summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/ntvfs/posix/pvfs_open.c11
-rw-r--r--source4/torture/smb2/create.c8
2 files changed, 16 insertions, 3 deletions
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c
index 328f064a57..739c127b98 100644
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -565,6 +565,10 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs,
if (io->ntcreatex.in.file_attr & ~FILE_ATTRIBUTE_ALL_MASK) {
return NT_STATUS_INVALID_PARAMETER;
}
+
+ if (io->ntcreatex.in.file_attr & FILE_ATTRIBUTE_ENCRYPTED) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
if ((io->ntcreatex.in.file_attr & FILE_ATTRIBUTE_READONLY) &&
(create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE)) {
@@ -1147,7 +1151,12 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
return NT_STATUS_INVALID_PARAMETER;
}
- if (access_mask & (SEC_MASK_INVALID | SEC_STD_SYNCHRONIZE)) {
+ if (access_mask & SEC_MASK_INVALID) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ if (req->ctx->protocol == PROTOCOL_SMB2 &&
+ (access_mask & SEC_STD_SYNCHRONIZE)) {
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c
index 0d8e4aefec..3cc825bd62 100644
--- a/source4/torture/smb2/create.c
+++ b/source4/torture/smb2/create.c
@@ -51,7 +51,7 @@ bool torture_smb2_create_gentest(struct torture_context *torture, struct smb2_tr
struct smb2_create io;
NTSTATUS status;
TALLOC_CTX *tmp_ctx = talloc_new(tree);
- uint32_t access_mask, file_attributes;
+ uint32_t access_mask, file_attributes, denied_mask;
ZERO_STRUCT(io);
io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
@@ -130,6 +130,7 @@ bool torture_smb2_create_gentest(struct torture_context *torture, struct smb2_tr
io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
io.in.file_attributes = 0;
access_mask = 0;
+ denied_mask = 0;
{
int i;
for (i=0;i<32;i++) {
@@ -138,6 +139,8 @@ bool torture_smb2_create_gentest(struct torture_context *torture, struct smb2_tr
status = smb2_create(tree, tmp_ctx, &io);
if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
file_attributes |= io.in.file_attributes;
+ } else if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ denied_mask |= io.in.file_attributes;
} else {
CHECK_STATUS(status, NT_STATUS_OK);
status = smb2_util_close(tree, io.out.file.handle);
@@ -146,7 +149,8 @@ bool torture_smb2_create_gentest(struct torture_context *torture, struct smb2_tr
}
}
- CHECK_EQUAL(file_attributes, 0x0df0fe00);
+ CHECK_EQUAL(file_attributes, 0xffff87c8);
+ CHECK_EQUAL(denied_mask, 0x4000);
talloc_free(tmp_ctx);