From: Jeremy Allison Date: Fri, 4 Jan 2013 22:42:23 +0000 (-0800) Subject: Move create_share_access_mask() from smbd/service.c to smbd/uid.c. X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=b668c9077ba9005988146e8b1ee853ce8a6f33a4;p=metze%2Fsamba%2Fwip.git Move create_share_access_mask() from smbd/service.c to smbd/uid.c. Make it static. Only called from uid.c now. Signed-off-by: Jeremy Allison Reviewed-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index e8ee8733a4ac..772730203f4b 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -979,9 +979,6 @@ void smbd_exit_server_cleanly(const char *const reason) _NORETURN_; bool set_conn_connectpath(connection_struct *conn, const char *connectpath); NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum); -uint32_t create_share_access_mask(int snum, - bool readonly_share, - const struct security_token *token); bool set_current_service(connection_struct *conn, uint16 flags, bool do_chdir); void load_registry_shares(void); int add_home_service(const char *service, const char *username, const char *homedir); diff --git a/source3/smbd/service.c b/source3/smbd/service.c index fabc5a36ac8e..8f6d4859b082 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -511,44 +511,6 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum) return NT_STATUS_OK; } -/**************************************************************************** - Setup the share access mask for a connection. -****************************************************************************/ - -uint32_t create_share_access_mask(int snum, - bool readonly_share, - const struct security_token *token) -{ - uint32_t share_access = 0; - - share_access_check(token, - lp_servicename(talloc_tos(), snum), - MAXIMUM_ALLOWED_ACCESS, - &share_access); - - if (readonly_share) { - share_access &= - ~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | - SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE | - SEC_DIR_DELETE_CHILD ); - } - - if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) { - share_access |= SEC_FLAG_SYSTEM_SECURITY; - } - if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) { - share_access |= (SEC_RIGHTS_PRIV_RESTORE); - } - if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) { - share_access |= (SEC_RIGHTS_PRIV_BACKUP); - } - if (security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) { - share_access |= (SEC_STD_WRITE_OWNER); - } - - return share_access; -} - /**************************************************************************** Make a connection, given the snum to connect to, and the vuser of the connecting user if appropriate. diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index efdd82434207..b9cebce71acc 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -78,6 +78,44 @@ static void free_conn_session_info_if_unused(connection_struct *conn) TALLOC_FREE(conn->session_info); } +/**************************************************************************** + Setup the share access mask for a connection. +****************************************************************************/ + +static uint32_t create_share_access_mask(int snum, + bool readonly_share, + const struct security_token *token) +{ + uint32_t share_access = 0; + + share_access_check(token, + lp_servicename(talloc_tos(), snum), + MAXIMUM_ALLOWED_ACCESS, + &share_access); + + if (readonly_share) { + share_access &= + ~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | + SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE | + SEC_DIR_DELETE_CHILD ); + } + + if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) { + share_access |= SEC_FLAG_SYSTEM_SECURITY; + } + if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) { + share_access |= (SEC_RIGHTS_PRIV_RESTORE); + } + if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) { + share_access |= (SEC_RIGHTS_PRIV_BACKUP); + } + if (security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) { + share_access |= (SEC_STD_WRITE_OWNER); + } + + return share_access; +} + /******************************************************************* Calculate access mask and if this user can access this share. ********************************************************************/