Bug 7549 - No error given when accessing share belongs to other user after successful authentication
Summary: No error given when accessing share belongs to other user after successful au...
Status: NEW
Alias: None
Product: Samba 3.5
Classification: Unclassified
Component: File services (show other bugs)
Version: 3.5.4
Hardware: x64 Linux
: P3 normal
Target Milestone: ---
Assignee: Volker Lendecke
QA Contact: Samba QA Contact
Depends on:
Reported: 2010-07-05 03:42 UTC by erha
Modified: 2010-07-05 03:42 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description erha 2010-07-05 03:42:35 UTC
No error given when accessing share belongs to other user after authentication.
Even though the content shown is belong to yourself (the authenticated user) but this give impression to the end-user (the non-IT-user of course) that they can actually access other people files.

Server OS: CentOS 5.4
Client OS: Win7 and WinXP
Samba: 3.5.3 and 3.5.4 (tried on 3.5.3 and upgrade to 3.5.4, problem persist)
Platform: x64
Reproducable: ALWAYS

Configuration file:
  workgroup = myWorkgroup
  security = user
  passdb backend = tdbsam
  passwd program =  /usr/bin/passwd %u
  passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\spassword\ssuccessfully\schanged*\n

  unix password sync = Yes
  passwd chat debug = yes
  passwd chat timeout = 10

  log level = 10
  max log size = 50
  debug timestamp = yes

  browseable = no
  writable = yes
  valid users = %U
  force user = %U
  path = %H

Step to reproduce:
1. On the server, create 2 different users (i.e. user1 and user2) and create a password for the samba using smbpasswd
2. On the client, type in "\\ipaddress" from Windows Start->Run, type in user id and password for user1.
3. The explore will show you a folder user1 (Note: only user1).
4. On the client, type in "\\ipaddress\user2" from Windows Start->Run

The explorer will show \\ipaddress\user2 in the address bar but the content shown comes from \\ipaddress\user1.

When we enter \\ipaddress\user2, the explorer shall give an error as user2 folder shall not be accessible by user1.

5. After this when I try to access by typing \\ipaddress from Start->Run, I could see 2 folders user1 and user2.

6. From now on, you always see 2 folders (user1 and user2).

I have sniffed the traffic and check the NetShareEnumAll response and unfortunately the server did return user1 and user2, so this is not a problem on WinXP or Win7.