s3: VFS: Add SMB_VFS_GET_NT_ACL_AT().

Currently identical to SMB_VFS_GET_NT_ACL().

Next, add to all VFS modules that implement
get_nt_acl and eventually remove get_nt_acl.

NB. Modules that use smb_vfs_assert_all_fns()
have SMB_VFS_GET_NT_ACL_AT() will not build
until they have this function added.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c
index cc3aa7eae6ba7f02e64ead44fe2efb4ef154fa8e..309a51ed183f08fe13ca604baf178c06a706ac8f 100644 (file)
--- a/examples/VFS/skel_opaque.c
+++ b/examples/VFS/skel_opaque.c
@@ -800,6 +800,16 @@ static NTSTATUS skel_get_nt_acl(vfs_handle_struct *handle,
        return NT_STATUS_NOT_IMPLEMENTED;
 }
 
+static NTSTATUS skel_get_nt_acl_at(vfs_handle_struct *handle,
+                               struct files_struct *dirfsp,
+                               const struct smb_filename *smb_fname,
+                               uint32_t security_info,
+                               TALLOC_CTX *mem_ctx,
+                               struct security_descriptor **ppdesc)
+{
+       return NT_STATUS_NOT_IMPLEMENTED;
+}
+
 static NTSTATUS skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
                                 uint32_t security_info_sent,
                                 const struct security_descriptor *psd)
@@ -1133,6 +1143,7 @@ static struct vfs_fn_pointers skel_opaque_fns = {
 
        .fget_nt_acl_fn = skel_fget_nt_acl,
        .get_nt_acl_fn = skel_get_nt_acl,
+       .get_nt_acl_at_fn = skel_get_nt_acl_at,
        .fset_nt_acl_fn = skel_fset_nt_acl,
 
        /* POSIX ACL operations. */

diff --git a/examples/VFS/skel_transparent.c b/examples/VFS/skel_transparent.c
index 235d4533df33753a1882a260ed141f1222a12153..307882afadfaa0125c1a9f847db1bf342437fa32 100644 (file)
--- a/examples/VFS/skel_transparent.c
+++ b/examples/VFS/skel_transparent.c
@@ -1068,6 +1068,21 @@ static NTSTATUS skel_get_nt_acl(vfs_handle_struct *handle,
                                ppdesc);
 }
 
+static NTSTATUS skel_get_nt_acl_at(vfs_handle_struct *handle,
+                               struct files_struct *dirfsp,
+                               const struct smb_filename *smb_fname,
+                               uint32_t security_info,
+                               TALLOC_CTX *mem_ctx,
+                               struct security_descriptor **ppdesc)
+{
+       return SMB_VFS_NEXT_GET_NT_ACL_AT(handle,
+                               dirfsp,
+                               smb_fname,
+                               security_info,
+                               mem_ctx,
+                               ppdesc);
+}
+
 static NTSTATUS skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
                                 uint32_t security_info_sent,
                                 const struct security_descriptor *psd)
@@ -1440,6 +1455,7 @@ static struct vfs_fn_pointers skel_transparent_fns = {
 
        .fget_nt_acl_fn = skel_fget_nt_acl,
        .get_nt_acl_fn = skel_get_nt_acl,
+       .get_nt_acl_at_fn = skel_get_nt_acl_at,
        .fset_nt_acl_fn = skel_fset_nt_acl,
 
        /* POSIX ACL operations. */

diff --git a/source3/include/smbprofile.h b/source3/include/smbprofile.h
index b771c26c81b4f678b7a61eb35171e92846c8b823..91f3066124053d0c7f26e5834ea2f9997818a235 100644 (file)
--- a/source3/include/smbprofile.h
+++ b/source3/include/smbprofile.h
@@ -98,6 +98,7 @@ struct tevent_context;
        \
        SMBPROFILE_STATS_SECTION_START(acl, "ACL Calls") \
        SMBPROFILE_STATS_BASIC(get_nt_acl) \
+       SMBPROFILE_STATS_BASIC(get_nt_acl_at) \
        SMBPROFILE_STATS_BASIC(fget_nt_acl) \
        SMBPROFILE_STATS_BASIC(fset_nt_acl) \
        SMBPROFILE_STATS_SECTION_END \

diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index 3e133a58f434ac15cf53877b2835c1ec275590ea..c01bb3717a4a9df8ce45657898d067b61d45ff18 100644 (file)
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -318,6 +318,7 @@
  *              to be a struct smb_filename
  * Version 43 - convert link_contents arg of SMB_VFS_SYMLINKAT()
  *              to struct smb_filename
+ * Version 43 - Add SMB_VFS_GET_NT_ACL_AT().
  */
 
 #define SMB_VFS_INTERFACE_VERSION 43
@@ -1008,6 +1009,12 @@ struct vfs_fn_pointers {
                                  uint32_t security_info,
                                   TALLOC_CTX *mem_ctx,
                                  struct security_descriptor **ppdesc);
+       NTSTATUS (*get_nt_acl_at_fn)(struct vfs_handle_struct *handle,
+                               struct files_struct *dirfsp,
+                               const struct smb_filename *smb_fname,
+                               uint32_t security_info,
+                               TALLOC_CTX *mem_ctx,
+                               struct security_descriptor **ppdesc);
        NTSTATUS (*fset_nt_acl_fn)(struct vfs_handle_struct *handle,
                                   struct files_struct *fsp,
                                   uint32_t security_info_sent,
@@ -1533,6 +1540,12 @@ NTSTATUS smb_vfs_call_get_nt_acl(struct vfs_handle_struct *handle,
                                 uint32_t security_info,
                                 TALLOC_CTX *mem_ctx,
                                 struct security_descriptor **ppdesc);
+NTSTATUS smb_vfs_call_get_nt_acl_at(struct vfs_handle_struct *handle,
+                               struct files_struct *dirfsp,
+                               const struct smb_filename *smb_fname,
+                               uint32_t security_info,
+                               TALLOC_CTX *mem_ctx,
+                               struct security_descriptor **ppdesc);
 NTSTATUS smb_vfs_call_fset_nt_acl(struct vfs_handle_struct *handle,
                                  struct files_struct *fsp,
                                  uint32_t security_info_sent,
@@ -1960,6 +1973,12 @@ NTSTATUS vfs_not_implemented_get_nt_acl(vfs_handle_struct *handle,
                                        uint32_t security_info,
                                        TALLOC_CTX *mem_ctx,
                                        struct security_descriptor **ppdesc);
+NTSTATUS vfs_not_implemented_get_nt_acl_at(vfs_handle_struct *handle,
+                       struct files_struct *dirfsp,
+                       const struct smb_filename *smb_fname,
+                       uint32_t security_info,
+                       TALLOC_CTX *mem_ctx,
+                       struct security_descriptor **ppdesc);
 NTSTATUS vfs_not_implemented_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
                                         uint32_t security_info_sent,
                                         const struct security_descriptor *psd);

diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h
index c8c41cd62f56d1674ff0cbea2c70488f8d131a4b..c85aca91f46affa0650d5cfa6efe1bec8ce8dc8b 100644 (file)
--- a/source3/include/vfs_macros.h
+++ b/source3/include/vfs_macros.h
@@ -482,6 +482,11 @@
 #define SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname, security_info, mem_ctx, ppdesc) \
        smb_vfs_call_get_nt_acl((handle)->next, (smb_fname), (security_info), (mem_ctx), (ppdesc))
 
+#define SMB_VFS_GET_NT_ACL_AT(conn, dirfsp, smb_fname, security_info, mem_ctx, ppdesc) \
+       smb_vfs_call_get_nt_acl_at((conn)->vfs_handles, (dirfsp), (smb_fname), (security_info), (mem_ctx), (ppdesc))
+#define SMB_VFS_NEXT_GET_NT_ACL_AT(handle, dirfsp, smb_fname, security_info, mem_ctx, ppdesc) \
+       smb_vfs_call_get_nt_acl_at((handle)->next, (dirfsp), (smb_fname), (security_info), (mem_ctx), (ppdesc))
+
 #define SMB_VFS_AUDIT_FILE(conn, name, sacl, access_requested, access_denied) \
        smb_vfs_call_audit_file((conn)->vfs_handles, (name), (sacl), (access_requested), (access_denied))
 #define SMB_VFS_NEXT_AUDIT_FILE(handle, name, sacl, access_requested, access_denied) \

diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 0723eac1c7c67b8a69e56ca3f7a933720a09d4e9..7b153186a035dcc854dfd9d814c3c18139eb7f52 100644 (file)
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -3139,6 +3139,28 @@ static NTSTATUS vfswrap_get_nt_acl(vfs_handle_struct *handle,
        return result;
 }
 
+static NTSTATUS vfswrap_get_nt_acl_at(vfs_handle_struct *handle,
+                       struct files_struct *dirfsp,
+                       const struct smb_filename *smb_fname,
+                       uint32_t security_info,
+                       TALLOC_CTX *mem_ctx,
+                       struct security_descriptor **ppdesc)
+{
+       NTSTATUS result;
+
+       START_PROFILE(get_nt_acl_at);
+
+       SMB_ASSERT(dirfsp == dirfsp->conn->cwd_fsp);
+
+       result = posix_get_nt_acl(handle->conn,
+                               smb_fname,
+                               security_info,
+                               mem_ctx,
+                               ppdesc);
+       END_PROFILE(get_nt_acl_at);
+       return result;
+}
+
 static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd)
 {
        NTSTATUS result;
@@ -3734,6 +3756,7 @@ static struct vfs_fn_pointers vfs_default_fns = {
 
        .fget_nt_acl_fn = vfswrap_fget_nt_acl,
        .get_nt_acl_fn = vfswrap_get_nt_acl,
+       .get_nt_acl_at_fn = vfswrap_get_nt_acl_at,
        .fset_nt_acl_fn = vfswrap_fset_nt_acl,
        .audit_file_fn = vfswrap_audit_file,
 

diff --git a/source3/modules/vfs_not_implemented.c b/source3/modules/vfs_not_implemented.c
index d734502c7f8aa93016284b0ac879076a71e8b095..c04704dad10fe79824cb48af2fc7fda7014dbb07 100644 (file)
--- a/source3/modules/vfs_not_implemented.c
+++ b/source3/modules/vfs_not_implemented.c
@@ -805,6 +805,16 @@ NTSTATUS vfs_not_implemented_get_nt_acl(vfs_handle_struct *handle,
        return NT_STATUS_NOT_IMPLEMENTED;
 }
 
+NTSTATUS vfs_not_implemented_get_nt_acl_at(vfs_handle_struct *handle,
+                                       struct files_struct *dirfsp,
+                                       const struct smb_filename *smb_fname,
+                                       uint32_t security_info,
+                                       TALLOC_CTX *mem_ctx,
+                                       struct security_descriptor **ppdesc)
+{
+       return NT_STATUS_NOT_IMPLEMENTED;
+}
+
 NTSTATUS vfs_not_implemented_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
                                         uint32_t security_info_sent,
                                         const struct security_descriptor *psd)
@@ -1138,6 +1148,7 @@ static struct vfs_fn_pointers vfs_not_implemented_fns = {
 
        .fget_nt_acl_fn = vfs_not_implemented_fget_nt_acl,
        .get_nt_acl_fn = vfs_not_implemented_get_nt_acl,
+       .get_nt_acl_at_fn = vfs_not_implemented_get_nt_acl_at,
        .fset_nt_acl_fn = vfs_not_implemented_fset_nt_acl,
 
        /* POSIX ACL operations. */

diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 4b570557af6cdcea7a765e7dd9bb1adfcd5b50bc..044a7e1a82550956388be565c9b3644d04a2d3ab 100644 (file)
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -2547,6 +2547,22 @@ NTSTATUS smb_vfs_call_get_nt_acl(struct vfs_handle_struct *handle,
                                ppdesc);
 }
 
+NTSTATUS smb_vfs_call_get_nt_acl_at(struct vfs_handle_struct *handle,
+                       struct files_struct *dirfsp,
+                       const struct smb_filename *smb_fname,
+                       uint32_t security_info,
+                       TALLOC_CTX *mem_ctx,
+                       struct security_descriptor **ppdesc)
+{
+       VFS_FIND(get_nt_acl_at);
+       return handle->fns->get_nt_acl_at_fn(handle,
+                               dirfsp,
+                               smb_fname,
+                               security_info,
+                               mem_ctx,
+                               ppdesc);
+}
+
 NTSTATUS smb_vfs_call_fset_nt_acl(struct vfs_handle_struct *handle,
                                  struct files_struct *fsp,
                                  uint32_t security_info_sent,