ static bool check_user_ok(connection_struct *conn,
"security descriptor\n"));
}
- if (!share_access_check(session_info->security_token, lp_servicename(snum),
+ if (!share_access_check(session_info->security_token,
+ lp_servicename(snum),
readonly_share ?
- FILE_READ_DATA : FILE_WRITE_DATA)) {
+ FILE_READ_DATA : FILE_WRITE_DATA,
+ NULL)) {
return False;
}