If the client requested FILE_OVERWRITE[_IF], we're implicitly adding
FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the
access check we're using access_mask which doesn't contain the additional
right, which means we can end up truncating a file for which the user has
only read-only access via an SD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
Signed-off-by: Ralph Boehme <slow@samba.org>
+++ /dev/null
-^samba3.smb2.acls.OVERWRITE_READ_ONLY_FILE
dirfsp,
fsp,
false,
- access_mask);
+ open_access_mask);
if (!NT_STATUS_IS_OK(status)) {
DBG_DEBUG("smbd_check_access_rights_fsp"
status = smbd_check_access_rights_fsp(dirfsp,
fsp,
false,
- access_mask);
+ open_access_mask);
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
posix_open &&