[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Tue Mar 18 12:20:03 MDT 2014
The branch, master has been updated
via cf0934c s3: smbd: Fileserving share access checks.
from 8278d38 tdb: change version to 1.2.13.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit cf0934caf282f4ade8c8a701b0e40b68a2f17ace
Author: Jeremy Allison <jra at samba.org>
Date: Mon Mar 17 14:35:00 2014 -0700
s3: smbd: Fileserving share access checks.
Git commit 86d1e1db8e2747e30c89627cda123fde1e84f579
fixed share_access not being reset between users,
by changing make_connection_snum() to call a common
function check_user_share_access() in the same way
that change_to_user() (which can be called on any
incoming packet) does.
Unfortunately that bugfix was incorrect and
broke "force user" and "force group" as it
called check_user_share_access() inside
make_connection_snum() using the conn->session_info
pointer instead of the vuser->session_info pointer.
conn->session_info represents the token to use
when actually accessing the file system, and so
is modified by force user and force group.
conn->session_info represents the "pristine"
token of the user logging in, and is never modified
by force user and force group.
Samba 3.6.x checked the share access based on
the "pristine" token of the user logging in,
not the token modified by force user and force group.
This change restores the expected behavior.
Fixes bug #9878 - force user does not work as expected
https://bugzilla.samba.org/show_bug.cgi?id=9878
Signed-off-by: Jeremy Allison <jra at samba.org>
Tested-by: Gerhard Wiesinger <lists at wiesinger.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Mar 18 19:19:31 CET 2014 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/service.c | 12 ++++++++++--
1 files changed, 10 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index a25f2d4..401cd8f 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -614,11 +614,19 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn,
}
/*
- * Set up the share security descriptor
+ * Set up the share security descriptor.
+ * NOTE - we use the *INCOMING USER* session_info
+ * here, as does (indirectly) change_to_user(),
+ * which can be called on any incoming packet.
+ * This way we set up the share access based
+ * on the authenticated user, not the forced
+ * user. See bug:
+ *
+ * https://bugzilla.samba.org/show_bug.cgi?id=9878
*/
status = check_user_share_access(conn,
- conn->session_info,
+ vuser->session_info,
&conn->share_access,
&conn->read_only);
if (!NT_STATUS_IS_OK(status)) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list