mirror of
https://github.com/samba-team/samba.git
synced 2025-01-12 09:18:10 +03:00
Fix bug #9518 - conn->share_access appears not be be reset between users.
Ensure make_connection_snum() uses the same logic as check_user_ok() to decide if a user can access a share. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
1abb5eb89b
commit
86d1e1db8e
@ -652,29 +652,17 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn,
|
||||
}
|
||||
|
||||
/*
|
||||
* New code to check if there's a share security descripter
|
||||
* added from NT server manager. This is done after the
|
||||
* smb.conf checks are done as we need a uid and token. JRA.
|
||||
*
|
||||
* Set up the share security descripter
|
||||
*/
|
||||
|
||||
conn->share_access = create_share_access_mask(snum,
|
||||
!CAN_WRITE(conn),
|
||||
conn->session_info->security_token);
|
||||
|
||||
if ((conn->share_access & FILE_WRITE_DATA) == 0) {
|
||||
if ((conn->share_access & FILE_READ_DATA) == 0) {
|
||||
/* No access, read or write. */
|
||||
DEBUG(0,("make_connection: connection to %s "
|
||||
"denied due to security "
|
||||
"descriptor.\n",
|
||||
lp_servicename(talloc_tos(), snum)));
|
||||
status = NT_STATUS_ACCESS_DENIED;
|
||||
goto err_root_exit;
|
||||
} else {
|
||||
conn->read_only = True;
|
||||
}
|
||||
status = check_user_share_access(conn,
|
||||
conn->session_info,
|
||||
&conn->share_access,
|
||||
&conn->read_only);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
goto err_root_exit;
|
||||
}
|
||||
|
||||
/* Initialise VFS function pointers */
|
||||
|
||||
if (!smbd_vfs_init(conn)) {
|
||||
|
Loading…
Reference in New Issue
Block a user