r1375: When setting writable=yes in smb.conf and only allow read access in the

security descriptor, allow read access. The code failed in this case. Jeremy, could you please cross-check this? The way I understood your code it could only work if smb.conf and secdesc said the same. This made the use of srvmgr a bit difficult.... What was your intention on how to use the share_info.tdb? The current code might check the secdesc twice, but I don't see any decent way around it that does not completely clutter the code. Volker
author: Volker Lendecke <vlendec@samba.org> 2004-07-07 13:13:15 +0000
committer: Volker Lendecke <vlendec@samba.org> 2004-07-07 13:13:15 +0000
commit: 4cfc22c61118f482e6cf2ba519f969968de512b7 (patch)
tree: 211e37e68f57b288f2a90711fc5f2d82e6344114 /source/smbd
parent: 14924ce5a1507022f721289004e50d069086d03c (diff)
download: samba-4cfc22c61118f482e6cf2ba519f969968de512b7.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/source/smbd/uid.c b/source/smbd/uid.c
index e1864c74caa..de2f96450fc 100644
--- a/source/smbd/uid.c
+++ b/source/smbd/uid.c
@@ -125,6 +125,13 @@ static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
 
 	readonly_share = is_share_read_only_for_user(conn, vuser);
 
+	if (!readonly_share &&
+	    !share_access_check(conn, snum, vuser, FILE_WRITE_DATA)) {
+		/* smb.conf allows r/w, but the security descriptor denies
+		 * write. Fall back to looking at readonly. */
+		readonly_share = True;
+	}
+
 	if (!share_access_check(conn, snum, vuser, readonly_share ? FILE_READ_DATA : FILE_WRITE_DATA)) {
 		return False;
 	}
author	Volker Lendecke <vlendec@samba.org>	2004-07-07 13:13:15 +0000
committer	Volker Lendecke <vlendec@samba.org>	2004-07-07 13:13:15 +0000
commit	4cfc22c61118f482e6cf2ba519f969968de512b7 (patch)
tree	211e37e68f57b288f2a90711fc5f2d82e6344114 /source/smbd
parent	14924ce5a1507022f721289004e50d069086d03c (diff)
download	samba-4cfc22c61118f482e6cf2ba519f969968de512b7.tar.gz