[acls] removing unneeded safety checks

2011-09-23 12:12:45 -04:00 · 2011-09-23 12:12:45 -04:00 · 7e52f53097
commit 7e52f53097
parent 3295a9da05
2 changed files with 15 additions and 50 deletions
--- a/daemon/acl.c
+++ b/daemon/acl.c
@ -34,6 +34,7 @@
 #include "upcall.h"
 #include "nfs41_xdr.h"

+//#define DEBUG_ACLS
 static int parse_getacl(unsigned char *buffer, uint32_t length, 
                        nfs41_upcall *upcall)
 {
@ -122,6 +123,7 @@ static int map_name_2_sid(DWORD *sid_len, PSID *sid, LPCSTR name)
                    "with %d\n", name, GetLastError());
            goto out_free_sid;
        } else {
+#ifdef DEBUG_ACLS
            LPSTR ssid = NULL;
            if (IsValidSid(*sid))
                if (ConvertSidToStringSidA(*sid, &ssid))
@ -133,6 +135,7 @@ static int map_name_2_sid(DWORD *sid_len, PSID *sid, LPCSTR name)
            else
                dprintf(1, "map_name_2_sid: Invalid Sid ?\n");
            if (ssid) LocalFree(ssid);
+#endif
        }
        status = ERROR_SUCCESS;
        break;
@ -430,12 +433,6 @@ static int parse_setacl(unsigned char *buffer, uint32_t length,
    status = safe_read(&buffer, &length, &sec_desc_len, sizeof(ULONG));
    if (status) goto out;
    args->sec_desc = (PSECURITY_DESCRIPTOR)buffer;
-    status = IsValidSecurityDescriptor(args->sec_desc);
-    if (!status) {
-        eprintf("parse_setacl: received invalid security descriptor\n");
-        status = ERROR_INVALID_PARAMETER;
-        goto out;
-    } else status = 0;

    dprintf(1, "parsing NFS41_ACL_SET: info_class=%d sec_desc_len=%d\n", 
            args->query, sec_desc_len);
@ -543,12 +540,6 @@ static int map_nfs4ace_who(PSID sid, PSID owner_sid, PSID group_sid, char *who_o
    SID_NAME_USE sid_type;
    LPSTR tmp_buf = NULL, who = NULL;

-    status = IsValidSid(sid);
-    if (!status) {
-        eprintf("map_dacl_2_nfs4acl: invalid sid\n");
-        status = GetLastError();
-        goto out;
-    }
    /* for ace mapping, we want to map owner's sid into "owner@" 
     * but for set_owner attribute we want to map owner into a user name
     * same applies to group
--- a/sys/nfs41_driver.c
+++ b/sys/nfs41_driver.c
@ -3977,29 +3977,16 @@ NTSTATUS nfs41_QuerySecurityInformation (
        DbgP("CurrentTime %x Saved Acl time %x\n", 
            current_time.QuadPart, nfs41_fobx->time.QuadPart);
        if (current_time.QuadPart - nfs41_fobx->time.QuadPart <= 20*1000) {         
-            if (RtlValidSecurityDescriptor(nfs41_fobx->acl)) {
-                DbgP("Received a valid security descriptor\n");
-                if (MmIsAddressValid(RxContext->CurrentIrp->UserBuffer)) {
-                    PSECURITY_DESCRIPTOR sec_desc = (PSECURITY_DESCRIPTOR)
-                        RxContext->CurrentIrp->UserBuffer;
-                    DbgP("Received a valid user pointer\n");
-                    RtlCopyMemory(sec_desc, nfs41_fobx->acl, nfs41_fobx->acl_len); 
-                    RxContext->IoStatusBlock.Information = 
-                        RxContext->InformationToReturn = nfs41_fobx->acl_len;
-                    RxContext->IoStatusBlock.Status = status = STATUS_SUCCESS;
+            PSECURITY_DESCRIPTOR sec_desc = (PSECURITY_DESCRIPTOR)
+                RxContext->CurrentIrp->UserBuffer;
+            RtlCopyMemory(sec_desc, nfs41_fobx->acl, nfs41_fobx->acl_len); 
+            RxContext->IoStatusBlock.Information = 
+                RxContext->InformationToReturn = nfs41_fobx->acl_len;
+            RxContext->IoStatusBlock.Status = status = STATUS_SUCCESS;
 #ifdef ENABLE_TIMINGS
-                    InterlockedIncrement(&getacl.sops);
-                    InterlockedAdd64(&getacl.size, nfs41_fobx->acl_len);
+            InterlockedIncrement(&getacl.sops);
+            InterlockedAdd64(&getacl.size, nfs41_fobx->acl_len);
 #endif
-                } else {
-                    DbgP("Received invalid user pointer\n");
-                    status = STATUS_INTERNAL_ERROR;
-                    goto out;
-                }
-            } else {
-                DbgP("Invalid saved security descriptor, do an upcall\n");
-                status = STATUS_INTERNAL_ERROR;
-            }
        }
        RxFreePool(nfs41_fobx->acl);
        nfs41_fobx->acl = NULL;
@ -4037,21 +4024,9 @@ NTSTATUS nfs41_QuerySecurityInformation (
        nfs41_fobx->acl_len = entry->u.Acl.buf_len;
        KeQuerySystemTime(&nfs41_fobx->time);
    } else if (entry->status == STATUS_SUCCESS) {
-        if (RtlValidSecurityDescriptor(entry->u.Acl.buf)) {
-            DbgP("Received a valid security descriptor\n");
-            if (MmIsAddressValid(RxContext->CurrentIrp->UserBuffer)) {
-                PSECURITY_DESCRIPTOR sec_desc = (PSECURITY_DESCRIPTOR)
-                    RxContext->CurrentIrp->UserBuffer;
-                DbgP("Received a valid user pointer\n");
-                RtlCopyMemory(sec_desc, entry->u.Acl.buf, entry->u.Acl.buf_len); 
-            } else {
-                DbgP("Received invalid user pointer\n");
-                status = STATUS_INTERNAL_ERROR;
-            }
-        } else {
-            DbgP("Received invalid security descriptor\n");
-            status = STATUS_INTERNAL_ERROR;
-        }
+        PSECURITY_DESCRIPTOR sec_desc = (PSECURITY_DESCRIPTOR)
+            RxContext->CurrentIrp->UserBuffer;
+        RtlCopyMemory(sec_desc, entry->u.Acl.buf, entry->u.Acl.buf_len); 
 #ifdef ENABLE_TIMINGS
        InterlockedIncrement(&getacl.sops);
        InterlockedAdd64(&getacl.size, entry->u.Acl.buf_len);
@ -4061,8 +4036,7 @@ NTSTATUS nfs41_QuerySecurityInformation (
        nfs41_fobx->acl_len = 0;
        RxContext->IoStatusBlock.Information = RxContext->InformationToReturn = 
            entry->u.Acl.buf_len;
-        if (!status)
-            RxContext->IoStatusBlock.Status = status = STATUS_SUCCESS;
+        RxContext->IoStatusBlock.Status = status = STATUS_SUCCESS;
    } else {
        status = map_query_acl_error(entry->status);
    }