librpc ndr/py_security: Export security_ace_equal as richcmp to python
[Samba.git] / source3 / modules / vfs_worm.c
blob833a0ac26fe46b0b061e10e38b545ae5fe327785
1 /*
2 * VFS module to disallow writes for older files
4 * Copyright (C) 2013, Volker Lendecke
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
20 #include "includes.h"
21 #include "smbd/smbd.h"
22 #include "system/filesys.h"
23 #include "libcli/security/security.h"
25 static NTSTATUS vfs_worm_create_file(vfs_handle_struct *handle,
26 struct smb_request *req,
27 struct files_struct *dirfsp,
28 struct smb_filename *smb_fname,
29 uint32_t access_mask,
30 uint32_t share_access,
31 uint32_t create_disposition,
32 uint32_t create_options,
33 uint32_t file_attributes,
34 uint32_t oplock_request,
35 const struct smb2_lease *lease,
36 uint64_t allocation_size,
37 uint32_t private_flags,
38 struct security_descriptor *sd,
39 struct ea_list *ea_list,
40 files_struct **result,
41 int *pinfo,
42 const struct smb2_create_blobs *in_context_blobs,
43 struct smb2_create_blobs *out_context_blobs)
45 bool readonly = false;
46 const uint32_t write_access_flags =
47 FILE_WRITE_DATA | FILE_APPEND_DATA |
48 FILE_WRITE_ATTRIBUTES | DELETE_ACCESS |
49 WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS;
50 NTSTATUS status;
52 if (VALID_STAT(smb_fname->st)) {
53 double age;
54 age = timespec_elapsed(&smb_fname->st.st_ex_ctime);
55 if (age > lp_parm_int(SNUM(handle->conn), "worm",
56 "grace_period", 3600)) {
57 readonly = true;
61 if (readonly && (access_mask & write_access_flags)) {
62 return NT_STATUS_ACCESS_DENIED;
65 status = SMB_VFS_NEXT_CREATE_FILE(
66 handle, req, dirfsp, smb_fname, access_mask,
67 share_access, create_disposition, create_options,
68 file_attributes, oplock_request, lease, allocation_size,
69 private_flags, sd, ea_list, result, pinfo,
70 in_context_blobs, out_context_blobs);
71 if (!NT_STATUS_IS_OK(status)) {
72 return status;
76 * Access via MAXIMUM_ALLOWED_ACCESS?
78 if (readonly && ((*result)->access_mask & write_access_flags)) {
79 close_file_free(req, result, NORMAL_CLOSE);
80 return NT_STATUS_ACCESS_DENIED;
82 return NT_STATUS_OK;
85 static struct vfs_fn_pointers vfs_worm_fns = {
86 .create_file_fn = vfs_worm_create_file,
89 static_decl_vfs;
90 NTSTATUS vfs_worm_init(TALLOC_CTX *ctx)
92 NTSTATUS ret;
94 ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "worm",
95 &vfs_worm_fns);
96 if (!NT_STATUS_IS_OK(ret)) {
97 return ret;
100 return ret;