s3: smbd: In open_directory() move the call to smbd_check_access_rights() until after...

This doesn't matter now, but later we will move to a handle-based call to
check access rights, so we will need the full handle setup.

Add a fd_close(fsp) in the error path now this is done after the fd open.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 70190c7641dc92207d56f88ce8919d8ff73fd911..5094f41c690fda2e33aeca6b4a5b5efac0778551 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -4616,21 +4616,6 @@ static NTSTATUS open_directory(connection_struct *conn,
                return NT_STATUS_NOT_A_DIRECTORY;
        }
 
-       if (info == FILE_WAS_OPENED) {
-               status = smbd_check_access_rights(conn,
-                                               conn->cwd_fsp,
-                                               smb_dname,
-                                               false,
-                                               access_mask);
-               if (!NT_STATUS_IS_OK(status)) {
-                       DEBUG(10, ("open_directory: smbd_check_access_rights on "
-                               "file %s failed with %s\n",
-                               smb_fname_str_dbg(smb_dname),
-                               nt_errstr(status)));
-                       return status;
-               }
-       }
-
        /*
         * Setup the files_struct for it.
         */
@@ -4703,6 +4688,22 @@ static NTSTATUS open_directory(connection_struct *conn,
                return NT_STATUS_ACCESS_DENIED;
        }
 
+       if (info == FILE_WAS_OPENED) {
+               status = smbd_check_access_rights(conn,
+                                               conn->cwd_fsp,
+                                               smb_dname,
+                                               false,
+                                               access_mask);
+               if (!NT_STATUS_IS_OK(status)) {
+                       DEBUG(10, ("open_directory: smbd_check_access_rights on "
+                               "file %s failed with %s\n",
+                               smb_fname_str_dbg(smb_dname),
+                               nt_errstr(status)));
+                       fd_close(fsp);
+                       return status;
+               }
+       }
+
        lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
                                  conn->connectpath, smb_dname,
                                  &mtimespec);