From 1e90d91b0334c9f6f1ca4fd08f107b71f06e8a19 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 7 Jun 2021 17:28:58 -0700 Subject: [PATCH] s3: smbd: Remove smbd_calculate_maximum_allowed_access(). No longer used. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- source3/smbd/open.c | 85 --------------------------------------------- 1 file changed, 85 deletions(-) diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 0a6b691195e..1eea2e8ffd2 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -3189,91 +3189,6 @@ static void schedule_async_open(struct smb_request *req) } } -#if 0 -/**************************************************************************** - Work out what access_mask to use from what the client sent us. -****************************************************************************/ - -static NTSTATUS smbd_calculate_maximum_allowed_access( - connection_struct *conn, - struct files_struct *dirfsp, - const struct smb_filename *smb_fname, - bool use_privs, - uint32_t *p_access_mask) -{ - struct security_descriptor *sd; - uint32_t access_granted; - NTSTATUS status; - - SMB_ASSERT(dirfsp == conn->cwd_fsp); - - if (!use_privs && (get_current_uid(conn) == (uid_t)0)) { - *p_access_mask |= FILE_GENERIC_ALL; - return NT_STATUS_OK; - } - - status = SMB_VFS_GET_NT_ACL_AT(conn, - dirfsp, - smb_fname, - (SECINFO_OWNER | - SECINFO_GROUP | - SECINFO_DACL), - talloc_tos(), - &sd); - - if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { - /* - * File did not exist - */ - *p_access_mask = FILE_GENERIC_ALL; - return NT_STATUS_OK; - } - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10,("Could not get acl on file %s: %s\n", - smb_fname_str_dbg(smb_fname), - nt_errstr(status))); - return NT_STATUS_ACCESS_DENIED; - } - - /* - * If we can access the path to this file, by - * default we have FILE_READ_ATTRIBUTES from the - * containing directory. See the section: - * "Algorithm to Check Access to an Existing File" - * in MS-FSA.pdf. - * - * se_file_access_check() - * also takes care of owner WRITE_DAC and READ_CONTROL. - */ - status = se_file_access_check(sd, - get_current_nttok(conn), - use_privs, - (*p_access_mask & ~FILE_READ_ATTRIBUTES), - &access_granted); - - TALLOC_FREE(sd); - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("Access denied on file %s: " - "when calculating maximum access\n", - smb_fname_str_dbg(smb_fname))); - return NT_STATUS_ACCESS_DENIED; - } - *p_access_mask = (access_granted | FILE_READ_ATTRIBUTES); - - if (!(access_granted & DELETE_ACCESS)) { - if (can_delete_file_in_directory(conn, - conn->cwd_fsp, - smb_fname)) - { - *p_access_mask |= DELETE_ACCESS; - } - } - - return NT_STATUS_OK; -} -#endif - /**************************************************************************** Work out what access_mask to use from what the client sent us. ****************************************************************************/ -- 2.47.3