emsmdb: make openstream treat MAPI_BEST_ACCESS as documented

grammmike · jengelh · commit e7dcc1417e93 · 2025-11-08T10:53:00.000+01:00
MAPI_BEST_ACCESS is supposed to imply a fallback to readonly,
but this was not implemented.

This patch makes rop_openstream downgrade MAPI_BEST_ACCESS requests
to read-only when lacking the appropriate rights on the object,
instead of returning ecAccessDenied. Delegate users with only read
powers can now fetch attachment bodies like they were already able to
do with message exports. [The latter are handled via fxstream
–jengelh]

References: GXL-646, DESK-4130
diff --git a/exch/emsmdb/oxcprpt.cpp b/exch/emsmdb/oxcprpt.cpp
@@ -881,7 +881,7 @@ ec_error_t rop_openstream(proptag_t proptag, uint8_t flags, uint32_t *pstream_si
 	auto pobject = rop_processor_get_object(plogmap, logon_id, hin, &object_type);
 	if (pobject == nullptr)
 		return ecNullObject;
-	BOOL b_write = flags == MAPI_CREATE || flags == MAPI_MODIFY ? TRUE : false;
+	const bool b_write = flags & MAPI_BEST_ACCESS; /* one bit suffices for wanting to write */
 	switch (object_type) {
 	case ems_objtype::folder:
 		/* MS-OXCPERM 3.1.4.1 */
@@ -898,8 +898,11 @@ ec_error_t rop_openstream(proptag_t proptag, uint8_t flags, uint32_t *pstream_si
 				    static_cast<folder_object *>(pobject)->folder_id,
 				    eff_user, &permission))
 					return ecError;
-				if (!(permission & frightsOwner))
-					return ecAccessDenied;
+				if (!(permission & frightsOwner)) {
+					if ((flags & MAPI_BEST_ACCESS) != MAPI_BEST_ACCESS)
+						return ecAccessDenied;
+					flags &= ~MAPI_BEST_ACCESS;
+				}
 			}
 		}
 		max_length = MAX_LENGTH_FOR_FOLDER;
@@ -922,8 +925,11 @@ ec_error_t rop_openstream(proptag_t proptag, uint8_t flags, uint32_t *pstream_si
 			auto tag_access = object_type == ems_objtype::message ?
 				static_cast<message_object *>(pobject)->get_tag_access() :
 				static_cast<attachment_object *>(pobject)->get_tag_access();
-			if (!(tag_access & MAPI_ACCESS_MODIFY))
-				return ecAccessDenied;
+			if (!(tag_access & MAPI_ACCESS_MODIFY)) {
+				if ((flags & MAPI_BEST_ACCESS) != MAPI_BEST_ACCESS)
+					return ecAccessDenied;
+				flags &= ~MAPI_BEST_ACCESS;
+			}
 		}
 		max_length = g_max_mail_len;
 		break;
diff --git a/include/gromox/mapidefs.h b/include/gromox/mapidefs.h
@@ -1560,6 +1560,9 @@ enum {
 /*
  * Documented for ropOpenMessage, ropOpenAttachment, various I*::OpenEntry,
  * IMAPISession::OpenMsgStore.
+ *
+ * MAPI_CREATE implies MAPI_MODIFY already, therefore a value with both bits
+ * being set can (and does) have a different meaning.
  */
 #define MAPI_BEST_ACCESS 0x3U
 
