security descriptor, allow read access. The code failed in this case.
Jeremy, could you please cross-check this? The way I understood your code it
could only work if smb.conf and secdesc said the same. This made the use of
srvmgr a bit difficult.... What was your intention on how to use the
share_info.tdb?
The current code might check the secdesc twice, but I don't see any decent way
around it that does not completely clutter the code.
Volker
(This used to be commit
7c673bd910e1fcbbf07198f38ceddd81e9064c11)
readonly_share = is_share_read_only_for_user(conn, vuser);
+ if (!readonly_share &&
+ !share_access_check(conn, snum, vuser, FILE_WRITE_DATA)) {
+ /* smb.conf allows r/w, but the security descriptor denies
+ * write. Fall back to looking at readonly. */
+ readonly_share = True;
+ }
+
if (!share_access_check(conn, snum, vuser, readonly_share ? FILE_READ_DATA : FILE_WRITE_DATA)) {
return False;
}