2
* Store Windows ACLs in a tdb.
4
* Copyright (C) Volker Lendecke, 2008
5
* Copyright (C) Jeremy Allison, 2008
7
* This program is free software; you can redistribute it and/or modify
8
* it under the terms of the GNU General Public License as published by
9
* the Free Software Foundation; either version 3 of the License, or
10
* (at your option) any later version.
12
* This program is distributed in the hope that it will be useful,
13
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
* GNU General Public License for more details.
17
* You should have received a copy of the GNU General Public License
18
* along with this program; if not, see <http://www.gnu.org/licenses/>.
21
/* NOTE: This is an experimental module, not yet finished. JRA. */
24
#include "librpc/gen_ndr/xattr.h"
25
#include "librpc/gen_ndr/ndr_xattr.h"
28
#define DBGC_CLASS DBGC_VFS
30
static unsigned int ref_count;
31
static struct db_context *acl_db;
33
/*******************************************************************
34
Open acl_db if not already open, increment ref count.
35
*******************************************************************/
37
static bool acl_tdb_init(struct db_context **pp_db)
47
dbname = state_path("file_ntacls.tdb");
55
*pp_db = db_open(NULL, dbname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
73
/*******************************************************************
74
Lower ref count and close acl_db if zero.
75
*******************************************************************/
77
static void free_acl_tdb_data(void **pptr)
79
struct db_context **pp_db = (struct db_context **)pptr;
88
/*******************************************************************
89
Fetch_lock the tdb acl record for a file
90
*******************************************************************/
92
static struct db_record *acl_tdb_lock(TALLOC_CTX *mem_ctx,
93
struct db_context *db,
94
const struct file_id *id)
98
/* For backwards compatibility only store the dev/inode. */
99
push_file_id_16((char *)id_buf, id);
100
return db->fetch_locked(db,
102
make_tdb_data(id_buf,
106
/*******************************************************************
107
Delete the tdb acl record for a file
108
*******************************************************************/
110
static NTSTATUS acl_tdb_delete(vfs_handle_struct *handle,
111
struct db_context *db,
112
SMB_STRUCT_STAT *psbuf)
115
struct file_id id = vfs_file_id_from_sbuf(handle->conn, psbuf);
116
struct db_record *rec = acl_tdb_lock(talloc_tos(), db, &id);
119
* If rec == NULL there's not much we can do about it
123
DEBUG(10,("acl_tdb_delete: rec == NULL\n"));
128
status = rec->delete_rec(rec);
133
/*******************************************************************
134
Parse out a struct security_descriptor from a DATA_BLOB.
135
*******************************************************************/
137
static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob,
138
uint32 security_info,
139
struct security_descriptor **ppdesc)
141
TALLOC_CTX *ctx = talloc_tos();
142
struct xattr_NTACL xacl;
143
enum ndr_err_code ndr_err;
146
ndr_err = ndr_pull_struct_blob(pblob, ctx, NULL, &xacl,
147
(ndr_pull_flags_fn_t)ndr_pull_xattr_NTACL);
149
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
150
DEBUG(5, ("parse_acl_blob: ndr_pull_xattr_NTACL failed: %s\n",
151
ndr_errstr(ndr_err)));
152
return ndr_map_error2ntstatus(ndr_err);;
155
if (xacl.version != 2) {
156
return NT_STATUS_REVISION_MISMATCH;
159
*ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, xacl.info.sd_hs->sd->type | SEC_DESC_SELF_RELATIVE,
160
(security_info & OWNER_SECURITY_INFORMATION)
161
? xacl.info.sd_hs->sd->owner_sid : NULL,
162
(security_info & GROUP_SECURITY_INFORMATION)
163
? xacl.info.sd_hs->sd->group_sid : NULL,
164
(security_info & SACL_SECURITY_INFORMATION)
165
? xacl.info.sd_hs->sd->sacl : NULL,
166
(security_info & DACL_SECURITY_INFORMATION)
167
? xacl.info.sd_hs->sd->dacl : NULL,
170
TALLOC_FREE(xacl.info.sd);
172
return (*ppdesc != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY;
175
/*******************************************************************
176
Pull a security descriptor into a DATA_BLOB from a tdb store.
177
*******************************************************************/
179
static NTSTATUS get_acl_blob(TALLOC_CTX *ctx,
180
vfs_handle_struct *handle,
188
struct db_context *db;
190
SMB_STRUCT_STAT sbuf;
192
SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context,
193
return NT_STATUS_INTERNAL_DB_CORRUPTION);
195
if (fsp && fsp->fh->fd != -1) {
196
ret = SMB_VFS_FSTAT(fsp, &sbuf);
198
if (fsp && fsp->posix_open) {
199
ret = SMB_VFS_LSTAT(handle->conn, name, &sbuf);
201
ret = SMB_VFS_STAT(handle->conn, name, &sbuf);
206
return map_nt_error_from_unix(errno);
209
id = vfs_file_id_from_sbuf(handle->conn, &sbuf);
211
/* For backwards compatibility only store the dev/inode. */
212
push_file_id_16((char *)id_buf, &id);
216
make_tdb_data(id_buf, sizeof(id_buf)),
218
return NT_STATUS_INTERNAL_DB_CORRUPTION;
221
pblob->data = data.dptr;
222
pblob->length = data.dsize;
224
DEBUG(10,("get_acl_blob: returned %u bytes from file %s\n",
225
(unsigned int)data.dsize, name ));
227
if (pblob->length == 0 || pblob->data == NULL) {
228
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
233
/*******************************************************************
234
Create a DATA_BLOB from a security descriptor.
235
*******************************************************************/
237
static NTSTATUS create_acl_blob(const struct security_descriptor *psd, DATA_BLOB *pblob)
239
struct xattr_NTACL xacl;
240
struct security_descriptor_hash sd_hs;
241
enum ndr_err_code ndr_err;
242
TALLOC_CTX *ctx = talloc_tos();
248
xacl.info.sd_hs = &sd_hs;
249
xacl.info.sd_hs->sd = CONST_DISCARD(struct security_descriptor *, psd);
250
memset(&xacl.info.sd_hs->hash[0], '\0', 16);
252
ndr_err = ndr_push_struct_blob(
253
pblob, ctx, NULL, &xacl,
254
(ndr_push_flags_fn_t)ndr_push_xattr_NTACL);
256
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
257
DEBUG(5, ("create_acl_blob: ndr_push_xattr_NTACL failed: %s\n",
258
ndr_errstr(ndr_err)));
259
return ndr_map_error2ntstatus(ndr_err);;
265
/*******************************************************************
266
Store a DATA_BLOB into a tdb record given an fsp pointer.
267
*******************************************************************/
269
static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle,
275
SMB_STRUCT_STAT sbuf;
277
struct db_context *db;
278
struct db_record *rec;
281
DEBUG(10,("store_acl_blob_fsp: storing blob length %u on file %s\n",
282
(unsigned int)pblob->length, fsp->fsp_name));
284
SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context,
285
return NT_STATUS_INTERNAL_DB_CORRUPTION);
287
if (fsp->fh->fd != -1) {
288
ret = SMB_VFS_FSTAT(fsp, &sbuf);
290
if (fsp->posix_open) {
291
ret = SMB_VFS_LSTAT(handle->conn, fsp->fsp_name, &sbuf);
293
ret = SMB_VFS_STAT(handle->conn, fsp->fsp_name, &sbuf);
298
return map_nt_error_from_unix(errno);
301
id = vfs_file_id_from_sbuf(handle->conn, &sbuf);
303
/* For backwards compatibility only store the dev/inode. */
304
push_file_id_16((char *)id_buf, &id);
305
rec = db->fetch_locked(db, talloc_tos(),
306
make_tdb_data(id_buf,
309
DEBUG(0, ("store_acl_blob_fsp_tdb: fetch_lock failed\n"));
310
return NT_STATUS_INTERNAL_DB_CORRUPTION;
312
data.dptr = pblob->data;
313
data.dsize = pblob->length;
314
return rec->store(rec, data, 0);
317
/*******************************************************************
318
Store a DATA_BLOB into a tdb record given a pathname.
319
*******************************************************************/
321
static NTSTATUS store_acl_blob_pathname(vfs_handle_struct *handle,
328
SMB_STRUCT_STAT sbuf;
329
struct db_context *db;
330
struct db_record *rec;
333
DEBUG(10,("store_acl_blob_pathname: storing blob "
334
"length %u on file %s\n",
335
(unsigned int)pblob->length, fname));
337
SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context,
338
return NT_STATUS_INTERNAL_DB_CORRUPTION);
340
if (lp_posix_pathnames()) {
341
ret = SMB_VFS_LSTAT(handle->conn, fname, &sbuf);
343
ret = SMB_VFS_STAT(handle->conn, fname, &sbuf);
347
return map_nt_error_from_unix(errno);
350
id = vfs_file_id_from_sbuf(handle->conn, &sbuf);
352
/* For backwards compatibility only store the dev/inode. */
353
push_file_id_16((char *)id_buf, &id);
355
rec = db->fetch_locked(db, talloc_tos(),
356
make_tdb_data(id_buf,
359
DEBUG(0, ("store_acl_blob_pathname_tdb: fetch_lock failed\n"));
360
return NT_STATUS_INTERNAL_DB_CORRUPTION;
362
data.dptr = pblob->data;
363
data.dsize = pblob->length;
364
return rec->store(rec, data, 0);
367
/*******************************************************************
368
Store a DATA_BLOB into an tdb given a pathname.
369
*******************************************************************/
371
static NTSTATUS get_nt_acl_tdb_internal(vfs_handle_struct *handle,
374
uint32 security_info,
375
struct security_descriptor **ppdesc)
377
TALLOC_CTX *ctx = talloc_tos();
381
if (fsp && name == NULL) {
382
name = fsp->fsp_name;
385
DEBUG(10, ("get_nt_acl_tdb_internal: name=%s\n", name));
387
status = get_acl_blob(ctx, handle, fsp, name, &blob);
388
if (!NT_STATUS_IS_OK(status)) {
389
DEBUG(10, ("get_acl_blob returned %s\n", nt_errstr(status)));
393
status = parse_acl_blob(&blob, security_info, ppdesc);
394
if (!NT_STATUS_IS_OK(status)) {
395
DEBUG(10, ("parse_acl_blob returned %s\n",
400
TALLOC_FREE(blob.data);
404
/*********************************************************************
405
Create a default security descriptor for a file in case no inheritance
406
exists. All permissions to the owner and SYSTEM.
407
*********************************************************************/
409
static struct security_descriptor *default_file_sd(TALLOC_CTX *mem_ctx,
410
SMB_STRUCT_STAT *psbuf)
412
struct dom_sid owner_sid, group_sid;
414
struct security_ace *pace = NULL;
415
struct security_acl *pacl = NULL;
417
uid_to_sid(&owner_sid, psbuf->st_uid);
418
gid_to_sid(&group_sid, psbuf->st_gid);
420
pace = TALLOC_ARRAY(mem_ctx, struct security_ace, 2);
425
init_sec_ace(&pace[0], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
426
SEC_RIGHTS_FILE_ALL, 0);
427
init_sec_ace(&pace[1], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,
428
SEC_RIGHTS_FILE_ALL, 0);
430
pacl = make_sec_acl(mem_ctx,
437
return make_sec_desc(mem_ctx,
438
SECURITY_DESCRIPTOR_REVISION_1,
439
SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
447
/*********************************************************************
448
*********************************************************************/
450
static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
455
TALLOC_CTX *ctx = talloc_tos();
457
struct security_descriptor *parent_desc = NULL;
458
struct security_descriptor *psd = NULL;
463
if (!parent_dirname(ctx, fname, &parent_name, NULL)) {
464
return NT_STATUS_NO_MEMORY;
467
DEBUG(10,("inherit_new_acl: check directory %s\n",
470
status = get_nt_acl_tdb_internal(handle,
473
(OWNER_SECURITY_INFORMATION |
474
GROUP_SECURITY_INFORMATION |
475
DACL_SECURITY_INFORMATION),
477
if (NT_STATUS_IS_OK(status)) {
478
/* Create an inherited descriptor from the parent. */
480
if (DEBUGLEVEL >= 10) {
481
DEBUG(10,("inherit_new_acl: parent acl is:\n"));
482
NDR_PRINT_DEBUG(security_descriptor, parent_desc);
485
status = se_create_child_secdesc(ctx,
489
&handle->conn->server_info->ptok->user_sids[PRIMARY_USER_SID_INDEX],
490
&handle->conn->server_info->ptok->user_sids[PRIMARY_GROUP_SID_INDEX],
492
if (!NT_STATUS_IS_OK(status)) {
496
if (DEBUGLEVEL >= 10) {
497
DEBUG(10,("inherit_new_acl: child acl is:\n"));
498
NDR_PRINT_DEBUG(security_descriptor, psd);
502
DEBUG(10,("inherit_new_acl: directory %s failed "
505
nt_errstr(status) ));
508
if (!psd || psd->dacl == NULL) {
509
SMB_STRUCT_STAT sbuf;
513
if (fsp && !fsp->is_directory && fsp->fh->fd != -1) {
514
ret = SMB_VFS_FSTAT(fsp, &sbuf);
516
if (fsp && fsp->posix_open) {
517
ret = SMB_VFS_LSTAT(handle->conn,fname, &sbuf);
519
ret = SMB_VFS_STAT(handle->conn,fname, &sbuf);
523
return map_nt_error_from_unix(errno);
525
psd = default_file_sd(ctx, &sbuf);
527
return NT_STATUS_NO_MEMORY;
530
if (DEBUGLEVEL >= 10) {
531
DEBUG(10,("inherit_new_acl: default acl is:\n"));
532
NDR_PRINT_DEBUG(security_descriptor, psd);
536
status = create_acl_blob(psd, &blob);
537
if (!NT_STATUS_IS_OK(status)) {
541
return store_acl_blob_fsp(handle, fsp, &blob);
543
return store_acl_blob_pathname(handle, fname, &blob);
547
/*********************************************************************
548
Check ACL on open. For new files inherit from parent directory.
549
*********************************************************************/
551
static int open_acl_tdb(vfs_handle_struct *handle,
557
uint32_t access_granted = 0;
558
struct security_descriptor *pdesc = NULL;
559
bool file_existed = true;
560
NTSTATUS status = get_nt_acl_tdb_internal(handle,
563
(OWNER_SECURITY_INFORMATION |
564
GROUP_SECURITY_INFORMATION |
565
DACL_SECURITY_INFORMATION),
567
if (NT_STATUS_IS_OK(status)) {
568
/* See if we can access it. */
569
status = smb1_file_se_access_check(pdesc,
570
handle->conn->server_info->ptok,
573
if (!NT_STATUS_IS_OK(status)) {
574
DEBUG(10,("open_acl_tdb: file %s open "
575
"refused with error %s\n",
577
nt_errstr(status) ));
578
errno = map_errno_from_nt_status(status);
581
} else if (NT_STATUS_EQUAL(status,NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
582
file_existed = false;
585
DEBUG(10,("open_acl_tdb: get_nt_acl_attr_internal for "
586
"file %s returned %s\n",
588
nt_errstr(status) ));
590
fsp->fh->fd = SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode);
592
if (!file_existed && fsp->fh->fd != -1) {
593
/* File was created. Inherit from parent directory. */
594
string_set(&fsp->fsp_name, fname);
595
inherit_new_acl(handle, fname, fsp, false);
601
/*********************************************************************
602
On unlink we need to delete the tdb record (if using tdb).
603
*********************************************************************/
605
static int unlink_acl_tdb(vfs_handle_struct *handle, const char *path)
607
SMB_STRUCT_STAT sbuf;
608
struct db_context *db;
611
SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1);
613
if (lp_posix_pathnames()) {
614
ret = SMB_VFS_LSTAT(handle->conn, path, &sbuf);
616
ret = SMB_VFS_STAT(handle->conn, path, &sbuf);
623
ret = SMB_VFS_NEXT_UNLINK(handle, path);
629
acl_tdb_delete(handle, db, &sbuf);
633
/*********************************************************************
634
Store an inherited SD on mkdir.
635
*********************************************************************/
637
static int mkdir_acl_tdb(vfs_handle_struct *handle, const char *path, mode_t mode)
639
int ret = SMB_VFS_NEXT_MKDIR(handle, path, mode);
644
/* New directory - inherit from parent. */
645
inherit_new_acl(handle, path, NULL, true);
649
/*********************************************************************
650
On rmdir we need to delete the tdb record (if using tdb).
651
*********************************************************************/
653
static int rmdir_acl_tdb(vfs_handle_struct *handle, const char *path)
656
SMB_STRUCT_STAT sbuf;
657
struct db_context *db;
660
SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1);
662
if (lp_posix_pathnames()) {
663
ret = SMB_VFS_LSTAT(handle->conn, path, &sbuf);
665
ret = SMB_VFS_STAT(handle->conn, path, &sbuf);
672
ret = SMB_VFS_NEXT_RMDIR(handle, path);
677
acl_tdb_delete(handle, db, &sbuf);
681
/*********************************************************************
682
Fetch a security descriptor given an fsp.
683
*********************************************************************/
685
static NTSTATUS fget_nt_acl_tdb(vfs_handle_struct *handle, files_struct *fsp,
686
uint32 security_info, struct security_descriptor **ppdesc)
688
NTSTATUS status = get_nt_acl_tdb_internal(handle, fsp,
689
NULL, security_info, ppdesc);
690
if (NT_STATUS_IS_OK(status)) {
691
if (DEBUGLEVEL >= 10) {
692
DEBUG(10,("fget_nt_acl_tdb: returning tdb sd for file %s\n",
694
NDR_PRINT_DEBUG(security_descriptor, *ppdesc);
699
DEBUG(10,("fget_nt_acl_tdb: failed to get tdb sd for file %s, Error %s\n",
701
nt_errstr(status) ));
703
return SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp,
704
security_info, ppdesc);
707
/*********************************************************************
708
Fetch a security descriptor given a pathname.
709
*********************************************************************/
711
static NTSTATUS get_nt_acl_tdb(vfs_handle_struct *handle,
712
const char *name, uint32 security_info, struct security_descriptor **ppdesc)
714
NTSTATUS status = get_nt_acl_tdb_internal(handle, NULL,
715
name, security_info, ppdesc);
716
if (NT_STATUS_IS_OK(status)) {
717
if (DEBUGLEVEL >= 10) {
718
DEBUG(10,("get_nt_acl_tdb: returning tdb sd for file %s\n",
720
NDR_PRINT_DEBUG(security_descriptor, *ppdesc);
725
DEBUG(10,("get_nt_acl_tdb: failed to get tdb sd for file %s, Error %s\n",
727
nt_errstr(status) ));
729
return SMB_VFS_NEXT_GET_NT_ACL(handle, name,
730
security_info, ppdesc);
733
/*********************************************************************
734
Store a security descriptor given an fsp.
735
*********************************************************************/
737
static NTSTATUS fset_nt_acl_tdb(vfs_handle_struct *handle, files_struct *fsp,
738
uint32 security_info_sent, const struct security_descriptor *psd)
743
if (DEBUGLEVEL >= 10) {
744
DEBUG(10,("fset_nt_acl_tdb: incoming sd for file %s\n",
746
NDR_PRINT_DEBUG(security_descriptor,
747
CONST_DISCARD(struct security_descriptor *,psd));
750
status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
751
if (!NT_STATUS_IS_OK(status)) {
755
/* Ensure owner and group are set. */
756
if (!psd->owner_sid || !psd->group_sid) {
758
SMB_STRUCT_STAT sbuf;
759
DOM_SID owner_sid, group_sid;
760
struct security_descriptor *nc_psd = dup_sec_desc(talloc_tos(), psd);
765
if (fsp->is_directory || fsp->fh->fd == -1) {
766
if (fsp->posix_open) {
767
ret = SMB_VFS_LSTAT(fsp->conn,fsp->fsp_name, &sbuf);
769
ret = SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf);
772
ret = SMB_VFS_FSTAT(fsp, &sbuf);
775
/* Lower level acl set succeeded,
776
* so still return OK. */
779
create_file_sids(&sbuf, &owner_sid, &group_sid);
780
/* This is safe as nc_psd is discarded at fn exit. */
781
nc_psd->owner_sid = &owner_sid;
782
nc_psd->group_sid = &group_sid;
783
security_info_sent |= (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION);
788
if ((security_info_sent & DACL_SECURITY_INFORMATION) &&
790
(psd->type & (SE_DESC_DACL_AUTO_INHERITED|
791
SE_DESC_DACL_AUTO_INHERIT_REQ))==
792
(SE_DESC_DACL_AUTO_INHERITED|
793
SE_DESC_DACL_AUTO_INHERIT_REQ) ) {
794
struct security_descriptor *new_psd = NULL;
795
status = append_parent_acl(fsp, psd, &new_psd);
796
if (!NT_STATUS_IS_OK(status)) {
797
/* Lower level acl set succeeded,
798
* so still return OK. */
805
if (DEBUGLEVEL >= 10) {
806
DEBUG(10,("fset_nt_acl_tdb: storing tdb sd for file %s\n",
808
NDR_PRINT_DEBUG(security_descriptor,
809
CONST_DISCARD(struct security_descriptor *,psd));
811
create_acl_blob(psd, &blob);
812
store_acl_blob_fsp(handle, fsp, &blob);
817
/*******************************************************************
818
Handle opening the storage tdb if so configured.
819
*******************************************************************/
821
static int connect_acl_tdb(struct vfs_handle_struct *handle,
825
struct db_context *db;
828
res = SMB_VFS_NEXT_CONNECT(handle, service, user);
833
if (!acl_tdb_init(&db)) {
834
SMB_VFS_NEXT_DISCONNECT(handle);
838
SMB_VFS_HANDLE_SET_DATA(handle, db, free_acl_tdb_data,
839
struct db_context, return -1);
844
/*********************************************************************
845
Remove a Windows ACL - we're setting the underlying POSIX ACL.
846
*********************************************************************/
848
static int sys_acl_set_file_tdb(vfs_handle_struct *handle,
853
SMB_STRUCT_STAT sbuf;
854
struct db_context *db;
857
SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1);
859
if (lp_posix_pathnames()) {
860
ret = SMB_VFS_LSTAT(handle->conn, path, &sbuf);
862
ret = SMB_VFS_STAT(handle->conn, path, &sbuf);
869
ret = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle,
877
acl_tdb_delete(handle, db, &sbuf);
881
/*********************************************************************
882
Remove a Windows ACL - we're setting the underlying POSIX ACL.
883
*********************************************************************/
885
static int sys_acl_set_fd_tdb(vfs_handle_struct *handle,
889
SMB_STRUCT_STAT sbuf;
890
struct db_context *db;
893
SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1);
895
if (fsp->is_directory || fsp->fh->fd == -1) {
896
if (fsp->posix_open) {
897
ret = SMB_VFS_LSTAT(fsp->conn,fsp->fsp_name, &sbuf);
899
ret = SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf);
902
ret = SMB_VFS_FSTAT(fsp, &sbuf);
908
ret = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle,
915
acl_tdb_delete(handle, db, &sbuf);
919
/* VFS operations structure */
921
static vfs_op_tuple skel_op_tuples[] =
923
{SMB_VFS_OP(connect_acl_tdb), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT},
925
{SMB_VFS_OP(mkdir_acl_tdb), SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_TRANSPARENT},
926
{SMB_VFS_OP(rmdir_acl_tdb), SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_TRANSPARENT},
928
{SMB_VFS_OP(open_acl_tdb), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_TRANSPARENT},
929
{SMB_VFS_OP(unlink_acl_tdb), SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_TRANSPARENT},
931
/* NT File ACL operations */
933
{SMB_VFS_OP(fget_nt_acl_tdb),SMB_VFS_OP_FGET_NT_ACL,SMB_VFS_LAYER_TRANSPARENT},
934
{SMB_VFS_OP(get_nt_acl_tdb), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT},
935
{SMB_VFS_OP(fset_nt_acl_tdb),SMB_VFS_OP_FSET_NT_ACL,SMB_VFS_LAYER_TRANSPARENT},
937
/* POSIX ACL operations. */
938
{SMB_VFS_OP(sys_acl_set_file_tdb), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT},
939
{SMB_VFS_OP(sys_acl_set_fd_tdb), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT},
941
{SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
944
NTSTATUS vfs_acl_tdb_init(void)
946
return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "acl_tdb", skel_op_tuples);