Remove a couple of uses of SMB_VFS_GET_NT_ACL(), use

SMB_VFS_FGET_NT_ACL instead. I'd like to ultimately
remove SMB_VFS_GET_NT_ACL.
Jeremy.
(This used to be commit 4221937b68e2414295279b27c5f12a80f826ed4b)

diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 18c6f4de530a175a10f1a5d6594e1b3b7d5e9e11..947ad46568cb4963bdca22205bcb53c5324fa628 100644 (file)
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -2029,20 +2029,18 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
        char *qualname = NULL;
        SMB_STRUCT_STAT st;
        NTSTATUS nt_status;
-       WERROR werr;
+       WERROR werr = WERR_ACCESS_DENIED;
        struct current_user user;
        connection_struct *conn = NULL;
        bool became_user = False;
        TALLOC_CTX *ctx = p->mem_ctx;
-       struct sec_desc_buf *sd_buf;
+       struct sec_desc_buf *sd_buf = NULL;
+       files_struct *fsp = NULL;
 
        ZERO_STRUCT(st);
 
-       werr = WERR_OK;
-
        qualname = talloc_strdup(ctx, r->in.share);
        if (!qualname) {
-               werr = WERR_ACCESS_DENIED;
                goto error_exit;
        }
 
@@ -2064,14 +2062,12 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
 
        if (!become_user(conn, conn->vuid)) {
                DEBUG(0,("_srvsvc_NetGetFileSecurity: Can't become connected user!\n"));
-               werr = WERR_ACCESS_DENIED;
                goto error_exit;
        }
        became_user = True;
 
        filename_in = talloc_strdup(ctx, r->in.file);
        if (!filename_in) {
-               werr = WERR_ACCESS_DENIED;
                goto error_exit;
        }
 
@@ -2079,7 +2075,6 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
        if (!NT_STATUS_IS_OK(nt_status)) {
                DEBUG(3,("_srvsvc_NetGetFileSecurity: bad pathname %s\n",
                        filename));
-               werr = WERR_ACCESS_DENIED;
                goto error_exit;
        }
 
@@ -2087,11 +2082,37 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
        if (!NT_STATUS_IS_OK(nt_status)) {
                DEBUG(3,("_srvsvc_NetGetFileSecurity: can't access %s\n",
                        filename));
-               werr = WERR_ACCESS_DENIED;
                goto error_exit;
        }
 
-       nt_status = SMB_VFS_GET_NT_ACL(conn, filename,
+       if (!(S_ISDIR(st.st_mode))) {
+               nt_status = open_file_ntcreate(conn, NULL, filename, &st,
+                               FILE_READ_ATTRIBUTES,
+                               FILE_SHARE_READ|FILE_SHARE_WRITE,
+                               FILE_OPEN,
+                               0,
+                               FILE_ATTRIBUTE_NORMAL,
+                               0,
+                               NULL, &fsp);
+
+       } else {
+               nt_status = open_directory(conn, NULL, filename, &st,
+                               FILE_READ_ATTRIBUTES,
+                               FILE_SHARE_READ|FILE_SHARE_WRITE,
+                               FILE_OPEN,
+                               0,
+                               FILE_ATTRIBUTE_DIRECTORY,
+                               NULL, &fsp);
+       }
+
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               DEBUG(3,("_srvsvc_NetGetFileSecurity: can't open %s\n",
+                       filename));
+               werr = ntstatus_to_werror(nt_status);
+               goto error_exit;
+       }
+
+       nt_status = SMB_VFS_FGET_NT_ACL(fsp,
                                       (OWNER_SECURITY_INFORMATION
                                        |GROUP_SECURITY_INFORMATION
                                        |DACL_SECURITY_INFORMATION), &psd);
@@ -2118,17 +2139,25 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
 
        psd->dacl->revision = NT4_ACL_REVISION;
 
+       close_file(fsp, NORMAL_CLOSE);
+
        unbecome_user();
        close_cnum(conn, user.vuid);
-       return werr;
+       return WERR_OK;
 
 error_exit:
 
-       if (became_user)
+       if(fsp) {
+               close_file(fsp, NORMAL_CLOSE);
+       }
+
+       if (became_user) {
                unbecome_user();
+       }
 
-       if (conn)
+       if (conn) {
                close_cnum(conn, user.vuid);
+       }
 
        return werr;
 }

diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 362823d78a55258b4273be39cf78847c2e9bc649..bd34b5a361399ee9fc0161220f5d91f512561f20 100644 (file)
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1612,14 +1612,8 @@ static void call_nt_transact_query_security_desc(connection_struct *conn,
        if (!lp_nt_acl_support(SNUM(conn))) {
                status = get_null_nt_acl(talloc_tos(), &psd);
        } else {
-               if (fsp->fh->fd != -1) {
-                       status = SMB_VFS_FGET_NT_ACL(
-                               fsp, security_info_wanted, &psd);
-               }
-               else {
-                       status = SMB_VFS_GET_NT_ACL(
-                               conn, fsp->fsp_name, security_info_wanted, &psd);
-               }
+               status = SMB_VFS_FGET_NT_ACL(
+                       fsp, security_info_wanted, &psd);
        }
 
        if (!NT_STATUS_IS_OK(status)) {