Commit 5aadb88b authored Jul 07, 2004 by Volker Lendecke Committed by Gerald (Jerry) Carter Oct 10, 2007

r1375: When setting writable=yes in smb.conf and only allow read access in the

security descriptor, allow read access. The code failed in this case.

Jeremy, could you please cross-check this? The way I understood your code it
could only work if smb.conf and secdesc said the same. This made the use of
srvmgr a bit difficult.... What was your intention on how to use the
share_info.tdb?

The current code might check the secdesc twice, but I don't see any decent way
around it that does not completely clutter the code.

Volker
(This used to be commit 7c673bd910e1fcbbf07198f38ceddd81e9064c11)

parent 12b0bd2a

source3/smbd/uid.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -125,6 +125,13 @@ static BOOL check_user_ok(connection_struct conn, user_struct vuser,int snum)

		readonly_share = is_share_read_only_for_user(conn, vuser);

		if (!readonly_share &&
		!share_access_check(conn, snum, vuser, FILE_WRITE_DATA)) {
		/* smb.conf allows r/w, but the security descriptor denies
		* write. Fall back to looking at readonly. */
		readonly_share = True;
		}

		if (!share_access_check(conn, snum, vuser, readonly_share ? FILE_READ_DATA : FILE_WRITE_DATA)) {
		return False;
		}