mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
Move create_share_access_mask() from smbd/service.c to smbd/uid.c.
Make it static. Only called from uid.c now. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
86d1e1db8e
commit
b668c9077b
@ -979,9 +979,6 @@ void smbd_exit_server_cleanly(const char *const reason) _NORETURN_;
|
||||
|
||||
bool set_conn_connectpath(connection_struct *conn, const char *connectpath);
|
||||
NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum);
|
||||
uint32_t create_share_access_mask(int snum,
|
||||
bool readonly_share,
|
||||
const struct security_token *token);
|
||||
bool set_current_service(connection_struct *conn, uint16 flags, bool do_chdir);
|
||||
void load_registry_shares(void);
|
||||
int add_home_service(const char *service, const char *username, const char *homedir);
|
||||
|
@ -511,44 +511,6 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum)
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Setup the share access mask for a connection.
|
||||
****************************************************************************/
|
||||
|
||||
uint32_t create_share_access_mask(int snum,
|
||||
bool readonly_share,
|
||||
const struct security_token *token)
|
||||
{
|
||||
uint32_t share_access = 0;
|
||||
|
||||
share_access_check(token,
|
||||
lp_servicename(talloc_tos(), snum),
|
||||
MAXIMUM_ALLOWED_ACCESS,
|
||||
&share_access);
|
||||
|
||||
if (readonly_share) {
|
||||
share_access &=
|
||||
~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
|
||||
SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
|
||||
SEC_DIR_DELETE_CHILD );
|
||||
}
|
||||
|
||||
if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
|
||||
share_access |= SEC_FLAG_SYSTEM_SECURITY;
|
||||
}
|
||||
if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
|
||||
share_access |= (SEC_RIGHTS_PRIV_RESTORE);
|
||||
}
|
||||
if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
|
||||
share_access |= (SEC_RIGHTS_PRIV_BACKUP);
|
||||
}
|
||||
if (security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
|
||||
share_access |= (SEC_STD_WRITE_OWNER);
|
||||
}
|
||||
|
||||
return share_access;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Make a connection, given the snum to connect to, and the vuser of the
|
||||
connecting user if appropriate.
|
||||
|
@ -78,6 +78,44 @@ static void free_conn_session_info_if_unused(connection_struct *conn)
|
||||
TALLOC_FREE(conn->session_info);
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Setup the share access mask for a connection.
|
||||
****************************************************************************/
|
||||
|
||||
static uint32_t create_share_access_mask(int snum,
|
||||
bool readonly_share,
|
||||
const struct security_token *token)
|
||||
{
|
||||
uint32_t share_access = 0;
|
||||
|
||||
share_access_check(token,
|
||||
lp_servicename(talloc_tos(), snum),
|
||||
MAXIMUM_ALLOWED_ACCESS,
|
||||
&share_access);
|
||||
|
||||
if (readonly_share) {
|
||||
share_access &=
|
||||
~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
|
||||
SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
|
||||
SEC_DIR_DELETE_CHILD );
|
||||
}
|
||||
|
||||
if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
|
||||
share_access |= SEC_FLAG_SYSTEM_SECURITY;
|
||||
}
|
||||
if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
|
||||
share_access |= (SEC_RIGHTS_PRIV_RESTORE);
|
||||
}
|
||||
if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
|
||||
share_access |= (SEC_RIGHTS_PRIV_BACKUP);
|
||||
}
|
||||
if (security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
|
||||
share_access |= (SEC_STD_WRITE_OWNER);
|
||||
}
|
||||
|
||||
return share_access;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Calculate access mask and if this user can access this share.
|
||||
********************************************************************/
|
||||
|
Loading…
Reference in New Issue
Block a user