smbd: Only check dev/inode in open_directory, not the full stat()

This is needed because the smb2.create.mkdir-dup test creates a race,
and against an AD DC this can cause a flapping test if the lstat() and
stat() calls are made either side of the chown() due to creation of a
file by administrator.

Fix based on original patches by myself, by Douglas Bagnall
<douglas.bagnall@catalyst.net.nz>.  and Jeremy Allison <jra@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11780

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar 12 09:43:21 CET 2016 on sn-devel-144

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index baebd7c5f2bfee16214904f918cbc96e60d3ffbc..e5503f57f36103a42f066b3caa425cee73372051 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3635,8 +3635,18 @@ static NTSTATUS open_directory(connection_struct *conn,
                return status;
        }
 
-       /* Ensure there was no race condition. */
-       if (!check_same_stat(&smb_dname->st, &fsp->fsp_name->st)) {
+       if(!S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
+               DEBUG(5,("open_directory: %s is not a directory !\n",
+                        smb_fname_str_dbg(smb_dname)));
+                fd_close(fsp);
+                file_free(req, fsp);
+               return NT_STATUS_NOT_A_DIRECTORY;
+       }
+
+       /* Ensure there was no race condition.  We need to check
+        * dev/inode but not permissions, as these can change
+        * legitimately */
+       if (!check_same_dev_ino(&smb_dname->st, &fsp->fsp_name->st)) {
                DEBUG(5,("open_directory: stat struct differs for "
                        "directory %s.\n",
                        smb_fname_str_dbg(smb_dname)));