diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/locking/locking.c | 59 | ||||
-rw-r--r-- | source3/locking/proto.h | 1 | ||||
-rw-r--r-- | source3/smbd/file_access.c | 59 | ||||
-rw-r--r-- | source3/smbd/proto.h | 1 |
4 files changed, 60 insertions, 60 deletions
diff --git a/source3/locking/locking.c b/source3/locking/locking.c index c1f99430ed..b0f719bb48 100644 --- a/source3/locking/locking.c +++ b/source3/locking/locking.c @@ -1182,65 +1182,6 @@ bool downgrade_share_oplock(struct share_mode_lock *lck, files_struct *fsp) return True; } -/**************************************************************************** - Check if setting delete on close is allowed on this fsp. -****************************************************************************/ - -NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode) -{ - /* - * Only allow delete on close for writable files. - */ - - if ((dosmode & FILE_ATTRIBUTE_READONLY) && - !lp_delete_readonly(SNUM(fsp->conn))) { - DEBUG(10,("can_set_delete_on_close: file %s delete on close " - "flag set but file attribute is readonly.\n", - fsp_str_dbg(fsp))); - return NT_STATUS_CANNOT_DELETE; - } - - /* - * Only allow delete on close for writable shares. - */ - - if (!CAN_WRITE(fsp->conn)) { - DEBUG(10,("can_set_delete_on_close: file %s delete on " - "close flag set but write access denied on share.\n", - fsp_str_dbg(fsp))); - return NT_STATUS_ACCESS_DENIED; - } - - /* - * Only allow delete on close for files/directories opened with delete - * intent. - */ - - if (!(fsp->access_mask & DELETE_ACCESS)) { - DEBUG(10,("can_set_delete_on_close: file %s delete on " - "close flag set but delete access denied.\n", - fsp_str_dbg(fsp))); - return NT_STATUS_ACCESS_DENIED; - } - - /* Don't allow delete on close for non-empty directories. */ - if (fsp->is_directory) { - SMB_ASSERT(!is_ntfs_stream_smb_fname(fsp->fsp_name)); - - /* Or the root of a share. */ - if (ISDOT(fsp->fsp_name->base_name)) { - DEBUG(10,("can_set_delete_on_close: can't set delete on " - "close for the root of a share.\n")); - return NT_STATUS_ACCESS_DENIED; - } - - return can_delete_directory(fsp->conn, - fsp->fsp_name->base_name); - } - - return NT_STATUS_OK; -} - /************************************************************************* Return a talloced copy of a struct security_unix_token. NULL on fail. (Should this be in locking.c.... ?). diff --git a/source3/locking/proto.h b/source3/locking/proto.h index b7c8990b1a..5be8acc920 100644 --- a/source3/locking/proto.h +++ b/source3/locking/proto.h @@ -172,7 +172,6 @@ void del_deferred_open_entry(struct share_mode_lock *lck, uint64_t mid, struct server_id pid); bool remove_share_oplock(struct share_mode_lock *lck, files_struct *fsp); bool downgrade_share_oplock(struct share_mode_lock *lck, files_struct *fsp); -NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode); const struct security_unix_token *get_delete_on_close_token(struct share_mode_lock *lck, uint32_t name_hash); void set_delete_on_close_lck(files_struct *fsp, struct share_mode_lock *lck, diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index 4a473d76a6..9fff8e3051 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -170,3 +170,62 @@ bool directory_has_default_acl(connection_struct *conn, const char *fname) TALLOC_FREE(secdesc); return false; } + +/**************************************************************************** + Check if setting delete on close is allowed on this fsp. +****************************************************************************/ + +NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode) +{ + /* + * Only allow delete on close for writable files. + */ + + if ((dosmode & FILE_ATTRIBUTE_READONLY) && + !lp_delete_readonly(SNUM(fsp->conn))) { + DEBUG(10,("can_set_delete_on_close: file %s delete on close " + "flag set but file attribute is readonly.\n", + fsp_str_dbg(fsp))); + return NT_STATUS_CANNOT_DELETE; + } + + /* + * Only allow delete on close for writable shares. + */ + + if (!CAN_WRITE(fsp->conn)) { + DEBUG(10,("can_set_delete_on_close: file %s delete on " + "close flag set but write access denied on share.\n", + fsp_str_dbg(fsp))); + return NT_STATUS_ACCESS_DENIED; + } + + /* + * Only allow delete on close for files/directories opened with delete + * intent. + */ + + if (!(fsp->access_mask & DELETE_ACCESS)) { + DEBUG(10,("can_set_delete_on_close: file %s delete on " + "close flag set but delete access denied.\n", + fsp_str_dbg(fsp))); + return NT_STATUS_ACCESS_DENIED; + } + + /* Don't allow delete on close for non-empty directories. */ + if (fsp->is_directory) { + SMB_ASSERT(!is_ntfs_stream_smb_fname(fsp->fsp_name)); + + /* Or the root of a share. */ + if (ISDOT(fsp->fsp_name->base_name)) { + DEBUG(10,("can_set_delete_on_close: can't set delete on " + "close for the root of a share.\n")); + return NT_STATUS_ACCESS_DENIED; + } + + return can_delete_directory(fsp->conn, + fsp->fsp_name->base_name); + } + + return NT_STATUS_OK; +} diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index e0f48b7bcb..34b252006b 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -310,6 +310,7 @@ bool can_delete_file_in_directory(connection_struct *conn, bool can_write_to_file(connection_struct *conn, const struct smb_filename *smb_fname); bool directory_has_default_acl(connection_struct *conn, const char *fname); +NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode); /* The following definitions come from smbd/fileio.c */ |