[PATCH] VFS cleanup - remove chmod_acl and fchmod_acl

Jeremy Allison jra at samba.org
Thu May 17 21:37:15 UTC 2018


Hi all,

After a conversation with Volker, I realized it's
time (for 4.9.0) to remove the hideous VFS
calls SMB_VFS_CHMOD_ACL() and SMB_VFS_FCHMOD_ACL().

They exist because I utterly misunderstood the
meaning of the ACL_MASK ace entry in POSIX
ACLs when I was first writing an ACL backend
for Samba.

I assumed that for ACL mapping from Windows
we would always have to set the ACL_MASK to
"rwx", so hand-implemented the copying of
u/g/o bits on a mode change to individual
ACE entries in a POSIX ACL (see the code
in chmod_acl_internals() in source3/smbd/posix_acls.c
for details).

This is just silly - doing a [f]chmod
implements exactly the same effect
by changing the mask bits (and is
correctly read and applied in canonicalise_acl(),
also in source3/smbd/posix_acls.c).

So this patchset removes the two
VFS calls SMB_VFS_CHMOD_ACL() and SMB_VFS_FCHMOD_ACL()
and replaces their use with simple SMB_VFS_CHMOD()
and SMB_VFS_FCHMOD() instead.

This change should only be visible to
unix extensions POSIX clients doing
direct chmod and posix ACL get/set calls,
and it will cause Samba to be closer
to expected POSIX behavior.

Passes full make test (especially the ACL
tests, which was important :-).

Please review and push if happy !

Cheers,

	Jeremy.
-------------- next part --------------
From dc1416d5730aa00ed28e0f10a5bba3bdbbc72f83 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 17 May 2018 09:37:23 -0700
Subject: [PATCH 01/17] s3: smbd: Remove existing_unx_mode, an unused parameter
 to open_match_attributes().

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source3/smbd/open.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 61a42e29a10..9d581a53359 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -2530,7 +2530,6 @@ static void setup_kernel_oplock_poll_open(struct timeval request_time,
 static bool open_match_attributes(connection_struct *conn,
 				  uint32_t old_dos_attr,
 				  uint32_t new_dos_attr,
-				  mode_t existing_unx_mode,
 				  mode_t new_unx_mode,
 				  mode_t *returned_unx_mode)
 {
@@ -2547,10 +2546,9 @@ static bool open_match_attributes(connection_struct *conn,
 	}
 
 	DEBUG(10,("open_match_attributes: old_dos_attr = 0x%x, "
-		  "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
+		  "new_dos_attr = 0x%x "
 		  "returned_unx_mode = 0%o\n",
 		  (unsigned int)old_dos_attr,
-		  (unsigned int)existing_unx_mode,
 		  (unsigned int)new_dos_attr,
 		  (unsigned int)*returned_unx_mode ));
 
@@ -3174,7 +3172,6 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
 	     (create_disposition == FILE_OVERWRITE_IF))) {
 		if (!open_match_attributes(conn, existing_dos_attributes,
 					   new_dos_attributes,
-					   smb_fname->st.st_ex_mode,
 					   unx_mode, &new_unx_mode)) {
 			DEBUG(5,("open_file_ntcreate: attributes mismatch "
 				 "for file %s (%x %x) (0%o, 0%o)\n",
-- 
2.17.0.441.gb46fe60e1d-goog


From dcf079f53262effe63c3be20c7c013077492d3c0 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 17 May 2018 10:24:35 -0700
Subject: [PATCH 02/17] s3: smbd: Add clarifying comment on mode change on
 overwritten files.

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source3/smbd/open.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 9d581a53359..1b83e8403d2 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3786,6 +3786,25 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
 		}
 
 	} else if (new_unx_mode) {
+		/*
+		 * We only get here in the case of:
+		 *
+		 * a). Not a POSIX open.
+		 * b). File already existed.
+		 * c). File was overwritten.
+		 * d). Requested DOS attributes didn't match
+		 *     the DOS attributes on the existing file.
+		 *
+		 * In that case new_unx_mode has been set
+		 * equal to the calculated mode (including
+		 * possible inheritance of the mode from the
+		 * containing directory).
+		 *
+		 * Note this mode was calculated with the
+		 * DOS attribute FILE_ATTRIBUTE_ARCHIVE added,
+		 * so the mode change here is suitable for
+		 * an overwritten file.
+		 */
 
 		int ret = -1;
 
-- 
2.17.0.441.gb46fe60e1d-goog


From 3f46effbb9a588632739528bbb2abedff187883f Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 17 May 2018 10:27:11 -0700
Subject: [PATCH 03/17] s3: smbd: Remove use of SMB_VFS_FCHMOD_ACL() in
 overwrite case.

We have potentially called SMB_VFS_FCHMOD() here in
the file_set_dosmode() call associated with the comment
/* Overwritten files should be initially set as archive */
at line 3755 above, so there is no need to do any POSIX ACL
mask protection.

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source3/smbd/open.c | 29 +++++------------------------
 1 file changed, 5 insertions(+), 24 deletions(-)

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 1b83e8403d2..7763a095733 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3806,32 +3806,13 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
 		 * an overwritten file.
 		 */
 
-		int ret = -1;
-
-		/* Attributes need changing. File already existed. */
-
-		{
-			int saved_errno = errno; /* We might get ENOSYS in the
-						  * next call.. */
-			ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
-
-			if (ret == -1 && errno == ENOSYS) {
-				errno = saved_errno; /* Ignore ENOSYS */
-			} else {
-				DEBUG(5, ("open_file_ntcreate: reset "
-					  "attributes of file %s to 0%o\n",
-					  smb_fname_str_dbg(smb_fname),
-					  (unsigned int)new_unx_mode));
-				ret = 0; /* Don't do the fchmod below. */
-			}
-		}
-
-		if ((ret == -1) &&
-		    (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
-			DEBUG(5, ("open_file_ntcreate: failed to reset "
+		int ret = SMB_VFS_FCHMOD(fsp, new_unx_mode);
+		if (ret == -1) {
+			DBG_INFO("failed to reset "
 				  "attributes of file %s to 0%o\n",
 				  smb_fname_str_dbg(smb_fname),
-				  (unsigned int)new_unx_mode));
+				  (unsigned int)new_unx_mode);
+		}
 	}
 
 	{
-- 
2.17.0.441.gb46fe60e1d-goog


From 20657022b734a6dd5558e275963ecc9500287581 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 17 May 2018 10:33:38 -0700
Subject: [PATCH 04/17] s3: smbd: optimization. Only do the FCHMOD call if
 needed.

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source3/smbd/open.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 7763a095733..99e0e0462e3 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3806,12 +3806,14 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
 		 * an overwritten file.
 		 */
 
-		int ret = SMB_VFS_FCHMOD(fsp, new_unx_mode);
-		if (ret == -1) {
-			DBG_INFO("failed to reset "
+		if (new_unx_mode != smb_fname->st.st_ex_mode) {
+			int ret = SMB_VFS_FCHMOD(fsp, new_unx_mode);
+			if (ret == -1) {
+				DBG_INFO("failed to reset "
 				  "attributes of file %s to 0%o\n",
 				  smb_fname_str_dbg(smb_fname),
 				  (unsigned int)new_unx_mode);
+			}
 		}
 	}
 
-- 
2.17.0.441.gb46fe60e1d-goog


From 1f9c1becc52f230a82eb9b928f7cad022e174444 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 17 May 2018 10:35:58 -0700
Subject: [PATCH 05/17] s3: smbd: Optimization. Only do the FCHMOD_ACL call if
 mode bits not equal.

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source3/smbd/open.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 99e0e0462e3..e98936559f8 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3776,13 +3776,14 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
 	 */
 
 	if (!posix_open && new_file_created && !def_acl) {
+		if (unx_mode != smb_fname->st.st_ex_mode) {
+			/* We might get ENOSYS in the next call.. */
+			int saved_errno = errno;
 
-		int saved_errno = errno; /* We might get ENOSYS in the next
-					  * call.. */
-
-		if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
-		    errno == ENOSYS) {
-			errno = saved_errno; /* Ignore ENOSYS */
+			if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
+			    errno == ENOSYS) {
+				errno = saved_errno; /* Ignore ENOSYS */
+			}
 		}
 
 	} else if (new_unx_mode) {
-- 
2.17.0.441.gb46fe60e1d-goog


From bb8a8d16e3fc84835ae008a082e496b2d6178da8 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 17 May 2018 10:38:34 -0700
Subject: [PATCH 06/17] s3: smbd: Use FCHMOD call, not FCHMOD_ACL call if mode
 bits reset needed.

This is a behavior change, it will modify the POSIX ACL mask
from a value of rwx instead of modifying the existing ACE
entries to be ANDed with the passed in mode. However it
will have no effect on the underlying permissions, and
better reflects the proper use of POSIX ACLs (i.e. I
didn't understand the use of the mask entry in the
ACL when I first wrote the POSIX ACL code).

In addition, the vfs_acl_common.c module already
filters these calls for all but POSIX opens, which
means the only place this change is exposed to the
client would be a cifsfs unix extensions client doing
posix acl calls (and they would expect the mask to
be set like this on chmod).

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source3/smbd/open.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index e98936559f8..c54d380c7b5 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3777,12 +3777,12 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
 
 	if (!posix_open && new_file_created && !def_acl) {
 		if (unx_mode != smb_fname->st.st_ex_mode) {
-			/* We might get ENOSYS in the next call.. */
-			int saved_errno = errno;
-
-			if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
-			    errno == ENOSYS) {
-				errno = saved_errno; /* Ignore ENOSYS */
+			int ret = SMB_VFS_FCHMOD(fsp, unx_mode);
+			if (ret == -1) {
+				DBG_INFO("failed to reset "
+				  "attributes of file %s to 0%o\n",
+				  smb_fname_str_dbg(smb_fname),
+				  (unsigned int)unx_mode);
 			}
 		}
 
-- 
2.17.0.441.gb46fe60e1d-goog


From 6eab2b4c3229b1f356266b9f5b167deb01a6827d Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 17 May 2018 11:03:53 -0700
Subject: [PATCH 07/17] s3: modules: vfs_default: Remove CHMOD_ACL in mkdir.

Now I understand the use of the mask in POSIX ACLs
this extra step is no longer needed. If the mkdir
succeeded it's already set the correct mode.

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source3/modules/vfs_default.c | 18 +-----------------
 1 file changed, 1 insertion(+), 17 deletions(-)

diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index e335e270650..956cebfd592 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -498,7 +498,6 @@ static int vfswrap_mkdir(vfs_handle_struct *handle,
 			mode_t mode)
 {
 	int result;
-	bool has_dacl = False;
 	const char *path = smb_fname->base_name;
 	char *parent = NULL;
 
@@ -506,7 +505,7 @@ static int vfswrap_mkdir(vfs_handle_struct *handle,
 
 	if (lp_inherit_acls(SNUM(handle->conn))
 	    && parent_dirname(talloc_tos(), path, &parent, NULL)
-	    && (has_dacl = directory_has_default_acl(handle->conn, parent))) {
+	    && directory_has_default_acl(handle->conn, parent)) {
 		mode = (0777 & lp_directory_mask(SNUM(handle->conn)));
 	}
 
@@ -514,21 +513,6 @@ static int vfswrap_mkdir(vfs_handle_struct *handle,
 
 	result = mkdir(path, mode);
 
-	if (result == 0 && !has_dacl) {
-		/*
-		 * We need to do this as the default behavior of POSIX ACLs
-		 * is to set the mask to be the requested group permission
-		 * bits, not the group permission bits to be the requested
-		 * group permission bits. This is not what we want, as it will
-		 * mess up any inherited ACL bits that were set. JRA.
-		 */
-		int saved_errno = errno; /* We may get ENOSYS */
-		if ((SMB_VFS_CHMOD_ACL(handle->conn, smb_fname, mode) == -1) &&
-				(errno == ENOSYS)) {
-			errno = saved_errno;
-		}
-	}
-
 	END_PROFILE(syscall_mkdir);
 	return result;
 }
-- 
2.17.0.441.gb46fe60e1d-goog


From ee62128078b6915c178a98a4a22167dbc92aee8a Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 17 May 2018 11:05:20 -0700
Subject: [PATCH 08/17] s3: modules: vfs_default: Remove CHMOD_ACL in chmod.

Now I understand the use of the mask in POSIX ACLs
this extra step is no longer needed.

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source3/modules/vfs_default.c | 21 ---------------------
 1 file changed, 21 deletions(-)

diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 956cebfd592..a2bc7c0e9f9 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -1983,27 +1983,6 @@ static int vfswrap_chmod(vfs_handle_struct *handle,
 	int result;
 
 	START_PROFILE(syscall_chmod);
-
-	/*
-	 * We need to do this due to the fact that the default POSIX ACL
-	 * chmod modifies the ACL *mask* for the group owner, not the
-	 * group owner bits directly. JRA.
-	 */
-
-
-	{
-		int saved_errno = errno; /* We might get ENOSYS */
-		result = SMB_VFS_CHMOD_ACL(handle->conn,
-				smb_fname,
-				mode);
-		if (result == 0) {
-			END_PROFILE(syscall_chmod);
-			return result;
-		}
-		/* Error - return the old errno. */
-		errno = saved_errno;
-	}
-
 	result = chmod(smb_fname->base_name, mode);
 	END_PROFILE(syscall_chmod);
 	return result;
-- 
2.17.0.441.gb46fe60e1d-goog


From 4f1bf59537f67ec18f562d09ac50483c68f3210e Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 17 May 2018 11:18:12 -0700
Subject: [PATCH 09/17] s3: modules: vfs_ceph: Remove CHMOD_ACL in
 cephwrap_mkdir().

Now I understand the use of the mask in POSIX ACLs
this extra step is no longer needed.

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source3/modules/vfs_ceph.c | 27 +++------------------------
 1 file changed, 3 insertions(+), 24 deletions(-)

diff --git a/source3/modules/vfs_ceph.c b/source3/modules/vfs_ceph.c
index bac88581133..f3b651b894e 100644
--- a/source3/modules/vfs_ceph.c
+++ b/source3/modules/vfs_ceph.c
@@ -368,7 +368,6 @@ static int cephwrap_mkdir(struct vfs_handle_struct *handle,
 			  mode_t mode)
 {
 	int result;
-	bool has_dacl = False;
 	char *parent = NULL;
 	const char *path = smb_fname->base_name;
 
@@ -376,34 +375,14 @@ static int cephwrap_mkdir(struct vfs_handle_struct *handle,
 
 	if (lp_inherit_acls(SNUM(handle->conn))
 	    && parent_dirname(talloc_tos(), path, &parent, NULL)
-	    && (has_dacl = directory_has_default_acl(handle->conn, parent)))
+	    && directory_has_default_acl(handle->conn, parent)) {
 		mode = 0777;
+	}
 
 	TALLOC_FREE(parent);
 
 	result = ceph_mkdir(handle->data, path, mode);
-
-	/*
-	 * Note. This order is important
-	 */
-	if (result) {
-		WRAP_RETURN(result);
-	} else if (result == 0 && !has_dacl) {
-		/*
-		 * We need to do this as the default behavior of POSIX ACLs
-		 * is to set the mask to be the requested group permission
-		 * bits, not the group permission bits to be the requested
-		 * group permission bits. This is not what we want, as it will
-		 * mess up any inherited ACL bits that were set. JRA.
-		 */
-		int saved_errno = errno; /* We may get ENOSYS */
-		if ((SMB_VFS_CHMOD_ACL(handle->conn, smb_fname, mode) == -1) &&
-				(errno == ENOSYS)) {
-			errno = saved_errno;
-		}
-	}
-
-	return result;
+	return WRAP_RETURN(result);
 }
 
 static int cephwrap_rmdir(struct vfs_handle_struct *handle,
-- 
2.17.0.441.gb46fe60e1d-goog


From a32b3fcf201717f8ef583faae1638c844c3ed64f Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 17 May 2018 11:19:33 -0700
Subject: [PATCH 10/17] s3: modules: vfs_ceph: Remove CHMOD_ACL in
 cephwrap_chmod().

Now I understand the use of the mask in POSIX ACLs
this extra step is no longer needed.

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source3/modules/vfs_ceph.c | 20 --------------------
 1 file changed, 20 deletions(-)

diff --git a/source3/modules/vfs_ceph.c b/source3/modules/vfs_ceph.c
index f3b651b894e..818d0cb5490 100644
--- a/source3/modules/vfs_ceph.c
+++ b/source3/modules/vfs_ceph.c
@@ -946,26 +946,6 @@ static int cephwrap_chmod(struct vfs_handle_struct *handle,
 	int result;
 
 	DBG_DEBUG("[CEPH] chmod(%p, %s, %d)\n", handle, smb_fname->base_name, mode);
-
-	/*
-	 * We need to do this due to the fact that the default POSIX ACL
-	 * chmod modifies the ACL *mask* for the group owner, not the
-	 * group owner bits directly. JRA.
-	 */
-
-
-	{
-		int saved_errno = errno; /* We might get ENOSYS */
-		result = SMB_VFS_CHMOD_ACL(handle->conn,
-					smb_fname,
-					mode);
-		if (result == 0) {
-			return result;
-		}
-		/* Error - return the old errno. */
-		errno = saved_errno;
-	}
-
 	result = ceph_chmod(handle->data, smb_fname->base_name, mode);
 	DBG_DEBUG("[CEPH] chmod(...) = %d\n", result);
 	WRAP_RETURN(result);
-- 
2.17.0.441.gb46fe60e1d-goog


From d16ce314f5f30eb1fe679b44d6a53be39b6d4bb7 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 17 May 2018 11:21:14 -0700
Subject: [PATCH 11/17] s3: torture: Remove cmd_chmod_acl().

No longer needed.

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 docs-xml/manpages/vfstest.1.xml |  1 -
 source3/torture/cmd_vfs.c       | 32 --------------------------------
 2 files changed, 33 deletions(-)

diff --git a/docs-xml/manpages/vfstest.1.xml b/docs-xml/manpages/vfstest.1.xml
index 9990e2778b1..5a4ea1254b9 100644
--- a/docs-xml/manpages/vfstest.1.xml
+++ b/docs-xml/manpages/vfstest.1.xml
@@ -125,7 +125,6 @@
 		<listitem><para><command>fset_nt_acl</command> - VFS fset_nt_acl()</para></listitem>
 		<listitem><para><command>set_nt_acl</command> - VFS open() and fset_nt_acl()</para></listitem>
 		<listitem><para><command>fchmod_acl</command> - VFS fchmod_acl()</para></listitem>
-		<listitem><para><command>chmod_acl</command> - VFS chmod_acl()</para></listitem>
 		<listitem><para><command>sys_acl_get_file</command> - VFS sys_acl_get_file()</para></listitem>
 		<listitem><para><command>sys_acl_get_fd</command> - VFS sys_acl_get_fd()</para></listitem>
 		<listitem><para><command>sys_acl_blob_get_file</command> - VFS sys_acl_blob_get_file()</para></listitem>
diff --git a/source3/torture/cmd_vfs.c b/source3/torture/cmd_vfs.c
index a8c7685e1d3..793faf09d12 100644
--- a/source3/torture/cmd_vfs.c
+++ b/source3/torture/cmd_vfs.c
@@ -930,37 +930,6 @@ static NTSTATUS cmd_fchmod(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc,
 	return NT_STATUS_OK;
 }
 
-
-static NTSTATUS cmd_chmod_acl(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv)
-{
-	struct smb_filename *smb_fname = NULL;
-	mode_t mode;
-	if (argc != 3) {
-		printf("Usage: chmod_acl <path> <mode>\n");
-		return NT_STATUS_OK;
-	}
-
-	mode = atoi(argv[2]);
-
-	smb_fname = synthetic_smb_fname(talloc_tos(),
-					argv[1],
-					NULL,
-					NULL,
-					ssf_flags());
-	if (smb_fname == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	if (SMB_VFS_CHMOD_ACL(vfs->conn, smb_fname, mode) == -1) {
-		printf("chmod_acl: error=%d (%s)\n", errno, strerror(errno));
-		return NT_STATUS_UNSUCCESSFUL;
-	}
-
-	printf("chmod_acl: ok\n");
-	return NT_STATUS_OK;
-}
-
-
 static NTSTATUS cmd_fchmod_acl(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv)
 {
 	int fd;
@@ -2055,7 +2024,6 @@ struct cmd_set vfs_commands[] = {
 	{ "set_nt_acl", cmd_set_nt_acl, "VFS open() and fset_nt_acl()", 
 	  "set_nt_acl <file>\n" },
 	{ "fchmod_acl",   cmd_fchmod_acl,   "VFS fchmod_acl()",    "fchmod_acl <fd> <mode>" },
-	{ "chmod_acl",   cmd_chmod_acl,   "VFS chmod_acl()",    "chmod_acl <path> <mode>" },
 	{ "sys_acl_get_file", cmd_sys_acl_get_file, "VFS sys_acl_get_file()", "sys_acl_get_file <path>" },
 	{ "sys_acl_get_fd", cmd_sys_acl_get_fd, "VFS sys_acl_get_fd()", "sys_acl_get_fd <fd>" },
 	{ "sys_acl_blob_get_file", cmd_sys_acl_blob_get_file,
-- 
2.17.0.441.gb46fe60e1d-goog


From 4f06f5ac0338a5df93f135dedcd623f6354dfa13 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 17 May 2018 11:32:58 -0700
Subject: [PATCH 12/17] s3: VFS: Remove SMB_VFS_CHMOD_ACL().

No longer used.

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 docs-xml/Samba-Developers-Guide/vfs.xml |  1 -
 docs-xml/manpages/vfs_audit.8.xml       |  1 -
 docs-xml/manpages/vfs_full_audit.8.xml  |  1 -
 examples/VFS/skel_opaque.c              |  9 -----
 examples/VFS/skel_transparent.c         |  8 ----
 source3/include/smbprofile.h            |  1 -
 source3/include/vfs.h                   |  4 +-
 source3/include/vfs_macros.h            |  5 ---
 source3/modules/vfs_acl_common.c        | 11 ------
 source3/modules/vfs_acl_tdb.c           |  1 -
 source3/modules/vfs_acl_xattr.c         |  1 -
 source3/modules/vfs_audit.c             | 17 ---------
 source3/modules/vfs_cap.c               | 34 -----------------
 source3/modules/vfs_catia.c             | 39 --------------------
 source3/modules/vfs_default.c           | 18 ---------
 source3/modules/vfs_extd_audit.c        | 23 ------------
 source3/modules/vfs_full_audit.c        | 17 ---------
 source3/modules/vfs_glusterfs.c         |  1 -
 source3/modules/vfs_linux_xfs_sgid.c    |  9 -----
 source3/modules/vfs_media_harmony.c     | 35 ------------------
 source3/modules/vfs_shadow_copy2.c      | 49 -------------------------
 source3/modules/vfs_snapper.c           | 45 -----------------------
 source3/modules/vfs_time_audit.c        | 25 -------------
 source3/modules/vfs_unityed_media.c     | 32 ----------------
 source3/smbd/vfs.c                      |  8 ----
 25 files changed, 1 insertion(+), 394 deletions(-)

diff --git a/docs-xml/Samba-Developers-Guide/vfs.xml b/docs-xml/Samba-Developers-Guide/vfs.xml
index 99ef33ff3fb..4c4e39c4fc3 100644
--- a/docs-xml/Samba-Developers-Guide/vfs.xml
+++ b/docs-xml/Samba-Developers-Guide/vfs.xml
@@ -630,7 +630,6 @@ struct vfs_ops example_ops = {
 	NULL,				/* fset_nt_acl */
 	NULL,				/* set_nt_acl */
 
-	NULL,				/* chmod_acl */
 	NULL,				/* fchmod_acl */
 
 	NULL,				/* sys_acl_get_entry */
diff --git a/docs-xml/manpages/vfs_audit.8.xml b/docs-xml/manpages/vfs_audit.8.xml
index d2b0e9045e7..e04e9572af0 100644
--- a/docs-xml/manpages/vfs_audit.8.xml
+++ b/docs-xml/manpages/vfs_audit.8.xml
@@ -47,7 +47,6 @@
 	<member>unlink</member>
 	<member>chmod</member>
 	<member>fchmod</member>
-	<member>chmod_acl</member>
 	<member>fchmod_acl</member>
 	</simplelist>
 
diff --git a/docs-xml/manpages/vfs_full_audit.8.xml b/docs-xml/manpages/vfs_full_audit.8.xml
index 392c7e4b177..68df0a20747 100644
--- a/docs-xml/manpages/vfs_full_audit.8.xml
+++ b/docs-xml/manpages/vfs_full_audit.8.xml
@@ -41,7 +41,6 @@
         <member>chdir</member>
         <member>chflags</member>
         <member>chmod</member>
-        <member>chmod_acl</member>
         <member>chown</member>
         <member>close</member>
         <member>closedir</member>
diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c
index 5529ec76aa1..61fa21b679c 100644
--- a/examples/VFS/skel_opaque.c
+++ b/examples/VFS/skel_opaque.c
@@ -751,14 +751,6 @@ static NTSTATUS skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
 
-static int skel_chmod_acl(vfs_handle_struct *handle,
-			const struct smb_filename *smb_fname,
-			mode_t mode)
-{
-	errno = ENOSYS;
-	return -1;
-}
-
 static int skel_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
 			   mode_t mode)
 {
@@ -1005,7 +997,6 @@ struct vfs_fn_pointers skel_opaque_fns = {
 
 	/* POSIX ACL operations. */
 
-	.chmod_acl_fn = skel_chmod_acl,
 	.fchmod_acl_fn = skel_fchmod_acl,
 
 	.sys_acl_get_file_fn = skel_sys_acl_get_file,
diff --git a/examples/VFS/skel_transparent.c b/examples/VFS/skel_transparent.c
index fde24fbc4db..018a18768ac 100644
--- a/examples/VFS/skel_transparent.c
+++ b/examples/VFS/skel_transparent.c
@@ -942,13 +942,6 @@ static NTSTATUS skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
 	return SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
 }
 
-static int skel_chmod_acl(vfs_handle_struct *handle,
-			const struct smb_filename *smb_fname,
-			mode_t mode)
-{
-	return SMB_VFS_NEXT_CHMOD_ACL(handle, smb_fname, mode);
-}
-
 static int skel_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
 			   mode_t mode)
 {
@@ -1181,7 +1174,6 @@ struct vfs_fn_pointers skel_transparent_fns = {
 
 	/* POSIX ACL operations. */
 
-	.chmod_acl_fn = skel_chmod_acl,
 	.fchmod_acl_fn = skel_fchmod_acl,
 
 	.sys_acl_get_file_fn = skel_sys_acl_get_file,
diff --git a/source3/include/smbprofile.h b/source3/include/smbprofile.h
index 1183af6a0bf..05d3aa261b8 100644
--- a/source3/include/smbprofile.h
+++ b/source3/include/smbprofile.h
@@ -104,7 +104,6 @@ struct tevent_context;
 	SMBPROFILE_STATS_BASIC(get_nt_acl) \
 	SMBPROFILE_STATS_BASIC(fget_nt_acl) \
 	SMBPROFILE_STATS_BASIC(fset_nt_acl) \
-	SMBPROFILE_STATS_BASIC(chmod_acl) \
 	SMBPROFILE_STATS_BASIC(fchmod_acl) \
 	SMBPROFILE_STATS_SECTION_END \
 	\
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index cc7948a115d..48d97b133c9 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -251,6 +251,7 @@
 		All users are now pread or async versions. */
 /* Version 39 - Remove SMB_VFS_WRITE
 		All users are now pwrite or async versions. */
+/* Version 39 - Remove SMB_VFS_CHMOD_ACL - no longer used. */
 
 #define SMB_VFS_INTERFACE_VERSION 39
 
@@ -916,9 +917,6 @@ struct vfs_fn_pointers {
 
 	/* POSIX ACL operations. */
 
-	int (*chmod_acl_fn)(struct vfs_handle_struct *handle,
-					const struct smb_filename *smb_fname,
-					mode_t mode);
 	int (*fchmod_acl_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp, mode_t mode);
 
 	SMB_ACL_T (*sys_acl_get_file_fn)(struct vfs_handle_struct *handle,
diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h
index d4836134697..dda275fa968 100644
--- a/source3/include/vfs_macros.h
+++ b/source3/include/vfs_macros.h
@@ -460,11 +460,6 @@
 #define SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd) \
 	smb_vfs_call_fset_nt_acl((handle)->next, (fsp), (security_info_sent), (psd))
 
-#define SMB_VFS_CHMOD_ACL(conn, smb_fname, mode) \
-	smb_vfs_call_chmod_acl((conn)->vfs_handles, (smb_fname), (mode))
-#define SMB_VFS_NEXT_CHMOD_ACL(handle, smb_fname, mode) \
-	smb_vfs_call_chmod_acl((handle)->next, (smb_fname), (mode))
-
 #define SMB_VFS_FCHMOD_ACL(fsp, mode) \
 	smb_vfs_call_fchmod_acl((fsp)->conn->vfs_handles, (fsp), (mode))
 #define SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode) \
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 5b2b2ef60e3..0fd625bec1d 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -1245,17 +1245,6 @@ int fchmod_acl_module_common(struct vfs_handle_struct *handle,
 	return 0;
 }
 
-int chmod_acl_acl_module_common(struct vfs_handle_struct *handle,
-				const struct smb_filename *smb_fname,
-				mode_t mode)
-{
-	if (smb_fname->flags & SMB_FILENAME_POSIX_PATH) {
-		/* Only allow this on POSIX pathnames. */
-		return SMB_VFS_NEXT_CHMOD_ACL(handle, smb_fname, mode);
-	}
-	return 0;
-}
-
 int fchmod_acl_acl_module_common(struct vfs_handle_struct *handle,
 				 struct files_struct *fsp, mode_t mode)
 {
diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c
index c5ffa5e305b..4b61c274441 100644
--- a/source3/modules/vfs_acl_tdb.c
+++ b/source3/modules/vfs_acl_tdb.c
@@ -496,7 +496,6 @@ static struct vfs_fn_pointers vfs_acl_tdb_fns = {
 	.fget_nt_acl_fn = acl_tdb_fget_nt_acl,
 	.get_nt_acl_fn = acl_tdb_get_nt_acl,
 	.fset_nt_acl_fn = acl_tdb_fset_nt_acl,
-	.chmod_acl_fn = chmod_acl_acl_module_common,
 	.fchmod_acl_fn = fchmod_acl_acl_module_common,
 	.sys_acl_set_file_fn = sys_acl_set_file_tdb,
 	.sys_acl_set_fd_fn = sys_acl_set_fd_tdb
diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c
index 38ad81cc244..62d26781fd5 100644
--- a/source3/modules/vfs_acl_xattr.c
+++ b/source3/modules/vfs_acl_xattr.c
@@ -323,7 +323,6 @@ static struct vfs_fn_pointers vfs_acl_xattr_fns = {
 	.fget_nt_acl_fn = acl_xattr_fget_nt_acl,
 	.get_nt_acl_fn = acl_xattr_get_nt_acl,
 	.fset_nt_acl_fn = acl_xattr_fset_nt_acl,
-	.chmod_acl_fn = chmod_acl_acl_module_common,
 	.fchmod_acl_fn = fchmod_acl_acl_module_common,
 	.sys_acl_set_file_fn = sys_acl_set_file_xattr,
 	.sys_acl_set_fd_fn = sys_acl_set_fd_xattr
diff --git a/source3/modules/vfs_audit.c b/source3/modules/vfs_audit.c
index 12477d5b01f..f34bcd19161 100644
--- a/source3/modules/vfs_audit.c
+++ b/source3/modules/vfs_audit.c
@@ -233,22 +233,6 @@ static int audit_chmod(vfs_handle_struct *handle,
 	return result;
 }
 
-static int audit_chmod_acl(vfs_handle_struct *handle,
-			const struct smb_filename *smb_fname,
-			mode_t mode)
-{
-	int result;
-
-	result = SMB_VFS_NEXT_CHMOD_ACL(handle, smb_fname, mode);
-
-	syslog(audit_syslog_priority(handle), "chmod_acl %s mode 0x%x %s%s\n",
-	       smb_fname->base_name, mode,
-	       (result < 0) ? "failed: " : "",
-	       (result < 0) ? strerror(errno) : "");
-
-	return result;
-}
-
 static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
 {
 	int result;
@@ -289,7 +273,6 @@ static struct vfs_fn_pointers vfs_audit_fns = {
 	.unlink_fn = audit_unlink,
 	.chmod_fn = audit_chmod,
 	.fchmod_fn = audit_fchmod,
-	.chmod_acl_fn = audit_chmod_acl,
 	.fchmod_acl_fn = audit_fchmod_acl
 };
 
diff --git a/source3/modules/vfs_cap.c b/source3/modules/vfs_cap.c
index 0684c794c76..ffc35d60407 100644
--- a/source3/modules/vfs_cap.c
+++ b/source3/modules/vfs_cap.c
@@ -703,39 +703,6 @@ static struct smb_filename *cap_realpath(vfs_handle_struct *handle,
 	return return_fname;
 }
 
-static int cap_chmod_acl(vfs_handle_struct *handle,
-			const struct smb_filename *smb_fname,
-			mode_t mode)
-{
-	struct smb_filename *cap_smb_fname = NULL;
-	char *cappath = capencode(talloc_tos(), smb_fname->base_name);
-	int ret;
-	int saved_errno;
-
-	/* If the underlying VFS doesn't have ACL support... */
-	if (!cappath) {
-		errno = ENOMEM;
-		return -1;
-	}
-	cap_smb_fname = synthetic_smb_fname(talloc_tos(),
-					cappath,
-					NULL,
-					NULL,
-					smb_fname->flags);
-	if (cap_smb_fname == NULL) {
-		TALLOC_FREE(cappath);
-		errno = ENOMEM;
-		return -1;
-	}
-
-	ret = SMB_VFS_NEXT_CHMOD_ACL(handle, cap_smb_fname, mode);
-	saved_errno = errno;
-	TALLOC_FREE(cappath);
-	TALLOC_FREE(cap_smb_fname);
-	errno = saved_errno;
-	return ret;
-}
-
 static SMB_ACL_T cap_sys_acl_get_file(vfs_handle_struct *handle,
 				const struct smb_filename *smb_fname,
 				SMB_ACL_TYPE_T type,
@@ -1056,7 +1023,6 @@ static struct vfs_fn_pointers vfs_cap_fns = {
 	.link_fn = cap_link,
 	.mknod_fn = cap_mknod,
 	.realpath_fn = cap_realpath,
-	.chmod_acl_fn = cap_chmod_acl,
 	.sys_acl_get_file_fn = cap_sys_acl_get_file,
 	.sys_acl_set_file_fn = cap_sys_acl_set_file,
 	.sys_acl_delete_def_file_fn = cap_sys_acl_delete_def_file,
diff --git a/source3/modules/vfs_catia.c b/source3/modules/vfs_catia.c
index ed22fa833b3..d26f7978290 100644
--- a/source3/modules/vfs_catia.c
+++ b/source3/modules/vfs_catia.c
@@ -1128,44 +1128,6 @@ catia_get_nt_acl(struct vfs_handle_struct *handle,
 	return status;
 }
 
-static int
-catia_chmod_acl(vfs_handle_struct *handle,
-		const struct smb_filename *smb_fname,
-		mode_t mode)
-{
-	char *mapped_name = NULL;
-	struct smb_filename *mapped_smb_fname = NULL;
-	NTSTATUS status;
-	int ret;
-	int saved_errno;
-
-	status = catia_string_replace_allocate(handle->conn,
-				smb_fname->base_name,
-				&mapped_name,
-				vfs_translate_to_unix);
-	if (!NT_STATUS_IS_OK(status)) {
-		errno = map_errno_from_nt_status(status);
-		return -1;
-	}
-
-	mapped_smb_fname = synthetic_smb_fname(talloc_tos(),
-					mapped_name,
-					NULL,
-					NULL,
-					smb_fname->flags);
-	if (mapped_smb_fname == NULL) {
-		TALLOC_FREE(mapped_name);
-		errno = ENOMEM;
-		return -1;
-	}
-	ret = SMB_VFS_NEXT_CHMOD_ACL(handle, mapped_smb_fname, mode);
-	saved_errno = errno;
-	TALLOC_FREE(mapped_name);
-	TALLOC_FREE(mapped_smb_fname);
-	errno = saved_errno;
-	return ret;
-}
-
 static SMB_ACL_T
 catia_sys_acl_get_file(vfs_handle_struct *handle,
 			const struct smb_filename *smb_fname,
@@ -2516,7 +2478,6 @@ static struct vfs_fn_pointers vfs_catia_fns = {
 	.fset_nt_acl_fn = catia_fset_nt_acl,
 
 	/* POSIX ACL operations. */
-	.chmod_acl_fn = catia_chmod_acl,
 	.fchmod_acl_fn = catia_fchmod_acl,
 
 	.sys_acl_get_file_fn = catia_sys_acl_get_file,
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index a2bc7c0e9f9..d05015fd297 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -2691,23 +2691,6 @@ static NTSTATUS vfswrap_audit_file(struct vfs_handle_struct *handle,
 	return NT_STATUS_OK; /* Nothing to do here ... */
 }
 
-static int vfswrap_chmod_acl(vfs_handle_struct *handle,
-				const struct smb_filename *smb_fname,
-				mode_t mode)
-{
-#ifdef HAVE_NO_ACL
-	errno = ENOSYS;
-	return -1;
-#else
-	int result;
-
-	START_PROFILE(chmod_acl);
-	result = chmod_acl(handle->conn, smb_fname, mode);
-	END_PROFILE(chmod_acl);
-	return result;
-#endif
-}
-
 static int vfswrap_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
 {
 #ifdef HAVE_NO_ACL
@@ -2984,7 +2967,6 @@ static struct vfs_fn_pointers vfs_default_fns = {
 
 	/* POSIX ACL operations. */
 
-	.chmod_acl_fn = vfswrap_chmod_acl,
 	.fchmod_acl_fn = vfswrap_fchmod_acl,
 
 	.sys_acl_get_file_fn = vfswrap_sys_acl_get_file,
diff --git a/source3/modules/vfs_extd_audit.c b/source3/modules/vfs_extd_audit.c
index 7d1fe273978..abb019081e0 100644
--- a/source3/modules/vfs_extd_audit.c
+++ b/source3/modules/vfs_extd_audit.c
@@ -292,28 +292,6 @@ static int audit_chmod(vfs_handle_struct *handle,
 	return result;
 }
 
-static int audit_chmod_acl(vfs_handle_struct *handle,
-			const struct smb_filename *smb_fname,
-			mode_t mode)
-{
-	int result;
-
-	result = SMB_VFS_NEXT_CHMOD_ACL(handle, smb_fname, mode);
-
-	if (lp_syslog() > 0) {
-		syslog(audit_syslog_priority(handle), "chmod_acl %s mode 0x%x %s%s\n",
-		       smb_fname->base_name, mode,
-		       (result < 0) ? "failed: " : "",
-		       (result < 0) ? strerror(errno) : "");
-	}
-	DEBUG(1, ("vfs_extd_audit: chmod_acl %s mode 0x%x %s %s\n",
-	       smb_fname->base_name, (unsigned int)mode,
-	       (result < 0) ? "failed: " : "",
-	       (result < 0) ? strerror(errno) : ""));
-
-	return result;
-}
-
 static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
 {
 	int result;
@@ -366,7 +344,6 @@ static struct vfs_fn_pointers vfs_extd_audit_fns = {
 	.unlink_fn = audit_unlink,
 	.chmod_fn = audit_chmod,
 	.fchmod_fn = audit_fchmod,
-	.chmod_acl_fn = audit_chmod_acl,
 	.fchmod_acl_fn = audit_fchmod_acl,
 };
 
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index ee8dbbcff2c..bb8c306ea40 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -191,7 +191,6 @@ typedef enum _vfs_op_type {
 
 	/* POSIX ACL operations. */
 
-	SMB_VFS_OP_CHMOD_ACL,
 	SMB_VFS_OP_FCHMOD_ACL,
 
 	SMB_VFS_OP_SYS_ACL_GET_FILE,
@@ -325,7 +324,6 @@ static struct {
 	{ SMB_VFS_OP_GET_NT_ACL,	"get_nt_acl" },
 	{ SMB_VFS_OP_FSET_NT_ACL,	"fset_nt_acl" },
 	{ SMB_VFS_OP_AUDIT_FILE,	"audit_file" },
-	{ SMB_VFS_OP_CHMOD_ACL,	"chmod_acl" },
 	{ SMB_VFS_OP_FCHMOD_ACL,	"fchmod_acl" },
 	{ SMB_VFS_OP_SYS_ACL_GET_FILE,	"sys_acl_get_file" },
 	{ SMB_VFS_OP_SYS_ACL_GET_FD,	"sys_acl_get_fd" },
@@ -2132,20 +2130,6 @@ static NTSTATUS smb_full_audit_audit_file(struct vfs_handle_struct *handle,
 	return result;
 }
 
-static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
-				const struct smb_filename *smb_fname,
-				mode_t mode)
-{
-	int result;
-	
-	result = SMB_VFS_NEXT_CHMOD_ACL(handle, smb_fname, mode);
-
-	do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
-	       "%s|%o", smb_fname->base_name, mode);
-
-	return result;
-}
-
 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
 				     mode_t mode)
 {
@@ -2545,7 +2529,6 @@ static struct vfs_fn_pointers vfs_full_audit_fns = {
 	.get_nt_acl_fn = smb_full_audit_get_nt_acl,
 	.fset_nt_acl_fn = smb_full_audit_fset_nt_acl,
 	.audit_file_fn = smb_full_audit_audit_file,
-	.chmod_acl_fn = smb_full_audit_chmod_acl,
 	.fchmod_acl_fn = smb_full_audit_fchmod_acl,
 	.sys_acl_get_file_fn = smb_full_audit_sys_acl_get_file,
 	.sys_acl_get_fd_fn = smb_full_audit_sys_acl_get_fd,
diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
index b022e9869ff..f000906261c 100644
--- a/source3/modules/vfs_glusterfs.c
+++ b/source3/modules/vfs_glusterfs.c
@@ -1499,7 +1499,6 @@ static struct vfs_fn_pointers glusterfs_fns = {
 	.audit_file_fn = NULL,
 
 	/* Posix ACL Operations */
-	.chmod_acl_fn = NULL,	/* passthrough to default */
 	.fchmod_acl_fn = NULL,	/* passthrough to default */
 	.sys_acl_get_file_fn = posixacl_xattr_acl_get_file,
 	.sys_acl_get_fd_fn = posixacl_xattr_acl_get_fd,
diff --git a/source3/modules/vfs_linux_xfs_sgid.c b/source3/modules/vfs_linux_xfs_sgid.c
index ab41031d17f..b7c77069b89 100644
--- a/source3/modules/vfs_linux_xfs_sgid.c
+++ b/source3/modules/vfs_linux_xfs_sgid.c
@@ -95,17 +95,8 @@ static int linux_xfs_sgid_mkdir(vfs_handle_struct *handle,
 	return mkdir_res;
 }
 
-static int linux_xfs_sgid_chmod_acl(vfs_handle_struct *handle,
-			const struct smb_filename *smb_fname,
-			mode_t mode)
-{
-	errno = ENOSYS;
-	return -1;
-}
-
 static struct vfs_fn_pointers linux_xfs_sgid_fns = {
 	.mkdir_fn = linux_xfs_sgid_mkdir,
-	.chmod_acl_fn = linux_xfs_sgid_chmod_acl,
 };
 
 static_decl_vfs;
diff --git a/source3/modules/vfs_media_harmony.c b/source3/modules/vfs_media_harmony.c
index f0815d79f95..32ba45a7fe8 100644
--- a/source3/modules/vfs_media_harmony.c
+++ b/source3/modules/vfs_media_harmony.c
@@ -2014,39 +2014,6 @@ out:
 	return status;
 }
 
-/*
- * Success: return 0
- * Failure: set errno, return -1
- */
-static int mh_chmod_acl(vfs_handle_struct *handle,
-		const struct smb_filename *smb_fname,
-		mode_t mode)
-{
-	int status;
-	struct smb_filename *clientFname = NULL;
-
-	DEBUG(MH_INFO_DEBUG, ("Entering mh_chmod_acl\n"));
-	if (!is_in_media_files(smb_fname->base_name))
-	{
-		status = SMB_VFS_NEXT_CHMOD_ACL(handle, smb_fname, mode);
-		goto out;
-	}
-
-	status = alloc_get_client_smb_fname(handle,
-				talloc_tos(),
-				smb_fname,
-				&clientFname);
-	if (status != 0) {
-		goto err;
-	}
-
-	status = SMB_VFS_NEXT_CHMOD_ACL(handle, clientFname, mode);
-err:
-	TALLOC_FREE(clientFname);
-out:
-	return status;
-}
-
 /*
  * Success: return acl pointer
  * Failure: set errno, return NULL
@@ -2338,8 +2305,6 @@ static struct vfs_fn_pointers vfs_mh_fns = {
 
 	/* POSIX ACL operations. */
 
-	.chmod_acl_fn = mh_chmod_acl,
-
 	.sys_acl_get_file_fn = mh_sys_acl_get_file,
 	.sys_acl_set_file_fn = mh_sys_acl_set_file,
 	.sys_acl_delete_def_file_fn = mh_sys_acl_delete_def_file,
diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c
index b6745cf169b..aa7cd9c61d0 100644
--- a/source3/modules/vfs_shadow_copy2.c
+++ b/source3/modules/vfs_shadow_copy2.c
@@ -2605,54 +2605,6 @@ static int shadow_copy2_setxattr(struct vfs_handle_struct *handle,
 	return ret;
 }
 
-static int shadow_copy2_chmod_acl(vfs_handle_struct *handle,
-			const struct smb_filename *smb_fname,
-			mode_t mode)
-{
-	time_t timestamp = 0;
-	char *stripped = NULL;
-	ssize_t ret;
-	int saved_errno = 0;
-	char *conv = NULL;
-	struct smb_filename *conv_smb_fname = NULL;
-
-	if (!shadow_copy2_strip_snapshot(talloc_tos(),
-				handle,
-				smb_fname->base_name,
-				&timestamp,
-				&stripped)) {
-		return -1;
-	}
-	if (timestamp == 0) {
-		return SMB_VFS_NEXT_CHMOD_ACL(handle, smb_fname, mode);
-	}
-	conv = shadow_copy2_convert(talloc_tos(), handle, stripped, timestamp);
-	TALLOC_FREE(stripped);
-	if (conv == NULL) {
-		return -1;
-	}
-	conv_smb_fname = synthetic_smb_fname(talloc_tos(),
-					conv,
-					NULL,
-					NULL,
-					smb_fname->flags);
-	if (conv_smb_fname == NULL) {
-		TALLOC_FREE(conv);
-		errno = ENOMEM;
-		return -1;
-	}
-	ret = SMB_VFS_NEXT_CHMOD_ACL(handle, conv_smb_fname, mode);
-	if (ret == -1) {
-		saved_errno = errno;
-	}
-	TALLOC_FREE(conv);
-	TALLOC_FREE(conv_smb_fname);
-	if (saved_errno != 0) {
-		errno = saved_errno;
-	}
-	return ret;
-}
-
 static int shadow_copy2_get_real_filename(struct vfs_handle_struct *handle,
 					  const char *path,
 					  const char *name,
@@ -3263,7 +3215,6 @@ static struct vfs_fn_pointers vfs_shadow_copy2_fns = {
 	.listxattr_fn = shadow_copy2_listxattr,
 	.removexattr_fn = shadow_copy2_removexattr,
 	.setxattr_fn = shadow_copy2_setxattr,
-	.chmod_acl_fn = shadow_copy2_chmod_acl,
 	.chflags_fn = shadow_copy2_chflags,
 	.get_real_filename_fn = shadow_copy2_get_real_filename,
 	.connectpath_fn = shadow_copy2_connectpath,
diff --git a/source3/modules/vfs_snapper.c b/source3/modules/vfs_snapper.c
index 60851501a51..6b935c3df41 100644
--- a/source3/modules/vfs_snapper.c
+++ b/source3/modules/vfs_snapper.c
@@ -2955,50 +2955,6 @@ static int snapper_gmt_setxattr(struct vfs_handle_struct *handle,
 	return ret;
 }
 
-static int snapper_gmt_chmod_acl(vfs_handle_struct *handle,
-			const struct smb_filename *smb_fname,
-			mode_t mode)
-{
-	time_t timestamp;
-	char *stripped;
-	ssize_t ret;
-	int saved_errno;
-	char *conv;
-	struct smb_filename *conv_smb_fname = NULL;
-
-	if (!snapper_gmt_strip_snapshot(talloc_tos(),
-				handle,
-				smb_fname->base_name,
-				&timestamp,
-				&stripped)) {
-		return -1;
-	}
-	if (timestamp == 0) {
-		return SMB_VFS_NEXT_CHMOD_ACL(handle, smb_fname, mode);
-	}
-	conv = snapper_gmt_convert(talloc_tos(), handle, stripped, timestamp);
-	TALLOC_FREE(stripped);
-	if (conv == NULL) {
-		return -1;
-	}
-	conv_smb_fname = synthetic_smb_fname(talloc_tos(),
-					conv,
-					NULL,
-					NULL,
-					smb_fname->flags);
-	if (conv_smb_fname == NULL) {
-		TALLOC_FREE(conv);
-		errno = ENOMEM;
-		return -1;
-	}
-	ret = SMB_VFS_NEXT_CHMOD_ACL(handle, conv_smb_fname, mode);
-	saved_errno = errno;
-	TALLOC_FREE(conv);
-	TALLOC_FREE(conv_smb_fname);
-	errno = saved_errno;
-	return ret;
-}
-
 static int snapper_gmt_get_real_filename(struct vfs_handle_struct *handle,
 					 const char *path,
 					 const char *name,
@@ -3172,7 +3128,6 @@ static struct vfs_fn_pointers snapper_fns = {
 	.listxattr_fn = snapper_gmt_listxattr,
 	.removexattr_fn = snapper_gmt_removexattr,
 	.setxattr_fn = snapper_gmt_setxattr,
-	.chmod_acl_fn = snapper_gmt_chmod_acl,
 	.chflags_fn = snapper_gmt_chflags,
 	.get_real_filename_fn = snapper_gmt_get_real_filename,
 };
diff --git a/source3/modules/vfs_time_audit.c b/source3/modules/vfs_time_audit.c
index 084c209510d..8ce9c2818ca 100644
--- a/source3/modules/vfs_time_audit.c
+++ b/source3/modules/vfs_time_audit.c
@@ -2159,30 +2159,6 @@ static NTSTATUS smb_time_audit_audit_file(struct vfs_handle_struct *handle,
 	return result;
 }
 
-
-
-static int smb_time_audit_chmod_acl(vfs_handle_struct *handle,
-			const struct smb_filename *smb_fname,
-			mode_t mode)
-{
-	int result;
-	struct timespec ts1,ts2;
-	double timediff;
-
-	clock_gettime_mono(&ts1);
-	result = SMB_VFS_NEXT_CHMOD_ACL(handle, smb_fname, mode);
-	clock_gettime_mono(&ts2);
-	timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
-
-	if (timediff > audit_timeout) {
-		smb_time_audit_log_fname("chmod_acl",
-			timediff,
-			smb_fname->base_name);
-	}
-
-	return result;
-}
-
 static int smb_time_audit_fchmod_acl(vfs_handle_struct *handle,
 				     files_struct *fsp, mode_t mode)
 {
@@ -2702,7 +2678,6 @@ static struct vfs_fn_pointers vfs_time_audit_fns = {
 	.get_nt_acl_fn = smb_time_audit_get_nt_acl,
 	.fset_nt_acl_fn = smb_time_audit_fset_nt_acl,
 	.audit_file_fn = smb_time_audit_audit_file,
-	.chmod_acl_fn = smb_time_audit_chmod_acl,
 	.fchmod_acl_fn = smb_time_audit_fchmod_acl,
 	.sys_acl_get_file_fn = smb_time_audit_sys_acl_get_file,
 	.sys_acl_get_fd_fn = smb_time_audit_sys_acl_get_fd,
diff --git a/source3/modules/vfs_unityed_media.c b/source3/modules/vfs_unityed_media.c
index 9859037722e..328a93d7043 100644
--- a/source3/modules/vfs_unityed_media.c
+++ b/source3/modules/vfs_unityed_media.c
@@ -1577,36 +1577,6 @@ err:
 	return status;
 }
 
-static int um_chmod_acl(vfs_handle_struct *handle,
-			const struct smb_filename *smb_fname,
-			mode_t mode)
-{
-	int status;
-	int saved_errno;
-	struct smb_filename *client_fname = NULL;
-
-	DEBUG(10, ("Entering um_chmod_acl\n"));
-
-	if (!is_in_media_files(smb_fname->base_name)) {
-		return SMB_VFS_NEXT_CHMOD_ACL(handle, smb_fname, mode);
-	}
-
-	status = alloc_get_client_smb_fname(handle,
-				talloc_tos(),
-				smb_fname,
-				&client_fname);
-	if (status != 0) {
-		goto err;
-	}
-	status = SMB_VFS_NEXT_CHMOD_ACL(handle, client_fname, mode);
-
-err:
-	saved_errno = errno;
-	TALLOC_FREE(client_fname);
-	errno = saved_errno;
-	return status;
-}
-
 static SMB_ACL_T um_sys_acl_get_file(vfs_handle_struct *handle,
 				const struct smb_filename *smb_fname,
 				SMB_ACL_TYPE_T type,
@@ -1928,8 +1898,6 @@ static struct vfs_fn_pointers vfs_um_fns = {
 
 	/* POSIX ACL operations. */
 
-	.chmod_acl_fn = um_chmod_acl,
-
 	.sys_acl_get_file_fn = um_sys_acl_get_file,
 	.sys_acl_set_file_fn = um_sys_acl_set_file,
 	.sys_acl_delete_def_file_fn = um_sys_acl_delete_def_file,
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 386e955243f..99119e1fddc 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -2490,14 +2490,6 @@ NTSTATUS smb_vfs_call_audit_file(struct vfs_handle_struct *handle,
 					  access_denied);
 }
 
-int smb_vfs_call_chmod_acl(struct vfs_handle_struct *handle,
-		const struct smb_filename *smb_fname,
-		mode_t mode)
-{
-	VFS_FIND(chmod_acl);
-	return handle->fns->chmod_acl_fn(handle, smb_fname, mode);
-}
-
 int smb_vfs_call_fchmod_acl(struct vfs_handle_struct *handle,
 			    struct files_struct *fsp, mode_t mode)
 {
-- 
2.17.0.441.gb46fe60e1d-goog


From 68c030ed5131337bb0c8a1ad13bb8e3d82d3053e Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 17 May 2018 11:45:05 -0700
Subject: [PATCH 13/17] s3: modules: vfs_default: Remove FCHMOD_ACL in fchmod.

Now I understand the use of the mask in POSIX ACLs
this extra step is no longer needed.

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source3/modules/vfs_default.c | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index d05015fd297..8e0831cace4 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -1993,23 +1993,6 @@ static int vfswrap_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t m
 	int result;
 
 	START_PROFILE(syscall_fchmod);
-
-	/*
-	 * We need to do this due to the fact that the default POSIX ACL
-	 * chmod modifies the ACL *mask* for the group owner, not the
-	 * group owner bits directly. JRA.
-	 */
-
-	{
-		int saved_errno = errno; /* We might get ENOSYS */
-		if ((result = SMB_VFS_FCHMOD_ACL(fsp, mode)) == 0) {
-			END_PROFILE(syscall_fchmod);
-			return result;
-		}
-		/* Error - return the old errno. */
-		errno = saved_errno;
-	}
-
 #if defined(HAVE_FCHMOD)
 	result = fchmod(fsp->fh->fd, mode);
 #else
-- 
2.17.0.441.gb46fe60e1d-goog


From 097b593f042f347cb3f6f6cd2f2fdb6e1eb6cd0d Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 17 May 2018 11:46:21 -0700
Subject: [PATCH 14/17] s3: modules: vfs_ceph: Remove FCHMOD_ACL in
 cephwrap_fchmod().

Now I understand the use of the mask in POSIX ACLs
this extra step is no longer needed.

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source3/modules/vfs_ceph.c | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/source3/modules/vfs_ceph.c b/source3/modules/vfs_ceph.c
index 818d0cb5490..b6ca27dd47e 100644
--- a/source3/modules/vfs_ceph.c
+++ b/source3/modules/vfs_ceph.c
@@ -957,21 +957,6 @@ static int cephwrap_fchmod(struct vfs_handle_struct *handle, files_struct *fsp,
 
 	DBG_DEBUG("[CEPH] fchmod(%p, %p, %d)\n", handle, fsp, mode);
 
-	/*
-	 * We need to do this due to the fact that the default POSIX ACL
-	 * chmod modifies the ACL *mask* for the group owner, not the
-	 * group owner bits directly. JRA.
-	 */
-
-	{
-		int saved_errno = errno; /* We might get ENOSYS */
-		if ((result = SMB_VFS_FCHMOD_ACL(fsp, mode)) == 0) {
-			return result;
-		}
-		/* Error - return the old errno. */
-		errno = saved_errno;
-	}
-
 #if defined(HAVE_FCHMOD)
 	result = ceph_fchmod(handle->data, fsp->fh->fd, mode);
 	DBG_DEBUG("[CEPH] fchmod(...) = %d\n", result);
-- 
2.17.0.441.gb46fe60e1d-goog


From a4805f4d1ddf25765d235e7595c865c981189d2b Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 17 May 2018 11:42:03 -0700
Subject: [PATCH 15/17] s3: torture: Remove cmd_fchmod_acl().

No longer needed.

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 docs-xml/manpages/vfstest.1.xml |  1 -
 source3/torture/cmd_vfs.c       | 31 -------------------------------
 2 files changed, 32 deletions(-)

diff --git a/docs-xml/manpages/vfstest.1.xml b/docs-xml/manpages/vfstest.1.xml
index 5a4ea1254b9..dc6acd06f87 100644
--- a/docs-xml/manpages/vfstest.1.xml
+++ b/docs-xml/manpages/vfstest.1.xml
@@ -124,7 +124,6 @@
 		<listitem><para><command>get_nt_acl</command> - VFS get_nt_acl()</para></listitem>
 		<listitem><para><command>fset_nt_acl</command> - VFS fset_nt_acl()</para></listitem>
 		<listitem><para><command>set_nt_acl</command> - VFS open() and fset_nt_acl()</para></listitem>
-		<listitem><para><command>fchmod_acl</command> - VFS fchmod_acl()</para></listitem>
 		<listitem><para><command>sys_acl_get_file</command> - VFS sys_acl_get_file()</para></listitem>
 		<listitem><para><command>sys_acl_get_fd</command> - VFS sys_acl_get_fd()</para></listitem>
 		<listitem><para><command>sys_acl_blob_get_file</command> - VFS sys_acl_blob_get_file()</para></listitem>
diff --git a/source3/torture/cmd_vfs.c b/source3/torture/cmd_vfs.c
index 793faf09d12..3ba26031ed8 100644
--- a/source3/torture/cmd_vfs.c
+++ b/source3/torture/cmd_vfs.c
@@ -930,36 +930,6 @@ static NTSTATUS cmd_fchmod(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc,
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS cmd_fchmod_acl(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv)
-{
-	int fd;
-	mode_t mode;
-	if (argc != 3) {
-		printf("Usage: fchmod_acl <fd> <mode>\n");
-		return NT_STATUS_OK;
-	}
-
-	fd = atoi(argv[1]);
-	mode = atoi(argv[2]);
-	if (fd < 0 || fd >= 1024) {
-		printf("fchmod_acl: error=%d (file descriptor out of range)\n", EBADF);
-		return NT_STATUS_OK;
-	}
-	if (vfs->files[fd] == NULL) {
-		printf("fchmod_acl: error=%d (invalid file descriptor)\n", EBADF);
-		return NT_STATUS_OK;
-	}
-
-	if (SMB_VFS_FCHMOD_ACL(vfs->files[fd], mode) == -1) {
-		printf("fchmod_acl: error=%d (%s)\n", errno, strerror(errno));
-		return NT_STATUS_UNSUCCESSFUL;
-	}
-
-	printf("fchmod_acl: ok\n");
-	return NT_STATUS_OK;
-}
-
-
 static NTSTATUS cmd_chown(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv)
 {
 	struct smb_filename *smb_fname = NULL;
@@ -2023,7 +1993,6 @@ struct cmd_set vfs_commands[] = {
 	  "fset_nt_acl <fd>\n" },
 	{ "set_nt_acl", cmd_set_nt_acl, "VFS open() and fset_nt_acl()", 
 	  "set_nt_acl <file>\n" },
-	{ "fchmod_acl",   cmd_fchmod_acl,   "VFS fchmod_acl()",    "fchmod_acl <fd> <mode>" },
 	{ "sys_acl_get_file", cmd_sys_acl_get_file, "VFS sys_acl_get_file()", "sys_acl_get_file <path>" },
 	{ "sys_acl_get_fd", cmd_sys_acl_get_fd, "VFS sys_acl_get_fd()", "sys_acl_get_fd <fd>" },
 	{ "sys_acl_blob_get_file", cmd_sys_acl_blob_get_file,
-- 
2.17.0.441.gb46fe60e1d-goog


From 08624cf26f0ddc90d3ed75f72b5df9154cde5edc Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 17 May 2018 11:48:55 -0700
Subject: [PATCH 16/17] s3: VFS: Remove SMB_VFS_FCHMOD_ACL().

No longer used.

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 docs-xml/Samba-Developers-Guide/vfs.xml |  2 --
 docs-xml/manpages/vfs_audit.8.xml       |  1 -
 docs-xml/manpages/vfs_full_audit.8.xml  |  1 -
 examples/VFS/skel_opaque.c              |  9 ---------
 examples/VFS/skel_transparent.c         |  8 --------
 source3/include/smbprofile.h            |  1 -
 source3/include/vfs.h                   |  5 +----
 source3/include/vfs_macros.h            |  5 -----
 source3/modules/vfs_acl_common.c        | 10 ----------
 source3/modules/vfs_acl_common.h        |  3 ---
 source3/modules/vfs_acl_tdb.c           |  1 -
 source3/modules/vfs_acl_xattr.c         |  1 -
 source3/modules/vfs_audit.c             | 15 ---------------
 source3/modules/vfs_catia.c             | 21 ---------------------
 source3/modules/vfs_default.c           | 17 -----------------
 source3/modules/vfs_extd_audit.c        | 21 ---------------------
 source3/modules/vfs_full_audit.c        | 15 ---------------
 source3/modules/vfs_glusterfs.c         |  1 -
 source3/modules/vfs_streams_xattr.c     | 16 ----------------
 source3/modules/vfs_time_audit.c        | 20 --------------------
 source3/smbd/vfs.c                      |  7 -------
 21 files changed, 1 insertion(+), 179 deletions(-)

diff --git a/docs-xml/Samba-Developers-Guide/vfs.xml b/docs-xml/Samba-Developers-Guide/vfs.xml
index 4c4e39c4fc3..b58410b369d 100644
--- a/docs-xml/Samba-Developers-Guide/vfs.xml
+++ b/docs-xml/Samba-Developers-Guide/vfs.xml
@@ -630,8 +630,6 @@ struct vfs_ops example_ops = {
 	NULL,				/* fset_nt_acl */
 	NULL,				/* set_nt_acl */
 
-	NULL,				/* fchmod_acl */
-
 	NULL,				/* sys_acl_get_entry */
 	NULL,				/* sys_acl_get_tag_type */
 	NULL,				/* sys_acl_get_permset */
diff --git a/docs-xml/manpages/vfs_audit.8.xml b/docs-xml/manpages/vfs_audit.8.xml
index e04e9572af0..3a1576d6b40 100644
--- a/docs-xml/manpages/vfs_audit.8.xml
+++ b/docs-xml/manpages/vfs_audit.8.xml
@@ -47,7 +47,6 @@
 	<member>unlink</member>
 	<member>chmod</member>
 	<member>fchmod</member>
-	<member>fchmod_acl</member>
 	</simplelist>
 
 	<para>This module is stackable.</para>
diff --git a/docs-xml/manpages/vfs_full_audit.8.xml b/docs-xml/manpages/vfs_full_audit.8.xml
index 68df0a20747..7da3e3bb81c 100644
--- a/docs-xml/manpages/vfs_full_audit.8.xml
+++ b/docs-xml/manpages/vfs_full_audit.8.xml
@@ -50,7 +50,6 @@
         <member>disconnect</member>
         <member>disk_free</member>
         <member>fchmod</member>
-        <member>fchmod_acl</member>
         <member>fchown</member>
         <member>fget_nt_acl</member>
         <member>fgetxattr</member>
diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c
index 61fa21b679c..446cfd5767e 100644
--- a/examples/VFS/skel_opaque.c
+++ b/examples/VFS/skel_opaque.c
@@ -751,13 +751,6 @@ static NTSTATUS skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
 
-static int skel_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
-			   mode_t mode)
-{
-	errno = ENOSYS;
-	return -1;
-}
-
 static SMB_ACL_T skel_sys_acl_get_file(vfs_handle_struct *handle,
 				       const struct smb_filename *smb_fname,
 				       SMB_ACL_TYPE_T type,
@@ -997,8 +990,6 @@ struct vfs_fn_pointers skel_opaque_fns = {
 
 	/* POSIX ACL operations. */
 
-	.fchmod_acl_fn = skel_fchmod_acl,
-
 	.sys_acl_get_file_fn = skel_sys_acl_get_file,
 	.sys_acl_get_fd_fn = skel_sys_acl_get_fd,
 	.sys_acl_blob_get_file_fn = skel_sys_acl_blob_get_file,
diff --git a/examples/VFS/skel_transparent.c b/examples/VFS/skel_transparent.c
index 018a18768ac..7f2c78b2e3b 100644
--- a/examples/VFS/skel_transparent.c
+++ b/examples/VFS/skel_transparent.c
@@ -942,12 +942,6 @@ static NTSTATUS skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
 	return SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
 }
 
-static int skel_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
-			   mode_t mode)
-{
-	return SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
-}
-
 static SMB_ACL_T skel_sys_acl_get_file(vfs_handle_struct *handle,
 				       const struct smb_filename *smb_fname,
 				       SMB_ACL_TYPE_T type,
@@ -1174,8 +1168,6 @@ struct vfs_fn_pointers skel_transparent_fns = {
 
 	/* POSIX ACL operations. */
 
-	.fchmod_acl_fn = skel_fchmod_acl,
-
 	.sys_acl_get_file_fn = skel_sys_acl_get_file,
 	.sys_acl_get_fd_fn = skel_sys_acl_get_fd,
 	.sys_acl_blob_get_file_fn = skel_sys_acl_blob_get_file,
diff --git a/source3/include/smbprofile.h b/source3/include/smbprofile.h
index 05d3aa261b8..bcd43d29701 100644
--- a/source3/include/smbprofile.h
+++ b/source3/include/smbprofile.h
@@ -104,7 +104,6 @@ struct tevent_context;
 	SMBPROFILE_STATS_BASIC(get_nt_acl) \
 	SMBPROFILE_STATS_BASIC(fget_nt_acl) \
 	SMBPROFILE_STATS_BASIC(fset_nt_acl) \
-	SMBPROFILE_STATS_BASIC(fchmod_acl) \
 	SMBPROFILE_STATS_SECTION_END \
 	\
 	SMBPROFILE_STATS_SECTION_START(statcache, "Stat Cache") \
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index 48d97b133c9..945e4b6b8b0 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -252,6 +252,7 @@
 /* Version 39 - Remove SMB_VFS_WRITE
 		All users are now pwrite or async versions. */
 /* Version 39 - Remove SMB_VFS_CHMOD_ACL - no longer used. */
+/* Version 39 - Remove SMB_VFS_FCHMOD_ACL - no longer used. */
 
 #define SMB_VFS_INTERFACE_VERSION 39
 
@@ -917,8 +918,6 @@ struct vfs_fn_pointers {
 
 	/* POSIX ACL operations. */
 
-	int (*fchmod_acl_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp, mode_t mode);
-
 	SMB_ACL_T (*sys_acl_get_file_fn)(struct vfs_handle_struct *handle,
 					 const struct smb_filename *smb_fname,
 					 SMB_ACL_TYPE_T type,
@@ -1408,8 +1407,6 @@ NTSTATUS smb_vfs_call_audit_file(struct vfs_handle_struct *handle,
 int smb_vfs_call_chmod_acl(struct vfs_handle_struct *handle,
 				const struct smb_filename *file,
 				mode_t mode);
-int smb_vfs_call_fchmod_acl(struct vfs_handle_struct *handle,
-			    struct files_struct *fsp, mode_t mode);
 SMB_ACL_T smb_vfs_call_sys_acl_get_file(struct vfs_handle_struct *handle,
 					const struct smb_filename *smb_fname,
 					SMB_ACL_TYPE_T type,
diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h
index dda275fa968..46d6728629c 100644
--- a/source3/include/vfs_macros.h
+++ b/source3/include/vfs_macros.h
@@ -460,11 +460,6 @@
 #define SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd) \
 	smb_vfs_call_fset_nt_acl((handle)->next, (fsp), (security_info_sent), (psd))
 
-#define SMB_VFS_FCHMOD_ACL(fsp, mode) \
-	smb_vfs_call_fchmod_acl((fsp)->conn->vfs_handles, (fsp), (mode))
-#define SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode) \
-	smb_vfs_call_fchmod_acl((handle)->next, (fsp), (mode))
-
 #define SMB_VFS_SYS_ACL_GET_FILE(conn, smb_fname, type, mem_ctx)		\
 	smb_vfs_call_sys_acl_get_file((conn)->vfs_handles, (smb_fname), (type), (mem_ctx))
 #define SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, smb_fname, type, mem_ctx)		\
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 0fd625bec1d..6c0d931bf43 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -1244,13 +1244,3 @@ int fchmod_acl_module_common(struct vfs_handle_struct *handle,
 	}
 	return 0;
 }
-
-int fchmod_acl_acl_module_common(struct vfs_handle_struct *handle,
-				 struct files_struct *fsp, mode_t mode)
-{
-	if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) {
-		/* Only allow this on POSIX opens. */
-		return SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
-	}
-	return 0;
-}
diff --git a/source3/modules/vfs_acl_common.h b/source3/modules/vfs_acl_common.h
index 24803e0215e..f8bc48bf65b 100644
--- a/source3/modules/vfs_acl_common.h
+++ b/source3/modules/vfs_acl_common.h
@@ -44,9 +44,6 @@ int fchmod_acl_module_common(struct vfs_handle_struct *handle,
 int chmod_acl_acl_module_common(struct vfs_handle_struct *handle,
 				const struct smb_filename *smb_fname,
 				mode_t mode);
-int fchmod_acl_acl_module_common(struct vfs_handle_struct *handle,
-				 struct files_struct *fsp, mode_t mode);
-
 NTSTATUS get_nt_acl_common(
 	NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx,
 				    vfs_handle_struct *handle,
diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c
index 4b61c274441..bb69170c910 100644
--- a/source3/modules/vfs_acl_tdb.c
+++ b/source3/modules/vfs_acl_tdb.c
@@ -496,7 +496,6 @@ static struct vfs_fn_pointers vfs_acl_tdb_fns = {
 	.fget_nt_acl_fn = acl_tdb_fget_nt_acl,
 	.get_nt_acl_fn = acl_tdb_get_nt_acl,
 	.fset_nt_acl_fn = acl_tdb_fset_nt_acl,
-	.fchmod_acl_fn = fchmod_acl_acl_module_common,
 	.sys_acl_set_file_fn = sys_acl_set_file_tdb,
 	.sys_acl_set_fd_fn = sys_acl_set_fd_tdb
 };
diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c
index 62d26781fd5..94626cb8e03 100644
--- a/source3/modules/vfs_acl_xattr.c
+++ b/source3/modules/vfs_acl_xattr.c
@@ -323,7 +323,6 @@ static struct vfs_fn_pointers vfs_acl_xattr_fns = {
 	.fget_nt_acl_fn = acl_xattr_fget_nt_acl,
 	.get_nt_acl_fn = acl_xattr_get_nt_acl,
 	.fset_nt_acl_fn = acl_xattr_fset_nt_acl,
-	.fchmod_acl_fn = fchmod_acl_acl_module_common,
 	.sys_acl_set_file_fn = sys_acl_set_file_xattr,
 	.sys_acl_set_fd_fn = sys_acl_set_fd_xattr
 };
diff --git a/source3/modules/vfs_audit.c b/source3/modules/vfs_audit.c
index f34bcd19161..24bc1e8db5f 100644
--- a/source3/modules/vfs_audit.c
+++ b/source3/modules/vfs_audit.c
@@ -247,20 +247,6 @@ static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mod
 	return result;
 }
 
-static int audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
-{
-	int result;
-
-	result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
-
-	syslog(audit_syslog_priority(handle), "fchmod_acl %s mode 0x%x %s%s\n",
-	       fsp->fsp_name->base_name, mode,
-	       (result < 0) ? "failed: " : "",
-	       (result < 0) ? strerror(errno) : "");
-
-	return result;
-}
-
 static struct vfs_fn_pointers vfs_audit_fns = {
 	.connect_fn = audit_connect,
 	.disconnect_fn = audit_disconnect,
@@ -273,7 +259,6 @@ static struct vfs_fn_pointers vfs_audit_fns = {
 	.unlink_fn = audit_unlink,
 	.chmod_fn = audit_chmod,
 	.fchmod_fn = audit_fchmod,
-	.fchmod_acl_fn = audit_fchmod_acl
 };
 
 static_decl_vfs;
diff --git a/source3/modules/vfs_catia.c b/source3/modules/vfs_catia.c
index d26f7978290..fce2dcf8ca5 100644
--- a/source3/modules/vfs_catia.c
+++ b/source3/modules/vfs_catia.c
@@ -1731,25 +1731,6 @@ static int catia_sys_acl_set_fd(vfs_handle_struct *handle,
 	return ret;
 }
 
-static int catia_fchmod_acl(vfs_handle_struct *handle,
-			    files_struct *fsp,
-			    mode_t mode)
-{
-	struct catia_cache *cc = NULL;
-	int ret;
-
-	ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
-	if (ret != 0) {
-		return ret;
-	}
-
-	ret = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
-
-	CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
-
-	return ret;
-}
-
 static NTSTATUS catia_fget_nt_acl(vfs_handle_struct *handle,
 				  files_struct *fsp,
 				  uint32_t security_info,
@@ -2478,8 +2459,6 @@ static struct vfs_fn_pointers vfs_catia_fns = {
 	.fset_nt_acl_fn = catia_fset_nt_acl,
 
 	/* POSIX ACL operations. */
-	.fchmod_acl_fn = catia_fchmod_acl,
-
 	.sys_acl_get_file_fn = catia_sys_acl_get_file,
 	.sys_acl_get_fd_fn = catia_sys_acl_get_fd,
 	.sys_acl_blob_get_fd_fn = catia_sys_acl_blob_get_fd,
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 8e0831cace4..82afb054a13 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -2674,21 +2674,6 @@ static NTSTATUS vfswrap_audit_file(struct vfs_handle_struct *handle,
 	return NT_STATUS_OK; /* Nothing to do here ... */
 }
 
-static int vfswrap_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
-{
-#ifdef HAVE_NO_ACL
-	errno = ENOSYS;
-	return -1;
-#else
-	int result;
-
-	START_PROFILE(fchmod_acl);
-	result = fchmod_acl(fsp, mode);
-	END_PROFILE(fchmod_acl);
-	return result;
-#endif
-}
-
 static SMB_ACL_T vfswrap_sys_acl_get_file(vfs_handle_struct *handle,
 					  const struct smb_filename *smb_fname,
 					  SMB_ACL_TYPE_T type,
@@ -2950,8 +2935,6 @@ static struct vfs_fn_pointers vfs_default_fns = {
 
 	/* POSIX ACL operations. */
 
-	.fchmod_acl_fn = vfswrap_fchmod_acl,
-
 	.sys_acl_get_file_fn = vfswrap_sys_acl_get_file,
 	.sys_acl_get_fd_fn = vfswrap_sys_acl_get_fd,
 	.sys_acl_blob_get_file_fn = posix_sys_acl_blob_get_file,
diff --git a/source3/modules/vfs_extd_audit.c b/source3/modules/vfs_extd_audit.c
index abb019081e0..50bd6f8f758 100644
--- a/source3/modules/vfs_extd_audit.c
+++ b/source3/modules/vfs_extd_audit.c
@@ -312,26 +312,6 @@ static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mod
 	return result;
 }
 
-static int audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
-{
-	int result;
-
-	result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
-
-	if (lp_syslog() > 0) {
-		syslog(audit_syslog_priority(handle), "fchmod_acl %s mode 0x%x %s%s\n",
-		       fsp->fsp_name->base_name, mode,
-		       (result < 0) ? "failed: " : "",
-		       (result < 0) ? strerror(errno) : "");
-	}
-	DEBUG(1, ("vfs_extd_audit: fchmod_acl %s mode 0x%x %s %s",
-		fsp_str_dbg(fsp),  (unsigned int)mode,
-	       (result < 0) ? "failed: " : "",
-	       (result < 0) ? strerror(errno) : ""));
-
-	return result;
-}
-
 static struct vfs_fn_pointers vfs_extd_audit_fns = {
 	.connect_fn = audit_connect,
 	.disconnect_fn = audit_disconnect,
@@ -344,7 +324,6 @@ static struct vfs_fn_pointers vfs_extd_audit_fns = {
 	.unlink_fn = audit_unlink,
 	.chmod_fn = audit_chmod,
 	.fchmod_fn = audit_fchmod,
-	.fchmod_acl_fn = audit_fchmod_acl,
 };
 
 static_decl_vfs;
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index bb8c306ea40..c6b229a376a 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -324,7 +324,6 @@ static struct {
 	{ SMB_VFS_OP_GET_NT_ACL,	"get_nt_acl" },
 	{ SMB_VFS_OP_FSET_NT_ACL,	"fset_nt_acl" },
 	{ SMB_VFS_OP_AUDIT_FILE,	"audit_file" },
-	{ SMB_VFS_OP_FCHMOD_ACL,	"fchmod_acl" },
 	{ SMB_VFS_OP_SYS_ACL_GET_FILE,	"sys_acl_get_file" },
 	{ SMB_VFS_OP_SYS_ACL_GET_FD,	"sys_acl_get_fd" },
 	{ SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE,	"sys_acl_blob_get_file" },
@@ -2130,19 +2129,6 @@ static NTSTATUS smb_full_audit_audit_file(struct vfs_handle_struct *handle,
 	return result;
 }
 
-static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
-				     mode_t mode)
-{
-	int result;
-	
-	result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
-
-	do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
-	       "%s|%o", fsp_str_do_log(fsp), mode);
-
-	return result;
-}
-
 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
 				const struct smb_filename *smb_fname,
 				SMB_ACL_TYPE_T type,
@@ -2529,7 +2515,6 @@ static struct vfs_fn_pointers vfs_full_audit_fns = {
 	.get_nt_acl_fn = smb_full_audit_get_nt_acl,
 	.fset_nt_acl_fn = smb_full_audit_fset_nt_acl,
 	.audit_file_fn = smb_full_audit_audit_file,
-	.fchmod_acl_fn = smb_full_audit_fchmod_acl,
 	.sys_acl_get_file_fn = smb_full_audit_sys_acl_get_file,
 	.sys_acl_get_fd_fn = smb_full_audit_sys_acl_get_fd,
 	.sys_acl_blob_get_file_fn = smb_full_audit_sys_acl_blob_get_file,
diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
index f000906261c..985a895257f 100644
--- a/source3/modules/vfs_glusterfs.c
+++ b/source3/modules/vfs_glusterfs.c
@@ -1499,7 +1499,6 @@ static struct vfs_fn_pointers glusterfs_fns = {
 	.audit_file_fn = NULL,
 
 	/* Posix ACL Operations */
-	.fchmod_acl_fn = NULL,	/* passthrough to default */
 	.sys_acl_get_file_fn = posixacl_xattr_acl_get_file,
 	.sys_acl_get_fd_fn = posixacl_xattr_acl_get_fd,
 	.sys_acl_blob_get_file_fn = posix_sys_acl_blob_get_file,
diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
index 5355dd8ca44..8714007cb8d 100644
--- a/source3/modules/vfs_streams_xattr.c
+++ b/source3/modules/vfs_streams_xattr.c
@@ -1390,20 +1390,6 @@ static int streams_xattr_fsetxattr(struct vfs_handle_struct *handle,
 	return -1;
 }
 
-static int streams_xattr_fchmod_acl(vfs_handle_struct *handle,
-				    files_struct *fsp,
-				    mode_t mode)
-{
-	struct stream_io *sio =
-		(struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
-
-	if (sio == NULL) {
-		return SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
-	}
-
-	return 0;
-}
-
 static SMB_ACL_T streams_xattr_sys_acl_get_fd(vfs_handle_struct *handle,
 					      files_struct *fsp,
 					      TALLOC_CTX *mem_ctx)
@@ -1677,8 +1663,6 @@ static struct vfs_fn_pointers vfs_streams_xattr_fns = {
 	.fremovexattr_fn = streams_xattr_fremovexattr,
 	.fsetxattr_fn = streams_xattr_fsetxattr,
 
-	.fchmod_acl_fn = streams_xattr_fchmod_acl,
-
 	.sys_acl_get_fd_fn = streams_xattr_sys_acl_get_fd,
 	.sys_acl_blob_get_fd_fn = streams_xattr_sys_acl_blob_get_fd,
 	.sys_acl_set_fd_fn = streams_xattr_sys_acl_set_fd,
diff --git a/source3/modules/vfs_time_audit.c b/source3/modules/vfs_time_audit.c
index 8ce9c2818ca..2565c032bdc 100644
--- a/source3/modules/vfs_time_audit.c
+++ b/source3/modules/vfs_time_audit.c
@@ -2159,25 +2159,6 @@ static NTSTATUS smb_time_audit_audit_file(struct vfs_handle_struct *handle,
 	return result;
 }
 
-static int smb_time_audit_fchmod_acl(vfs_handle_struct *handle,
-				     files_struct *fsp, mode_t mode)
-{
-	int result;
-	struct timespec ts1,ts2;
-	double timediff;
-
-	clock_gettime_mono(&ts1);
-	result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
-	clock_gettime_mono(&ts2);
-	timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
-
-	if (timediff > audit_timeout) {
-		smb_time_audit_log_fsp("fchmod_acl", timediff, fsp);
-	}
-
-	return result;
-}
-
 static SMB_ACL_T smb_time_audit_sys_acl_get_file(vfs_handle_struct *handle,
 					const struct smb_filename *smb_fname,
 					SMB_ACL_TYPE_T type,
@@ -2678,7 +2659,6 @@ static struct vfs_fn_pointers vfs_time_audit_fns = {
 	.get_nt_acl_fn = smb_time_audit_get_nt_acl,
 	.fset_nt_acl_fn = smb_time_audit_fset_nt_acl,
 	.audit_file_fn = smb_time_audit_audit_file,
-	.fchmod_acl_fn = smb_time_audit_fchmod_acl,
 	.sys_acl_get_file_fn = smb_time_audit_sys_acl_get_file,
 	.sys_acl_get_fd_fn = smb_time_audit_sys_acl_get_fd,
 	.sys_acl_blob_get_file_fn = smb_time_audit_sys_acl_blob_get_file,
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 99119e1fddc..c3f39f32474 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -2490,13 +2490,6 @@ NTSTATUS smb_vfs_call_audit_file(struct vfs_handle_struct *handle,
 					  access_denied);
 }
 
-int smb_vfs_call_fchmod_acl(struct vfs_handle_struct *handle,
-			    struct files_struct *fsp, mode_t mode)
-{
-	VFS_FIND(fchmod_acl);
-	return handle->fns->fchmod_acl_fn(handle, fsp, mode);
-}
-
 SMB_ACL_T smb_vfs_call_sys_acl_get_file(struct vfs_handle_struct *handle,
 					const struct smb_filename *smb_fname,
 					SMB_ACL_TYPE_T type,
-- 
2.17.0.441.gb46fe60e1d-goog


From 207864e4b9957e92705ae35445f11b3d80efb29b Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 17 May 2018 11:49:55 -0700
Subject: [PATCH 17/17] s3: posix_acls: Remove dead functions
 fchmod_acl()/chmod_acl().

No longer used.

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source3/smbd/posix_acls.c | 38 --------------------------------------
 source3/smbd/proto.h      |  4 ----
 2 files changed, 42 deletions(-)

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 8d42535d877..313ab646e68 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -4102,19 +4102,6 @@ static int copy_access_posix_acl(connection_struct *conn,
 	return ret;
 }
 
-/****************************************************************************
- Do a chmod by setting the ACL USER_OBJ, GROUP_OBJ and OTHER bits in an ACL
- and set the mask to rwx. Needed to preserve complex ACLs set by NT.
- Note that name is in UNIX character set.
-****************************************************************************/
-
-int chmod_acl(connection_struct *conn,
-			const struct smb_filename *smb_fname,
-			mode_t mode)
-{
-	return copy_access_posix_acl(conn, smb_fname, smb_fname, mode);
-}
-
 /****************************************************************************
  Check for an existing default POSIX ACL on a directory.
 ****************************************************************************/
@@ -4164,31 +4151,6 @@ int inherit_access_posix_acl(connection_struct *conn,
 	return copy_access_posix_acl(conn, inherit_from_fname, smb_fname, mode);
 }
 
-/****************************************************************************
- Do an fchmod by setting the ACL USER_OBJ, GROUP_OBJ and OTHER bits in an ACL
- and set the mask to rwx. Needed to preserve complex ACLs set by NT.
-****************************************************************************/
-
-int fchmod_acl(files_struct *fsp, mode_t mode)
-{
-	connection_struct *conn = fsp->conn;
-	SMB_ACL_T posix_acl = NULL;
-	int ret = -1;
-
-	if ((posix_acl = SMB_VFS_SYS_ACL_GET_FD(fsp, talloc_tos())) == NULL)
-		return -1;
-
-	if ((ret = chmod_acl_internals(conn, posix_acl, mode)) == -1)
-		goto done;
-
-	ret = SMB_VFS_SYS_ACL_SET_FD(fsp, posix_acl);
-
-  done:
-
-	TALLOC_FREE(posix_acl);
-	return ret;
-}
-
 /****************************************************************************
  Map from wire type to permset.
 ****************************************************************************/
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index bee7acadeea..b9aecc0ba5a 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -782,14 +782,10 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct
 int get_acl_group_bits( connection_struct *conn,
 			const struct smb_filename *smb_fname,
 			mode_t *mode);
-int chmod_acl(connection_struct *conn,
-			const struct smb_filename *smb_fname,
-			mode_t mode);
 int inherit_access_posix_acl(connection_struct *conn,
 			const char *inherit_from_dir,
 			const struct smb_filename *smb_fname,
 			mode_t mode);
-int fchmod_acl(files_struct *fsp, mode_t mode);
 bool set_unix_posix_default_acl(connection_struct *conn,
 				const struct smb_filename *smb_fname,
 				uint16_t num_def_acls, const char *pdata);
-- 
2.17.0.441.gb46fe60e1d-goog



More information about the samba-technical mailing list