diff options
author | Jeremy Allison <jra@samba.org> | 2010-09-08 20:54:38 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2010-09-08 20:54:38 -0700 |
commit | bec9baf88a54d0e0d3fe1065c27df0f76c960e65 (patch) | |
tree | 72282edbec39183a10489840e652a4373f55222d /source3/smbd/smb2_setinfo.c | |
parent | fcac46a61245e6b05f88ed80ec4b554ffd55dc63 (diff) | |
download | samba-bec9baf88a54d0e0d3fe1065c27df0f76c960e65.tar.gz |
Don't rely on the underlying ACL modules to enforce share level
security when setting ACLs, check at the call level as well.
Jeremy.
Diffstat (limited to 'source3/smbd/smb2_setinfo.c')
-rw-r--r-- | source3/smbd/smb2_setinfo.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/source3/smbd/smb2_setinfo.c b/source3/smbd/smb2_setinfo.c index 3e1bdd27712..4b837c13b32 100644 --- a/source3/smbd/smb2_setinfo.c +++ b/source3/smbd/smb2_setinfo.c @@ -311,6 +311,11 @@ static struct tevent_req *smbd_smb2_setinfo_send(TALLOC_CTX *mem_ctx, case 0x03:/* SMB2_SETINFO_SECURITY */ { + if (!CAN_WRITE(conn)) { + tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); + return tevent_req_post(req, ev); + } + status = set_sd(fsp, in_input_buffer.data, in_input_buffer.length, |