s3-rpc: Avoid including every pipe's client and server stubs everywhere in samba.

[nivanova/samba-autobuild/.git] / source3 / rpc_server / srv_srvsvc_nt.c

diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index c8f21b76bb5574241162dd26ac57aafa65d9cb29..d35557e5bdcade5891098fc1e471532ba0701d35 100644 (file)
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -5,6 +5,7 @@
  *  Copyright (C) Jeremy Allison               2001.
  *  Copyright (C) Nigel Williams               2001.
  *  Copyright (C) Gerald (Jerry) Carter        2006.
+ *  Copyright (C) Guenther Deschner            2008.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -23,12 +24,15 @@
 /* This is the implementation of the srvsvc pipe. */
 
 #include "includes.h"
+#include "../librpc/gen_ndr/srv_srvsvc.h"
 
 extern const struct generic_mapping file_generic_mapping;
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_SRV
 
+#define MAX_SERVER_DISK_ENTRIES 15
+
 /* Use for enumerating connections, pipes, & files */
 
 struct file_enum_count {
@@ -85,12 +89,13 @@ static int pipe_enum_fn( struct db_record *rec, void *p)
        }
        fenum->ctr3->array = f;
 
-       init_srvsvc_NetFileInfo3(&fenum->ctr3->array[i],
-                                (uint32_t)((procid_to_pid(&prec.pid)<<16) & prec.pnum),
-                                (FILE_READ_DATA|FILE_WRITE_DATA),
-                                0,
-                                fullpath,
-                                username);
+       fenum->ctr3->array[i].fid               =
+               (((uint32_t)(procid_to_pid(&prec.pid))<<16) | prec.pnum);
+       fenum->ctr3->array[i].permissions       =
+               (FILE_READ_DATA|FILE_WRITE_DATA);
+       fenum->ctr3->array[i].num_locks         = 0;
+       fenum->ctr3->array[i].path              = fullpath;
+       fenum->ctr3->array[i].user              = username;
 
        fenum->ctr3->count++;
 
@@ -184,15 +189,17 @@ static void enum_file_fn( const struct share_mode_entry *e,
        string_replace( fullpath, '/', '\\' );
 
        /* mask out create (what ever that is) */
-       permissions = e->share_access & (FILE_READ_DATA|FILE_WRITE_DATA);
+       permissions = e->access_mask & (FILE_READ_DATA|FILE_WRITE_DATA);
 
        /* now fill in the srvsvc_NetFileInfo3 struct */
-       init_srvsvc_NetFileInfo3(&fenum->ctr3->array[i],
-                                e->share_file_id,
-                                permissions,
-                                num_locks,
-                                username,
-                                fullpath);
+
+       fenum->ctr3->array[i].fid               =
+               (((uint32_t)(procid_to_pid(&e->pid))<<16) | e->share_file_id);
+       fenum->ctr3->array[i].permissions       = permissions;
+       fenum->ctr3->array[i].num_locks         = num_locks;
+       fenum->ctr3->array[i].path              = fullpath;
+       fenum->ctr3->array[i].user              = username;
+
        fenum->ctr3->count++;
 }
 
@@ -241,9 +248,7 @@ static uint32 get_share_type(int snum)
 
 static void init_srv_share_info_0(pipes_struct *p, struct srvsvc_NetShareInfo0 *r, int snum)
 {
-       const char *net_name = lp_servicename(snum);
-
-       init_srvsvc_NetShareInfo0(r, net_name);
+       r->name         = lp_servicename(snum);
 }
 
 /*******************************************************************
@@ -256,14 +261,16 @@ static void init_srv_share_info_1(pipes_struct *p, struct srvsvc_NetShareInfo1 *
        char *remark = talloc_strdup(p->mem_ctx, lp_comment(snum));
 
        if (remark) {
-               remark = standard_sub_conn(p->mem_ctx,
-                               p->conn,
-                               remark);
+               remark = talloc_sub_advanced(
+                       p->mem_ctx, lp_servicename(snum),
+                       get_current_username(), lp_pathname(snum),
+                       p->server_info->utok.uid, get_current_username(),
+                       "", remark);
        }
 
-       init_srvsvc_NetShareInfo1(r, net_name,
-                                 get_share_type(snum),
-                                 remark ? remark : "");
+       r->name         = net_name;
+       r->type         = get_share_type(snum);
+       r->comment      = remark ? remark : "";
 }
 
 /*******************************************************************
@@ -275,15 +282,16 @@ static void init_srv_share_info_2(pipes_struct *p, struct srvsvc_NetShareInfo2 *
        char *remark = NULL;
        char *path = NULL;
        int max_connections = lp_max_connections(snum);
-       uint32 max_uses = max_connections!=0 ? max_connections : 0xffffffff;
-       int count = 0;
+       uint32_t max_uses = max_connections!=0 ? max_connections : (uint32_t)-1;
        char *net_name = lp_servicename(snum);
 
        remark = talloc_strdup(p->mem_ctx, lp_comment(snum));
        if (remark) {
-               remark = standard_sub_conn(p->mem_ctx,
-                               p->conn,
-                               remark);
+               remark = talloc_sub_advanced(
+                       p->mem_ctx, lp_servicename(snum),
+                       get_current_username(), lp_pathname(snum),
+                       p->server_info->utok.uid, get_current_username(),
+                       "", remark);
        }
        path = talloc_asprintf(p->mem_ctx,
                        "C:%s", lp_pathname(snum));
@@ -298,16 +306,14 @@ static void init_srv_share_info_2(pipes_struct *p, struct srvsvc_NetShareInfo2 *
                string_replace(path, '/', '\\');
        }
 
-       count = count_current_connections(net_name, false);
-
-       init_srvsvc_NetShareInfo2(r, net_name,
-                                 get_share_type(snum),
-                                 remark ? remark : "",
-                                 0,
-                                 max_uses,
-                                 count,
-                                 path ? path : "",
-                                 "");
+       r->name                 = net_name;
+       r->type                 = get_share_type(snum);
+       r->comment              = remark ? remark : "";
+       r->permissions          = 0;
+       r->max_users            = max_uses;
+       r->current_users        = count_current_connections(net_name, false);
+       r->path                 = path ? path : "";
+       r->password             = "";
 }
 
 /*******************************************************************
@@ -345,13 +351,17 @@ static void init_srv_share_info_501(pipes_struct *p, struct srvsvc_NetShareInfo5
        char *remark = talloc_strdup(p->mem_ctx, lp_comment(snum));
 
        if (remark) {
-               remark = standard_sub_conn(p->mem_ctx, p->conn, remark);
+               remark = talloc_sub_advanced(
+                       p->mem_ctx, lp_servicename(snum),
+                       get_current_username(), lp_pathname(snum),
+                       p->server_info->utok.uid, get_current_username(),
+                       "", remark);
        }
 
-       init_srvsvc_NetShareInfo501(r, net_name,
-                                   get_share_type(snum),
-                                   remark ? remark : "",
-                                   (lp_csc_policy(snum) << 4));
+       r->name         = net_name;
+       r->type         = get_share_type(snum);
+       r->comment      = remark ? remark : "";
+       r->csc_policy   = (lp_csc_policy(snum) << 4);
 }
 
 /*******************************************************************
@@ -363,12 +373,17 @@ static void init_srv_share_info_502(pipes_struct *p, struct srvsvc_NetShareInfo5
        const char *net_name = lp_servicename(snum);
        char *path = NULL;
        SEC_DESC *sd = NULL;
+       struct sec_desc_buf *sd_buf = NULL;
        size_t sd_size = 0;
        TALLOC_CTX *ctx = p->mem_ctx;
        char *remark = talloc_strdup(ctx, lp_comment(snum));;
 
        if (remark) {
-               remark = standard_sub_conn(ctx, p->conn, remark);
+               remark = talloc_sub_advanced(
+                       p->mem_ctx, lp_servicename(snum),
+                       get_current_username(), lp_pathname(snum),
+                       p->server_info->utok.uid, get_current_username(),
+                       "", remark);
        }
        path = talloc_asprintf(ctx, "C:%s", lp_pathname(snum));
        if (path) {
@@ -381,16 +396,17 @@ static void init_srv_share_info_502(pipes_struct *p, struct srvsvc_NetShareInfo5
 
        sd = get_share_security(ctx, lp_servicename(snum), &sd_size);
 
-       init_srvsvc_NetShareInfo502(r, net_name,
-                                   get_share_type(snum),
-                                   remark ? remark : "",
-                                   0,
-                                   0xffffffff,
-                                   1,
-                                   path ? path : "",
-                                   "",
-                                   0,
-                                   sd);
+       sd_buf = make_sec_desc_buf(p->mem_ctx, sd_size, sd);
+
+       r->name                 = net_name;
+       r->type                 = get_share_type(snum);
+       r->comment              = remark ? remark : "";
+       r->permissions          = 0;
+       r->max_users            = (uint32_t)-1;
+       r->current_users        = 1; /* ??? */
+       r->path                 = path ? path : "";
+       r->password             = "";
+       r->sd_buf               = *sd_buf;
 }
 
 /***************************************************************************
@@ -402,10 +418,14 @@ static void init_srv_share_info_1004(pipes_struct *p, struct srvsvc_NetShareInfo
        char *remark = talloc_strdup(p->mem_ctx, lp_comment(snum));
 
        if (remark) {
-               remark = standard_sub_conn(p->mem_ctx, p->conn, remark);
+               remark = talloc_sub_advanced(
+                       p->mem_ctx, lp_servicename(snum),
+                       get_current_username(), lp_pathname(snum),
+                       p->server_info->utok.uid, get_current_username(),
+                       "", remark);
        }
 
-       init_srvsvc_NetShareInfo1004(r, remark ? remark : "");
+       r->comment      = remark ? remark : "";
 }
 
 /***************************************************************************
@@ -422,7 +442,7 @@ static void init_srv_share_info_1005(pipes_struct *p, struct srvsvc_NetShareInfo
 
        dfs_flags |= lp_csc_policy(snum) << SHARE_1005_CSC_POLICY_SHIFT;
 
-       init_srvsvc_NetShareInfo1005(r, dfs_flags);
+       r->dfs_flags    = dfs_flags;
 }
 
 /***************************************************************************
@@ -431,7 +451,7 @@ static void init_srv_share_info_1005(pipes_struct *p, struct srvsvc_NetShareInfo
 
 static void init_srv_share_info_1006(pipes_struct *p, struct srvsvc_NetShareInfo1006 *r, int snum)
 {
-       init_srvsvc_NetShareInfo1006(r, 0xffffffff);
+       r->max_users    = (uint32_t)-1;
 }
 
 /***************************************************************************
@@ -440,9 +460,8 @@ static void init_srv_share_info_1006(pipes_struct *p, struct srvsvc_NetShareInfo
 
 static void init_srv_share_info_1007(pipes_struct *p, struct srvsvc_NetShareInfo1007 *r, int snum)
 {
-       uint32 flags = 0;
-
-       init_srvsvc_NetShareInfo1007(r, flags, "");
+       r->flags                        = 0;
+       r->alternate_directory_name     = "";
 }
 
 /*******************************************************************
@@ -471,6 +490,19 @@ static bool is_hidden_share(int snum)
        return (net_name[strlen(net_name) - 1] == '$') ? True : False;
 }
 
+/*******************************************************************
+ Verify user is allowed to view share, access based enumeration
+********************************************************************/
+static bool is_enumeration_allowed(pipes_struct *p,
+                                   int snum)
+{
+    if (!lp_access_based_share_enum(snum))
+        return true;
+
+    return share_access_check(p->server_info->ptok, lp_servicename(snum),
+                              FILE_READ_DATA);
+}
+
 /*******************************************************************
  Fill in a share info structure.
  ********************************************************************/
@@ -488,6 +520,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
        TALLOC_CTX *ctx = p->mem_ctx;
        int i = 0;
        int valid_share_count = 0;
+       bool *allowed = 0;
        union srvsvc_NetShareCtr ctr;
        uint32_t resume_handle = resume_handle_p ? *resume_handle_p : 0;
 
@@ -500,15 +533,23 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
        num_services = lp_numservices();
        unbecome_root();
 
-       /* Count the number of entries. */
-       for (snum = 0; snum < num_services; snum++) {
-               if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
-                       DEBUG(10, ("counting service %s\n", lp_servicename(snum)));
-                       num_entries++;
-               } else {
-                       DEBUG(10, ("NOT counting service %s\n", lp_servicename(snum)));
-               }
-       }
+        allowed = TALLOC_ZERO_ARRAY(ctx, bool, num_services);
+        W_ERROR_HAVE_NO_MEMORY(allowed);
+
+        /* Count the number of entries. */
+        for (snum = 0; snum < num_services; snum++) {
+                if (lp_browseable(snum) && lp_snum_ok(snum) &&
+                    is_enumeration_allowed(p, snum) &&
+                    (all_shares || !is_hidden_share(snum)) ) {
+                        DEBUG(10, ("counting service %s\n",
+                               lp_servicename(snum) ? lp_servicename(snum) : "(null)"));
+                        allowed[snum] = true;
+                        num_entries++;
+                } else {
+                        DEBUG(10, ("NOT counting service %s\n",
+                               lp_servicename(snum) ? lp_servicename(snum) : "(null)"));
+                }
+        }
 
        if (!num_entries || (resume_handle >= num_entries)) {
                return WERR_OK;
@@ -526,7 +567,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
                W_ERROR_HAVE_NO_MEMORY(ctr.ctr0->array);
 
                for (snum = 0; snum < num_services; snum++) {
-                       if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+                       if (allowed[snum] &&
                            (resume_handle <= (i + valid_share_count++)) ) {
                                init_srv_share_info_0(p, &ctr.ctr0->array[i++], snum);
                        }
@@ -543,7 +584,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
                W_ERROR_HAVE_NO_MEMORY(ctr.ctr1->array);
 
                for (snum = 0; snum < num_services; snum++) {
-                       if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+                       if (allowed[snum] &&
                            (resume_handle <= (i + valid_share_count++)) ) {
                                init_srv_share_info_1(p, &ctr.ctr1->array[i++], snum);
                        }
@@ -560,7 +601,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
                W_ERROR_HAVE_NO_MEMORY(ctr.ctr2->array);
 
                for (snum = 0; snum < num_services; snum++) {
-                       if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+                       if (allowed[snum] &&
                            (resume_handle <= (i + valid_share_count++)) ) {
                                init_srv_share_info_2(p, &ctr.ctr2->array[i++], snum);
                        }
@@ -577,7 +618,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
                W_ERROR_HAVE_NO_MEMORY(ctr.ctr501->array);
 
                for (snum = 0; snum < num_services; snum++) {
-                       if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+                       if (allowed[snum] &&
                            (resume_handle <= (i + valid_share_count++)) ) {
                                init_srv_share_info_501(p, &ctr.ctr501->array[i++], snum);
                        }
@@ -594,7 +635,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
                W_ERROR_HAVE_NO_MEMORY(ctr.ctr502->array);
 
                for (snum = 0; snum < num_services; snum++) {
-                       if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+                       if (allowed[snum] &&
                            (resume_handle <= (i + valid_share_count++)) ) {
                                init_srv_share_info_502(p, &ctr.ctr502->array[i++], snum);
                        }
@@ -611,7 +652,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
                W_ERROR_HAVE_NO_MEMORY(ctr.ctr1004->array);
 
                for (snum = 0; snum < num_services; snum++) {
-                       if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+                       if (allowed[snum] &&
                            (resume_handle <= (i + valid_share_count++)) ) {
                                init_srv_share_info_1004(p, &ctr.ctr1004->array[i++], snum);
                        }
@@ -628,7 +669,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
                W_ERROR_HAVE_NO_MEMORY(ctr.ctr1005->array);
 
                for (snum = 0; snum < num_services; snum++) {
-                       if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+                       if (allowed[snum] &&
                            (resume_handle <= (i + valid_share_count++)) ) {
                                init_srv_share_info_1005(p, &ctr.ctr1005->array[i++], snum);
                        }
@@ -645,7 +686,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
                W_ERROR_HAVE_NO_MEMORY(ctr.ctr1006->array);
 
                for (snum = 0; snum < num_services; snum++) {
-                       if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+                       if (allowed[snum] &&
                            (resume_handle <= (i + valid_share_count++)) ) {
                                init_srv_share_info_1006(p, &ctr.ctr1006->array[i++], snum);
                        }
@@ -662,7 +703,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
                W_ERROR_HAVE_NO_MEMORY(ctr.ctr1007->array);
 
                for (snum = 0; snum < num_services; snum++) {
-                       if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+                       if (allowed[snum] &&
                            (resume_handle <= (i + valid_share_count++)) ) {
                                init_srv_share_info_1007(p, &ctr.ctr1007->array[i++], snum);
                        }
@@ -679,7 +720,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
                W_ERROR_HAVE_NO_MEMORY(ctr.ctr1501->array);
 
                for (snum = 0; snum < num_services; snum++) {
-                       if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+                       if (allowed[snum] &&
                            (resume_handle <= (i + valid_share_count++)) ) {
                                init_srv_share_info_1501(p, &ctr.ctr1501->array[i++], snum);
                        }
@@ -730,7 +771,7 @@ static WERROR init_srv_sess_info_0(pipes_struct *p,
                return WERR_OK;
        }
 
-       for (; resume_handle < *total_entries && num_entries < MAX_SESS_ENTRIES; resume_handle++) {
+       for (; resume_handle < *total_entries; resume_handle++) {
 
                ctr0->array = TALLOC_REALLOC_ARRAY(p->mem_ctx,
                                                   ctr0->array,
@@ -738,8 +779,9 @@ static WERROR init_srv_sess_info_0(pipes_struct *p,
                                                   num_entries+1);
                W_ERROR_HAVE_NO_MEMORY(ctr0->array);
 
-               init_srvsvc_NetSessInfo0(&ctr0->array[num_entries],
-                                        session_list[resume_handle].remote_machine);
+               ctr0->array[num_entries].client =
+                       session_list[resume_handle].remote_machine;
+
                num_entries++;
        }
 
@@ -813,7 +855,7 @@ static WERROR init_srv_sess_info_1(pipes_struct *p,
 
        *total_entries = list_sessions(p->mem_ctx, &session_list);
 
-       for (; resume_handle < *total_entries && num_entries < MAX_SESS_ENTRIES; resume_handle++) {
+       for (; resume_handle < *total_entries; resume_handle++) {
                uint32 num_files;
                uint32 connect_time;
                struct passwd *pw = sys_getpwnam(session_list[resume_handle].username);
@@ -835,13 +877,13 @@ static WERROR init_srv_sess_info_1(pipes_struct *p,
                                                   num_entries+1);
                W_ERROR_HAVE_NO_MEMORY(ctr1->array);
 
-               init_srvsvc_NetSessInfo1(&ctr1->array[num_entries],
-                                        session_list[resume_handle].remote_machine,
-                                        session_list[resume_handle].username,
-                                        num_files,
-                                        connect_time,
-                                        0,
-                                        guest);
+               ctr1->array[num_entries].client         = session_list[resume_handle].remote_machine;
+               ctr1->array[num_entries].user           = session_list[resume_handle].username;
+               ctr1->array[num_entries].num_open       = num_files;
+               ctr1->array[num_entries].time           = connect_time;
+               ctr1->array[num_entries].idle_time      = 0;
+               ctr1->array[num_entries].user_flags     = guest;
+
                num_entries++;
        }
 
@@ -882,7 +924,7 @@ static WERROR init_srv_conn_info_0(struct srvsvc_NetConnCtr0 *ctr0,
 
        ZERO_STRUCTP(ctr0);
 
-       for (; resume_handle < *total_entries && num_entries < MAX_CONN_ENTRIES; resume_handle++) {
+       for (; resume_handle < *total_entries; resume_handle++) {
 
                ctr0->array = TALLOC_REALLOC_ARRAY(talloc_tos(),
                                                   ctr0->array,
@@ -892,8 +934,7 @@ static WERROR init_srv_conn_info_0(struct srvsvc_NetConnCtr0 *ctr0,
                        return WERR_NOMEM;
                }
 
-               init_srvsvc_NetConnInfo0(&ctr0->array[num_entries],
-                                        (*total_entries));
+               ctr0->array[num_entries].conn_id = *total_entries;
 
                /* move on to creating next connection */
                num_entries++;
@@ -937,7 +978,7 @@ static WERROR init_srv_conn_info_1(struct srvsvc_NetConnCtr1 *ctr1,
 
        ZERO_STRUCTP(ctr1);
 
-       for (; (resume_handle < *total_entries) && num_entries < MAX_CONN_ENTRIES; resume_handle++) {
+       for (; resume_handle < *total_entries; resume_handle++) {
 
                ctr1->array = TALLOC_REALLOC_ARRAY(talloc_tos(),
                                                   ctr1->array,
@@ -947,14 +988,13 @@ static WERROR init_srv_conn_info_1(struct srvsvc_NetConnCtr1 *ctr1,
                        return WERR_NOMEM;
                }
 
-               init_srvsvc_NetConnInfo1(&ctr1->array[num_entries],
-                                        (*total_entries),
-                                        0x3,
-                                        1,
-                                        1,
-                                        3,
-                                        "dummy_user",
-                                        "IPC$");
+               ctr1->array[num_entries].conn_id        = *total_entries;
+               ctr1->array[num_entries].conn_type      = 0x3;
+               ctr1->array[num_entries].num_open       = 1;
+               ctr1->array[num_entries].num_users      = 1;
+               ctr1->array[num_entries].conn_time      = 3;
+               ctr1->array[num_entries].user           = "dummy_user";
+               ctr1->array[num_entries].share          = "IPC$";
 
                /* move on to creating next connection */
                num_entries++;
@@ -1054,20 +1094,21 @@ WERROR _srvsvc_NetSrvGetInfo(pipes_struct *p,
                        return WERR_NOMEM;
                }
 
-               init_srvsvc_NetSrvInfo102(info102,
-                                         PLATFORM_ID_NT,
-                                         global_myname(),
-                                         lp_major_announce_version(),
-                                         lp_minor_announce_version(),
-                                         lp_default_server_announce(),
-                                         string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH),
-                                         0xffffffff, /* users */
-                                         0xf, /* disc */
-                                         0, /* hidden */
-                                         240, /* announce */
-                                         3000, /* announce delta */
-                                         100000, /* licenses */
-                                         "c:\\"); /* user path */
+               info102->platform_id    = PLATFORM_ID_NT;
+               info102->server_name    = global_myname();
+               info102->version_major  = lp_major_announce_version();
+               info102->version_minor  = lp_minor_announce_version();
+               info102->server_type    = lp_default_server_announce();
+               info102->comment        = string_truncate(lp_serverstring(),
+                                               MAX_SERVER_STRING_LENGTH);
+               info102->users          = 0xffffffff;
+               info102->disc           = 0xf;
+               info102->hidden         = 0;
+               info102->announce       = 240;
+               info102->anndelta       = 3000;
+               info102->licenses       = 100000;
+               info102->userpath       = "C:\\";
+
                r->out.info->info102 = info102;
                break;
        }
@@ -1079,13 +1120,14 @@ WERROR _srvsvc_NetSrvGetInfo(pipes_struct *p,
                        return WERR_NOMEM;
                }
 
-               init_srvsvc_NetSrvInfo101(info101,
-                                         PLATFORM_ID_NT,
-                                         global_myname(),
-                                         lp_major_announce_version(),
-                                         lp_minor_announce_version(),
-                                         lp_default_server_announce(),
-                                         string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH));
+               info101->platform_id    = PLATFORM_ID_NT;
+               info101->server_name    = global_myname();
+               info101->version_major  = lp_major_announce_version();
+               info101->version_minor  = lp_minor_announce_version();
+               info101->server_type    = lp_default_server_announce();
+               info101->comment        = string_truncate(lp_serverstring(),
+                                               MAX_SERVER_STRING_LENGTH);
+
                r->out.info->info101 = info101;
                break;
        }
@@ -1097,9 +1139,9 @@ WERROR _srvsvc_NetSrvGetInfo(pipes_struct *p,
                        return WERR_NOMEM;
                }
 
-               init_srvsvc_NetSrvInfo100(info100,
-                                         PLATFORM_ID_NT,
-                                         global_myname());
+               info100->platform_id    = PLATFORM_ID_NT;
+               info100->server_name    = global_myname();
+
                r->out.info->info100 = info100;
 
                break;
@@ -1204,7 +1246,6 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p,
                          struct srvsvc_NetSessDel *r)
 {
        struct sessionid *session_list;
-       struct current_user user;
        int num_sessions, snum;
        const char *username;
        const char *machine;
@@ -1225,12 +1266,11 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p,
 
        werr = WERR_ACCESS_DENIED;
 
-       get_current_user(&user, p);
-
        /* fail out now if you are not root or not a domain admin */
 
-       if ((user.ut.uid != sec_initial_uid()) &&
-               ( ! nt_token_check_domain_rid(p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS))) {
+       if ((p->server_info->utok.uid != sec_initial_uid()) &&
+               ( ! nt_token_check_domain_rid(p->server_info->ptok,
+                                             DOMAIN_GROUP_RID_ADMINS))) {
 
                goto done;
        }
@@ -1242,7 +1282,7 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p,
 
                        NTSTATUS ntstat;
 
-                       if (user.ut.uid != sec_initial_uid()) {
+                       if (p->server_info->utok.uid != sec_initial_uid()) {
                                not_root = True;
                                become_root();
                        }
@@ -1445,7 +1485,6 @@ char *valid_share_pathname(TALLOC_CTX *ctx, const char *dos_pathname)
 WERROR _srvsvc_NetShareSetInfo(pipes_struct *p,
                               struct srvsvc_NetShareSetInfo *r)
 {
-       struct current_user user;
        char *command = NULL;
        char *share_name = NULL;
        char *comment = NULL;
@@ -1468,12 +1507,17 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p,
                return WERR_NOMEM;
        }
 
-       *r->out.parm_error = 0;
+       if (r->out.parm_error) {
+               *r->out.parm_error = 0;
+       }
 
        if ( strequal(share_name,"IPC$")
                || ( lp_enable_asu_support() && strequal(share_name,"ADMIN$") )
                || strequal(share_name,"global") )
        {
+               DEBUG(5,("_srvsvc_NetShareSetInfo: share %s cannot be "
+                       "modified by a remote user.\n",
+                       share_name ));
                return WERR_ACCESS_DENIED;
        }
 
@@ -1487,27 +1531,31 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p,
        if (lp_print_ok(snum))
                return WERR_ACCESS_DENIED;
 
-       get_current_user(&user,p);
-
-       is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
+       is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
 
        /* fail out now if you are not root and not a disk op */
 
-       if ( user.ut.uid != sec_initial_uid() && !is_disk_op )
+       if ( p->server_info->utok.uid != sec_initial_uid() && !is_disk_op ) {
+               DEBUG(2,("_srvsvc_NetShareSetInfo: uid %u doesn't have the "
+                       "SeDiskOperatorPrivilege privilege needed to modify "
+                       "share %s\n",
+                       (unsigned int)p->server_info->utok.uid,
+                       share_name ));
                return WERR_ACCESS_DENIED;
+       }
 
        switch (r->in.level) {
        case 1:
                pathname = talloc_strdup(ctx, lp_pathname(snum));
-               comment = talloc_strdup(ctx, info->info2->comment);
-               type = info->info2->type;
+               comment = talloc_strdup(ctx, info->info1->comment);
+               type = info->info1->type;
                psd = NULL;
                break;
        case 2:
                comment = talloc_strdup(ctx, info->info2->comment);
                pathname = info->info2->path;
                type = info->info2->type;
-               max_connections = (info->info2->max_users == 0xffffffff) ?
+               max_connections = (info->info2->max_users == (uint32_t)-1) ?
                        0 : info->info2->max_users;
                psd = NULL;
                break;
@@ -1523,7 +1571,7 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p,
                comment = talloc_strdup(ctx, info->info502->comment);
                pathname = info->info502->path;
                type = info->info502->type;
-               psd = info->info502->sd;
+               psd = info->info502->sd_buf.sd;
                map_generic_share_sd_bits(psd);
                break;
        case 1004:
@@ -1561,19 +1609,28 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p,
        }
 
        /* We can only modify disk shares. */
-       if (type != STYPE_DISKTREE)
+       if (type != STYPE_DISKTREE) {
+               DEBUG(5,("_srvsvc_NetShareSetInfo: share %s is not a "
+                       "disk share\n",
+                       share_name ));
                return WERR_ACCESS_DENIED;
+       }
+
+       if (comment == NULL) {
+               return WERR_NOMEM;
+       }
 
        /* Check if the pathname is valid. */
-       if (!(path = valid_share_pathname(p->mem_ctx, pathname )))
+       if (!(path = valid_share_pathname(p->mem_ctx, pathname ))) {
+               DEBUG(5,("_srvsvc_NetShareSetInfo: invalid pathname %s\n",
+                       pathname ));
                return WERR_OBJECT_PATH_INVALID;
+       }
 
        /* Ensure share name, pathname and comment don't contain '"' characters. */
        string_replace(share_name, '"', ' ');
        string_replace(path, '"', ' ');
-       if (comment) {
-               string_replace(comment, '"', ' ');
-       }
+       string_replace(comment, '"', ' ');
 
        DEBUG(10,("_srvsvc_NetShareSetInfo: change share command = %s\n",
                lp_change_share_cmd() ? lp_change_share_cmd() : "NULL" ));
@@ -1637,7 +1694,7 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p,
 
                old_sd = get_share_security(p->mem_ctx, lp_servicename(snum), &sd_size);
 
-               if (old_sd && !sec_desc_equal(old_sd, psd)) {
+               if (old_sd && !security_descriptor_equal(old_sd, psd)) {
                        if (!set_share_security(share_name, psd))
                                DEBUG(0,("_srvsvc_NetShareSetInfo: Failed to change security info in share %s.\n",
                                        share_name ));
@@ -1658,7 +1715,6 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p,
 WERROR _srvsvc_NetShareAdd(pipes_struct *p,
                           struct srvsvc_NetShareAdd *r)
 {
-       struct current_user user;
        char *command = NULL;
        char *share_name = NULL;
        char *comment = NULL;
@@ -1675,13 +1731,13 @@ WERROR _srvsvc_NetShareAdd(pipes_struct *p,
 
        DEBUG(5,("_srvsvc_NetShareAdd: %d\n", __LINE__));
 
-       *r->out.parm_error = 0;
-
-       get_current_user(&user,p);
+       if (r->out.parm_error) {
+               *r->out.parm_error = 0;
+       }
 
-       is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
+       is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
 
-       if (user.ut.uid != sec_initial_uid()  && !is_disk_op )
+       if (p->server_info->utok.uid != sec_initial_uid()  && !is_disk_op )
                return WERR_ACCESS_DENIED;
 
        if (!lp_add_share_cmd() || !*lp_add_share_cmd()) {
@@ -1700,7 +1756,7 @@ WERROR _srvsvc_NetShareAdd(pipes_struct *p,
                share_name = talloc_strdup(ctx, r->in.info->info2->name);
                comment = talloc_strdup(ctx, r->in.info->info2->comment);
                pathname = talloc_strdup(ctx, r->in.info->info2->path);
-               max_connections = (r->in.info->info2->max_users == 0xffffffff) ?
+               max_connections = (r->in.info->info2->max_users == (uint32_t)-1) ?
                        0 : r->in.info->info2->max_users;
                type = r->in.info->info2->type;
                break;
@@ -1711,10 +1767,10 @@ WERROR _srvsvc_NetShareAdd(pipes_struct *p,
                share_name = talloc_strdup(ctx, r->in.info->info502->name);
                comment = talloc_strdup(ctx, r->in.info->info502->comment);
                pathname = talloc_strdup(ctx, r->in.info->info502->path);
-               max_connections = (r->in.info->info502->max_users == 0xffffffff) ?
+               max_connections = (r->in.info->info502->max_users == (uint32_t)-1) ?
                        0 : r->in.info->info502->max_users;
                type = r->in.info->info502->type;
-               psd = r->in.info->info502->sd;
+               psd = r->in.info->info502->sd_buf.sd;
                map_generic_share_sd_bits(psd);
                break;
 
@@ -1754,7 +1810,7 @@ WERROR _srvsvc_NetShareAdd(pipes_struct *p,
 
        /* Share already exists. */
        if (snum >= 0) {
-               return WERR_ALREADY_EXISTS;
+               return WERR_FILE_EXISTS;
        }
 
        /* We can only add disk shares. */
@@ -1841,7 +1897,6 @@ WERROR _srvsvc_NetShareAdd(pipes_struct *p,
 WERROR _srvsvc_NetShareDel(pipes_struct *p,
                           struct srvsvc_NetShareDel *r)
 {
-       struct current_user user;
        char *command = NULL;
        char *share_name = NULL;
        int ret;
@@ -1874,11 +1929,9 @@ WERROR _srvsvc_NetShareDel(pipes_struct *p,
        if (lp_print_ok(snum))
                return WERR_ACCESS_DENIED;
 
-       get_current_user(&user,p);
-
-       is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
+       is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
 
-       if (user.ut.uid != sec_initial_uid()  && !is_disk_op )
+       if (p->server_info->utok.uid != sec_initial_uid()  && !is_disk_op )
                return WERR_ACCESS_DENIED;
 
        if (!lp_delete_share_cmd() || !*lp_delete_share_cmd()) {
@@ -1972,19 +2025,18 @@ WERROR _srvsvc_NetRemoteTOD(pipes_struct *p,
        t = gmtime(&unixdate);
 
        /* set up the */
-       init_srvsvc_NetRemoteTODInfo(tod,
-                                    unixdate,
-                                    0,
-                                    t->tm_hour,
-                                    t->tm_min,
-                                    t->tm_sec,
-                                    0,
-                                    zone,
-                                    10000,
-                                    t->tm_mday,
-                                    t->tm_mon + 1,
-                                    1900+t->tm_year,
-                                    t->tm_wday);
+       tod->elapsed    = unixdate;
+       tod->msecs      = 0;
+       tod->hours      = t->tm_hour;
+       tod->mins       = t->tm_min;
+       tod->secs       = t->tm_sec;
+       tod->hunds      = 0;
+       tod->timezone   = zone;
+       tod->tinterval  = 10000;
+       tod->day        = t->tm_mday;
+       tod->month      = t->tm_mon + 1;
+       tod->year       = 1900+t->tm_year;
+       tod->weekday    = t->tm_wday;
 
        DEBUG(5,("_srvsvc_NetRemoteTOD: %d\n", __LINE__));
 
@@ -1999,91 +2051,91 @@ WERROR _srvsvc_NetRemoteTOD(pipes_struct *p,
 WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
                                  struct srvsvc_NetGetFileSecurity *r)
 {
+       struct smb_filename *smb_fname = NULL;
        SEC_DESC *psd = NULL;
        size_t sd_size;
-       DATA_BLOB null_pw;
-       char *filename_in = NULL;
-       char *filename = NULL;
-       char *qualname = NULL;
+       fstring servicename;
        SMB_STRUCT_STAT st;
        NTSTATUS nt_status;
        WERROR werr;
-       struct current_user user;
        connection_struct *conn = NULL;
-       bool became_user = False;
-       TALLOC_CTX *ctx = p->mem_ctx;
-       struct sec_desc_buf *sd_buf;
+       struct sec_desc_buf *sd_buf = NULL;
+       files_struct *fsp = NULL;
+       int snum;
+       char *oldcwd = NULL;
 
        ZERO_STRUCT(st);
 
-       werr = WERR_OK;
+       fstrcpy(servicename, r->in.share);
 
-       qualname = talloc_strdup(ctx, r->in.share);
-       if (!qualname) {
-               werr = WERR_ACCESS_DENIED;
+       snum = find_service(servicename);
+       if (snum == -1) {
+               DEBUG(10, ("Could not find service %s\n", servicename));
+               werr = WERR_NET_NAME_NOT_FOUND;
                goto error_exit;
        }
 
-       /* Null password is ok - we are already an authenticated user... */
-       null_pw = data_blob_null;
-
-       get_current_user(&user, p);
-
-       become_root();
-       conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status);
-       unbecome_root();
-
-       if (conn == NULL) {
-               DEBUG(3,("_srvsvc_NetGetFileSecurity: Unable to connect to %s\n",
-                       qualname));
+       nt_status = create_conn_struct(talloc_tos(), &conn, snum,
+                                      lp_pathname(snum), p->server_info,
+                                      &oldcwd);
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               DEBUG(10, ("create_conn_struct failed: %s\n",
+                          nt_errstr(nt_status)));
                werr = ntstatus_to_werror(nt_status);
                goto error_exit;
        }
 
-       if (!become_user(conn, conn->vuid)) {
-               DEBUG(0,("_srvsvc_NetGetFileSecurity: Can't become connected user!\n"));
-               werr = WERR_ACCESS_DENIED;
-               goto error_exit;
-       }
-       became_user = True;
-
-       filename_in = talloc_strdup(ctx, r->in.file);
-       if (!filename_in) {
-               werr = WERR_ACCESS_DENIED;
-               goto error_exit;
-       }
-
-       nt_status = unix_convert(ctx, conn, filename_in, False, &filename, NULL, &st);
+       nt_status = filename_convert(talloc_tos(),
+                                       conn,
+                                       false,
+                                       r->in.file,
+                                       0,
+                                       NULL,
+                                       &smb_fname);
        if (!NT_STATUS_IS_OK(nt_status)) {
-               DEBUG(3,("_srvsvc_NetGetFileSecurity: bad pathname %s\n",
-                       filename));
-               werr = WERR_ACCESS_DENIED;
+               werr = ntstatus_to_werror(nt_status);
                goto error_exit;
        }
 
-       nt_status = check_name(conn, filename);
+       nt_status = SMB_VFS_CREATE_FILE(
+               conn,                                   /* conn */
+               NULL,                                   /* req */
+               0,                                      /* root_dir_fid */
+               smb_fname,                              /* fname */
+               FILE_READ_ATTRIBUTES,                   /* access_mask */
+               FILE_SHARE_READ|FILE_SHARE_WRITE,       /* share_access */
+               FILE_OPEN,                              /* create_disposition*/
+               0,                                      /* create_options */
+               0,                                      /* file_attributes */
+               INTERNAL_OPEN_ONLY,                     /* oplock_request */
+               0,                                      /* allocation_size */
+               NULL,                                   /* sd */
+               NULL,                                   /* ea_list */
+               &fsp,                                   /* result */
+               NULL);                                  /* pinfo */
+
        if (!NT_STATUS_IS_OK(nt_status)) {
-               DEBUG(3,("_srvsvc_NetGetFileSecurity: can't access %s\n",
-                       filename));
-               werr = WERR_ACCESS_DENIED;
+               DEBUG(3,("_srvsvc_NetGetFileSecurity: can't open %s\n",
+                        smb_fname_str_dbg(smb_fname)));
+               werr = ntstatus_to_werror(nt_status);
                goto error_exit;
        }
 
-       nt_status = SMB_VFS_GET_NT_ACL(conn, filename,
+       nt_status = SMB_VFS_FGET_NT_ACL(fsp,
                                       (OWNER_SECURITY_INFORMATION
                                        |GROUP_SECURITY_INFORMATION
                                        |DACL_SECURITY_INFORMATION), &psd);
 
        if (!NT_STATUS_IS_OK(nt_status)) {
-               DEBUG(3,("_srvsvc_NetGetFileSecurity: Unable to get NT ACL for file %s\n",
-                       filename));
+               DEBUG(3,("_srvsvc_NetGetFileSecurity: Unable to get NT ACL "
+                       "for file %s\n", smb_fname_str_dbg(smb_fname)));
                werr = ntstatus_to_werror(nt_status);
                goto error_exit;
        }
 
-       sd_size = ndr_size_security_descriptor(psd, 0);
+       sd_size = ndr_size_security_descriptor(psd, NULL, 0);
 
-       sd_buf = TALLOC_ZERO_P(ctx, struct sec_desc_buf);
+       sd_buf = TALLOC_ZERO_P(p->mem_ctx, struct sec_desc_buf);
        if (!sd_buf) {
                werr = WERR_NOMEM;
                goto error_exit;
@@ -2096,17 +2148,28 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
 
        psd->dacl->revision = NT4_ACL_REVISION;
 
-       unbecome_user();
-       close_cnum(conn, user.vuid);
-       return werr;
+       close_file(NULL, fsp, NORMAL_CLOSE);
+       vfs_ChDir(conn, oldcwd);
+       conn_free(conn);
+       werr = WERR_OK;
+       goto done;
 
 error_exit:
 
-       if (became_user)
-               unbecome_user();
+       if (fsp) {
+               close_file(NULL, fsp, NORMAL_CLOSE);
+       }
 
-       if (conn)
-               close_cnum(conn, user.vuid);
+       if (oldcwd) {
+               vfs_ChDir(conn, oldcwd);
+       }
+
+       if (conn) {
+               conn_free(conn);
+       }
+
+ done:
+       TALLOC_FREE(smb_fname);
 
        return werr;
 }
@@ -2119,120 +2182,129 @@ error_exit:
 WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p,
                                  struct srvsvc_NetSetFileSecurity *r)
 {
-       char *filename_in = NULL;
-       char *filename = NULL;
-       char *qualname = NULL;
-       DATA_BLOB null_pw;
+       struct smb_filename *smb_fname = NULL;
+       fstring servicename;
        files_struct *fsp = NULL;
        SMB_STRUCT_STAT st;
        NTSTATUS nt_status;
        WERROR werr;
-       struct current_user user;
        connection_struct *conn = NULL;
-       bool became_user = False;
-       TALLOC_CTX *ctx = p->mem_ctx;
+       int snum;
+       char *oldcwd = NULL;
+       struct security_descriptor *psd = NULL;
+       uint32_t security_info_sent = 0;
 
        ZERO_STRUCT(st);
 
-       werr = WERR_OK;
+       fstrcpy(servicename, r->in.share);
 
-       qualname = talloc_strdup(ctx, r->in.share);
-       if (!qualname) {
-               werr = WERR_ACCESS_DENIED;
+       snum = find_service(servicename);
+       if (snum == -1) {
+               DEBUG(10, ("Could not find service %s\n", servicename));
+               werr = WERR_NET_NAME_NOT_FOUND;
                goto error_exit;
        }
 
-       /* Null password is ok - we are already an authenticated user... */
-       null_pw = data_blob_null;
-
-       get_current_user(&user, p);
-
-       become_root();
-       conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status);
-       unbecome_root();
-
-       if (conn == NULL) {
-               DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to connect to %s\n", qualname));
+       nt_status = create_conn_struct(talloc_tos(), &conn, snum,
+                                      lp_pathname(snum), p->server_info,
+                                      &oldcwd);
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               DEBUG(10, ("create_conn_struct failed: %s\n",
+                          nt_errstr(nt_status)));
                werr = ntstatus_to_werror(nt_status);
                goto error_exit;
        }
 
-       if (!become_user(conn, conn->vuid)) {
-               DEBUG(0,("_srvsvc_NetSetFileSecurity: Can't become connected user!\n"));
-               werr = WERR_ACCESS_DENIED;
-               goto error_exit;
-       }
-       became_user = True;
-
-       filename_in = talloc_strdup(ctx, r->in.file);
-       if (!filename_in) {
-               werr = WERR_ACCESS_DENIED;
-               goto error_exit;
-       }
-
-       nt_status = unix_convert(ctx, conn, filename, False, &filename, NULL, &st);
+       nt_status = filename_convert(talloc_tos(),
+                                       conn,
+                                       false,
+                                       r->in.file,
+                                       0,
+                                       NULL,
+                                       &smb_fname);
        if (!NT_STATUS_IS_OK(nt_status)) {
-               DEBUG(3,("_srvsvc_NetSetFileSecurity: bad pathname %s\n", filename));
-               werr = WERR_ACCESS_DENIED;
+               werr = ntstatus_to_werror(nt_status);
                goto error_exit;
        }
 
-       nt_status = check_name(conn, filename);
+       nt_status = SMB_VFS_CREATE_FILE(
+               conn,                                   /* conn */
+               NULL,                                   /* req */
+               0,                                      /* root_dir_fid */
+               smb_fname,                              /* fname */
+               FILE_WRITE_ATTRIBUTES,                  /* access_mask */
+               FILE_SHARE_READ|FILE_SHARE_WRITE,       /* share_access */
+               FILE_OPEN,                              /* create_disposition*/
+               0,                                      /* create_options */
+               0,                                      /* file_attributes */
+               INTERNAL_OPEN_ONLY,                     /* oplock_request */
+               0,                                      /* allocation_size */
+               NULL,                                   /* sd */
+               NULL,                                   /* ea_list */
+               &fsp,                                   /* result */
+               NULL);                                  /* pinfo */
+
        if (!NT_STATUS_IS_OK(nt_status)) {
-               DEBUG(3,("_srvsvc_NetSetFileSecurity: can't access %s\n", filename));
-               werr = WERR_ACCESS_DENIED;
+               DEBUG(3,("_srvsvc_NetSetFileSecurity: can't open %s\n",
+                        smb_fname_str_dbg(smb_fname)));
+               werr = ntstatus_to_werror(nt_status);
                goto error_exit;
        }
 
-       nt_status = open_file_stat(conn, NULL, filename, &st, &fsp);
-
-       if ( !NT_STATUS_IS_OK(nt_status) ) {
-               /* Perhaps it is a directory */
-               if (NT_STATUS_EQUAL(nt_status, NT_STATUS_FILE_IS_A_DIRECTORY))
-                       nt_status = open_directory(conn, NULL, filename, &st,
-                                               FILE_READ_ATTRIBUTES,
-                                               FILE_SHARE_READ|FILE_SHARE_WRITE,
-                                               FILE_OPEN,
-                                               0,
-                                               FILE_ATTRIBUTE_DIRECTORY,
-                                               NULL, &fsp);
+       psd = r->in.sd_buf->sd;
+       security_info_sent = r->in.securityinformation;
 
-               if ( !NT_STATUS_IS_OK(nt_status) ) {
-                       DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to open file %s\n", filename));
-                       werr = ntstatus_to_werror(nt_status);
-                       goto error_exit;
-               }
+       if (psd->owner_sid==0) {
+               security_info_sent &= ~OWNER_SECURITY_INFORMATION;
+       }
+       if (psd->group_sid==0) {
+               security_info_sent &= ~GROUP_SECURITY_INFORMATION;
        }
+       if (psd->sacl==0) {
+               security_info_sent &= ~SACL_SECURITY_INFORMATION;
+       }
+       if (psd->dacl==0) {
+               security_info_sent &= ~DACL_SECURITY_INFORMATION;
+       }
+
+       /* Convert all the generic bits. */
+       security_acl_map_generic(psd->dacl, &file_generic_mapping);
+       security_acl_map_generic(psd->sacl, &file_generic_mapping);
 
-       nt_status = SMB_VFS_SET_NT_ACL(fsp, fsp->fsp_name,
-                                      r->in.securityinformation,
-                                      r->in.sd_buf->sd);
+       nt_status = SMB_VFS_FSET_NT_ACL(fsp,
+                                       security_info_sent,
+                                       psd);
 
        if (!NT_STATUS_IS_OK(nt_status) ) {
-               DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to set NT ACL on file %s\n", filename));
+               DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to set NT ACL "
+                        "on file %s\n", r->in.share));
                werr = WERR_ACCESS_DENIED;
                goto error_exit;
        }
 
-       close_file(fsp, NORMAL_CLOSE);
-       unbecome_user();
-       close_cnum(conn, user.vuid);
-       return werr;
+       close_file(NULL, fsp, NORMAL_CLOSE);
+       vfs_ChDir(conn, oldcwd);
+       conn_free(conn);
+       werr = WERR_OK;
+       goto done;
 
 error_exit:
 
-       if(fsp) {
-               close_file(fsp, NORMAL_CLOSE);
+       if (fsp) {
+               close_file(NULL, fsp, NORMAL_CLOSE);
        }
 
-       if (became_user) {
-               unbecome_user();
+       if (oldcwd) {
+               vfs_ChDir(conn, oldcwd);
        }
 
        if (conn) {
-               close_cnum(conn, user.vuid);
+               conn_free(conn);
        }
 
+ done:
+       TALLOC_FREE(smb_fname);
+
        return werr;
 }
 
@@ -2305,6 +2377,8 @@ WERROR _srvsvc_NetDiskEnum(pipes_struct *p,
 
        /*allow one struct srvsvc_NetDiskInfo0 for null terminator*/
 
+       r->out.info->count = 0;
+
        for(i = 0; i < MAX_SERVER_DISK_ENTRIES -1 && (disk_name = next_server_disk_enum(&resume)); i++) {
 
                r->out.info->count++;
@@ -2354,14 +2428,64 @@ WERROR _srvsvc_NetNameValidate(pipes_struct *p,
        return WERR_OK;
 }
 
+/*******************************************************************
+********************************************************************/
+
+static void enum_file_close_fn( const struct share_mode_entry *e,
+                          const char *sharepath, const char *fname,
+                         void *private_data )
+{
+       char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
+       struct srvsvc_NetFileClose *r =
+               (struct srvsvc_NetFileClose *)private_data;
+       uint32_t fid = (((uint32_t)(procid_to_pid(&e->pid))<<16) | e->share_file_id);
+
+       if (fid != r->in.fid) {
+               return; /* Not this file. */
+       }
+
+       if (!process_exists(e->pid) ) {
+               return;
+       }
+
+       /* Ok - send the close message. */
+       DEBUG(10,("enum_file_close_fn: request to close file %s, %s\n",
+               sharepath,
+               share_mode_str(talloc_tos(), 0, e) ));
+
+       share_mode_entry_to_message(msg, e);
+
+       r->out.result = ntstatus_to_werror(
+                       messaging_send_buf(smbd_messaging_context(),
+                               e->pid, MSG_SMB_CLOSE_FILE,
+                               (uint8 *)msg,
+                               MSG_SMB_SHARE_MODE_ENTRY_SIZE));
+}
+
 /********************************************************************
+ Close a file given a 32-bit file id.
 ********************************************************************/
 
 WERROR _srvsvc_NetFileClose(pipes_struct *p, struct srvsvc_NetFileClose *r)
 {
-       return WERR_ACCESS_DENIED;
-}
+       SE_PRIV se_diskop = SE_DISK_OPERATOR;
+       bool is_disk_op;
+
+       DEBUG(5,("_srvsvc_NetFileClose: %d\n", __LINE__));
+
+       is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
+
+       if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op) {
+               return WERR_ACCESS_DENIED;
+       }
 
+       /* enum_file_close_fn sends the close message to
+        * the relevent smbd process. */
+
+       r->out.result = WERR_BADFILE;
+       share_mode_forall( enum_file_close_fn, (void *)r);
+       return r->out.result;
+}
 
 /********************************************************************
 ********************************************************************/