s3: Fix bug 8102

We can't allow open with access that has been denied via the share security descriptor Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jul 5 16:21:54 CEST 2011 on sn-devel-104 (cherry picked from commit 4deca5d72804a40e68158a1183f5633dabf24761) (cherry picked from commit b3a035005ef98bcb31bade50a9e3ddf088302779)
author: Volker Lendecke <vl@samba.org> 2011-07-05 11:13:07 +0200
committer: Karolin Seeger <kseeger@samba.org> 2011-07-26 21:54:01 +0200
commit: 29e04dfa5245c06ee9c3e35891d0c344898fa11d (patch)
tree: 45e97f46532209c9027615b9fb44b0ee0411e2f3
parent: 969a50998d526c890af0db149999a16e7764f8e3 (diff)
download: samba-29e04dfa5245c06ee9c3e35891d0c344898fa11d.tar.gz
samba-29e04dfa5245c06ee9c3e35891d0c344898fa11d.tar.xz
samba-29e04dfa5245c06ee9c3e35891d0c344898fa11d.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 44b18357691..d58744f05f8 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -76,6 +76,14 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
 	/* Check if we have rights to open. */
 	NTSTATUS status;
 	struct security_descriptor *sd = NULL;
+	uint32_t rejected_share_access;
+
+	rejected_share_access = access_mask & ~(conn->share_access);
+
+	if (rejected_share_access) {
+		*access_granted = rejected_share_access;
+		return NT_STATUS_ACCESS_DENIED;
+	}
 
 	if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
 		*access_granted = access_mask;
author	Volker Lendecke <vl@samba.org>	2011-07-05 11:13:07 +0200
committer	Karolin Seeger <kseeger@samba.org>	2011-07-26 21:54:01 +0200
commit	29e04dfa5245c06ee9c3e35891d0c344898fa11d (patch)
tree	45e97f46532209c9027615b9fb44b0ee0411e2f3
parent	969a50998d526c890af0db149999a16e7764f8e3 (diff)
download	samba-29e04dfa5245c06ee9c3e35891d0c344898fa11d.tar.gz samba-29e04dfa5245c06ee9c3e35891d0c344898fa11d.tar.xz samba-29e04dfa5245c06ee9c3e35891d0c344898fa11d.zip