From 3db2b36e6340cd51b8e4c8eb031ceb53cef91fa3 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 26 Sep 2012 14:53:59 -0700 Subject: [PATCH 1/2] s3: Fix rejecting mkdir on read-only shares Signed-off-by: Jeremy Allison (cherry picked from commit 6351ed1ec4b93ef1d7b79bab0b92536d74693d2a) --- source3/smbd/open.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 101a9ba..03c1a18 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2782,7 +2782,7 @@ static NTSTATUS mkdir_internal(connection_struct *conn, bool need_re_stat = false; uint32_t access_mask = SEC_DIR_ADD_SUBDIR; - if(access_mask & ~(conn->share_access)) { + if (!CAN_WRITE(conn) || (access_mask & ~(conn->share_access))) { DEBUG(5,("mkdir_internal: failing share access " "%s\n", lp_servicename(talloc_tos(), SNUM(conn)))); return NT_STATUS_ACCESS_DENIED; -- 1.7.7.3 From 7805ce84a0c72638b34e70efbfa8fff24b97f9a5 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 26 Sep 2012 15:26:35 -0700 Subject: [PATCH 2/2] s3: For read-only shares, filter out write bits from conn->access_mask Signed-off-by: Jeremy Allison (cherry picked from commit 54e5590cc1267e9c886bc9abd37d8a8eb33cf3f6) --- source3/smbd/service.c | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/source3/smbd/service.c b/source3/smbd/service.c index b2d3d4d..b74192c 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -524,6 +524,13 @@ static void create_share_access_mask(connection_struct *conn, int snum) MAXIMUM_ALLOWED_ACCESS, &conn->share_access); + if (!CAN_WRITE(conn)) { + conn->share_access &= + ~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | + SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE | + SEC_DIR_DELETE_CHILD ); + } + if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) { conn->share_access |= SEC_FLAG_SYSTEM_SECURITY; } -- 1.7.7.3