typedef [public] struct {
uint32 name_hash;
+ security_token *delete_nt_token;
security_unix_token *delete_token;
} delete_token;
static bool add_delete_on_close_token(struct share_mode_data *d,
uint32_t name_hash,
+ const struct security_token *nt_tok,
const struct security_unix_token *tok)
{
struct delete_token *tmp, *dtl;
dtl = &d->delete_tokens[d->num_delete_tokens];
dtl->name_hash = name_hash;
+ dtl->delete_nt_token = dup_nt_token(d->delete_tokens, nt_tok);
+ if (dtl->delete_nt_token == NULL) {
+ return false;
+ }
dtl->delete_token = copy_unix_token(d->delete_tokens, tok);
if (dtl->delete_token == NULL) {
return false;
void set_delete_on_close_lck(files_struct *fsp,
struct share_mode_lock *lck,
bool delete_on_close,
+ const struct security_token *nt_tok,
const struct security_unix_token *tok)
{
struct share_mode_data *d = lck->data;
bool ret;
if (delete_on_close) {
+ SMB_ASSERT(nt_tok != NULL);
SMB_ASSERT(tok != NULL);
} else {
+ SMB_ASSERT(nt_tok == NULL);
SMB_ASSERT(tok == NULL);
}
d->modified = true;
if (delete_on_close == false) {
/* Delete this entry. */
+ TALLOC_FREE(dt->delete_nt_token);
TALLOC_FREE(dt->delete_token);
*dt = d->delete_tokens[
d->num_delete_tokens-1];
}
/* Replace this token with the
given tok. */
+ TALLOC_FREE(dt->delete_nt_token);
+ dt->delete_nt_token = dup_nt_token(dt, nt_tok);
+ SMB_ASSERT(dt->delete_nt_token != NULL);
TALLOC_FREE(dt->delete_token);
dt->delete_token = copy_unix_token(dt, tok);
SMB_ASSERT(dt->delete_token != NULL);
return;
}
- ret = add_delete_on_close_token(lck->data, fsp->name_hash, tok);
+ ret = add_delete_on_close_token(lck->data, fsp->name_hash, nt_tok, tok);
SMB_ASSERT(ret);
}
-bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const struct security_unix_token *tok)
+bool set_delete_on_close(files_struct *fsp, bool delete_on_close,
+ const struct security_token *nt_tok,
+ const struct security_unix_token *tok)
{
struct share_mode_lock *lck;
return False;
}
- set_delete_on_close_lck(fsp, lck, delete_on_close,
- delete_on_close ? tok : NULL);
+ if (delete_on_close) {
+ set_delete_on_close_lck(fsp, lck, true,
+ nt_tok,
+ tok);
+ } else {
+ set_delete_on_close_lck(fsp, lck, false,
+ NULL,
+ NULL);
+ }
if (fsp->is_directory) {
SMB_ASSERT(!is_ntfs_stream_smb_fname(fsp->fsp_name));
return True;
}
-const struct security_unix_token *get_delete_on_close_token(struct share_mode_lock *lck, uint32_t name_hash)
+/****************************************************************************
+ Return the NT token and UNIX token if there's a match. Return true if
+ found, false if not.
+****************************************************************************/
+
+bool get_delete_on_close_token(struct share_mode_lock *lck,
+ uint32_t name_hash,
+ const struct security_token **pp_nt_tok,
+ const struct security_unix_token **pp_tok)
{
int i;
DEBUG(10,("get_delete_on_close_token: dtl->name_hash = 0x%x\n",
(unsigned int)dt->name_hash ));
if (dt->name_hash == name_hash) {
- return dt->delete_token;
+ if (pp_nt_tok) {
+ *pp_nt_tok = dt->delete_nt_token;
+ }
+ if (pp_tok) {
+ *pp_tok = dt->delete_token;
+ }
+ return true;
}
}
- return NULL;
+ return false;
}
bool is_delete_on_close_set(struct share_mode_lock *lck, uint32_t name_hash)
{
- return (get_delete_on_close_token(lck, name_hash) != NULL);
+ return get_delete_on_close_token(lck, name_hash, NULL, NULL);
}
bool set_sticky_write_time(struct file_id fileid, struct timespec write_time)
struct server_id pid);
bool remove_share_oplock(struct share_mode_lock *lck, files_struct *fsp);
bool downgrade_share_oplock(struct share_mode_lock *lck, files_struct *fsp);
-const struct security_unix_token *get_delete_on_close_token(struct share_mode_lock *lck, uint32_t name_hash);
+bool get_delete_on_close_token(struct share_mode_lock *lck,
+ uint32_t name_hash,
+ const struct security_token **pp_nt_tok,
+ const struct security_unix_token **pp_tok);
void set_delete_on_close_lck(files_struct *fsp,
struct share_mode_lock *lck,
bool delete_on_close,
+ const struct security_token *nt_tok,
+ const struct security_unix_token *tok);
+bool set_delete_on_close(files_struct *fsp, bool delete_on_close,
+ const struct security_token *nt_tok,
const struct security_unix_token *tok);
-bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const struct security_unix_token *tok);
bool is_delete_on_close_set(struct share_mode_lock *lck, uint32_t name_hash);
bool set_sticky_write_time(struct file_id fileid, struct timespec write_time);
bool set_write_time(struct file_id fileid, struct timespec write_time);
NTSTATUS tmp_status;
struct file_id id;
const struct security_unix_token *del_token = NULL;
+ const struct security_token *del_nt_token = NULL;
+ bool got_tokens = false;
/* Ensure any pending write time updates are done. */
if (fsp->update_write_time_event) {
became_user = True;
}
fsp->delete_on_close = true;
- set_delete_on_close_lck(fsp, lck, True, get_current_utok(conn));
+ set_delete_on_close_lck(fsp, lck, True,
+ get_current_nttok(conn),
+ get_current_utok(conn));
if (became_user) {
unbecome_user();
}
*/
fsp->update_write_time_on_close = false;
- del_token = get_delete_on_close_token(lck, fsp->name_hash);
- SMB_ASSERT(del_token != NULL);
+ got_tokens = get_delete_on_close_token(lck, fsp->name_hash,
+ &del_nt_token, &del_token);
+ SMB_ASSERT(got_tokens);
if (!unix_token_equal(del_token, get_current_utok(conn))) {
/* Become the user who requested the delete. */
del_token->gid,
del_token->ngroups,
del_token->groups,
- NULL);
+ del_nt_token);
changed_user = true;
}
*/
fsp->delete_on_close = false;
- set_delete_on_close_lck(fsp, lck, false, NULL);
+ set_delete_on_close_lck(fsp, lck, false, NULL, NULL);
done:
bool delete_dir = False;
NTSTATUS status = NT_STATUS_OK;
NTSTATUS status1 = NT_STATUS_OK;
+ const struct security_token *del_nt_token = NULL;
const struct security_unix_token *del_token = NULL;
/*
send_stat_cache_delete_message(fsp->conn->sconn->msg_ctx,
fsp->fsp_name->base_name);
set_delete_on_close_lck(fsp, lck, true,
+ get_current_nttok(fsp->conn),
get_current_utok(fsp->conn));
fsp->delete_on_close = true;
if (became_user) {
}
}
- del_token = get_delete_on_close_token(lck, fsp->name_hash);
- delete_dir = (del_token != NULL);
+ delete_dir = get_delete_on_close_token(lck, fsp->name_hash,
+ &del_nt_token, &del_token);
if (delete_dir) {
int i;
del_token->gid,
del_token->ngroups,
del_token->groups,
- NULL);
+ del_nt_token);
TALLOC_FREE(lck);
}
/* The set is across all open files on this dev/inode pair. */
- if (!set_delete_on_close(fsp, True, conn->session_info->unix_token)) {
+ if (!set_delete_on_close(fsp, True,
+ conn->session_info->security_token,
+ conn->session_info->unix_token)) {
close_file(req, fsp, NORMAL_CLOSE);
return NT_STATUS_ACCESS_DENIED;
}
goto out;
}
- if (!set_delete_on_close(fsp, true, conn->session_info->unix_token)) {
+ if (!set_delete_on_close(fsp, true,
+ conn->session_info->security_token,
+ conn->session_info->unix_token)) {
close_file(req, fsp, ERROR_CLOSE);
reply_nterror(req, NT_STATUS_ACCESS_DENIED);
goto out;
/* The set is across all open files on this dev/inode pair. */
if (!set_delete_on_close(fsp, delete_on_close,
+ conn->session_info->security_token,
conn->session_info->unix_token)) {
return NT_STATUS_ACCESS_DENIED;
}