[PATCH 01/13] libcli/sd: remove redundant sec_desc_add_sid()

David Disseldorp ddiss at samba.org
Mon May 26 09:29:51 MDT 2014 

This function adds an ACE to a security descriptor DACL. The same can be
achieved via the more flexible and much cleaner security_ace_create()
and security_descriptor_dacl_add() functions.

Signed-off-by: David Disseldorp <ddiss at samba.org>
---
 libcli/security/secdesc.c | 33 ---------------------------------
 libcli/security/secdesc.h |  5 -----
 2 files changed, 38 deletions(-)

diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c
index 90bf480..31d134b 100644
--- a/libcli/security/secdesc.c
+++ b/libcli/security/secdesc.c
@@ -425,39 +425,6 @@ struct sec_desc_buf *dup_sec_desc_buf(TALLOC_CTX *ctx, struct sec_desc_buf *src)
 }
 
 /*******************************************************************
- Add a new SID with its permissions to struct security_descriptor.
-********************************************************************/
-
-NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, const struct dom_sid *sid, uint32_t mask, size_t *sd_size)
-{
-	struct security_descriptor *sd   = 0;
-	struct security_acl  *dacl = 0;
-	struct security_ace  *ace  = 0;
-	NTSTATUS  status;
-
-	if (!ctx || !psd || !sid || !sd_size)
-		return NT_STATUS_INVALID_PARAMETER;
-
-	*sd_size = 0;
-
-	status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid, mask);
-
-	if (!NT_STATUS_IS_OK(status))
-		return status;
-
-	if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace)))
-		return NT_STATUS_UNSUCCESSFUL;
-
-	if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid,
-		psd[0]->group_sid, psd[0]->sacl, dacl, sd_size)))
-		return NT_STATUS_UNSUCCESSFUL;
-
-	*psd = sd;
-	 sd  = 0;
-	return NT_STATUS_OK;
-}
-
-/*******************************************************************
  Modify a SID's permissions in a struct security_descriptor.
 ********************************************************************/
 
diff --git a/libcli/security/secdesc.h b/libcli/security/secdesc.h
index b8190a1..9002f75 100644
--- a/libcli/security/secdesc.h
+++ b/libcli/security/secdesc.h
@@ -95,11 +95,6 @@ struct sec_desc_buf *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, struct secur
 struct sec_desc_buf *dup_sec_desc_buf(TALLOC_CTX *ctx, struct sec_desc_buf *src);
 
 /*******************************************************************
- Add a new SID with its permissions to struct security_descriptor.
-********************************************************************/
-NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, const struct dom_sid *sid, uint32_t mask, size_t *sd_size);
-
-/*******************************************************************
  Modify a SID's permissions in a struct security_descriptor.
 ********************************************************************/
 NTSTATUS sec_desc_mod_sid(struct security_descriptor *sd, struct dom_sid *sid, uint32_t mask);
-- 
1.8.4.5

More information about the samba-technical mailing list