From 3f76504d92e0bde89472e569acd64494729778a5 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 9 May 2008 11:14:45 -0700
Subject: Remove a couple of uses of SMB_VFS_GET_NT_ACL(), use
 SMB_VFS_FGET_NT_ACL instead. I'd like to ultimately remove
 SMB_VFS_GET_NT_ACL. Jeremy. (This used to be commit
 4221937b68e2414295279b27c5f12a80f826ed4b)

---
 source3/rpc_server/srv_srvsvc_nt.c | 55 +++++++++++++++++++++++++++++---------
 1 file changed, 42 insertions(+), 13 deletions(-)

(limited to 'source3/rpc_server/srv_srvsvc_nt.c')

diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 18c6f4de53..947ad46568 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -2029,20 +2029,18 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
 	char *qualname = NULL;
 	SMB_STRUCT_STAT st;
 	NTSTATUS nt_status;
-	WERROR werr;
+	WERROR werr = WERR_ACCESS_DENIED;
 	struct current_user user;
 	connection_struct *conn = NULL;
 	bool became_user = False;
 	TALLOC_CTX *ctx = p->mem_ctx;
-	struct sec_desc_buf *sd_buf;
+	struct sec_desc_buf *sd_buf = NULL;
+	files_struct *fsp = NULL;
 
 	ZERO_STRUCT(st);
 
-	werr = WERR_OK;
-
 	qualname = talloc_strdup(ctx, r->in.share);
 	if (!qualname) {
-		werr = WERR_ACCESS_DENIED;
 		goto error_exit;
 	}
 
@@ -2064,14 +2062,12 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
 
 	if (!become_user(conn, conn->vuid)) {
 		DEBUG(0,("_srvsvc_NetGetFileSecurity: Can't become connected user!\n"));
-		werr = WERR_ACCESS_DENIED;
 		goto error_exit;
 	}
 	became_user = True;
 
 	filename_in = talloc_strdup(ctx, r->in.file);
 	if (!filename_in) {
-		werr = WERR_ACCESS_DENIED;
 		goto error_exit;
 	}
 
@@ -2079,7 +2075,6 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(3,("_srvsvc_NetGetFileSecurity: bad pathname %s\n",
 			filename));
-		werr = WERR_ACCESS_DENIED;
 		goto error_exit;
 	}
 
@@ -2087,11 +2082,37 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(3,("_srvsvc_NetGetFileSecurity: can't access %s\n",
 			filename));
-		werr = WERR_ACCESS_DENIED;
 		goto error_exit;
 	}
 
-	nt_status = SMB_VFS_GET_NT_ACL(conn, filename,
+	if (!(S_ISDIR(st.st_mode))) {
+        	nt_status = open_file_ntcreate(conn, NULL, filename, &st,
+				FILE_READ_ATTRIBUTES,
+				FILE_SHARE_READ|FILE_SHARE_WRITE,
+				FILE_OPEN,
+				0,
+				FILE_ATTRIBUTE_NORMAL,
+				0,
+				NULL, &fsp);
+
+	} else {
+		nt_status = open_directory(conn, NULL, filename, &st,
+				FILE_READ_ATTRIBUTES,
+				FILE_SHARE_READ|FILE_SHARE_WRITE,
+				FILE_OPEN,
+				0,
+				FILE_ATTRIBUTE_DIRECTORY,
+				NULL, &fsp);
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(3,("_srvsvc_NetGetFileSecurity: can't open %s\n",
+			filename));
+		werr = ntstatus_to_werror(nt_status);
+		goto error_exit;
+	}
+
+	nt_status = SMB_VFS_FGET_NT_ACL(fsp,
 				       (OWNER_SECURITY_INFORMATION
 					|GROUP_SECURITY_INFORMATION
 					|DACL_SECURITY_INFORMATION), &psd);
@@ -2118,17 +2139,25 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
 
 	psd->dacl->revision = NT4_ACL_REVISION;
 
+	close_file(fsp, NORMAL_CLOSE);
+
 	unbecome_user();
 	close_cnum(conn, user.vuid);
-	return werr;
+	return WERR_OK;
 
 error_exit:
 
-	if (became_user)
+	if(fsp) {
+		close_file(fsp, NORMAL_CLOSE);
+	}
+
+	if (became_user) {
 		unbecome_user();
+	}
 
-	if (conn)
+	if (conn) {
 		close_cnum(conn, user.vuid);
+	}
 
 	return werr;
 }
-- 
cgit