From 00b2cdf75e9bea25034440054b4acd91a179c86d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 8 May 2008 18:09:07 -0700 Subject: Yay ! Remove a VFS entry. Removed the set_nt_acl() call, this can only be done via fset_nt_acl() using an open file/directory handle. I'd like to do the same with get_nt_acl() but am concerned about efficiency problems with "hide unreadable/hide unwritable" when doing a directory listing (this would mean opening every file in the dir on list). Moving closer to rationalizing the ACL model and maybe moving the POSIX calls into a posix_acl VFS module rather than having them as first class citizens of the VFS. Jeremy. (This used to be commit f487f742cb903a06fbf2be006ddc9ce9063339ed) --- source3/modules/vfs_afsacl.c | 10 ---------- source3/modules/vfs_aixacl2.c | 9 --------- source3/modules/vfs_cap.c | 15 --------------- source3/modules/vfs_catia.c | 10 ---------- source3/modules/vfs_default.c | 12 ------------ source3/modules/vfs_full_audit.c | 20 -------------------- source3/modules/vfs_gpfs.c | 9 --------- source3/modules/vfs_shadow_copy2.c | 8 -------- source3/modules/vfs_zfsacl.c | 10 ---------- 9 files changed, 103 deletions(-) (limited to 'source3/modules') diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c index e35bfabb8c..9409f3fa20 100644 --- a/source3/modules/vfs_afsacl.c +++ b/source3/modules/vfs_afsacl.c @@ -1045,14 +1045,6 @@ NTSTATUS afsacl_fset_nt_acl(vfs_handle_struct *handle, return afs_set_nt_acl(handle, fsp, security_info_sent, psd); } -NTSTATUS afsacl_set_nt_acl(vfs_handle_struct *handle, - files_struct *fsp, - const char *name, uint32 security_info_sent, - SEC_DESC *psd) -{ - return afs_set_nt_acl(handle, fsp, security_info_sent, psd); -} - static int afsacl_connect(vfs_handle_struct *handle, const char *service, const char *user) @@ -1078,8 +1070,6 @@ static vfs_op_tuple afsacl_ops[] = { SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(afsacl_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(afsacl_set_nt_acl), SMB_VFS_OP_SET_NT_ACL, - SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} }; diff --git a/source3/modules/vfs_aixacl2.c b/source3/modules/vfs_aixacl2.c index 996adbbdfe..62675ae631 100644 --- a/source3/modules/vfs_aixacl2.c +++ b/source3/modules/vfs_aixacl2.c @@ -403,11 +403,6 @@ NTSTATUS aixjfs2_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint3 return aixjfs2_set_nt_acl_common(fsp, security_info_sent, psd); } -NTSTATUS aixjfs2_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd) -{ - return aixjfs2_set_nt_acl_common(fsp, security_info_sent, psd); -} - int aixjfs2_sys_acl_set_file(vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T type, @@ -509,10 +504,6 @@ static vfs_op_tuple aixjfs2_ops[] = SMB_VFS_OP_FSET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(aixjfs2_set_nt_acl), - SMB_VFS_OP_SET_NT_ACL, - SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(aixjfs2_sys_acl_get_file), SMB_VFS_OP_SYS_ACL_GET_FILE, SMB_VFS_LAYER_TRANSPARENT}, diff --git a/source3/modules/vfs_cap.c b/source3/modules/vfs_cap.c index 2f2d6a7182..79537367d6 100644 --- a/source3/modules/vfs_cap.c +++ b/source3/modules/vfs_cap.c @@ -278,17 +278,6 @@ static char *cap_realpath(vfs_handle_struct *handle, const char *path, char *res return SMB_VFS_NEXT_REALPATH(handle, path, resolved_path); } -static NTSTATUS cap_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *path, uint32 security_info_sent, struct security_descriptor *psd) -{ - char *cappath = capencode(talloc_tos(), path); - - if (!cappath) { - errno = ENOMEM; - return NT_STATUS_NO_MEMORY; - } - return SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, cappath, security_info_sent, psd); -} - static int cap_chmod_acl(vfs_handle_struct *handle, const char *path, mode_t mode) { char *cappath = capencode(talloc_tos(), path); @@ -499,10 +488,6 @@ static vfs_op_tuple cap_op_tuples[] = { {SMB_VFS_OP(cap_mknod), SMB_VFS_OP_MKNOD, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(cap_realpath), SMB_VFS_OP_REALPATH, SMB_VFS_LAYER_TRANSPARENT}, - /* NT File ACL operations */ - - {SMB_VFS_OP(cap_set_nt_acl), SMB_VFS_OP_SET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, - /* POSIX ACL operations */ {SMB_VFS_OP(cap_chmod_acl), SMB_VFS_OP_CHMOD_ACL, SMB_VFS_LAYER_TRANSPARENT}, diff --git a/source3/modules/vfs_catia.c b/source3/modules/vfs_catia.c index ab48c963ec..8b56be6cea 100644 --- a/source3/modules/vfs_catia.c +++ b/source3/modules/vfs_catia.c @@ -293,14 +293,6 @@ static NTSTATUS catia_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, return SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc); } -static NTSTATUS catia_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, - const char *name, uint32 security_info_sent, - struct security_descriptor *psd) -{ - return SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent, - psd); -} - static int catia_chmod_acl(vfs_handle_struct *handle, const char *name, mode_t mode) { @@ -362,8 +354,6 @@ SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(catia_get_nt_acl), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(catia_set_nt_acl), SMB_VFS_OP_SET_NT_ACL, -SMB_VFS_LAYER_TRANSPARENT}, /* POSIX ACL operations */ diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index de801a2041..6ee677e376 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -1042,16 +1042,6 @@ static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp return result; } -static NTSTATUS vfswrap_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd) -{ - NTSTATUS result; - - START_PROFILE(set_nt_acl); - result = set_nt_acl(fsp, security_info_sent, psd); - END_PROFILE(set_nt_acl); - return result; -} - static int vfswrap_chmod_acl(vfs_handle_struct *handle, const char *name, mode_t mode) { #ifdef HAVE_NO_ACL @@ -1446,8 +1436,6 @@ static vfs_op_tuple vfs_default_ops[] = { SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(vfswrap_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL, SMB_VFS_LAYER_OPAQUE}, - {SMB_VFS_OP(vfswrap_set_nt_acl), SMB_VFS_OP_SET_NT_ACL, - SMB_VFS_LAYER_OPAQUE}, /* POSIX ACL operations. */ diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index 2f8098de9b..19a1d02de4 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -199,9 +199,6 @@ static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struc static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd); -static NTSTATUS smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, - const char *name, uint32 security_info_sent, - SEC_DESC *psd); static int smb_full_audit_chmod_acl(vfs_handle_struct *handle, const char *path, mode_t mode); static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, @@ -431,8 +428,6 @@ static vfs_op_tuple audit_op_tuples[] = { SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL, SMB_VFS_LAYER_LOGGER}, - {SMB_VFS_OP(smb_full_audit_set_nt_acl), SMB_VFS_OP_SET_NT_ACL, - SMB_VFS_LAYER_LOGGER}, /* POSIX ACL operations. */ @@ -593,7 +588,6 @@ static struct { { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" }, { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" }, { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" }, - { SMB_VFS_OP_SET_NT_ACL, "set_nt_acl" }, { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" }, { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" }, { SMB_VFS_OP_SYS_ACL_GET_ENTRY, "sys_acl_get_entry" }, @@ -1572,20 +1566,6 @@ static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_stru return result; } -static NTSTATUS smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, - const char *name, uint32 security_info_sent, - SEC_DESC *psd) -{ - NTSTATUS result; - - result = SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent, - psd); - - do_log(SMB_VFS_OP_SET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name); - - return result; -} - static int smb_full_audit_chmod_acl(vfs_handle_struct *handle, const char *path, mode_t mode) { diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index d10906dfb1..39d2bb6c38 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -391,11 +391,6 @@ static NTSTATUS gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp return gpfsacl_set_nt_acl_internal(fsp, security_info_sent, psd); } -static NTSTATUS gpfsacl_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, char *name, uint32 security_info_sent, SEC_DESC *psd) -{ - return gpfsacl_set_nt_acl_internal(fsp, security_info_sent, psd); -} - static SMB_ACL_T gpfs2smb_acl(const struct gpfs_acl *pacl) { SMB_ACL_T result; @@ -839,10 +834,6 @@ static vfs_op_tuple gpfs_op_tuples[] = { SMB_VFS_OP_FSET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT }, - { SMB_VFS_OP(gpfsacl_set_nt_acl), - SMB_VFS_OP_SET_NT_ACL, - SMB_VFS_LAYER_TRANSPARENT }, - { SMB_VFS_OP(gpfsacl_sys_acl_get_file), SMB_VFS_OP_SYS_ACL_GET_FILE, SMB_VFS_LAYER_TRANSPARENT }, diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c index ddbc5aab18..c95600b642 100644 --- a/source3/modules/vfs_shadow_copy2.c +++ b/source3/modules/vfs_shadow_copy2.c @@ -423,13 +423,6 @@ static NTSTATUS shadow_copy2_get_nt_acl(vfs_handle_struct *handle, SHADOW2_NTSTATUS_NEXT(GET_NT_ACL, (handle, name, security_info, ppdesc), NT_STATUS_ACCESS_DENIED); } -static NTSTATUS shadow_copy2_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, - const char *fname, uint32 security_info_sent, - struct security_descriptor *psd) -{ - SHADOW2_NTSTATUS_NEXT(SET_NT_ACL, (handle, fsp, name, security_info_sent, psd), NT_STATUS_ACCESS_DENIED); -} - static int shadow_copy2_mkdir(vfs_handle_struct *handle, const char *fname, mode_t mode) { SHADOW2_NEXT(MKDIR, (handle, name, mode), int, -1); @@ -601,7 +594,6 @@ static vfs_op_tuple shadow_copy2_ops[] = { /* NT File ACL operations */ {SMB_VFS_OP(shadow_copy2_get_nt_acl), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(shadow_copy2_set_nt_acl), SMB_VFS_OP_SET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, /* POSIX ACL operations */ {SMB_VFS_OP(shadow_copy2_chmod_acl), SMB_VFS_OP_CHMOD_ACL, SMB_VFS_LAYER_TRANSPARENT}, diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index ce2e28771f..e8a0507aa4 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -212,14 +212,6 @@ static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle, return zfs_set_nt_acl(handle, fsp, security_info_sent, psd); } -static NTSTATUS zfsacl_set_nt_acl(vfs_handle_struct *handle, - files_struct *fsp, - const char *name, uint32 security_info_sent, - SEC_DESC *psd) -{ - return zfs_set_nt_acl(handle, fsp, security_info_sent, psd); -} - /* VFS operations structure */ static vfs_op_tuple zfsacl_ops[] = { @@ -229,8 +221,6 @@ static vfs_op_tuple zfsacl_ops[] = { SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(zfsacl_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL, SMB_VFS_LAYER_OPAQUE}, - {SMB_VFS_OP(zfsacl_set_nt_acl), SMB_VFS_OP_SET_NT_ACL, - SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} }; -- cgit