summaryrefslogtreecommitdiff
path: root/source3/smbd/file_access.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd/file_access.c')
-rw-r--r--source3/smbd/file_access.c67
1 files changed, 5 insertions, 62 deletions
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index a58bcdd891..964d1af258 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -25,67 +25,6 @@ extern struct current_user current_user;
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_ACLS
-/****************************************************************************
- Helper function that gets a security descriptor by connection and
- file name.
- NOTE: This is transitional, in the sense that SMB_VFS_GET_NT_ACL really
- should *not* get a files_struct pointer but a connection_struct ptr
- (automatic by the vfs handle) and the file name and _use_ that!
-****************************************************************************/
-static NTSTATUS conn_get_nt_acl(TALLOC_CTX *mem_ctx,
- struct connection_struct *conn,
- const char *fname,
- SMB_STRUCT_STAT *psbuf,
- struct security_descriptor **psd)
-{
- NTSTATUS status;
- struct files_struct *fsp = NULL;
- struct security_descriptor *secdesc = NULL;
-
- if (!VALID_STAT(*psbuf)) {
- if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
- return map_nt_error_from_unix(errno);
- }
- }
-
- /* fake a files_struct ptr: */
-
- if (S_ISDIR(psbuf->st_mode)) {
- status = open_directory(conn, NULL, fname, psbuf,
- READ_CONTROL_ACCESS,
- FILE_SHARE_READ|FILE_SHARE_WRITE,
- FILE_OPEN,
- 0,
- FILE_ATTRIBUTE_DIRECTORY,
- NULL, &fsp);
- }
- else {
- status = open_file_stat(conn, NULL, fname, psbuf, &fsp);
- }
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(3, ("Unable to open file %s: %s\n", fname,
- nt_errstr(status)));
- return status;
- }
-
- status = SMB_VFS_GET_NT_ACL(fsp, fname,
- (OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION),
- &secdesc);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(5, ("Unable to get NT ACL for file %s\n", fname));
- goto done;
- }
-
- *psd = talloc_move(mem_ctx, &secdesc);
-
-done:
- close_file(fsp, NORMAL_CLOSE);
- return status;
-}
-
static bool can_access_file_acl(struct connection_struct *conn,
const char * fname, SMB_STRUCT_STAT *psbuf,
uint32_t access_mask)
@@ -95,7 +34,11 @@ static bool can_access_file_acl(struct connection_struct *conn,
uint32_t access_granted;
struct security_descriptor *secdesc = NULL;
- status = conn_get_nt_acl(talloc_tos(), conn, fname, psbuf, &secdesc);
+ status = SMB_VFS_GET_NT_ACL(conn, fname,
+ (OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION),
+ &secdesc);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(5, ("Could not get acl: %s\n", nt_errstr(status)));
return false;