s3: For read-only shares, filter out write bits from conn->access_mask

Signed-off-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 54e5590cc1267e9c886bc9abd37d8a8eb33cf3f6) The last 2 patches address bug #9217 - CreateFile with FILE_DIRECTORY_FILE can create directories on read-only shares.
author: Volker Lendecke <vl@samba.org> 2012-09-26 15:26:35 -0700
committer: Karolin Seeger <kseeger@samba.org> 2012-09-28 09:23:07 +0200
commit: 569f63f60c6ada7e935aeec3ae797a2ecde5af21 (patch)
tree: 94b8c11db583ce2a46a2e8fb7d0154ba9c903948
parent: b94c9a6aaa3b28a0685c480855f57b8bb732e973 (diff)
download: samba-569f63f60c6ada7e935aeec3ae797a2ecde5af21.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index b2d3d4ddc16..b74192cec87 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -524,6 +524,13 @@ static void create_share_access_mask(connection_struct *conn, int snum)
 			MAXIMUM_ALLOWED_ACCESS,
 			&conn->share_access);
 
+	if (!CAN_WRITE(conn)) {
+		conn->share_access &=
+			~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
+			  SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
+			  SEC_DIR_DELETE_CHILD );
+	}
+
 	if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
 		conn->share_access |= SEC_FLAG_SYSTEM_SECURITY;
 	}
author	Volker Lendecke <vl@samba.org>	2012-09-26 15:26:35 -0700
committer	Karolin Seeger <kseeger@samba.org>	2012-09-28 09:23:07 +0200
commit	569f63f60c6ada7e935aeec3ae797a2ecde5af21 (patch)
tree	94b8c11db583ce2a46a2e8fb7d0154ba9c903948
parent	b94c9a6aaa3b28a0685c480855f57b8bb732e973 (diff)
download	samba-569f63f60c6ada7e935aeec3ae797a2ecde5af21.tar.gz