[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Wed Sep 8 21:54:55 MDT 2010
The branch, master has been updated
via bec9baf Don't rely on the underlying ACL modules to enforce share level security when setting ACLs, check at the call level as well.
from fcac46a Optimization suggested by Metze. Without this patch, FindFirst with 'path o\some\dir\withiles\*'
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit bec9baf88a54d0e0d3fe1065c27df0f76c960e65
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 8 20:54:38 2010 -0700
Don't rely on the underlying ACL modules to enforce share level
security when setting ACLs, check at the call level as well.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/nttrans.c | 5 +++++
source3/smbd/smb2_setinfo.c | 5 +++++
2 files changed, 10 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 78774dc..1e4e06c 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1967,6 +1967,11 @@ static void call_nt_transact_set_security_desc(connection_struct *conn,
return;
}
+ if (!CAN_WRITE(fsp->conn)) {
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+ return;
+ }
+
if(!lp_nt_acl_support(SNUM(conn))) {
goto done;
}
diff --git a/source3/smbd/smb2_setinfo.c b/source3/smbd/smb2_setinfo.c
index 3e1bdd2..4b837c1 100644
--- a/source3/smbd/smb2_setinfo.c
+++ b/source3/smbd/smb2_setinfo.c
@@ -311,6 +311,11 @@ static struct tevent_req *smbd_smb2_setinfo_send(TALLOC_CTX *mem_ctx,
case 0x03:/* SMB2_SETINFO_SECURITY */
{
+ if (!CAN_WRITE(conn)) {
+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+ return tevent_req_post(req, ev);
+ }
+
status = set_sd(fsp,
in_input_buffer.data,
in_input_buffer.length,
--
Samba Shared Repository
More information about the samba-cvs
mailing list