conn->share_access appears not be be reset between users

Andrew Bartlett abartlet at samba.org
Thu Dec 20 14:40:38 MST 2012 

I've been chasing down a bug for work, where it was reported that "write
list" (which overrides the read only=yes in smb.conf) does not work with
Samba 4.0.

This can be fixed by reverting 4544c52fc432c4eb5ba45389519d00923d9698ca.

However, this made me look into the whole situation around
conn->share_mask.  It appears that this member of connection_struct is
set during the tree connect so it can be used along side the per-file ACL
mask handling.  

This was added in:

commit 720fa46f9443ccbe471b265f1c2b9cb9782a3c26
Author: Volker Lendecke <vl at samba.org>
Date:   Mon Jul 4 18:35:21 2011 +0200

    s3: Calculate&store the maximum share access mask
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>

However, due to the way this code works, a new user connecting to a
share on the same tree connect will not have a new 'conn' structure, but
re-uses the structure esablished by the first user.  The code in
smbd/uid.c:check_user_ok() will replace the read_only and session_info
elements, but not the conn->share_access element.

The original code also appears to be the confusing factor here, as the
share ACL (rarely used ability to set an NT ACL on a share, using
sharesec or a windows GUI tool) is additionally checked before
change_to_user(), probably to give back a nicer error, and then along
with the other access checks, in change_to_user().  

As we (essentially) always honour posix permissions and the read only flag
as set on the connection, I see this as a correctness issue - we could 
get an odd interaction between the mask from the share ACL and the mask 
from the file ACL. 

The fix, as I see it, is to push all the per-user access control stuff
back into the change_to_user code, that is always run before a user can
access a share.

Once we sort this out, the attached is the test case for fixing "write list".

Fileed as https://bugzilla.samba.org/show_bug.cgi?id=9518 to help us track this into 4.0

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-selftest-show-that-Samba-honours-write-list-and-vali.patch
Type: text/x-patch
Size: 3843 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20121221/56354c01/attachment.bin>

More information about the samba-technical mailing list