s3: Replace calls to check_access by allow_access

We already have both the name and address of the client stored now

diff --git a/source3/lib/access.c b/source3/lib/access.c
index 98082184125ca8a1a195b77e939d2a644776ca07..00cdd5cd13c94627c654a8977b4f92e308e0bfd4 100644 (file)
--- a/source3/lib/access.c
+++ b/source3/lib/access.c
@@ -328,6 +328,10 @@ bool allow_access(const char **deny_list,
 
        ret = allow_access_internal(deny_list, allow_list, nc_cname, nc_caddr);
 
+       DEBUG(ret ? 3 : 0,
+             ("%s connection from %s (%s)\n",
+              ret ? "Allowed" : "Denied", nc_cname, nc_caddr));
+
        SAFE_FREE(nc_cname);
        SAFE_FREE(nc_caddr);
        return ret;

diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 46e47f595f580983529fbca03fe110d5959cc70e..287c720c59edf9bf26f16a1ba2cb2983748948cf 100644 (file)
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -1642,8 +1642,8 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
 
                /* check smb.conf parameters and the the sec_desc */
 
-               if ( !check_access(smbd_server_fd(), lp_hostsallow(snum),
-                                  lp_hostsdeny(snum)) ) {
+               if (!allow_access(lp_hostsdeny(snum), lp_hostsallow(snum),
+                                 p->client_id->name, p->client_id->addr)) {
                        DEBUG(3, ("access DENIED (hosts allow/deny) for printer open\n"));
                        ZERO_STRUCTP(r->out.handle);
                        return WERR_ACCESS_DENIED;

diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index d6acc829cf0f8f6d89aef19671a6bcef021e1932..126b6b797ee59462e7608538819ddc750d916ae3 100644 (file)
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1554,8 +1554,9 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in
        /* does this protocol need to be run as guest? */
        if ((flags & AS_GUEST)
            && (!change_to_guest() ||
-               !check_access(sconn->sock, lp_hostsallow(-1),
-                             lp_hostsdeny(-1)))) {
+               !allow_access(lp_hostsdeny(-1), lp_hostsallow(-1),
+                             sconn->client_id.name,
+                             sconn->client_id.addr))) {
                reply_nterror(req, NT_STATUS_ACCESS_DENIED);
                return conn;
        }
@@ -2982,8 +2983,9 @@ void smbd_process(struct smbd_server_connection *sconn)
         * the hosts allow list.
         */
 
-       if (!check_access(sconn->sock, lp_hostsallow(-1),
-                         lp_hostsdeny(-1))) {
+       if (!allow_access(lp_hostsdeny(-1), lp_hostsallow(-1),
+                         sconn->client_id.name,
+                         sconn->client_id.addr)) {
                /*
                 * send a negative session response "not listening on calling
                 * name"

diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index ef74b397c37c3f872a85f64824bfda4f213fa88d..d39557285629501bf8717a57ffaf737d540ae5d0 100644 (file)
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -424,11 +424,12 @@ int find_service(fstring service)
  This function modifies dev, ecode.
 ****************************************************************************/
 
-static NTSTATUS share_sanity_checks(int server_sock, int snum, fstring dev)
+static NTSTATUS share_sanity_checks(struct client_address *client_id, int snum,
+                                   fstring dev)
 {
        if (!lp_snum_ok(snum) || 
-           !check_access(server_sock,
-                         lp_hostsallow(snum), lp_hostsdeny(snum))) {    
+           !allow_access(lp_hostsdeny(snum), lp_hostsallow(snum),
+                         client_id->name, client_id->addr)) {
                return NT_STATUS_ACCESS_DENIED;
        }
 
@@ -658,7 +659,7 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
 
        fstrcpy(dev, pdev);
 
-       *pstatus = share_sanity_checks(sconn->sock, snum, dev);
+       *pstatus = share_sanity_checks(&sconn->client_id, snum, dev);
        if (NT_STATUS_IS_ERR(*pstatus)) {
                goto err_root_exit;
        }