From: Volker Lendecke <vl@samba.org>
Date: Thu, 5 Feb 2026 19:24:12 +0000 (+0100)
Subject: CVE-2026-1933: tests: Fix permissions used for creating reparse points
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fb8ef1c97e1ce36d633b46cf10ff48aa70c2ed4c;p=thirdparty%2Fsamba.git

CVE-2026-1933: tests: Fix permissions used for creating reparse points

SEC_STD_ALL does not lead to fsp->access_mask to include the required
bits.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15992

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/python/samba/tests/smb3unix.py b/python/samba/tests/smb3unix.py
index 075b2a07b17..3039a68a1cd 100644
--- a/python/samba/tests/smb3unix.py
+++ b/python/samba/tests/smb3unix.py
@@ -446,7 +446,7 @@ class Smb3UnixTests(samba.tests.libsmb.LibsmbTests):
 
             wire_mode = libsmb.unix_mode_to_wire(0o600)
             f,_,cc_out = c.create_ex('\\reparse',
-                                     DesiredAccess=security.SEC_STD_ALL,
+                                     DesiredAccess=security.SEC_FILE_WRITE_ATTRIBUTE,
                                      CreateDisposition=libsmb.FILE_CREATE,
                                      CreateContexts=[posix_context(wire_mode)])
 
@@ -460,7 +460,7 @@ class Smb3UnixTests(samba.tests.libsmb.LibsmbTests):
 
             wire_mode = libsmb.unix_mode_to_wire(0o600)
             f,_,cc_out = c.create_ex('\\reparse',
-                                     DesiredAccess=security.SEC_STD_ALL,
+                                     DesiredAccess=security.SEC_FILE_WRITE_ATTRIBUTE,
                                      CreateDisposition=libsmb.FILE_OPEN,
                                      CreateContexts=[posix_context(wire_mode)])
             c.close(f)