Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 699 insertions, 0 deletions

diff --git a/source3/modules/vfs_solarisacl.c b/source3/modules/vfs_solarisacl.c
new file mode 100644
index 0000000..d31bda5
--- /dev/null
+++ b/source3/modules/vfs_solarisacl.c
@@ -0,0 +1,699 @@
+/*
+   Unix SMB/Netbios implementation.
+   VFS module to get and set Solaris ACLs
+   Copyright (C) Michael Adam 2006,2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "smbd/smbd.h"
+#include "modules/vfs_solarisacl.h"
+
+/* typedef struct acl SOLARIS_ACE_T; */
+typedef aclent_t SOLARIS_ACE_T;
+typedef aclent_t *SOLARIS_ACL_T;
+typedef int SOLARIS_ACL_TAG_T;   /* the type of an ACL entry */
+typedef o_mode_t SOLARIS_PERM_T;
+
+/* for convenience: check if solaris acl entry is a default entry?  */
+#define _IS_DEFAULT(ace) ((ace).a_type & ACL_DEFAULT)
+#define _IS_OF_TYPE(ace, type) ( \
+	(((type) == SMB_ACL_TYPE_ACCESS) && !_IS_DEFAULT(ace)) \
+	|| \
+	(((type) == SMB_ACL_TYPE_DEFAULT) && _IS_DEFAULT(ace)) \
+)
+
+
+/* prototypes for private functions */
+
+static SOLARIS_ACL_T solaris_acl_init(int count);
+static bool smb_acl_to_solaris_acl(SMB_ACL_T smb_acl, 
+		SOLARIS_ACL_T *solariacl, int *count, 
+		SMB_ACL_TYPE_T type);
+static SMB_ACL_T solaris_acl_to_smb_acl(SOLARIS_ACL_T solarisacl, int count,
+					SMB_ACL_TYPE_T type, TALLOC_CTX *mem_ctx);
+static SOLARIS_ACL_TAG_T smb_tag_to_solaris_tag(SMB_ACL_TAG_T smb_tag);
+static SMB_ACL_TAG_T solaris_tag_to_smb_tag(SOLARIS_ACL_TAG_T solaris_tag);
+static bool solaris_add_to_acl(SOLARIS_ACL_T *solaris_acl, int *count,
+		SOLARIS_ACL_T add_acl, int add_count, SMB_ACL_TYPE_T type);
+static bool solaris_acl_get_file(const char *name, SOLARIS_ACL_T *solarisacl, 
+		int *count);
+static bool solaris_acl_get_fd(int fd, SOLARIS_ACL_T *solarisacl, int *count);
+static bool solaris_acl_sort(SOLARIS_ACL_T theacl, int count);
+static SMB_ACL_PERM_T solaris_perm_to_smb_perm(const SOLARIS_PERM_T perm);
+static SOLARIS_PERM_T smb_perm_to_solaris_perm(const SMB_ACL_PERM_T perm);
+#if 0
+static bool solaris_acl_check(SOLARIS_ACL_T solaris_acl, int count);
+#endif
+
+/* public functions - the api */
+
+static SMB_ACL_T solarisacl_sys_acl_get_file(vfs_handle_struct *handle,
+				const struct smb_filename *smb_fname,
+				SMB_ACL_TYPE_T type,
+				TALLOC_CTX *mem_ctx)
+{
+	SMB_ACL_T result = NULL;
+	int count;
+	SOLARIS_ACL_T solaris_acl = NULL;
+	const char *path_p = smb_fname->base_name;
+	
+	DEBUG(10, ("solarisacl_sys_acl_get_file called for file '%s'.\n", 
+		   path_p));
+
+	if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
+		DEBUG(10, ("invalid SMB_ACL_TYPE given (%d)\n", type));
+		errno = EINVAL;
+		goto done;
+	}
+
+	DEBUGADD(10, ("getting %s acl\n", 
+		      ((type == SMB_ACL_TYPE_ACCESS) ? "access" : "default")));
+
+	if (!solaris_acl_get_file(path_p, &solaris_acl, &count)) {
+		goto done;
+	}
+	result = solaris_acl_to_smb_acl(solaris_acl, count, type, mem_ctx);
+	if (result == NULL) {
+		DEBUG(10, ("conversion solaris_acl -> smb_acl failed (%s).\n",
+			   strerror(errno)));
+	}
+	
+ done:
+	DEBUG(10, ("solarisacl_sys_acl_get_file %s.\n",
+		   ((result == NULL) ? "failed" : "succeeded" )));
+	SAFE_FREE(solaris_acl);
+	return result;
+}
+
+
+/*
+ * get the access ACL of a file referred to by a fd
+ */
+SMB_ACL_T solarisacl_sys_acl_get_fd(vfs_handle_struct *handle,
+				    files_struct *fsp,
+				    SMB_ACL_TYPE_T type,
+				    TALLOC_CTX *mem_ctx)
+{
+	SMB_ACL_T result = NULL;
+	int count;
+	SOLARIS_ACL_T solaris_acl = NULL;
+
+	DEBUG(10, ("entering solarisacl_sys_acl_get_fd.\n"));
+
+	if (!solaris_acl_get_fd(fsp_get_io_fd(fsp), &solaris_acl, &count)) {
+		goto done;
+	}
+
+	if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
+		DEBUG(10, ("invalid SMB_ACL_TYPE given (%d)\n", type));
+		errno = EINVAL;
+		goto done;
+	}
+	/* 
+	 * The facl call returns both ACCESS and DEFAULT acls (as present). 
+	 * The posix acl_get_fd function returns only the
+	 * access acl. So we need to filter this out here.  
+	 */
+	result = solaris_acl_to_smb_acl(solaris_acl, count,
+					type, mem_ctx);
+	if (result == NULL) {
+		DEBUG(10, ("conversion solaris_acl -> smb_acl failed (%s).\n",
+			   strerror(errno)));
+	}
+	
+ done:
+	DEBUG(10, ("solarisacl_sys_acl_get_fd %s.\n", 
+		   ((result == NULL) ? "failed" : "succeeded")));
+	SAFE_FREE(solaris_acl);
+	return result;
+}
+
+/*
+ * set the access ACL on the file referred to by a fd 
+ */
+int solarisacl_sys_acl_set_fd(vfs_handle_struct *handle,
+			      files_struct *fsp,
+			      SMB_ACL_TYPE_T type,
+			      SMB_ACL_T theacl)
+{
+	SOLARIS_ACL_T solaris_acl = NULL;
+	int count;
+	SOLARIS_ACL_T other_acl = NULL;
+	int other_count;
+	SMB_ACL_TYPE_T other_type;
+	int ret = -1;
+
+	DEBUG(10, ("entering solarisacl_sys_acl_set_fd\n"));
+
+	/* 
+	 * the posix acl_set_fd call sets the access acl of the
+	 * file referred to by fd. the solaris facl-SETACL call
+	 * sets the access and default acl as provided, so we
+	 * have to retrieve the default acl of the file and 
+	 * concatenate it with the access acl provided.
+	 */
+	if (!smb_acl_to_solaris_acl(theacl, &solaris_acl, &count, 
+				    type))
+	{
+		DEBUG(10, ("conversion smb_acl -> solaris_acl failed (%s).\n",
+			   strerror(errno)));
+		goto done;
+	}
+	if (!solaris_acl_get_fd(fsp_get_io_fd(fsp), &other_acl, &other_count)) {
+		DEBUG(10, ("error getting (default) acl from fd\n"));
+		goto done;
+	}
+
+	other_type = (type == SMB_ACL_TYPE_ACCESS)
+		? SMB_ACL_TYPE_DEFAULT
+		: SMB_ACL_TYPE_ACCESS;
+
+	if (!solaris_add_to_acl(&solaris_acl, &count,
+				other_acl, other_count,
+				other_type))
+	{
+		DEBUG(10, ("error adding default acl to solaris acl\n"));
+		goto done;
+	}
+	if (!solaris_acl_sort(solaris_acl, count)) {
+		DEBUG(10, ("resulting acl is not valid!\n"));
+		goto done;
+	}
+
+	ret = facl(fsp_get_io_fd(fsp), SETACL, count, solaris_acl);
+	if (ret != 0) {
+		DEBUG(10, ("call of facl failed (%s).\n", strerror(errno)));
+	}
+
+ done:
+	DEBUG(10, ("solarisacl_sys_acl_set_fd %s.\n",
+		   ((ret == 0) ? "succeeded" : "failed" )));
+	SAFE_FREE(solaris_acl);
+	SAFE_FREE(other_acl);
+	return ret;
+}
+
+/*
+ * delete the default ACL of a directory
+ *
+ * This is achieved by fetching the access ACL and rewriting it
+ * directly, via the solaris system call: the SETACL call on
+ * directories writes both the access and the default ACL as provided.
+ *
+ * XXX: posix acl_delete_def_file returns an error if
+ * the file referred to by path is not a directory.
+ * this function does not complain but the actions
+ * have no effect on a file other than a directory.
+ * But sys_acl_delete_default_file is only called in
+ * smbd/posixacls.c after having checked that the file
+ * is a directory, anyways. So implementing the extra
+ * check is considered unnecessary. --- Agreed? XXX
+ */
+int solarisacl_sys_acl_delete_def_fd(vfs_handle_struct *handle,
+				files_struct *fsp)
+{
+	SMB_ACL_T smb_acl;
+	int ret = -1;
+	SOLARIS_ACL_T solaris_acl = NULL;
+	int count;
+
+	DBG_DEBUG("entering solarisacl_sys_acl_delete_def_fd.\n");
+
+	smb_acl = solarisacl_sys_acl_get_file(handle, fsp->fsp_name->base_name,
+					      SMB_ACL_TYPE_ACCESS, talloc_tos());
+	if (smb_acl == NULL) {
+		DBG_DEBUG("getting file acl failed!\n");
+		goto done;
+	}
+	if (!smb_acl_to_solaris_acl(smb_acl, &solaris_acl, &count,
+				    SMB_ACL_TYPE_ACCESS))
+	{
+		DBG_DEBUG("conversion smb_acl -> solaris_acl failed.\n");
+		goto done;
+	}
+	if (!solaris_acl_sort(solaris_acl, count)) {
+		DBG_DEBUG("resulting acl is not valid!\n");
+		goto done;
+	}
+	ret = acl(fsp->fsp_name->base_name, SETACL, count, solaris_acl);
+	if (ret != 0) {
+		DBG_DEBG("settinge file acl failed!\n");
+	}
+
+ done:
+	DBG_DEBUG("solarisacl_sys_acl_delete_def_fd %s.\n",
+		   ((ret != 0) ? "failed" : "succeeded" ));
+	TALLOC_FREE(smb_acl);
+	return ret;
+}
+
+/* private functions */
+
+static SOLARIS_ACL_T solaris_acl_init(int count)
+{
+	SOLARIS_ACL_T solaris_acl = 
+		(SOLARIS_ACL_T)SMB_MALLOC(sizeof(aclent_t) * count);
+	if (solaris_acl == NULL) {
+		errno = ENOMEM;
+	}
+	return solaris_acl;
+}
+
+/*
+ * Convert the SMB acl to the ACCESS or DEFAULT part of a 
+ * solaris ACL, as desired.
+ */
+static bool smb_acl_to_solaris_acl(SMB_ACL_T smb_acl, 
+				   SOLARIS_ACL_T *solaris_acl, int *count, 
+				   SMB_ACL_TYPE_T type)
+{
+	bool ret = False;
+	int i;
+
+	DEBUG(10, ("entering smb_acl_to_solaris_acl\n"));
+	
+	*solaris_acl = NULL;
+	*count = 0;
+
+	for (i = 0; i < smb_acl->count; i++) {
+		const struct smb_acl_entry *smb_entry = &(smb_acl->acl[i]);
+		SOLARIS_ACE_T solaris_entry;
+
+		ZERO_STRUCT(solaris_entry);
+
+		solaris_entry.a_type = smb_tag_to_solaris_tag(smb_entry->a_type);
+		if (solaris_entry.a_type == 0) {
+			DEBUG(10, ("smb_tag to solaris_tag failed\n"));
+			goto fail;
+		}
+		switch(solaris_entry.a_type) {
+		case USER:
+			DEBUG(10, ("got tag type USER with uid %u\n", 
+				   (unsigned int)smb_entry->info.user.uid));
+			solaris_entry.a_id = (uid_t)smb_entry->info.user.uid;
+			break;
+		case GROUP:
+			DEBUG(10, ("got tag type GROUP with gid %u\n", 
+				   (unsigned int)smb_entry->info.group.gid));
+			solaris_entry.a_id = (uid_t)smb_entry->info.group.gid;
+			break;
+		default:
+			break;
+		}
+		if (type == SMB_ACL_TYPE_DEFAULT) {
+			DEBUG(10, ("adding default bit to solaris ace\n"));
+			solaris_entry.a_type |= ACL_DEFAULT;
+		}
+		
+		solaris_entry.a_perm = 
+			smb_perm_to_solaris_perm(smb_entry->a_perm);
+		DEBUG(10, ("assembled the following solaris ace:\n"));
+		DEBUGADD(10, (" - type: 0x%04x\n", solaris_entry.a_type));
+		DEBUGADD(10, (" - id: %u\n", (unsigned int)solaris_entry.a_id));
+		DEBUGADD(10, (" - perm: o%o\n", solaris_entry.a_perm));
+		if (!solaris_add_to_acl(solaris_acl, count, &solaris_entry, 
+					1, type))
+		{
+			DEBUG(10, ("error adding acl entry\n"));
+			goto fail;
+		}
+		DEBUG(10, ("count after adding: %d (i: %d)\n", *count, i));
+		DEBUG(10, ("test, if entry has been copied into acl:\n"));
+		DEBUGADD(10, (" - type: 0x%04x\n",
+			      (*solaris_acl)[(*count)-1].a_type));
+		DEBUGADD(10, (" - id: %u\n",
+			      (unsigned int)(*solaris_acl)[(*count)-1].a_id));
+		DEBUGADD(10, (" - perm: o%o\n",
+			      (*solaris_acl)[(*count)-1].a_perm));
+	}
+
+	ret = True;
+	goto done;
+	
+ fail:
+	SAFE_FREE(*solaris_acl);
+ done:
+	DEBUG(10, ("smb_acl_to_solaris_acl %s\n",
+		   ((ret == True) ? "succeeded" : "failed")));
+	return ret;
+}
+
+/* 
+ * convert either the access or the default part of a 
+ * soaris acl to the SMB_ACL format.
+ */
+static SMB_ACL_T solaris_acl_to_smb_acl(SOLARIS_ACL_T solaris_acl, int count, 
+					SMB_ACL_TYPE_T type, TALLOC_CTX *mem_ctx)
+{
+	SMB_ACL_T result;
+	int i;
+
+	if ((result = sys_acl_init(mem_ctx)) == NULL) {
+		DEBUG(10, ("error allocating memory for SMB_ACL\n"));
+		goto fail;
+	}
+	for (i = 0; i < count; i++) {
+		SMB_ACL_ENTRY_T smb_entry;
+		SMB_ACL_PERM_T smb_perm;
+		
+		if (!_IS_OF_TYPE(solaris_acl[i], type)) {
+			continue;
+		}
+		result->acl = talloc_realloc(result, result->acl, struct smb_acl_entry, result->count + 1);
+		if (result->acl == NULL) {
+			DEBUG(10, ("error reallocating memory for SMB_ACL\n"));
+			goto fail;
+		}
+		smb_entry = &result->acl[result->count];
+		if (sys_acl_set_tag_type(smb_entry,
+					 solaris_tag_to_smb_tag(solaris_acl[i].a_type)) != 0)
+		{
+			DEBUG(10, ("invalid tag type given: 0x%04x\n",
+				   solaris_acl[i].a_type));
+			goto fail;
+		}
+		/* intentionally not checking return code here: */
+		sys_acl_set_qualifier(smb_entry, (void *)&solaris_acl[i].a_id);
+		smb_perm = solaris_perm_to_smb_perm(solaris_acl[i].a_perm);
+		if (sys_acl_set_permset(smb_entry, &smb_perm) != 0) {
+			DEBUG(10, ("invalid permset given: %d\n", 
+				   solaris_acl[i].a_perm));
+			goto fail;
+		}
+		result->count += 1;
+	}
+	goto done;
+	
+ fail:
+	TALLOC_FREE(result);
+ done:
+	DEBUG(10, ("solaris_acl_to_smb_acl %s\n",
+		   ((result == NULL) ? "failed" : "succeeded")));
+	return result;
+}
+
+
+
+static SOLARIS_ACL_TAG_T smb_tag_to_solaris_tag(SMB_ACL_TAG_T smb_tag)
+{
+	SOLARIS_ACL_TAG_T solaris_tag = 0;
+
+	DEBUG(10, ("smb_tag_to_solaris_tag\n"));
+	DEBUGADD(10, (" --> got smb tag 0x%04x\n", smb_tag));
+	
+	switch (smb_tag) {
+	case SMB_ACL_USER:
+		solaris_tag = USER;
+		break;
+	case SMB_ACL_USER_OBJ:
+		solaris_tag = USER_OBJ;
+		break;
+	case SMB_ACL_GROUP:
+		solaris_tag = GROUP;
+		break;
+	case SMB_ACL_GROUP_OBJ:
+		solaris_tag = GROUP_OBJ;
+		break;
+	case SMB_ACL_OTHER:
+		solaris_tag = OTHER_OBJ;
+		break;
+	case SMB_ACL_MASK:
+		solaris_tag = CLASS_OBJ;
+		break;
+	default:
+		DEBUGADD(10, (" !!! unknown smb tag type 0x%04x\n", smb_tag));
+		break;
+	}
+	
+	DEBUGADD(10, (" --> determined solaris tag 0x%04x\n", solaris_tag));
+
+	return solaris_tag;
+}
+
+static SMB_ACL_TAG_T solaris_tag_to_smb_tag(SOLARIS_ACL_TAG_T solaris_tag)
+{
+	SMB_ACL_TAG_T smb_tag = 0;
+
+	DEBUG(10, ("solaris_tag_to_smb_tag:\n"));
+	DEBUGADD(10, (" --> got solaris tag 0x%04x\n", solaris_tag)); 
+	
+	solaris_tag &= ~ACL_DEFAULT; 
+
+	switch (solaris_tag) {
+	case USER:
+		smb_tag = SMB_ACL_USER;
+		break;
+	case USER_OBJ:
+		smb_tag = SMB_ACL_USER_OBJ;
+		break;
+	case GROUP:
+		smb_tag = SMB_ACL_GROUP;
+		break;
+	case GROUP_OBJ:
+		smb_tag = SMB_ACL_GROUP_OBJ;
+		break;
+	case OTHER_OBJ:
+		smb_tag = SMB_ACL_OTHER;
+		break;
+	case CLASS_OBJ:
+		smb_tag = SMB_ACL_MASK;
+		break;
+	default:
+		DEBUGADD(10, (" !!! unknown solaris tag type: 0x%04x\n", 
+					solaris_tag));
+		break;
+	}
+
+	DEBUGADD(10, (" --> determined smb tag 0x%04x\n", smb_tag));
+	
+	return smb_tag;
+}
+
+
+static SMB_ACL_PERM_T solaris_perm_to_smb_perm(const SOLARIS_PERM_T perm)
+{
+	SMB_ACL_PERM_T smb_perm = 0;
+	smb_perm |= ((perm & SMB_ACL_READ) ? SMB_ACL_READ : 0);
+	smb_perm |= ((perm & SMB_ACL_WRITE) ? SMB_ACL_WRITE : 0);
+	smb_perm |= ((perm & SMB_ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0);
+	return smb_perm;
+}
+
+
+static SOLARIS_PERM_T smb_perm_to_solaris_perm(const SMB_ACL_PERM_T perm)
+{
+	SOLARIS_PERM_T solaris_perm = 0;
+	solaris_perm |= ((perm & SMB_ACL_READ) ? SMB_ACL_READ : 0);
+	solaris_perm |= ((perm & SMB_ACL_WRITE) ? SMB_ACL_WRITE : 0);
+	solaris_perm |= ((perm & SMB_ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0);
+	return solaris_perm;
+}
+
+
+static bool solaris_acl_get_file(const char *name, SOLARIS_ACL_T *solaris_acl, 
+				 int *count)
+{
+	bool result = False;
+
+	DEBUG(10, ("solaris_acl_get_file called for file '%s'\n", name));
+	
+	/* 
+	 * The original code tries some INITIAL_ACL_SIZE
+	 * and only did the GETACLCNT call upon failure
+	 * (for performance reasons).
+	 * For the sake of simplicity, I skip this for now. 
+	 */
+	*count = acl(name, GETACLCNT, 0, NULL);
+	if (*count < 0) {
+		DEBUG(10, ("acl GETACLCNT failed: %s\n", strerror(errno)));
+		goto done;
+	}
+	*solaris_acl = solaris_acl_init(*count);
+	if (*solaris_acl == NULL) {
+		DEBUG(10, ("error allocating memory for solaris acl...\n"));
+		goto done;
+	}
+	*count = acl(name, GETACL, *count, *solaris_acl);
+	if (*count < 0) {
+		DEBUG(10, ("acl GETACL failed: %s\n", strerror(errno)));
+		goto done;
+	}
+	result = True;
+
+ done:
+        DEBUG(10, ("solaris_acl_get_file %s.\n",
+		   ((result == True) ? "succeeded" : "failed" )));
+	return result;
+}
+
+
+static bool solaris_acl_get_fd(int fd, SOLARIS_ACL_T *solaris_acl, int *count)
+{
+	bool ret = False;
+
+	DEBUG(10, ("entering solaris_acl_get_fd\n"));
+
+	/* 
+	 * see solaris_acl_get_file for comment about omission 
+	 * of INITIAL_ACL_SIZE... 
+	 */
+	*count = facl(fd, GETACLCNT, 0, NULL);
+	if (*count < 0) {
+		DEBUG(10, ("facl GETACLCNT failed: %s\n", strerror(errno)));
+		goto done;
+	}
+	*solaris_acl = solaris_acl_init(*count);
+	if (*solaris_acl == NULL) {
+		DEBUG(10, ("error allocating memory for solaris acl...\n"));
+		goto done;
+	}
+	*count = facl(fd, GETACL, *count, *solaris_acl);
+	if (*count < 0) {
+		DEBUG(10, ("facl GETACL failed: %s\n", strerror(errno)));
+		goto done;
+	}
+	ret = True;
+
+ done:
+	DEBUG(10, ("solaris_acl_get_fd %s\n",
+		   ((ret == True) ? "succeeded" : "failed")));
+	return ret;
+}
+
+
+
+/*
+ * Add entries to a solaris ACL.
+ *
+ * Entries are directly added to the solarisacl parameter.
+ * if memory allocation fails, this may result in solarisacl 
+ * being NULL. if the resulting acl is to be checked and is 
+ * not valid, it is kept in solarisacl but False is returned.
+ *
+ * The type of ACEs (access/default) to be added to the ACL can 
+ * be selected via the type parameter. 
+ * I use the SMB_ACL_TYPE_T type here. Since SMB_ACL_TYPE_ACCESS
+ * is defined as "0", this means that one can only add either
+ * access or default ACEs, not both at the same time. If it 
+ * should become necessary to add all of an ACL, one would have
+ * to replace this parameter by another type.
+ */
+static bool solaris_add_to_acl(SOLARIS_ACL_T *solaris_acl, int *count,
+			       SOLARIS_ACL_T add_acl, int add_count, 
+			       SMB_ACL_TYPE_T type)
+{
+	int i;
+	
+	if ((type != SMB_ACL_TYPE_ACCESS) && (type != SMB_ACL_TYPE_DEFAULT)) 
+	{
+		DEBUG(10, ("invalid acl type given: %d\n", type));
+		errno = EINVAL;
+		return False;
+	}
+	for (i = 0; i < add_count; i++) {
+		if (!_IS_OF_TYPE(add_acl[i], type)) {
+			continue;
+		}
+		ADD_TO_ARRAY(NULL, SOLARIS_ACE_T, add_acl[i], 
+			     solaris_acl, count);
+		if (solaris_acl == NULL) {
+			DEBUG(10, ("error enlarging acl.\n"));
+			errno = ENOMEM;
+			return False;
+		}
+	}
+	return True;
+}
+
+
+/* 
+ * sort the ACL and check it for validity
+ *
+ * [original comment from lib/sysacls.c:]
+ * 
+ * if it's a minimal ACL with only 4 entries then we
+ * need to recalculate the mask permissions to make
+ * sure that they are the same as the GROUP_OBJ
+ * permissions as required by the UnixWare acl() system call.
+ *
+ * (note: since POSIX allows minimal ACLs which only contain
+ * 3 entries - ie there is no mask entry - we should, in theory,
+ * check for this and add a mask entry if necessary - however
+ * we "know" that the caller of this interface always specifies
+ * a mask, so in practice "this never happens" (tm) - if it *does*
+ * happen aclsort() will fail and return an error and someone will
+ * have to fix it...)
+ */
+static bool solaris_acl_sort(SOLARIS_ACL_T solaris_acl, int count)
+{
+	int fixmask = (count <= 4);
+
+	if (aclsort(count, fixmask, solaris_acl) != 0) {
+		errno = EINVAL;
+		return False;
+	}
+	return True;
+}
+
+#if 0
+/*
+ * acl check function:
+ *   unused at the moment but could be used to get more
+ *   concrete error messages for debugging...
+ *   (acl sort just says that the acl is invalid...)
+ */
+static bool solaris_acl_check(SOLARIS_ACL_T solaris_acl, int count)
+{
+	int check_rc;
+	int check_which;
+	
+	check_rc = aclcheck(solaris_acl, count, &check_which);
+	if (check_rc != 0) {
+		DEBUG(10, ("acl is not valid:\n"));
+		DEBUGADD(10, (" - return code: %d\n", check_rc));
+		DEBUGADD(10, (" - which: %d\n", check_which));
+		if (check_which != -1) {
+			DEBUGADD(10, (" - invalid entry:\n"));
+			DEBUGADD(10, ("   * type: %d:\n", 
+				      solaris_acl[check_which].a_type));
+			DEBUGADD(10, ("   * id: %d\n",
+				      solaris_acl[check_which].a_id));
+			DEBUGADD(10, ("   * perm: 0o%o\n",
+				      solaris_acl[check_which].a_perm));
+		}
+		return False;
+	}
+	return True;
+}
+#endif
+
+static struct vfs_fn_pointers solarisacl_fns = {
+	.sys_acl_get_fd_fn = solarisacl_sys_acl_get_fd,
+	.sys_acl_blob_get_fd_fn = posix_sys_acl_blob_get_fd,
+	.sys_acl_set_fd_fn = solarisacl_sys_acl_set_fd,
+	.sys_acl_delete_def_fd_fn = solarisacl_sys_acl_delete_def_fd,
+};
+
+static_decl_vfs;
+NTSTATUS vfs_solarisacl_init(TALLOC_CTX *ctx)
+{
+	return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "solarisacl",
+				&solarisacl_fns);
+}
+
+/* ENTE */