[acls] removing unneeded safety checks
This commit is contained in:
Olga Kornievskaia
parent
3295a9da05
commit
7e52f53097
2 changed files with 15 additions and 50 deletions
15
daemon/acl.c
15
daemon/acl.c
|
|
@ -34,6 +34,7 @@
|
||||||
#include "upcall.h"
|
#include "upcall.h"
|
||||||
#include "nfs41_xdr.h"
|
#include "nfs41_xdr.h"
|
||||||
|
|
||||||
|
//#define DEBUG_ACLS
|
||||||
static int parse_getacl(unsigned char *buffer, uint32_t length,
|
static int parse_getacl(unsigned char *buffer, uint32_t length,
|
||||||
nfs41_upcall *upcall)
|
nfs41_upcall *upcall)
|
||||||
{
|
{
|
||||||
|
|
@ -122,6 +123,7 @@ static int map_name_2_sid(DWORD *sid_len, PSID *sid, LPCSTR name)
|
||||||
"with %d\n", name, GetLastError());
|
"with %d\n", name, GetLastError());
|
||||||
goto out_free_sid;
|
goto out_free_sid;
|
||||||
} else {
|
} else {
|
||||||
|
#ifdef DEBUG_ACLS
|
||||||
LPSTR ssid = NULL;
|
LPSTR ssid = NULL;
|
||||||
if (IsValidSid(*sid))
|
if (IsValidSid(*sid))
|
||||||
if (ConvertSidToStringSidA(*sid, &ssid))
|
if (ConvertSidToStringSidA(*sid, &ssid))
|
||||||
|
|
@ -133,6 +135,7 @@ static int map_name_2_sid(DWORD *sid_len, PSID *sid, LPCSTR name)
|
||||||
else
|
else
|
||||||
dprintf(1, "map_name_2_sid: Invalid Sid ?\n");
|
dprintf(1, "map_name_2_sid: Invalid Sid ?\n");
|
||||||
if (ssid) LocalFree(ssid);
|
if (ssid) LocalFree(ssid);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
status = ERROR_SUCCESS;
|
status = ERROR_SUCCESS;
|
||||||
break;
|
break;
|
||||||
|
|
@ -430,12 +433,6 @@ static int parse_setacl(unsigned char *buffer, uint32_t length,
|
||||||
status = safe_read(&buffer, &length, &sec_desc_len, sizeof(ULONG));
|
status = safe_read(&buffer, &length, &sec_desc_len, sizeof(ULONG));
|
||||||
if (status) goto out;
|
if (status) goto out;
|
||||||
args->sec_desc = (PSECURITY_DESCRIPTOR)buffer;
|
args->sec_desc = (PSECURITY_DESCRIPTOR)buffer;
|
||||||
status = IsValidSecurityDescriptor(args->sec_desc);
|
|
||||||
if (!status) {
|
|
||||||
eprintf("parse_setacl: received invalid security descriptor\n");
|
|
||||||
status = ERROR_INVALID_PARAMETER;
|
|
||||||
goto out;
|
|
||||||
} else status = 0;
|
|
||||||
|
|
||||||
dprintf(1, "parsing NFS41_ACL_SET: info_class=%d sec_desc_len=%d\n",
|
dprintf(1, "parsing NFS41_ACL_SET: info_class=%d sec_desc_len=%d\n",
|
||||||
args->query, sec_desc_len);
|
args->query, sec_desc_len);
|
||||||
|
|
@ -543,12 +540,6 @@ static int map_nfs4ace_who(PSID sid, PSID owner_sid, PSID group_sid, char *who_o
|
||||||
SID_NAME_USE sid_type;
|
SID_NAME_USE sid_type;
|
||||||
LPSTR tmp_buf = NULL, who = NULL;
|
LPSTR tmp_buf = NULL, who = NULL;
|
||||||
|
|
||||||
status = IsValidSid(sid);
|
|
||||||
if (!status) {
|
|
||||||
eprintf("map_dacl_2_nfs4acl: invalid sid\n");
|
|
||||||
status = GetLastError();
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
/* for ace mapping, we want to map owner's sid into "owner@"
|
/* for ace mapping, we want to map owner's sid into "owner@"
|
||||||
* but for set_owner attribute we want to map owner into a user name
|
* but for set_owner attribute we want to map owner into a user name
|
||||||
* same applies to group
|
* same applies to group
|
||||||
|
|
|
||||||
|
|
@ -3977,12 +3977,8 @@ NTSTATUS nfs41_QuerySecurityInformation (
|
||||||
DbgP("CurrentTime %x Saved Acl time %x\n",
|
DbgP("CurrentTime %x Saved Acl time %x\n",
|
||||||
current_time.QuadPart, nfs41_fobx->time.QuadPart);
|
current_time.QuadPart, nfs41_fobx->time.QuadPart);
|
||||||
if (current_time.QuadPart - nfs41_fobx->time.QuadPart <= 20*1000) {
|
if (current_time.QuadPart - nfs41_fobx->time.QuadPart <= 20*1000) {
|
||||||
if (RtlValidSecurityDescriptor(nfs41_fobx->acl)) {
|
|
||||||
DbgP("Received a valid security descriptor\n");
|
|
||||||
if (MmIsAddressValid(RxContext->CurrentIrp->UserBuffer)) {
|
|
||||||
PSECURITY_DESCRIPTOR sec_desc = (PSECURITY_DESCRIPTOR)
|
PSECURITY_DESCRIPTOR sec_desc = (PSECURITY_DESCRIPTOR)
|
||||||
RxContext->CurrentIrp->UserBuffer;
|
RxContext->CurrentIrp->UserBuffer;
|
||||||
DbgP("Received a valid user pointer\n");
|
|
||||||
RtlCopyMemory(sec_desc, nfs41_fobx->acl, nfs41_fobx->acl_len);
|
RtlCopyMemory(sec_desc, nfs41_fobx->acl, nfs41_fobx->acl_len);
|
||||||
RxContext->IoStatusBlock.Information =
|
RxContext->IoStatusBlock.Information =
|
||||||
RxContext->InformationToReturn = nfs41_fobx->acl_len;
|
RxContext->InformationToReturn = nfs41_fobx->acl_len;
|
||||||
|
|
@ -3991,15 +3987,6 @@ NTSTATUS nfs41_QuerySecurityInformation (
|
||||||
InterlockedIncrement(&getacl.sops);
|
InterlockedIncrement(&getacl.sops);
|
||||||
InterlockedAdd64(&getacl.size, nfs41_fobx->acl_len);
|
InterlockedAdd64(&getacl.size, nfs41_fobx->acl_len);
|
||||||
#endif
|
#endif
|
||||||
} else {
|
|
||||||
DbgP("Received invalid user pointer\n");
|
|
||||||
status = STATUS_INTERNAL_ERROR;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
DbgP("Invalid saved security descriptor, do an upcall\n");
|
|
||||||
status = STATUS_INTERNAL_ERROR;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
RxFreePool(nfs41_fobx->acl);
|
RxFreePool(nfs41_fobx->acl);
|
||||||
nfs41_fobx->acl = NULL;
|
nfs41_fobx->acl = NULL;
|
||||||
|
|
@ -4037,21 +4024,9 @@ NTSTATUS nfs41_QuerySecurityInformation (
|
||||||
nfs41_fobx->acl_len = entry->u.Acl.buf_len;
|
nfs41_fobx->acl_len = entry->u.Acl.buf_len;
|
||||||
KeQuerySystemTime(&nfs41_fobx->time);
|
KeQuerySystemTime(&nfs41_fobx->time);
|
||||||
} else if (entry->status == STATUS_SUCCESS) {
|
} else if (entry->status == STATUS_SUCCESS) {
|
||||||
if (RtlValidSecurityDescriptor(entry->u.Acl.buf)) {
|
|
||||||
DbgP("Received a valid security descriptor\n");
|
|
||||||
if (MmIsAddressValid(RxContext->CurrentIrp->UserBuffer)) {
|
|
||||||
PSECURITY_DESCRIPTOR sec_desc = (PSECURITY_DESCRIPTOR)
|
PSECURITY_DESCRIPTOR sec_desc = (PSECURITY_DESCRIPTOR)
|
||||||
RxContext->CurrentIrp->UserBuffer;
|
RxContext->CurrentIrp->UserBuffer;
|
||||||
DbgP("Received a valid user pointer\n");
|
|
||||||
RtlCopyMemory(sec_desc, entry->u.Acl.buf, entry->u.Acl.buf_len);
|
RtlCopyMemory(sec_desc, entry->u.Acl.buf, entry->u.Acl.buf_len);
|
||||||
} else {
|
|
||||||
DbgP("Received invalid user pointer\n");
|
|
||||||
status = STATUS_INTERNAL_ERROR;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
DbgP("Received invalid security descriptor\n");
|
|
||||||
status = STATUS_INTERNAL_ERROR;
|
|
||||||
}
|
|
||||||
#ifdef ENABLE_TIMINGS
|
#ifdef ENABLE_TIMINGS
|
||||||
InterlockedIncrement(&getacl.sops);
|
InterlockedIncrement(&getacl.sops);
|
||||||
InterlockedAdd64(&getacl.size, entry->u.Acl.buf_len);
|
InterlockedAdd64(&getacl.size, entry->u.Acl.buf_len);
|
||||||
|
|
@ -4061,7 +4036,6 @@ NTSTATUS nfs41_QuerySecurityInformation (
|
||||||
nfs41_fobx->acl_len = 0;
|
nfs41_fobx->acl_len = 0;
|
||||||
RxContext->IoStatusBlock.Information = RxContext->InformationToReturn =
|
RxContext->IoStatusBlock.Information = RxContext->InformationToReturn =
|
||||||
entry->u.Acl.buf_len;
|
entry->u.Acl.buf_len;
|
||||||
if (!status)
|
|
||||||
RxContext->IoStatusBlock.Status = status = STATUS_SUCCESS;
|
RxContext->IoStatusBlock.Status = status = STATUS_SUCCESS;
|
||||||
} else {
|
} else {
|
||||||
status = map_query_acl_error(entry->status);
|
status = map_query_acl_error(entry->status);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue