1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

Move create_share_access_mask() from smbd/service.c to smbd/uid.c.

Make it static. Only called from uid.c now.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Jeremy Allison 2013-01-04 14:42:23 -08:00 committed by Andrew Bartlett
parent 86d1e1db8e
commit b668c9077b
3 changed files with 38 additions and 41 deletions

View File

@ -979,9 +979,6 @@ void smbd_exit_server_cleanly(const char *const reason) _NORETURN_;
bool set_conn_connectpath(connection_struct *conn, const char *connectpath);
NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum);
uint32_t create_share_access_mask(int snum,
bool readonly_share,
const struct security_token *token);
bool set_current_service(connection_struct *conn, uint16 flags, bool do_chdir);
void load_registry_shares(void);
int add_home_service(const char *service, const char *username, const char *homedir);

View File

@ -511,44 +511,6 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum)
return NT_STATUS_OK;
}
/****************************************************************************
Setup the share access mask for a connection.
****************************************************************************/
uint32_t create_share_access_mask(int snum,
bool readonly_share,
const struct security_token *token)
{
uint32_t share_access = 0;
share_access_check(token,
lp_servicename(talloc_tos(), snum),
MAXIMUM_ALLOWED_ACCESS,
&share_access);
if (readonly_share) {
share_access &=
~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
SEC_DIR_DELETE_CHILD );
}
if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
share_access |= SEC_FLAG_SYSTEM_SECURITY;
}
if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
share_access |= (SEC_RIGHTS_PRIV_RESTORE);
}
if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
share_access |= (SEC_RIGHTS_PRIV_BACKUP);
}
if (security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
share_access |= (SEC_STD_WRITE_OWNER);
}
return share_access;
}
/****************************************************************************
Make a connection, given the snum to connect to, and the vuser of the
connecting user if appropriate.

View File

@ -78,6 +78,44 @@ static void free_conn_session_info_if_unused(connection_struct *conn)
TALLOC_FREE(conn->session_info);
}
/****************************************************************************
Setup the share access mask for a connection.
****************************************************************************/
static uint32_t create_share_access_mask(int snum,
bool readonly_share,
const struct security_token *token)
{
uint32_t share_access = 0;
share_access_check(token,
lp_servicename(talloc_tos(), snum),
MAXIMUM_ALLOWED_ACCESS,
&share_access);
if (readonly_share) {
share_access &=
~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
SEC_DIR_DELETE_CHILD );
}
if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
share_access |= SEC_FLAG_SYSTEM_SECURITY;
}
if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
share_access |= (SEC_RIGHTS_PRIV_RESTORE);
}
if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
share_access |= (SEC_RIGHTS_PRIV_BACKUP);
}
if (security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
share_access |= (SEC_STD_WRITE_OWNER);
}
return share_access;
}
/*******************************************************************
Calculate access mask and if this user can access this share.
********************************************************************/