diff options
author | Volker Lendecke <vl@samba.org> | 2012-09-26 15:26:35 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2012-09-27 02:51:41 +0200 |
commit | 4544c52fc432c4eb5ba45389519d00923d9698ca (patch) | |
tree | 891e38a622a537ca2506edcd84fe848365138319 | |
parent | 4666dec4160d09a6d87349c5521fe5751eb5e764 (diff) | |
download | samba-4544c52fc432c4eb5ba45389519d00923d9698ca.tar.gz samba-4544c52fc432c4eb5ba45389519d00923d9698ca.tar.bz2 samba-4544c52fc432c4eb5ba45389519d00923d9698ca.zip |
s3: For read-only shares, filter out write bits from conn->access_mask
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 27 02:51:42 CEST 2012 on sn-devel-104
-rw-r--r-- | source3/smbd/service.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/smbd/service.c b/source3/smbd/service.c index b2d3d4ddc1..b74192cec8 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -524,6 +524,13 @@ static void create_share_access_mask(connection_struct *conn, int snum) MAXIMUM_ALLOWED_ACCESS, &conn->share_access); + if (!CAN_WRITE(conn)) { + conn->share_access &= + ~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | + SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE | + SEC_DIR_DELETE_CHILD ); + } + if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) { conn->share_access |= SEC_FLAG_SYSTEM_SECURITY; } |