From 0ca9f5c023df2ee498dcd1bdb2f29abc632a5d60 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 11 Apr 2001 21:19:25 +0000
Subject: Fix for core dump in security = share code with new share security
 db. Jeremy. (This used to be commit 20b13bafdff2fd7be9219ed164e7fe91b597298d)

---
 source3/include/proto.h            |  8 ++++++-
 source3/rpc_server/srv_srvsvc_nt.c | 14 +++++++++---
 source3/smbd/service.c             | 44 +++++++++++++++++++-------------------
 3 files changed, 40 insertions(+), 26 deletions(-)

(limited to 'source3')

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 453714c044..e606724363 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1879,6 +1879,12 @@ BOOL pm_process( char *FileName,
 
 BOOL pdb_generate_sam_sid(void);
 
+/*The following definitions come from  passdb/pampass.c  */
+
+BOOL PAM_session(BOOL instance, const connection_struct *conn, char *tty);
+BOOL pam_passcheck(char * user, char * password);
+BOOL pam_passcheck( char * user, char * password );
+
 /*The following definitions come from  passdb/pass_check.c  */
 
 void dfs_unlogin(void);
@@ -3768,7 +3774,7 @@ BOOL api_srvsvc_rpc(pipes_struct *p);
 
 BOOL share_info_db_init(void);
 void map_generic_share_sd_bits(SEC_DESC *psd);
-BOOL share_access_check(int snum, uint16 vuid, uint32 desired_access);
+BOOL share_access_check(connection_struct *conn, int snum, uint16 vuid, uint32 desired_access);
 uint32 _srv_net_srv_get_info(pipes_struct *p, SRV_Q_NET_SRV_GET_INFO *q_u, SRV_R_NET_SRV_GET_INFO *r_u);
 uint32 _srv_net_file_enum(pipes_struct *p, SRV_Q_NET_FILE_ENUM *q_u, SRV_R_NET_FILE_ENUM *r_u);
 uint32 _srv_net_conn_enum(pipes_struct *p, SRV_Q_NET_CONN_ENUM *q_u, SRV_R_NET_CONN_ENUM *r_u);
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index bce5c33225..0c165bf9fa 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -293,7 +293,7 @@ void map_generic_share_sd_bits(SEC_DESC *psd)
  Can this user access with share with the required permissions ?
 ********************************************************************/
 
-BOOL share_access_check(int snum, uint16 vuid, uint32 desired_access)
+BOOL share_access_check(connection_struct *conn, int snum, uint16 vuid, uint32 desired_access)
 {
 	uint32 granted, status;
 	TALLOC_CTX *mem_ctx = NULL;
@@ -313,17 +313,25 @@ BOOL share_access_check(int snum, uint16 vuid, uint32 desired_access)
 	if (!psd)
 		goto out;
 
+	ZERO_STRUCT(tmp_user);
 	if (vuser) {
-		ZERO_STRUCT(tmp_user);
 		tmp_user.vuid = vuid;
 		tmp_user.uid = vuser->uid;
 		tmp_user.gid = vuser->gid;
 		tmp_user.ngroups = vuser->n_groups;
 		tmp_user.groups = vuser->groups;
 		tmp_user.nt_user_token = vuser->nt_user_token;
-		puser = &tmp_user;
+	} else {
+		tmp_user.vuid = vuid;
+		tmp_user.uid = conn->uid;
+		tmp_user.gid = conn->gid;
+		tmp_user.ngroups = conn->ngroups;
+		tmp_user.groups = conn->groups;
+		tmp_user.nt_user_token = conn->nt_user_token;
 	}
 
+	puser = &tmp_user;
+
 	ret = se_access_check(psd, puser, desired_access, &granted, &status);
 
   out:
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 11ae11054a..507d07cc42 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -343,28 +343,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int
 
 	conn->read_only = lp_readonly(snum);
 
-	/*
-	 * New code to check if there's a share security descripter
-	 * added from NT server manager. This is an additional check
-	 * before the smb.conf checks are done. JRA.
-	 */
-
-	{
-		BOOL can_write = share_access_check(snum, vuid, FILE_WRITE_DATA);
-
-		if (!can_write) {
-			if (!share_access_check(snum, vuid, FILE_READ_DATA)) {
-				/* No access, read or write. */
-				*ecode = ERRaccess;
-				DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n",
-					service ));
-				conn_free(conn);
-				return NULL;
-			} else {
-				conn->read_only = True;
-			}
-		}
-	}
 
 	{
 		pstring list;
@@ -527,6 +505,28 @@ connection_struct *make_connection(char *service,char *user,char *password, int
 					      conn->ngroups, conn->groups,
 					      guest);
 
+	/*
+	 * New code to check if there's a share security descripter
+	 * added from NT server manager. This is done after the
+	 * smb.conf checks are done as we need a uid and token. JRA.
+	 */
+
+	{
+		BOOL can_write = share_access_check(conn, snum, vuid, FILE_WRITE_DATA);
+
+		if (!can_write) {
+			if (!share_access_check(conn, snum, vuid, FILE_READ_DATA)) {
+				/* No access, read or write. */
+				*ecode = ERRaccess;
+				DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n",
+					service ));
+				conn_free(conn);
+				return NULL;
+			} else {
+				conn->read_only = True;
+			}
+		}
+	}
 	/* Initialise VFS function pointers */
 
 	if (*lp_vfsobj(SNUM(conn))) {
-- 
cgit