From 70c5bed4b2ca4660e8a06cee6d4e813744cc7be8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 18 Aug 2010 16:48:20 +0200 Subject: s3: Replace calls to check_access by allow_access We already have both the name and address of the client stored now --- source3/lib/access.c | 4 ++++ source3/rpc_server/srv_spoolss_nt.c | 4 ++-- source3/smbd/process.c | 10 ++++++---- source3/smbd/service.c | 9 +++++---- 4 files changed, 17 insertions(+), 10 deletions(-) diff --git a/source3/lib/access.c b/source3/lib/access.c index 9808218412..00cdd5cd13 100644 --- a/source3/lib/access.c +++ b/source3/lib/access.c @@ -328,6 +328,10 @@ bool allow_access(const char **deny_list, ret = allow_access_internal(deny_list, allow_list, nc_cname, nc_caddr); + DEBUG(ret ? 3 : 0, + ("%s connection from %s (%s)\n", + ret ? "Allowed" : "Denied", nc_cname, nc_caddr)); + SAFE_FREE(nc_cname); SAFE_FREE(nc_caddr); return ret; diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 46e47f595f..287c720c59 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -1642,8 +1642,8 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, /* check smb.conf parameters and the the sec_desc */ - if ( !check_access(smbd_server_fd(), lp_hostsallow(snum), - lp_hostsdeny(snum)) ) { + if (!allow_access(lp_hostsdeny(snum), lp_hostsallow(snum), + p->client_id->name, p->client_id->addr)) { DEBUG(3, ("access DENIED (hosts allow/deny) for printer open\n")); ZERO_STRUCTP(r->out.handle); return WERR_ACCESS_DENIED; diff --git a/source3/smbd/process.c b/source3/smbd/process.c index d6acc829cf..126b6b797e 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1554,8 +1554,9 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in /* does this protocol need to be run as guest? */ if ((flags & AS_GUEST) && (!change_to_guest() || - !check_access(sconn->sock, lp_hostsallow(-1), - lp_hostsdeny(-1)))) { + !allow_access(lp_hostsdeny(-1), lp_hostsallow(-1), + sconn->client_id.name, + sconn->client_id.addr))) { reply_nterror(req, NT_STATUS_ACCESS_DENIED); return conn; } @@ -2982,8 +2983,9 @@ void smbd_process(struct smbd_server_connection *sconn) * the hosts allow list. */ - if (!check_access(sconn->sock, lp_hostsallow(-1), - lp_hostsdeny(-1))) { + if (!allow_access(lp_hostsdeny(-1), lp_hostsallow(-1), + sconn->client_id.name, + sconn->client_id.addr)) { /* * send a negative session response "not listening on calling * name" diff --git a/source3/smbd/service.c b/source3/smbd/service.c index ef74b397c3..d395572856 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -424,11 +424,12 @@ int find_service(fstring service) This function modifies dev, ecode. ****************************************************************************/ -static NTSTATUS share_sanity_checks(int server_sock, int snum, fstring dev) +static NTSTATUS share_sanity_checks(struct client_address *client_id, int snum, + fstring dev) { if (!lp_snum_ok(snum) || - !check_access(server_sock, - lp_hostsallow(snum), lp_hostsdeny(snum))) { + !allow_access(lp_hostsdeny(snum), lp_hostsallow(snum), + client_id->name, client_id->addr)) { return NT_STATUS_ACCESS_DENIED; } @@ -658,7 +659,7 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, fstrcpy(dev, pdev); - *pstatus = share_sanity_checks(sconn->sock, snum, dev); + *pstatus = share_sanity_checks(&sconn->client_id, snum, dev); if (NT_STATUS_IS_ERR(*pstatus)) { goto err_root_exit; } -- cgit