Ensure the CAN_WRITE is checked and prevents O_CREAT and O_TRUNC from

being set. Also prevent an open on a file on a readonly share from
setting delete on close.
Jeremy.

source/smbd/open.c

@@ -683,10 +683,10 @@ files_struct *open_file_shared(connection_struct *conn,char *fname, SMB_STRUCT_S
 		return NULL;
 	}
       
-	if (GET_FILE_CREATE_DISPOSITION(ofun) == FILE_CREATE_IF_NOT_EXIST)
+	if (CAN_WRITE(conn) && (GET_FILE_CREATE_DISPOSITION(ofun) == FILE_CREATE_IF_NOT_EXIST))
 		flags2 |= O_CREAT;
 
-	if (GET_FILE_OPEN_DISPOSITION(ofun) == FILE_EXISTS_TRUNCATE)
+	if (CAN_WRITE(conn) && (GET_FILE_OPEN_DISPOSITION(ofun) == FILE_EXISTS_TRUNCATE))
 		flags2 |= O_TRUNC;
 
 	if (GET_FILE_OPEN_DISPOSITION(ofun) == FILE_EXISTS_FAIL)

source/smbd/trans2.c

@@ -1679,6 +1679,15 @@ static int call_trans2qfilepathinfo(connection_struct *conn,
 
 NTSTATUS set_delete_on_close_internal(files_struct *fsp, BOOL delete_on_close)
 {
+	/*
+	 * Only allow delete on close for writable shares.
+	 */
+
+	if (delete_on_close && !CAN_WRITE(fsp->conn)) {
+		DEBUG(10,("set_delete_on_close_internal: file %s delete on close flag set but write access denied on share.\n",
+				fsp->fsp_name ));
+				return NT_STATUS_ACCESS_DENIED;
+	}
 	/*
 	 * Only allow delete on close for files/directories opened with delete intent.
 	 */