14215 – Requesting maximum allowed permission of file with DOS read-only attribute results in access denied error

Bug 14215 - Requesting maximum allowed permission of file with DOS read-only attribute results in access denied error

Summary: Requesting maximum allowed permission of file with DOS read-only attribute re...

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Ralph Böhme
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-12-12 13:57 UTC by Ralph Böhme
Modified:	2019-12-12 13:59 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ralph Böhme 2019-12-12 13:57:49 UTC

Steps to reproduce:

* create a file

* set RO DOS attribute on the file

* try to open the file requesting MAXIMUM_ALLOWED permissions

Result: NT_STATUS_ACCESS_DENIED

smbd trips over this in open_file_ntcreate():

        if (flags != O_RDONLY && file_existed &&
            (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
                DEBUG(5,("open_file_ntcreate: write access requested for "
                         "file %s on read only %s\n",
                         smb_fname_str_dbg(smb_fname),
                         !CAN_WRITE(conn) ? "share" : "file" ));
                errno = EACCES;
                return NT_STATUS_ACCESS_DENIED;
        }

I guess the problem is that smbd_calculate_maximum_allowed_access() doesn't take the RO attribute into account.

Found as part of MR review https://gitlab.com/samba-team/samba/merge_requests/982