Removed global_myworkgroup, global_myname, global_myscope. Added liberal

[kai/samba-autobuild/.git] / source3 / smbd / uid.c

diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index a5083ce75d07344b061493c677c4b4fac690a16b..e2cc26e0aec5db798c3bfb8889fd8893f700b1e3 100644 (file)
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -49,6 +49,8 @@ BOOL change_to_guest(void)
        current_user.conn = NULL;
        current_user.vuid = UID_FIELD_INVALID;
        
+       passwd_free(&pass);
+
        return True;
 }
 
@@ -59,18 +61,26 @@ BOOL change_to_guest(void)
 static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
 {
        int i;
-       for (i=0;i<conn->uid_cache.entries;i++)
-               if (conn->uid_cache.list[i] == vuser->uid)
+       for (i=0;i<conn->vuid_cache.entries && i< VUID_CACHE_SIZE;i++)
+               if (conn->vuid_cache.list[i] == vuser->vuid)
                        return(True);
 
+       if ((conn->force_user || conn->force_group) 
+           && (conn->vuid != vuser->vuid)) {
+               return False;
+       }
+       
        if (!user_ok(vuser->user.unix_name,snum))
                return(False);
 
-       i = conn->uid_cache.entries % UID_CACHE_SIZE;
-       conn->uid_cache.list[i] = vuser->uid;
+       if (!share_access_check(conn, snum, vuser, conn->read_only ? FILE_READ_DATA : FILE_WRITE_DATA)) {
+               return False;
+       }
 
-       if (conn->uid_cache.entries < UID_CACHE_SIZE)
-               conn->uid_cache.entries++;
+       i = conn->vuid_cache.entries % VUID_CACHE_SIZE;
+       conn->vuid_cache.list[i] = vuser->vuid;
+
+       conn->vuid_cache.entries++;
 
        return(True);
 }
@@ -115,27 +125,21 @@ BOOL change_to_user(connection_struct *conn, uint16 vuid)
 
        snum = SNUM(conn);
 
-       if((vuser != NULL) && !check_user_ok(conn, vuser, snum))
-               return False;
-
-       if (conn->force_user || 
-               conn->admin_user ||
-           (lp_security() == SEC_SHARE)) {
+       if (conn->force_user) /* security = share sets this too */ {
                uid = conn->uid;
                gid = conn->gid;
                current_user.groups = conn->groups;
                current_user.ngroups = conn->ngroups;
                token = conn->nt_user_token;
-       } else {
-               if (!vuser) {
-                       DEBUG(2,("change_to_user: Invalid vuid used %d\n",vuid));
-                       return(False);
-               }
+       } else if ((vuser) && check_user_ok(conn, vuser, snum)) {
                uid = vuser->uid;
                gid = vuser->gid;
                current_user.ngroups = vuser->n_groups;
                current_user.groups  = vuser->groups;
                token = vuser->nt_user_token;
+       } else {
+               DEBUG(2,("change_to_user: Invalid vuid used %d or vuid not permitted access to share.\n",vuid));
+               return False;
        }
 
        /*
@@ -175,7 +179,11 @@ BOOL change_to_user(connection_struct *conn, uint16 vuid)
                if (vuser && vuser->guest)
                        is_guest = True;
 
-               token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups, is_guest, NULL);
+               token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups, is_guest);
+               if (!token) {
+                       DEBUG(1, ("change_to_user: create_nt_token failed!\n"));
+                       return False;
+               }
                must_free_token = True;
        }
        
@@ -437,8 +445,6 @@ void add_supplementary_nt_login_groups(int *n_groups, gid_t **pp_groups, NT_USER
 
 BOOL lookup_name(const char *domain, const char *name, DOM_SID *psid, enum SID_NAME_USE *name_type)
 {
-       extern pstring global_myname;
-       extern fstring global_myworkgroup;
        fstring sid;
        BOOL local_lookup = False;
        
@@ -447,11 +453,11 @@ BOOL lookup_name(const char *domain, const char *name, DOM_SID *psid, enum SID_N
        /* If we are looking up a domain user, make sure it is
           for the local machine only */
        
-       if (strequal(global_myname, domain)) {
+       if (strequal(global_myname(), domain)) {
                local_lookup = True;
        } else if (lp_server_role() == ROLE_DOMAIN_PDC || 
-                  lp_server_role() == ROLE_DOMAIN_PDC) {
-               if (strequal(domain, global_myworkgroup)) {
+                  lp_server_role() == ROLE_DOMAIN_BDC) {
+               if (strequal(domain, lp_workgroup())) {
                        local_lookup = True;
                }
        }
@@ -592,7 +598,7 @@ DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
  was done correctly, False if not. sidtype is set by this function.
 *****************************************************************/  
 
-BOOL sid_to_uid(DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
+BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
 {
        fstring sid_str;
 
@@ -668,7 +674,7 @@ BOOL sid_to_uid(DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
  was done correctly, False if not.
 *****************************************************************/  
 
-BOOL sid_to_gid(DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype)
+BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype)
 {
        fstring dom_name, name, sid_str;
        enum SID_NAME_USE name_type;