diff options
-rw-r--r-- | source3/rpc_server/srv_srvsvc_nt.c | 24 | ||||
-rw-r--r-- | source3/smbd/service.c | 9 | ||||
-rw-r--r-- | source3/smbd/uid.c | 9 |
3 files changed, 23 insertions, 19 deletions
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 50df99901b..19099b931e 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -320,36 +320,30 @@ static void map_generic_share_sd_bits(SEC_DESC *psd) Can this user access with share with the required permissions ? ********************************************************************/ -BOOL share_access_check(connection_struct *conn, int snum, user_struct *vuser, uint32 desired_access) +BOOL share_access_check(const NT_USER_TOKEN *token, const char *sharename, + uint32 desired_access) { uint32 granted; NTSTATUS status; TALLOC_CTX *mem_ctx = NULL; SEC_DESC *psd = NULL; size_t sd_size; - NT_USER_TOKEN *token = NULL; BOOL ret = True; - mem_ctx = talloc_init("share_access_check"); - if (mem_ctx == NULL) + if (!(mem_ctx = talloc_init("share_access_check"))) { return False; + } - psd = get_share_security(mem_ctx, lp_servicename(snum), &sd_size); - - if (!psd) - goto out; + psd = get_share_security(mem_ctx, sharename, &sd_size); - if (conn->nt_user_token) - token = conn->nt_user_token; - else - token = vuser->nt_user_token; + if (!psd) { + TALLOC_FREE(mem_ctx); + return True; + } ret = se_access_check(psd, token, desired_access, &granted, &status); -out: - talloc_destroy(mem_ctx); - return ret; } diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 9dcb8a354f..395114592a 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -767,11 +767,16 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, */ { - BOOL can_write = share_access_check(conn, snum, vuser, + NT_USER_TOKEN *token = conn->nt_user_token ? + conn->nt_user_token : vuser->nt_user_token; + + BOOL can_write = share_access_check(token, + lp_servicename(snum), FILE_WRITE_DATA); if (!can_write) { - if (!share_access_check(conn, snum, vuser, + if (!share_access_check(token, + lp_servicename(snum), FILE_READ_DATA)) { /* No access, read or write. */ DEBUG(0,("make_connection: connection to %s " diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 48d7f590c3..89d082e1ac 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -87,6 +87,7 @@ static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum) unsigned int i; struct vuid_cache_entry *ent = NULL; BOOL readonly_share; + NT_USER_TOKEN *token; for (i=0;i<conn->vuid_cache.entries && i< VUID_CACHE_SIZE;i++) { if (conn->vuid_cache.array[i].vuid == vuser->vuid) { @@ -104,8 +105,12 @@ static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum) vuser->nt_user_token, SNUM(conn)); + token = conn->nt_user_token ? + conn->nt_user_token : vuser->nt_user_token; + if (!readonly_share && - !share_access_check(conn, snum, vuser, FILE_WRITE_DATA)) { + !share_access_check(token, lp_servicename(snum), + FILE_WRITE_DATA)) { /* smb.conf allows r/w, but the security descriptor denies * write. Fall back to looking at readonly. */ readonly_share = True; @@ -113,7 +118,7 @@ static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum) "security descriptor\n")); } - if (!share_access_check(conn, snum, vuser, + if (!share_access_check(token, lp_servicename(snum), readonly_share ? FILE_READ_DATA : FILE_WRITE_DATA)) { return False; |