Bug 10252 - Access Based Enuemration: User can see/list folders/files even when they denied to either read attribute or read extend attribiute permission

Partha Sarathi parthasarathi.bl at gmail.com
Tue Nov 5 23:50:05 MST 2013


I just gone through the hide unreadable related code and found that we are
only checking for FILE_READ_DATA  at user_can_read_file() and I have added
the rest of the access mask just work similar to windows.

bash-4.0$ diff -up smbd/dir.c smbd/dir.c.fix
--- smbd/dir.c  2013-11-05 22:42:44.565464984 -0800
+++ smbd/dir.c.fix      2013-11-05 22:42:31.751405097 -0800
@@ -1185,7 +1185,7 @@ static bool user_can_read_file(connectio
                return True;

-       return can_access_file_acl(conn, smb_fname, FILE_READ_DATA);
+       return can_access_file_acl(conn, smb_fname, (FILE_READ_DATA |


Note: I have done the unit test and it just works like Windows i.e even if
the user is just denied for any one of the READ permissions samba hides the
folder/files with the above changes.

Thanks & Regards

More information about the samba-technical mailing list