From ae405eed4fa1857e90f240671c539088be51d562 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 11 May 2010 11:02:59 +0200
Subject: s3-printing: Removed unused security descriptor functions.

Signed-off-by: Jim McDonough <jmcd@samba.org>
---
 source3/printing/nt_printing.c | 306 -----------------------------------------
 1 file changed, 306 deletions(-)

(limited to 'source3/printing')

diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 51ae10649d..63cdefc077 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -3389,312 +3389,6 @@ bool delete_driver_files(struct auth_serversupplied_info *server_info,
 	return ret;
 }
 
-/****************************************************************************
- Store a security desc for a printer.
-****************************************************************************/
-
-WERROR nt_printing_setsec(const char *sharename, struct sec_desc_buf *secdesc_ctr)
-{
-	struct sec_desc_buf *new_secdesc_ctr = NULL;
-	struct sec_desc_buf *old_secdesc_ctr = NULL;
-	TALLOC_CTX *mem_ctx = NULL;
-	TDB_DATA kbuf;
-	TDB_DATA dbuf;
-	DATA_BLOB blob;
-	WERROR status;
-	NTSTATUS nt_status;
-
-	mem_ctx = talloc_init("nt_printing_setsec");
-	if (mem_ctx == NULL)
-		return WERR_NOMEM;
-
-        /* The old owner and group sids of the security descriptor are not
-	   present when new ACEs are added or removed by changing printer
-	   permissions through NT.  If they are NULL in the new security
-	   descriptor then copy them over from the old one. */
-
-	if (!secdesc_ctr->sd->owner_sid || !secdesc_ctr->sd->group_sid) {
-		struct dom_sid *owner_sid, *group_sid;
-		struct security_acl *dacl, *sacl;
-		struct security_descriptor *psd = NULL;
-		size_t size;
-
-		if (!nt_printing_getsec(mem_ctx, sharename, &old_secdesc_ctr)) {
-			status = WERR_NOMEM;
-			goto out;
-		}
-
-		/* Pick out correct owner and group sids */
-
-		owner_sid = secdesc_ctr->sd->owner_sid ?
-			secdesc_ctr->sd->owner_sid :
-			old_secdesc_ctr->sd->owner_sid;
-
-		group_sid = secdesc_ctr->sd->group_sid ?
-			secdesc_ctr->sd->group_sid :
-			old_secdesc_ctr->sd->group_sid;
-
-		dacl = secdesc_ctr->sd->dacl ?
-			secdesc_ctr->sd->dacl :
-			old_secdesc_ctr->sd->dacl;
-
-		sacl = secdesc_ctr->sd->sacl ?
-			secdesc_ctr->sd->sacl :
-			old_secdesc_ctr->sd->sacl;
-
-		/* Make a deep copy of the security descriptor */
-
-		psd = make_sec_desc(mem_ctx, secdesc_ctr->sd->revision, secdesc_ctr->sd->type,
-				    owner_sid, group_sid,
-				    sacl,
-				    dacl,
-				    &size);
-
-		if (!psd) {
-			status = WERR_NOMEM;
-			goto out;
-		}
-
-		new_secdesc_ctr = make_sec_desc_buf(mem_ctx, size, psd);
-	}
-
-	if (!new_secdesc_ctr) {
-		new_secdesc_ctr = secdesc_ctr;
-	}
-
-	/* Store the security descriptor in a tdb */
-
-	nt_status = marshall_sec_desc_buf(mem_ctx, new_secdesc_ctr,
-					  &blob.data, &blob.length);
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		status = ntstatus_to_werror(nt_status);
-		goto out;
-	}
-
-	kbuf = make_printers_secdesc_tdbkey(mem_ctx, sharename );
-
-	dbuf.dptr = (unsigned char *)blob.data;
-	dbuf.dsize = blob.length;
-
-	if (tdb_trans_store(tdb_printers, kbuf, dbuf, TDB_REPLACE)==0) {
-		status = WERR_OK;
-	} else {
-		DEBUG(1,("Failed to store secdesc for %s\n", sharename));
-		status = WERR_BADFUNC;
-	}
-
-	/* Free malloc'ed memory */
-	talloc_free(blob.data);
-
- out:
-
-	if (mem_ctx)
-		talloc_destroy(mem_ctx);
-	return status;
-}
-
-/****************************************************************************
- Construct a default security descriptor buffer for a printer.
-****************************************************************************/
-
-static struct sec_desc_buf *construct_default_printer_sdb(TALLOC_CTX *ctx)
-{
-	struct security_ace ace[7];	/* max number of ace entries */
-	int i = 0;
-	uint32_t sa;
-	struct security_acl *psa = NULL;
-	struct sec_desc_buf *sdb = NULL;
-	struct security_descriptor *psd = NULL;
-	struct dom_sid adm_sid;
-	size_t sd_size;
-
-	/* Create an ACE where Everyone is allowed to print */
-
-	sa = PRINTER_ACE_PRINT;
-	init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
-		     sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
-
-	/* Add the domain admins group if we are a DC */
-
-	if ( IS_DC ) {
-		struct dom_sid domadmins_sid;
-
-		sid_compose(&domadmins_sid, get_global_sam_sid(),
-			    DOMAIN_RID_ADMINS);
-
-		sa = PRINTER_ACE_FULL_CONTROL;
-		init_sec_ace(&ace[i++], &domadmins_sid,
-			SEC_ACE_TYPE_ACCESS_ALLOWED, sa,
-			SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY);
-		init_sec_ace(&ace[i++], &domadmins_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
-			sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
-	}
-	else if (secrets_fetch_domain_sid(lp_workgroup(), &adm_sid)) {
-		sid_append_rid(&adm_sid, DOMAIN_RID_ADMINISTRATOR);
-
-		sa = PRINTER_ACE_FULL_CONTROL;
-		init_sec_ace(&ace[i++], &adm_sid,
-			SEC_ACE_TYPE_ACCESS_ALLOWED, sa,
-			SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY);
-		init_sec_ace(&ace[i++], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
-			sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
-	}
-
-	/* add BUILTIN\Administrators as FULL CONTROL */
-
-	sa = PRINTER_ACE_FULL_CONTROL;
-	init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
-		SEC_ACE_TYPE_ACCESS_ALLOWED, sa,
-		SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY);
-	init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
-		SEC_ACE_TYPE_ACCESS_ALLOWED,
-		sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
-
-	/* add BUILTIN\Print Operators as FULL CONTROL */
-
-	sa = PRINTER_ACE_FULL_CONTROL;
-	init_sec_ace(&ace[i++], &global_sid_Builtin_Print_Operators,
-		SEC_ACE_TYPE_ACCESS_ALLOWED, sa,
-		SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY);
-	init_sec_ace(&ace[i++], &global_sid_Builtin_Print_Operators,
-		SEC_ACE_TYPE_ACCESS_ALLOWED,
-		sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
-
-	/* Make the security descriptor owned by the BUILTIN\Administrators */
-
-	/* The ACL revision number in rpc_secdesc.h differs from the one
-	   created by NT when setting ACE entries in printer
-	   descriptors.  NT4 complains about the property being edited by a
-	   NT5 machine. */
-
-	if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) != NULL) {
-		psd = make_sec_desc(ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE,
-			&global_sid_Builtin_Administrators,
-			&global_sid_Builtin_Administrators,
-			NULL, psa, &sd_size);
-	}
-
-	if (!psd) {
-		DEBUG(0,("construct_default_printer_sd: Failed to make SEC_DESC.\n"));
-		return NULL;
-	}
-
-	sdb = make_sec_desc_buf(ctx, sd_size, psd);
-
-	DEBUG(4,("construct_default_printer_sdb: size = %u.\n",
-		 (unsigned int)sd_size));
-
-	return sdb;
-}
-
-/****************************************************************************
- Get a security desc for a printer.
-****************************************************************************/
-
-bool nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, struct sec_desc_buf **secdesc_ctr)
-{
-	TDB_DATA kbuf;
-	TDB_DATA dbuf;
-	DATA_BLOB blob;
-	char *temp;
-	NTSTATUS status;
-
-	if (strlen(sharename) > 2 && (temp = strchr(sharename + 2, '\\'))) {
-		sharename = temp + 1;
-	}
-
-	/* Fetch security descriptor from tdb */
-
-	kbuf = make_printers_secdesc_tdbkey(ctx, sharename);
-
-	dbuf = tdb_fetch(tdb_printers, kbuf);
-	if (dbuf.dptr) {
-
-		status = unmarshall_sec_desc_buf(ctx, dbuf.dptr, dbuf.dsize,
-						 secdesc_ctr);
-		SAFE_FREE(dbuf.dptr);
-
-		if (NT_STATUS_IS_OK(status)) {
-			return true;
-		}
-	}
-
-	*secdesc_ctr = construct_default_printer_sdb(ctx);
-	if (!*secdesc_ctr) {
-		return false;
-	}
-
-	status = marshall_sec_desc_buf(ctx, *secdesc_ctr,
-				       &blob.data, &blob.length);
-	if (NT_STATUS_IS_OK(status)) {
-		dbuf.dptr = (unsigned char *)blob.data;
-		dbuf.dsize = blob.length;
-		tdb_trans_store(tdb_printers, kbuf, dbuf, TDB_REPLACE);
-		talloc_free(blob.data);
-	}
-
-	/* If security descriptor is owned by S-1-1-0 and winbindd is up,
-	   this security descriptor has been created when winbindd was
-	   down.  Take ownership of security descriptor. */
-
-	if (sid_equal((*secdesc_ctr)->sd->owner_sid, &global_sid_World)) {
-		struct dom_sid owner_sid;
-
-		/* Change sd owner to workgroup administrator */
-
-		if (secrets_fetch_domain_sid(lp_workgroup(), &owner_sid)) {
-			struct sec_desc_buf *new_secdesc_ctr = NULL;
-			struct security_descriptor *psd = NULL;
-			size_t size;
-
-			/* Create new sd */
-
-			sid_append_rid(&owner_sid, DOMAIN_RID_ADMINISTRATOR);
-
-			psd = make_sec_desc(ctx, (*secdesc_ctr)->sd->revision, (*secdesc_ctr)->sd->type,
-					    &owner_sid,
-					    (*secdesc_ctr)->sd->group_sid,
-					    (*secdesc_ctr)->sd->sacl,
-					    (*secdesc_ctr)->sd->dacl,
-					    &size);
-
-			if (!psd) {
-				return False;
-			}
-
-			new_secdesc_ctr = make_sec_desc_buf(ctx, size, psd);
-			if (!new_secdesc_ctr) {
-				return False;
-			}
-
-			/* Swap with other one */
-
-			*secdesc_ctr = new_secdesc_ctr;
-
-			/* Set it */
-
-			nt_printing_setsec(sharename, *secdesc_ctr);
-		}
-	}
-
-	if (DEBUGLEVEL >= 10) {
-		struct security_acl *the_acl = (*secdesc_ctr)->sd->dacl;
-		int i;
-
-		DEBUG(10, ("secdesc_ctr for %s has %d aces:\n",
-			   sharename, the_acl->num_aces));
-
-		for (i = 0; i < the_acl->num_aces; i++) {
-			DEBUG(10, ("%s %d %d 0x%08x\n",
-				   sid_string_dbg(&the_acl->aces[i].trustee),
-				   the_acl->aces[i].type, the_acl->aces[i].flags,
-				   the_acl->aces[i].access_mask));
-		}
-	}
-
-	return True;
-}
-
 /* error code:
 	0: everything OK
 	1: level not implemented
-- 
cgit