Make [f]get_nt_acl return NTSTATUS

(This used to be commit dcbe1bf942d017a3cd5084c6ef605a13912f795b)

4 files changed, 33 insertions, 31 deletions

diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index f6a8b27ab4..05679ee0ee 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -911,7 +911,6 @@ bool get_dir_entry(TALLOC_CTX *ctx,
 static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst)
 {
 	SEC_DESC *psd = NULL;
-	size_t sd_size;
 	files_struct *fsp;
 	NTSTATUS status;
 	uint32 access_granted;
@@ -951,12 +950,12 @@ static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S
 	}
 
 	/* Get NT ACL -allocated in main loop talloc context. No free needed here. */
-	sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
+	status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
 			(OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd);
 	close_file(fsp, NORMAL_CLOSE);
 
 	/* No access if SD get failed. */
-	if (!sd_size) {
+	if (!NT_STATUS_IS_OK(status)) {
 		return False;
 	}
 
@@ -974,7 +973,6 @@ static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S
 static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst)
 {
 	SEC_DESC *psd = NULL;
-	size_t sd_size;
 	files_struct *fsp;
 	int info;
 	NTSTATUS status;
@@ -1014,13 +1012,14 @@ static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_
 	}
 
 	/* Get NT ACL -allocated in main loop talloc context. No free needed here. */
-	sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
+	status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
 			(OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd);
 	close_file(fsp, NORMAL_CLOSE);
 
 	/* No access if SD get failed. */
-	if (!sd_size)
+	if (!NT_STATUS_IS_OK(status)) {
 		return False;
+	}
 
 	return se_access_check(psd, current_user.nt_user_token, FILE_WRITE_DATA,
                                  &access_granted, &status);
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 121e7f79a9..46472665e5 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -41,7 +41,6 @@ static NTSTATUS conn_get_nt_acl(TALLOC_CTX *mem_ctx,
 	NTSTATUS status;
 	struct files_struct *fsp = NULL;
 	struct security_descriptor *secdesc = NULL;
-	size_t secdesc_size;
 
 	if (!VALID_STAT(*psbuf)) {
 		if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
@@ -70,14 +69,14 @@ static NTSTATUS conn_get_nt_acl(TALLOC_CTX *mem_ctx,
 		return status;
 	}
 
-	secdesc_size = SMB_VFS_GET_NT_ACL(fsp, fname,
-					  (OWNER_SECURITY_INFORMATION |
-					   GROUP_SECURITY_INFORMATION |
-					   DACL_SECURITY_INFORMATION),
-					  &secdesc);
-	if (secdesc_size == 0) {
+	status = SMB_VFS_GET_NT_ACL(fsp, fname,
+				    (OWNER_SECURITY_INFORMATION |
+				     GROUP_SECURITY_INFORMATION |
+				     DACL_SECURITY_INFORMATION),
+				    &secdesc);
+	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(5, ("Unable to get NT ACL for file %s\n", fname));
-		return NT_STATUS_ACCESS_DENIED;
+		return status;
 	}
 
 	*psd = talloc_move(mem_ctx, &secdesc);
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index f07d64eded..d03abaeadb 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -2302,17 +2302,17 @@ static void call_nt_transact_rename(connection_struct *conn,
  Fake up a completely empty SD.
 *******************************************************************************/
 
-static size_t get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd)
+static NTSTATUS get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd)
 {
 	size_t sd_size;
 
 	*ppsd = make_standard_sec_desc( mem_ctx, &global_sid_World, &global_sid_World, NULL, &sd_size);
 	if(!*ppsd) {
 		DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n"));
-		sd_size = 0;
+		return NT_STATUS_NO_MEMORY;
 	}
 
-	return sd_size;
+	return NT_STATUS_OK;
 }
 
 /****************************************************************************
@@ -2337,6 +2337,7 @@ static void call_nt_transact_query_security_desc(connection_struct *conn,
 	uint32 security_info_wanted;
 	TALLOC_CTX *mem_ctx;
 	files_struct *fsp = NULL;
+	NTSTATUS status;
 
         if(parameter_count < 8) {
 		reply_doserror(req, ERRDOS, ERRbadfunc);
@@ -2371,17 +2372,20 @@ static void call_nt_transact_query_security_desc(connection_struct *conn,
 	 */
 
 	if (!lp_nt_acl_support(SNUM(conn))) {
-		sd_size = get_null_nt_acl(mem_ctx, &psd);
+		status = get_null_nt_acl(mem_ctx, &psd);
 	} else {
-		sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, security_info_wanted, &psd);
+		status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
+					     security_info_wanted, &psd);
 	}
 
-	if (sd_size == 0) {
+	if (!NT_STATUS_IS_OK(status)) {
 		talloc_destroy(mem_ctx);
-		reply_unixerror(req, ERRDOS, ERRnoaccess);
+		reply_nterror(req, status);
 		return;
 	}
 
+	sd_size = sec_desc_size(psd);
+
 	DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size));
 
 	SIVAL(params,0,(uint32)sd_size);
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 6e7dae4892..27953a2051 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -2728,7 +2728,7 @@ static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces)
  the UNIX style get ACL.
 ****************************************************************************/
 
-size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
+NTSTATUS get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
 {
 	connection_struct *conn = fsp->conn;
 	SMB_STRUCT_STAT sbuf;
@@ -2756,7 +2756,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
 
 		/* Get the stat struct for the owner info. */
 		if(SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf) != 0) {
-			return 0;
+			return map_nt_error_from_unix(errno);
 		}
 		/*
 		 * Get the ACL from the path.
@@ -2777,7 +2777,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
 
 		/* Get the stat struct for the owner info. */
 		if(SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) != 0) {
-			return 0;
+			return map_nt_error_from_unix(errno);
 		}
 		/*
 		 * Get the ACL from the fd.
@@ -3027,7 +3027,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
 	free_inherited_info(pal);
 	SAFE_FREE(nt_ace_list);
 
-	return sd_size;
+	return NT_STATUS_OK;
 }
 
 /****************************************************************************
@@ -3174,7 +3174,6 @@ static NTSTATUS append_parent_acl(files_struct *fsp,
 	SMB_STRUCT_STAT sbuf;
 	NTSTATUS status;
 	int info;
-	size_t sd_size;
 	unsigned int i, j;
 	mode_t unx_mode;
 
@@ -3213,13 +3212,13 @@ static NTSTATUS append_parent_acl(files_struct *fsp,
 		return status;
 	}
 
-	sd_size = SMB_VFS_GET_NT_ACL(parent_fsp, parent_fsp->fsp_name,
-			DACL_SECURITY_INFORMATION, &parent_sd );
+	status = SMB_VFS_GET_NT_ACL(parent_fsp, parent_fsp->fsp_name,
+				    DACL_SECURITY_INFORMATION, &parent_sd );
 
 	close_file(parent_fsp, NORMAL_CLOSE);
 
-	if (!sd_size) {
-		return NT_STATUS_ACCESS_DENIED;
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
 
 	/*
@@ -4174,7 +4173,8 @@ SEC_DESC *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname)
 	finfo.fh->fd = -1;
 	finfo.fsp_name = CONST_DISCARD(char *,fname);
 
-	if (get_nt_acl( &finfo, DACL_SECURITY_INFORMATION, &psd ) == 0) {
+	if (!NT_STATUS_IS_OK(get_nt_acl( &finfo, DACL_SECURITY_INFORMATION,
+					 &psd ))) {
 		DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n"));
 		conn_free_internal( &conn );
 		return NULL;