1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-27 14:04:05 +03:00

Slight refactoring for check_user_ok: It only needs vuid and server_info

(This used to be commit 68944ea1ea7a0a63b08cbfc703f5ee29d2627696)
This commit is contained in:
Volker Lendecke 2008-06-14 16:55:02 +02:00
parent ee6ee96af2
commit 82d4806ce6

View File

@ -61,7 +61,9 @@ bool change_to_guest(void)
later code can then mess with. later code can then mess with.
********************************************************************/ ********************************************************************/
static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum) static bool check_user_ok(connection_struct *conn, uint16_t vuid,
struct auth_serversupplied_info *server_info,
int snum)
{ {
unsigned int i; unsigned int i;
struct vuid_cache_entry *ent = NULL; struct vuid_cache_entry *ent = NULL;
@ -70,7 +72,7 @@ static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
for (i=0; i<VUID_CACHE_SIZE; i++) { for (i=0; i<VUID_CACHE_SIZE; i++) {
ent = &conn->vuid_cache.array[i]; ent = &conn->vuid_cache.array[i];
if (ent->vuid == vuser->vuid) { if (ent->vuid == vuid) {
conn->server_info = ent->server_info; conn->server_info = ent->server_info;
conn->read_only = ent->read_only; conn->read_only = ent->read_only;
conn->admin_user = ent->admin_user; conn->admin_user = ent->admin_user;
@ -78,20 +80,18 @@ static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
} }
} }
if (!user_ok_token(vuser->server_info->unix_name, if (!user_ok_token(server_info->unix_name,
pdb_get_domain(vuser->server_info->sam_account), pdb_get_domain(server_info->sam_account),
vuser->server_info->ptok, server_info->ptok, snum))
snum))
return(False); return(False);
readonly_share = is_share_read_only_for_token( readonly_share = is_share_read_only_for_token(
vuser->server_info->unix_name, server_info->unix_name,
pdb_get_domain(vuser->server_info->sam_account), pdb_get_domain(server_info->sam_account),
vuser->server_info->ptok, server_info->ptok, snum);
snum);
if (!readonly_share && if (!readonly_share &&
!share_access_check(vuser->server_info->ptok, lp_servicename(snum), !share_access_check(server_info->ptok, lp_servicename(snum),
FILE_WRITE_DATA)) { FILE_WRITE_DATA)) {
/* smb.conf allows r/w, but the security descriptor denies /* smb.conf allows r/w, but the security descriptor denies
* write. Fall back to looking at readonly. */ * write. Fall back to looking at readonly. */
@ -100,17 +100,16 @@ static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
"security descriptor\n")); "security descriptor\n"));
} }
if (!share_access_check(vuser->server_info->ptok, lp_servicename(snum), if (!share_access_check(server_info->ptok, lp_servicename(snum),
readonly_share ? readonly_share ?
FILE_READ_DATA : FILE_WRITE_DATA)) { FILE_READ_DATA : FILE_WRITE_DATA)) {
return False; return False;
} }
admin_user = token_contains_name_in_list( admin_user = token_contains_name_in_list(
vuser->server_info->unix_name, server_info->unix_name,
pdb_get_domain(vuser->server_info->sam_account), pdb_get_domain(server_info->sam_account),
NULL, vuser->server_info->ptok, NULL, server_info->ptok, lp_admin_users(snum));
lp_admin_users(snum));
ent = &conn->vuid_cache.array[conn->vuid_cache.next_entry]; ent = &conn->vuid_cache.array[conn->vuid_cache.next_entry];
@ -125,15 +124,14 @@ static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
*/ */
ent->server_info = copy_serverinfo( ent->server_info = copy_serverinfo(
conn, conn, conn->force_user ? conn->server_info : server_info);
conn->force_user ? conn->server_info : vuser->server_info);
if (ent->server_info == NULL) { if (ent->server_info == NULL) {
ent->vuid = UID_FIELD_INVALID; ent->vuid = UID_FIELD_INVALID;
return false; return false;
} }
ent->vuid = vuser->vuid; ent->vuid = vuid;
ent->read_only = readonly_share; ent->read_only = readonly_share;
ent->admin_user = admin_user; ent->admin_user = admin_user;
@ -186,7 +184,7 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
snum = SNUM(conn); snum = SNUM(conn);
if ((vuser) && !check_user_ok(conn, vuser, snum)) { if ((vuser) && !check_user_ok(conn, vuid, vuser->server_info, snum)) {
DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) " DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
"not permitted access to share %s.\n", "not permitted access to share %s.\n",
vuser->server_info->sanitized_username, vuser->server_info->sanitized_username,