summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2012-09-26 15:26:35 -0700
committerJeremy Allison <jra@samba.org>2012-09-27 02:51:41 +0200
commit4544c52fc432c4eb5ba45389519d00923d9698ca (patch)
tree891e38a622a537ca2506edcd84fe848365138319
parent4666dec4160d09a6d87349c5521fe5751eb5e764 (diff)
downloadsamba-4544c52fc432c4eb5ba45389519d00923d9698ca.tar.gz
samba-4544c52fc432c4eb5ba45389519d00923d9698ca.tar.bz2
samba-4544c52fc432c4eb5ba45389519d00923d9698ca.zip
s3: For read-only shares, filter out write bits from conn->access_mask
Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Sep 27 02:51:42 CEST 2012 on sn-devel-104
-rw-r--r--source3/smbd/service.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index b2d3d4ddc1..b74192cec8 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -524,6 +524,13 @@ static void create_share_access_mask(connection_struct *conn, int snum)
MAXIMUM_ALLOWED_ACCESS,
&conn->share_access);
+ if (!CAN_WRITE(conn)) {
+ conn->share_access &=
+ ~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
+ SEC_DIR_DELETE_CHILD );
+ }
+
if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
conn->share_access |= SEC_FLAG_SYSTEM_SECURITY;
}