diff options
author | Volker Lendecke <vl@samba.org> | 2012-09-26 15:26:35 -0700 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2012-09-28 09:23:07 +0200 |
commit | 569f63f60c6ada7e935aeec3ae797a2ecde5af21 (patch) | |
tree | 94b8c11db583ce2a46a2e8fb7d0154ba9c903948 | |
parent | b94c9a6aaa3b28a0685c480855f57b8bb732e973 (diff) | |
download | samba-569f63f60c6ada7e935aeec3ae797a2ecde5af21.tar.gz |
s3: For read-only shares, filter out write bits from conn->access_mask
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 54e5590cc1267e9c886bc9abd37d8a8eb33cf3f6)
The last 2 patches address bug #9217 - CreateFile with FILE_DIRECTORY_FILE can
create directories on read-only shares.
-rw-r--r-- | source3/smbd/service.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/smbd/service.c b/source3/smbd/service.c index b2d3d4ddc16..b74192cec87 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -524,6 +524,13 @@ static void create_share_access_mask(connection_struct *conn, int snum) MAXIMUM_ALLOWED_ACCESS, &conn->share_access); + if (!CAN_WRITE(conn)) { + conn->share_access &= + ~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | + SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE | + SEC_DIR_DELETE_CHILD ); + } + if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) { conn->share_access |= SEC_FLAG_SYSTEM_SECURITY; } |