From: Jeremy Allison Date: Mon, 24 May 2021 18:17:22 +0000 (-0700) Subject: s3: smbd: Remove check_parent_access(). X-Git-Tag: tevent-0.11.0~602 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=580226610f8dc11ed29b2395521a2de629e9e6c4;p=thirdparty%2Fsamba.git s3: smbd: Remove check_parent_access(). No more callers. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 0992a4f04f6..b66784b6cf7 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -330,139 +330,6 @@ NTSTATUS smbd_check_access_rights_fsp(struct files_struct *fsp, access_mask); } -NTSTATUS check_parent_access(struct connection_struct *conn, - struct files_struct *dirfsp, - struct smb_filename *smb_fname, - uint32_t access_mask) -{ - NTSTATUS status; - struct security_descriptor *parent_sd = NULL; - uint32_t access_granted = 0; - struct smb_filename *parent_dir = NULL; - struct share_mode_lock *lck = NULL; - struct file_id id = {0}; - uint32_t name_hash; - bool delete_on_close_set; - int ret; - TALLOC_CTX *frame = talloc_stackframe(); - - /* - * NB. When dirfsp != conn->cwd_fsp, we must - * change parent_dir to be "." for the name here. - */ - - SMB_ASSERT(dirfsp == conn->cwd_fsp); - - status = SMB_VFS_PARENT_PATHNAME(conn, - frame, - smb_fname, - &parent_dir, - NULL); - if (!NT_STATUS_IS_OK(status)) { - goto out; - } - - if (get_current_uid(conn) == (uid_t)0) { - /* I'm sorry sir, I didn't know you were root... */ - DEBUG(10,("check_parent_access: root override " - "on %s. Granting 0x%x\n", - smb_fname_str_dbg(smb_fname), - (unsigned int)access_mask )); - status = NT_STATUS_OK; - goto out; - } - - status = SMB_VFS_GET_NT_ACL_AT(conn, - dirfsp, - parent_dir, - SECINFO_DACL, - frame, - &parent_sd); - - if (!NT_STATUS_IS_OK(status)) { - DBG_INFO("SMB_VFS_GET_NT_ACL_AT failed for " - "%s with error %s\n", - smb_fname_str_dbg(parent_dir), - nt_errstr(status)); - goto out; - } - - /* - * If we can access the path to this file, by - * default we have FILE_READ_ATTRIBUTES from the - * containing directory. See the section: - * "Algorithm to Check Access to an Existing File" - * in MS-FSA.pdf. - * - * se_file_access_check() also takes care of - * owner WRITE_DAC and READ_CONTROL. - */ - status = se_file_access_check(parent_sd, - get_current_nttok(conn), - false, - (access_mask & ~FILE_READ_ATTRIBUTES), - &access_granted); - if(!NT_STATUS_IS_OK(status)) { - DEBUG(5,("check_parent_access: access check " - "on directory %s for " - "path %s for mask 0x%x returned (0x%x) %s\n", - smb_fname_str_dbg(parent_dir), - smb_fname->base_name, - access_mask, - access_granted, - nt_errstr(status) )); - goto out; - } - - if (!(access_mask & (SEC_DIR_ADD_FILE | SEC_DIR_ADD_SUBDIR))) { - status = NT_STATUS_OK; - goto out; - } - if (!lp_check_parent_directory_delete_on_close(SNUM(conn))) { - status = NT_STATUS_OK; - goto out; - } - - /* Check if the directory has delete-on-close set */ - ret = SMB_VFS_STAT(conn, parent_dir); - if (ret != 0) { - status = map_nt_error_from_unix(errno); - goto out; - } - - id = SMB_VFS_FILE_ID_CREATE(conn, &parent_dir->st); - - status = file_name_hash(conn, parent_dir->base_name, &name_hash); - if (!NT_STATUS_IS_OK(status)) { - goto out; - } - - /* - * Don't take a lock here. We just need a snapshot - * of the current state of delete on close and this is - * called in a codepath where we may already have a lock - * (and we explicitly can't hold 2 locks at the same time - * as that may deadlock). - */ - lck = fetch_share_mode_unlocked(frame, id); - if (lck == NULL) { - status = NT_STATUS_OK; - goto out; - } - - delete_on_close_set = is_delete_on_close_set(lck, name_hash); - if (delete_on_close_set) { - status = NT_STATUS_DELETE_PENDING; - goto out; - } - - status = NT_STATUS_OK; - -out: - TALLOC_FREE(frame); - return status; -} - /* * Given an fsp that represents a parent directory, * check if the requested access can be granted. diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 3d1ba16467b..b29bc5a7155 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -741,10 +741,6 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn, NTSTATUS smbd_check_access_rights_fsp(struct files_struct *fsp, bool use_privs, uint32_t access_mask); -NTSTATUS check_parent_access(struct connection_struct *conn, - struct files_struct *dirfsp, - struct smb_filename *smb_fname, - uint32_t access_mask); NTSTATUS check_parent_access_fsp(struct files_struct *fsp, uint32_t access_mask); NTSTATUS fd_openat(const struct files_struct *dirfsp,