From d038b70b159fd133060ead0bed8d70b654594b03 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 24 Jun 2014 14:19:30 -0700
Subject: [PATCH 1/2] s3: smbd - Prevent file truncation on an open that fails
 with share mode violation.

Fix from Volker, really - just tidied up a little.
The S_ISFIFO check may not be strictly neccessary,
but doesn't hurt (might make the code a bit more complex
than it needs to be).

Fixes bug #10671 - Samba file corruption as a result of failed lock check.

https://bugzilla.samba.org/show_bug.cgi?id=10671

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit 31b3427a417217e5e869baafdf63e633efc39d12)
[ddiss@samba.org: 4.1 backport]
---
 source3/smbd/open.c | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 5f7bff9..72b8b59 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -839,8 +839,11 @@ static NTSTATUS open_file(files_struct *fsp,
 			}
 		}
 
-		/* Actually do the open */
-		status = fd_open_atomic(conn, fsp, local_flags,
+		/*
+		 * Actually do the open - if O_TRUNC is needed handle it
+		 * below under the share mode lock.
+		 */
+		status = fd_open_atomic(conn, fsp, local_flags & ~O_TRUNC,
 				unx_mode, p_file_created);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
@@ -2646,6 +2649,21 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
 		return status;
 	}
 
+	/* Should we atomically (to the client at least) truncate ? */
+	if (!new_file_created) {
+		if (flags2 & O_TRUNC) {
+			if (!S_ISFIFO(fsp->fsp_name->st.st_ex_mode)) {
+				int ret = vfs_set_filelen(fsp, 0);
+				if (ret != 0) {
+					status = map_nt_error_from_unix(errno);
+					TALLOC_FREE(lck);
+					fd_close(fsp);
+					return status;
+				}
+			}
+		}
+	}
+
 	grant_fsp_oplock_type(fsp,
 			      oplock_request,
 			      got_level2_oplock,
-- 
1.8.4.5


From 906812aad2d1fec04076259f1d5332220b95221a Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Wed, 25 Jun 2014 08:36:47 +0000
Subject: [PATCH 2/2] smbd: Remove 2 indentation levels

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit 1dc5c20c8f7d8aa96fa0601bf5bf6dc69fb79d9f)
---
 source3/smbd/open.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 72b8b59..16d4307 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -2650,17 +2650,17 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
 	}
 
 	/* Should we atomically (to the client at least) truncate ? */
-	if (!new_file_created) {
-		if (flags2 & O_TRUNC) {
-			if (!S_ISFIFO(fsp->fsp_name->st.st_ex_mode)) {
-				int ret = vfs_set_filelen(fsp, 0);
-				if (ret != 0) {
-					status = map_nt_error_from_unix(errno);
-					TALLOC_FREE(lck);
-					fd_close(fsp);
-					return status;
-				}
-			}
+	if ((!new_file_created) &&
+	    (flags2 & O_TRUNC) &&
+	    (!S_ISFIFO(fsp->fsp_name->st.st_ex_mode))) {
+		int ret;
+
+		ret = vfs_set_filelen(fsp, 0);
+		if (ret != 0) {
+			status = map_nt_error_from_unix(errno);
+			TALLOC_FREE(lck);
+			fd_close(fsp);
+			return status;
 		}
 	}
 
-- 
1.8.4.5