diff options
| -rw-r--r-- | source3/smbd/open.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c index ccc6fc77d6..c8cc2e64a3 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2386,6 +2386,14 @@ static NTSTATUS open_directory(connection_struct *conn, return status; } + /* We need to support SeSecurityPrivilege for this. */ + if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) { + DEBUG(10, ("open_directory: open on %s " + "failed - SEC_RIGHT_SYSTEM_SECURITY denied.\n", + fname)); + return NT_STATUS_PRIVILEGE_NOT_HELD; + } + switch( create_disposition ) { case FILE_OPEN: @@ -2931,6 +2939,20 @@ static NTSTATUS create_file_unixpath(connection_struct *conn, status = NT_STATUS_PRIVILEGE_NOT_HELD; goto fail; } +#else + /* We need to support SeSecurityPrivilege for this. */ + if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) { + status = NT_STATUS_PRIVILEGE_NOT_HELD; + goto fail; + } + /* Don't allow a SACL set from an NTtrans create until we + * support SeSecurityPrivilege. */ + if (!VALID_STAT(sbuf) && + lp_nt_acl_support(SNUM(conn)) && + sd && (sd->sacl != NULL)) { + status = NT_STATUS_PRIVILEGE_NOT_HELD; + goto fail; + } #endif if ((conn->fs_capabilities & FILE_NAMED_STREAMS) |