diff --git a/source3/modules/non_posix_acls.c b/source3/modules/non_posix_acls.c
new file mode 100644
index 00000000000..245b5c8d218
--- /dev/null
+++ b/source3/modules/non_posix_acls.c
@@ -0,0 +1,102 @@
+/*
+ Unix SMB/CIFS implementation.
+ Access Control List handling
+ Copyright (C) Andrew Bartlett 2012.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+
+#include "includes.h"
+#include "../librpc/gen_ndr/ndr_xattr.h"
+#include "modules/non_posix_acls.h"
+
+int non_posix_sys_acl_blob_get_file_helper(vfs_handle_struct *handle,
+ const char *path_p,
+ DATA_BLOB acl_as_blob,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *blob)
+{
+ int ret;
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct xattr_sys_acl_hash_wrapper acl_wrapper = {};
+ struct smb_filename *smb_fname = NULL;
+ NTSTATUS status = create_synthetic_smb_fname_split(frame, path_p,
+ NULL,
+ &smb_fname);
+ if (!NT_STATUS_IS_OK(status)) {
+ errno = map_errno_from_nt_status(status);
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ acl_wrapper.acl_as_blob = acl_as_blob;
+
+ ret = smb_vfs_call_stat(handle, smb_fname);
+ if (ret == -1) {
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ acl_wrapper.owner = smb_fname->st.st_ex_uid;
+ acl_wrapper.group = smb_fname->st.st_ex_gid;
+ acl_wrapper.mode = smb_fname->st.st_ex_mode;
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_push_struct_blob(blob, mem_ctx,
+ &acl_wrapper,
+ (ndr_push_flags_fn_t)ndr_push_xattr_sys_acl_hash_wrapper))) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ TALLOC_FREE(frame);
+ return 0;
+}
+
+int non_posix_sys_acl_blob_get_fd_helper(vfs_handle_struct *handle,
+ files_struct *fsp,
+ DATA_BLOB acl_as_blob,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *blob)
+{
+ SMB_STRUCT_STAT sbuf;
+ TALLOC_CTX *frame;
+ struct xattr_sys_acl_hash_wrapper acl_wrapper;
+ int ret;
+
+ frame = talloc_stackframe();
+
+ acl_wrapper.acl_as_blob = acl_as_blob;
+
+ ret = smb_vfs_call_fstat(handle, fsp, &sbuf);
+ if (ret == -1) {
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ acl_wrapper.owner = sbuf.st_ex_uid;
+ acl_wrapper.group = sbuf.st_ex_gid;
+ acl_wrapper.mode = sbuf.st_ex_mode;
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_push_struct_blob(blob, mem_ctx,
+ &acl_wrapper,
+ (ndr_push_flags_fn_t)ndr_push_xattr_sys_acl_hash_wrapper))) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ TALLOC_FREE(frame);
+ return 0;
+}
diff --git a/source3/modules/non_posix_acls.h b/source3/modules/non_posix_acls.h
new file mode 100644
index 00000000000..6567a317ff7
--- /dev/null
+++ b/source3/modules/non_posix_acls.h
@@ -0,0 +1,29 @@
+/*
+ Unix SMB/CIFS implementation.
+ Access Control List handling
+ Copyright (C) Andrew Bartlett 2012.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+*/
+
+int non_posix_sys_acl_blob_get_file_helper(vfs_handle_struct *handle,
+ const char *path_p,
+ DATA_BLOB acl_as_blob,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *blob);
+int non_posix_sys_acl_blob_get_fd_helper(vfs_handle_struct *handle,
+ files_struct *fsp,
+ DATA_BLOB acl_as_blob,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *blob);
diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build
index 380afbaf8b2..df861157579 100644
--- a/source3/modules/wscript_build
+++ b/source3/modules/wscript_build
@@ -55,6 +55,11 @@ bld.SAMBA3_SUBSYSTEM('NFS4_ACLS',
source='nfs4_acls.c',
deps='samba-util tdb')
+bld.SAMBA3_LIBRARY('non_posix_acls',
+ source='non_posix_acls.c',
+ deps='samba-util vfs',
+ private_library=True)
+
bld.SAMBA3_SUBSYSTEM('VFS_AIXACL_UTIL',
source='vfs_aixacl_util.c',
enabled=False) #fixme