summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2011-12-13 16:01:59 +0100
committerVolker Lendecke <vlendec@samba.org>2011-12-13 17:27:26 +0100
commit34d58c9d92f852e908acb78e040c1a22ce1591c1 (patch)
tree753483751f4ab5cff59a58f9fde0e786719690b5 /source3/smbd
parent2d2d72e479142ad7d1a40955793bcf63d5b4ee14 (diff)
downloadsamba-34d58c9d92f852e908acb78e040c1a22ce1591c1.tar.gz
samba-34d58c9d92f852e908acb78e040c1a22ce1591c1.tar.bz2
samba-34d58c9d92f852e908acb78e040c1a22ce1591c1.zip
s3: Move can_set_delete_on_close to smbd/
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/file_access.c59
-rw-r--r--source3/smbd/proto.h1
2 files changed, 60 insertions, 0 deletions
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 4a473d76a6..9fff8e3051 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -170,3 +170,62 @@ bool directory_has_default_acl(connection_struct *conn, const char *fname)
TALLOC_FREE(secdesc);
return false;
}
+
+/****************************************************************************
+ Check if setting delete on close is allowed on this fsp.
+****************************************************************************/
+
+NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode)
+{
+ /*
+ * Only allow delete on close for writable files.
+ */
+
+ if ((dosmode & FILE_ATTRIBUTE_READONLY) &&
+ !lp_delete_readonly(SNUM(fsp->conn))) {
+ DEBUG(10,("can_set_delete_on_close: file %s delete on close "
+ "flag set but file attribute is readonly.\n",
+ fsp_str_dbg(fsp)));
+ return NT_STATUS_CANNOT_DELETE;
+ }
+
+ /*
+ * Only allow delete on close for writable shares.
+ */
+
+ if (!CAN_WRITE(fsp->conn)) {
+ DEBUG(10,("can_set_delete_on_close: file %s delete on "
+ "close flag set but write access denied on share.\n",
+ fsp_str_dbg(fsp)));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ /*
+ * Only allow delete on close for files/directories opened with delete
+ * intent.
+ */
+
+ if (!(fsp->access_mask & DELETE_ACCESS)) {
+ DEBUG(10,("can_set_delete_on_close: file %s delete on "
+ "close flag set but delete access denied.\n",
+ fsp_str_dbg(fsp)));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ /* Don't allow delete on close for non-empty directories. */
+ if (fsp->is_directory) {
+ SMB_ASSERT(!is_ntfs_stream_smb_fname(fsp->fsp_name));
+
+ /* Or the root of a share. */
+ if (ISDOT(fsp->fsp_name->base_name)) {
+ DEBUG(10,("can_set_delete_on_close: can't set delete on "
+ "close for the root of a share.\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ return can_delete_directory(fsp->conn,
+ fsp->fsp_name->base_name);
+ }
+
+ return NT_STATUS_OK;
+}
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index e0f48b7bcb..34b252006b 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -310,6 +310,7 @@ bool can_delete_file_in_directory(connection_struct *conn,
bool can_write_to_file(connection_struct *conn,
const struct smb_filename *smb_fname);
bool directory_has_default_acl(connection_struct *conn, const char *fname);
+NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode);
/* The following definitions come from smbd/fileio.c */