* [PATCH] remove posix_acl_masq_nfs_mode
@ 2004-09-07 14:34 Christoph Hellwig
0 siblings, 0 replies; only message in thread
From: Christoph Hellwig @ 2004-09-07 14:34 UTC (permalink / raw)
To: akpm, agruen; +Cc: linux-fsdevel
completely unused but exported function in fs/posix_acl.c
--- 1.1/fs/posix_acl.c 2002-10-31 08:27:40 +01:00
+++ edited/fs/posix_acl.c 2004-09-07 14:01:44 +02:00
@@ -29,7 +29,6 @@
EXPORT_SYMBOL(posix_acl_from_mode);
EXPORT_SYMBOL(posix_acl_create_masq);
EXPORT_SYMBOL(posix_acl_chmod_masq);
-EXPORT_SYMBOL(posix_acl_masq_nfs_mode);
EXPORT_SYMBOL(posix_acl_permission);
/*
@@ -377,47 +376,6 @@
return -EIO;
group_obj->e_perm = (mode & S_IRWXG) >> 3;
}
-
- return 0;
-}
-
-/*
- * Adjust the mode parameter so that NFSv2 grants nobody permissions
- * that may not be granted by the ACL. This is necessary because NFSv2
- * may compute access permissions on the client side, and may serve cached
- * data whenever it assumes access would be granted. Since ACLs may also
- * be used to deny access to specific users, the minimal permissions
- * for secure operation over NFSv2 are very restrictive. Permissions
- * granted to users via Access Control Lists will not be effective over
- * NFSv2.
- *
- * Privilege escalation can only happen for read operations, as writes are
- * always carried out on the NFS server, where the proper access checks are
- * implemented.
- */
-int
-posix_acl_masq_nfs_mode(struct posix_acl *acl, mode_t *mode_p)
-{
- struct posix_acl_entry *pa, *pe; int min_perm = S_IRWXO;
-
- FOREACH_ACL_ENTRY(pa, acl, pe) {
- switch(pa->e_tag) {
- case ACL_USER_OBJ:
- break;
-
- case ACL_USER:
- case ACL_GROUP_OBJ:
- case ACL_GROUP:
- case ACL_MASK:
- case ACL_OTHER:
- min_perm &= pa->e_perm;
- break;
-
- default:
- return -EIO;
- }
- }
- *mode_p = (*mode_p & ~(S_IRWXG|S_IRWXO)) | (min_perm << 3) | min_perm;
return 0;
}
--- 1.1/include/linux/posix_acl.h 2002-10-31 08:27:40 +01:00
+++ edited/include/linux/posix_acl.h 2004-09-07 14:01:32 +02:00
@@ -79,7 +79,6 @@
extern int posix_acl_equiv_mode(const struct posix_acl *, mode_t *);
extern int posix_acl_create_masq(struct posix_acl *, mode_t *);
extern int posix_acl_chmod_masq(struct posix_acl *, mode_t);
-extern int posix_acl_masq_nfs_mode(struct posix_acl *, mode_t *);
extern struct posix_acl *get_posix_acl(struct inode *, int);
extern int set_posix_acl(struct inode *, int, struct posix_acl *);
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2004-09-07 14:34 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-09-07 14:34 [PATCH] remove posix_acl_masq_nfs_mode Christoph Hellwig
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).