From c3dc91f7d7d2d4dace183ce51645dadf92ba91bc Mon Sep 17 00:00:00 2001
From: Alberto Maria Fiaschi <alberto.fiaschi@estar.toscana.it>
Date: Tue, 23 Feb 2016 18:22:10 +0100
Subject: [PATCH] access based share enum: handle permission set in
 configuration files

change function is_enumeration_allowed to check  permissions set by
fields: valid users, invalid users, only user.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8093

Signed-off-by: Alberto Maria Fiaschi <alberto.fiaschi@estar.toscana.it>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 5036a0922b7890005bcc8b77368a6635c8ebeb4b)
---
 source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index b1e9d13..279cd9e 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -477,12 +477,19 @@ static bool is_hidden_share(int snum)
 static bool is_enumeration_allowed(struct pipes_struct *p,
                                    int snum)
 {
-    if (!lp_access_based_share_enum(snum))
-        return true;
+	if (!lp_access_based_share_enum(snum)) {
+		return true;
+	}
+
+	if (!user_ok_token(p->session_info->unix_info->unix_name,
+			   p->session_info->info->domain_name,
+			   p->session_info->security_token, snum)) {
+		return false;
+	}
 
-    return share_access_check(p->session_info->security_token,
-			      lp_servicename(talloc_tos(), snum),
-			      FILE_READ_DATA, NULL);
+	return share_access_check(p->session_info->security_token,
+				  lp_servicename(talloc_tos(), snum),
+				  FILE_READ_DATA, NULL);
 }
 
 /****************************************************************************
-- 
2.5.0