mirror of
https://github.com/samba-team/samba.git
synced 2025-03-01 04:58:35 +03:00
Remove unused append_parent_acl().
Get rid of a large chunk of unused code. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Tue Dec 4 11:59:30 CET 2012 on sn-devel-104
This commit is contained in:
Jeremy Allison
David Disseldorp
parent
4a8028a96e
commit
1c5c492f7e
@ -3717,207 +3717,6 @@ NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid)
|
||||
return status;
|
||||
}
|
||||
|
||||
#if 0
|
||||
/* Disable this - prevents ACL inheritance from the ACL editor. JRA. */
|
||||
|
||||
/****************************************************************************
|
||||
Take care of parent ACL inheritance.
|
||||
****************************************************************************/
|
||||
|
||||
NTSTATUS append_parent_acl(files_struct *fsp,
|
||||
const struct security_descriptor *pcsd,
|
||||
struct security_descriptor **pp_new_sd)
|
||||
{
|
||||
struct smb_filename *smb_dname = NULL;
|
||||
struct security_descriptor *parent_sd = NULL;
|
||||
files_struct *parent_fsp = NULL;
|
||||
TALLOC_CTX *mem_ctx = talloc_tos();
|
||||
char *parent_name = NULL;
|
||||
struct security_ace *new_ace = NULL;
|
||||
unsigned int num_aces = pcsd->dacl->num_aces;
|
||||
NTSTATUS status;
|
||||
int info;
|
||||
unsigned int i, j;
|
||||
struct security_descriptor *psd = dup_sec_desc(talloc_tos(), pcsd);
|
||||
bool is_dacl_protected = (pcsd->type & SEC_DESC_DACL_PROTECTED);
|
||||
|
||||
if (psd == NULL) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
if (!parent_dirname(mem_ctx, fsp->fsp_name->base_name, &parent_name,
|
||||
NULL)) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
status = create_synthetic_smb_fname(mem_ctx, parent_name, NULL, NULL,
|
||||
&smb_dname);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
goto fail;
|
||||
}
|
||||
|
||||
status = SMB_VFS_CREATE_FILE(
|
||||
fsp->conn, /* conn */
|
||||
NULL, /* req */
|
||||
0, /* root_dir_fid */
|
||||
smb_dname, /* fname */
|
||||
FILE_READ_ATTRIBUTES, /* access_mask */
|
||||
FILE_SHARE_NONE, /* share_access */
|
||||
FILE_OPEN, /* create_disposition*/
|
||||
FILE_DIRECTORY_FILE, /* create_options */
|
||||
0, /* file_attributes */
|
||||
INTERNAL_OPEN_ONLY, /* oplock_request */
|
||||
0, /* allocation_size */
|
||||
NULL, /* sd */
|
||||
NULL, /* ea_list */
|
||||
&parent_fsp, /* result */
|
||||
&info); /* pinfo */
|
||||
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
TALLOC_FREE(smb_dname);
|
||||
return status;
|
||||
}
|
||||
|
||||
status = SMB_VFS_GET_NT_ACL(parent_fsp->conn, smb_dname->base_name,
|
||||
SECINFO_DACL, &parent_sd );
|
||||
|
||||
close_file(NULL, parent_fsp, NORMAL_CLOSE);
|
||||
TALLOC_FREE(smb_dname);
|
||||
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
|
||||
/*
|
||||
* Make room for potentially all the ACLs from
|
||||
* the parent. We used to add the ugw triple here,
|
||||
* as we knew we were dealing with POSIX ACLs.
|
||||
* We no longer need to do so as we can guarentee
|
||||
* that a default ACL from the parent directory will
|
||||
* be well formed for POSIX ACLs if it came from a
|
||||
* POSIX ACL source, and if we're not writing to a
|
||||
* POSIX ACL sink then we don't care if it's not well
|
||||
* formed. JRA.
|
||||
*/
|
||||
|
||||
num_aces += parent_sd->dacl->num_aces;
|
||||
|
||||
if((new_ace = talloc_zero_array(mem_ctx, struct security_ace,
|
||||
num_aces)) == NULL) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
/* Start by copying in all the given ACE entries. */
|
||||
for (i = 0; i < psd->dacl->num_aces; i++) {
|
||||
sec_ace_copy(&new_ace[i], &psd->dacl->aces[i]);
|
||||
}
|
||||
|
||||
/*
|
||||
* Note that we're ignoring "inherit permissions" here
|
||||
* as that really only applies to newly created files. JRA.
|
||||
*/
|
||||
|
||||
/* Finally append any inherited ACEs. */
|
||||
for (j = 0; j < parent_sd->dacl->num_aces; j++) {
|
||||
struct security_ace *se = &parent_sd->dacl->aces[j];
|
||||
|
||||
if (fsp->is_directory) {
|
||||
if (!(se->flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) {
|
||||
/* Doesn't apply to a directory - ignore. */
|
||||
DEBUG(10,("append_parent_acl: directory %s "
|
||||
"ignoring non container "
|
||||
"inherit flags %u on ACE with sid %s "
|
||||
"from parent %s\n",
|
||||
fsp_str_dbg(fsp),
|
||||
(unsigned int)se->flags,
|
||||
sid_string_dbg(&se->trustee),
|
||||
parent_name));
|
||||
continue;
|
||||
}
|
||||
} else {
|
||||
if (!(se->flags & SEC_ACE_FLAG_OBJECT_INHERIT)) {
|
||||
/* Doesn't apply to a file - ignore. */
|
||||
DEBUG(10,("append_parent_acl: file %s "
|
||||
"ignoring non object "
|
||||
"inherit flags %u on ACE with sid %s "
|
||||
"from parent %s\n",
|
||||
fsp_str_dbg(fsp),
|
||||
(unsigned int)se->flags,
|
||||
sid_string_dbg(&se->trustee),
|
||||
parent_name));
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
if (is_dacl_protected) {
|
||||
/* If the DACL is protected it means we must
|
||||
* not overwrite an existing ACE entry with the
|
||||
* same SID. This is order N^2. Ouch :-(. JRA. */
|
||||
unsigned int k;
|
||||
for (k = 0; k < psd->dacl->num_aces; k++) {
|
||||
if (dom_sid_equal(&psd->dacl->aces[k].trustee,
|
||||
&se->trustee)) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (k < psd->dacl->num_aces) {
|
||||
/* SID matched. Ignore. */
|
||||
DEBUG(10,("append_parent_acl: path %s "
|
||||
"ignoring ACE with protected sid %s "
|
||||
"from parent %s\n",
|
||||
fsp_str_dbg(fsp),
|
||||
sid_string_dbg(&se->trustee),
|
||||
parent_name));
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
sec_ace_copy(&new_ace[i], se);
|
||||
if (se->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
|
||||
new_ace[i].flags &= ~(SEC_ACE_FLAG_VALID_INHERIT);
|
||||
}
|
||||
new_ace[i].flags |= SEC_ACE_FLAG_INHERITED_ACE;
|
||||
|
||||
if (fsp->is_directory) {
|
||||
/*
|
||||
* Strip off any inherit only. It's applied.
|
||||
*/
|
||||
new_ace[i].flags &= ~(SEC_ACE_FLAG_INHERIT_ONLY);
|
||||
if (se->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
|
||||
/* No further inheritance. */
|
||||
new_ace[i].flags &=
|
||||
~(SEC_ACE_FLAG_CONTAINER_INHERIT|
|
||||
SEC_ACE_FLAG_OBJECT_INHERIT);
|
||||
}
|
||||
} else {
|
||||
/*
|
||||
* Strip off any container or inherit
|
||||
* flags, they can't apply to objects.
|
||||
*/
|
||||
new_ace[i].flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|
|
||||
SEC_ACE_FLAG_INHERIT_ONLY|
|
||||
SEC_ACE_FLAG_NO_PROPAGATE_INHERIT);
|
||||
}
|
||||
i++;
|
||||
|
||||
DEBUG(10,("append_parent_acl: path %s "
|
||||
"inheriting ACE with sid %s "
|
||||
"from parent %s\n",
|
||||
fsp_str_dbg(fsp),
|
||||
sid_string_dbg(&se->trustee),
|
||||
parent_name));
|
||||
}
|
||||
|
||||
psd->dacl->aces = new_ace;
|
||||
psd->dacl->num_aces = i;
|
||||
psd->type &= ~(SEC_DESC_DACL_AUTO_INHERITED|
|
||||
SEC_DESC_DACL_AUTO_INHERIT_REQ);
|
||||
|
||||
*pp_new_sd = psd;
|
||||
return status;
|
||||
}
|
||||
#endif
|
||||
|
||||
/****************************************************************************
|
||||
Reply to set a security descriptor on an fsp. security_info_sent is the
|
||||
description of the following NT ACL.
|
||||
|
||||
@ -718,9 +718,6 @@ NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct security_descriptor **ppdesc);
|
||||
NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid);
|
||||
NTSTATUS append_parent_acl(files_struct *fsp,
|
||||
const struct security_descriptor *pcsd,
|
||||
struct security_descriptor **pp_new_sd);
|
||||
NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd);
|
||||
int get_acl_group_bits( connection_struct *conn, const char *fname, mode_t *mode );
|
||||
int chmod_acl(connection_struct *conn, const char *name, mode_t mode);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user