Added POSIX ACL layer into the vfs.

Jeremy.
(This used to be commit 7d59445b6962547a8938928a9371651a09e26516)

diff --git a/source3/include/smb.h b/source3/include/smb.h
index f626394845f3c2a803f008c6b51007c644919bf6..1b6e280a4a14b8b11cf36b4a2531b9bb56604608 100644 (file)
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -427,6 +427,7 @@ typedef struct
 
 /* Include VFS stuff */
 
+#include "smb_acls.h"
 #include "vfs.h"
 
 typedef struct connection_struct
@@ -1640,7 +1641,6 @@ struct unix_error_map {
 #define SAFE_NETBIOS_CHARS ". -_"
 
 #include "nsswitch/winbindd_nss.h"
-#include "smb_acls.h"
 
 /* generic iconv conversion structure */
 typedef struct {

diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index 58b5f0d396a473998e89d7889c91d5f66e673c47..da601b937b2ec24e1cdf58e48f84f62d791ca217 100644 (file)
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -39,7 +39,8 @@
  */
 
 /* Changed to version 2 for CIFS UNIX extensions (mknod and link added). JRA. */
-#define SMB_VFS_INTERFACE_VERSION 2
+/* Changed to version 3 for POSIX acl extensions. JRA. */
+#define SMB_VFS_INTERFACE_VERSION 3
 
 /* VFS operations structure */
 
@@ -102,7 +103,29 @@ struct vfs_ops {
 
        int (*chmod_acl)(struct connection_struct *conn, const char *name, mode_t mode);
        int (*fchmod_acl)(struct files_struct *fsp, int fd, mode_t mode);
-       
+
+       int (*sys_acl_get_entry)(struct connection_struct *conn, SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p);
+       int (*sys_acl_get_tag_type)(struct connection_struct *conn, SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p);
+       int (*sys_acl_get_permset)(struct connection_struct *conn, SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p);
+       void * (*sys_acl_get_qualifier)(struct connection_struct *conn, SMB_ACL_ENTRY_T entry_d);
+       SMB_ACL_T (*sys_acl_get_file)(struct connection_struct *conn, const char *path_p, SMB_ACL_TYPE_T type);
+       SMB_ACL_T (*sys_acl_get_fd)(struct files_struct *fsp, int fd);
+       int (*sys_acl_clear_perms)(struct connection_struct *conn, SMB_ACL_PERMSET_T permset);
+       int (*sys_acl_add_perm)(struct connection_struct *conn, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
+       char * (*sys_acl_to_text)(struct connection_struct *conn, SMB_ACL_T theacl, ssize_t *plen);
+       SMB_ACL_T (*sys_acl_init)(struct connection_struct *conn, int count);
+       int (*sys_acl_create_entry)(struct connection_struct *conn, SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry);
+       int (*sys_acl_set_tag_type)(struct connection_struct *conn, SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype);
+       int (*sys_acl_set_qualifier)(struct connection_struct *conn, SMB_ACL_ENTRY_T entry, void *qual);
+       int (*sys_acl_set_permset)(struct connection_struct *conn, SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset);
+       int (*sys_acl_valid)(struct connection_struct *conn, SMB_ACL_T theacl );
+       int (*sys_acl_set_file)(struct connection_struct *conn, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);
+       int (*sys_acl_set_fd)(struct files_struct *fsp, int fd, SMB_ACL_T theacl);
+       int (*sys_acl_delete_def_file)(struct connection_struct *conn, const char *path);
+       int (*sys_acl_get_perm)(struct connection_struct *conn, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
+       int (*sys_acl_free_text)(struct connection_struct *conn, char *text);
+       int (*sys_acl_free_acl)(struct connection_struct *conn, SMB_ACL_T posix_acl);
+       int (*sys_acl_free_qualifier)(struct connection_struct *conn, void *qualifier, SMB_ACL_TAG_T tagtype);
 };
 
 struct vfs_options {

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index b284175302f7b46d46a52d10be2d90a5e2cd65a0..b86d9763a4711c865ba807ec7602fd3ce125fda9 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -806,7 +806,7 @@ flags=0x%X flags2=0x%X mode=0%o returned %d\n",
         */
 
         if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
-                       (def_acl = directory_has_default_acl(parent_dirname(fname))))
+                       (def_acl = directory_has_default_acl(conn, parent_dirname(fname))))
                 mode = 0777;
 
        DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o\n",

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 34f0b77002991aad8c1990a01a438c81377e6e7f..9c8835214fbe17da346dff4a0e0ddcb973bc8e69 100644 (file)
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -153,13 +153,13 @@ static void print_canon_ace_list(const char *name, canon_ace *ace_list)
  Map POSIX ACL perms to canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits).
 ****************************************************************************/
 
-static mode_t convert_permset_to_mode_t(SMB_ACL_PERMSET_T permset)
+static mode_t convert_permset_to_mode_t(connection_struct *conn, SMB_ACL_PERMSET_T permset)
 {
        mode_t ret = 0;
 
-       ret |= (sys_acl_get_perm(permset, SMB_ACL_READ) ? S_IRUSR : 0);
-       ret |= (sys_acl_get_perm(permset, SMB_ACL_WRITE) ? S_IWUSR : 0);
-       ret |= (sys_acl_get_perm(permset, SMB_ACL_EXECUTE) ? S_IXUSR : 0);
+       ret |= (conn->vfs_ops.sys_acl_get_perm(conn, permset, SMB_ACL_READ) ? S_IRUSR : 0);
+       ret |= (conn->vfs_ops.sys_acl_get_perm(conn, permset, SMB_ACL_WRITE) ? S_IWUSR : 0);
+       ret |= (conn->vfs_ops.sys_acl_get_perm(conn, permset, SMB_ACL_EXECUTE) ? S_IXUSR : 0);
 
        return ret;
 }
@@ -187,20 +187,20 @@ static mode_t unix_perms_to_acl_perms(mode_t mode, int r_mask, int w_mask, int x
  an SMB_ACL_PERMSET_T.
 ****************************************************************************/
 
-static int map_acl_perms_to_permset(mode_t mode, SMB_ACL_PERMSET_T *p_permset)
+static int map_acl_perms_to_permset(connection_struct *conn, mode_t mode, SMB_ACL_PERMSET_T *p_permset)
 {
-       if (sys_acl_clear_perms(*p_permset) ==  -1)
+       if (conn->vfs_ops.sys_acl_clear_perms(conn, *p_permset) ==  -1)
                return -1;
        if (mode & S_IRUSR) {
-               if (sys_acl_add_perm(*p_permset, SMB_ACL_READ) == -1)
+               if (conn->vfs_ops.sys_acl_add_perm(conn, *p_permset, SMB_ACL_READ) == -1)
                        return -1;
        }
        if (mode & S_IWUSR) {
-               if (sys_acl_add_perm(*p_permset, SMB_ACL_WRITE) == -1)
+               if (conn->vfs_ops.sys_acl_add_perm(conn, *p_permset, SMB_ACL_WRITE) == -1)
                        return -1;
        }
        if (mode & S_IXUSR) {
-               if (sys_acl_add_perm(*p_permset, SMB_ACL_EXECUTE) == -1)
+               if (conn->vfs_ops.sys_acl_add_perm(conn, *p_permset, SMB_ACL_EXECUTE) == -1)
                        return -1;
        }
        return 0;
@@ -1425,6 +1425,7 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_
                                                                        DOM_SID *powner, DOM_SID *pgroup)
 {
        extern DOM_SID global_sid_World;
+       connection_struct *conn = fsp->conn;
        mode_t acl_mask = (S_IRUSR|S_IWUSR|S_IXUSR);
        canon_ace *list_head = NULL;
        canon_ace *ace = NULL;
@@ -1433,7 +1434,7 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_
        SMB_ACL_ENTRY_T entry;
        size_t ace_count;
 
-       while ( posix_acl && (sys_acl_get_entry(posix_acl, entry_id, &entry) == 1)) {
+       while ( posix_acl && (conn->vfs_ops.sys_acl_get_entry(conn, posix_acl, entry_id, &entry) == 1)) {
                SMB_ACL_TAG_T tagtype;
                SMB_ACL_PERMSET_T permset;
                DOM_SID sid;
@@ -1445,10 +1446,10 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_
                        entry_id = SMB_ACL_NEXT_ENTRY;
 
                /* Is this a MASK entry ? */
-               if (sys_acl_get_tag_type(entry, &tagtype) == -1)
+               if (conn->vfs_ops.sys_acl_get_tag_type(conn, entry, &tagtype) == -1)
                        continue;
 
-               if (sys_acl_get_permset(entry, &permset) == -1)
+               if (conn->vfs_ops.sys_acl_get_permset(conn, entry, &permset) == -1)
                        continue;
 
                /* Decide which SID to use based on the ACL type. */
@@ -1461,7 +1462,7 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_
                                break;
                        case SMB_ACL_USER:
                                {
-                                       uid_t *puid = (uid_t *)sys_acl_get_qualifier(entry);
+                                       uid_t *puid = (uid_t *)conn->vfs_ops.sys_acl_get_qualifier(conn, entry);
                                        if (puid == NULL) {
                                                DEBUG(0,("canonicalise_acl: Failed to get uid.\n"));
                                                continue;
@@ -1469,7 +1470,7 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_
                                        uid_to_sid( &sid, *puid);
                                        unix_ug.uid = *puid;
                                        owner_type = UID_ACE;
-                                       sys_acl_free_qualifier((void *)puid,tagtype);
+                                       conn->vfs_ops.sys_acl_free_qualifier(conn, (void *)puid,tagtype);
                                        break;
                                }
                        case SMB_ACL_GROUP_OBJ:
@@ -1480,7 +1481,7 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_
                                break;
                        case SMB_ACL_GROUP:
                                {
-                                       gid_t *pgid = (gid_t *)sys_acl_get_qualifier(entry);
+                                       gid_t *pgid = (gid_t *)conn->vfs_ops.sys_acl_get_qualifier(conn, entry);
                                        if (pgid == NULL) {
                                                DEBUG(0,("canonicalise_acl: Failed to get gid.\n"));
                                                continue;
@@ -1488,11 +1489,11 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_
                                        gid_to_sid( &sid, *pgid);
                                        unix_ug.gid = *pgid;
                                        owner_type = GID_ACE;
-                                       sys_acl_free_qualifier((void *)pgid,tagtype);
+                                       conn->vfs_ops.sys_acl_free_qualifier(conn, (void *)pgid,tagtype);
                                        break;
                                }
                        case SMB_ACL_MASK:
-                               acl_mask = convert_permset_to_mode_t(permset);
+                               acl_mask = convert_permset_to_mode_t(conn, permset);
                                continue; /* Don't count the mask as an entry. */
                        case SMB_ACL_OTHER:
                                /* Use the Everyone SID */
@@ -1514,7 +1515,7 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_
 
                ZERO_STRUCTP(ace);
                ace->type = tagtype;
-               ace->perms = convert_permset_to_mode_t(permset);
+               ace->perms = convert_permset_to_mode_t(conn, permset);
                ace->attr = ALLOW_ACE;
                ace->trustee = sid;
                ace->unix_ug = unix_ug;
@@ -1571,8 +1572,9 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_
 
 static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL default_ace, BOOL *pacl_set_support)
 {
+       connection_struct *conn = fsp->conn;
        BOOL ret = False;
-       SMB_ACL_T the_acl = sys_acl_init((int)count_canon_ace_list(the_ace) + 1);
+       SMB_ACL_T the_acl = conn->vfs_ops.sys_acl_init(conn, (int)count_canon_ace_list(the_ace) + 1);
        canon_ace *p_ace;
        int i;
        SMB_ACL_ENTRY_T mask_entry;
@@ -1601,7 +1603,7 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau
                 * Get the entry for this ACE.
                 */
 
-               if (sys_acl_create_entry( &the_acl, &the_entry) == -1) {
+               if (conn->vfs_ops.sys_acl_create_entry(conn, &the_acl, &the_entry) == -1) {
                        DEBUG(0,("set_canon_ace_list: Failed to create entry %d. (%s)\n",
                                i, strerror(errno) ));
                        goto done;
@@ -1622,7 +1624,7 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau
                 * First tell the entry what type of ACE this is.
                 */
 
-               if (sys_acl_set_tag_type(the_entry, p_ace->type) == -1) {
+               if (conn->vfs_ops.sys_acl_set_tag_type(conn, the_entry, p_ace->type) == -1) {
                        DEBUG(0,("set_canon_ace_list: Failed to set tag type on entry %d. (%s)\n",
                                i, strerror(errno) ));
                        goto done;
@@ -1634,7 +1636,7 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau
                 */
 
                if ((p_ace->type == SMB_ACL_USER) || (p_ace->type == SMB_ACL_GROUP)) {
-                       if (sys_acl_set_qualifier(the_entry,(void *)&p_ace->unix_ug.uid) == -1) {
+                       if (conn->vfs_ops.sys_acl_set_qualifier(conn, the_entry,(void *)&p_ace->unix_ug.uid) == -1) {
                                DEBUG(0,("set_canon_ace_list: Failed to set qualifier on entry %d. (%s)\n",
                                        i, strerror(errno) ));
                                goto done;
@@ -1645,13 +1647,13 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau
                 * Convert the mode_t perms in the canon_ace to a POSIX permset.
                 */
 
-               if (sys_acl_get_permset(the_entry, &the_permset) == -1) {
+               if (conn->vfs_ops.sys_acl_get_permset(conn, the_entry, &the_permset) == -1) {
                        DEBUG(0,("set_canon_ace_list: Failed to get permset on entry %d. (%s)\n",
                                i, strerror(errno) ));
                        goto done;
                }
 
-               if (map_acl_perms_to_permset(p_ace->perms, &the_permset) == -1) {
+               if (map_acl_perms_to_permset(conn, p_ace->perms, &the_permset) == -1) {
                        DEBUG(0,("set_canon_ace_list: Failed to create permset for mode (%u) on entry %d. (%s)\n",
                                (unsigned int)p_ace->perms, i, strerror(errno) ));
                        goto done;
@@ -1661,7 +1663,7 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau
                 * ..and apply them to the entry.
                 */
 
-               if (sys_acl_set_permset(the_entry, the_permset) == -1) {
+               if (conn->vfs_ops.sys_acl_set_permset(conn, the_entry, the_permset) == -1) {
                        DEBUG(0,("set_canon_ace_list: Failed to add permset on entry %d. (%s)\n",
                                i, strerror(errno) ));
                        goto done;
@@ -1675,27 +1677,27 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau
         * Add in a mask of rwx.
         */
 
-       if (sys_acl_create_entry( &the_acl, &mask_entry) == -1) {
+       if (conn->vfs_ops.sys_acl_create_entry( conn, &the_acl, &mask_entry) == -1) {
                DEBUG(0,("set_canon_ace_list: Failed to create mask entry. (%s)\n", strerror(errno) ));
                goto done;
        }
 
-       if (sys_acl_set_tag_type(mask_entry, SMB_ACL_MASK) == -1) {
+       if (conn->vfs_ops.sys_acl_set_tag_type(conn, mask_entry, SMB_ACL_MASK) == -1) {
                DEBUG(0,("set_canon_ace_list: Failed to set tag type on mask entry. (%s)\n",strerror(errno) ));
                goto done;
        }
 
-       if (sys_acl_get_permset(mask_entry, &mask_permset) == -1) {
+       if (conn->vfs_ops.sys_acl_get_permset(conn, mask_entry, &mask_permset) == -1) {
                DEBUG(0,("set_canon_ace_list: Failed to get mask permset. (%s)\n", strerror(errno) ));
                goto done;
        }
 
-       if (map_acl_perms_to_permset(S_IRUSR|S_IWUSR|S_IXUSR, &mask_permset) == -1) {
+       if (map_acl_perms_to_permset(conn, S_IRUSR|S_IWUSR|S_IXUSR, &mask_permset) == -1) {
                DEBUG(0,("set_canon_ace_list: Failed to create mask permset. (%s)\n", strerror(errno) ));
                goto done;
        }
 
-       if (sys_acl_set_permset(mask_entry, mask_permset) == -1) {
+       if (conn->vfs_ops.sys_acl_set_permset(conn, mask_entry, mask_permset) == -1) {
                DEBUG(0,("set_canon_ace_list: Failed to add mask permset. (%s)\n", strerror(errno) ));
                goto done;
        }
@@ -1704,7 +1706,7 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau
         * Check if the ACL is valid.
         */
 
-       if (sys_acl_valid(the_acl) == -1) {
+       if (conn->vfs_ops.sys_acl_valid(conn, the_acl) == -1) {
                DEBUG(0,("set_canon_ace_list: ACL type (%s) is invalid for set (%s).\n",
                                the_acl_type == SMB_ACL_TYPE_DEFAULT ? "directory default" : "file",
                                strerror(errno) ));
@@ -1716,7 +1718,7 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau
         */
 
        if(default_ace || fsp->is_directory || fsp->fd == -1) {
-               if (sys_acl_set_file(fsp->fsp_name, the_acl_type, the_acl) == -1) {
+               if (conn->vfs_ops.sys_acl_set_file(conn, fsp->fsp_name, the_acl_type, the_acl) == -1) {
                        /*
                         * Some systems allow all the above calls and only fail with no ACL support
                         * when attempting to apply the acl. HPUX with HFS is an example of this. JRA.
@@ -1729,7 +1731,7 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau
                        goto done;
                }
        } else {
-               if (sys_acl_set_fd(fsp->fd, the_acl) == -1) {
+               if (conn->vfs_ops.sys_acl_set_fd(fsp, fsp->fd, the_acl) == -1) {
                        /*
                         * Some systems allow all the above calls and only fail with no ACL support
                         * when attempting to apply the acl. HPUX with HFS is an example of this. JRA.
@@ -1747,7 +1749,7 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau
   done:
 
        if (the_acl != NULL)
-           sys_acl_free_acl(the_acl);
+           conn->vfs_ops.sys_acl_free_acl(conn, the_acl);
 
        return ret;
 }
@@ -1846,6 +1848,7 @@ static int nt_ace_comp( SEC_ACE *a1, SEC_ACE *a2)
 
 size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
 {
+       connection_struct *conn = fsp->conn;
        SMB_STRUCT_STAT sbuf;
        SEC_ACE *nt_ace_list = NULL;
        DOM_SID owner_sid;
@@ -1874,14 +1877,14 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
                 * Get the ACL from the path.
                 */
 
-               posix_acl = sys_acl_get_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS);
+               posix_acl = conn->vfs_ops.sys_acl_get_file(conn, fsp->fsp_name, SMB_ACL_TYPE_ACCESS);
 
                /*
                 * If it's a directory get the default POSIX ACL.
                 */
 
                if(fsp->is_directory)
-                       dir_acl = sys_acl_get_file(fsp->fsp_name, SMB_ACL_TYPE_DEFAULT);
+                       dir_acl = conn->vfs_ops.sys_acl_get_file(conn, fsp->fsp_name, SMB_ACL_TYPE_DEFAULT);
 
        } else {
 
@@ -1892,7 +1895,7 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
                /*
                 * Get the ACL from the fd.
                 */
-               posix_acl = sys_acl_get_fd(fsp->fd);
+               posix_acl = conn->vfs_ops.sys_acl_get_fd(fsp, fsp->fd);
        }
 
        DEBUG(5,("get_nt_acl : file ACL %s, directory ACL %s\n",
@@ -1983,9 +1986,9 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
   done:
 
        if (posix_acl)  
-               sys_acl_free_acl(posix_acl);
+               conn->vfs_ops.sys_acl_free_acl(conn, posix_acl);
        if (dir_acl)
-               sys_acl_free_acl(dir_acl);
+               conn->vfs_ops.sys_acl_free_acl(conn, dir_acl);
        free_canon_ace_list(file_ace);
        free_canon_ace_list(dir_ace);
        SAFE_FREE(nt_ace_list);
@@ -2138,7 +2141,7 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
                                 * No default ACL - delete one if it exists.
                                 */
 
-                               if (sys_acl_delete_def_file(fsp->fsp_name) == -1) {
+                               if (conn->vfs_ops.sys_acl_delete_def_file(conn, fsp->fsp_name) == -1) {
                                        DEBUG(3,("set_nt_acl: sys_acl_delete_def_file failed (%s)\n", strerror(errno)));
                                        free_canon_ace_list(file_ace_list);
                                        return False;
@@ -2188,13 +2191,13 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
  and set the mask to rwx. Needed to preserve complex ACLs set by NT.
 ****************************************************************************/
 
-static int chmod_acl_internals( SMB_ACL_T posix_acl, mode_t mode)
+static int chmod_acl_internals( connection_struct *conn, SMB_ACL_T posix_acl, mode_t mode)
 {
        int entry_id = SMB_ACL_FIRST_ENTRY;
        SMB_ACL_ENTRY_T entry;
        int num_entries = 0;
 
-       while ( sys_acl_get_entry(posix_acl, entry_id, &entry) == 1) {
+       while ( conn->vfs_ops.sys_acl_get_entry(conn, posix_acl, entry_id, &entry) == 1) {
                SMB_ACL_TAG_T tagtype;
                SMB_ACL_PERMSET_T permset;
                mode_t perms;
@@ -2203,10 +2206,10 @@ static int chmod_acl_internals( SMB_ACL_T posix_acl, mode_t mode)
                if (entry_id == SMB_ACL_FIRST_ENTRY)
                        entry_id = SMB_ACL_NEXT_ENTRY;
 
-               if (sys_acl_get_tag_type(entry, &tagtype) == -1)
+               if (conn->vfs_ops.sys_acl_get_tag_type(conn, entry, &tagtype) == -1)
                        return -1;
 
-               if (sys_acl_get_permset(entry, &permset) == -1)
+               if (conn->vfs_ops.sys_acl_get_permset(conn, entry, &permset) == -1)
                        return -1;
 
                num_entries++;
@@ -2228,10 +2231,10 @@ static int chmod_acl_internals( SMB_ACL_T posix_acl, mode_t mode)
                                continue;
                }
 
-               if (map_acl_perms_to_permset(perms, &permset) == -1)
+               if (map_acl_perms_to_permset(conn, perms, &permset) == -1)
                        return -1;
 
-               if (sys_acl_set_permset(entry, permset) == -1)
+               if (conn->vfs_ops.sys_acl_set_permset(conn, entry, permset) == -1)
                        return -1;
        }
 
@@ -2252,22 +2255,22 @@ static int chmod_acl_internals( SMB_ACL_T posix_acl, mode_t mode)
  Note that name is in UNIX character set.
 ****************************************************************************/
 
-int chmod_acl(const char *name, mode_t mode)
+int chmod_acl(connection_struct *conn, const char *name, mode_t mode)
 {
        SMB_ACL_T posix_acl = NULL;
        int ret = -1;
 
-       if ((posix_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS)) == NULL)
+       if ((posix_acl = conn->vfs_ops.sys_acl_get_file(conn, name, SMB_ACL_TYPE_ACCESS)) == NULL)
                return -1;
 
-       if ((ret = chmod_acl_internals(posix_acl, mode)) == -1)
+       if ((ret = chmod_acl_internals(conn, posix_acl, mode)) == -1)
                goto done;
 
-       ret = sys_acl_set_file(name, SMB_ACL_TYPE_ACCESS, posix_acl);
+       ret = conn->vfs_ops.sys_acl_set_file(conn, name, SMB_ACL_TYPE_ACCESS, posix_acl);
 
   done:
 
-       sys_acl_free_acl(posix_acl);
+       conn->vfs_ops.sys_acl_free_acl(conn, posix_acl);
        return ret;
 }
 
@@ -2276,34 +2279,35 @@ int chmod_acl(const char *name, mode_t mode)
  and set the mask to rwx. Needed to preserve complex ACLs set by NT.
 ****************************************************************************/
 
-int fchmod_acl(int fd, mode_t mode)
+int fchmod_acl(files_struct *fsp, int fd, mode_t mode)
 {
+       connection_struct *conn = fsp->conn;
        SMB_ACL_T posix_acl = NULL;
        int ret = -1;
 
-       if ((posix_acl = sys_acl_get_fd(fd)) == NULL)
+       if ((posix_acl = conn->vfs_ops.sys_acl_get_fd(fsp, fd)) == NULL)
                return -1;
 
-       if ((ret = chmod_acl_internals(posix_acl, mode)) == -1)
+       if ((ret = chmod_acl_internals(conn, posix_acl, mode)) == -1)
                goto done;
 
-       ret = sys_acl_set_fd(fd, posix_acl);
+       ret = conn->vfs_ops.sys_acl_set_fd(fsp, fd, posix_acl);
 
   done:
 
-       sys_acl_free_acl(posix_acl);
+       conn->vfs_ops.sys_acl_free_acl(conn, posix_acl);
        return ret;
 }
 
-BOOL directory_has_default_acl(const char *fname)
+BOOL directory_has_default_acl(connection_struct *conn, const char *fname)
 {
-        SMB_ACL_T dir_acl = sys_acl_get_file( fname, SMB_ACL_TYPE_DEFAULT);
+        SMB_ACL_T dir_acl = conn->vfs_ops.sys_acl_get_file( conn, fname, SMB_ACL_TYPE_DEFAULT);
         BOOL has_acl = False;
         SMB_ACL_ENTRY_T entry;
 
-        if (dir_acl != NULL && (sys_acl_get_entry(dir_acl, SMB_ACL_FIRST_ENTRY, &entry) == 1))
+        if (dir_acl != NULL && (conn->vfs_ops.sys_acl_get_entry(conn, dir_acl, SMB_ACL_FIRST_ENTRY, &entry) == 1))
                 has_acl = True;
 
-        sys_acl_free_acl(dir_acl);
+        conn->vfs_ops.sys_acl_free_acl(conn, dir_acl);
         return has_acl;
 }

diff --git a/source3/smbd/vfs-wrap.c b/source3/smbd/vfs-wrap.c
index 78c6fb3905472b783d34aaa477b4f7551e160b14..73b070d3f820036afcabfd9ebfa459da5c743126 100644 (file)
--- a/source3/smbd/vfs-wrap.c
+++ b/source3/smbd/vfs-wrap.c
@@ -105,7 +105,7 @@ int vfswrap_mkdir(connection_struct *conn, const char *path, mode_t mode)
        }
 #endif
 
-       if (lp_inherit_acls(SNUM(conn)) && (has_dacl = directory_has_default_acl(parent_dirname(path))))
+       if (lp_inherit_acls(SNUM(conn)) && (has_dacl = directory_has_default_acl(conn, parent_dirname(path))))
                mode = 0777;
 
        result = mkdir(path, mode);
@@ -744,7 +744,7 @@ int vfswrap_chmod_acl(connection_struct *conn, const char *name, mode_t mode)
        int result;
 
        START_PROFILE(chmod_acl);
-       result = chmod_acl(name, mode);
+       result = chmod_acl(conn, name, mode);
        END_PROFILE(chmod_acl);
        return result;
 }
@@ -754,7 +754,117 @@ int vfswrap_fchmod_acl(files_struct *fsp, int fd, mode_t mode)
        int result;
 
        START_PROFILE(fchmod_acl);
-       result = fchmod_acl(fd, mode);
+       result = fchmod_acl(fsp, fd, mode);
        END_PROFILE(fchmod_acl);
        return result;
 }
+
+int vfswrap_sys_acl_get_entry(struct connection_struct *conn, SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
+{
+       return sys_acl_get_entry(theacl, entry_id, entry_p);
+}
+
+int vfswrap_sys_acl_get_tag_type(struct connection_struct *conn, SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
+{
+       return sys_acl_get_tag_type(entry_d, tag_type_p);
+}
+
+int vfswrap_sys_acl_get_permset(struct connection_struct *conn, SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
+{
+       return sys_acl_get_permset(entry_d, permset_p);
+}
+
+void * vfswrap_sys_acl_get_qualifier(struct connection_struct *conn, SMB_ACL_ENTRY_T entry_d)
+{
+       return sys_acl_get_qualifier(entry_d);
+}
+
+SMB_ACL_T vfswrap_sys_acl_get_file(struct connection_struct *conn, const char *path_p, SMB_ACL_TYPE_T type)
+{
+       return sys_acl_get_file(path_p, type);
+}
+
+SMB_ACL_T vfswrap_sys_acl_get_fd(struct files_struct *fsp, int fd)
+{
+       return sys_acl_get_fd(fd);
+}
+
+int vfswrap_sys_acl_clear_perms(struct connection_struct *conn, SMB_ACL_PERMSET_T permset)
+{
+       return sys_acl_clear_perms(permset);
+}
+
+int vfswrap_sys_acl_add_perm(struct connection_struct *conn, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
+{
+       return sys_acl_add_perm(permset, perm);
+}
+
+char * vfswrap_sys_acl_to_text(struct connection_struct *conn, SMB_ACL_T theacl, ssize_t *plen)
+{
+       return sys_acl_to_text(theacl, plen);
+}
+
+SMB_ACL_T vfswrap_sys_acl_init(struct connection_struct *conn, int count)
+{
+       return sys_acl_init(count);
+}
+
+int vfswrap_sys_acl_create_entry(struct connection_struct *conn, SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
+{
+       return sys_acl_create_entry(pacl, pentry);
+}
+
+int vfswrap_sys_acl_set_tag_type(struct connection_struct *conn, SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
+{
+       return sys_acl_set_tag_type(entry, tagtype);
+}
+
+int vfswrap_sys_acl_set_qualifier(struct connection_struct *conn, SMB_ACL_ENTRY_T entry, void *qual)
+{
+       return sys_acl_set_qualifier(entry, qual);
+}
+
+int vfswrap_sys_acl_set_permset(struct connection_struct *conn, SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
+{
+       return sys_acl_set_permset(entry, permset);
+}
+
+int vfswrap_sys_acl_valid(struct connection_struct *conn, SMB_ACL_T theacl )
+{
+       return sys_acl_valid(theacl );
+}
+
+int vfswrap_sys_acl_set_file(struct connection_struct *conn, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
+{
+       return sys_acl_set_file(name, acltype, theacl);
+}
+
+int vfswrap_sys_acl_set_fd(struct files_struct *fsp, int fd, SMB_ACL_T theacl)
+{
+       return sys_acl_set_fd(fd, theacl);
+}
+
+int vfswrap_sys_acl_delete_def_file(struct connection_struct *conn, const char *path)
+{
+       return sys_acl_delete_def_file(path);
+}
+
+int vfswrap_sys_acl_get_perm(struct connection_struct *conn, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
+{
+       return sys_acl_get_perm(permset, perm);
+}
+
+int vfswrap_sys_acl_free_text(struct connection_struct *conn, char *text)
+{
+       return sys_acl_free_text(text);
+}
+
+int vfswrap_sys_acl_free_acl(struct connection_struct *conn, SMB_ACL_T posix_acl)
+{
+       return sys_acl_free_acl(posix_acl);
+}
+
+int vfswrap_sys_acl_free_qualifier(struct connection_struct *conn, void *qualifier, SMB_ACL_TAG_T tagtype)
+{
+       return sys_acl_free_qualifier(qualifier, tagtype);
+}

diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index c0e775268cc8027d8f6ed200cf7a95f2b644008d..ac342d08209f41dee5f33a081c8c22ae3376e47b 100644 (file)
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -79,13 +79,36 @@ static struct vfs_ops default_vfs_ops = {
        vfswrap_fset_nt_acl,
        vfswrap_set_nt_acl,
 
+       /* POSIX ACL operations. */
 #if defined(HAVE_NO_ACLS)
        NULL,
-       NULL
+       NULL,
 #else
        vfswrap_chmod_acl,
        vfswrap_fchmod_acl
 #endif
+       vfswrap_sys_acl_get_entry,
+       vfswrap_sys_acl_get_tag_type,
+       vfswrap_sys_acl_get_permset,
+       vfswrap_sys_acl_get_qualifier,
+       vfswrap_sys_acl_get_file,
+       vfswrap_sys_acl_get_fd,
+       vfswrap_sys_acl_clear_perms,
+       vfswrap_sys_acl_add_perm,
+       vfswrap_sys_acl_to_text,
+       vfswrap_sys_acl_init,
+       vfswrap_sys_acl_create_entry,
+       vfswrap_sys_acl_set_tag_type,
+       vfswrap_sys_acl_set_qualifier,
+       vfswrap_sys_acl_set_permset,
+       vfswrap_sys_acl_valid,
+       vfswrap_sys_acl_set_file,
+       vfswrap_sys_acl_set_fd,
+       vfswrap_sys_acl_delete_def_file,
+       vfswrap_sys_acl_get_perm,
+       vfswrap_sys_acl_free_text,
+       vfswrap_sys_acl_free_acl,
+       vfswrap_sys_acl_free_qualifier
 };
 
 /****************************************************************************