acl_common: Avoid "#include vfs_acl_common.c"

This makes vfs_acl_common.c a subsystem of its own that acl_xattr and acl_tdb
now link against, not #include it.

This patch is a bit on the large and clumsy side, but splitting it up would
(I believe) involve a separate intermediate copy of acl_common.c.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

6 files changed, 209 insertions, 86 deletions

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 3f5f0c8ac0f..c4849b6061f 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -20,11 +20,15 @@
  * along with this program; if not, see <http://www.gnu.org/licenses/>.
  */
 
+#include "includes.h"
+#include "vfs_acl_common.h"
 #include "smbd/smbd.h"
 #include "system/filesys.h"
+#include "librpc/gen_ndr/ndr_xattr.h"
 #include "../libcli/security/security.h"
 #include "../librpc/gen_ndr/ndr_security.h"
 #include "../lib/util/bitmap.h"
+#include "lib/crypto/sha256.h"
 #include "passdb/lookup_sid.h"
 
 static NTSTATUS create_acl_blob(const struct security_descriptor *psd,
@@ -32,34 +36,18 @@ static NTSTATUS create_acl_blob(const struct security_descriptor *psd,
 			uint16_t hash_type,
 			uint8_t hash[XATTR_SD_HASH_SIZE]);
 
-static NTSTATUS get_acl_blob(TALLOC_CTX *ctx,
-			vfs_handle_struct *handle,
-			files_struct *fsp,
-			const struct smb_filename *smb_fname,
-			DATA_BLOB *pblob);
-
-static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle,
-			files_struct *fsp,
-			DATA_BLOB *pblob);
-
 #define HASH_SECURITY_INFO (SECINFO_OWNER | \
 				SECINFO_GROUP | \
 				SECINFO_DACL | \
 				SECINFO_SACL)
 
-enum default_acl_style {DEFAULT_ACL_POSIX, DEFAULT_ACL_WINDOWS};
-
 static const struct enum_list default_acl_style[] = {
 	{DEFAULT_ACL_POSIX,	"posix"},
 	{DEFAULT_ACL_WINDOWS,	"windows"}
 };
 
-struct acl_common_config {
-	bool ignore_system_acls;
-	enum default_acl_style default_acl_style;
-};
-
-static bool init_acl_common_config(vfs_handle_struct *handle)
+bool init_acl_common_config(vfs_handle_struct *handle,
+			    const char *module_name)
 {
 	struct acl_common_config *config = NULL;
 
@@ -71,11 +59,11 @@ static bool init_acl_common_config(vfs_handle_struct *handle)
 	}
 
 	config->ignore_system_acls = lp_parm_bool(SNUM(handle->conn),
-						  ACL_MODULE_NAME,
+						  module_name,
 						  "ignore system acls",
 						  false);
 	config->default_acl_style = lp_parm_enum(SNUM(handle->conn),
-						 ACL_MODULE_NAME,
+						 module_name,
 						 "default acl style",
 						 default_acl_style,
 						 DEFAULT_ACL_POSIX);
@@ -854,7 +842,7 @@ static NTSTATUS stat_fsp_or_smb_fname(vfs_handle_struct *handle,
  filesystem sd.
 *******************************************************************/
 
-static NTSTATUS get_nt_acl_internal(
+NTSTATUS get_nt_acl_common(
 	NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx,
 				    vfs_handle_struct *handle,
 				    files_struct *fsp,
@@ -1023,34 +1011,6 @@ fail:
 }
 
 /*********************************************************************
- Fetch a security descriptor given an fsp.
-*********************************************************************/
-
-static NTSTATUS fget_nt_acl_common(vfs_handle_struct *handle,
-				   files_struct *fsp,
-				   uint32_t security_info,
-				   TALLOC_CTX *mem_ctx,
-				   struct security_descriptor **ppdesc)
-{
-	return get_nt_acl_internal(get_acl_blob, handle, fsp, NULL,
-				   security_info, mem_ctx, ppdesc);
-}
-
-/*********************************************************************
- Fetch a security descriptor given a pathname.
-*********************************************************************/
-
-static NTSTATUS get_nt_acl_common(vfs_handle_struct *handle,
-				  const struct smb_filename *smb_fname,
-				  uint32_t security_info,
-				  TALLOC_CTX *mem_ctx,
-				  struct security_descriptor **ppdesc)
-{
-	return get_nt_acl_internal(get_acl_blob, handle, NULL, smb_fname,
-				   security_info, mem_ctx, ppdesc);
-}
-
-/*********************************************************************
  Set the underlying ACL (e.g. POSIX ACLS, POSIX owner, etc)
 *********************************************************************/
 static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp,
@@ -1130,8 +1090,19 @@ static NTSTATUS store_v3_blob(
  Store a security descriptor given an fsp.
 *********************************************************************/
 
-static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
-        uint32_t security_info_sent, const struct security_descriptor *orig_psd)
+NTSTATUS fset_nt_acl_common(
+	NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx,
+				    vfs_handle_struct *handle,
+				    files_struct *fsp,
+				    const struct smb_filename *smb_fname,
+				    DATA_BLOB *pblob),
+	NTSTATUS (*store_acl_blob_fsp_fn)(vfs_handle_struct *handle,
+					  files_struct *fsp,
+					  DATA_BLOB *pblob),
+	const char *module_name,
+	vfs_handle_struct *handle, files_struct *fsp,
+	uint32_t security_info_sent,
+	const struct security_descriptor *orig_psd)
 {
 	NTSTATUS status;
 	int ret;
@@ -1144,7 +1115,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
 	char *sys_acl_description;
 	TALLOC_CTX *frame = talloc_stackframe();
 	bool ignore_file_system_acl = lp_parm_bool(
-	    SNUM(handle->conn), ACL_MODULE_NAME, "ignore system acls", false);
+	    SNUM(handle->conn), module_name, "ignore system acls", false);
 
 	if (DEBUGLEVEL >= 10) {
 		DBG_DEBUG("incoming sd for file %s\n", fsp_str_dbg(fsp));
@@ -1152,7 +1123,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
 			discard_const_p(struct security_descriptor, orig_psd));
 	}
 
-	status = get_nt_acl_internal(get_acl_blob, handle, fsp,
+	status = get_nt_acl_common(get_acl_blob_fn, handle, fsp,
 			NULL,
 			SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL,
 				     frame,
@@ -1211,7 +1182,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
 			}
 		}
 		ZERO_ARRAY(hash);
-		status = store_v3_blob(store_acl_blob_fsp, handle, fsp, psd,
+		status = store_v3_blob(store_acl_blob_fsp_fn, handle, fsp, psd,
 				       NULL, hash);
 
 		TALLOC_FREE(frame);
@@ -1253,7 +1224,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
 	/* If we fail to get the ACL blob (for some reason) then this
 	 * is not fatal, we just work based on the NT ACL only */
 	if (ret != 0) {
-		status = store_v3_blob(store_acl_blob_fsp, handle, fsp, psd,
+		status = store_v3_blob(store_acl_blob_fsp_fn, handle, fsp, psd,
 				       pdesc_next, hash);
 
 		TALLOC_FREE(frame);
@@ -1289,7 +1260,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
 		return status;
 	}
 
-	status = store_acl_blob_fsp(handle, fsp, &blob);
+	status = store_acl_blob_fsp_fn(handle, fsp, &blob);
 
 	TALLOC_FREE(frame);
 	return status;
@@ -1390,8 +1361,8 @@ static int acl_common_remove_object(vfs_handle_struct *handle,
 	return ret;
 }
 
-static int rmdir_acl_common(struct vfs_handle_struct *handle,
-				const struct smb_filename *smb_fname)
+int rmdir_acl_common(struct vfs_handle_struct *handle,
+		     const struct smb_filename *smb_fname)
 {
 	int ret;
 
@@ -1414,7 +1385,7 @@ static int rmdir_acl_common(struct vfs_handle_struct *handle,
 	return -1;
 }
 
-static int unlink_acl_common(struct vfs_handle_struct *handle,
+int unlink_acl_common(struct vfs_handle_struct *handle,
 			const struct smb_filename *smb_fname)
 {
 	int ret;
@@ -1443,9 +1414,9 @@ static int unlink_acl_common(struct vfs_handle_struct *handle,
 	return -1;
 }
 
-static int chmod_acl_module_common(struct vfs_handle_struct *handle,
-			const struct smb_filename *smb_fname,
-			mode_t mode)
+int chmod_acl_module_common(struct vfs_handle_struct *handle,
+			    const struct smb_filename *smb_fname,
+			    mode_t mode)
 {
 	if (smb_fname->flags & SMB_FILENAME_POSIX_PATH) {
 		/* Only allow this on POSIX pathnames. */
@@ -1454,8 +1425,8 @@ static int chmod_acl_module_common(struct vfs_handle_struct *handle,
 	return 0;
 }
 
-static int fchmod_acl_module_common(struct vfs_handle_struct *handle,
-			struct files_struct *fsp, mode_t mode)
+int fchmod_acl_module_common(struct vfs_handle_struct *handle,
+			     struct files_struct *fsp, mode_t mode)
 {
 	if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) {
 		/* Only allow this on POSIX opens. */
@@ -1464,9 +1435,9 @@ static int fchmod_acl_module_common(struct vfs_handle_struct *handle,
 	return 0;
 }
 
-static int chmod_acl_acl_module_common(struct vfs_handle_struct *handle,
-			const struct smb_filename *smb_fname,
-			mode_t mode)
+int chmod_acl_acl_module_common(struct vfs_handle_struct *handle,
+				const struct smb_filename *smb_fname,
+				mode_t mode)
 {
 	if (smb_fname->flags & SMB_FILENAME_POSIX_PATH) {
 		/* Only allow this on POSIX pathnames. */
@@ -1475,8 +1446,8 @@ static int chmod_acl_acl_module_common(struct vfs_handle_struct *handle,
 	return 0;
 }
 
-static int fchmod_acl_acl_module_common(struct vfs_handle_struct *handle,
-			struct files_struct *fsp, mode_t mode)
+int fchmod_acl_acl_module_common(struct vfs_handle_struct *handle,
+				 struct files_struct *fsp, mode_t mode)
 {
 	if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) {
 		/* Only allow this on POSIX opens. */
diff --git a/source3/modules/vfs_acl_common.h b/source3/modules/vfs_acl_common.h
new file mode 100644
index 00000000000..c52fc5094c5
--- /dev/null
+++ b/source3/modules/vfs_acl_common.h
@@ -0,0 +1,79 @@
+/*
+ * Store Windows ACLs in data store - common functions.
+ *
+ * Copyright (C) Volker Lendecke, 2008
+ * Copyright (C) Jeremy Allison, 2009
+ * Copyright (C) Ralph Böhme, 2016
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __VFS_ACL_COMMON_H__
+#define __VFS_ACL_COMMON_H__
+
+enum default_acl_style {DEFAULT_ACL_POSIX, DEFAULT_ACL_WINDOWS};
+
+struct acl_common_config {
+	bool ignore_system_acls;
+	enum default_acl_style default_acl_style;
+};
+
+bool init_acl_common_config(vfs_handle_struct *handle,
+			    const char *module_name);
+
+int rmdir_acl_common(struct vfs_handle_struct *handle,
+		     const struct smb_filename *smb_fname);
+int unlink_acl_common(struct vfs_handle_struct *handle,
+		      const struct smb_filename *smb_fname);
+int chmod_acl_module_common(struct vfs_handle_struct *handle,
+			    const struct smb_filename *smb_fname,
+			    mode_t mode);
+int fchmod_acl_module_common(struct vfs_handle_struct *handle,
+			     struct files_struct *fsp, mode_t mode);
+int chmod_acl_acl_module_common(struct vfs_handle_struct *handle,
+				const struct smb_filename *smb_fname,
+				mode_t mode);
+int fchmod_acl_acl_module_common(struct vfs_handle_struct *handle,
+				 struct files_struct *fsp, mode_t mode);
+
+NTSTATUS get_nt_acl_common(
+	NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx,
+				    vfs_handle_struct *handle,
+				    files_struct *fsp,
+				    const struct smb_filename *smb_fname,
+				    DATA_BLOB *pblob),
+	vfs_handle_struct *handle,
+	files_struct *fsp,
+	const struct smb_filename *smb_fname_in,
+	uint32_t security_info,
+	TALLOC_CTX *mem_ctx,
+	struct security_descriptor **ppdesc);
+
+NTSTATUS fset_nt_acl_common(
+	NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx,
+				    vfs_handle_struct *handle,
+				    files_struct *fsp,
+				    const struct smb_filename *smb_fname,
+				    DATA_BLOB *pblob),
+	NTSTATUS (*store_acl_blob_fsp_fn)(vfs_handle_struct *handle,
+					  files_struct *fsp,
+					  DATA_BLOB *pblob),
+	const char *module_name,
+	vfs_handle_struct *handle, files_struct *fsp,
+        uint32_t security_info_sent,
+	const struct security_descriptor *orig_psd);
+
+
+
+#endif
diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c
index 817add71fb9..c5ffa5e305b 100644
--- a/source3/modules/vfs_acl_tdb.c
+++ b/source3/modules/vfs_acl_tdb.c
@@ -22,18 +22,17 @@
 #include "smbd/smbd.h"
 #include "system/filesys.h"
 #include "librpc/gen_ndr/xattr.h"
-#include "librpc/gen_ndr/ndr_xattr.h"
 #include "../lib/crypto/sha256.h"
 #include "dbwrap/dbwrap.h"
 #include "dbwrap/dbwrap_open.h"
 #include "auth.h"
 #include "util_tdb.h"
+#include "vfs_acl_common.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_VFS
 
 #define ACL_MODULE_NAME "acl_tdb"
-#include "modules/vfs_acl_common.c"
 
 static unsigned int ref_count;
 static struct db_context *acl_db;
@@ -320,7 +319,7 @@ static int connect_acl_tdb(struct vfs_handle_struct *handle,
 		return -1;
 	}
 
-	ok = init_acl_common_config(handle);
+	ok = init_acl_common_config(handle, ACL_MODULE_NAME);
 	if (!ok) {
 		DBG_ERR("init_acl_common_config failed\n");
 		return -1;
@@ -451,6 +450,42 @@ static int sys_acl_set_fd_tdb(vfs_handle_struct *handle,
 	return 0;
 }
 
+static NTSTATUS acl_tdb_fget_nt_acl(vfs_handle_struct *handle,
+				    files_struct *fsp,
+				    uint32_t security_info,
+				    TALLOC_CTX *mem_ctx,
+				    struct security_descriptor **ppdesc)
+{
+	NTSTATUS status;
+	status = get_nt_acl_common(get_acl_blob, handle, fsp, NULL,
+				   security_info, mem_ctx, ppdesc);
+	return status;
+}
+
+static NTSTATUS acl_tdb_get_nt_acl(vfs_handle_struct *handle,
+				   const struct smb_filename *smb_fname,
+				   uint32_t security_info,
+				   TALLOC_CTX *mem_ctx,
+				   struct security_descriptor **ppdesc)
+{
+	NTSTATUS status;
+	status = get_nt_acl_common(get_acl_blob, handle, NULL, smb_fname,
+				   security_info, mem_ctx, ppdesc);
+	return status;
+}
+
+static NTSTATUS acl_tdb_fset_nt_acl(vfs_handle_struct *handle,
+				    files_struct *fsp,
+				    uint32_t security_info_sent,
+				    const struct security_descriptor *psd)
+{
+	NTSTATUS status;
+	status = fset_nt_acl_common(get_acl_blob, store_acl_blob_fsp,
+				    ACL_MODULE_NAME,
+				    handle, fsp, security_info_sent, psd);
+	return status;
+}
+
 static struct vfs_fn_pointers vfs_acl_tdb_fns = {
 	.connect_fn = connect_acl_tdb,
 	.disconnect_fn = disconnect_acl_tdb,
@@ -458,9 +493,9 @@ static struct vfs_fn_pointers vfs_acl_tdb_fns = {
 	.unlink_fn = unlink_acl_tdb,
 	.chmod_fn = chmod_acl_module_common,
 	.fchmod_fn = fchmod_acl_module_common,
-	.fget_nt_acl_fn = fget_nt_acl_common,
-	.get_nt_acl_fn = get_nt_acl_common,
-	.fset_nt_acl_fn = fset_nt_acl_common,
+	.fget_nt_acl_fn = acl_tdb_fget_nt_acl,
+	.get_nt_acl_fn = acl_tdb_get_nt_acl,
+	.fset_nt_acl_fn = acl_tdb_fset_nt_acl,
 	.chmod_acl_fn = chmod_acl_acl_module_common,
 	.fchmod_acl_fn = fchmod_acl_acl_module_common,
 	.sys_acl_set_file_fn = sys_acl_set_file_tdb,
diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c
index 367be65f7a4..38ad81cc244 100644
--- a/source3/modules/vfs_acl_xattr.c
+++ b/source3/modules/vfs_acl_xattr.c
@@ -21,17 +21,15 @@
 #include "includes.h"
 #include "smbd/smbd.h"
 #include "librpc/gen_ndr/xattr.h"
-#include "librpc/gen_ndr/ndr_xattr.h"
 #include "../lib/crypto/sha256.h"
 #include "auth.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_VFS
+#include "vfs_acl_common.h"
 
 /* Pull in the common functions. */
 #define ACL_MODULE_NAME "acl_xattr"
 
-#include "modules/vfs_acl_common.c"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_VFS
 
 /*******************************************************************
  Pull a security descriptor into a DATA_BLOB from a xattr.
@@ -222,7 +220,7 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle,
 		return ret;
 	}
 
-	ok = init_acl_common_config(handle);
+	ok = init_acl_common_config(handle, ACL_MODULE_NAME);
 	if (!ok) {
 		DBG_ERR("init_acl_common_config failed\n");
 		return -1;
@@ -280,15 +278,51 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle,
 	return 0;
 }
 
+static NTSTATUS acl_xattr_fget_nt_acl(vfs_handle_struct *handle,
+				      files_struct *fsp,
+				      uint32_t security_info,
+				      TALLOC_CTX *mem_ctx,
+				      struct security_descriptor **ppdesc)
+{
+	NTSTATUS status;
+	status = get_nt_acl_common(get_acl_blob, handle, fsp, NULL,
+				   security_info, mem_ctx, ppdesc);
+	return status;
+}
+
+static NTSTATUS acl_xattr_get_nt_acl(vfs_handle_struct *handle,
+				     const struct smb_filename *smb_fname,
+				     uint32_t security_info,
+				     TALLOC_CTX *mem_ctx,
+				     struct security_descriptor **ppdesc)
+{
+	NTSTATUS status;
+	status = get_nt_acl_common(get_acl_blob, handle, NULL, smb_fname,
+				   security_info, mem_ctx, ppdesc);
+	return status;
+}
+
+static NTSTATUS acl_xattr_fset_nt_acl(vfs_handle_struct *handle,
+				      files_struct *fsp,
+				      uint32_t security_info_sent,
+				      const struct security_descriptor *psd)
+{
+	NTSTATUS status;
+	status = fset_nt_acl_common(get_acl_blob, store_acl_blob_fsp,
+				    ACL_MODULE_NAME,
+				    handle, fsp, security_info_sent, psd);
+	return status;
+}
+
 static struct vfs_fn_pointers vfs_acl_xattr_fns = {
 	.connect_fn = connect_acl_xattr,
 	.rmdir_fn = rmdir_acl_common,
 	.unlink_fn = unlink_acl_common,
 	.chmod_fn = chmod_acl_module_common,
 	.fchmod_fn = fchmod_acl_module_common,
-	.fget_nt_acl_fn = fget_nt_acl_common,
-	.get_nt_acl_fn = get_nt_acl_common,
-	.fset_nt_acl_fn = fset_nt_acl_common,
+	.fget_nt_acl_fn = acl_xattr_fget_nt_acl,
+	.get_nt_acl_fn = acl_xattr_get_nt_acl,
+	.fset_nt_acl_fn = acl_xattr_fset_nt_acl,
 	.chmod_acl_fn = chmod_acl_acl_module_common,
 	.fchmod_acl_fn = fchmod_acl_acl_module_common,
 	.sys_acl_set_file_fn = sys_acl_set_file_xattr,
diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build
index 840fdef7757..58aaf2e99d9 100644
--- a/source3/modules/wscript_build
+++ b/source3/modules/wscript_build
@@ -4,6 +4,9 @@ bld.SAMBA3_SUBSYSTEM('NFS4_ACLS',
                     source='nfs4_acls.c',
                     deps='samba-util tdb')
 
+bld.SAMBA3_SUBSYSTEM('vfs_acl_common',
+                     source='vfs_acl_common.c')
+
 bld.SAMBA3_SUBSYSTEM('POSIXACL_XATTR',
                  source='posixacl_xattr.c',
                  enabled=(bld.SAMBA3_IS_ENABLED_MODULE('vfs_ceph') or bld.SAMBA3_IS_ENABLED_MODULE('vfs_glusterfs')),
@@ -357,7 +360,7 @@ bld.SAMBA3_MODULE('vfs_syncops',
 bld.SAMBA3_MODULE('vfs_acl_xattr',
                  subsystem='vfs',
                  source='vfs_acl_xattr.c',
-                 deps='samba-util',
+                 deps='samba-util vfs_acl_common',
                  init_function='',
                  internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_acl_xattr'),
                  enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_acl_xattr'))
@@ -365,7 +368,7 @@ bld.SAMBA3_MODULE('vfs_acl_xattr',
 bld.SAMBA3_MODULE('vfs_acl_tdb',
                  subsystem='vfs',
                  source='vfs_acl_tdb.c',
-                 deps='NDR_XATTR tdb',
+                 deps='samba-util vfs_acl_common',
                  init_function='',
                  internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_acl_tdb'),
                  enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_acl_tdb'))
diff --git a/source3/wscript_build b/source3/wscript_build
index 4230b6a3778..7cf757b93d6 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -748,6 +748,7 @@ bld.SAMBA3_LIBRARY('smbd_base',
                         netapi
                         NDR_IOCTL
                         notifyd
+                        vfs_acl_common
                    ''' +
                    bld.env['dmapi_lib'] +
                    bld.env['legacy_quota_libs'] +