From: Jeremy Allison <jra@samba.org>
Date: Tue, 14 Apr 2020 19:43:51 +0000 (-0700)
Subject: s3: VFS: acl_common: Add a dirfsp parameter to validate_nt_acl_blob().
X-Git-Tag: ldb-2.2.0~617
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2437dcc5ac820ea554273cc2365e363d46f57abd;p=thirdparty%2Fsamba.git

s3: VFS: acl_common: Add a dirfsp parameter to validate_nt_acl_blob().

This sucks, as it's the only function that I've been
unable to easily split into a _fsp and a _pathname version,
it just does too much. Bite the bullet and add a dirfsp
parameter as well as the fsp and smb_fname parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index f4fe7972552..71a48163b70 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -409,12 +409,13 @@ static NTSTATUS add_directory_inheritable_components(vfs_handle_struct *handle,
  * need it as well.
  **/
 static NTSTATUS validate_nt_acl_blob(TALLOC_CTX *mem_ctx,
-				     vfs_handle_struct *handle,
-				     files_struct *fsp,
-				     const struct smb_filename *smb_fname,
-				     const DATA_BLOB *blob,
-				     struct security_descriptor **ppsd,
-				     bool *psd_is_from_fs)
+				vfs_handle_struct *handle,
+				struct files_struct *fsp,
+				struct files_struct *dirfsp,
+				const struct smb_filename *smb_fname,
+				const DATA_BLOB *blob,
+				struct security_descriptor **ppsd,
+				bool *psd_is_from_fs)
 {
 	NTSTATUS status;
 	uint16_t hash_type = XATTR_SD_HASH_TYPE_NONE;
@@ -626,12 +627,13 @@ NTSTATUS fget_nt_acl_common(
 	status = fget_acl_blob_fn(mem_ctx, handle, fsp, &blob);
 	if (NT_STATUS_IS_OK(status)) {
 		status = validate_nt_acl_blob(mem_ctx,
-					      handle,
-					      fsp,
-					      smb_fname,
-					      &blob,
-					      &psd,
-					      &psd_is_from_fs);
+					handle,
+					fsp,
+					NULL,
+					smb_fname,
+					&blob,
+					&psd,
+					&psd_is_from_fs);
 		TALLOC_FREE(blob.data);
 		if (!NT_STATUS_IS_OK(status)) {
 			DBG_DEBUG("ACL validation for [%s] failed\n",
@@ -779,12 +781,13 @@ NTSTATUS get_nt_acl_common_at(
 				&blob);
 	if (NT_STATUS_IS_OK(status)) {
 		status = validate_nt_acl_blob(mem_ctx,
-					      handle,
-					      NULL,
-					      smb_fname_in,
-					      &blob,
-					      &psd,
-					      &psd_is_from_fs);
+					handle,
+					NULL,
+					dirfsp,
+					smb_fname_in,
+					&blob,
+					&psd,
+					&psd_is_from_fs);
 		TALLOC_FREE(blob.data);
 		if (!NT_STATUS_IS_OK(status)) {
 			DBG_DEBUG("ACL validation for [%s] failed\n",