[PATCH] Master fix for bug #9518 - conn->share_access appears not be be reset between users

[Volker Lendecke]

On Fri, Jan 04, 2013 at 04:12:55PM -0800, Jeremy Allison wrote:
> Please review and apply to master if ok. It includes
> Andrew's regression test patch also.

Looks very well crafted to me. I haven't tested it, but it
looks completely sane. Attached find some cosmetic patches
on top.

With best regards,

Volker Lendecke

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 3e6809dd6173e168aadab6002e0cf515fdc8319e Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 6 Jan 2013 14:39:07 +0100
Subject: [PATCH 1/3] smbd: Fix a typo

---
 source3/smbd/service.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 8f6d485..4fe3809 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -614,7 +614,7 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn,
 	}
 
 	/*
-	 * Set up the share security descripter
+	 * Set up the share security descriptor
 	 */
 
 	status = check_user_share_access(conn,
-- 
1.7.3.4


From cb08ed340535579291f8ae6601a4947460603e22 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 6 Jan 2013 14:41:24 +0100
Subject: [PATCH 2/3] smbd: Simplify an if-expression

---
 source3/smbd/uid.c |   17 +++++++----------
 1 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index b9cebce..5ab0dc4 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -145,16 +145,13 @@ NTSTATUS check_user_share_access(connection_struct *conn,
 					readonly_share,
 					session_info->security_token);
 
-	if ((share_access & FILE_WRITE_DATA) == 0) {
-		if ((share_access & FILE_READ_DATA) == 0) {
-			/* No access, read or write. */
-			DEBUG(0,("user %s connection to %s "
-				"denied due to share security "
-				"descriptor.\n",
-				session_info->unix_info->unix_name,
-				lp_servicename(talloc_tos(), snum)));
-			return NT_STATUS_ACCESS_DENIED;
-		}
+	if ((share_access & (FILE_READ_DATA|FILE_WRITE_DATA)) == 0) {
+		/* No access, read or write. */
+		DEBUG(0,("user %s connection to %s denied due to share "
+			 "security descriptor.\n",
+			 session_info->unix_info->unix_name,
+			 lp_servicename(talloc_tos(), snum)));
+		return NT_STATUS_ACCESS_DENIED;
 	}
 
 	if (!readonly_share &&
-- 
1.7.3.4


From ef648bb484ba0da425f0fe1acb44f8390baacd9b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 6 Jan 2013 14:50:33 +0100
Subject: [PATCH 3/3] smbd: Remove some ()

---
 source3/smbd/uid.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 5ab0dc4..b2fe39c 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -104,13 +104,13 @@ static uint32_t create_share_access_mask(int snum,
 		share_access |= SEC_FLAG_SYSTEM_SECURITY;
 	}
 	if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
-		share_access |= (SEC_RIGHTS_PRIV_RESTORE);
+		share_access |= SEC_RIGHTS_PRIV_RESTORE;
 	}
 	if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
-		share_access |= (SEC_RIGHTS_PRIV_BACKUP);
+		share_access |= SEC_RIGHTS_PRIV_BACKUP;
 	}
 	if (security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
-		share_access |= (SEC_STD_WRITE_OWNER);
+		share_access |= SEC_STD_WRITE_OWNER;
 	}
 
 	return share_access;
-- 
1.7.3.4