diff options
author | Jeremy Allison <jra@samba.org> | 2009-05-30 13:28:03 -0700 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2009-08-10 18:01:34 +0200 |
commit | 724016d4a670e7cbbc2c127f9166fb8a6affcbb1 (patch) | |
tree | 99eb6bae37bd934ec4c3c92d8ff50a4ef5c8cca5 | |
parent | 59bae47f7953651cf4b46b23d06caf654b306153 (diff) | |
download | samba-724016d4a670e7cbbc2c127f9166fb8a6affcbb1.tar.gz samba-724016d4a670e7cbbc2c127f9166fb8a6affcbb1.tar.xz samba-724016d4a670e7cbbc2c127f9166fb8a6affcbb1.zip |
Fix bug #6421 - POSIX read-only open fails on read-only shares. The change to smbd/trans2.c opens up SETFILEINFO calls to POSIX_OPEN only. The change to first smbd/open.c closes 2 holes that would have been exposed by allowing POSIX_OPENS on readonly shares, and their ability to set arbitrary flags permutations. The O_CREAT -> O_CREAT|O_EXCL change removes an illegal combination (O_EXCL without O_CREAT) that previously was being passed down to the open syscall. Jeremy.
(cherry picked from commit 79f26472b4ae561ec00c30f31dd63ccab6dfc0c4)
(cherry picked from commit fedc34b47664439b0d066c087d9bfa5a34c81fff)
-rw-r--r-- | source/smbd/open.c | 6 | ||||
-rw-r--r-- | source/smbd/trans2.c | 14 |
2 files changed, 12 insertions, 8 deletions
diff --git a/source/smbd/open.c b/source/smbd/open.c index 535abcc26d6..8f45aabf6bb 100644 --- a/source/smbd/open.c +++ b/source/smbd/open.c @@ -250,7 +250,7 @@ static NTSTATUS open_file(files_struct *fsp, if (!CAN_WRITE(conn)) { /* It's a read-only share - fail if we wanted to write. */ - if(accmode != O_RDONLY) { + if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) { DEBUG(3,("Permission denied opening %s\n", path)); return NT_STATUS_ACCESS_DENIED; } else if(flags & O_CREAT) { @@ -258,8 +258,8 @@ static NTSTATUS open_file(files_struct *fsp, O_CREAT doesn't create the file if we have write access into the directory. */ - flags &= ~O_CREAT; - local_flags &= ~O_CREAT; + flags &= ~(O_CREAT|O_EXCL); + local_flags &= ~(O_CREAT|O_EXCL); } } diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index 9fe0513f1d3..7d587c021d5 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -6785,16 +6785,20 @@ static void call_trans2setfilepathinfo(connection_struct *conn, } } - if (!CAN_WRITE(conn)) { - reply_doserror(req, ERRSRV, ERRaccess); - return; - } - if (INFO_LEVEL_IS_UNIX(info_level) && !lp_unix_extensions()) { reply_nterror(req, NT_STATUS_INVALID_LEVEL); return; } + if (!CAN_WRITE(conn)) { + /* Allow POSIX opens. The open path will deny + * any non-readonly opens. */ + if (info_level != SMB_POSIX_PATH_OPEN) { + reply_doserror(req, ERRSRV, ERRaccess); + return; + } + } + DEBUG(3,("call_trans2setfilepathinfo(%d) %s (fnum %d) info_level=%d totdata=%d\n", tran_call,fname, fsp ? fsp->fnum : -1, info_level,total_data)); |