summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2004-07-07 13:13:15 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:52:08 -0500
commit5aadb88b537e8beb994b9c7e063b1725d41fad8f (patch)
treef826cf01b9e730352f025bd0faffe4271706c1fb /source3
parent12b0bd2aca1600a3b6e42b5a9d0a9ac0018c8444 (diff)
downloadsamba-5aadb88b537e8beb994b9c7e063b1725d41fad8f.tar.gz
samba-5aadb88b537e8beb994b9c7e063b1725d41fad8f.tar.bz2
samba-5aadb88b537e8beb994b9c7e063b1725d41fad8f.zip
r1375: When setting writable=yes in smb.conf and only allow read access in the
security descriptor, allow read access. The code failed in this case. Jeremy, could you please cross-check this? The way I understood your code it could only work if smb.conf and secdesc said the same. This made the use of srvmgr a bit difficult.... What was your intention on how to use the share_info.tdb? The current code might check the secdesc twice, but I don't see any decent way around it that does not completely clutter the code. Volker (This used to be commit 7c673bd910e1fcbbf07198f38ceddd81e9064c11)
Diffstat (limited to 'source3')
-rw-r--r--source3/smbd/uid.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index e1864c74ca..de2f96450f 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -125,6 +125,13 @@ static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
readonly_share = is_share_read_only_for_user(conn, vuser);
+ if (!readonly_share &&
+ !share_access_check(conn, snum, vuser, FILE_WRITE_DATA)) {
+ /* smb.conf allows r/w, but the security descriptor denies
+ * write. Fall back to looking at readonly. */
+ readonly_share = True;
+ }
+
if (!share_access_check(conn, snum, vuser, readonly_share ? FILE_READ_DATA : FILE_WRITE_DATA)) {
return False;
}