[PATCH] Fix bug #9878 - force user does not work as expected.

Andreas Schneider asn at samba.org
Wed Mar 19 09:16:16 MDT 2014

On Monday 17 March 2014 15:18:57 Jeremy Allison wrote:
> Michael,
> I finally tracked down the cause of bug
> #9878 - force user does not work as expected
> https://bugzilla.samba.org/show_bug.cgi?id=9878
> You were correct, my git check-in 86d1e1db8e2747e30c89627cda123fde1e84f579
> was the cause. In fixing that I used the wrong
> session_info pointer to call check_user_share_access()
> inside make_connection_snum().
> Now I understand the problem the fix is
> obvious (change the call to check_user_share_access()
> inside make_connection_snum() to use the same
> session_info pointer that is used
> inside change_to_user() to potentially
> check access on every packet). Now both
> calls check in *exactly* the same way,
> and in my testing the correct functionality
> from 3.6.x is restored.
> Please review and push if you're happy.
> I have versions prepared for 4.1.x and
> 4.0.x once it's in master.
> I'm picking you for the review as you
> wrote in the bug report:
> "Ok, great! I'll also happily work/collaborate on this."
> :-). Once this goes in we should really
> decide on some tests to ensure we can't
> regress on this again.

Houston, we have a problem!

I have a print$ share with force group which stops working after this patch!

        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @ntadmin root
        force group = ntadmin
        create mask = 0664
        directory mask = 0775

I'm connecting as LEVEL1+Administrator who is a member of the group ntadmin. 
I'm not able to upload printer drivers after the patch is applied. If I revert 
the patch, I can upload printer drivers again.

	-- andreas

Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org

More information about the samba-technical mailing list