Fix bug #6421 - POSIX read-only open fails on read-only shares.

The change to smbd/trans2.c opens up
SETFILEINFO calls to POSIX_OPEN only. The change to first smbd/open.c closes 2
holes that would have been exposed by allowing POSIX_OPENS on readonly shares,
and their ability to set arbitrary flags permutations. The O_CREAT ->
O_CREAT|O_EXCL change removes an illegal combination (O_EXCL without O_CREAT)
that previously was being passed down to the open syscall.
Jeremy.

source3/smbd/open.c

@@ -346,7 +346,7 @@ static NTSTATUS open_file(files_struct *fsp,
 
 	if (!CAN_WRITE(conn)) {
 		/* It's a read-only share - fail if we wanted to write. */
-		if(accmode != O_RDONLY) {
+		if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) {
 			DEBUG(3,("Permission denied opening %s\n", path));
 			return NT_STATUS_ACCESS_DENIED;
 		} else if(flags & O_CREAT) {
@@ -354,8 +354,8 @@ static NTSTATUS open_file(files_struct *fsp,
 			   O_CREAT doesn't create the file if we have write
 			   access into the directory.
 			*/
-			flags &= ~O_CREAT;
-			local_flags &= ~O_CREAT;
+			flags &= ~(O_CREAT|O_EXCL);
+			local_flags &= ~(O_CREAT|O_EXCL);
 		}
 	}
 

source3/smbd/trans2.c

@@ -6870,16 +6870,20 @@ static void call_trans2setfilepathinfo(connection_struct *conn,
 		}
 	}
 
-	if (!CAN_WRITE(conn)) {
-		reply_doserror(req, ERRSRV, ERRaccess);
-		return;
-	}
-
 	if (INFO_LEVEL_IS_UNIX(info_level) && !lp_unix_extensions()) {
 		reply_nterror(req, NT_STATUS_INVALID_LEVEL);
 		return;
 	}
 
+	if (!CAN_WRITE(conn)) {
+		/* Allow POSIX opens. The open path will deny
+		 * any non-readonly opens. */
+		if (info_level != SMB_POSIX_PATH_OPEN) {
+			reply_doserror(req, ERRSRV, ERRaccess);
+			return;
+		}
+	}
+
 	DEBUG(3,("call_trans2setfilepathinfo(%d) %s (fnum %d) info_level=%d totdata=%d\n",
 		tran_call,fname, fsp ? fsp->fnum : -1, info_level,total_data));