From 4544c52fc432c4eb5ba45389519d00923d9698ca Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Wed, 26 Sep 2012 15:26:35 -0700
Subject: [PATCH] s3: For read-only shares, filter out write bits from
 conn->access_mask

Signed-off-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 27 02:51:42 CEST 2012 on sn-devel-104
---
 source3/smbd/service.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index b2d3d4ddc16..b74192cec87 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -524,6 +524,13 @@ static void create_share_access_mask(connection_struct *conn, int snum)
 			MAXIMUM_ALLOWED_ACCESS,
 			&conn->share_access);
 
+	if (!CAN_WRITE(conn)) {
+		conn->share_access &=
+			~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
+			  SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
+			  SEC_DIR_DELETE_CHILD );
+	}
+
 	if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
 		conn->share_access |= SEC_FLAG_SYSTEM_SECURITY;
 	}
-- 
2.11.4.GIT