Factor code out of check_user_ok() into a call to check_user_share_access().
authorJeremy Allison <jra@samba.org>
Fri, 4 Jan 2013 22:35:46 +0000 (14:35 -0800)
committerAndrew Bartlett <abartlet@samba.org>
Wed, 9 Jan 2013 04:29:29 +0000 (15:29 +1100)
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source3/smbd/uid.c

index 9802056..efdd824 100644 (file)
@@ -151,6 +151,7 @@ static bool check_user_ok(connection_struct *conn,
        bool admin_user = false;
        struct vuid_cache_entry *ent = NULL;
        uint32_t share_access = 0;
+       NTSTATUS status;
 
        for (i=0; i<VUID_CACHE_SIZE; i++) {
                ent = &conn->vuid_cache->array[i];
@@ -163,40 +164,12 @@ static bool check_user_ok(connection_struct *conn,
                }
        }
 
-       if (!user_ok_token(session_info->unix_info->unix_name,
-                          session_info->info->domain_name,
-                          session_info->security_token, snum))
-               return(False);
-
-       readonly_share = is_share_read_only_for_token(
-               session_info->unix_info->unix_name,
-               session_info->info->domain_name,
-               session_info->security_token,
-               conn);
-
-       share_access = create_share_access_mask(snum,
-                                               readonly_share,
-                                               session_info->security_token);
-
-       if ((share_access & FILE_WRITE_DATA) == 0) {
-               if ((share_access & FILE_READ_DATA) == 0) {
-                       /* No access, read or write. */
-                       DEBUG(0,("user %s connection to %s "
-                               "denied due to share security "
-                               "descriptor.\n",
-                               session_info->unix_info->unix_name,
-                               lp_servicename(talloc_tos(), snum)));
-                       return false;
-               }
-       }
-
-       if (!readonly_share &&
-           !(share_access & FILE_WRITE_DATA)) {
-               /* smb.conf allows r/w, but the security descriptor denies
-                * write. Fall back to looking at readonly. */
-               readonly_share = True;
-               DEBUG(5,("falling back to read-only access-evaluation due to "
-                        "security descriptor\n"));
+       status = check_user_share_access(conn,
+                                       session_info,
+                                       &share_access,
+                                       &readonly_share);
+       if (!NT_STATUS_IS_OK(status)) {
+               return false;
        }
 
        admin_user = token_contains_name_in_list(