diff options
author | Jeremy Allison <jra@samba.org> | 2004-05-18 00:26:06 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2004-05-18 00:26:06 +0000 |
commit | 6ef962c291cad4adc1395d669865dc7b14515556 (patch) | |
tree | c775c6454e40a45017ba05667cf367dd0764ba0a | |
parent | 0f051b6d516996d756603adf324684728482120d (diff) | |
download | samba-6ef962c291cad4adc1395d669865dc7b14515556.tar.gz samba-6ef962c291cad4adc1395d669865dc7b14515556.tar.xz samba-6ef962c291cad4adc1395d669865dc7b14515556.zip |
r762: Fix for #1319 when security > share.
Jeremy.
-rw-r--r-- | source/smbd/uid.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/source/smbd/uid.c b/source/smbd/uid.c index 3859298055b..e1864c74caa 100644 --- a/source/smbd/uid.c +++ b/source/smbd/uid.c @@ -189,20 +189,26 @@ BOOL change_to_user(connection_struct *conn, uint16 vuid) snum = SNUM(conn); + if ((vuser) && !check_user_ok(conn, vuser, snum)) { + DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) not permitted access to share %s.\n", + vuser->user.smb_name, vuser->user.unix_name, vuid, lp_servicename(snum))); + return False; + } + if (conn->force_user) /* security = share sets this too */ { uid = conn->uid; gid = conn->gid; current_user.groups = conn->groups; current_user.ngroups = conn->ngroups; token = conn->nt_user_token; - } else if ((vuser) && check_user_ok(conn, vuser, snum)) { + } else if (vuser) { uid = conn->admin_user ? 0 : vuser->uid; gid = vuser->gid; current_user.ngroups = vuser->n_groups; current_user.groups = vuser->groups; token = vuser->nt_user_token; } else { - DEBUG(2,("change_to_user: Invalid vuid used %d or vuid not permitted access to share.\n",vuid)); + DEBUG(2,("change_to_user: Invalid vuid used %d in accessing share %s.\n",vuid, lp_servicename(snum) )); return False; } |