*/
#include "includes.h"
+#include "smbd/globals.h"
+#include "../libcli/security/security.h"
/*
* No prefix means direct username
* + and & may be combined
*/
-extern userdom_struct current_user_info;
-
static bool do_group_checks(const char **name, const char **pattern)
{
if ((*name)[0] == '@') {
static bool token_contains_name(TALLOC_CTX *mem_ctx,
const char *username,
+ const char *domain,
const char *sharename,
- const struct nt_user_token *token,
+ const struct security_token *token,
const char *name)
{
const char *prefix;
- DOM_SID sid;
+ struct dom_sid sid;
enum lsa_SidType type;
if (username != NULL) {
- name = talloc_sub_basic(mem_ctx, username,
- current_user_info.domain, name);
+ name = talloc_sub_basic(mem_ctx, username, domain, name);
}
if (sharename != NULL) {
name = talloc_string_sub(mem_ctx, name, "%S", sharename);
continue;
}
if (*prefix == '&') {
- if (user_in_netgroup(username, name)) {
- return True;
+ if (username) {
+ if (user_in_netgroup(username, name)) {
+ return True;
+ }
}
continue;
}
*/
bool token_contains_name_in_list(const char *username,
+ const char *domain,
const char *sharename,
- const struct nt_user_token *token,
+ const struct security_token *token,
const char **list)
{
TALLOC_CTX *mem_ctx;
}
while (*list != NULL) {
- if (token_contains_name(mem_ctx, username, sharename,token, *list)) {
+ if (token_contains_name(mem_ctx, username, domain, sharename,
+ token, *list)) {
TALLOC_FREE(mem_ctx);
return True;
}
* The other use is the netgroup check when using @group or &group.
*/
-bool user_ok_token(const char *username, struct nt_user_token *token, int snum)
+bool user_ok_token(const char *username, const char *domain,
+ const struct security_token *token, int snum)
{
if (lp_invalid_users(snum) != NULL) {
- if (token_contains_name_in_list(username, lp_servicename(snum),
+ if (token_contains_name_in_list(username, domain,
+ lp_servicename(snum),
token,
lp_invalid_users(snum))) {
DEBUG(10, ("User %s in 'invalid users'\n", username));
}
if (lp_valid_users(snum) != NULL) {
- if (!token_contains_name_in_list(username,
+ if (!token_contains_name_in_list(username, domain,
lp_servicename(snum), token,
lp_valid_users(snum))) {
DEBUG(10, ("User %s not in 'valid users'\n",
DEBUG(0, ("'only user = yes' and no 'username ='\n"));
return False;
}
- if (!token_contains_name_in_list(NULL, lp_servicename(snum),
+ if (!token_contains_name_in_list(NULL, domain,
+ lp_servicename(snum),
token, list)) {
DEBUG(10, ("%s != 'username'\n", username));
return False;
*/
bool is_share_read_only_for_token(const char *username,
- struct nt_user_token *token, int snum)
+ const char *domain,
+ const struct security_token *token,
+ connection_struct *conn)
{
- bool result = lp_readonly(snum);
+ int snum = SNUM(conn);
+ bool result = conn->read_only;
if (lp_readlist(snum) != NULL) {
- if (token_contains_name_in_list(username,
+ if (token_contains_name_in_list(username, domain,
lp_servicename(snum), token,
lp_readlist(snum))) {
result = True;
}
if (lp_writelist(snum) != NULL) {
- if (token_contains_name_in_list(username,
+ if (token_contains_name_in_list(username, domain,
lp_servicename(snum), token,
lp_writelist(snum))) {
result = False;