s3: Calculate&store the maximum share access mask

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/include/smb.h b/source3/include/smb.h
index a72e9ad29ae57e24d1572445a938d6987b47d321..4319a1056d3396248cb223414abaebdcfa622dee 100644 (file)
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -402,6 +402,7 @@ typedef struct connection_struct {
        bool printer;
        bool ipc;
        bool read_only; /* Attributes for the current user of the share. */
+       uint32_t share_access;
        /* Does this filesystem honor
           sub second timestamps on files
           and directories when setting time ? */

diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index c1d4dd1799be240a959e1c551711212c7e4bcfba..5c410be02a68e47443d874298d8edac80bfff23f 100644 (file)
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -641,28 +641,21 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
         *
         */
 
-       {
-               bool can_write = False;
-
-               can_write = share_access_check(
-                       conn->session_info->security_token,
-                       lp_servicename(snum), FILE_WRITE_DATA, NULL);
-
-               if (!can_write) {
-                       if (!share_access_check(
-                                   conn->session_info->security_token,
-                                   lp_servicename(snum), FILE_READ_DATA,
-                                   NULL)) {
-                               /* No access, read or write. */
-                               DEBUG(0,("make_connection: connection to %s "
-                                        "denied due to security "
-                                        "descriptor.\n",
-                                         lp_servicename(snum)));
-                               *pstatus = NT_STATUS_ACCESS_DENIED;
-                               goto err_root_exit;
-                       } else {
-                               conn->read_only = True;
-                       }
+       share_access_check(conn->session_info->security_token,
+                          lp_servicename(snum), MAXIMUM_ALLOWED_ACCESS,
+                          &conn->share_access);
+
+       if ((conn->share_access & FILE_WRITE_DATA) == 0) {
+               if ((conn->share_access & FILE_READ_DATA) == 0) {
+                       /* No access, read or write. */
+                       DEBUG(0,("make_connection: connection to %s "
+                                "denied due to security "
+                                "descriptor.\n",
+                                lp_servicename(snum)));
+                       *pstatus = NT_STATUS_ACCESS_DENIED;
+                       goto err_root_exit;
+               } else {
+                       conn->read_only = True;
                }
        }
        /* Initialise VFS function pointers */