r4314: added ACL checking on unlink

(This used to be commit f25c469693517ed993e0379d8b07cd7eb235a669)

source4/ntvfs/posix/pvfs_acl.c

@@ -390,3 +390,16 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs,
 	
 	return status;
 }
+
+
+/*
+  a simplified interface to access check, designed for calls that
+  do not take or return an access check mask
+*/
+NTSTATUS pvfs_access_check_simple(struct pvfs_state *pvfs, 
+				  struct smbsrv_request *req,
+				  struct pvfs_filename *name,
+				  uint32_t access_needed)
+{
+	return pvfs_access_check(pvfs, req, name, &access_needed);
+}

source4/ntvfs/posix/pvfs_open.c

@@ -1211,7 +1211,9 @@ NTSTATUS pvfs_change_create_options(struct pvfs_state *pvfs,
   determine if a file can be deleted, or if it is prevented by an
   already open file
 */
-NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, struct pvfs_filename *name)
+NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, 
+			 struct smbsrv_request *req,
+			 struct pvfs_filename *name)
 {
 	NTSTATUS status;
 	DATA_BLOB key;
@@ -1228,6 +1230,10 @@ NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, struct pvfs_filename *name)
 			      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 
 			      SEC_STD_DELETE);
 
+	if (NT_STATUS_IS_OK(status)) {
+		status = pvfs_access_check_simple(pvfs, req, name, SEC_STD_DELETE);
+	}
+
 	return status;
 }
 

source4/ntvfs/posix/pvfs_rename.c

@@ -162,7 +162,7 @@ static NTSTATUS pvfs_rename_one(struct pvfs_state *pvfs,
 	status = pvfs_resolve_partial(pvfs, mem_ctx, 
 				      dir_path, fname2, &name2);
 	if (NT_STATUS_IS_OK(status)) {
-		status = pvfs_can_delete(pvfs, name2);
+		status = pvfs_can_delete(pvfs, req, name2);
 		if (!NT_STATUS_IS_OK(status)) {
 			talloc_free(mem_ctx);
 			return status;

source4/ntvfs/posix/pvfs_setfileinfo.c

@@ -91,7 +91,7 @@ static NTSTATUS pvfs_setfileinfo_rename(struct pvfs_state *pvfs,
 			return NT_STATUS_OBJECT_NAME_COLLISION;
 		}
 
-		status = pvfs_can_delete(pvfs, name2);
+		status = pvfs_can_delete(pvfs, req, name2);
 		if (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION)) {
 			return NT_STATUS_ACCESS_DENIED;
 		}

source4/ntvfs/posix/pvfs_unlink.c

@@ -27,7 +27,9 @@
 /*
   unlink a stream
  */
-static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs, struct pvfs_filename *name, 
+static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs, 
+				   struct smbsrv_request *req,
+				   struct pvfs_filename *name, 
 				   uint16_t attrib)
 {
 	NTSTATUS status;
@@ -42,7 +44,7 @@ static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs, struct pvfs_filename
 		return status;
 	}
 
-	status = pvfs_can_delete(pvfs, name);
+	status = pvfs_can_delete(pvfs, req, name);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
@@ -54,7 +56,8 @@ static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs, struct pvfs_filename
 /*
   unlink one file
 */
-static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx,
+static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs, 
+				struct smbsrv_request *req,
 				const char *unix_path, 
 				const char *fname, uint32_t attrib)
 {
@@ -62,7 +65,7 @@ static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx,
 	NTSTATUS status;
 
 	/* get a pvfs_filename object */
-	status = pvfs_resolve_partial(pvfs, mem_ctx, 
+	status = pvfs_resolve_partial(pvfs, req, 
 				      unix_path, fname, &name);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
@@ -75,7 +78,7 @@ static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx,
 		return status;
 	}
 
-	status = pvfs_can_delete(pvfs, name);
+	status = pvfs_can_delete(pvfs, req, name);
 	if (!NT_STATUS_IS_OK(status)) {
 		talloc_free(name);
 		return status;
@@ -133,7 +136,7 @@ NTSTATUS pvfs_unlink(struct ntvfs_module_context *ntvfs,
 	}
 
 	if (name->stream_name) {
-		return pvfs_unlink_stream(pvfs, name, unl->in.attrib);
+		return pvfs_unlink_stream(pvfs, req, name, unl->in.attrib);
 	}
 
 	/* get list of matching files */