access based share enum: handle permission set in configuration files

change function is_enumeration_allowed to check  permissions set by
fields: valid users, invalid users, only user.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8093

Signed-off-by: Alberto Maria Fiaschi <alberto.fiaschi@estar.toscana.it>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index b1e9d133809f0033efd2b2a1788cdb58ea04531a..279cd9ebff99f25dc1ef937ab3da293dce47aa25 100644 (file)
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -477,12 +477,19 @@ static bool is_hidden_share(int snum)
 static bool is_enumeration_allowed(struct pipes_struct *p,
                                    int snum)
 {
-    if (!lp_access_based_share_enum(snum))
-        return true;
+       if (!lp_access_based_share_enum(snum)) {
+               return true;
+       }
+
+       if (!user_ok_token(p->session_info->unix_info->unix_name,
+                          p->session_info->info->domain_name,
+                          p->session_info->security_token, snum)) {
+               return false;
+       }
 
-    return share_access_check(p->session_info->security_token,
-                             lp_servicename(talloc_tos(), snum),
-                             FILE_READ_DATA, NULL);
+       return share_access_check(p->session_info->security_token,
+                                 lp_servicename(talloc_tos(), snum),
+                                 FILE_READ_DATA, NULL);
 }
 
 /****************************************************************************