s3: smbd: Remove user_can_read_file().

No longer used.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index d9cc47c88e81f641e29a4d8ee5fef2a0f3bab7ee..892db195d7b163bd5ea4835c649b9cfb7a087305 100644 (file)
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1156,95 +1156,6 @@ bool get_dir_entry(TALLOC_CTX *ctx,
        return true;
 }
 
-#if 0
-/*******************************************************************
- Check to see if a user can read a file. This is only approximate,
- it is used as part of the "hide unreadable" option. Don't
- use it for anything security sensitive.
-********************************************************************/
-
-static bool user_can_read_file(connection_struct *conn,
-                               struct files_struct *dirfsp,
-                               struct smb_filename *smb_fname)
-{
-       NTSTATUS status;
-       uint32_t rejected_share_access = 0;
-       uint32_t rejected_mask = 0;
-       struct security_descriptor *sd = NULL;
-       uint32_t access_mask = FILE_READ_DATA|
-                               FILE_READ_EA|
-                               FILE_READ_ATTRIBUTES|
-                               SEC_STD_READ_CONTROL;
-
-       SMB_ASSERT(dirfsp == conn->cwd_fsp);
-
-       /*
-        * Never hide files from the root user.
-        * We use (uid_t)0 here not sec_initial_uid()
-        * as make test uses a single user context.
-        */
-
-       if (get_current_uid(conn) == (uid_t)0) {
-               return True;
-       }
-
-       /*
-        * We can't directly use smbd_check_access_rights()
-        * here, as this implicitly grants FILE_READ_ATTRIBUTES
-        * which the Windows access-based-enumeration code
-        * explicitly checks for on the file security descriptor.
-        * See bug:
-        *
-        * https://bugzilla.samba.org/show_bug.cgi?id=10252
-        *
-        * and the smb2.acl2.ACCESSBASED test for details.
-        */
-
-       rejected_share_access = access_mask & ~(conn->share_access);
-       if (rejected_share_access) {
-               DEBUG(10, ("rejected share access 0x%x "
-                       "on %s (0x%x)\n",
-                       (unsigned int)access_mask,
-                       smb_fname_str_dbg(smb_fname),
-                       (unsigned int)rejected_share_access ));
-               return false;
-        }
-
-       status = SMB_VFS_GET_NT_ACL_AT(conn,
-                       dirfsp,
-                       smb_fname,
-                       (SECINFO_OWNER |
-                        SECINFO_GROUP |
-                        SECINFO_DACL),
-                       talloc_tos(),
-                       &sd);
-
-       if (!NT_STATUS_IS_OK(status)) {
-                DEBUG(10, ("Could not get acl "
-                       "on %s: %s\n",
-                       smb_fname_str_dbg(smb_fname),
-                       nt_errstr(status)));
-               return false;
-        }
-
-       status = se_file_access_check(sd,
-                               get_current_nttok(conn),
-                               false,
-                               access_mask,
-                               &rejected_mask);
-
-        TALLOC_FREE(sd);
-
-       if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
-               DEBUG(10,("rejected bits 0x%x read access for %s\n",
-                       (unsigned int)rejected_mask,
-                       smb_fname_str_dbg(smb_fname) ));
-               return false;
-        }
-       return true;
-}
-#endif
-
 /*******************************************************************
  Check to see if a user can read an fsp . This is only approximate,
  it is used as part of the "hide unreadable" option. Don't