Commit abbb0399 authored by Christoph Hellwig's avatar Christoph Hellwig Committed by Linus Torvalds

[PATCH] remove posix_acl_masq_nfs_mode

Completely unused but exported function in fs/posix_acl.c
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 8704c669
...@@ -29,7 +29,6 @@ EXPORT_SYMBOL(posix_acl_equiv_mode); ...@@ -29,7 +29,6 @@ EXPORT_SYMBOL(posix_acl_equiv_mode);
EXPORT_SYMBOL(posix_acl_from_mode); EXPORT_SYMBOL(posix_acl_from_mode);
EXPORT_SYMBOL(posix_acl_create_masq); EXPORT_SYMBOL(posix_acl_create_masq);
EXPORT_SYMBOL(posix_acl_chmod_masq); EXPORT_SYMBOL(posix_acl_chmod_masq);
EXPORT_SYMBOL(posix_acl_masq_nfs_mode);
EXPORT_SYMBOL(posix_acl_permission); EXPORT_SYMBOL(posix_acl_permission);
/* /*
...@@ -380,44 +379,3 @@ posix_acl_chmod_masq(struct posix_acl *acl, mode_t mode) ...@@ -380,44 +379,3 @@ posix_acl_chmod_masq(struct posix_acl *acl, mode_t mode)
return 0; return 0;
} }
/*
* Adjust the mode parameter so that NFSv2 grants nobody permissions
* that may not be granted by the ACL. This is necessary because NFSv2
* may compute access permissions on the client side, and may serve cached
* data whenever it assumes access would be granted. Since ACLs may also
* be used to deny access to specific users, the minimal permissions
* for secure operation over NFSv2 are very restrictive. Permissions
* granted to users via Access Control Lists will not be effective over
* NFSv2.
*
* Privilege escalation can only happen for read operations, as writes are
* always carried out on the NFS server, where the proper access checks are
* implemented.
*/
int
posix_acl_masq_nfs_mode(struct posix_acl *acl, mode_t *mode_p)
{
struct posix_acl_entry *pa, *pe; int min_perm = S_IRWXO;
FOREACH_ACL_ENTRY(pa, acl, pe) {
switch(pa->e_tag) {
case ACL_USER_OBJ:
break;
case ACL_USER:
case ACL_GROUP_OBJ:
case ACL_GROUP:
case ACL_MASK:
case ACL_OTHER:
min_perm &= pa->e_perm;
break;
default:
return -EIO;
}
}
*mode_p = (*mode_p & ~(S_IRWXG|S_IRWXO)) | (min_perm << 3) | min_perm;
return 0;
}
...@@ -79,7 +79,6 @@ extern struct posix_acl *posix_acl_from_mode(mode_t, int); ...@@ -79,7 +79,6 @@ extern struct posix_acl *posix_acl_from_mode(mode_t, int);
extern int posix_acl_equiv_mode(const struct posix_acl *, mode_t *); extern int posix_acl_equiv_mode(const struct posix_acl *, mode_t *);
extern int posix_acl_create_masq(struct posix_acl *, mode_t *); extern int posix_acl_create_masq(struct posix_acl *, mode_t *);
extern int posix_acl_chmod_masq(struct posix_acl *, mode_t); extern int posix_acl_chmod_masq(struct posix_acl *, mode_t);
extern int posix_acl_masq_nfs_mode(struct posix_acl *, mode_t *);
extern struct posix_acl *get_posix_acl(struct inode *, int); extern struct posix_acl *get_posix_acl(struct inode *, int);
extern int set_posix_acl(struct inode *, int, struct posix_acl *); extern int set_posix_acl(struct inode *, int, struct posix_acl *);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment