1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

Fix bug #9518 - conn->share_access appears not be be reset between users.

Ensure make_connection_snum() uses the same logic as
check_user_ok() to decide if a user can access a share.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Jeremy Allison 2013-01-04 14:40:05 -08:00 committed by Andrew Bartlett
parent 1abb5eb89b
commit 86d1e1db8e

View File

@ -652,29 +652,17 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn,
}
/*
* New code to check if there's a share security descripter
* added from NT server manager. This is done after the
* smb.conf checks are done as we need a uid and token. JRA.
*
* Set up the share security descripter
*/
conn->share_access = create_share_access_mask(snum,
!CAN_WRITE(conn),
conn->session_info->security_token);
if ((conn->share_access & FILE_WRITE_DATA) == 0) {
if ((conn->share_access & FILE_READ_DATA) == 0) {
/* No access, read or write. */
DEBUG(0,("make_connection: connection to %s "
"denied due to security "
"descriptor.\n",
lp_servicename(talloc_tos(), snum)));
status = NT_STATUS_ACCESS_DENIED;
goto err_root_exit;
} else {
conn->read_only = True;
}
status = check_user_share_access(conn,
conn->session_info,
&conn->share_access,
&conn->read_only);
if (!NT_STATUS_IS_OK(status)) {
goto err_root_exit;
}
/* Initialise VFS function pointers */
if (!smbd_vfs_init(conn)) {