From: Jeremy Allison <jra@samba.org>
Date: Wed, 2 Mar 2005 03:41:44 +0000 (+0000)
Subject: r5616: Forgot about the sticky bit on directories (commonly set on /tmp). If this... 
X-Git-Tag: samba-misc-tags/initial-v3-0-unstable~5194
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=eb18104d10428a5daef2316088edc3dbaff58708;p=thirdparty%2Fsamba.git

r5616: Forgot about the sticky bit on directories (commonly set on /tmp). If this is set
then only the owner or root can delete a file. We now use
the same algorithm to check file delete.
Jeremy.
---

diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c
index d02edc5ea06..c5f96db85c1 100644
--- a/source/smbd/posix_acls.c
+++ b/source/smbd/posix_acls.c
@@ -3903,10 +3903,26 @@ BOOL can_delete_file_in_directory(connection_struct *conn, const char *fname)
 	if (current_user.uid == sbuf.st_uid) {
 		return (sbuf.st_mode & S_IWUSR) ? True : False;
 	}
+
+#ifdef S_ISVTX
+	/* sticky bit means delete only by owner or root. */
+	if (sbuf.st_mode & S_ISVTX) {
+		SMB_STRUCT_STAT sbuf_file;  
+		if(SMB_VFS_STAT(conn, fname, &sbuf_file) != 0) {
+			return False;
+		}
+		if (current_user.uid == sbuf_file.st_uid) {
+			return True;
+		}
+		return False;
+	}
+#endif
+
 	/* Check group ownership. */
 	ret = check_posix_acl_group_write(conn, dname, &sbuf);
 	if (ret == 0 || ret == 1) {
 		return ret ? True : False;
 	}
+
 	return (sbuf.st_mode & S_IWOTH) ? True : False;
 }