Remove the "stat_open()" function, flag, and all associated code. It was only

being (correctly) used in the can_read/can_write checks for hide unreadable/unwritable
and this is more properly done using the functions in smbd/file_access.c.
Preparing to do NT access checks on all file access.
Jeremy.
(This used to be commit 6bfb06ad95963ae2acb67c4694a98282d3b29faa)

5 files changed, 7 insertions, 142 deletions

diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 3afc037f69..e27d5c44fa 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -703,20 +703,6 @@ static NTSTATUS close_directory(files_struct *fsp, enum file_close_type close_ty
 }
 
 /****************************************************************************
- Close a 'stat file' opened internally.
-****************************************************************************/
-  
-static NTSTATUS close_stat(files_struct *fsp)
-{
-	/*
-	 * Do the code common to files and directories.
-	 */
-	close_filestruct(fsp);
-	file_free(fsp);
-	return NT_STATUS_OK;
-}
-
-/****************************************************************************
  Close a files_struct.
 ****************************************************************************/
   
@@ -727,8 +713,6 @@ NTSTATUS close_file(files_struct *fsp, enum file_close_type close_type)
 
 	if(fsp->is_directory) {
 		status = close_directory(fsp, close_type);
-	} else if (fsp->is_stat) {
-		status = close_stat(fsp);
 	} else if (fsp->fake_file_handle != NULL) {
 		status = close_fake_file(fsp);
 	} else {
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 6e02401e25..7d584977df 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -925,11 +925,6 @@ bool get_dir_entry(TALLOC_CTX *ctx,
 
 static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst)
 {
-	SEC_DESC *psd = NULL;
-	files_struct *fsp;
-	NTSTATUS status;
-	uint32 access_granted;
-
 	/*
 	 * If user is a member of the Admin group
 	 * we never hide files from them.
@@ -941,36 +936,7 @@ static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S
 
 	SMB_ASSERT(VALID_STAT(*pst));
 
-	/* Pseudo-open the file (note - no fd's created). */
-
-	if(S_ISDIR(pst->st_mode)) {
-		 status = open_directory(conn, NULL, name, pst,
-			READ_CONTROL_ACCESS,
-			FILE_SHARE_READ|FILE_SHARE_WRITE,
-			FILE_OPEN,
-			0, /* no create options. */
-			FILE_ATTRIBUTE_DIRECTORY,
-			NULL, &fsp);
-	} else {
-		status = open_file_stat(conn, NULL, name, pst, &fsp);
-	}
-
-	if (!NT_STATUS_IS_OK(status)) {
-		return False;
-	}
-
-	/* Get NT ACL -allocated in main loop talloc context. No free needed here. */
-	status = SMB_VFS_FGET_NT_ACL(fsp,
-			(OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd);
-	close_file(fsp, NORMAL_CLOSE);
-
-	/* No access if SD get failed. */
-	if (!NT_STATUS_IS_OK(status)) {
-		return False;
-	}
-
-	return se_access_check(psd, current_user.nt_user_token, FILE_READ_DATA,
-                                 &access_granted, &status);
+	return can_access_file_acl(conn, name, pst, FILE_READ_DATA);
 }
 
 /*******************************************************************
@@ -982,12 +948,6 @@ static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S
 
 static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst)
 {
-	SEC_DESC *psd = NULL;
-	files_struct *fsp;
-	int info;
-	NTSTATUS status;
-	uint32 access_granted;
-
 	/*
 	 * If user is a member of the Admin group
 	 * we never hide files from them.
@@ -1003,33 +963,9 @@ static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_
 
 	if(S_ISDIR(pst->st_mode)) {
 		return True;
-	} else {
-		status = open_file_ntcreate(conn, NULL, name, pst,
-			FILE_WRITE_ATTRIBUTES,
-			FILE_SHARE_READ|FILE_SHARE_WRITE,
-			FILE_OPEN,
-			0,
-			FILE_ATTRIBUTE_NORMAL,
-			INTERNAL_OPEN_ONLY,
-			&info, &fsp);
-	}
-
-	if (!NT_STATUS_IS_OK(status)) {
-		return False;
-	}
-
-	/* Get NT ACL -allocated in main loop talloc context. No free needed here. */
-	status = SMB_VFS_FGET_NT_ACL(fsp,
-			(OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd);
-	close_file(fsp, NORMAL_CLOSE);
-
-	/* No access if SD get failed. */
-	if (!NT_STATUS_IS_OK(status)) {
-		return False;
 	}
 
-	return se_access_check(psd, current_user.nt_user_token, FILE_WRITE_DATA,
-                                 &access_granted, &status);
+	return can_write_to_file(conn, name, pst);
 }
 
 /*******************************************************************
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 4c07bc5a61..71f3291b9b 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -25,7 +25,7 @@ extern struct current_user current_user;
 #undef  DBGC_CLASS
 #define DBGC_CLASS DBGC_ACLS
 
-static bool can_access_file_acl(struct connection_struct *conn,
+bool can_access_file_acl(struct connection_struct *conn,
 				const char * fname, SMB_STRUCT_STAT *psbuf,
 				uint32_t access_mask)
 {
@@ -125,7 +125,7 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname)
  Note this doesn't take into account share write permissions.
 ****************************************************************************/
 
-bool can_access_file(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf, uint32 access_mask)
+bool can_access_file_data(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf, uint32 access_mask)
 {
 	if (!(access_mask & (FILE_READ_DATA|FILE_WRITE_DATA))) {
 		return False;
@@ -134,7 +134,7 @@ bool can_access_file(connection_struct *conn, const char *fname, SMB_STRUCT_STAT
 
 	/* some fast paths first */
 
-	DEBUG(10,("can_access_file: requesting 0x%x on file %s\n",
+	DEBUG(10,("can_access_file_data: requesting 0x%x on file %s\n",
 		(unsigned int)access_mask, fname ));
 
 	if (current_user.ut.uid == 0 || conn->admin_user) {
@@ -180,7 +180,7 @@ bool can_access_file(connection_struct *conn, const char *fname, SMB_STRUCT_STAT
 
 bool can_write_to_file(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf)
 {
-	return can_access_file(conn, fname, psbuf, FILE_WRITE_DATA);
+	return can_access_file_data(conn, fname, psbuf, FILE_WRITE_DATA);
 }
 
 /****************************************************************************
diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index d6e91c67be..17c473f028 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -539,7 +539,6 @@ NTSTATUS dup_file_fsp(files_struct *fsp,
 	dup_fsp->print_file = fsp->print_file;
 	dup_fsp->modified = fsp->modified;
 	dup_fsp->is_directory = fsp->is_directory;
-	dup_fsp->is_stat = fsp->is_stat;
 	dup_fsp->aio_write_behind = fsp->aio_write_behind;
         string_set(&dup_fsp->fsp_name,fsp->fsp_name);
 
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index dd518b90de..5c860f891d 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -391,7 +391,6 @@ static NTSTATUS open_file(files_struct *fsp,
 	fsp->modified = False;
 	fsp->sent_oplock_break = NO_BREAK_SENT;
 	fsp->is_directory = False;
-	fsp->is_stat = False;
 	if (conn->aio_write_behind_list &&
 	    is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) {
 		fsp->aio_write_behind = True;
@@ -1571,7 +1570,7 @@ NTSTATUS open_file_ntcreate(connection_struct *conn,
 			}
 
 			if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) ||
-			    !can_access_file(conn,fname,psbuf,can_access_mask)) {
+			    !can_access_file_data(conn,fname,psbuf,can_access_mask)) {
 				can_access = False;
 			}
 
@@ -2223,7 +2222,6 @@ NTSTATUS open_directory(connection_struct *conn,
 	fsp->oplock_type = NO_OPLOCK;
 	fsp->sent_oplock_break = NO_BREAK_SENT;
 	fsp->is_directory = True;
-	fsp->is_stat = False;
 	fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
 
 	string_set(&fsp->fsp_name,fname);
@@ -2306,58 +2304,6 @@ NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, cons
 }
 
 /****************************************************************************
- Open a pseudo-file (no locking checks - a 'stat' open).
-****************************************************************************/
-
-NTSTATUS open_file_stat(connection_struct *conn, struct smb_request *req,
-			const char *fname, SMB_STRUCT_STAT *psbuf,
-			files_struct **result)
-{
-	files_struct *fsp = NULL;
-	NTSTATUS status;
-
-	if (!VALID_STAT(*psbuf)) {
-		return NT_STATUS_INVALID_PARAMETER;
-	}
-
-	/* Can't 'stat' open directories. */
-	if(S_ISDIR(psbuf->st_mode)) {
-		return NT_STATUS_FILE_IS_A_DIRECTORY;
-	}
-
-	status = file_new(conn, &fsp);
-	if(!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
-	DEBUG(5,("open_file_stat: 'opening' file %s\n", fname));
-
-	/*
-	 * Setup the files_struct for it.
-	 */
-	
-	fsp->mode = psbuf->st_mode;
-	fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
-	fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
-	fsp->file_pid = req ? req->smbpid : 0;
-	fsp->can_lock = False;
-	fsp->can_read = False;
-	fsp->can_write = False;
-	fsp->print_file = False;
-	fsp->modified = False;
-	fsp->oplock_type = NO_OPLOCK;
-	fsp->sent_oplock_break = NO_BREAK_SENT;
-	fsp->is_directory = False;
-	fsp->is_stat = True;
-	string_set(&fsp->fsp_name,fname);
-
-	conn->num_files_open++;
-
-	*result = fsp;
-	return NT_STATUS_OK;
-}
-
-/****************************************************************************
  Receive notification that one of our open files has been renamed by another
  smbd process.
 ****************************************************************************/