Bug 7549 - No error given when accessing share belongs to other user after successful authentication
No error given when accessing share belongs to other user after successful au...
Status: NEW
Product: Samba 3.5
Classification: Unclassified
Component: File services
3.5.4
x64 Linux
: P3 normal
: ---
Assigned To: Volker Lendecke
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-05 03:42 UTC by erha
Modified: 2010-07-05 03:42 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description erha 2010-07-05 03:42:35 UTC
Problem:
No error given when accessing share belongs to other user after authentication.
Even though the content shown is belong to yourself (the authenticated user) but this give impression to the end-user (the non-IT-user of course) that they can actually access other people files.

Server OS: CentOS 5.4
Client OS: Win7 and WinXP
Samba: 3.5.3 and 3.5.4 (tried on 3.5.3 and upgrade to 3.5.4, problem persist)
Platform: x64
Reproducable: ALWAYS

Configuration file:
[global]
  workgroup = myWorkgroup
  security = user
  passdb backend = tdbsam
  passwd program =  /usr/bin/passwd %u
  passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\spassword\ssuccessfully\schanged*\n

  unix password sync = Yes
  passwd chat debug = yes
  passwd chat timeout = 10

  log level = 10
  max log size = 50
  debug timestamp = yes

[homes]
  browseable = no
  writable = yes
  valid users = %U
  force user = %U
  path = %H

Step to reproduce:
1. On the server, create 2 different users (i.e. user1 and user2) and create a password for the samba using smbpasswd
2. On the client, type in "\\ipaddress" from Windows Start->Run, type in user id and password for user1.
3. The explore will show you a folder user1 (Note: only user1).
4. On the client, type in "\\ipaddress\user2" from Windows Start->Run

Result:
The explorer will show \\ipaddress\user2 in the address bar but the content shown comes from \\ipaddress\user1.

Expected:
When we enter \\ipaddress\user2, the explorer shall give an error as user2 folder shall not be accessible by user1.

5. After this when I try to access by typing \\ipaddress from Start->Run, I could see 2 folders user1 and user2.

6. From now on, you always see 2 folders (user1 and user2).

I have sniffed the traffic and check the NetShareEnumAll response and unfortunately the server did return user1 and user2, so this is not a problem on WinXP or Win7.