[acls] removing unneeded safety checks

daemon/acl.c

@@ -34,6 +34,7 @@
 #include "upcall.h"
 #include "nfs41_xdr.h"
 
+//#define DEBUG_ACLS
 static int parse_getacl(unsigned char *buffer, uint32_t length, 
                         nfs41_upcall *upcall)
 {
@@ -122,6 +123,7 @@ static int map_name_2_sid(DWORD *sid_len, PSID *sid, LPCSTR name)
                     "with %d\n", name, GetLastError());
             goto out_free_sid;
         } else {
+#ifdef DEBUG_ACLS
             LPSTR ssid = NULL;
             if (IsValidSid(*sid))
                 if (ConvertSidToStringSidA(*sid, &ssid))
@@ -133,6 +135,7 @@ static int map_name_2_sid(DWORD *sid_len, PSID *sid, LPCSTR name)
             else
                 dprintf(1, "map_name_2_sid: Invalid Sid ?\n");
             if (ssid) LocalFree(ssid);
+#endif
         }
         status = ERROR_SUCCESS;
         break;
@@ -430,12 +433,6 @@ static int parse_setacl(unsigned char *buffer, uint32_t length,
     status = safe_read(&buffer, &length, &sec_desc_len, sizeof(ULONG));
     if (status) goto out;
     args->sec_desc = (PSECURITY_DESCRIPTOR)buffer;
-    status = IsValidSecurityDescriptor(args->sec_desc);
-    if (!status) {
-        eprintf("parse_setacl: received invalid security descriptor\n");
-        status = ERROR_INVALID_PARAMETER;
-        goto out;
-    } else status = 0;
 
     dprintf(1, "parsing NFS41_ACL_SET: info_class=%d sec_desc_len=%d\n", 
             args->query, sec_desc_len);
@@ -543,12 +540,6 @@ static int map_nfs4ace_who(PSID sid, PSID owner_sid, PSID group_sid, char *who_o
     SID_NAME_USE sid_type;
     LPSTR tmp_buf = NULL, who = NULL;
 
-    status = IsValidSid(sid);
-    if (!status) {
-        eprintf("map_dacl_2_nfs4acl: invalid sid\n");
-        status = GetLastError();
-        goto out;
-    }
     /* for ace mapping, we want to map owner's sid into "owner@" 
      * but for set_owner attribute we want to map owner into a user name
      * same applies to group

sys/nfs41_driver.c

@@ -3977,29 +3977,16 @@ NTSTATUS nfs41_QuerySecurityInformation (
         DbgP("CurrentTime %x Saved Acl time %x\n", 
             current_time.QuadPart, nfs41_fobx->time.QuadPart);
         if (current_time.QuadPart - nfs41_fobx->time.QuadPart <= 20*1000) {         
-            if (RtlValidSecurityDescriptor(nfs41_fobx->acl)) {
+            PSECURITY_DESCRIPTOR sec_desc = (PSECURITY_DESCRIPTOR)
-                DbgP("Received a valid security descriptor\n");
+                RxContext->CurrentIrp->UserBuffer;
-                if (MmIsAddressValid(RxContext->CurrentIrp->UserBuffer)) {
+            RtlCopyMemory(sec_desc, nfs41_fobx->acl, nfs41_fobx->acl_len); 
-                    PSECURITY_DESCRIPTOR sec_desc = (PSECURITY_DESCRIPTOR)
+            RxContext->IoStatusBlock.Information = 
-                        RxContext->CurrentIrp->UserBuffer;
+                RxContext->InformationToReturn = nfs41_fobx->acl_len;
-                    DbgP("Received a valid user pointer\n");
+            RxContext->IoStatusBlock.Status = status = STATUS_SUCCESS;
-                    RtlCopyMemory(sec_desc, nfs41_fobx->acl, nfs41_fobx->acl_len); 
-                    RxContext->IoStatusBlock.Information = 
-                        RxContext->InformationToReturn = nfs41_fobx->acl_len;
-                    RxContext->IoStatusBlock.Status = status = STATUS_SUCCESS;
 #ifdef ENABLE_TIMINGS
-                    InterlockedIncrement(&getacl.sops);
+            InterlockedIncrement(&getacl.sops);
-                    InterlockedAdd64(&getacl.size, nfs41_fobx->acl_len);
+            InterlockedAdd64(&getacl.size, nfs41_fobx->acl_len);
 #endif
-                } else {
-                    DbgP("Received invalid user pointer\n");
-                    status = STATUS_INTERNAL_ERROR;
-                    goto out;
-                }
-            } else {
-                DbgP("Invalid saved security descriptor, do an upcall\n");
-                status = STATUS_INTERNAL_ERROR;
-            }
         }
         RxFreePool(nfs41_fobx->acl);
         nfs41_fobx->acl = NULL;
@@ -4037,21 +4024,9 @@ NTSTATUS nfs41_QuerySecurityInformation (
         nfs41_fobx->acl_len = entry->u.Acl.buf_len;
         KeQuerySystemTime(&nfs41_fobx->time);
     } else if (entry->status == STATUS_SUCCESS) {
-        if (RtlValidSecurityDescriptor(entry->u.Acl.buf)) {
+        PSECURITY_DESCRIPTOR sec_desc = (PSECURITY_DESCRIPTOR)
-            DbgP("Received a valid security descriptor\n");
+            RxContext->CurrentIrp->UserBuffer;
-            if (MmIsAddressValid(RxContext->CurrentIrp->UserBuffer)) {
+        RtlCopyMemory(sec_desc, entry->u.Acl.buf, entry->u.Acl.buf_len); 
-                PSECURITY_DESCRIPTOR sec_desc = (PSECURITY_DESCRIPTOR)
-                    RxContext->CurrentIrp->UserBuffer;
-                DbgP("Received a valid user pointer\n");
-                RtlCopyMemory(sec_desc, entry->u.Acl.buf, entry->u.Acl.buf_len); 
-            } else {
-                DbgP("Received invalid user pointer\n");
-                status = STATUS_INTERNAL_ERROR;
-            }
-        } else {
-            DbgP("Received invalid security descriptor\n");
-            status = STATUS_INTERNAL_ERROR;
-        }
 #ifdef ENABLE_TIMINGS
         InterlockedIncrement(&getacl.sops);
         InterlockedAdd64(&getacl.size, entry->u.Acl.buf_len);
@@ -4061,8 +4036,7 @@ NTSTATUS nfs41_QuerySecurityInformation (
         nfs41_fobx->acl_len = 0;
         RxContext->IoStatusBlock.Information = RxContext->InformationToReturn = 
             entry->u.Acl.buf_len;
-        if (!status)
+        RxContext->IoStatusBlock.Status = status = STATUS_SUCCESS;
-            RxContext->IoStatusBlock.Status = status = STATUS_SUCCESS;
     } else {
         status = map_query_acl_error(entry->status);
     }