From: Volker Lendecke <vl@samba.org>
Date: Fri, 26 Jul 2019 10:09:14 +0000 (+0200)
Subject: smbd: Remove access check on SHARING_VIOLATION
X-Git-Tag: tdb-1.4.2~251
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2c653515f39e341d7b104cef75f8109410bc90c7;p=thirdparty%2Fsamba.git

smbd: Remove access check on SHARING_VIOLATION

This piece of code predates our user-space access checks, which we
nowadays always do in open_file()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index c75754d1e16..0bee47fbf4f 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3454,38 +3454,9 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
 	}
 
 	if (!NT_STATUS_IS_OK(status)) {
-		uint32_t can_access_mask;
-		bool can_access = True;
 
 		SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
 
-		/*
-		 * This next line is a subtlety we need for
-		 * MS-Access. If a file open will fail due to share
-		 * permissions and also for security (access) reasons,
-		 * we need to return the access failed error, not the
-		 * share error. We can't open the file due to kernel
-		 * oplock deadlock (it's possible we failed above on
-		 * the open_mode_check()) so use a userspace check.
-		 */
-
-		if (flags & O_RDWR) {
-			can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
-		} else if (flags & O_WRONLY) {
-			can_access_mask = FILE_WRITE_DATA;
-		} else {
-			can_access_mask = FILE_READ_DATA;
-		}
-
-		if (((can_access_mask & FILE_WRITE_DATA) &&
-		     !CAN_WRITE(conn)) ||
-		    !NT_STATUS_IS_OK(smbd_check_access_rights(conn,
-							      smb_fname,
-							      false,
-							      can_access_mask))) {
-			can_access = False;
-		}
-
 		/*
 		 * If we're returning a share violation, ensure we
 		 * cope with the braindead 1 second delay (SMB1 only).
@@ -3520,16 +3491,8 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
 
 		TALLOC_FREE(lck);
 		fd_close(fsp);
-		if (can_access) {
-			/*
-			 * We have detected a sharing violation here
-			 * so return the correct error code
-			 */
-			status = NT_STATUS_SHARING_VIOLATION;
-		} else {
-			status = NT_STATUS_ACCESS_DENIED;
-		}
-		return status;
+
+		return NT_STATUS_SHARING_VIOLATION;
 	}
 
 	/* Should we atomically (to the client at least) truncate ? */