VFS: SMB_VFS_SYS_ACL_GET_FD: Modify api to take additional type param

Modify all implementations (and the definitions) related to
SMB_VFS_SYS_ACL_GET_FD to accept additional SMB_ACL_TYPE_T type param.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

examples/VFS/skel_opaque.c

@@ -808,7 +808,9 @@ static SMB_ACL_T skel_sys_acl_get_file(vfs_handle_struct *handle,
 }
 
 static SMB_ACL_T skel_sys_acl_get_fd(vfs_handle_struct *handle,
-				     files_struct *fsp, TALLOC_CTX *mem_ctx)
+				     files_struct *fsp,
+				     SMB_ACL_TYPE_T type,
+				     TALLOC_CTX *mem_ctx)
 {
 	errno = ENOSYS;
 	return (SMB_ACL_T) NULL;

examples/VFS/skel_transparent.c

@@ -1075,9 +1075,11 @@ static SMB_ACL_T skel_sys_acl_get_file(vfs_handle_struct *handle,
 }
 
 static SMB_ACL_T skel_sys_acl_get_fd(vfs_handle_struct *handle,
-				     files_struct *fsp, TALLOC_CTX *mem_ctx)
+				     files_struct *fsp,
+				     SMB_ACL_TYPE_T type,
+				     TALLOC_CTX *mem_ctx)
 {
-	return SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx);
+	return SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, type, mem_ctx);
 }
 
 static int skel_sys_acl_blob_get_file(vfs_handle_struct *handle,

source3/include/vfs.h

@@ -1220,6 +1220,7 @@ struct vfs_fn_pointers {
 					 TALLOC_CTX *mem_ctx);
 	SMB_ACL_T (*sys_acl_get_fd_fn)(struct vfs_handle_struct *handle,
 				       struct files_struct *fsp,
+				       SMB_ACL_TYPE_T type,
 				       TALLOC_CTX *mem_ctx);
 	int (*sys_acl_blob_get_file_fn)(struct vfs_handle_struct *handle,
 					const struct smb_filename *smb_fname,
@@ -1731,6 +1732,7 @@ SMB_ACL_T smb_vfs_call_sys_acl_get_file(struct vfs_handle_struct *handle,
 					TALLOC_CTX *mem_ctx);
 SMB_ACL_T smb_vfs_call_sys_acl_get_fd(struct vfs_handle_struct *handle,
 				      struct files_struct *fsp,
+				      SMB_ACL_TYPE_T type,
 				      TALLOC_CTX *mem_ctx);
 int smb_vfs_call_sys_acl_blob_get_file(struct vfs_handle_struct *handle,
 				       const struct smb_filename *smb_fname,
@@ -2142,7 +2144,9 @@ SMB_ACL_T vfs_not_implemented_sys_acl_get_file(vfs_handle_struct *handle,
 					       SMB_ACL_TYPE_T type,
 					       TALLOC_CTX *mem_ctx);
 SMB_ACL_T vfs_not_implemented_sys_acl_get_fd(vfs_handle_struct *handle,
-					     files_struct *fsp, TALLOC_CTX *mem_ctx);
+					     files_struct *fsp,
+					     SMB_ACL_TYPE_T type,
+					     TALLOC_CTX *mem_ctx);
 int vfs_not_implemented_sys_acl_blob_get_file(vfs_handle_struct *handle,
 				const struct smb_filename *smb_fname,
 				TALLOC_CTX *mem_ctx,

source3/include/vfs_macros.h

@@ -494,10 +494,10 @@
 #define SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, smb_fname, type, mem_ctx)		\
 	smb_vfs_call_sys_acl_get_file((handle)->next, (smb_fname), (type), (mem_ctx))
 
-#define SMB_VFS_SYS_ACL_GET_FD(fsp, mem_ctx) \
-	smb_vfs_call_sys_acl_get_fd((fsp)->conn->vfs_handles, (fsp), (mem_ctx))
-#define SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx) \
-	smb_vfs_call_sys_acl_get_fd((handle)->next, (fsp), (mem_ctx))
+#define SMB_VFS_SYS_ACL_GET_FD(fsp, type, mem_ctx) \
+	smb_vfs_call_sys_acl_get_fd((fsp)->conn->vfs_handles, (fsp), (type), (mem_ctx))
+#define SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, type, mem_ctx) \
+	smb_vfs_call_sys_acl_get_fd((handle)->next, (fsp), (type), (mem_ctx))
 
 #define SMB_VFS_SYS_ACL_BLOB_GET_FILE(conn, smb_fname, mem_ctx, blob_description, blob)	\
 	smb_vfs_call_sys_acl_blob_get_file((conn)->vfs_handles, (smb_fname), (mem_ctx), (blob_description), (blob))

source3/lib/sysacls.c

@@ -372,7 +372,7 @@ SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle,
 			 SMB_ACL_TYPE_T type,
 			 TALLOC_CTX *mem_ctx)
 {
-	return posixacl_sys_acl_get_fd(handle, fsp, mem_ctx);
+	return posixacl_sys_acl_get_fd(handle, fsp, type, mem_ctx);
 }
 
 int sys_acl_set_file(vfs_handle_struct *handle,

source3/modules/posixacl_xattr.c

@@ -409,25 +409,36 @@ SMB_ACL_T posixacl_xattr_acl_get_file(vfs_handle_struct *handle,
 
 SMB_ACL_T posixacl_xattr_acl_get_fd(vfs_handle_struct *handle,
 				    files_struct *fsp,
+				    SMB_ACL_TYPE_T type,
 				    TALLOC_CTX *mem_ctx)
 {
 	int ret;
 	int size = ACL_EA_SIZE(20);
 	char *buf = alloca(size);
+	const char *name;
+
+	if (type == SMB_ACL_TYPE_ACCESS) {
+		name = ACL_EA_ACCESS;
+	} else if (type == SMB_ACL_TYPE_DEFAULT) {
+		name = ACL_EA_DEFAULT;
+	} else {
+		errno = EINVAL;
+		return NULL;
+	}
 
 	if (!buf) {
 		return NULL;
 	}
 
-	ret = SMB_VFS_FGETXATTR(fsp, ACL_EA_ACCESS, buf, size);
+	ret = SMB_VFS_FGETXATTR(fsp, name, buf, size);
 	if (ret < 0 && errno == ERANGE) {
-		size = SMB_VFS_FGETXATTR(fsp, ACL_EA_ACCESS, NULL, 0);
+		size = SMB_VFS_FGETXATTR(fsp, name, NULL, 0);
 		if (size > 0) {
 			buf = alloca(size);
 			if (!buf) {
 				return NULL;
 			}
-			ret = SMB_VFS_FGETXATTR(fsp, ACL_EA_ACCESS, buf, size);
+			ret = SMB_VFS_FGETXATTR(fsp, name, buf, size);
 		}
 	}
 

source3/modules/posixacl_xattr.h

@@ -28,6 +28,7 @@ SMB_ACL_T posixacl_xattr_acl_get_file(vfs_handle_struct *handle,
 
 SMB_ACL_T posixacl_xattr_acl_get_fd(vfs_handle_struct *handle,
 				    files_struct *fsp,
+				    SMB_ACL_TYPE_T type,
 				    TALLOC_CTX *mem_ctx);
 
 int posixacl_xattr_acl_set_file(vfs_handle_struct *handle,

source3/modules/vfs_aixacl.c

@@ -83,6 +83,7 @@ SMB_ACL_T aixacl_sys_acl_get_file(vfs_handle_struct *handle,
 
 SMB_ACL_T aixacl_sys_acl_get_fd(vfs_handle_struct *handle,
 				files_struct *fsp,
+				SMB_ACL_TYPE_T type,
 				TALLOC_CTX *mem_ctx)
 {
 
@@ -92,6 +93,11 @@ SMB_ACL_T aixacl_sys_acl_get_fd(vfs_handle_struct *handle,
 	int rc = 0;
 	uid_t user_id;
 
+	/* AIX has no DEFAULT */
+	if  ( type == SMB_ACL_TYPE_DEFAULT ) {
+		return NULL;
+	}
+
 	/* Get the acl using fstatacl */
    
 	DEBUG(10,("Entering AIX sys_acl_get_fd\n"));

source3/modules/vfs_aixacl2.c

@@ -323,10 +323,23 @@ SMB_ACL_T aixjfs2_sys_acl_get_file(vfs_handle_struct *handle,
 }
 
 SMB_ACL_T aixjfs2_sys_acl_get_fd(vfs_handle_struct *handle,
-				 files_struct *fsp, TALLOC_CTX *mem_ctx)
+				 files_struct *fsp,
+				 SMB_ACL_TYPE_T type,
+				 TALLOC_CTX *mem_ctx)
 {
         acl_type_t aixjfs2_type;
-        aixjfs2_type.u64 = ACL_AIXC;
+
+        switch(type) {
+        case SMB_ACL_TYPE_ACCESS:
+                aixjfs2_type.u64 = ACL_AIXC;
+                break;
+        case SMB_ACL_TYPE_DEFAULT:
+                DEBUG(0, ("Got AIX JFS2 unsupported type: %d\n", type));
+                return NULL;
+        default:
+                DEBUG(0, ("Got invalid type: %d\n", type));
+                smb_panic("exiting");
+        }
 
 	return aixjfs2_get_posix_acl(fsp->fsp_name->base_name,
 				     aixjfs2_type, mem_ctx);

source3/modules/vfs_catia.c

@@ -1352,6 +1352,7 @@ static int catia_fsetxattr(struct vfs_handle_struct *handle,
 
 static SMB_ACL_T catia_sys_acl_get_fd(vfs_handle_struct *handle,
 				      files_struct *fsp,
+				      SMB_ACL_TYPE_T type,
 				      TALLOC_CTX *mem_ctx)
 {
 	struct catia_cache *cc = NULL;
@@ -1363,7 +1364,7 @@ static SMB_ACL_T catia_sys_acl_get_fd(vfs_handle_struct *handle,
 		return NULL;
 	}
 
-	result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx);
+	result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, type, mem_ctx);
 
 	CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
 

source3/modules/vfs_default.c

@@ -3252,9 +3252,10 @@ static SMB_ACL_T vfswrap_sys_acl_get_file(vfs_handle_struct *handle,
 
 static SMB_ACL_T vfswrap_sys_acl_get_fd(vfs_handle_struct *handle,
 					files_struct *fsp,
+					SMB_ACL_TYPE_T type,
 					TALLOC_CTX *mem_ctx)
 {
-	return sys_acl_get_fd(handle, fsp, SMB_ACL_TYPE_ACCESS, mem_ctx);
+	return sys_acl_get_fd(handle, fsp, type, mem_ctx);
 }
 
 static int vfswrap_sys_acl_set_fd(vfs_handle_struct *handle,

source3/modules/vfs_fake_acls.c

@@ -291,14 +291,32 @@ static SMB_ACL_T fake_acls_sys_acl_get_file(struct vfs_handle_struct *handle,
 
 static SMB_ACL_T fake_acls_sys_acl_get_fd(struct vfs_handle_struct *handle,
 					  files_struct *fsp,
+					  SMB_ACL_TYPE_T type,
 					  TALLOC_CTX *mem_ctx)
 {
 	DATA_BLOB blob = data_blob_null;
 	ssize_t length;
-	const char *name = FAKE_ACL_ACCESS_XATTR;
+	const char *name = NULL;
 	struct smb_acl_t *acl = NULL;
 	TALLOC_CTX *frame = talloc_stackframe();
 		
+	switch (type) {
+	case SMB_ACL_TYPE_ACCESS:
+		name = FAKE_ACL_ACCESS_XATTR;
+		break;
+	case SMB_ACL_TYPE_DEFAULT:
+		name = FAKE_ACL_DEFAULT_XATTR;
+		break;
+	default:
+		DBG_ERR("Illegal ACL type %d\n", (int)type);
+		break;
+	}
+
+	if (name == NULL) {
+		TALLOC_FREE(frame);
+		return NULL;
+	}
+
 	do {
 		blob.length += 1000;
 		blob.data = talloc_realloc(frame, blob.data, uint8_t, blob.length);
@@ -598,6 +616,7 @@ static int fake_acls_fchmod(vfs_handle_struct *handle,
 
 	the_acl = fake_acls_sys_acl_get_fd(handle,
 				fsp,
+				SMB_ACL_TYPE_ACCESS,
 				talloc_tos());
 	if (the_acl == NULL) {
 		TALLOC_FREE(frame);

source3/modules/vfs_full_audit.c

@@ -2571,11 +2571,16 @@ static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
 }
 
 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
-					       files_struct *fsp, TALLOC_CTX *mem_ctx)
+					       files_struct *fsp,
+					       SMB_ACL_TYPE_T type,
+					       TALLOC_CTX *mem_ctx)
 {
 	SMB_ACL_T result;
 
-	result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx);
+	result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle,
+					     fsp,
+					     type,
+					     mem_ctx);
 
 	do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
 	       "%s", fsp_str_do_log(fsp));

source3/modules/vfs_gpfs.c

@@ -1072,8 +1072,10 @@ static SMB_ACL_T gpfsacl_sys_acl_get_file(vfs_handle_struct *handle,
 
 static SMB_ACL_T gpfsacl_sys_acl_get_fd(vfs_handle_struct *handle,
 					files_struct *fsp,
+					SMB_ACL_TYPE_T type,
 					TALLOC_CTX *mem_ctx)
 {
+	gpfs_aclType_t gpfs_type;
 	struct gpfs_config_data *config;
 
 	SMB_VFS_HANDLE_GET_DATA(handle, config,
@@ -1081,11 +1083,22 @@ static SMB_ACL_T gpfsacl_sys_acl_get_fd(vfs_handle_struct *handle,
 				return NULL);
 
 	if (!config->acl) {
-		return SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx);
+		return SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, type, mem_ctx);
 	}
 
+	switch(type) {
+	case SMB_ACL_TYPE_ACCESS:
+		gpfs_type = GPFS_ACL_TYPE_ACCESS;
+		break;
+	case SMB_ACL_TYPE_DEFAULT:
+		gpfs_type = GPFS_ACL_TYPE_DEFAULT;
+		break;
+	default:
+		DEBUG(0, ("Got invalid type: %d\n", type));
+		smb_panic("exiting");
+	}
 	return gpfsacl_get_posix_acl(fsp->fsp_name->base_name,
-				     GPFS_ACL_TYPE_ACCESS, mem_ctx);
+				     gpfs_type, mem_ctx);
 }
 
 static int gpfsacl_sys_acl_blob_get_file(vfs_handle_struct *handle,

source3/modules/vfs_hpuxacl.c

@@ -189,6 +189,7 @@ SMB_ACL_T hpuxacl_sys_acl_get_file(vfs_handle_struct *handle,
  */
 SMB_ACL_T hpuxacl_sys_acl_get_fd(vfs_handle_struct *handle,
 				 files_struct *fsp,
+				 SMB_ACL_TYPE_T type,
 				 TALLOC_CTX *mem_ctx)
 {
         /* 
@@ -203,7 +204,7 @@ SMB_ACL_T hpuxacl_sys_acl_get_fd(vfs_handle_struct *handle,
 
         return hpuxacl_sys_acl_get_file(handle,
 					fsp->fsp_name->base_name,
-					SMB_ACL_TYPE_ACCESS,
+					type,
 					mem_ctx);
 }
 

source3/modules/vfs_nfs4acl_xattr.c

@@ -634,6 +634,7 @@ static SMB_ACL_T nfs4acl_xattr_fail__sys_acl_get_file(vfs_handle_struct *handle,
 
 static SMB_ACL_T nfs4acl_xattr_fail__sys_acl_get_fd(vfs_handle_struct *handle,
 						    files_struct *fsp,
+						    SMB_ACL_TYPE_T type,
 						    TALLOC_CTX *mem_ctx)
 {
 	return (SMB_ACL_T)NULL;

source3/modules/vfs_not_implemented.c

@@ -812,7 +812,9 @@ SMB_ACL_T vfs_not_implemented_sys_acl_get_file(vfs_handle_struct *handle,
 }
 
 SMB_ACL_T vfs_not_implemented_sys_acl_get_fd(vfs_handle_struct *handle,
-					     files_struct *fsp, TALLOC_CTX *mem_ctx)
+					     files_struct *fsp,
+					     SMB_ACL_TYPE_T type,
+					     TALLOC_CTX *mem_ctx)
 {
 	errno = ENOSYS;
 	return (SMB_ACL_T) NULL;

source3/modules/vfs_posixacl.c

@@ -66,12 +66,27 @@ SMB_ACL_T posixacl_sys_acl_get_file(vfs_handle_struct *handle,
 }
 
 SMB_ACL_T posixacl_sys_acl_get_fd(vfs_handle_struct *handle,
-				  files_struct *fsp, TALLOC_CTX *mem_ctx)
+				  files_struct *fsp,
+				  SMB_ACL_TYPE_T type,
+				  TALLOC_CTX *mem_ctx)
 {
 	struct smb_acl_t *result;
 	acl_t acl = NULL;
+	acl_type_t acl_type;
 
-	if (!fsp->fsp_flags.is_pathref) {
+	switch(type) {
+	case SMB_ACL_TYPE_ACCESS:
+		acl_type = ACL_TYPE_ACCESS;
+		break;
+	case SMB_ACL_TYPE_DEFAULT:
+		acl_type = ACL_TYPE_DEFAULT;
+		break;
+	default:
+		errno = EINVAL;
+		return NULL;
+	}
+	if (!fsp->fsp_flags.is_pathref && (acl_type == ACL_TYPE_ACCESS)) {
+		/* POSIX API only allows ACL_TYPE_ACCESS fetched on fd. */
 		acl = acl_get_fd(fsp_get_io_fd(fsp));
 	} else if (fsp->fsp_flags.have_proc_fds) {
 		int fd = fsp_get_pathref_fd(fsp);
@@ -83,12 +98,12 @@ SMB_ACL_T posixacl_sys_acl_get_fd(vfs_handle_struct *handle,
 			return NULL;
 		}
 
-		acl = acl_get_file(proc_fd_path, ACL_TYPE_ACCESS);
+		acl = acl_get_file(proc_fd_path, acl_type);
 	} else {
 		/*
 		 * This is no longer a handle based call.
 		 */
-		acl = acl_get_file(fsp->fsp_name->base_name, ACL_TYPE_ACCESS);
+		acl = acl_get_file(fsp->fsp_name->base_name, acl_type);
 	}
 	if (acl == NULL) {
 		return NULL;

source3/modules/vfs_posixacl.h

@@ -28,6 +28,7 @@ SMB_ACL_T posixacl_sys_acl_get_file(vfs_handle_struct *handle,
 
 SMB_ACL_T posixacl_sys_acl_get_fd(vfs_handle_struct *handle,
 				  files_struct *fsp,
+				  SMB_ACL_TYPE_T type,
 				  TALLOC_CTX *mem_ctx);
 
 int posixacl_sys_acl_set_file(vfs_handle_struct *handle,

source3/modules/vfs_solarisacl.c

@@ -105,7 +105,9 @@ SMB_ACL_T solarisacl_sys_acl_get_file(vfs_handle_struct *handle,
  * get the access ACL of a file referred to by a fd
  */
 SMB_ACL_T solarisacl_sys_acl_get_fd(vfs_handle_struct *handle,
-				    files_struct *fsp, TALLOC_CTX *mem_ctx)
+				    files_struct *fsp,
+				    SMB_ACL_TYPE_T type,
+				    TALLOC_CTX *mem_ctx)
 {
 	SMB_ACL_T result = NULL;
 	int count;
@@ -116,13 +118,19 @@ SMB_ACL_T solarisacl_sys_acl_get_fd(vfs_handle_struct *handle,
 	if (!solaris_acl_get_fd(fsp_get_io_fd(fsp), &solaris_acl, &count)) {
 		goto done;
 	}
+
+	if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
+		DEBUG(10, ("invalid SMB_ACL_TYPE given (%d)\n", type));
+		errno = EINVAL;
+		goto done;
+	}
 	/* 
 	 * The facl call returns both ACCESS and DEFAULT acls (as present). 
 	 * The posix acl_get_fd function returns only the
 	 * access acl. So we need to filter this out here.  
 	 */
 	result = solaris_acl_to_smb_acl(solaris_acl, count,
-					SMB_ACL_TYPE_ACCESS, mem_ctx);
+					type, mem_ctx);
 	if (result == NULL) {
 		DEBUG(10, ("conversion solaris_acl -> smb_acl failed (%s).\n",
 			   strerror(errno)));

source3/modules/vfs_time_audit.c

@@ -2371,6 +2371,7 @@ static SMB_ACL_T smb_time_audit_sys_acl_get_file(vfs_handle_struct *handle,
 
 static SMB_ACL_T smb_time_audit_sys_acl_get_fd(vfs_handle_struct *handle,
 					       files_struct *fsp,
+					       SMB_ACL_TYPE_T type,
 					       TALLOC_CTX *mem_ctx)
 {
 	SMB_ACL_T result;
@@ -2378,7 +2379,7 @@ static SMB_ACL_T smb_time_audit_sys_acl_get_fd(vfs_handle_struct *handle,
 	double timediff;
 
 	clock_gettime_mono(&ts1);
-	result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx);
+	result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, type, mem_ctx);
 	clock_gettime_mono(&ts2);
 	timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
 

source3/modules/vfs_zfsacl.c

@@ -533,6 +533,7 @@ static SMB_ACL_T zfsacl_fail__sys_acl_get_file(vfs_handle_struct *handle,
 
 static SMB_ACL_T zfsacl_fail__sys_acl_get_fd(vfs_handle_struct *handle,
 					     files_struct *fsp,
+					     SMB_ACL_TYPE_T type,
 					     TALLOC_CTX *mem_ctx)
 {
 	return (SMB_ACL_T)NULL;

source3/smbd/posix_acls.c

@@ -3443,14 +3443,15 @@ NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info,
 	}
 
 	/* Get the ACL from the fd. */
-	posix_acl = SMB_VFS_SYS_ACL_GET_FD(fsp, frame);
+	posix_acl = SMB_VFS_SYS_ACL_GET_FD(fsp,
+					   SMB_ACL_TYPE_ACCESS,
+					   frame);
 
 	/* If it's a directory get the default POSIX ACL. */
 	if(fsp->fsp_flags.is_directory) {
-		def_acl = SMB_VFS_SYS_ACL_GET_FILE(fsp->conn,
-						   fsp->fsp_name,
-						   SMB_ACL_TYPE_DEFAULT,
-						   frame);
+		def_acl = SMB_VFS_SYS_ACL_GET_FD(fsp,
+						 SMB_ACL_TYPE_DEFAULT,
+						 frame);
 		def_acl = free_empty_sys_acl(fsp->conn, def_acl);
 	}
 
@@ -4447,7 +4448,9 @@ static NTSTATUS remove_posix_acl(connection_struct *conn,
 	}
 
 	/* Get the current file ACL. */
-	file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp, talloc_tos());
+	file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp,
+					  SMB_ACL_TYPE_ACCESS,
+					  talloc_tos());
 
 	if (file_acl == NULL) {
 		status = map_nt_error_from_unix(errno);

source3/smbd/trans2.c

@@ -4996,7 +4996,7 @@ static NTSTATUS smb_query_posix_acl(connection_struct *conn,
 		goto out;
 	}
 
-	file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp,
+	file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp, SMB_ACL_TYPE_ACCESS,
 					talloc_tos());
 
 	if (file_acl == NULL && no_acl_syscall_error(errno)) {

source3/smbd/vfs.c

@@ -2759,10 +2759,11 @@ SMB_ACL_T smb_vfs_call_sys_acl_get_file(struct vfs_handle_struct *handle,
 
 SMB_ACL_T smb_vfs_call_sys_acl_get_fd(struct vfs_handle_struct *handle,
 				      struct files_struct *fsp,
+				      SMB_ACL_TYPE_T type,
 				      TALLOC_CTX *mem_ctx)
 {
 	VFS_FIND(sys_acl_get_fd);
-	return handle->fns->sys_acl_get_fd_fn(handle, fsp, mem_ctx);
+	return handle->fns->sys_acl_get_fd_fn(handle, fsp, type, mem_ctx);
 }
 
 int smb_vfs_call_sys_acl_blob_get_file(struct vfs_handle_struct *handle,

source3/torture/cmd_vfs.c

@@ -1817,7 +1817,9 @@ static NTSTATUS cmd_sys_acl_get_fd(struct vfs_state *vfs, TALLOC_CTX *mem_ctx,
 		return NT_STATUS_OK;
 	}
 
-	acl = SMB_VFS_SYS_ACL_GET_FD(vfs->files[fd], talloc_tos());
+	acl = SMB_VFS_SYS_ACL_GET_FD(vfs->files[fd],
+				     SMB_ACL_TYPE_ACCESS,
+				     talloc_tos());
 	if (!acl) {
 		printf("sys_acl_get_fd failed (%s)\n", strerror(errno));
 		return NT_STATUS_UNSUCCESSFUL;