4 files changed, 91 insertions, 30 deletions
diff --git a/source3/modules/gpfs.c b/source3/modules/gpfs.c
index 590dbac26f..a0d33fa33a 100644
--- a/source3/modules/gpfs.c
+++ b/source3/modules/gpfs.c
@@ -141,40 +141,40 @@ void init_gpfs(void)
 		return;
 	}
 
-	libgpfs_handle = sys_dlopen("libgpfs_gpl.so", RTLD_LAZY);
+	libgpfs_handle = dlopen("libgpfs_gpl.so", RTLD_LAZY);
 
 	if (libgpfs_handle == NULL) {
-		DEBUG(10, ("sys_dlopen for libgpfs_gpl failed: %s\n",
+		DEBUG(10, ("dlopen for libgpfs_gpl failed: %s\n",
 			   strerror(errno)));
 		return;
 	}
 
 	DEBUG(10, ("libgpfs_gpl.so loaded\n"));
 
-	gpfs_set_share_fn = sys_dlsym(libgpfs_handle, "gpfs_set_share");
+	gpfs_set_share_fn = dlsym(libgpfs_handle, "gpfs_set_share");
 	if (gpfs_set_share_fn == NULL) {
 		DEBUG(3, ("libgpfs_gpl.so does not contain the symbol "
 			  "'gpfs_set_share'\n"));
 		goto failed;
 	}
 
-	gpfs_set_lease_fn = sys_dlsym(libgpfs_handle, "gpfs_set_lease");
+	gpfs_set_lease_fn = dlsym(libgpfs_handle, "gpfs_set_lease");
 	if (gpfs_set_lease_fn == NULL) {
 		DEBUG(3, ("libgpfs_gpl.so does not contain the symbol "
 			  "'gpfs_set_lease'\n"));
-		sys_dlclose(libgpfs_handle);
+		dlclose(libgpfs_handle);
 
 		goto failed;
 	}
 
-	gpfs_getacl_fn = sys_dlsym(libgpfs_handle, "gpfs_getacl");
+	gpfs_getacl_fn = dlsym(libgpfs_handle, "gpfs_getacl");
 	if (gpfs_getacl_fn == NULL) {
 		DEBUG(3, ("libgpfs_gpl.so does not contain the symbol "
 			  "'gpfs_getacl'\n"));
 		goto failed;
 	}
 
-	gpfs_putacl_fn = sys_dlsym(libgpfs_handle, "gpfs_putacl");
+	gpfs_putacl_fn = dlsym(libgpfs_handle, "gpfs_putacl");
 	if (gpfs_putacl_fn == NULL) {
 		DEBUG(3, ("libgpfs_gpl.so does not contain the symbol "
 			  "'gpfs_putacl'\n"));
@@ -187,7 +187,7 @@ void init_gpfs(void)
 	return;
 
 failed:
-	sys_dlclose(libgpfs_handle);
+	dlclose(libgpfs_handle);
 	/* leave libgpfs_handle != NULL around, no point
 	   in trying twice */
 	gpfs_set_share_fn = NULL;
diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c
index ca34e97155..e465e8f380 100644
--- a/source3/modules/vfs_acl_xattr.c
+++ b/source3/modules/vfs_acl_xattr.c
@@ -144,7 +144,7 @@ static NTSTATUS get_acl_blob(TALLOC_CTX *ctx,
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS create_acl_blob(const SEC_DESC *psd, DATA_BLOB *pblob)
+static NTSTATUS create_acl_blob(const struct security_descriptor *psd, DATA_BLOB *pblob)
 {
 	struct xattr_NTACL xacl;
 	struct security_descriptor_timestamp sd_ts;
@@ -163,7 +163,7 @@ static NTSTATUS create_acl_blob(const SEC_DESC *psd, DATA_BLOB *pblob)
 
 	xacl.version = 2;
 	xacl.info.sd_ts = &sd_ts;
-	xacl.info.sd_ts->sd = CONST_DISCARD(SEC_DESC *, psd);
+	xacl.info.sd_ts->sd = CONST_DISCARD(struct security_descriptor *, psd);
 	unix_timespec_to_nt_time(&xacl.info.sd_ts->last_changed, curr);
 
 	DEBUG(10, ("create_acl_blob: timestamp stored as %s\n",
@@ -250,7 +250,7 @@ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle,
 					files_struct *fsp,
 					const char *name,
 				        uint32 security_info,
-					SEC_DESC **ppdesc)
+					struct security_descriptor **ppdesc)
 {
 	TALLOC_CTX *ctx = talloc_tos();
 	DATA_BLOB blob;
@@ -292,8 +292,50 @@ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle,
 }
 
 /*********************************************************************
- * Currently this only works for existing files. Need to work on
- * inheritance for new files.
+ Create a default security descriptor for a file in case no inheritance
+ exists. All permissions to the owner and SYSTEM.
+*********************************************************************/
+
+static struct security_descriptor *default_file_sd(TALLOC_CTX *mem_ctx,
+						SMB_STRUCT_STAT *psbuf)
+{
+	struct dom_sid owner_sid, group_sid;
+	size_t sd_size;
+	struct security_ace *pace = NULL;
+	struct security_acl *pacl = NULL;
+
+	uid_to_sid(&owner_sid, psbuf->st_uid);
+	gid_to_sid(&group_sid, psbuf->st_gid);
+
+	pace = TALLOC_ARRAY(mem_ctx, struct security_ace, 2);
+	if (!pace) {
+		return NULL;
+	}
+
+	init_sec_ace(&pace[0], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
+			SEC_RIGHTS_FILE_ALL, 0);
+	init_sec_ace(&pace[1], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,
+			SEC_RIGHTS_FILE_ALL, 0);
+
+	pacl = make_sec_acl(mem_ctx,
+				NT4_ACL_REVISION,
+				2,
+				pace);
+	if (!pacl) {
+		return NULL;
+	}
+	return make_sec_desc(mem_ctx,
+			SECURITY_DESCRIPTOR_REVISION_1,
+			SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT|
+				SEC_DESC_DACL_DEFAULTED,
+			&owner_sid,
+			&group_sid,
+			NULL,
+                        pacl,
+			&sd_size);
+}
+
+/*********************************************************************
 *********************************************************************/
 
 static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
@@ -303,8 +345,8 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
 {
 	TALLOC_CTX *ctx = talloc_tos();
 	NTSTATUS status;
-	SEC_DESC *parent_desc = NULL;
-	SEC_DESC *psd = NULL;
+	struct security_descriptor *parent_desc = NULL;
+	struct security_descriptor *psd = NULL;
 	DATA_BLOB blob;
 	size_t size;
 	char *parent_name;
@@ -343,6 +385,25 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
+	if (psd->dacl == NULL) {
+		SMB_STRUCT_STAT sbuf;
+		int ret;
+
+		TALLOC_FREE(psd);
+		if (fsp && !fsp->is_directory && fsp->fh->fd != -1) {
+			ret = SMB_VFS_FSTAT(fsp, &sbuf);
+		} else {
+			ret = SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf);
+		}
+		if (ret == -1) {
+			return map_nt_error_from_unix(errno);
+		}
+		psd = default_file_sd(ctx, &sbuf);
+		if (!psd) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
 	status = create_acl_blob(psd, &blob);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
@@ -365,7 +426,7 @@ static int open_acl_xattr(vfs_handle_struct *handle,
 					mode_t mode)
 {
 	uint32_t access_granted = 0;
-	SEC_DESC *pdesc = NULL;
+	struct security_descriptor *pdesc = NULL;
 	bool file_existed = true;
 	NTSTATUS status = get_nt_acl_xattr_internal(handle,
 					NULL,
@@ -417,7 +478,7 @@ static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t m
 }
 
 static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
-        uint32 security_info, SEC_DESC **ppdesc)
+        uint32 security_info, struct security_descriptor **ppdesc)
 {
 	NTSTATUS status = get_nt_acl_xattr_internal(handle, fsp,
 				NULL, security_info, ppdesc);
@@ -434,7 +495,7 @@ static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
 }
 
 static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle,
-        const char *name, uint32 security_info, SEC_DESC **ppdesc)
+        const char *name, uint32 security_info, struct security_descriptor **ppdesc)
 {
 	NTSTATUS status = get_nt_acl_xattr_internal(handle, NULL,
 				name, security_info, ppdesc);
@@ -451,7 +512,7 @@ static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle,
 }
 
 static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
-        uint32 security_info_sent, const SEC_DESC *psd)
+        uint32 security_info_sent, const struct security_descriptor *psd)
 {
 	NTSTATUS status;
 	DATA_BLOB blob;
@@ -460,7 +521,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
 		DEBUG(10,("fset_nt_acl_xattr: incoming sd for file %s\n",
 			fsp->fsp_name));
 		NDR_PRINT_DEBUG(security_descriptor,
-			CONST_DISCARD(SEC_DESC *,psd));
+			CONST_DISCARD(struct security_descriptor *,psd));
 	}
 
 	status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
@@ -473,7 +534,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
 		int ret;
 		SMB_STRUCT_STAT sbuf;
 		DOM_SID owner_sid, group_sid;
-		SEC_DESC *nc_psd = dup_sec_desc(talloc_tos(), psd);
+		struct security_descriptor *nc_psd = dup_sec_desc(talloc_tos(), psd);
 
 		if (!nc_psd) {
 			return NT_STATUS_OK;
@@ -502,7 +563,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
 				SE_DESC_DACL_AUTO_INHERIT_REQ))==
 				(SE_DESC_DACL_AUTO_INHERITED|
 				SE_DESC_DACL_AUTO_INHERIT_REQ) ) {
-		SEC_DESC *new_psd = NULL;
+		struct security_descriptor *new_psd = NULL;
 		status = append_parent_acl(fsp, psd, &new_psd);
 		if (!NT_STATUS_IS_OK(status)) {
 			/* Lower level acl set succeeded,
@@ -516,7 +577,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
 		DEBUG(10,("fset_nt_acl_xattr: storing xattr sd for file %s\n",
 			fsp->fsp_name));
 		NDR_PRINT_DEBUG(security_descriptor,
-			CONST_DISCARD(SEC_DESC *,psd));
+			CONST_DISCARD(struct security_descriptor *,psd));
 	}
 	create_acl_blob(psd, &blob);
 	store_acl_blob_fsp(fsp, &blob);
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 275c2f53c4..d972828ba9 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -596,7 +596,7 @@ static int vfswrap_chown(vfs_handle_struct *handle, const char *path, uid_t uid,
 	int result;
 
 	START_PROFILE(syscall_chown);
-	result = sys_chown(path, uid, gid);
+	result = chown(path, uid, gid);
 	END_PROFILE(syscall_chown);
 	return result;
 }
@@ -621,7 +621,7 @@ static int vfswrap_lchown(vfs_handle_struct *handle, const char *path, uid_t uid
 	int result;
 
 	START_PROFILE(syscall_lchown);
-	result = sys_lchown(path, uid, gid);
+	result = lchown(path, uid, gid);
 	END_PROFILE(syscall_lchown);
 	return result;
 }
@@ -869,7 +869,7 @@ static int vfswrap_symlink(vfs_handle_struct *handle,  const char *oldpath, cons
 	int result;
 
 	START_PROFILE(syscall_symlink);
-	result = sys_symlink(oldpath, newpath);
+	result = symlink(oldpath, newpath);
 	END_PROFILE(syscall_symlink);
 	return result;
 }
@@ -879,7 +879,7 @@ static int vfswrap_readlink(vfs_handle_struct *handle,  const char *path, char *
 	int result;
 
 	START_PROFILE(syscall_readlink);
-	result = sys_readlink(path, buf, bufsiz);
+	result = readlink(path, buf, bufsiz);
 	END_PROFILE(syscall_readlink);
 	return result;
 }
@@ -889,7 +889,7 @@ static int vfswrap_link(vfs_handle_struct *handle,  const char *oldpath, const c
 	int result;
 
 	START_PROFILE(syscall_link);
-	result = sys_link(oldpath, newpath);
+	result = link(oldpath, newpath);
 	END_PROFILE(syscall_link);
 	return result;
 }
@@ -909,7 +909,7 @@ static char *vfswrap_realpath(vfs_handle_struct *handle,  const char *path, char
 	char *result;
 
 	START_PROFILE(syscall_realpath);
-	result = sys_realpath(path, resolved_path);
+	result = realpath(path, resolved_path);
 	END_PROFILE(syscall_realpath);
 	return result;
 }
diff --git a/source3/modules/vfs_netatalk.c b/source3/modules/vfs_netatalk.c
index 2cc4a6c4ba..ca7085ca18 100644
--- a/source3/modules/vfs_netatalk.c
+++ b/source3/modules/vfs_netatalk.c
@@ -399,7 +399,7 @@ static int atalk_lchown(struct vfs_handle_struct *handle, const char *path, uid_
 		goto exit_lchown;
 	}
 
-	sys_lchown(adbl_path, uid, gid);
+	lchown(adbl_path, uid, gid);
 
 exit_lchown:	
 	talloc_destroy(ctx);