Simplify processing of "admin user". If a user is an admin_user ensure their conn token is uid 0.

This simplifies change_to_user() and removes special processing of the assignments
we pass to set_sec_ctx().

Jeremy.

1 files changed, 14 insertions, 15 deletions

diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 5e3b84da50..9dc354bf5a 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -167,6 +167,9 @@ static bool check_user_ok(connection_struct *conn,
 
 	conn->read_only = readonly_share;
 	conn->admin_user = admin_user;
+	if (conn->admin_user) {
+		conn->server_info->utok.uid = sec_initial_uid();
+	}
 
 	return(True);
 }
@@ -278,26 +281,22 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
 		return false;
 	}
 
+	/* security = share sets force_user. */
+	if (!conn->force_user && !vuser) {
+		DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
+			"share %s.\n",vuid, lp_servicename(snum) ));
+		return False;
+	}
+
 	/*
 	 * conn->server_info is now correctly set up with a copy we can mess
 	 * with for force_group etc.
 	 */
 
-	if (conn->force_user) /* security = share sets this too */ {
-		uid = conn->server_info->utok.uid;
-		gid = conn->server_info->utok.gid;
-	        group_list = conn->server_info->utok.groups;
-		num_groups = conn->server_info->utok.ngroups;
-	} else if (vuser) {
-		uid = conn->admin_user ? 0 : vuser->server_info->utok.uid;
-		gid = conn->server_info->utok.gid;
-		num_groups = conn->server_info->utok.ngroups;
-		group_list  = conn->server_info->utok.groups;
-	} else {
-		DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
-			 "share %s.\n",vuid, lp_servicename(snum) ));
-		return False;
-	}
+	uid = conn->server_info->utok.uid;
+	gid = conn->server_info->utok.gid;
+	num_groups = conn->server_info->utok.ngroups;
+	group_list  = conn->server_info->utok.groups;
 
 	/*
 	 * See if we should force group for this service.