Can this user access with share with the required permissions ?
********************************************************************/
-BOOL share_access_check(connection_struct *conn, int snum, user_struct *vuser, uint32 desired_access)
+BOOL share_access_check(const NT_USER_TOKEN *token, const char *sharename,
+ uint32 desired_access)
{
uint32 granted;
NTSTATUS status;
TALLOC_CTX *mem_ctx = NULL;
SEC_DESC *psd = NULL;
size_t sd_size;
- NT_USER_TOKEN *token = NULL;
BOOL ret = True;
- mem_ctx = talloc_init("share_access_check");
- if (mem_ctx == NULL)
+ if (!(mem_ctx = talloc_init("share_access_check"))) {
return False;
+ }
- psd = get_share_security(mem_ctx, lp_servicename(snum), &sd_size);
-
- if (!psd)
- goto out;
+ psd = get_share_security(mem_ctx, sharename, &sd_size);
- if (conn->nt_user_token)
- token = conn->nt_user_token;
- else
- token = vuser->nt_user_token;
+ if (!psd) {
+ TALLOC_FREE(mem_ctx);
+ return True;
+ }
ret = se_access_check(psd, token, desired_access, &granted, &status);
-out:
-
talloc_destroy(mem_ctx);
-
return ret;
}
*/
{
- BOOL can_write = share_access_check(conn, snum, vuser,
+ NT_USER_TOKEN *token = conn->nt_user_token ?
+ conn->nt_user_token : vuser->nt_user_token;
+
+ BOOL can_write = share_access_check(token,
+ lp_servicename(snum),
FILE_WRITE_DATA);
if (!can_write) {
- if (!share_access_check(conn, snum, vuser,
+ if (!share_access_check(token,
+ lp_servicename(snum),
FILE_READ_DATA)) {
/* No access, read or write. */
DEBUG(0,("make_connection: connection to %s "
unsigned int i;
struct vuid_cache_entry *ent = NULL;
BOOL readonly_share;
+ NT_USER_TOKEN *token;
for (i=0;i<conn->vuid_cache.entries && i< VUID_CACHE_SIZE;i++) {
if (conn->vuid_cache.array[i].vuid == vuser->vuid) {
vuser->nt_user_token,
SNUM(conn));
+ token = conn->nt_user_token ?
+ conn->nt_user_token : vuser->nt_user_token;
+
if (!readonly_share &&
- !share_access_check(conn, snum, vuser, FILE_WRITE_DATA)) {
+ !share_access_check(token, lp_servicename(snum),
+ FILE_WRITE_DATA)) {
/* smb.conf allows r/w, but the security descriptor denies
* write. Fall back to looking at readonly. */
readonly_share = True;
"security descriptor\n"));
}
- if (!share_access_check(conn, snum, vuser,
+ if (!share_access_check(token, lp_servicename(snum),
readonly_share ?
FILE_READ_DATA : FILE_WRITE_DATA)) {
return False;
git.samba.org / jerry / samba.git / commitdiff