From 9b261a1211de2bfef22af64d4717b44c5ed2bfb8 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 20 Aug 2009 11:08:21 -0700
Subject: Fix bug 6638 - ADS Domain Member: Computer Mgr can not set share ACLs
 Add good error message for share modification denial. Jeremy.

---
 source3/rpc_server/srv_srvsvc_nt.c | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

(limited to 'source3')

diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 01ffcd837a..f7f51d1e9a 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -1514,6 +1514,9 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p,
 		|| ( lp_enable_asu_support() && strequal(share_name,"ADMIN$") )
 		|| strequal(share_name,"global") )
 	{
+		DEBUG(5,("_srvsvc_NetShareSetInfo: share %s cannot be "
+			"modified by a remote user.\n",
+			share_name ));
 		return WERR_ACCESS_DENIED;
 	}
 
@@ -1531,8 +1534,14 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p,
 
 	/* fail out now if you are not root and not a disk op */
 
-	if ( p->server_info->utok.uid != sec_initial_uid() && !is_disk_op )
+	if ( p->server_info->utok.uid != sec_initial_uid() && !is_disk_op ) {
+		DEBUG(2,("_srvsvc_NetShareSetInfo: uid %u doesn't have the "
+			"SeDiskOperatorPrivilege privilege needed to modify "
+			"share %s\n",
+			(unsigned int)p->server_info->utok.uid,
+			share_name ));
 		return WERR_ACCESS_DENIED;
+	}
 
 	switch (r->in.level) {
 	case 1:
@@ -1599,16 +1608,23 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p,
 	}
 
 	/* We can only modify disk shares. */
-	if (type != STYPE_DISKTREE)
+	if (type != STYPE_DISKTREE) {
+		DEBUG(5,("_srvsvc_NetShareSetInfo: share %s is not a "
+			"disk share\n",
+			share_name ));
 		return WERR_ACCESS_DENIED;
+	}
 
 	if (comment == NULL) {
 		return WERR_NOMEM;
 	}
 
 	/* Check if the pathname is valid. */
-	if (!(path = valid_share_pathname(p->mem_ctx, pathname )))
+	if (!(path = valid_share_pathname(p->mem_ctx, pathname ))) {
+		DEBUG(5,("_srvsvc_NetShareSetInfo: invalid pathname %s\n",
+			pathname ));
 		return WERR_OBJECT_PATH_INVALID;
+	}
 
 	/* Ensure share name, pathname and comment don't contain '"' characters. */
 	string_replace(share_name, '"', ' ');
-- 
cgit