From d7f4bb57f2718aaf191591769a4e93c09968b762 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 29 Apr 2020 15:18:57 -0700 Subject: [PATCH] s3: smbd: Cleanup - move the function get_nt_acl_no_snum() to it's user module. Make static. It was only called from one place. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- source3/rpc_server/eventlog/srv_eventlog_nt.c | 61 +++++++++++++++++++ source3/smbd/posix_acls.c | 61 ------------------- source3/smbd/proto.h | 5 -- 3 files changed, 61 insertions(+), 66 deletions(-) diff --git a/source3/rpc_server/eventlog/srv_eventlog_nt.c b/source3/rpc_server/eventlog/srv_eventlog_nt.c index a444967586b..21477b6a666 100644 --- a/source3/rpc_server/eventlog/srv_eventlog_nt.c +++ b/source3/rpc_server/eventlog/srv_eventlog_nt.c @@ -80,6 +80,67 @@ static EVENTLOG_INFO *find_eventlog_info_by_hnd( struct pipes_struct * p, return info; } +/******************************************************************** + Pull the NT ACL from a file on disk or the OpenEventlog() access + check. Caller is responsible for freeing the returned security + descriptor via TALLOC_FREE(). This is designed for dealing with + user space access checks in smbd outside of the VFS. For example, + checking access rights in OpenEventlog() or from python. + +********************************************************************/ + +static NTSTATUS get_nt_acl_no_snum(TALLOC_CTX *ctx, + struct auth_session_info *session_info, + const char *fname, + uint32_t security_info_wanted, + struct security_descriptor **sd) +{ + TALLOC_CTX *frame = talloc_stackframe(); + struct conn_struct_tos *c = NULL; + NTSTATUS status = NT_STATUS_OK; + struct smb_filename *smb_fname = synthetic_smb_fname(talloc_tos(), + fname, + NULL, + NULL, + 0); + + if (smb_fname == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } + + if (!posix_locking_init(false)) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } + + status = create_conn_struct_tos(global_messaging_context(), + -1, + "/", + session_info, + &c); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("create_conn_struct returned %s.\n", + nt_errstr(status))); + TALLOC_FREE(frame); + return status; + } + + status = SMB_VFS_GET_NT_ACL(c->conn, + smb_fname, + security_info_wanted, + ctx, + sd); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("get_nt_acl_no_snum: SMB_VFS_GET_NT_ACL returned %s.\n", + nt_errstr(status))); + } + + TALLOC_FREE(frame); + + return status; +} + /******************************************************************** ********************************************************************/ diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index c7356f96736..6fbec943b0e 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -4627,67 +4627,6 @@ NTSTATUS set_unix_posix_acl(connection_struct *conn, return NT_STATUS_OK; } -/******************************************************************** - Pull the NT ACL from a file on disk or the OpenEventlog() access - check. Caller is responsible for freeing the returned security - descriptor via TALLOC_FREE(). This is designed for dealing with - user space access checks in smbd outside of the VFS. For example, - checking access rights in OpenEventlog() or from python. - -********************************************************************/ - -NTSTATUS get_nt_acl_no_snum(TALLOC_CTX *ctx, - struct auth_session_info *session_info, - const char *fname, - uint32_t security_info_wanted, - struct security_descriptor **sd) -{ - TALLOC_CTX *frame = talloc_stackframe(); - struct conn_struct_tos *c = NULL; - NTSTATUS status = NT_STATUS_OK; - struct smb_filename *smb_fname = synthetic_smb_fname(talloc_tos(), - fname, - NULL, - NULL, - 0); - - if (smb_fname == NULL) { - TALLOC_FREE(frame); - return NT_STATUS_NO_MEMORY; - } - - if (!posix_locking_init(false)) { - TALLOC_FREE(frame); - return NT_STATUS_NO_MEMORY; - } - - status = create_conn_struct_tos(global_messaging_context(), - -1, - "/", - session_info, - &c); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("create_conn_struct returned %s.\n", - nt_errstr(status))); - TALLOC_FREE(frame); - return status; - } - - status = SMB_VFS_GET_NT_ACL(c->conn, - smb_fname, - security_info_wanted, - ctx, - sd); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("get_nt_acl_no_snum: SMB_VFS_GET_NT_ACL returned %s.\n", - nt_errstr(status))); - } - - TALLOC_FREE(frame); - - return status; -} - int posix_sys_acl_blob_get_file(vfs_handle_struct *handle, const struct smb_filename *smb_fname_in, TALLOC_CTX *mem_ctx, diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 1bc199b32de..3d9ffaa6898 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -837,11 +837,6 @@ NTSTATUS set_unix_posix_default_acl(connection_struct *conn, NTSTATUS set_unix_posix_acl(connection_struct *conn, files_struct *fsp, uint16_t num_acls, const char *pdata); -NTSTATUS get_nt_acl_no_snum(TALLOC_CTX *ctx, - struct auth_session_info *session_info, - const char *fname, - uint32_t security_info_wanted, - struct security_descriptor **sd); int posix_sys_acl_blob_get_file(vfs_handle_struct *handle, const struct smb_filename *smb_fname, TALLOC_CTX *mem_ctx, -- 2.47.3