s3/smbd: fix access checks in set_ea_dos_attribute()

[samba.git] / source3 / smbd / dosmode.c

diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 73112dc9ab0a034dbb4458ddfcae8683f5f80c0f..d7b0a8c9a79b81f93ffa78f5ab24c611b7c17b0f 100644 (file)
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -464,6 +464,7 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
                NTSTATUS status = NT_STATUS_OK;
                bool need_close = false;
                files_struct *fsp = NULL;
+               bool set_dosmode_ok = false;
 
                if ((errno != EPERM) && (errno != EACCES)) {
                        DBG_INFO("Cannot set "
@@ -477,10 +478,21 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
                */
 
                /* Check if we have write access. */
-               if (!CAN_WRITE(conn) || !lp_dos_filemode(SNUM(conn)))
+               if (!CAN_WRITE(conn)) {
                        return NT_STATUS_ACCESS_DENIED;
+               }
 
-               if (!can_write_to_file(conn, smb_fname)) {
+               status = smbd_check_access_rights(conn, smb_fname, false,
+                                                 FILE_WRITE_ATTRIBUTES);
+               if (NT_STATUS_IS_OK(status)) {
+                       set_dosmode_ok = true;
+               }
+
+               if (!set_dosmode_ok && lp_dos_filemode(SNUM(conn))) {
+                       set_dosmode_ok = can_write_to_file(conn, smb_fname);
+               }
+
+               if (!set_dosmode_ok) {
                        return NT_STATUS_ACCESS_DENIED;
                }