Windows seems only to allow Administrators to do NetShareEnumAll while Samba seems to allow anyone to do that

[Richard Sharpe]

Hi,

I was looking at using Computer Manager to add and remove shares on a
Samba node, and was testing the addition and deletion of shares by
non-Admin users.

While both share addition and share deletion fail for non-Admin users,
deletion fails in a weird manner and is unlike what Windows does.

What happens on the wire is that the Windows Client sends a
NetShareEnumAll request. Samba honors that request, then Windows send
a request to enumerate connections, which Samba denies with
WERR_ACCESS_DENIED, and the user get weird behavior.

Windows servers, on the other hand, deny the NetShareEnumAll.

In looking at srv_srvsvc_nt.c, I see that there is no check for DISK
OP privilege in neither 3.5.x nor 3.6.x, but I suspect that
enumerating shares should only be allowed for those who have DISK OP
privilege.

Does anyone else have an opinion here?

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)