s3: For read-only shares, filter out write bits from conn->access_mask

author Volker Lendecke <vl@samba.org>

Wed, 26 Sep 2012 22:26:35 +0000 (15:26 -0700)

committer Jeremy Allison <jra@samba.org>

Thu, 27 Sep 2012 00:51:41 +0000 (02:51 +0200)
author Volker Lendecke <vl@samba.org>
Wed, 26 Sep 2012 22:26:35 +0000 (15:26 -0700)
committer Jeremy Allison <jra@samba.org>
Thu, 27 Sep 2012 00:51:41 +0000 (02:51 +0200)
diff --git a/source3/smbd/service.c b/source3/smbd/service.c

index b2d3d4ddc1642b5d29dda97b243d0d8307951994..b74192cec873833ceb29f82df03becbbbf12f4e9 100644 (file)
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -524,6 +524,13 @@ static void create_share_access_mask(connection_struct *conn, int snum)
                         MAXIMUM_ALLOWED_ACCESS,
                         &conn->share_access);
  
+       if (!CAN_WRITE(conn)) {
+               conn->share_access &=
+                       ~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
+                         SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
+                         SEC_DIR_DELETE_CHILD );
+       }
+
         if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
                 conn->share_access |= SEC_FLAG_SYSTEM_SECURITY;
         }
author	Volker Lendecke <vl@samba.org>
	Wed, 26 Sep 2012 22:26:35 +0000 (15:26 -0700)
committer	Jeremy Allison <jra@samba.org>
	Thu, 27 Sep 2012 00:51:41 +0000 (02:51 +0200)