summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2004-05-18 00:26:06 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:51:36 -0500
commit49f95e6d27ac9476e8308e53629e8ae4908957c6 (patch)
tree7e43e6f0404af579d693d49b3880a7fcb722ee18
parent8b9a044b58cfcf070d5158ffc4533d2a27226e44 (diff)
downloadsamba-49f95e6d27ac9476e8308e53629e8ae4908957c6.tar.gz
samba-49f95e6d27ac9476e8308e53629e8ae4908957c6.tar.bz2
samba-49f95e6d27ac9476e8308e53629e8ae4908957c6.zip
r762: Fix for #1319 when security > share.
Jeremy. (This used to be commit 9fe2240d6b68a2f8a495df585d69ae20c9825d77)
-rw-r--r--source3/smbd/uid.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 3859298055..e1864c74ca 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -189,20 +189,26 @@ BOOL change_to_user(connection_struct *conn, uint16 vuid)
snum = SNUM(conn);
+ if ((vuser) && !check_user_ok(conn, vuser, snum)) {
+ DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) not permitted access to share %s.\n",
+ vuser->user.smb_name, vuser->user.unix_name, vuid, lp_servicename(snum)));
+ return False;
+ }
+
if (conn->force_user) /* security = share sets this too */ {
uid = conn->uid;
gid = conn->gid;
current_user.groups = conn->groups;
current_user.ngroups = conn->ngroups;
token = conn->nt_user_token;
- } else if ((vuser) && check_user_ok(conn, vuser, snum)) {
+ } else if (vuser) {
uid = conn->admin_user ? 0 : vuser->uid;
gid = vuser->gid;
current_user.ngroups = vuser->n_groups;
current_user.groups = vuser->groups;
token = vuser->nt_user_token;
} else {
- DEBUG(2,("change_to_user: Invalid vuid used %d or vuid not permitted access to share.\n",vuid));
+ DEBUG(2,("change_to_user: Invalid vuid used %d in accessing share %s.\n",vuid, lp_servicename(snum) ));
return False;
}