From 4deca5d72804a40e68158a1183f5633dabf24761 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Tue, 5 Jul 2011 11:13:07 +0200
Subject: s3: Fix bug 8102

We can't allow open with access that has been denied via the share
security descriptor

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jul  5 16:21:54 CEST 2011 on sn-devel-104
---
 source3/smbd/open.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'source3/smbd')

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 86a5924f16..bbab9f14ef 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -76,6 +76,14 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
 	/* Check if we have rights to open. */
 	NTSTATUS status;
 	struct security_descriptor *sd = NULL;
+	uint32_t rejected_share_access;
+
+	rejected_share_access = access_mask & ~(conn->share_access);
+
+	if (rejected_share_access) {
+		*access_granted = rejected_share_access;
+		return NT_STATUS_ACCESS_DENIED;
+	}
 
 	if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
 		*access_granted = access_mask;
-- 
cgit