From 7e52f530978c95b464eae87a64965f1f462c4666 Mon Sep 17 00:00:00 2001 From: Olga Kornievskaia Date: Fri, 23 Sep 2011 12:12:45 -0400 Subject: [PATCH] [acls] removing unneeded safety checks --- daemon/acl.c | 15 +++----------- sys/nfs41_driver.c | 50 +++++++++++----------------------------------- 2 files changed, 15 insertions(+), 50 deletions(-) diff --git a/daemon/acl.c b/daemon/acl.c index d5c80a1..57ed0c4 100644 --- a/daemon/acl.c +++ b/daemon/acl.c @@ -34,6 +34,7 @@ #include "upcall.h" #include "nfs41_xdr.h" +//#define DEBUG_ACLS static int parse_getacl(unsigned char *buffer, uint32_t length, nfs41_upcall *upcall) { @@ -122,6 +123,7 @@ static int map_name_2_sid(DWORD *sid_len, PSID *sid, LPCSTR name) "with %d\n", name, GetLastError()); goto out_free_sid; } else { +#ifdef DEBUG_ACLS LPSTR ssid = NULL; if (IsValidSid(*sid)) if (ConvertSidToStringSidA(*sid, &ssid)) @@ -133,6 +135,7 @@ static int map_name_2_sid(DWORD *sid_len, PSID *sid, LPCSTR name) else dprintf(1, "map_name_2_sid: Invalid Sid ?\n"); if (ssid) LocalFree(ssid); +#endif } status = ERROR_SUCCESS; break; @@ -430,12 +433,6 @@ static int parse_setacl(unsigned char *buffer, uint32_t length, status = safe_read(&buffer, &length, &sec_desc_len, sizeof(ULONG)); if (status) goto out; args->sec_desc = (PSECURITY_DESCRIPTOR)buffer; - status = IsValidSecurityDescriptor(args->sec_desc); - if (!status) { - eprintf("parse_setacl: received invalid security descriptor\n"); - status = ERROR_INVALID_PARAMETER; - goto out; - } else status = 0; dprintf(1, "parsing NFS41_ACL_SET: info_class=%d sec_desc_len=%d\n", args->query, sec_desc_len); @@ -543,12 +540,6 @@ static int map_nfs4ace_who(PSID sid, PSID owner_sid, PSID group_sid, char *who_o SID_NAME_USE sid_type; LPSTR tmp_buf = NULL, who = NULL; - status = IsValidSid(sid); - if (!status) { - eprintf("map_dacl_2_nfs4acl: invalid sid\n"); - status = GetLastError(); - goto out; - } /* for ace mapping, we want to map owner's sid into "owner@" * but for set_owner attribute we want to map owner into a user name * same applies to group diff --git a/sys/nfs41_driver.c b/sys/nfs41_driver.c index abdb521..16e98c4 100644 --- a/sys/nfs41_driver.c +++ b/sys/nfs41_driver.c @@ -3977,29 +3977,16 @@ NTSTATUS nfs41_QuerySecurityInformation ( DbgP("CurrentTime %x Saved Acl time %x\n", current_time.QuadPart, nfs41_fobx->time.QuadPart); if (current_time.QuadPart - nfs41_fobx->time.QuadPart <= 20*1000) { - if (RtlValidSecurityDescriptor(nfs41_fobx->acl)) { - DbgP("Received a valid security descriptor\n"); - if (MmIsAddressValid(RxContext->CurrentIrp->UserBuffer)) { - PSECURITY_DESCRIPTOR sec_desc = (PSECURITY_DESCRIPTOR) - RxContext->CurrentIrp->UserBuffer; - DbgP("Received a valid user pointer\n"); - RtlCopyMemory(sec_desc, nfs41_fobx->acl, nfs41_fobx->acl_len); - RxContext->IoStatusBlock.Information = - RxContext->InformationToReturn = nfs41_fobx->acl_len; - RxContext->IoStatusBlock.Status = status = STATUS_SUCCESS; + PSECURITY_DESCRIPTOR sec_desc = (PSECURITY_DESCRIPTOR) + RxContext->CurrentIrp->UserBuffer; + RtlCopyMemory(sec_desc, nfs41_fobx->acl, nfs41_fobx->acl_len); + RxContext->IoStatusBlock.Information = + RxContext->InformationToReturn = nfs41_fobx->acl_len; + RxContext->IoStatusBlock.Status = status = STATUS_SUCCESS; #ifdef ENABLE_TIMINGS - InterlockedIncrement(&getacl.sops); - InterlockedAdd64(&getacl.size, nfs41_fobx->acl_len); + InterlockedIncrement(&getacl.sops); + InterlockedAdd64(&getacl.size, nfs41_fobx->acl_len); #endif - } else { - DbgP("Received invalid user pointer\n"); - status = STATUS_INTERNAL_ERROR; - goto out; - } - } else { - DbgP("Invalid saved security descriptor, do an upcall\n"); - status = STATUS_INTERNAL_ERROR; - } } RxFreePool(nfs41_fobx->acl); nfs41_fobx->acl = NULL; @@ -4037,21 +4024,9 @@ NTSTATUS nfs41_QuerySecurityInformation ( nfs41_fobx->acl_len = entry->u.Acl.buf_len; KeQuerySystemTime(&nfs41_fobx->time); } else if (entry->status == STATUS_SUCCESS) { - if (RtlValidSecurityDescriptor(entry->u.Acl.buf)) { - DbgP("Received a valid security descriptor\n"); - if (MmIsAddressValid(RxContext->CurrentIrp->UserBuffer)) { - PSECURITY_DESCRIPTOR sec_desc = (PSECURITY_DESCRIPTOR) - RxContext->CurrentIrp->UserBuffer; - DbgP("Received a valid user pointer\n"); - RtlCopyMemory(sec_desc, entry->u.Acl.buf, entry->u.Acl.buf_len); - } else { - DbgP("Received invalid user pointer\n"); - status = STATUS_INTERNAL_ERROR; - } - } else { - DbgP("Received invalid security descriptor\n"); - status = STATUS_INTERNAL_ERROR; - } + PSECURITY_DESCRIPTOR sec_desc = (PSECURITY_DESCRIPTOR) + RxContext->CurrentIrp->UserBuffer; + RtlCopyMemory(sec_desc, entry->u.Acl.buf, entry->u.Acl.buf_len); #ifdef ENABLE_TIMINGS InterlockedIncrement(&getacl.sops); InterlockedAdd64(&getacl.size, entry->u.Acl.buf_len); @@ -4061,8 +4036,7 @@ NTSTATUS nfs41_QuerySecurityInformation ( nfs41_fobx->acl_len = 0; RxContext->IoStatusBlock.Information = RxContext->InformationToReturn = entry->u.Acl.buf_len; - if (!status) - RxContext->IoStatusBlock.Status = status = STATUS_SUCCESS; + RxContext->IoStatusBlock.Status = status = STATUS_SUCCESS; } else { status = map_query_acl_error(entry->status); }