s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index be9e601bb1518dc07babdbcd8605f43c50263c4a..643e074f399a688c508d2e91e52e3aee0ec8da9e 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -5120,6 +5120,18 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
                goto fail;
        }
 
+       /*
+        * Files or directories can't be opened DELETE_ON_CLOSE without
+        * delete access.
+        * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358
+        */
+       if (create_options & FILE_DELETE_ON_CLOSE) {
+               if ((access_mask & DELETE_ACCESS) == 0) {
+                       status = NT_STATUS_INVALID_PARAMETER;
+                       goto fail;
+               }
+       }
+
        if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
            && is_ntfs_stream_smb_fname(smb_fname)
            && (!(private_flags & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {