Change the prototype of the vfs function get_nt_acl().

Up to now, get_nt_acl() took a files_struct pointer (fsp) and
a file name. All the underlying functions should need and now
do need (after the previous preparatory work), is a connection_struct
and a file name. The connection_struct is already there in the
vfs_handle passed to the vfs functions. So the files_struct
argument can be eliminated.

This eliminates the need of calling open_file_stat in a couple
of places to produce the fsp needed.

Michael
(This used to be commit b5f600fab53c9d159a958c59795db3ba4a8acc63)

3 files changed, 7 insertions, 64 deletions

diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index a58bcdd891..964d1af258 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -25,67 +25,6 @@ extern struct current_user current_user;
 #undef  DBGC_CLASS
 #define DBGC_CLASS DBGC_ACLS
 
-/****************************************************************************
- Helper function that gets a security descriptor by connection and
- file name.
- NOTE: This is transitional, in the sense that SMB_VFS_GET_NT_ACL really
- should *not* get a files_struct pointer but a connection_struct ptr
- (automatic by the vfs handle) and the file name and _use_ that!
-****************************************************************************/
-static NTSTATUS conn_get_nt_acl(TALLOC_CTX *mem_ctx,
-				struct connection_struct *conn,
-				const char *fname,
-				SMB_STRUCT_STAT *psbuf,
-				struct security_descriptor **psd)
-{
-	NTSTATUS status;
-	struct files_struct *fsp = NULL;
-	struct security_descriptor *secdesc = NULL;
-
-	if (!VALID_STAT(*psbuf)) {
-		if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
-			return map_nt_error_from_unix(errno);
-		}
-	}
-
-	/* fake a files_struct ptr: */
-
-	if (S_ISDIR(psbuf->st_mode)) {
-		status = open_directory(conn, NULL, fname, psbuf,
-					READ_CONTROL_ACCESS,
-					FILE_SHARE_READ|FILE_SHARE_WRITE,
-					FILE_OPEN,
-					0,
-					FILE_ATTRIBUTE_DIRECTORY,
-					NULL, &fsp);
-	}
-	else {
-		status = open_file_stat(conn, NULL, fname, psbuf, &fsp);
-	}
-
-	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(3, ("Unable to open file %s: %s\n", fname,
-			  nt_errstr(status)));
-		return status;
-	}
-
-	status = SMB_VFS_GET_NT_ACL(fsp, fname,
-				    (OWNER_SECURITY_INFORMATION |
-				     GROUP_SECURITY_INFORMATION |
-				     DACL_SECURITY_INFORMATION),
-				    &secdesc);
-	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(5, ("Unable to get NT ACL for file %s\n", fname));
-		goto done;
-	}
-
-	*psd = talloc_move(mem_ctx, &secdesc);
-
-done:
-	close_file(fsp, NORMAL_CLOSE);
-	return status;
-}
-
 static bool can_access_file_acl(struct connection_struct *conn,
 				const char * fname, SMB_STRUCT_STAT *psbuf,
 				uint32_t access_mask)
@@ -95,7 +34,11 @@ static bool can_access_file_acl(struct connection_struct *conn,
 	uint32_t access_granted;
 	struct security_descriptor *secdesc = NULL;
 
-	status = conn_get_nt_acl(talloc_tos(), conn, fname, psbuf, &secdesc);
+	status = SMB_VFS_GET_NT_ACL(conn, fname,
+				    (OWNER_SECURITY_INFORMATION |
+				     GROUP_SECURITY_INFORMATION |
+				     DACL_SECURITY_INFORMATION),
+				    &secdesc);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(5, ("Could not get acl: %s\n", nt_errstr(status)));
 		return false;
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 1fbb681c72..cb98a8139c 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1640,7 +1640,7 @@ static void call_nt_transact_query_security_desc(connection_struct *conn,
 		}
 		else {
 			status = SMB_VFS_GET_NT_ACL(
-				fsp, fsp->fsp_name, security_info_wanted, &psd);
+				conn, fsp->fsp_name, security_info_wanted, &psd);
 		}
 	}
 
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index d9782cfdb8..d8794e2114 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3307,7 +3307,7 @@ static NTSTATUS append_parent_acl(files_struct *fsp,
 		return status;
 	}
 
-	status = SMB_VFS_GET_NT_ACL(parent_fsp, parent_fsp->fsp_name,
+	status = SMB_VFS_GET_NT_ACL(parent_fsp->conn, parent_fsp->fsp_name,
 				    DACL_SECURITY_INFORMATION, &parent_sd );
 
 	close_file(parent_fsp, NORMAL_CLOSE);