From e6b85c2a7b3cfa0dd3c9859c88e5462c616d5a2a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 9 Sep 2010 15:28:43 -0700 Subject: [PATCH] More paranoia to ensure SD's can't be set on read-only shares. Jeremy. --- source3/smbd/nttrans.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 1e4e06cf260..b602a516111 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -836,6 +836,10 @@ NTSTATUS set_sd(files_struct *fsp, uint8_t *data, uint32_t sd_len, struct security_descriptor *psd = NULL; NTSTATUS status; + if (!CAN_WRITE(fsp->conn)) { + return NT_STATUS_ACCESS_DENIED; + } + if (sd_len == 0 || !lp_nt_acl_support(SNUM(fsp->conn))) { return NT_STATUS_OK; }