diff options
author | Volker Lendecke <vl@samba.org> | 2011-07-05 11:13:07 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2011-07-26 21:54:01 +0200 |
commit | 29e04dfa5245c06ee9c3e35891d0c344898fa11d (patch) | |
tree | 45e97f46532209c9027615b9fb44b0ee0411e2f3 | |
parent | 969a50998d526c890af0db149999a16e7764f8e3 (diff) | |
download | samba-29e04dfa5245c06ee9c3e35891d0c344898fa11d.tar.gz samba-29e04dfa5245c06ee9c3e35891d0c344898fa11d.tar.xz samba-29e04dfa5245c06ee9c3e35891d0c344898fa11d.zip |
s3: Fix bug 8102
We can't allow open with access that has been denied via the share
security descriptor
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jul 5 16:21:54 CEST 2011 on sn-devel-104
(cherry picked from commit 4deca5d72804a40e68158a1183f5633dabf24761)
(cherry picked from commit b3a035005ef98bcb31bade50a9e3ddf088302779)
-rw-r--r-- | source3/smbd/open.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 44b18357691..d58744f05f8 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -76,6 +76,14 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, /* Check if we have rights to open. */ NTSTATUS status; struct security_descriptor *sd = NULL; + uint32_t rejected_share_access; + + rejected_share_access = access_mask & ~(conn->share_access); + + if (rejected_share_access) { + *access_granted = rejected_share_access; + return NT_STATUS_ACCESS_DENIED; + } if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) { *access_granted = access_mask; |