Don't rely on the underlying ACL modules to enforce share level

security when setting ACLs, check at the call level as well. Jeremy.
author: Jeremy Allison <jra@samba.org> 2010-09-08 20:54:38 -0700
committer: Jeremy Allison <jra@samba.org> 2010-09-08 20:54:38 -0700
commit: bec9baf88a54d0e0d3fe1065c27df0f76c960e65 (patch)
tree: 72282edbec39183a10489840e652a4373f55222d /source3/smbd/nttrans.c
parent: fcac46a61245e6b05f88ed80ec4b554ffd55dc63 (diff)
download: samba-bec9baf88a54d0e0d3fe1065c27df0f76c960e65.tar.gz
samba-bec9baf88a54d0e0d3fe1065c27df0f76c960e65.tar.bz2
samba-bec9baf88a54d0e0d3fe1065c27df0f76c960e65.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 78774dc1b0..1e4e06cf26 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1967,6 +1967,11 @@ static void call_nt_transact_set_security_desc(connection_struct *conn,
 		return;
 	}
 
+	if (!CAN_WRITE(fsp->conn)) {
+		reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+		return;
+	}
+
 	if(!lp_nt_acl_support(SNUM(conn))) {
 		goto done;
 	}
author	Jeremy Allison <jra@samba.org>	2010-09-08 20:54:38 -0700
committer	Jeremy Allison <jra@samba.org>	2010-09-08 20:54:38 -0700
commit	bec9baf88a54d0e0d3fe1065c27df0f76c960e65 (patch)
tree	72282edbec39183a10489840e652a4373f55222d /source3/smbd/nttrans.c
parent	fcac46a61245e6b05f88ed80ec4b554ffd55dc63 (diff)
download	samba-bec9baf88a54d0e0d3fe1065c27df0f76c960e65.tar.gz samba-bec9baf88a54d0e0d3fe1065c27df0f76c960e65.tar.bz2 samba-bec9baf88a54d0e0d3fe1065c27df0f76c960e65.zip