From b5e12fed54f0b06021661fb829327dd7b9c68c8e Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 4 Jun 2021 13:45:24 -0700
Subject: [PATCH] s3: smbd: Remove user_can_read_file().

No longer used.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---
 source3/smbd/dir.c | 89 ----------------------------------------------
 1 file changed, 89 deletions(-)

diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index d9cc47c88e8..892db195d7b 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1156,95 +1156,6 @@ bool get_dir_entry(TALLOC_CTX *ctx,
 	return true;
 }
 
-#if 0
-/*******************************************************************
- Check to see if a user can read a file. This is only approximate,
- it is used as part of the "hide unreadable" option. Don't
- use it for anything security sensitive.
-********************************************************************/
-
-static bool user_can_read_file(connection_struct *conn,
-				struct files_struct *dirfsp,
-				struct smb_filename *smb_fname)
-{
-	NTSTATUS status;
-	uint32_t rejected_share_access = 0;
-	uint32_t rejected_mask = 0;
-	struct security_descriptor *sd = NULL;
-	uint32_t access_mask = FILE_READ_DATA|
-				FILE_READ_EA|
-				FILE_READ_ATTRIBUTES|
-				SEC_STD_READ_CONTROL;
-
-	SMB_ASSERT(dirfsp == conn->cwd_fsp);
-
-	/*
-	 * Never hide files from the root user.
-	 * We use (uid_t)0 here not sec_initial_uid()
-	 * as make test uses a single user context.
-	 */
-
-	if (get_current_uid(conn) == (uid_t)0) {
-		return True;
-	}
-
-	/*
-	 * We can't directly use smbd_check_access_rights()
-	 * here, as this implicitly grants FILE_READ_ATTRIBUTES
-	 * which the Windows access-based-enumeration code
-	 * explicitly checks for on the file security descriptor.
-	 * See bug:
-	 *
-	 * https://bugzilla.samba.org/show_bug.cgi?id=10252
-	 *
-	 * and the smb2.acl2.ACCESSBASED test for details.
-	 */
-
-	rejected_share_access = access_mask & ~(conn->share_access);
-	if (rejected_share_access) {
-		DEBUG(10, ("rejected share access 0x%x "
-			"on %s (0x%x)\n",
-			(unsigned int)access_mask,
-			smb_fname_str_dbg(smb_fname),
-			(unsigned int)rejected_share_access ));
-		return false;
-        }
-
-	status = SMB_VFS_GET_NT_ACL_AT(conn,
-			dirfsp,
-			smb_fname,
-			(SECINFO_OWNER |
-			 SECINFO_GROUP |
-			 SECINFO_DACL),
-			talloc_tos(),
-			&sd);
-
-	if (!NT_STATUS_IS_OK(status)) {
-                DEBUG(10, ("Could not get acl "
-			"on %s: %s\n",
-			smb_fname_str_dbg(smb_fname),
-			nt_errstr(status)));
-		return false;
-        }
-
-	status = se_file_access_check(sd,
-				get_current_nttok(conn),
-				false,
-				access_mask,
-				&rejected_mask);
-
-        TALLOC_FREE(sd);
-
-	if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
-		DEBUG(10,("rejected bits 0x%x read access for %s\n",
-			(unsigned int)rejected_mask,
-			smb_fname_str_dbg(smb_fname) ));
-		return false;
-        }
-	return true;
-}
-#endif
-
 /*******************************************************************
  Check to see if a user can read an fsp . This is only approximate,
  it is used as part of the "hide unreadable" option. Don't
-- 
2.47.3