Remove a couple of uses of SMB_VFS_GET_NT_ACL(), use

SMB_VFS_FGET_NT_ACL instead. I'd like to ultimately
remove SMB_VFS_GET_NT_ACL.
Jeremy.

2 files changed, 44 insertions, 21 deletions

diff --git a/source/rpc_server/srv_srvsvc_nt.c b/source/rpc_server/srv_srvsvc_nt.c
index 18c6f4de530..947ad46568c 100644
--- a/source/rpc_server/srv_srvsvc_nt.c
+++ b/source/rpc_server/srv_srvsvc_nt.c
@@ -2029,20 +2029,18 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
 	char *qualname = NULL;
 	SMB_STRUCT_STAT st;
 	NTSTATUS nt_status;
-	WERROR werr;
+	WERROR werr = WERR_ACCESS_DENIED;
 	struct current_user user;
 	connection_struct *conn = NULL;
 	bool became_user = False;
 	TALLOC_CTX *ctx = p->mem_ctx;
-	struct sec_desc_buf *sd_buf;
+	struct sec_desc_buf *sd_buf = NULL;
+	files_struct *fsp = NULL;
 
 	ZERO_STRUCT(st);
 
-	werr = WERR_OK;
-
 	qualname = talloc_strdup(ctx, r->in.share);
 	if (!qualname) {
-		werr = WERR_ACCESS_DENIED;
 		goto error_exit;
 	}
 
@@ -2064,14 +2062,12 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
 
 	if (!become_user(conn, conn->vuid)) {
 		DEBUG(0,("_srvsvc_NetGetFileSecurity: Can't become connected user!\n"));
-		werr = WERR_ACCESS_DENIED;
 		goto error_exit;
 	}
 	became_user = True;
 
 	filename_in = talloc_strdup(ctx, r->in.file);
 	if (!filename_in) {
-		werr = WERR_ACCESS_DENIED;
 		goto error_exit;
 	}
 
@@ -2079,7 +2075,6 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(3,("_srvsvc_NetGetFileSecurity: bad pathname %s\n",
 			filename));
-		werr = WERR_ACCESS_DENIED;
 		goto error_exit;
 	}
 
@@ -2087,11 +2082,37 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(3,("_srvsvc_NetGetFileSecurity: can't access %s\n",
 			filename));
-		werr = WERR_ACCESS_DENIED;
 		goto error_exit;
 	}
 
-	nt_status = SMB_VFS_GET_NT_ACL(conn, filename,
+	if (!(S_ISDIR(st.st_mode))) {
+        	nt_status = open_file_ntcreate(conn, NULL, filename, &st,
+				FILE_READ_ATTRIBUTES,
+				FILE_SHARE_READ|FILE_SHARE_WRITE,
+				FILE_OPEN,
+				0,
+				FILE_ATTRIBUTE_NORMAL,
+				0,
+				NULL, &fsp);
+
+	} else {
+		nt_status = open_directory(conn, NULL, filename, &st,
+				FILE_READ_ATTRIBUTES,
+				FILE_SHARE_READ|FILE_SHARE_WRITE,
+				FILE_OPEN,
+				0,
+				FILE_ATTRIBUTE_DIRECTORY,
+				NULL, &fsp);
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(3,("_srvsvc_NetGetFileSecurity: can't open %s\n",
+			filename));
+		werr = ntstatus_to_werror(nt_status);
+		goto error_exit;
+	}
+
+	nt_status = SMB_VFS_FGET_NT_ACL(fsp,
 				       (OWNER_SECURITY_INFORMATION
 					|GROUP_SECURITY_INFORMATION
 					|DACL_SECURITY_INFORMATION), &psd);
@@ -2118,17 +2139,25 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
 
 	psd->dacl->revision = NT4_ACL_REVISION;
 
+	close_file(fsp, NORMAL_CLOSE);
+
 	unbecome_user();
 	close_cnum(conn, user.vuid);
-	return werr;
+	return WERR_OK;
 
 error_exit:
 
-	if (became_user)
+	if(fsp) {
+		close_file(fsp, NORMAL_CLOSE);
+	}
+
+	if (became_user) {
 		unbecome_user();
+	}
 
-	if (conn)
+	if (conn) {
 		close_cnum(conn, user.vuid);
+	}
 
 	return werr;
 }
diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c
index 362823d78a5..bd34b5a3613 100644
--- a/source/smbd/nttrans.c
+++ b/source/smbd/nttrans.c
@@ -1612,14 +1612,8 @@ static void call_nt_transact_query_security_desc(connection_struct *conn,
 	if (!lp_nt_acl_support(SNUM(conn))) {
 		status = get_null_nt_acl(talloc_tos(), &psd);
 	} else {
-		if (fsp->fh->fd != -1) {
-			status = SMB_VFS_FGET_NT_ACL(
-				fsp, security_info_wanted, &psd);
-		}
-		else {
-			status = SMB_VFS_GET_NT_ACL(
-				conn, fsp->fsp_name, security_info_wanted, &psd);
-		}
+		status = SMB_VFS_FGET_NT_ACL(
+			fsp, security_info_wanted, &psd);
 	}
 
 	if (!NT_STATUS_IS_OK(status)) {