From 2514bee0a3b0a12430e2679ee590075c54d4803a Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 28 Mar 2018 12:42:20 -0700
Subject: [PATCH] s3: smbd: Files or directories can't be opened
 DELETE_ON_CLOSE without delete access.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
---
 source3/smbd/open.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index be9e601bb15..643e074f399 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -5120,6 +5120,18 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
 		goto fail;
 	}
 
+	/*
+	 * Files or directories can't be opened DELETE_ON_CLOSE without
+	 * delete access.
+	 * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358
+	 */
+	if (create_options & FILE_DELETE_ON_CLOSE) {
+		if ((access_mask & DELETE_ACCESS) == 0) {
+			status = NT_STATUS_INVALID_PARAMETER;
+			goto fail;
+		}
+	}
+
 	if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
 	    && is_ntfs_stream_smb_fname(smb_fname)
 	    && (!(private_flags & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
-- 
2.34.1