SEC_STD_SYNCHRONIZE is only invalid on SMB2
authorAndrew Tridgell <tridge@samba.org>
Tue, 27 May 2008 04:30:42 +0000 (14:30 +1000)
committerAndrew Tridgell <tridge@samba.org>
Tue, 27 May 2008 04:30:42 +0000 (14:30 +1000)
source/ntvfs/posix/pvfs_open.c
source/torture/smb2/create.c

index 328f064a573a0cde1bcc51b57f6c701ebda5f615..739c127b985bb0077e2627e3c32f1f264faa1873 100644 (file)
@@ -565,6 +565,10 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs,
        if (io->ntcreatex.in.file_attr & ~FILE_ATTRIBUTE_ALL_MASK) {
                return NT_STATUS_INVALID_PARAMETER;
        }
+
+       if (io->ntcreatex.in.file_attr & FILE_ATTRIBUTE_ENCRYPTED) {
+               return NT_STATUS_ACCESS_DENIED;
+       }
            
        if ((io->ntcreatex.in.file_attr & FILE_ATTRIBUTE_READONLY) &&
            (create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE)) {
@@ -1147,7 +1151,12 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
                return NT_STATUS_INVALID_PARAMETER;
        }
 
-       if (access_mask & (SEC_MASK_INVALID | SEC_STD_SYNCHRONIZE)) {
+       if (access_mask & SEC_MASK_INVALID) {
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
+       if (req->ctx->protocol == PROTOCOL_SMB2 &&
+           (access_mask & SEC_STD_SYNCHRONIZE)) {
                return NT_STATUS_ACCESS_DENIED;
        }
 
index 0d8e4aefecd9021f96660e6cfb22821c24b1011a..3cc825bd625ae53d37d316206427b334ad144534 100644 (file)
@@ -51,7 +51,7 @@ bool torture_smb2_create_gentest(struct torture_context *torture, struct smb2_tr
        struct smb2_create io;
        NTSTATUS status;
        TALLOC_CTX *tmp_ctx = talloc_new(tree);
-       uint32_t access_mask, file_attributes;
+       uint32_t access_mask, file_attributes, denied_mask;
 
        ZERO_STRUCT(io);
        io.in.desired_access     = SEC_FLAG_MAXIMUM_ALLOWED;
@@ -130,6 +130,7 @@ bool torture_smb2_create_gentest(struct torture_context *torture, struct smb2_tr
        io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
        io.in.file_attributes = 0;
        access_mask = 0;
+       denied_mask = 0;
        {
                int i;
                for (i=0;i<32;i++) {
@@ -138,6 +139,8 @@ bool torture_smb2_create_gentest(struct torture_context *torture, struct smb2_tr
                        status = smb2_create(tree, tmp_ctx, &io);
                        if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
                                file_attributes |= io.in.file_attributes;
+                       } else if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+                               denied_mask |= io.in.file_attributes;
                        } else {
                                CHECK_STATUS(status, NT_STATUS_OK);
                                status = smb2_util_close(tree, io.out.file.handle);
@@ -146,7 +149,8 @@ bool torture_smb2_create_gentest(struct torture_context *torture, struct smb2_tr
                }
        }
 
-       CHECK_EQUAL(file_attributes, 0x0df0fe00);
+       CHECK_EQUAL(file_attributes, 0xffff87c8);
+       CHECK_EQUAL(denied_mask, 0x4000);
 
        talloc_free(tmp_ctx);