summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/modules/vfs_acl_common.c140
-rw-r--r--source3/modules/vfs_acl_tdb.c2
-rw-r--r--source3/modules/vfs_acl_xattr.c2
3 files changed, 6 insertions, 138 deletions
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 1947a77f07..14ac6f7a0b 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -600,124 +600,6 @@ static NTSTATUS check_parent_acl_common(vfs_handle_struct *handle,
}
/*********************************************************************
- Check ACL on open. For new files inherit from parent directory.
-*********************************************************************/
-
-static int open_acl_common(vfs_handle_struct *handle,
- struct smb_filename *smb_fname,
- files_struct *fsp,
- int flags,
- mode_t mode)
-{
- uint32_t access_granted = 0;
- struct security_descriptor *pdesc = NULL;
- bool file_existed = true;
- char *fname = NULL;
- NTSTATUS status;
-
- if (fsp->base_fsp) {
- /* Stream open. Base filename open already did the ACL check. */
- DEBUG(10,("open_acl_common: stream open on %s\n",
- fsp_str_dbg(fsp) ));
- return SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
- }
-
- status = get_full_smb_filename(talloc_tos(), smb_fname,
- &fname);
- if (!NT_STATUS_IS_OK(status)) {
- goto err;
- }
-
- status = get_nt_acl_internal(handle,
- NULL,
- fname,
- (SECINFO_OWNER |
- SECINFO_GROUP |
- SECINFO_DACL),
- &pdesc);
- if (NT_STATUS_IS_OK(status)) {
- /* See if we can access it. */
- status = smb1_file_se_access_check(handle->conn,
- pdesc,
- get_current_nttok(handle->conn),
- fsp->access_mask,
- &access_granted);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10,("open_acl_xattr: %s open "
- "refused with error %s\n",
- fsp_str_dbg(fsp),
- nt_errstr(status) ));
- goto err;
- }
- } else if (NT_STATUS_EQUAL(status,NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
- file_existed = false;
- /*
- * If O_CREAT is true then we're trying to create a file.
- * Check the parent directory ACL will allow this.
- */
- if (flags & O_CREAT) {
- struct security_descriptor *parent_desc = NULL;
- struct security_descriptor **pp_psd = NULL;
-
- status = check_parent_acl_common(handle, fname,
- SEC_DIR_ADD_FILE, &parent_desc);
- if (!NT_STATUS_IS_OK(status)) {
- goto err;
- }
-
- /* Cache the parent security descriptor for
- * later use. */
-
- pp_psd = (struct security_descriptor **)
- VFS_ADD_FSP_EXTENSION(handle,
- fsp,
- struct security_descriptor *,
- NULL);
- if (!pp_psd) {
- status = NT_STATUS_NO_MEMORY;
- goto err;
- }
-
- *pp_psd = parent_desc;
- status = NT_STATUS_OK;
- }
- }
-
- DEBUG(10,("open_acl_xattr: get_nt_acl_attr_internal for "
- "%s returned %s\n",
- fsp_str_dbg(fsp),
- nt_errstr(status) ));
-
- fsp->fh->fd = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
- return fsp->fh->fd;
-
- err:
-
- errno = map_errno_from_nt_status(status);
- return -1;
-}
-
-static int mkdir_acl_common(vfs_handle_struct *handle, const char *path, mode_t mode)
-{
- int ret;
- NTSTATUS status;
- SMB_STRUCT_STAT sbuf;
-
- ret = vfs_stat_smb_fname(handle->conn, path, &sbuf);
- if (ret == -1 && errno == ENOENT) {
- /* We're creating a new directory. */
- status = check_parent_acl_common(handle, path,
- SEC_DIR_ADD_SUBDIR, NULL);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- return -1;
- }
- }
-
- return SMB_VFS_NEXT_MKDIR(handle, path, mode);
-}
-
-/*********************************************************************
Fetch a security descriptor given an fsp.
*********************************************************************/
@@ -965,7 +847,6 @@ static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle,
files_struct *fsp = NULL;
int info;
struct security_descriptor *parent_sd = NULL;
- struct security_descriptor **pp_parent_sd = NULL;
status = SMB_VFS_NEXT_CREATE_FILE(handle,
req,
@@ -1010,18 +891,11 @@ static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle,
goto out;
}
- /* See if we have a cached parent sd, if so, use it. */
- pp_parent_sd = (struct security_descriptor **)VFS_FETCH_FSP_EXTENSION(handle, fsp);
- if (!pp_parent_sd) {
- /* Must be a directory, fetch again (sigh). */
- status = get_parent_acl_common(handle,
- fsp->fsp_name->base_name,
- &parent_sd);
- if (!NT_STATUS_IS_OK(status)) {
- goto out;
- }
- } else {
- parent_sd = *pp_parent_sd;
+ status = get_parent_acl_common(handle,
+ fsp->fsp_name->base_name,
+ &parent_sd);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
}
if (!parent_sd) {
@@ -1040,9 +914,7 @@ static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle,
out:
- if (fsp) {
- VFS_REMOVE_FSP_EXTENSION(handle, fsp);
- }
+ TALLOC_FREE(parent_sd);
if (NT_STATUS_IS_OK(status) && pinfo) {
*pinfo = info;
diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c
index 778e837be7..a4869c0a83 100644
--- a/source3/modules/vfs_acl_tdb.c
+++ b/source3/modules/vfs_acl_tdb.c
@@ -401,9 +401,7 @@ static struct vfs_fn_pointers vfs_acl_tdb_fns = {
.connect_fn = connect_acl_tdb,
.disconnect = disconnect_acl_tdb,
.opendir = opendir_acl_common,
- .mkdir = mkdir_acl_common,
.rmdir = rmdir_acl_tdb,
- .open_fn = open_acl_common,
.create_file = create_file_acl_common,
.unlink = unlink_acl_tdb,
.chmod = chmod_acl_module_common,
diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c
index b522b3303d..473c2fcdee 100644
--- a/source3/modules/vfs_acl_xattr.c
+++ b/source3/modules/vfs_acl_xattr.c
@@ -202,9 +202,7 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle,
static struct vfs_fn_pointers vfs_acl_xattr_fns = {
.connect_fn = connect_acl_xattr,
.opendir = opendir_acl_common,
- .mkdir = mkdir_acl_common,
.rmdir = rmdir_acl_common,
- .open_fn = open_acl_common,
.create_file = create_file_acl_common,
.unlink = unlink_acl_common,
.chmod = chmod_acl_module_common,