From a372cfac90a4d30a002111c64d1c30ed61dc821c Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 29 Aug 2012 13:29:34 -0700
Subject: [PATCH] Re-add set_sd(), called from set_sd_blob(). Allows us to
 centralize all ACL canonicalization. (cherry picked from commit
 05734b67b8ed5516d81000eac48acd0915567629) (cherry picked from commit
 67f82b4cb65294dc2e3c3a144d91df9bbfdaa90c)

---
 source3/smbd/nttrans.c | 40 ++++++++++++++++++++++++++--------------
 source3/smbd/proto.h   |  2 ++
 2 files changed, 28 insertions(+), 14 deletions(-)

diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 7fb22e3ff22..f66285d4a1c 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -827,19 +827,14 @@ static void do_nt_transact_create_pipe(connection_struct *conn,
 }
 
 /****************************************************************************
- Internal fn to set security descriptors from a data blob.
+ Internal fn to set security descriptors.
 ****************************************************************************/
 
-NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len,
+NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd,
 		       uint32_t security_info_sent)
 {
-	struct security_descriptor *psd = NULL;
 	NTSTATUS status;
 
-	if (sd_len == 0) {
-		return NT_STATUS_INVALID_PARAMETER;
-	}
-
 	if (!CAN_WRITE(fsp->conn)) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
@@ -848,12 +843,6 @@ NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len,
 		return NT_STATUS_OK;
 	}
 
-	status = unmarshall_sec_desc(talloc_tos(), data, sd_len, &psd);
-
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
 	if (psd->owner_sid == NULL) {
 		security_info_sent &= ~SECINFO_OWNER;
 	}
@@ -906,7 +895,7 @@ NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len,
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		DEBUG(10,("set_sd_blob for file %s\n", fsp_str_dbg(fsp)));
+		DEBUG(10,("set_sd for file %s\n", fsp_str_dbg(fsp)));
 		NDR_PRINT_DEBUG(security_descriptor, psd);
 	}
 
@@ -918,6 +907,29 @@ NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len,
 }
 
 /****************************************************************************
+ Internal fn to set security descriptors from a data blob.
+****************************************************************************/
+
+NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len,
+		       uint32_t security_info_sent)
+{
+	struct security_descriptor *psd = NULL;
+	NTSTATUS status;
+
+	if (sd_len == 0) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	status = unmarshall_sec_desc(talloc_tos(), data, sd_len, &psd);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return set_sd(fsp, psd, security_info_sent);
+}
+
+/****************************************************************************
  Read a list of EA names and data from an incoming data buffer. Create an ea_list with them.
 ****************************************************************************/
 
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index 9224ce710c4..e80e01e4258 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -561,6 +561,8 @@ void send_nt_replies(connection_struct *conn,
 		     char *params, int paramsize,
 		     char *pdata, int datasize);
 void reply_ntcreate_and_X(struct smb_request *req);
+NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd,
+                       uint32_t security_info_sent);
 NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len,
                        uint32_t security_info_sent);
 NTSTATUS smb_fsctl(struct files_struct *fsp,
-- 
2.11.4.GIT