From a66a985cde1606d0ed6f66f2dc80357b0f7d3363 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 21 Dec 2004 11:44:32 +0000
Subject: r4314: added ACL checking on unlink (This used to be commit
 f25c469693517ed993e0379d8b07cd7eb235a669)

---
 source4/ntvfs/posix/pvfs_acl.c         | 13 +++++++++++++
 source4/ntvfs/posix/pvfs_open.c        |  8 +++++++-
 source4/ntvfs/posix/pvfs_rename.c      |  2 +-
 source4/ntvfs/posix/pvfs_setfileinfo.c |  2 +-
 source4/ntvfs/posix/pvfs_unlink.c      | 15 +++++++++------
 5 files changed, 31 insertions(+), 9 deletions(-)

(limited to 'source4/ntvfs')

diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index 95a4e5765c..5302cc9524 100644
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -390,3 +390,16 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs,
 	
 	return status;
 }
+
+
+/*
+  a simplified interface to access check, designed for calls that
+  do not take or return an access check mask
+*/
+NTSTATUS pvfs_access_check_simple(struct pvfs_state *pvfs, 
+				  struct smbsrv_request *req,
+				  struct pvfs_filename *name,
+				  uint32_t access_needed)
+{
+	return pvfs_access_check(pvfs, req, name, &access_needed);
+}
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c
index 7cb8a5d90c..34052fc44a 100644
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -1211,7 +1211,9 @@ NTSTATUS pvfs_change_create_options(struct pvfs_state *pvfs,
   determine if a file can be deleted, or if it is prevented by an
   already open file
 */
-NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, struct pvfs_filename *name)
+NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, 
+			 struct smbsrv_request *req,
+			 struct pvfs_filename *name)
 {
 	NTSTATUS status;
 	DATA_BLOB key;
@@ -1228,6 +1230,10 @@ NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, struct pvfs_filename *name)
 			      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 
 			      SEC_STD_DELETE);
 
+	if (NT_STATUS_IS_OK(status)) {
+		status = pvfs_access_check_simple(pvfs, req, name, SEC_STD_DELETE);
+	}
+
 	return status;
 }
 
diff --git a/source4/ntvfs/posix/pvfs_rename.c b/source4/ntvfs/posix/pvfs_rename.c
index cba9cace59..0ca05bbc17 100644
--- a/source4/ntvfs/posix/pvfs_rename.c
+++ b/source4/ntvfs/posix/pvfs_rename.c
@@ -162,7 +162,7 @@ static NTSTATUS pvfs_rename_one(struct pvfs_state *pvfs,
 	status = pvfs_resolve_partial(pvfs, mem_ctx, 
 				      dir_path, fname2, &name2);
 	if (NT_STATUS_IS_OK(status)) {
-		status = pvfs_can_delete(pvfs, name2);
+		status = pvfs_can_delete(pvfs, req, name2);
 		if (!NT_STATUS_IS_OK(status)) {
 			talloc_free(mem_ctx);
 			return status;
diff --git a/source4/ntvfs/posix/pvfs_setfileinfo.c b/source4/ntvfs/posix/pvfs_setfileinfo.c
index 2a06def2b4..295d2e919e 100644
--- a/source4/ntvfs/posix/pvfs_setfileinfo.c
+++ b/source4/ntvfs/posix/pvfs_setfileinfo.c
@@ -91,7 +91,7 @@ static NTSTATUS pvfs_setfileinfo_rename(struct pvfs_state *pvfs,
 			return NT_STATUS_OBJECT_NAME_COLLISION;
 		}
 
-		status = pvfs_can_delete(pvfs, name2);
+		status = pvfs_can_delete(pvfs, req, name2);
 		if (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION)) {
 			return NT_STATUS_ACCESS_DENIED;
 		}
diff --git a/source4/ntvfs/posix/pvfs_unlink.c b/source4/ntvfs/posix/pvfs_unlink.c
index f29a70600f..09732d7735 100644
--- a/source4/ntvfs/posix/pvfs_unlink.c
+++ b/source4/ntvfs/posix/pvfs_unlink.c
@@ -27,7 +27,9 @@
 /*
   unlink a stream
  */
-static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs, struct pvfs_filename *name, 
+static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs, 
+				   struct smbsrv_request *req,
+				   struct pvfs_filename *name, 
 				   uint16_t attrib)
 {
 	NTSTATUS status;
@@ -42,7 +44,7 @@ static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs, struct pvfs_filename
 		return status;
 	}
 
-	status = pvfs_can_delete(pvfs, name);
+	status = pvfs_can_delete(pvfs, req, name);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
@@ -54,7 +56,8 @@ static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs, struct pvfs_filename
 /*
   unlink one file
 */
-static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx,
+static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs, 
+				struct smbsrv_request *req,
 				const char *unix_path, 
 				const char *fname, uint32_t attrib)
 {
@@ -62,7 +65,7 @@ static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx,
 	NTSTATUS status;
 
 	/* get a pvfs_filename object */
-	status = pvfs_resolve_partial(pvfs, mem_ctx, 
+	status = pvfs_resolve_partial(pvfs, req, 
 				      unix_path, fname, &name);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
@@ -75,7 +78,7 @@ static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx,
 		return status;
 	}
 
-	status = pvfs_can_delete(pvfs, name);
+	status = pvfs_can_delete(pvfs, req, name);
 	if (!NT_STATUS_IS_OK(status)) {
 		talloc_free(name);
 		return status;
@@ -133,7 +136,7 @@ NTSTATUS pvfs_unlink(struct ntvfs_module_context *ntvfs,
 	}
 
 	if (name->stream_name) {
-		return pvfs_unlink_stream(pvfs, name, unl->in.attrib);
+		return pvfs_unlink_stream(pvfs, req, name, unl->in.attrib);
 	}
 
 	/* get list of matching files */
-- 
cgit