From 86d1e1db8e2747e30c89627cda123fde1e84f579 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 4 Jan 2013 14:40:05 -0800 Subject: [PATCH] Fix bug #9518 - conn->share_access appears not be be reset between users. Ensure make_connection_snum() uses the same logic as check_user_ok() to decide if a user can access a share. Signed-off-by: Jeremy Allison Reviewed-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- source3/smbd/service.c | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 10f4b537db2..fabc5a36ac8 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -652,29 +652,17 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn, } /* - * New code to check if there's a share security descripter - * added from NT server manager. This is done after the - * smb.conf checks are done as we need a uid and token. JRA. - * + * Set up the share security descripter */ - conn->share_access = create_share_access_mask(snum, - !CAN_WRITE(conn), - conn->session_info->security_token); - - if ((conn->share_access & FILE_WRITE_DATA) == 0) { - if ((conn->share_access & FILE_READ_DATA) == 0) { - /* No access, read or write. */ - DEBUG(0,("make_connection: connection to %s " - "denied due to security " - "descriptor.\n", - lp_servicename(talloc_tos(), snum))); - status = NT_STATUS_ACCESS_DENIED; - goto err_root_exit; - } else { - conn->read_only = True; - } + status = check_user_share_access(conn, + conn->session_info, + &conn->share_access, + &conn->read_only); + if (!NT_STATUS_IS_OK(status)) { + goto err_root_exit; } + /* Initialise VFS function pointers */ if (!smbd_vfs_init(conn)) {