diff options
| author | Volker Lendecke <vl@samba.org> | 2011-07-05 11:13:07 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2011-07-05 16:21:53 +0200 |
| commit | 4deca5d72804a40e68158a1183f5633dabf24761 (patch) | |
| tree | 0cc02b34f4c63d2298b43489cc897a468e4dba74 | |
| parent | 720fa46f9443ccbe471b265f1c2b9cb9782a3c26 (diff) | |
| download | samba-4deca5d72804a40e68158a1183f5633dabf24761.tar.gz samba-4deca5d72804a40e68158a1183f5633dabf24761.tar.bz2 samba-4deca5d72804a40e68158a1183f5633dabf24761.zip | |
s3: Fix bug 8102
We can't allow open with access that has been denied via the share
security descriptor
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jul 5 16:21:54 CEST 2011 on sn-devel-104
| -rw-r--r-- | source3/smbd/open.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 86a5924f16..bbab9f14ef 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -76,6 +76,14 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, /* Check if we have rights to open. */ NTSTATUS status; struct security_descriptor *sd = NULL; + uint32_t rejected_share_access; + + rejected_share_access = access_mask & ~(conn->share_access); + + if (rejected_share_access) { + *access_granted = rejected_share_access; + return NT_STATUS_ACCESS_DENIED; + } if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) { *access_granted = access_mask; |