diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/smbd/proto.h | 2 | ||||
-rw-r--r-- | source3/smbd/service.c | 19 |
2 files changed, 12 insertions, 9 deletions
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 5eb899ffb5..abc6b289c0 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -979,7 +979,7 @@ void smbd_exit_server_cleanly(const char *const reason) _NORETURN_; bool set_conn_connectpath(connection_struct *conn, const char *connectpath); NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum); -void create_share_access_mask(connection_struct *conn, int snum); +uint32_t create_share_access_mask(connection_struct *conn, int snum); bool set_current_service(connection_struct *conn, uint16 flags, bool do_chdir); void load_registry_shares(void); int add_home_service(const char *service, const char *username, const char *homedir); diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 828c036360..1cd12a6fdc 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -515,34 +515,37 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum) Setup the share access mask for a connection. ****************************************************************************/ -void create_share_access_mask(connection_struct *conn, int snum) +uint32_t create_share_access_mask(connection_struct *conn, int snum) { const struct security_token *token = conn->session_info->security_token; + uint32_t share_access = 0; share_access_check(token, lp_servicename(talloc_tos(), snum), MAXIMUM_ALLOWED_ACCESS, - &conn->share_access); + &share_access); if (!CAN_WRITE(conn)) { - conn->share_access &= + share_access &= ~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE | SEC_DIR_DELETE_CHILD ); } if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) { - conn->share_access |= SEC_FLAG_SYSTEM_SECURITY; + share_access |= SEC_FLAG_SYSTEM_SECURITY; } if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) { - conn->share_access |= (SEC_RIGHTS_PRIV_RESTORE); + share_access |= (SEC_RIGHTS_PRIV_RESTORE); } if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) { - conn->share_access |= (SEC_RIGHTS_PRIV_BACKUP); + share_access |= (SEC_RIGHTS_PRIV_BACKUP); } if (security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) { - conn->share_access |= (SEC_STD_WRITE_OWNER); + share_access |= (SEC_STD_WRITE_OWNER); } + + return share_access; } /**************************************************************************** @@ -654,7 +657,7 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn, * */ - create_share_access_mask(conn, snum); + conn->share_access = create_share_access_mask(conn, snum); if ((conn->share_access & FILE_WRITE_DATA) == 0) { if ((conn->share_access & FILE_READ_DATA) == 0) { |