size_t *psize);
bool set_share_security(const char *share_name, struct security_descriptor *psd);
bool delete_share_security(const char *servicename);
-bool share_access_check(const struct security_token *token, const char *sharename,
- uint32 desired_access);
+bool share_access_check(const struct security_token *token,
+ const char *sharename,
+ uint32 desired_access,
+ uint32_t *pgranted);
bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, struct security_descriptor **ppsd);
/* The following definitions come from lib/smbrun.c */
Can this user access with share with the required permissions ?
********************************************************************/
-bool share_access_check(const struct security_token *token, const char *sharename,
- uint32 desired_access)
+bool share_access_check(const struct security_token *token,
+ const char *sharename,
+ uint32 desired_access,
+ uint32_t *pgranted)
{
uint32 granted;
NTSTATUS status;
TALLOC_FREE(psd);
+ if (pgranted != NULL) {
+ *pgranted = granted;
+ }
+
return NT_STATUS_IS_OK(status);
}
if (!lp_access_based_share_enum(snum))
return true;
- return share_access_check(p->session_info->security_token, lp_servicename(snum),
- FILE_READ_DATA);
+ return share_access_check(p->session_info->security_token,
+ lp_servicename(snum), FILE_READ_DATA, NULL);
}
/*******************************************************************
{
bool can_write = False;
- can_write = share_access_check(conn->session_info->security_token,
- lp_servicename(snum),
- FILE_WRITE_DATA);
+ can_write = share_access_check(
+ conn->session_info->security_token,
+ lp_servicename(snum), FILE_WRITE_DATA, NULL);
if (!can_write) {
- if (!share_access_check(conn->session_info->security_token,
- lp_servicename(snum),
- FILE_READ_DATA)) {
+ if (!share_access_check(
+ conn->session_info->security_token,
+ lp_servicename(snum), FILE_READ_DATA,
+ NULL)) {
/* No access, read or write. */
DEBUG(0,("make_connection: connection to %s "
"denied due to security "
conn);
if (!readonly_share &&
- !share_access_check(session_info->security_token, lp_servicename(snum),
- FILE_WRITE_DATA)) {
+ !share_access_check(session_info->security_token,
+ lp_servicename(snum), FILE_WRITE_DATA,
+ NULL)) {
/* smb.conf allows r/w, but the security descriptor denies
* write. Fall back to looking at readonly. */
readonly_share = True;
"security descriptor\n"));
}
- if (!share_access_check(session_info->security_token, lp_servicename(snum),
+ if (!share_access_check(session_info->security_token,
+ lp_servicename(snum),
readonly_share ?
- FILE_READ_DATA : FILE_WRITE_DATA)) {
+ FILE_READ_DATA : FILE_WRITE_DATA,
+ NULL)) {
return False;
}