10789 – Unable to open a file for write if the file is not owned by the user but is writable by 'others'

Bug 10789 - Unable to open a file for write if the file is not owned by the user but is writable by 'others'

Summary: Unable to open a file for write if the file is not owned by the user but is w...

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	4.1.11
Hardware:	All All

Importance:	P5 major (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-08-27 18:32 UTC by YOUZHONG YANG
Modified:	2014-08-29 07:39 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description YOUZHONG YANG 2014-08-27 18:32:37 UTC

This is a regression in Samba 4. It works well in Samba 3.6.23.

Here is the C code which can be used to open a file for write:

#include <SDKDDKVer.h>
#include <Windows.h>
#include <stdio.h>
#include <tchar.h>
#include <conio.h>
#include <ctype.h>

int _tmain(int argc, _TCHAR* argv[])
{
	HANDLE hFile;

	if(argc <= 1) return 1;

	// Open the existing file.
	hFile = CreateFile(argv[1], 
		GENERIC_READ | GENERIC_WRITE, 
		FILE_SHARE_WRITE | FILE_SHARE_READ,
		NULL,                     
		OPEN_EXISTING,            
		FILE_ATTRIBUTE_NORMAL,    
		NULL);                    
	if (hFile == INVALID_HANDLE_VALUE)
	{
		printf("ERROR: CreateFile() = %d\n", GetLastError()); 
		return 1;
	}
	printf("File opened, press any key to exit ...\n");
	getch();
	CloseHandle(hFile);
	return 0;
}

Further investigation found that the smbd_check_access_rights() inside open_file() in source3/smbd/open.c returns ACCESS_DENIED error:

/* Can we access this file ? */
if (!fsp->base_fsp) {
	/* Only do this check on non-stream open. */
	if (file_existed) {
		status = smbd_check_access_rights(conn,
				smb_fname,
				false,
				access_mask);
	} else if (local_flags & O_CREAT){
		status = check_parent_access(conn,
				smb_fname, SEC_DIR_ADD_FILE);
	} else {
		/* File didn't exist and no O_CREAT. */
		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
	}
.
.
.
}