diff options
author | Volker Lendecke <vl@samba.org> | 2011-12-13 16:01:59 +0100 |
---|---|---|
committer | Volker Lendecke <vlendec@samba.org> | 2011-12-13 17:27:26 +0100 |
commit | 34d58c9d92f852e908acb78e040c1a22ce1591c1 (patch) | |
tree | 753483751f4ab5cff59a58f9fde0e786719690b5 /source3/smbd | |
parent | 2d2d72e479142ad7d1a40955793bcf63d5b4ee14 (diff) | |
download | samba-34d58c9d92f852e908acb78e040c1a22ce1591c1.tar.gz samba-34d58c9d92f852e908acb78e040c1a22ce1591c1.tar.bz2 samba-34d58c9d92f852e908acb78e040c1a22ce1591c1.zip |
s3: Move can_set_delete_on_close to smbd/
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/file_access.c | 59 | ||||
-rw-r--r-- | source3/smbd/proto.h | 1 |
2 files changed, 60 insertions, 0 deletions
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index 4a473d76a6..9fff8e3051 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -170,3 +170,62 @@ bool directory_has_default_acl(connection_struct *conn, const char *fname) TALLOC_FREE(secdesc); return false; } + +/**************************************************************************** + Check if setting delete on close is allowed on this fsp. +****************************************************************************/ + +NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode) +{ + /* + * Only allow delete on close for writable files. + */ + + if ((dosmode & FILE_ATTRIBUTE_READONLY) && + !lp_delete_readonly(SNUM(fsp->conn))) { + DEBUG(10,("can_set_delete_on_close: file %s delete on close " + "flag set but file attribute is readonly.\n", + fsp_str_dbg(fsp))); + return NT_STATUS_CANNOT_DELETE; + } + + /* + * Only allow delete on close for writable shares. + */ + + if (!CAN_WRITE(fsp->conn)) { + DEBUG(10,("can_set_delete_on_close: file %s delete on " + "close flag set but write access denied on share.\n", + fsp_str_dbg(fsp))); + return NT_STATUS_ACCESS_DENIED; + } + + /* + * Only allow delete on close for files/directories opened with delete + * intent. + */ + + if (!(fsp->access_mask & DELETE_ACCESS)) { + DEBUG(10,("can_set_delete_on_close: file %s delete on " + "close flag set but delete access denied.\n", + fsp_str_dbg(fsp))); + return NT_STATUS_ACCESS_DENIED; + } + + /* Don't allow delete on close for non-empty directories. */ + if (fsp->is_directory) { + SMB_ASSERT(!is_ntfs_stream_smb_fname(fsp->fsp_name)); + + /* Or the root of a share. */ + if (ISDOT(fsp->fsp_name->base_name)) { + DEBUG(10,("can_set_delete_on_close: can't set delete on " + "close for the root of a share.\n")); + return NT_STATUS_ACCESS_DENIED; + } + + return can_delete_directory(fsp->conn, + fsp->fsp_name->base_name); + } + + return NT_STATUS_OK; +} diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index e0f48b7bcb..34b252006b 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -310,6 +310,7 @@ bool can_delete_file_in_directory(connection_struct *conn, bool can_write_to_file(connection_struct *conn, const struct smb_filename *smb_fname); bool directory_has_default_acl(connection_struct *conn, const char *fname); +NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode); /* The following definitions come from smbd/fileio.c */ |