From: Ralph Boehme Date: Wed, 1 Apr 2026 09:58:03 +0000 (+0200) Subject: smbd: do S_ISDIR check even earlier X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;ds=inline;p=thirdparty%2Fsamba.git smbd: do S_ISDIR check even earlier Doing this in open_file() is too late, as when the client requests an open with SEC_FLAG_MAXIMUM_ALLOWED on a directory that has FILE_ATTRIBUTE_READ_ONLY set, this will currently trigger an NT_STATUS_ACCESS_DENIED by the following code in open_file_ntcreate() if the ACL grants write access to the user: if (((flags & O_ACCMODE) != O_RDONLY) && file_existed && (!CAN_WRITE(conn) || (existing_dos_attributes & FILE_ATTRIBUTE_READONLY))) { DEBUG(5,("open_file_ntcreate: write access requested for " "file %s on read only %s\n", smb_fname_str_dbg(smb_fname), !CAN_WRITE(conn) ? "share" : "file" )); return NT_STATUS_ACCESS_DENIED; } Fixes this bug, but should otherwise cause no change in behaviour. BUG: https://bugzilla.samba.org/show_bug.cgi?id=16030 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Wed Apr 29 12:00:18 UTC 2026 on atb-devel-224 --- diff --git a/selftest/knownfail.d/smb2.maximum_allowed b/selftest/knownfail.d/smb2.maximum_allowed deleted file mode 100644 index 17dad39d48a..00000000000 --- a/selftest/knownfail.d/smb2.maximum_allowed +++ /dev/null @@ -1 +0,0 @@ -^samba3.smb2.maximum_allowed.read_only_dir\(.*\) diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 63da0a3563b..3c14207575c 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1106,14 +1106,6 @@ static NTSTATUS open_file( bool open_fd = false; bool posix_open = fsp->fsp_flags.posix_open; - /* - * Catch early an attempt to open an existing - * directory as a file. - */ - if (file_existed && S_ISDIR(fsp->fsp_name->st.st_ex_mode)) { - return NT_STATUS_FILE_IS_A_DIRECTORY; - } - /* * This little piece of insanity is inspired by the * fact that an NT client can open a file for O_RDONLY, @@ -3783,6 +3775,14 @@ static NTSTATUS open_file_ntcreate( req->vuid); } + /* + * Catch early an attempt to open an existing + * directory as a file. + */ + if (file_existed && S_ISDIR(fsp->fsp_name->st.st_ex_mode)) { + return NT_STATUS_FILE_IS_A_DIRECTORY; + } + if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) { posix_open = True; unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);