It goes like this: - create file and open read-only with FILE_SHARE_READ - second read-only open with OVERWRITE disposition and FILE_SHARE_READ Against Windows the second open fails with STATUS_SHARING_VIOLATION. Against Samba the second open works. This is simlar to bug 15439 where we fixed this problem for the SD filesystem check. Luckily this time there's no escalation of privileges and the fix is to also use open_access_mask, which includes WRITE_DATA access mapped from the OVERWRITE disposition, for the sharemode checks. Have patch, need bugnumber.
This bug was referenced in samba master: f88e52a6f487a216dbb805fabc08e862abb9b643 4591f27ca81dff997ef7474565fc9c373abfa4a9 849afe05ade140898b1eab9b28d46edc8357c844 6140c3177a0330f42411618c3fca28930ea02a21
Created attachment 18478 [details] Patch for 4.20 and 4.21 cherry-picked from master
The fix in master is missing the following for directories --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -5487,6 +5487,7 @@ static NTSTATUS open_directory(connection_struct *conn, .req = req, .create_disposition = create_disposition, .access_mask = access_mask, + .open_access_mask = access_mask, .share_access = share_access, .oplock_request = oplock_request, .lease = lease,
https://gitlab.com/samba-team/samba/-/merge_requests/3845
This bug was referenced in samba master: fdd133ae650d13cb457f7e7529f3bb6df47d8cee
Created attachment 18489 [details] Patch for 4.21 and 4.20 cherry-picked from master
Pushed to autobuild-v4-{21,20}-test.
This bug was referenced in samba v4-20-test: d61855266933ab972c0c3b8db12353baa399f0aa dca5bd464ddc75e21557e9f4749e533ffa1b3d01 2c7f99a68c078b24d367e6d9a7b2359c5bbfe3fb 3572ffa6c5d11a2d07f3a5ae158e8f9860f34cf6 6bcccb5c7beafe2866efe746dad8f1a2a6dd5b2f
This bug was referenced in samba v4-21-test: a2ee15f58deca9882a330901b291c46a4d354b69 88caf2c0911fc237307e47c6fd8f4e32519947ca 66c09de1f30104f36a98893936ac8bf213bcb2bf 5c3e5377fe6a9ea3890e030fe36af274dc6c8357 a7ea9b5026f9f8ba55a0a296c116c1bc857c1260
Closing out bug report. Thanks!
This bug was referenced in samba v4-20-stable (Release samba-4.20.6): d61855266933ab972c0c3b8db12353baa399f0aa dca5bd464ddc75e21557e9f4749e533ffa1b3d01 2c7f99a68c078b24d367e6d9a7b2359c5bbfe3fb 3572ffa6c5d11a2d07f3a5ae158e8f9860f34cf6 6bcccb5c7beafe2866efe746dad8f1a2a6dd5b2f
This bug was referenced in samba v4-21-stable (Release samba-4.21.2): a2ee15f58deca9882a330901b291c46a4d354b69 88caf2c0911fc237307e47c6fd8f4e32519947ca 66c09de1f30104f36a98893936ac8bf213bcb2bf 5c3e5377fe6a9ea3890e030fe36af274dc6c8357 a7ea9b5026f9f8ba55a0a296c116c1bc857c1260