[PATCH] Remove unused append_parent_acl().

Jeremy Allison jra at samba.org
Mon Dec 3 16:07:16 MST 2012 

Get rid of a large chunk of unused code.

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source3/smbd/posix_acls.c |  201 ---------------------------------------------
 source3/smbd/proto.h      |    3 -
 2 files changed, 0 insertions(+), 204 deletions(-)

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index bca5304..9a136c0 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3717,207 +3717,6 @@ NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid)
 	return status;
 }
 
-#if 0
-/* Disable this - prevents ACL inheritance from the ACL editor. JRA. */
-
-/****************************************************************************
- Take care of parent ACL inheritance.
-****************************************************************************/
-
-NTSTATUS append_parent_acl(files_struct *fsp,
-				const struct security_descriptor *pcsd,
-				struct security_descriptor **pp_new_sd)
-{
-	struct smb_filename *smb_dname = NULL;
-	struct security_descriptor *parent_sd = NULL;
-	files_struct *parent_fsp = NULL;
-	TALLOC_CTX *mem_ctx = talloc_tos();
-	char *parent_name = NULL;
-	struct security_ace *new_ace = NULL;
-	unsigned int num_aces = pcsd->dacl->num_aces;
-	NTSTATUS status;
-	int info;
-	unsigned int i, j;
-	struct security_descriptor *psd = dup_sec_desc(talloc_tos(), pcsd);
-	bool is_dacl_protected = (pcsd->type & SEC_DESC_DACL_PROTECTED);
-
-	if (psd == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	if (!parent_dirname(mem_ctx, fsp->fsp_name->base_name, &parent_name,
-			    NULL)) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	status = create_synthetic_smb_fname(mem_ctx, parent_name, NULL, NULL,
-					    &smb_dname);
-	if (!NT_STATUS_IS_OK(status)) {
-		goto fail;
-	}
-
-	status = SMB_VFS_CREATE_FILE(
-		fsp->conn,				/* conn */
-		NULL,					/* req */
-		0,					/* root_dir_fid */
-		smb_dname,				/* fname */
-		FILE_READ_ATTRIBUTES,			/* access_mask */
-		FILE_SHARE_NONE,			/* share_access */
-		FILE_OPEN,				/* create_disposition*/
-		FILE_DIRECTORY_FILE,			/* create_options */
-		0,					/* file_attributes */
-		INTERNAL_OPEN_ONLY,			/* oplock_request */
-		0,					/* allocation_size */
-		NULL,					/* sd */
-		NULL,					/* ea_list */
-		&parent_fsp,				/* result */
-		&info);					/* pinfo */
-
-	if (!NT_STATUS_IS_OK(status)) {
-		TALLOC_FREE(smb_dname);
-		return status;
-	}
-
-	status = SMB_VFS_GET_NT_ACL(parent_fsp->conn, smb_dname->base_name,
-				    SECINFO_DACL, &parent_sd );
-
-	close_file(NULL, parent_fsp, NORMAL_CLOSE);
-	TALLOC_FREE(smb_dname);
-
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
-	/*
-	 * Make room for potentially all the ACLs from
-	 * the parent. We used to add the ugw triple here,
-	 * as we knew we were dealing with POSIX ACLs.
-	 * We no longer need to do so as we can guarentee
-	 * that a default ACL from the parent directory will
-	 * be well formed for POSIX ACLs if it came from a
-	 * POSIX ACL source, and if we're not writing to a
-	 * POSIX ACL sink then we don't care if it's not well
-	 * formed. JRA.
-	 */
-
-	num_aces += parent_sd->dacl->num_aces;
-
-	if((new_ace = talloc_zero_array(mem_ctx, struct security_ace,
-					num_aces)) == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	/* Start by copying in all the given ACE entries. */
-	for (i = 0; i < psd->dacl->num_aces; i++) {
-		sec_ace_copy(&new_ace[i], &psd->dacl->aces[i]);
-	}
-
-	/*
-	 * Note that we're ignoring "inherit permissions" here
-	 * as that really only applies to newly created files. JRA.
-	 */
-
-	/* Finally append any inherited ACEs. */
-	for (j = 0; j < parent_sd->dacl->num_aces; j++) {
-		struct security_ace *se = &parent_sd->dacl->aces[j];
-
-		if (fsp->is_directory) {
-			if (!(se->flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) {
-				/* Doesn't apply to a directory - ignore. */
-				DEBUG(10,("append_parent_acl: directory %s "
-					"ignoring non container "
-					"inherit flags %u on ACE with sid %s "
-					"from parent %s\n",
-					fsp_str_dbg(fsp),
-					(unsigned int)se->flags,
-					sid_string_dbg(&se->trustee),
-					parent_name));
-				continue;
-			}
-		} else {
-			if (!(se->flags & SEC_ACE_FLAG_OBJECT_INHERIT)) {
-				/* Doesn't apply to a file - ignore. */
-				DEBUG(10,("append_parent_acl: file %s "
-					"ignoring non object "
-					"inherit flags %u on ACE with sid %s "
-					"from parent %s\n",
-					fsp_str_dbg(fsp),
-					(unsigned int)se->flags,
-					sid_string_dbg(&se->trustee),
-					parent_name));
-				continue;
-			}
-		}
-
-		if (is_dacl_protected) {
-			/* If the DACL is protected it means we must
-			 * not overwrite an existing ACE entry with the
-			 * same SID. This is order N^2. Ouch :-(. JRA. */
-			unsigned int k;
-			for (k = 0; k < psd->dacl->num_aces; k++) {
-				if (dom_sid_equal(&psd->dacl->aces[k].trustee,
-						&se->trustee)) {
-					break;
-				}
-			}
-			if (k < psd->dacl->num_aces) {
-				/* SID matched. Ignore. */
-				DEBUG(10,("append_parent_acl: path %s "
-					"ignoring ACE with protected sid %s "
-					"from parent %s\n",
-					fsp_str_dbg(fsp),
-					sid_string_dbg(&se->trustee),
-					parent_name));
-				continue;
-			}
-		}
-
-		sec_ace_copy(&new_ace[i], se);
-		if (se->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
-			new_ace[i].flags &= ~(SEC_ACE_FLAG_VALID_INHERIT);
-		}
-		new_ace[i].flags |= SEC_ACE_FLAG_INHERITED_ACE;
-
-		if (fsp->is_directory) {
-			/*
-			 * Strip off any inherit only. It's applied.
-			 */
-			new_ace[i].flags &= ~(SEC_ACE_FLAG_INHERIT_ONLY);
-			if (se->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
-				/* No further inheritance. */
-				new_ace[i].flags &=
-					~(SEC_ACE_FLAG_CONTAINER_INHERIT|
-					SEC_ACE_FLAG_OBJECT_INHERIT);
-			}
-		} else {
-			/*
-			 * Strip off any container or inherit
-			 * flags, they can't apply to objects.
-			 */
-			new_ace[i].flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|
-						SEC_ACE_FLAG_INHERIT_ONLY|
-						SEC_ACE_FLAG_NO_PROPAGATE_INHERIT);
-		}
-		i++;
-
-		DEBUG(10,("append_parent_acl: path %s "
-			"inheriting ACE with sid %s "
-			"from parent %s\n",
-			fsp_str_dbg(fsp),
-			sid_string_dbg(&se->trustee),
-			parent_name));
-	}
-
-	psd->dacl->aces = new_ace;
-	psd->dacl->num_aces = i;
-	psd->type &= ~(SEC_DESC_DACL_AUTO_INHERITED|
-                         SEC_DESC_DACL_AUTO_INHERIT_REQ);
-
-	*pp_new_sd = psd;
-	return status;
-}
-#endif
-
 /****************************************************************************
  Reply to set a security descriptor on an fsp. security_info_sent is the
  description of the following NT ACL.
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index f95fddd..9a9a010 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -718,9 +718,6 @@ NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name,
 			  TALLOC_CTX *mem_ctx,
 			  struct security_descriptor **ppdesc);
 NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid);
-NTSTATUS append_parent_acl(files_struct *fsp,
-				const struct security_descriptor *pcsd,
-				struct security_descriptor **pp_new_sd);
 NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd);
 int get_acl_group_bits( connection_struct *conn, const char *fname, mode_t *mode );
 int chmod_acl(connection_struct *conn, const char *name, mode_t mode);
-- 
1.7.7.3

More information about the samba-technical mailing list