From 6e265867ff8869254820e8af954c8f1316b05d39 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 27 May 2008 14:30:42 +1000 Subject: SEC_STD_SYNCHRONIZE is only invalid on SMB2 (This used to be commit 067f1271adaa13d537bbc92b19fe8d633cbaaf50) --- source4/ntvfs/posix/pvfs_open.c | 11 ++++++++++- source4/torture/smb2/create.c | 8 ++++++-- 2 files changed, 16 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c index 328f064a57..739c127b98 100644 --- a/source4/ntvfs/posix/pvfs_open.c +++ b/source4/ntvfs/posix/pvfs_open.c @@ -565,6 +565,10 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs, if (io->ntcreatex.in.file_attr & ~FILE_ATTRIBUTE_ALL_MASK) { return NT_STATUS_INVALID_PARAMETER; } + + if (io->ntcreatex.in.file_attr & FILE_ATTRIBUTE_ENCRYPTED) { + return NT_STATUS_ACCESS_DENIED; + } if ((io->ntcreatex.in.file_attr & FILE_ATTRIBUTE_READONLY) && (create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE)) { @@ -1147,7 +1151,12 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, return NT_STATUS_INVALID_PARAMETER; } - if (access_mask & (SEC_MASK_INVALID | SEC_STD_SYNCHRONIZE)) { + if (access_mask & SEC_MASK_INVALID) { + return NT_STATUS_ACCESS_DENIED; + } + + if (req->ctx->protocol == PROTOCOL_SMB2 && + (access_mask & SEC_STD_SYNCHRONIZE)) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c index 0d8e4aefec..3cc825bd62 100644 --- a/source4/torture/smb2/create.c +++ b/source4/torture/smb2/create.c @@ -51,7 +51,7 @@ bool torture_smb2_create_gentest(struct torture_context *torture, struct smb2_tr struct smb2_create io; NTSTATUS status; TALLOC_CTX *tmp_ctx = talloc_new(tree); - uint32_t access_mask, file_attributes; + uint32_t access_mask, file_attributes, denied_mask; ZERO_STRUCT(io); io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED; @@ -130,6 +130,7 @@ bool torture_smb2_create_gentest(struct torture_context *torture, struct smb2_tr io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED; io.in.file_attributes = 0; access_mask = 0; + denied_mask = 0; { int i; for (i=0;i<32;i++) { @@ -138,6 +139,8 @@ bool torture_smb2_create_gentest(struct torture_context *torture, struct smb2_tr status = smb2_create(tree, tmp_ctx, &io); if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) { file_attributes |= io.in.file_attributes; + } else if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + denied_mask |= io.in.file_attributes; } else { CHECK_STATUS(status, NT_STATUS_OK); status = smb2_util_close(tree, io.out.file.handle); @@ -146,7 +149,8 @@ bool torture_smb2_create_gentest(struct torture_context *torture, struct smb2_tr } } - CHECK_EQUAL(file_attributes, 0x0df0fe00); + CHECK_EQUAL(file_attributes, 0xffff87c8); + CHECK_EQUAL(denied_mask, 0x4000); talloc_free(tmp_ctx); -- cgit