summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2013-01-04 14:40:05 -0800
committerAndrew Bartlett <abartlet@samba.org>2013-01-09 15:29:32 +1100
commit86d1e1db8e2747e30c89627cda123fde1e84f579 (patch)
treeab5f49b20d28e9e24b366eed4f98034da1caa99c
parent1abb5eb89b97fab5a4c625f5492b7d26b7f17e98 (diff)
downloadsamba-86d1e1db8e2747e30c89627cda123fde1e84f579.tar.gz
samba-86d1e1db8e2747e30c89627cda123fde1e84f579.tar.bz2
samba-86d1e1db8e2747e30c89627cda123fde1e84f579.zip
Fix bug #9518 - conn->share_access appears not be be reset between users.
Ensure make_connection_snum() uses the same logic as check_user_ok() to decide if a user can access a share. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source3/smbd/service.c28
1 files changed, 8 insertions, 20 deletions
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 10f4b537db..fabc5a36ac 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -652,29 +652,17 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn,
}
/*
- * New code to check if there's a share security descripter
- * added from NT server manager. This is done after the
- * smb.conf checks are done as we need a uid and token. JRA.
- *
+ * Set up the share security descripter
*/
- conn->share_access = create_share_access_mask(snum,
- !CAN_WRITE(conn),
- conn->session_info->security_token);
-
- if ((conn->share_access & FILE_WRITE_DATA) == 0) {
- if ((conn->share_access & FILE_READ_DATA) == 0) {
- /* No access, read or write. */
- DEBUG(0,("make_connection: connection to %s "
- "denied due to security "
- "descriptor.\n",
- lp_servicename(talloc_tos(), snum)));
- status = NT_STATUS_ACCESS_DENIED;
- goto err_root_exit;
- } else {
- conn->read_only = True;
- }
+ status = check_user_share_access(conn,
+ conn->session_info,
+ &conn->share_access,
+ &conn->read_only);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto err_root_exit;
}
+
/* Initialise VFS function pointers */
if (!smbd_vfs_init(conn)) {