From 9d6dd97624f50dec3edd3bb9a3c0f7f47f9ae071 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 9 Apr 2001 06:36:38 +0000
Subject: Added set/get SD's on shares. Check before tcon. Jeremy. (This used
 to be commit 036b1a8b09fe6a7cca83d631624145574acad7f2)

---
 source3/smbd/server.c  |  4 ++++
 source3/smbd/service.c | 23 +++++++++++++++++++++++
 2 files changed, 27 insertions(+)

(limited to 'source3/smbd')

diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index adf57b3f55..84b7109294 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -765,6 +765,10 @@ static void usage(char *pname)
 		exit(1);
 	}
 
+	if (!share_info_db_init()) {
+		exit(1);
+	}
+
 	if(!initialize_password_db(False)) {
 		exit(1);
 	}
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index e20786595c..11ae11054a 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -343,6 +343,29 @@ connection_struct *make_connection(char *service,char *user,char *password, int
 
 	conn->read_only = lp_readonly(snum);
 
+	/*
+	 * New code to check if there's a share security descripter
+	 * added from NT server manager. This is an additional check
+	 * before the smb.conf checks are done. JRA.
+	 */
+
+	{
+		BOOL can_write = share_access_check(snum, vuid, FILE_WRITE_DATA);
+
+		if (!can_write) {
+			if (!share_access_check(snum, vuid, FILE_READ_DATA)) {
+				/* No access, read or write. */
+				*ecode = ERRaccess;
+				DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n",
+					service ));
+				conn_free(conn);
+				return NULL;
+			} else {
+				conn->read_only = True;
+			}
+		}
+	}
+
 	{
 		pstring list;
 		StrnCpy(list,lp_readlist(snum),sizeof(pstring)-1);
-- 
cgit