Vector get_nt_acl/set_nt_acl via vfs. POSIX ACL support should be added

above this layer.
Jeremy.
(This used to be commit b90af886a951b7b049ed7a42e6d99c332e43897b)

4 files changed, 65 insertions, 27 deletions

diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 1599f01aa5..95010cddc8 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1611,6 +1611,7 @@ static int call_nt_transact_set_security_desc(connection_struct *conn,
   files_struct *fsp = NULL;
   uint32 security_info_sent = 0;
   TALLOC_CTX *mem_ctx;
+  BOOL ret;
 
   if(!lp_nt_acl_support())
     return(UNIXERROR(ERRDOS,ERRnoaccess));
@@ -1659,7 +1660,9 @@ security descriptor.\n"));
     return(UNIXERROR(ERRDOS,ERRnoaccess));
   }
 
-  if (!set_nt_acl(fsp, security_info_sent, psd)) {
+  ret = set_nt_acl( fsp, security_info_sent, psd);
+
+  if (!ret) {
 	free_sec_desc(&psd);
     talloc_destroy(mem_ctx);
 	return(UNIXERROR(ERRDOS,ERRnoaccess));
diff --git a/source3/smbd/unix_acls.c b/source3/smbd/unix_acls.c
index 48f6163596..a564ec9ee5 100644
--- a/source3/smbd/unix_acls.c
+++ b/source3/smbd/unix_acls.c
@@ -59,6 +59,7 @@ static SEC_ACCESS map_unix_perms( int *pacl_type, mode_t perm, int r_mask, int w
 	return sa;
 }
 
+#if 0
 /****************************************************************************
  Validate a SID.
 ****************************************************************************/
@@ -88,6 +89,7 @@ static BOOL validate_unix_sid( DOM_SID *psid, uint32 *prid, DOM_SID *sd_sid)
 
   return True;
 }
+#endif
 
 /****************************************************************************
  Map NT perms to UNIX.
@@ -350,6 +352,15 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
     sid_copy( &group_sid, &global_sid_World);
   } else {
 
+    /*
+     * If there is a VFS redirect, use it.
+     */
+
+    if ((fsp->is_directory || fsp->fd == -1) && fsp->conn->vfs_ops.get_nt_acl)
+      return fsp->conn->vfs_ops.get_nt_acl(dos_to_unix(fsp->fsp_name, False), ppdesc);
+    else if (fsp->conn->vfs_ops.fget_nt_acl)
+      return fsp->conn->vfs_ops.fget_nt_acl(fsp->fd, ppdesc);
+
     if(fsp->is_directory || fsp->fd == -1) {
       if(vfs_stat(fsp->conn,fsp->fsp_name, &sbuf) != 0) {
         return 0;
@@ -452,22 +463,23 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
   BOOL got_dacl = False;
 
   /*
+   * If there is a VFS redirect, use it.
+   */
+
+  if ((fsp->is_directory || fsp->fd == -1) && fsp->conn->vfs_ops.set_nt_acl)
+    return fsp->conn->vfs_ops.set_nt_acl(dos_to_unix(fsp->fsp_name, False), security_info_sent, psd);
+  else if (fsp->conn->vfs_ops.fset_nt_acl)
+    return fsp->conn->vfs_ops.fset_nt_acl(fsp->fd, security_info_sent, psd);
+
+  /*
    * Get the current state of the file.
    */
 
-  if(fsp->is_directory) {
+  if(fsp->is_directory || fsp->fd == -1) {
     if(vfs_stat(fsp->conn,fsp->fsp_name, &sbuf) != 0)
       return False;
   } else {
-
-    int ret;
-
-    if(fsp->fd == -1)
-      ret = vfs_stat(fsp->conn,fsp->fsp_name,&sbuf);
-    else
-      ret = conn->vfs_ops.fstat(fsp->fd,&sbuf);
-
-    if(ret != 0)
+    if(conn->vfs_ops.fstat(fsp->fd,&sbuf) != 0)
       return False;
   }
 
diff --git a/source3/smbd/vfs-wrap.c b/source3/smbd/vfs-wrap.c
index 12ba9bda84..d19be7fb71 100644
--- a/source3/smbd/vfs-wrap.c
+++ b/source3/smbd/vfs-wrap.c
@@ -1,7 +1,7 @@
 /* 
    Unix SMB/Netbios implementation.
    Version 1.9.
-s   Wrap disk only vfs functions to sidestep dodgy compilers.
+   Wrap disk only vfs functions to sidestep dodgy compilers.
    Copyright (C) Tim Potter 1998
    
    This program is free software; you can redistribute it and/or modify
@@ -346,13 +346,3 @@ BOOL vfswrap_lock(int fd, int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
 {
 	return fcntl_lock(fd, op, offset, count,type);
 }
-
-#if 0
-size_t vfswrap_get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
-{
-}
-
-BOOL vfswrap_set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
-{
-}
-#endif
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 097f51d217..4a4b1b2cfa 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -69,11 +69,11 @@ struct vfs_ops default_vfs_ops = {
     vfswrap_getwd,
     vfswrap_utime,
     vfswrap_ftruncate,
-	vfswrap_lock,
-#if 0
-	vfswrap_get_nt_acl,
-	vfswrap_set_nt_acl
-#endif
+    vfswrap_lock,
+    NULL, /* The 4 security descriptor functions are not defined by default. */
+    NULL,
+    NULL,
+    NULL
 };
 
 /****************************************************************************
@@ -219,6 +219,14 @@ BOOL vfs_init_custom(connection_struct *conn)
 	conn->vfs_ops.chown = default_vfs_ops.chown;
     }
     
+    if (conn->vfs_ops.chdir == NULL) {
+	conn->vfs_ops.chdir = default_vfs_ops.chdir;
+    }
+
+    if (conn->vfs_ops.getwd == NULL) {
+	conn->vfs_ops.getwd = default_vfs_ops.getwd;
+    }
+    
     if (conn->vfs_ops.utime == NULL) {
 	conn->vfs_ops.utime = default_vfs_ops.utime;
     }
@@ -230,6 +238,22 @@ BOOL vfs_init_custom(connection_struct *conn)
     if (conn->vfs_ops.lock == NULL) {
 	conn->vfs_ops.lock = default_vfs_ops.lock;
     }
+
+    if (conn->vfs_ops.fget_nt_acl == NULL) {
+	conn->vfs_ops.fget_nt_acl = default_vfs_ops.fget_nt_acl;
+    }
+
+    if (conn->vfs_ops.get_nt_acl == NULL) {
+	conn->vfs_ops.get_nt_acl = default_vfs_ops.get_nt_acl;
+    }
+
+    if (conn->vfs_ops.fset_nt_acl == NULL) {
+	conn->vfs_ops.fset_nt_acl = default_vfs_ops.fset_nt_acl;
+    }
+
+    if (conn->vfs_ops.set_nt_acl == NULL) {
+	conn->vfs_ops.set_nt_acl = default_vfs_ops.set_nt_acl;
+    }
     
     return True;
 }
@@ -245,6 +269,15 @@ int vfs_stat(connection_struct *conn, char *fname, SMB_STRUCT_STAT *st)
 } 
 
 /*******************************************************************
+ vfs fstat wrapper that calls dos_to_unix.
+********************************************************************/
+
+int vfs_fstat(connection_struct *conn, int fd, SMB_STRUCT_STAT *st)
+{
+	return(conn->vfs_ops.fstat(fd,st));
+} 
+
+/*******************************************************************
  Check if directory exists.
 ********************************************************************/