Fix bug #6421 - POSIX read-only open fails on read-only shares.

The change to smbd/trans2.c opens up
SETFILEINFO calls to POSIX_OPEN only. The change to first smbd/open.c closes 2
holes that would have been exposed by allowing POSIX_OPENS on readonly shares,
and their ability to set arbitrary flags permutations. The O_CREAT ->
O_CREAT|O_EXCL change removes an illegal combination (O_EXCL without O_CREAT)
that previously was being passed down to the open syscall.
Jeremy.
(cherry picked from commit d49ae9c87d182f32702a0b6a1cc2a2038f31d81d)

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 3578f2ac60d42754a14c747258895073e89f3735..a721c586437b149d6b5f1f63cfc657cba0a76fb7 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -346,7 +346,7 @@ static NTSTATUS open_file(files_struct *fsp,
 
        if (!CAN_WRITE(conn)) {
                /* It's a read-only share - fail if we wanted to write. */
-               if(accmode != O_RDONLY) {
+               if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) {
                        DEBUG(3,("Permission denied opening %s\n", path));
                        return NT_STATUS_ACCESS_DENIED;
                } else if(flags & O_CREAT) {
@@ -354,8 +354,8 @@ static NTSTATUS open_file(files_struct *fsp,
                           O_CREAT doesn't create the file if we have write
                           access into the directory.
                        */
-                       flags &= ~O_CREAT;
-                       local_flags &= ~O_CREAT;
+                       flags &= ~(O_CREAT|O_EXCL);
+                       local_flags &= ~(O_CREAT|O_EXCL);
                }
        }
 

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 4eb44e3df459da98f55f1da35f92cfc1d499159c..931b7df4bca29a66258dd9959a62169e2aa9498f 100644 (file)
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -6840,16 +6840,20 @@ static void call_trans2setfilepathinfo(connection_struct *conn,
                }
        }
 
-       if (!CAN_WRITE(conn)) {
-               reply_doserror(req, ERRSRV, ERRaccess);
-               return;
-       }
-
        if (INFO_LEVEL_IS_UNIX(info_level) && !lp_unix_extensions()) {
                reply_nterror(req, NT_STATUS_INVALID_LEVEL);
                return;
        }
 
+       if (!CAN_WRITE(conn)) {
+               /* Allow POSIX opens. The open path will deny
+                * any non-readonly opens. */
+               if (info_level != SMB_POSIX_PATH_OPEN) {
+                       reply_doserror(req, ERRSRV, ERRaccess);
+                       return;
+               }
+       }
+
        DEBUG(3,("call_trans2setfilepathinfo(%d) %s (fnum %d) info_level=%d totdata=%d\n",
                tran_call,fname, fsp ? fsp->fnum : -1, info_level,total_data));