s3: smbd: Fileserving share access checks.

[samba.git] / source3 / smbd / service.c

diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index b3abdd89d3ce62e2cf35a9c3c225f914039732ba..19c02d6925f56f294feabd6f6d424a71321857ce 100644 (file)
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -614,11 +614,19 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn,
        }
 
         /*
-         * Set up the share security descripter
+         * Set up the share security descripter.
+        * NOTE - we use the *INCOMING USER* session_info
+        * here, as does (indirectly) change_to_user(),
+        * which can be called on any incoming packet.
+        * This way we set up the share access based
+        * on the authenticated user, not the forced
+        * user. See bug:
+        *
+        * https://bugzilla.samba.org/show_bug.cgi?id=9878
          */
 
        status = check_user_share_access(conn,
-                                       conn->session_info,
+                                       vuser->session_info,
                                        &conn->share_access,
                                        &conn->read_only);
        if (!NT_STATUS_IS_OK(status)) {