summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/include/smb.h2
-rw-r--r--source4/ntvfs/common/opendb.c12
-rw-r--r--source4/ntvfs/posix/pvfs_open.c8
-rw-r--r--source4/ntvfs/posix/pvfs_read.c9
-rw-r--r--source4/ntvfs/posix/pvfs_write.c2
-rw-r--r--source4/torture/basic/denytest.c22
6 files changed, 33 insertions, 22 deletions
diff --git a/source4/include/smb.h b/source4/include/smb.h
index b36c2a8708..623316087c 100644
--- a/source4/include/smb.h
+++ b/source4/include/smb.h
@@ -503,7 +503,7 @@ typedef struct nt_user_token {
#define FLAGS2_IS_LONG_NAME 0x0040
#define FLAGS2_EXTENDED_SECURITY 0x0800
#define FLAGS2_DFS_PATHNAMES 0x1000
-#define FLAGS2_READ_PERMIT_NO_EXECUTE 0x2000
+#define FLAGS2_READ_PERMIT_EXECUTE 0x2000
#define FLAGS2_32_BIT_ERROR_CODES 0x4000
#define FLAGS2_UNICODE_STRINGS 0x8000
diff --git a/source4/ntvfs/common/opendb.c b/source4/ntvfs/common/opendb.c
index dfb1177eae..5dc68e5382 100644
--- a/source4/ntvfs/common/opendb.c
+++ b/source4/ntvfs/common/opendb.c
@@ -154,20 +154,24 @@ static BOOL share_conflict(struct odb_entry *e1, struct odb_entry *e2)
/* if either open involves no read.write or delete access then
it can't conflict */
- if (!(e1->access_mask & (SA_RIGHT_FILE_WRITE_DATA |
+ if (!(e1->access_mask & (SA_RIGHT_FILE_WRITE_APPEND |
SA_RIGHT_FILE_READ_EXEC |
STD_RIGHT_DELETE_ACCESS))) {
return False;
}
- if (!(e2->access_mask & (SA_RIGHT_FILE_WRITE_DATA |
+ if (!(e2->access_mask & (SA_RIGHT_FILE_WRITE_APPEND |
SA_RIGHT_FILE_READ_EXEC |
STD_RIGHT_DELETE_ACCESS))) {
return False;
}
/* check the basic share access */
- CHECK_MASK(e1->access_mask, e2->share_access, SA_RIGHT_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE);
- CHECK_MASK(e2->access_mask, e1->share_access, SA_RIGHT_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE);
+ CHECK_MASK(e1->access_mask, e2->share_access,
+ SA_RIGHT_FILE_WRITE_APPEND,
+ NTCREATEX_SHARE_ACCESS_WRITE);
+ CHECK_MASK(e2->access_mask, e1->share_access,
+ SA_RIGHT_FILE_WRITE_APPEND,
+ NTCREATEX_SHARE_ACCESS_WRITE);
CHECK_MASK(e1->access_mask, e2->share_access,
SA_RIGHT_FILE_READ_EXEC,
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c
index 346b1420e3..bfaa7bf5a1 100644
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -290,9 +290,9 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs,
}
if ((access_mask & SA_RIGHT_FILE_READ_EXEC) &&
- (access_mask & SA_RIGHT_FILE_WRITE_DATA)) {
+ (access_mask & SA_RIGHT_FILE_WRITE_APPEND)) {
flags = O_RDWR;
- } else if (access_mask & SA_RIGHT_FILE_WRITE_DATA) {
+ } else if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
flags = O_WRONLY;
} else {
flags = O_RDONLY;
@@ -491,9 +491,9 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
}
if ((access_mask & SA_RIGHT_FILE_READ_EXEC) &&
- (access_mask & SA_RIGHT_FILE_WRITE_DATA)) {
+ (access_mask & SA_RIGHT_FILE_WRITE_APPEND)) {
flags |= O_RDWR;
- } else if (access_mask & SA_RIGHT_FILE_WRITE_DATA) {
+ } else if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
flags |= O_WRONLY;
} else {
flags |= O_RDONLY;
diff --git a/source4/ntvfs/posix/pvfs_read.c b/source4/ntvfs/posix/pvfs_read.c
index 734134368d..1f89f01a03 100644
--- a/source4/ntvfs/posix/pvfs_read.c
+++ b/source4/ntvfs/posix/pvfs_read.c
@@ -34,6 +34,7 @@ NTSTATUS pvfs_read(struct ntvfs_module_context *ntvfs,
struct pvfs_file *f;
NTSTATUS status;
uint32_t maxcnt;
+ uint32_t mask;
if (rd->generic.level != RAW_READ_READX) {
return ntvfs_map_read(req, rd, ntvfs);
@@ -48,8 +49,12 @@ NTSTATUS pvfs_read(struct ntvfs_module_context *ntvfs,
return NT_STATUS_FILE_IS_A_DIRECTORY;
}
- if (!(f->access_mask & SA_RIGHT_FILE_READ_EXEC)) {
- return NT_STATUS_ACCESS_VIOLATION;
+ mask = SA_RIGHT_FILE_READ_DATA;
+ if (req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) {
+ mask |= SA_RIGHT_FILE_EXECUTE;
+ }
+ if (!(f->access_mask & mask)) {
+ return NT_STATUS_ACCESS_DENIED;
}
maxcnt = rd->readx.in.maxcnt;
diff --git a/source4/ntvfs/posix/pvfs_write.c b/source4/ntvfs/posix/pvfs_write.c
index 235a21882a..018f43e6d0 100644
--- a/source4/ntvfs/posix/pvfs_write.c
+++ b/source4/ntvfs/posix/pvfs_write.c
@@ -48,7 +48,7 @@ NTSTATUS pvfs_write(struct ntvfs_module_context *ntvfs,
return NT_STATUS_FILE_IS_A_DIRECTORY;
}
- if (!(f->access_mask & SA_RIGHT_FILE_WRITE_DATA)) {
+ if (!(f->access_mask & SA_RIGHT_FILE_WRITE_APPEND)) {
return NT_STATUS_ACCESS_VIOLATION;
}
diff --git a/source4/torture/basic/denytest.c b/source4/torture/basic/denytest.c
index 32f44044cc..8dc6118b7d 100644
--- a/source4/torture/basic/denytest.c
+++ b/source4/torture/basic/denytest.c
@@ -1773,24 +1773,27 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c
union smb_open io1, io2;
extern int torture_numops;
int failures = 0;
+ char buf[1];
- fname = talloc_asprintf(cli1, "\\ntdeny_%d.dat", client);
+ ZERO_STRUCT(buf);
+
+ fname = talloc_asprintf(cli1, "\\ntdeny_%d.dll", client);
smbcli_unlink(cli1->tree, fname);
fnum1 = smbcli_open(cli1->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
- smbcli_write(cli1->tree, fnum1, 0, fname, 0, strlen(fname));
+ smbcli_write(cli1->tree, fnum1, 0, buf, 0, sizeof(buf));
smbcli_close(cli1->tree, fnum1);
GetTimeOfDay(&tv_start);
io1.ntcreatex.level = RAW_OPEN_NTCREATEX;
io1.ntcreatex.in.root_fid = 0;
- io1.ntcreatex.in.flags = 0;
- io1.ntcreatex.in.create_options = 0;
- io1.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+ io1.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+ io1.ntcreatex.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+ io1.ntcreatex.in.file_attr = 0;
io1.ntcreatex.in.alloc_size = 0;
io1.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
- io1.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+ io1.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION;
io1.ntcreatex.in.security_flags = 0;
io1.ntcreatex.in.fname = fname;
io2 = io1;
@@ -1814,7 +1817,7 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c
io2.ntcreatex.in.share_access = map_bits(share_access_bits, b_sa2, nbits1);
io2.ntcreatex.in.access_mask = map_bits(access_mask_bits, b_am2, nbits2);
-
+
status1 = smb_raw_open(cli1->tree, mem_ctx, &io1);
status2 = smb_raw_open(cli2->tree, mem_ctx, &io2);
@@ -1823,14 +1826,13 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c
} else if (!NT_STATUS_IS_OK(status2)) {
res = A_0;
} else {
- char x = 1;
res = A_0;
if (smbcli_read(cli2->tree,
- io2.ntcreatex.out.fnum, (void *)&x, 0, 1) == 1) {
+ io2.ntcreatex.out.fnum, (void *)buf, 0, sizeof(buf)) >= 1) {
res += A_R;
}
if (smbcli_write(cli2->tree,
- io2.ntcreatex.out.fnum, 0, (void *)&x, 0, 1) == 1) {
+ io2.ntcreatex.out.fnum, 0, (void *)buf, 0, sizeof(buf)) >= 1) {
res += A_W;
}
}