r3387: fixed pvfs to pass the NTDENY tests. The tricky bit was

SA_RIGHT_FILE_EXECUTE, which depends on a flags2 bit
(This used to be commit c36851d230bcf552ed79322f8358060ab164ec09)

6 files changed, 33 insertions, 22 deletions

diff --git a/source4/include/smb.h b/source4/include/smb.h
index b36c2a8708..623316087c 100644
--- a/source4/include/smb.h
+++ b/source4/include/smb.h
@@ -503,7 +503,7 @@ typedef struct nt_user_token {
 #define FLAGS2_IS_LONG_NAME            0x0040
 #define FLAGS2_EXTENDED_SECURITY       0x0800 
 #define FLAGS2_DFS_PATHNAMES           0x1000
-#define FLAGS2_READ_PERMIT_NO_EXECUTE  0x2000
+#define FLAGS2_READ_PERMIT_EXECUTE     0x2000
 #define FLAGS2_32_BIT_ERROR_CODES      0x4000 
 #define FLAGS2_UNICODE_STRINGS         0x8000
 
diff --git a/source4/ntvfs/common/opendb.c b/source4/ntvfs/common/opendb.c
index dfb1177eae..5dc68e5382 100644
--- a/source4/ntvfs/common/opendb.c
+++ b/source4/ntvfs/common/opendb.c
@@ -154,20 +154,24 @@ static BOOL share_conflict(struct odb_entry *e1, struct odb_entry *e2)
 
 	/* if either open involves no read.write or delete access then
 	   it can't conflict */
-	if (!(e1->access_mask & (SA_RIGHT_FILE_WRITE_DATA | 
+	if (!(e1->access_mask & (SA_RIGHT_FILE_WRITE_APPEND | 
 				 SA_RIGHT_FILE_READ_EXEC | 
 				 STD_RIGHT_DELETE_ACCESS))) {
 		return False;
 	}
-	if (!(e2->access_mask & (SA_RIGHT_FILE_WRITE_DATA | 
+	if (!(e2->access_mask & (SA_RIGHT_FILE_WRITE_APPEND | 
 				 SA_RIGHT_FILE_READ_EXEC | 
 				 STD_RIGHT_DELETE_ACCESS))) {
 		return False;
 	}
 
 	/* check the basic share access */
-	CHECK_MASK(e1->access_mask, e2->share_access, SA_RIGHT_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE);
-	CHECK_MASK(e2->access_mask, e1->share_access, SA_RIGHT_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE);
+	CHECK_MASK(e1->access_mask, e2->share_access, 
+		   SA_RIGHT_FILE_WRITE_APPEND, 
+		   NTCREATEX_SHARE_ACCESS_WRITE);
+	CHECK_MASK(e2->access_mask, e1->share_access, 
+		   SA_RIGHT_FILE_WRITE_APPEND, 
+		   NTCREATEX_SHARE_ACCESS_WRITE);
 
 	CHECK_MASK(e1->access_mask, e2->share_access, 
 		   SA_RIGHT_FILE_READ_EXEC, 
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c
index 346b1420e3..bfaa7bf5a1 100644
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -290,9 +290,9 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs,
 	}
 
 	if ((access_mask & SA_RIGHT_FILE_READ_EXEC) &&
-	    (access_mask & SA_RIGHT_FILE_WRITE_DATA)) {
+	    (access_mask & SA_RIGHT_FILE_WRITE_APPEND)) {
 		flags = O_RDWR;
-	} else if (access_mask & SA_RIGHT_FILE_WRITE_DATA) {
+	} else if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
 		flags = O_WRONLY;
 	} else {
 		flags = O_RDONLY;
@@ -491,9 +491,9 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
 	}
 
 	if ((access_mask & SA_RIGHT_FILE_READ_EXEC) &&
-	    (access_mask & SA_RIGHT_FILE_WRITE_DATA)) {
+	    (access_mask & SA_RIGHT_FILE_WRITE_APPEND)) {
 		flags |= O_RDWR;
-	} else if (access_mask & SA_RIGHT_FILE_WRITE_DATA) {
+	} else if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
 		flags |= O_WRONLY;
 	} else {
 		flags |= O_RDONLY;
diff --git a/source4/ntvfs/posix/pvfs_read.c b/source4/ntvfs/posix/pvfs_read.c
index 734134368d..1f89f01a03 100644
--- a/source4/ntvfs/posix/pvfs_read.c
+++ b/source4/ntvfs/posix/pvfs_read.c
@@ -34,6 +34,7 @@ NTSTATUS pvfs_read(struct ntvfs_module_context *ntvfs,
 	struct pvfs_file *f;
 	NTSTATUS status;
 	uint32_t maxcnt;
+	uint32_t mask;
 
 	if (rd->generic.level != RAW_READ_READX) {
 		return ntvfs_map_read(req, rd, ntvfs);
@@ -48,8 +49,12 @@ NTSTATUS pvfs_read(struct ntvfs_module_context *ntvfs,
 		return NT_STATUS_FILE_IS_A_DIRECTORY;
 	}
 
-	if (!(f->access_mask & SA_RIGHT_FILE_READ_EXEC)) {
-		return NT_STATUS_ACCESS_VIOLATION;
+	mask = SA_RIGHT_FILE_READ_DATA;
+	if (req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) {
+		mask |= SA_RIGHT_FILE_EXECUTE;
+	}
+	if (!(f->access_mask & mask)) {
+		return NT_STATUS_ACCESS_DENIED;
 	}
 
 	maxcnt = rd->readx.in.maxcnt;
diff --git a/source4/ntvfs/posix/pvfs_write.c b/source4/ntvfs/posix/pvfs_write.c
index 235a21882a..018f43e6d0 100644
--- a/source4/ntvfs/posix/pvfs_write.c
+++ b/source4/ntvfs/posix/pvfs_write.c
@@ -48,7 +48,7 @@ NTSTATUS pvfs_write(struct ntvfs_module_context *ntvfs,
 		return NT_STATUS_FILE_IS_A_DIRECTORY;
 	}
 
-	if (!(f->access_mask & SA_RIGHT_FILE_WRITE_DATA)) {
+	if (!(f->access_mask & SA_RIGHT_FILE_WRITE_APPEND)) {
 		return NT_STATUS_ACCESS_VIOLATION;
 	}
 
diff --git a/source4/torture/basic/denytest.c b/source4/torture/basic/denytest.c
index 32f44044cc..8dc6118b7d 100644
--- a/source4/torture/basic/denytest.c
+++ b/source4/torture/basic/denytest.c
@@ -1773,24 +1773,27 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c
 	union smb_open io1, io2;
 	extern int torture_numops;
 	int failures = 0;
+	char buf[1];
 
-	fname = talloc_asprintf(cli1, "\\ntdeny_%d.dat", client);
+	ZERO_STRUCT(buf);
+
+	fname = talloc_asprintf(cli1, "\\ntdeny_%d.dll", client);
 
 	smbcli_unlink(cli1->tree, fname);
 	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
-	smbcli_write(cli1->tree, fnum1, 0, fname, 0, strlen(fname));
+	smbcli_write(cli1->tree, fnum1, 0, buf, 0, sizeof(buf));
 	smbcli_close(cli1->tree, fnum1);
 
 	GetTimeOfDay(&tv_start);
 
 	io1.ntcreatex.level = RAW_OPEN_NTCREATEX;
 	io1.ntcreatex.in.root_fid = 0;
-	io1.ntcreatex.in.flags = 0;
-	io1.ntcreatex.in.create_options = 0;
-	io1.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io1.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	io1.ntcreatex.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io1.ntcreatex.in.file_attr = 0;
 	io1.ntcreatex.in.alloc_size = 0;
 	io1.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
-	io1.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io1.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION;
 	io1.ntcreatex.in.security_flags = 0;
 	io1.ntcreatex.in.fname = fname;
 	io2 = io1;
@@ -1814,7 +1817,7 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c
 		
 		io2.ntcreatex.in.share_access = map_bits(share_access_bits, b_sa2, nbits1);
 		io2.ntcreatex.in.access_mask  = map_bits(access_mask_bits,  b_am2, nbits2);
-		
+
 		status1 = smb_raw_open(cli1->tree, mem_ctx, &io1);
 		status2 = smb_raw_open(cli2->tree, mem_ctx, &io2);
 		
@@ -1823,14 +1826,13 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c
 		} else if (!NT_STATUS_IS_OK(status2)) {
 			res = A_0;
 		} else {
-			char x = 1;
 			res = A_0;
 			if (smbcli_read(cli2->tree, 
-					io2.ntcreatex.out.fnum, (void *)&x, 0, 1) == 1) {
+					io2.ntcreatex.out.fnum, (void *)buf, 0, sizeof(buf)) >= 1) {
 				res += A_R;
 			}
 			if (smbcli_write(cli2->tree, 
-					 io2.ntcreatex.out.fnum, 0, (void *)&x, 0, 1) == 1) {
+					 io2.ntcreatex.out.fnum, 0, (void *)buf, 0, sizeof(buf)) >= 1) {
 				res += A_W;
 			}
 		}