Fix bug #9518 - conn->share_access appears not be be reset between users.

Ensure make_connection_snum() uses the same logic as
check_user_ok() to decide if a user can access a share.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

source3/smbd/service.c

@@ -652,29 +652,17 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn,
 	}
 
 	/*
-	 * New code to check if there's a share security descripter
+	 * Set up the share security descripter
-	 * added from NT server manager. This is done after the
-	 * smb.conf checks are done as we need a uid and token. JRA.
-	 *
 	 */
 
-	conn->share_access = create_share_access_mask(snum,
+	status = check_user_share_access(conn,
-					!CAN_WRITE(conn),
+					conn->session_info,
-					conn->session_info->security_token);
+					&conn->share_access,
-
+					&conn->read_only);
-	if ((conn->share_access & FILE_WRITE_DATA) == 0) {
+	if (!NT_STATUS_IS_OK(status)) {
-		if ((conn->share_access & FILE_READ_DATA) == 0) {
+		goto err_root_exit;
-			/* No access, read or write. */
-			DEBUG(0,("make_connection: connection to %s "
-				 "denied due to security "
-				 "descriptor.\n",
-				 lp_servicename(talloc_tos(), snum)));
-			status = NT_STATUS_ACCESS_DENIED;
-			goto err_root_exit;
-		} else {
-			conn->read_only = True;
-		}
 	}
+
 	/* Initialise VFS function pointers */
 
 	if (!smbd_vfs_init(conn)) {