Ensure the CAN_WRITE is checked and prevents O_CREAT and O_TRUNC from

being set. Also prevent an open on a file on a readonly share from
setting delete on close.
Jeremy.
(This used to be commit 1f3dcd99bdd36cd3ff492394e80c3e2037a9aa48)

2 files changed, 11 insertions, 2 deletions

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 487a8a71a8..1e34e0c9fe 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -683,10 +683,10 @@ files_struct *open_file_shared(connection_struct *conn,char *fname, SMB_STRUCT_S
 		return NULL;
 	}
       
-	if (GET_FILE_CREATE_DISPOSITION(ofun) == FILE_CREATE_IF_NOT_EXIST)
+	if (CAN_WRITE(conn) && (GET_FILE_CREATE_DISPOSITION(ofun) == FILE_CREATE_IF_NOT_EXIST))
 		flags2 |= O_CREAT;
 
-	if (GET_FILE_OPEN_DISPOSITION(ofun) == FILE_EXISTS_TRUNCATE)
+	if (CAN_WRITE(conn) && (GET_FILE_OPEN_DISPOSITION(ofun) == FILE_EXISTS_TRUNCATE))
 		flags2 |= O_TRUNC;
 
 	if (GET_FILE_OPEN_DISPOSITION(ofun) == FILE_EXISTS_FAIL)
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 0e13d8d87a..aaa5aade97 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -1680,6 +1680,15 @@ static int call_trans2qfilepathinfo(connection_struct *conn,
 NTSTATUS set_delete_on_close_internal(files_struct *fsp, BOOL delete_on_close)
 {
 	/*
+	 * Only allow delete on close for writable shares.
+	 */
+
+	if (delete_on_close && !CAN_WRITE(fsp->conn)) {
+		DEBUG(10,("set_delete_on_close_internal: file %s delete on close flag set but write access denied on share.\n",
+				fsp->fsp_name ));
+				return NT_STATUS_ACCESS_DENIED;
+	}
+	/*
 	 * Only allow delete on close for files/directories opened with delete intent.
 	 */