Don't rely on the underlying ACL modules to enforce share level

security when setting ACLs, check at the call level as well. Jeremy.
author: Jeremy Allison <jra@samba.org> 2010-09-08 20:54:38 -0700
committer: Jeremy Allison <jra@samba.org> 2010-09-08 20:54:38 -0700
commit: bec9baf88a54d0e0d3fe1065c27df0f76c960e65 (patch)
tree: 72282edbec39183a10489840e652a4373f55222d /source3/smbd/smb2_setinfo.c
parent: fcac46a61245e6b05f88ed80ec4b554ffd55dc63 (diff)
download: samba-bec9baf88a54d0e0d3fe1065c27df0f76c960e65.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/source3/smbd/smb2_setinfo.c b/source3/smbd/smb2_setinfo.c
index 3e1bdd27712..4b837c13b32 100644
--- a/source3/smbd/smb2_setinfo.c
+++ b/source3/smbd/smb2_setinfo.c
@@ -311,6 +311,11 @@ static struct tevent_req *smbd_smb2_setinfo_send(TALLOC_CTX *mem_ctx,
 
 	case 0x03:/* SMB2_SETINFO_SECURITY */
 	{
+		if (!CAN_WRITE(conn)) {
+			tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+			return tevent_req_post(req, ev);
+		}
+
 		status = set_sd(fsp,
 				in_input_buffer.data,
 				in_input_buffer.length,
author	Jeremy Allison <jra@samba.org>	2010-09-08 20:54:38 -0700
committer	Jeremy Allison <jra@samba.org>	2010-09-08 20:54:38 -0700
commit	bec9baf88a54d0e0d3fe1065c27df0f76c960e65 (patch)
tree	72282edbec39183a10489840e652a4373f55222d /source3/smbd/smb2_setinfo.c
parent	fcac46a61245e6b05f88ed80ec4b554ffd55dc63 (diff)
download	samba-bec9baf88a54d0e0d3fe1065c27df0f76c960e65.tar.gz