From 34d58c9d92f852e908acb78e040c1a22ce1591c1 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 13 Dec 2011 16:01:59 +0100 Subject: s3: Move can_set_delete_on_close to smbd/ --- source3/smbd/file_access.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++ source3/smbd/proto.h | 1 + 2 files changed, 60 insertions(+) (limited to 'source3/smbd') diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index 4a473d76a6..9fff8e3051 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -170,3 +170,62 @@ bool directory_has_default_acl(connection_struct *conn, const char *fname) TALLOC_FREE(secdesc); return false; } + +/**************************************************************************** + Check if setting delete on close is allowed on this fsp. +****************************************************************************/ + +NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode) +{ + /* + * Only allow delete on close for writable files. + */ + + if ((dosmode & FILE_ATTRIBUTE_READONLY) && + !lp_delete_readonly(SNUM(fsp->conn))) { + DEBUG(10,("can_set_delete_on_close: file %s delete on close " + "flag set but file attribute is readonly.\n", + fsp_str_dbg(fsp))); + return NT_STATUS_CANNOT_DELETE; + } + + /* + * Only allow delete on close for writable shares. + */ + + if (!CAN_WRITE(fsp->conn)) { + DEBUG(10,("can_set_delete_on_close: file %s delete on " + "close flag set but write access denied on share.\n", + fsp_str_dbg(fsp))); + return NT_STATUS_ACCESS_DENIED; + } + + /* + * Only allow delete on close for files/directories opened with delete + * intent. + */ + + if (!(fsp->access_mask & DELETE_ACCESS)) { + DEBUG(10,("can_set_delete_on_close: file %s delete on " + "close flag set but delete access denied.\n", + fsp_str_dbg(fsp))); + return NT_STATUS_ACCESS_DENIED; + } + + /* Don't allow delete on close for non-empty directories. */ + if (fsp->is_directory) { + SMB_ASSERT(!is_ntfs_stream_smb_fname(fsp->fsp_name)); + + /* Or the root of a share. */ + if (ISDOT(fsp->fsp_name->base_name)) { + DEBUG(10,("can_set_delete_on_close: can't set delete on " + "close for the root of a share.\n")); + return NT_STATUS_ACCESS_DENIED; + } + + return can_delete_directory(fsp->conn, + fsp->fsp_name->base_name); + } + + return NT_STATUS_OK; +} diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index e0f48b7bcb..34b252006b 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -310,6 +310,7 @@ bool can_delete_file_in_directory(connection_struct *conn, bool can_write_to_file(connection_struct *conn, const struct smb_filename *smb_fname); bool directory_has_default_acl(connection_struct *conn, const char *fname); +NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode); /* The following definitions come from smbd/fileio.c */ -- cgit