s3: Return "granted" from share_access_check

Signed-off-by: Stefan Metzmacher <metze@samba.org>

source3/include/proto.h

@@ -244,8 +244,10 @@ struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *ser
 			      size_t *psize);
 bool set_share_security(const char *share_name, struct security_descriptor *psd);
 bool delete_share_security(const char *servicename);
-bool share_access_check(const struct security_token *token, const char *sharename,
-			uint32 desired_access);
+bool share_access_check(const struct security_token *token,
+			const char *sharename,
+			uint32 desired_access,
+			uint32_t *pgranted);
 bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, struct security_descriptor **ppsd);
 
 /* The following definitions come from lib/smbrun.c  */

source3/lib/sharesec.c

@@ -410,8 +410,10 @@ bool delete_share_security(const char *servicename)
  Can this user access with share with the required permissions ?
 ********************************************************************/
 
-bool share_access_check(const struct security_token *token, const char *sharename,
-			uint32 desired_access)
+bool share_access_check(const struct security_token *token,
+			const char *sharename,
+			uint32 desired_access,
+			uint32_t *pgranted)
 {
 	uint32 granted;
 	NTSTATUS status;
@@ -428,6 +430,10 @@ bool share_access_check(const struct security_token *token, const char *sharenam
 
 	TALLOC_FREE(psd);
 
+	if (pgranted != NULL) {
+		*pgranted = granted;
+	}
+
 	return NT_STATUS_IS_OK(status);
 }
 

source3/rpc_server/srvsvc/srv_srvsvc_nt.c

@@ -541,8 +541,8 @@ static bool is_enumeration_allowed(struct pipes_struct *p,
     if (!lp_access_based_share_enum(snum))
         return true;
 
-    return share_access_check(p->session_info->security_token, lp_servicename(snum),
-                              FILE_READ_DATA);
+    return share_access_check(p->session_info->security_token,
+			      lp_servicename(snum), FILE_READ_DATA, NULL);
 }
 
 /*******************************************************************

source3/smbd/service.c

@@ -644,14 +644,15 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
 	{
 		bool can_write = False;
 
-		can_write = share_access_check(conn->session_info->security_token,
-					       lp_servicename(snum),
-					       FILE_WRITE_DATA);
+		can_write = share_access_check(
+			conn->session_info->security_token,
+			lp_servicename(snum), FILE_WRITE_DATA, NULL);
 
 		if (!can_write) {
-			if (!share_access_check(conn->session_info->security_token,
-						lp_servicename(snum),
-						FILE_READ_DATA)) {
+			if (!share_access_check(
+				    conn->session_info->security_token,
+				    lp_servicename(snum), FILE_READ_DATA,
+				    NULL)) {
 				/* No access, read or write. */
 				DEBUG(0,("make_connection: connection to %s "
 					 "denied due to security "

source3/smbd/uid.c

@@ -121,8 +121,9 @@ static bool check_user_ok(connection_struct *conn,
 		conn);
 
 	if (!readonly_share &&
-	    !share_access_check(session_info->security_token, lp_servicename(snum),
-				FILE_WRITE_DATA)) {
+	    !share_access_check(session_info->security_token,
+				lp_servicename(snum), FILE_WRITE_DATA,
+				NULL)) {
 		/* smb.conf allows r/w, but the security descriptor denies
 		 * write. Fall back to looking at readonly. */
 		readonly_share = True;
@@ -130,9 +131,11 @@ static bool check_user_ok(connection_struct *conn,
 			 "security descriptor\n"));
 	}
 
-	if (!share_access_check(session_info->security_token, lp_servicename(snum),
+	if (!share_access_check(session_info->security_token,
+				lp_servicename(snum),
 				readonly_share ?
-				FILE_READ_DATA : FILE_WRITE_DATA)) {
+				FILE_READ_DATA : FILE_WRITE_DATA,
+				NULL)) {
 		return False;
 	}