1 After applying this patch, run these commands for a successful build:
4 ./configure --enable-acl-support
7 See the --acls (-A) option in the revised man page for a note on using this
8 latest ACL-enabling patch to send files to an older ACL-enabled rsync.
12 - The -i option does not yet itemize changes in ACL information.
14 - The --link-dest option might link together two files that differ just
15 in their ACL info, and if that happens the file in the --link-dest dir
16 would get its ACLs updated.
20 @@ -25,15 +25,15 @@ VERSION=@VERSION@
24 -HEADERS=byteorder.h config.h errcode.h proto.h rsync.h lib/pool_alloc.h
25 +HEADERS=byteorder.h config.h errcode.h proto.h rsync.h smb_acls.h lib/pool_alloc.h
26 LIBOBJ=lib/wildmatch.o lib/compat.o lib/snprintf.o lib/mdfour.o \
27 - lib/permstring.o lib/pool_alloc.o @LIBOBJS@
28 + lib/permstring.o lib/pool_alloc.o lib/sysacls.o @LIBOBJS@
29 ZLIBOBJ=zlib/deflate.o zlib/inffast.o zlib/inflate.o zlib/inftrees.o \
30 zlib/trees.o zlib/zutil.o zlib/adler32.o zlib/compress.o zlib/crc32.o
31 OBJS1=rsync.o generator.o receiver.o cleanup.o sender.o exclude.o util.o \
32 main.o checksum.o match.o syscall.o log.o backup.o
33 OBJS2=options.o flist.o io.o compat.o hlink.o token.o uidlist.o socket.o \
34 - fileio.o batch.o clientname.o chmod.o
35 + fileio.o batch.o clientname.o chmod.o acls.o
36 OBJS3=progress.o pipe.o
37 DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o
38 popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \
42 +/* -*- c-file-style: "linux" -*-
43 + Copyright (C) Andrew Tridgell 1996
44 + Copyright (C) Paul Mackerras 1996
45 + Copyright (C) Matt McCutchen 2006
46 + Copyright (C) Wayne Davison 2006
48 + This program is free software; you can redistribute it and/or modify
49 + it under the terms of the GNU General Public License as published by
50 + the Free Software Foundation; either version 2 of the License, or
51 + (at your option) any later version.
53 + This program is distributed in the hope that it will be useful,
54 + but WITHOUT ANY WARRANTY; without even the implied warranty of
55 + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
56 + GNU General Public License for more details.
58 + You should have received a copy of the GNU General Public License
59 + along with this program; if not, write to the Free Software
60 + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
63 +/* handle passing ACLs between systems */
66 +#include "lib/sysacls.h"
72 +extern int orig_umask;
73 +extern int preserve_acls;
86 +#define ACL_NO_ENTRY ((uchar)0x80)
90 + /* These will be ACL_NO_ENTRY if there's no such entry. */
97 +static const rsync_acl rsync_acl_initializer = {
98 + {0, 0, NULL}, {0, 0, NULL},
99 + ACL_NO_ENTRY, ACL_NO_ENTRY, ACL_NO_ENTRY, ACL_NO_ENTRY
102 +#define OTHER_TYPE(t) (SMB_ACL_TYPE_ACCESS+SMB_ACL_TYPE_DEFAULT-(t))
103 +#define BUMP_TYPE(t) ((t = OTHER_TYPE(t)) == SMB_ACL_TYPE_DEFAULT)
105 +/* a few useful calculations */
107 +static int count_racl_entries(const rsync_acl *racl)
109 + return racl->users.count + racl->groups.count
110 + + (racl->user_obj != ACL_NO_ENTRY)
111 + + (racl->group_obj != ACL_NO_ENTRY)
112 + + (racl->mask != ACL_NO_ENTRY)
113 + + (racl->other != ACL_NO_ENTRY);
116 +static int calc_sacl_entries(const rsync_acl *racl)
118 + return racl->users.count + racl->groups.count
119 +#ifdef ACLS_NEED_MASK
122 + + (racl->mask != ACL_NO_ENTRY) + 3;
126 +static int rsync_acl_get_perms(const rsync_acl *racl)
128 + /* Note that (ACL_NO_ENTRY & 7) is 0. */
129 + return ((racl->user_obj & 7) << 6)
130 + + (((racl->mask != ACL_NO_ENTRY ? racl->mask : racl->group_obj) & 7) << 3)
131 + + (racl->other & 7);
134 +static void rsync_acl_strip_perms(rsync_acl *racl)
136 + racl->user_obj = ACL_NO_ENTRY;
137 + if (racl->mask == ACL_NO_ENTRY)
138 + racl->group_obj = ACL_NO_ENTRY;
140 + racl->mask = ACL_NO_ENTRY;
141 + racl->other = ACL_NO_ENTRY;
144 +static void expand_ida_list(ida_list *idal)
146 + /* First time through, 0 <= 0, so list is expanded. */
147 + if (idal->malloced <= idal->count) {
148 + id_access *new_ptr;
149 + size_t new_size = idal->malloced + 10;
150 + new_ptr = realloc_array(idal->idas, id_access, new_size);
151 + if (verbose >= 4) {
152 + rprintf(FINFO, "expand rsync_acl to %.0f bytes, did%s move\n",
153 + (double) new_size * sizeof idal->idas[0],
154 + idal->idas ? "" : " not");
157 + idal->idas = new_ptr;
158 + idal->malloced = new_size;
161 + out_of_memory("expand_ida_list");
165 +static void ida_list_free(ida_list *idal)
170 + idal->malloced = 0;
173 +static void rsync_acl_free(rsync_acl *racl)
175 + ida_list_free(&racl->users);
176 + ida_list_free(&racl->groups);
179 +static int id_access_sorter(const void *r1, const void *r2)
181 + id_access *ida1 = (id_access *)r1;
182 + id_access *ida2 = (id_access *)r2;
183 + id_t rid1 = ida1->id, rid2 = ida2->id;
184 + return rid1 == rid2 ? 0 : rid1 < rid2 ? -1 : 1;
187 +static void sort_ida_list(ida_list *idal)
191 + qsort((void **)idal->idas, idal->count, sizeof idal->idas[0],
192 + &id_access_sorter);
195 +static BOOL unpack_smb_acl(rsync_acl *racl, SMB_ACL_T sacl)
197 + SMB_ACL_ENTRY_T entry;
198 + const char *errfun;
201 + *racl = rsync_acl_initializer;
202 + errfun = "sys_acl_get_entry";
203 + for (rc = sys_acl_get_entry(sacl, SMB_ACL_FIRST_ENTRY, &entry);
205 + rc = sys_acl_get_entry(sacl, SMB_ACL_NEXT_ENTRY, &entry)) {
206 + SMB_ACL_TAG_T tag_type;
207 + SMB_ACL_PERMSET_T permset;
212 + if ((rc = sys_acl_get_tag_type(entry, &tag_type))) {
213 + errfun = "sys_acl_get_tag_type";
216 + if ((rc = sys_acl_get_permset(entry, &permset))) {
217 + errfun = "sys_acl_get_tag_type";
220 + access = (sys_acl_get_perm(permset, SMB_ACL_READ) ? 4 : 0)
221 + | (sys_acl_get_perm(permset, SMB_ACL_WRITE) ? 2 : 0)
222 + | (sys_acl_get_perm(permset, SMB_ACL_EXECUTE) ? 1 : 0);
223 + /* continue == done with entry; break == store in given idal */
224 + switch (tag_type) {
225 + case SMB_ACL_USER_OBJ:
226 + if (racl->user_obj == ACL_NO_ENTRY)
227 + racl->user_obj = access;
229 + rprintf(FINFO, "unpack_smb_acl: warning: duplicate USER_OBJ entry ignored\n");
232 + idal = &racl->users;
234 + case SMB_ACL_GROUP_OBJ:
235 + if (racl->group_obj == ACL_NO_ENTRY)
236 + racl->group_obj = access;
238 + rprintf(FINFO, "unpack_smb_acl: warning: duplicate GROUP_OBJ entry ignored\n");
240 + case SMB_ACL_GROUP:
241 + idal = &racl->groups;
244 + if (racl->mask == ACL_NO_ENTRY)
245 + racl->mask = access;
247 + rprintf(FINFO, "unpack_smb_acl: warning: duplicate MASK entry ignored\n");
249 + case SMB_ACL_OTHER:
250 + if (racl->other == ACL_NO_ENTRY)
251 + racl->other = access;
253 + rprintf(FINFO, "unpack_smb_acl: warning: duplicate OTHER entry ignored\n");
256 + rprintf(FINFO, "unpack_smb_acl: warning: entry with unrecognized tag type ignored\n");
259 + if (!(qualifier = sys_acl_get_qualifier(entry))) {
260 + errfun = "sys_acl_get_tag_type";
264 + expand_ida_list(idal);
265 + ida = &idal->idas[idal->count++];
266 + ida->id = *((id_t *)qualifier);
267 + ida->access = access;
268 + sys_acl_free_qualifier(qualifier, tag_type);
271 + rprintf(FERROR, "unpack_smb_acl: %s(): %s\n",
272 + errfun, strerror(errno));
273 + rsync_acl_free(racl);
277 + sort_ida_list(&racl->users);
278 + sort_ida_list(&racl->groups);
283 +static BOOL ida_lists_equal(const ida_list *ial1, const ida_list *ial2)
285 + id_access *ida1, *ida2;
286 + size_t count = ial1->count;
287 + if (count != ial2->count)
291 + for (; count--; ida1++, ida2++) {
292 + if (ida1->access != ida2->access || ida1->id != ida2->id)
298 +static BOOL rsync_acls_equal(const rsync_acl *racl1, const rsync_acl *racl2)
300 + return (racl1->user_obj == racl2->user_obj
301 + && racl1->group_obj == racl2->group_obj
302 + && racl1->mask == racl2->mask
303 + && racl1->other == racl2->other
304 + && ida_lists_equal(&racl1->users, &racl2->users)
305 + && ida_lists_equal(&racl1->groups, &racl2->groups));
308 +static BOOL rsync_acl_extended_parts_equal(const rsync_acl *racl1, const rsync_acl *racl2)
310 + /* We ignore any differences that chmod() can take care of. */
311 + if ((racl1->mask ^ racl2->mask) & ACL_NO_ENTRY)
313 + if (racl1->mask != ACL_NO_ENTRY && racl1->group_obj != racl2->group_obj)
315 + return ida_lists_equal(&racl1->users, &racl2->users)
316 + && ida_lists_equal(&racl1->groups, &racl2->groups);
325 +static rsync_acl_list _rsync_acl_lists[] = {
326 + { 0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */
327 + { 0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */
330 +static inline rsync_acl_list *rsync_acl_lists(SMB_ACL_TYPE_T type)
332 + return &_rsync_acl_lists[type != SMB_ACL_TYPE_ACCESS];
335 +static void expand_rsync_acl_list(rsync_acl_list *racl_list)
337 + /* First time through, 0 <= 0, so list is expanded. */
338 + if (racl_list->malloced <= racl_list->count) {
339 + rsync_acl *new_ptr;
341 + if (racl_list->malloced < 1000)
342 + new_size = racl_list->malloced + 1000;
344 + new_size = racl_list->malloced * 2;
345 + new_ptr = realloc_array(racl_list->racls, rsync_acl, new_size);
346 + if (verbose >= 3) {
347 + rprintf(FINFO, "expand_rsync_acl_list to %.0f bytes, did%s move\n",
348 + (double) new_size * sizeof racl_list->racls[0],
349 + racl_list->racls ? "" : " not");
352 + racl_list->racls = new_ptr;
353 + racl_list->malloced = new_size;
355 + if (!racl_list->racls)
356 + out_of_memory("expand_rsync_acl_list");
360 +static int find_matching_rsync_acl(SMB_ACL_TYPE_T type,
361 + const rsync_acl_list *racl_list,
362 + const rsync_acl *racl)
364 + static int access_match = -1, default_match = -1;
365 + int *match = type == SMB_ACL_TYPE_ACCESS ? &access_match : &default_match;
366 + size_t count = racl_list->count;
368 + /* If this is the first time through or we didn't match the last
369 + * time, then start at the end of the list, which should be the
370 + * best place to start hunting. */
372 + *match = racl_list->count - 1;
374 + if (rsync_acls_equal(&racl_list->racls[*match], racl))
377 + *match = racl_list->count - 1;
384 +/* The general strategy with the tag_type <-> character mapping is that
385 + * lowercase implies that no qualifier follows, where uppercase does.
386 + * A similar idiom for the acl type (access or default) itself, but
387 + * lowercase in this instance means there's no ACL following, so the
388 + * ACL is a repeat, so the receiver should reuse the last of the same
390 +static void send_ida_list(int f, const ida_list *idal, char tag_char)
393 + size_t count = idal->count;
394 + for (ida = idal->idas; count--; ida++) {
395 + write_byte(f, tag_char);
396 + write_byte(f, ida->access);
397 + write_int(f, ida->id);
398 + /* FIXME: sorta wasteful: we should maybe buffer as
399 + * many ids as max(ACL_USER + ACL_GROUP) objects to
400 + * keep from making so many calls. */
401 + if (tag_char == 'U')
408 +static void send_rsync_acl(int f, const rsync_acl *racl)
410 + size_t count = count_racl_entries(racl);
411 + write_int(f, count);
412 + if (racl->user_obj != ACL_NO_ENTRY) {
413 + write_byte(f, 'u');
414 + write_byte(f, racl->user_obj);
416 + send_ida_list(f, &racl->users, 'U');
417 + if (racl->group_obj != ACL_NO_ENTRY) {
418 + write_byte(f, 'g');
419 + write_byte(f, racl->group_obj);
421 + send_ida_list(f, &racl->groups, 'G');
422 + if (racl->mask != ACL_NO_ENTRY) {
423 + write_byte(f, 'm');
424 + write_byte(f, racl->mask);
426 + if (racl->other != ACL_NO_ENTRY) {
427 + write_byte(f, 'o');
428 + write_byte(f, racl->other);
432 +static rsync_acl _curr_rsync_acls[2];
434 +static const char *str_acl_type(SMB_ACL_TYPE_T type)
436 + return type == SMB_ACL_TYPE_ACCESS ? "SMB_ACL_TYPE_ACCESS"
437 + : type == SMB_ACL_TYPE_DEFAULT ? "SMB_ACL_TYPE_DEFAULT"
438 + : "unknown SMB_ACL_TYPE_T";
441 +/* Generate the ACL(s) for this flist entry;
442 + * ACL(s) are either sent or cleaned-up by send_acl() below. */
443 +int make_acl(const struct file_struct *file, const char *fname)
445 + SMB_ACL_TYPE_T type;
446 + rsync_acl *curr_racl;
448 + if (S_ISLNK(file->mode))
451 + curr_racl = &_curr_rsync_acls[0];
452 + type = SMB_ACL_TYPE_ACCESS;
456 + if ((sacl = sys_acl_get_file(fname, type)) != 0) {
457 + ok = unpack_smb_acl(curr_racl, sacl);
458 + sys_acl_free_acl(sacl);
461 + /* Avoid sending a redundant group/mask value. */
462 + if (curr_racl->group_obj == curr_racl->mask
463 + && (preserve_acls == 1
464 + || (!curr_racl->users.count
465 + && !curr_racl->groups.count)))
466 + curr_racl->mask = ACL_NO_ENTRY;
467 + /* Strip access ACLs of permission-bit entries. */
468 + if (type == SMB_ACL_TYPE_ACCESS && preserve_acls == 1)
469 + rsync_acl_strip_perms(curr_racl);
470 + } else if (errno == ENOTSUP) {
471 + /* ACLs are not supported. Leave list empty. */
472 + *curr_racl = rsync_acl_initializer;
474 + rprintf(FERROR, "send_acl: sys_acl_get_file(%s, %s): %s\n",
475 + fname, str_acl_type(type), strerror(errno));
479 + } while (BUMP_TYPE(type) && S_ISDIR(file->mode));
484 +/* Send the make_acl()-generated ACLs for this flist entry,
485 + * or clean up after an flist entry that's not being sent (f == -1). */
486 +void send_acl(const struct file_struct *file, int f)
488 + SMB_ACL_TYPE_T type;
489 + rsync_acl *curr_racl;
491 + if (S_ISLNK(file->mode))
494 + curr_racl = &_curr_rsync_acls[0];
495 + type = SMB_ACL_TYPE_ACCESS;
498 + rsync_acl_list *racl_list = rsync_acl_lists(type);
500 + rsync_acl_free(curr_racl);
503 + if ((index = find_matching_rsync_acl(type, racl_list, curr_racl))
505 + write_byte(f, type == SMB_ACL_TYPE_ACCESS ? 'a' : 'd');
506 + write_int(f, index);
507 + rsync_acl_free(curr_racl);
509 + write_byte(f, type == SMB_ACL_TYPE_ACCESS ? 'A' : 'D');
510 + send_rsync_acl(f, curr_racl);
511 + expand_rsync_acl_list(racl_list);
512 + racl_list->racls[racl_list->count++] = *curr_racl;
515 + } while (BUMP_TYPE(type) && S_ISDIR(file->mode));
518 +/* The below stuff is only used by the receiver: */
520 +/* structure to hold index to rsync_acl_list member corresponding to
521 + * flist->files[i] */
524 + const struct file_struct *file;
531 + file_acl_index *fais;
532 +} file_acl_index_list;
534 +static file_acl_index_list _file_acl_index_lists[] = {
535 + {0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */
536 + {0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */
539 +static inline file_acl_index_list *file_acl_index_lists(SMB_ACL_TYPE_T type)
541 + return &_file_acl_index_lists[type != SMB_ACL_TYPE_ACCESS];
544 +static void expand_file_acl_index_list(file_acl_index_list *flst)
546 + /* First time through, 0 <= 0, so list is expanded. */
547 + if (flst->malloced <= flst->count) {
548 + file_acl_index *new_ptr;
551 + if (flst->malloced < 1000)
552 + new_size = flst->malloced + 1000;
554 + new_size = flst->malloced * 2;
555 + new_ptr = realloc_array(flst->fais, file_acl_index, new_size);
556 + if (verbose >= 3) {
557 + rprintf(FINFO, "expand_file_acl_index_list to %.0f bytes, did%s move\n",
558 + (double) new_size * sizeof flst->fais[0],
559 + flst->fais ? "" : " not");
562 + flst->fais = new_ptr;
563 + flst->malloced = new_size;
566 + out_of_memory("expand_file_acl_index_list");
570 +/* lists to hold the SMB_ACL_Ts corresponding to the rsync_acl_list entries */
578 +static smb_acl_list _smb_acl_lists[] = {
579 + { 0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */
580 + { 0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */
583 +static inline smb_acl_list *smb_acl_lists(SMB_ACL_TYPE_T type)
585 + return &_smb_acl_lists[type != SMB_ACL_TYPE_ACCESS];
588 +static void expand_smb_acl_list(smb_acl_list *sacl_list)
590 + /* First time through, 0 <= 0, so list is expanded. */
591 + if (sacl_list->malloced <= sacl_list->count) {
592 + SMB_ACL_T *new_ptr;
594 + if (sacl_list->malloced < 1000)
595 + new_size = sacl_list->malloced + 1000;
597 + new_size = sacl_list->malloced * 2;
598 + new_ptr = realloc_array(sacl_list->sacls, SMB_ACL_T, new_size);
599 + if (verbose >= 3) {
600 + rprintf(FINFO, "expand_smb_acl_list to %.0f bytes, did%s move\n",
601 + (double) new_size * sizeof sacl_list->sacls[0],
602 + sacl_list->sacls ? "" : " not");
605 + sacl_list->sacls = new_ptr;
606 + sacl_list->malloced = new_size;
608 + if (!sacl_list->sacls)
609 + out_of_memory("expand_smb_acl_list");
613 +#define CALL_OR_ERROR(func,args,str) \
621 +#define COE(func,args) CALL_OR_ERROR(func,args,#func)
622 +#define COE2(func,args) CALL_OR_ERROR(func,args,NULL)
624 +static int store_access_in_entry(uchar access, SMB_ACL_ENTRY_T entry)
626 + const char *errfun = NULL;
627 + SMB_ACL_PERMSET_T permset;
629 + COE( sys_acl_get_permset,(entry, &permset) );
630 + COE( sys_acl_clear_perms,(permset) );
632 + COE( sys_acl_add_perm,(permset, SMB_ACL_READ) );
634 + COE( sys_acl_add_perm,(permset, SMB_ACL_WRITE) );
636 + COE( sys_acl_add_perm,(permset, SMB_ACL_EXECUTE) );
637 + COE( sys_acl_set_permset,(entry, permset) );
642 + rprintf(FERROR, "store_access_in_entry %s(): %s\n", errfun,
647 +/* build an SMB_ACL_T corresponding to an rsync_acl */
648 +static BOOL pack_smb_acl(SMB_ACL_T *smb_acl, const rsync_acl *racl)
652 + const char *errfun = NULL;
653 + SMB_ACL_ENTRY_T entry;
655 + if (!(*smb_acl = sys_acl_init(calc_sacl_entries(racl)))) {
656 + rprintf(FERROR, "pack_smb_acl: sys_acl_init(): %s\n",
661 + COE( sys_acl_create_entry,(smb_acl, &entry) );
662 + COE( sys_acl_set_tag_type,(entry, SMB_ACL_USER_OBJ) );
663 + COE2( store_access_in_entry,(racl->user_obj & 7, entry) );
665 + for (ida = racl->users.idas, count = racl->users.count;
667 + COE( sys_acl_create_entry,(smb_acl, &entry) );
668 + COE( sys_acl_set_tag_type,(entry, SMB_ACL_USER) );
669 + COE( sys_acl_set_qualifier,(entry, (void*)&ida->id) );
670 + COE2( store_access_in_entry,(ida->access, entry) );
673 + COE( sys_acl_create_entry,(smb_acl, &entry) );
674 + COE( sys_acl_set_tag_type,(entry, SMB_ACL_GROUP_OBJ) );
675 + COE2( store_access_in_entry,(racl->group_obj & 7, entry) );
677 + for (ida = racl->groups.idas, count = racl->groups.count;
679 + COE( sys_acl_create_entry,(smb_acl, &entry) );
680 + COE( sys_acl_set_tag_type,(entry, SMB_ACL_GROUP) );
681 + COE( sys_acl_set_qualifier,(entry, (void*)&ida->id) );
682 + COE2( store_access_in_entry,(ida->access, entry) );
684 +#ifndef ACLS_NEED_MASK
685 + if (racl->mask != ACL_NO_ENTRY) {
687 + COE( sys_acl_create_entry,(smb_acl, &entry) );
688 + COE( sys_acl_set_tag_type,(entry, SMB_ACL_MASK) );
689 + COE2( store_access_in_entry,(racl->mask, entry) );
690 +#ifndef ACLS_NEED_MASK
694 + COE( sys_acl_create_entry,(smb_acl, &entry) );
695 + COE( sys_acl_set_tag_type,(entry, SMB_ACL_OTHER) );
696 + COE2( store_access_in_entry,(racl->other & 7, entry) );
699 + if (sys_acl_valid(*smb_acl) < 0)
700 + rprintf(FINFO, "pack_smb_acl: warning: system says the ACL I packed is invalid\n");
707 + rprintf(FERROR, "pack_smb_acl %s(): %s\n", errfun,
710 + sys_acl_free_acl(*smb_acl);
714 +static mode_t change_sacl_perms(SMB_ACL_T sacl, rsync_acl *racl, mode_t old_mode, mode_t mode)
716 + SMB_ACL_ENTRY_T entry;
717 + const char *errfun;
720 + if (S_ISDIR(mode)) {
721 + /* If the sticky bit is going on, it's not safe to allow all
722 + * the new ACLs to go into effect before it gets set. */
723 +#ifdef SMB_ACL_LOSES_SPECIAL_MODE_BITS
724 + if (mode & S_ISVTX)
727 + if (mode & S_ISVTX && !(old_mode & S_ISVTX))
730 + /* If setuid or setgid is going off, it's not safe to allow all
731 + * the new ACLs to go into effect before they get cleared. */
732 + if ((old_mode & S_ISUID && !(mode & S_ISUID))
733 + || (old_mode & S_ISGID && !(mode & S_ISGID)))
738 + errfun = "sys_acl_get_entry";
739 + for (rc = sys_acl_get_entry(sacl, SMB_ACL_FIRST_ENTRY, &entry);
741 + rc = sys_acl_get_entry(sacl, SMB_ACL_NEXT_ENTRY, &entry)) {
742 + SMB_ACL_TAG_T tag_type;
743 + if ((rc = sys_acl_get_tag_type(entry, &tag_type))) {
744 + errfun = "sys_acl_get_tag_type";
747 + switch (tag_type) {
748 + case SMB_ACL_USER_OBJ:
749 + COE2( store_access_in_entry,((mode >> 6) & 7, entry) );
751 + case SMB_ACL_GROUP_OBJ:
752 + /* group is only empty when identical to group perms. */
753 + if (racl->group_obj != ACL_NO_ENTRY)
755 + COE2( store_access_in_entry,((mode >> 3) & 7, entry) );
758 +#ifndef ACLS_NEED_MASK
759 + /* mask is only empty when we don't need it. */
760 + if (racl->mask == ACL_NO_ENTRY)
763 + COE2( store_access_in_entry,((mode >> 3) & 7, entry) );
765 + case SMB_ACL_OTHER:
766 + COE2( store_access_in_entry,(mode & 7, entry) );
773 + rprintf(FERROR, "change_sacl_perms: %s(): %s\n",
774 + errfun, strerror(errno));
779 +#ifdef SMB_ACL_LOSES_SPECIAL_MODE_BITS
780 + /* Ensure that chmod() will be called to restore any lost setid bits. */
781 + if (old_mode & (S_ISUID | S_ISGID | S_ISVTX)
782 + && (old_mode & CHMOD_BITS) == (mode & CHMOD_BITS))
783 + old_mode &= ~(S_ISUID | S_ISGID | S_ISVTX);
786 + /* Return the mode of the file on disk, as we will set them. */
787 + return (old_mode & ~ACCESSPERMS) | (mode & ACCESSPERMS);
790 +static void receive_rsync_acl(rsync_acl *racl, int f, SMB_ACL_TYPE_T type)
792 + uchar computed_mask_bits = 0;
793 + ida_list *idal = NULL;
797 + *racl = rsync_acl_initializer;
799 + if (!(count = read_int(f)))
803 + char tag = read_byte(f);
804 + uchar access = read_byte(f);
805 + if (access & ~ (4 | 2 | 1)) {
806 + rprintf(FERROR, "receive_rsync_acl: bogus permset %o\n",
808 + exit_cleanup(RERR_STREAMIO);
812 + if (racl->user_obj != ACL_NO_ENTRY) {
813 + rprintf(FERROR, "receive_rsync_acl: error: duplicate USER_OBJ entry\n");
814 + exit_cleanup(RERR_STREAMIO);
816 + racl->user_obj = access;
819 + idal = &racl->users;
822 + if (racl->group_obj != ACL_NO_ENTRY) {
823 + rprintf(FERROR, "receive_rsync_acl: error: duplicate GROUP_OBJ entry\n");
824 + exit_cleanup(RERR_STREAMIO);
826 + racl->group_obj = access;
829 + idal = &racl->groups;
832 + if (racl->mask != ACL_NO_ENTRY) {
833 + rprintf(FERROR, "receive_rsync_acl: error: duplicate MASK entry\n");
834 + exit_cleanup(RERR_STREAMIO);
836 + racl->mask = access;
839 + if (racl->other != ACL_NO_ENTRY) {
840 + rprintf(FERROR, "receive_rsync_acl: error: duplicate OTHER entry\n");
841 + exit_cleanup(RERR_STREAMIO);
843 + racl->other = access;
846 + rprintf(FERROR, "receive_rsync_acl: unknown tag %c\n",
848 + exit_cleanup(RERR_STREAMIO);
850 + expand_ida_list(idal);
851 + ida = &idal->idas[idal->count++];
852 + ida->access = access;
853 + ida->id = read_int(f);
854 + computed_mask_bits |= access;
857 + if (type == SMB_ACL_TYPE_DEFAULT) {
858 + /* Ensure that these are never unset. */
859 + if (racl->user_obj == ACL_NO_ENTRY)
860 + racl->user_obj = 7;
861 + if (racl->group_obj == ACL_NO_ENTRY)
862 + racl->group_obj = 0;
863 + if (racl->other == ACL_NO_ENTRY)
866 +#ifndef ACLS_NEED_MASK
867 + if (!racl->users.count && !racl->groups.count) {
868 + /* If we, a system without ACLS_NEED_MASK, received a
869 + * superfluous mask, throw it away. */
870 + if (racl->mask != ACL_NO_ENTRY) {
871 + /* mask off group perms with it first */
872 + racl->group_obj &= racl->mask | ACL_NO_ENTRY;
873 + racl->mask = ACL_NO_ENTRY;
877 + if (racl->mask == ACL_NO_ENTRY) /* Always non-empty when needed. */
878 + racl->mask = computed_mask_bits | (racl->group_obj & 7);
881 +/* receive and build the rsync_acl_lists */
882 +void receive_acl(struct file_struct *file, int f)
884 + SMB_ACL_TYPE_T type;
887 + if (S_ISLNK(file->mode))
890 + fname = f_name(file, NULL);
891 + type = SMB_ACL_TYPE_ACCESS;
894 + file_acl_index_list *flst = file_acl_index_lists(type);
896 + expand_file_acl_index_list(flst);
898 + tag = read_byte(f);
899 + if (tag == 'A' || tag == 'a') {
900 + if (type != SMB_ACL_TYPE_ACCESS) {
901 + rprintf(FERROR, "receive_acl %s: duplicate access ACL\n",
903 + exit_cleanup(RERR_STREAMIO);
905 + } else if (tag == 'D' || tag == 'd') {
906 + if (type == SMB_ACL_TYPE_ACCESS) {
907 + rprintf(FERROR, "receive_acl %s: expecting access ACL; got default\n",
909 + exit_cleanup(RERR_STREAMIO);
912 + rprintf(FERROR, "receive_acl %s: unknown ACL type tag: %c\n",
914 + exit_cleanup(RERR_STREAMIO);
916 + if (tag == 'A' || tag == 'D') {
918 + rsync_acl_list *racl_list = rsync_acl_lists(type);
919 + smb_acl_list *sacl_list = smb_acl_lists(type);
920 + flst->fais[flst->count].aclidx = racl_list->count;
921 + flst->fais[flst->count++].file = file;
922 + receive_rsync_acl(&racl, f, type);
923 + expand_rsync_acl_list(racl_list);
924 + racl_list->racls[racl_list->count++] = racl;
925 + expand_smb_acl_list(sacl_list);
926 + sacl_list->sacls[sacl_list->count++] = NULL;
928 + int index = read_int(f);
929 + rsync_acl_list *racl_list = rsync_acl_lists(type);
930 + if ((size_t) index >= racl_list->count) {
931 + rprintf(FERROR, "receive_acl %s: %s ACL index %d out of range\n",
933 + str_acl_type(type),
935 + exit_cleanup(RERR_STREAMIO);
937 + flst->fais[flst->count].aclidx = index;
938 + flst->fais[flst->count++].file = file;
940 + } while (BUMP_TYPE(type) && S_ISDIR(file->mode));
943 +static int file_acl_index_list_sorter(const void *f1, const void *f2)
945 + const file_acl_index *fileaclidx1 = (const file_acl_index *)f1;
946 + const file_acl_index *fileaclidx2 = (const file_acl_index *)f2;
947 + return fileaclidx1->file == fileaclidx2->file ? 0
948 + : fileaclidx1->file < fileaclidx2->file ? -1 : 1;
951 +void sort_file_acl_index_lists()
953 + SMB_ACL_TYPE_T type;
955 + type = SMB_ACL_TYPE_ACCESS;
957 + file_acl_index_list *flst = file_acl_index_lists(type);
962 + qsort(flst->fais, flst->count, sizeof flst->fais[0],
963 + &file_acl_index_list_sorter);
964 + } while (BUMP_TYPE(type));
967 +static int find_file_acl_index(const file_acl_index_list *flst,
968 + const struct file_struct *file)
970 + int low = 0, high = flst->count;
971 + const struct file_struct *file_mid;
976 + int mid = (high + low) / 2;
977 + file_mid = flst->fais[mid].file;
978 + if (file_mid == file)
979 + return flst->fais[mid].aclidx;
980 + if (file_mid > file)
984 + } while (low < high);
986 + file_mid = flst->fais[low].file;
987 + if (file_mid == file)
988 + return flst->fais[low].aclidx;
991 + "find_file_acl_index: can't find entry for file in list\n");
992 + exit_cleanup(RERR_STREAMIO);
996 +/* for duplicating ACLs on backups when using backup_dir */
997 +int dup_acl(const char *orig, const char *bak, mode_t mode)
999 + SMB_ACL_TYPE_T type;
1002 + type = SMB_ACL_TYPE_ACCESS;
1004 + SMB_ACL_T sacl_orig, sacl_bak;
1005 + rsync_acl racl_orig, racl_bak;
1006 + if (!(sacl_orig = sys_acl_get_file(orig, type))) {
1007 + rprintf(FERROR, "dup_acl: sys_acl_get_file(%s, %s): %s\n",
1008 + orig, str_acl_type(type), strerror(errno));
1012 + if (!(sacl_bak = sys_acl_get_file(orig, type))) {
1013 + rprintf(FERROR, "dup_acl: sys_acl_get_file(%s, %s): %s. ignoring\n",
1014 + bak, str_acl_type(type), strerror(errno));
1016 + /* try to forge on through */
1018 + if (!unpack_smb_acl(&racl_orig, sacl_orig)) {
1020 + goto out_with_sacls;
1023 + if (!unpack_smb_acl(&racl_bak, sacl_bak)) {
1025 + goto out_with_one_racl;
1027 + if (rsync_acls_equal(&racl_orig, &racl_bak))
1028 + goto out_with_all;
1030 + ; /* presume they're unequal */
1032 + if (type == SMB_ACL_TYPE_DEFAULT
1033 + && racl_orig.user_obj == ACL_NO_ENTRY) {
1034 + if (sys_acl_delete_def_file(bak) < 0) {
1035 + rprintf(FERROR, "dup_acl: sys_acl_delete_def_file(%s): %s\n",
1036 + bak, strerror(errno));
1039 + } else if (sys_acl_set_file(bak, type, sacl_bak) < 0) {
1040 + rprintf(FERROR, "dup_acl: sys_acl_set_file(%s, %s): %s\n",
1041 + bak, str_acl_type(type), strerror(errno));
1046 + rsync_acl_free(&racl_bak);
1047 + out_with_one_racl:
1048 + rsync_acl_free(&racl_orig);
1051 + sys_acl_free_acl(sacl_bak);
1052 + /* out_with_one_sacl: */
1054 + sys_acl_free_acl(sacl_orig);
1055 + } while (BUMP_TYPE(type) && S_ISDIR(mode));
1060 +/* Stuff for redirecting calls to set_acl() from set_file_attrs()
1061 + * for keep_backup(). */
1062 +static const struct file_struct *backup_orig_file = NULL;
1063 +static const char null_string[] = "";
1064 +static const char *backup_orig_fname = null_string;
1065 +static const char *backup_dest_fname = null_string;
1066 +static SMB_ACL_T _backup_sacl[] = { NULL, NULL };
1068 +void push_keep_backup_acl(const struct file_struct *file,
1069 + const char *orig, const char *dest)
1071 + SMB_ACL_TYPE_T type;
1074 + backup_orig_file = file;
1075 + backup_orig_fname = orig;
1076 + backup_dest_fname = dest;
1078 + sacl = &_backup_sacl[0];
1079 + type = SMB_ACL_TYPE_ACCESS;
1081 + if (type == SMB_ACL_TYPE_DEFAULT && !S_ISDIR(file->mode)) {
1085 + if (!(*sacl = sys_acl_get_file(orig, type))) {
1087 + "push_keep_backup_acl: sys_acl_get_file(%s, %s): %s\n",
1088 + orig, str_acl_type(type),
1091 + } while (BUMP_TYPE(type));
1094 +static int set_keep_backup_acl()
1096 + SMB_ACL_TYPE_T type;
1100 + sacl = &_backup_sacl[0];
1101 + type = SMB_ACL_TYPE_ACCESS;
1104 + && sys_acl_set_file(backup_dest_fname, type, *sacl) < 0) {
1106 + "push_keep_backup_acl: sys_acl_get_file(%s, %s): %s\n",
1107 + backup_dest_fname,
1108 + str_acl_type(type),
1112 + } while (BUMP_TYPE(type));
1117 +void cleanup_keep_backup_acl()
1119 + SMB_ACL_TYPE_T type;
1122 + backup_orig_file = NULL;
1123 + backup_orig_fname = null_string;
1124 + backup_dest_fname = null_string;
1126 + sacl = &_backup_sacl[0];
1127 + type = SMB_ACL_TYPE_ACCESS;
1130 + sys_acl_free_acl(*sacl);
1133 + } while (BUMP_TYPE(type));
1136 +/* set ACL on rsync-ed or keep_backup-ed file
1138 + * This sets extended access ACL entries and default ACLs. If convenient,
1139 + * it sets permission bits along with the access ACLs and signals having
1140 + * done so by modifying mode_p, which should point into the stat buffer.
1142 + * returns: 1 for unchanged, 0 for changed, -1 for failed
1143 + * Pass NULL for mode_p to get the return code without changing anything. */
1144 +int set_acl(const char *fname, const struct file_struct *file, mode_t *mode_p)
1146 + int unchanged = 1;
1147 + SMB_ACL_TYPE_T type;
1149 + if (S_ISLNK(file->mode))
1152 + if (file == backup_orig_file) {
1153 + if (!strcmp(fname, backup_dest_fname))
1154 + return set_keep_backup_acl();
1156 + type = SMB_ACL_TYPE_ACCESS;
1159 + SMB_ACL_T sacl_orig, *sacl_new;
1160 + rsync_acl racl_orig, *racl_new;
1161 + int aclidx = find_file_acl_index(file_acl_index_lists(type), file);
1163 + racl_new = &(rsync_acl_lists(type)->racls[aclidx]);
1164 + sacl_new = &(smb_acl_lists(type)->sacls[aclidx]);
1165 + sacl_orig = sys_acl_get_file(fname, type);
1167 + rprintf(FERROR, "set_acl: sys_acl_get_file(%s, %s): %s\n",
1168 + fname, str_acl_type(type), strerror(errno));
1172 + ok = unpack_smb_acl(&racl_orig, sacl_orig);
1173 + sys_acl_free_acl(sacl_orig);
1178 + if (type == SMB_ACL_TYPE_ACCESS)
1179 + ok = rsync_acl_extended_parts_equal(&racl_orig, racl_new);
1181 + ok = rsync_acls_equal(&racl_orig, racl_new);
1182 + rsync_acl_free(&racl_orig);
1185 + if (!dry_run && mode_p) {
1186 + if (type == SMB_ACL_TYPE_DEFAULT
1187 + && racl_new->user_obj == ACL_NO_ENTRY) {
1188 + if (sys_acl_delete_def_file(fname) < 0) {
1189 + rprintf(FERROR, "set_acl: sys_acl_delete_def_file(%s): %s\n",
1190 + fname, strerror(errno));
1195 + mode_t cur_mode = *mode_p;
1197 + && !pack_smb_acl(sacl_new, racl_new)) {
1201 + if (type == SMB_ACL_TYPE_ACCESS) {
1202 + cur_mode = change_sacl_perms(*sacl_new, racl_new,
1203 + cur_mode, file->mode);
1204 + if (cur_mode == ~0u)
1207 + if (sys_acl_set_file(fname, type, *sacl_new) < 0) {
1208 + rprintf(FERROR, "set_acl: sys_acl_set_file(%s, %s): %s\n",
1209 + fname, str_acl_type(type),
1214 + if (type == SMB_ACL_TYPE_ACCESS)
1215 + *mode_p = cur_mode;
1218 + if (unchanged == 1)
1220 + } while (BUMP_TYPE(type) && S_ISDIR(file->mode));
1225 +/* Enumeration functions for uid mapping: */
1227 +/* Context -- one and only one. Should be cycled through once on uid
1228 + * mapping and once on gid mapping. */
1229 +static rsync_acl_list *_enum_racl_lists[] = {
1230 + &_rsync_acl_lists[0], &_rsync_acl_lists[1], NULL
1233 +static rsync_acl_list **enum_racl_list = &_enum_racl_lists[0];
1234 +static size_t enum_racl_index = 0;
1235 +static size_t enum_ida_index = 0;
1237 +/* This returns the next tag_type id from the given acl for the next entry,
1238 + * or it returns 0 if there are no more tag_type ids in the acl. */
1239 +static id_t *next_ace_id(SMB_ACL_TAG_T tag_type, const rsync_acl *racl)
1241 + const ida_list *idal = tag_type == SMB_ACL_USER ? &racl->users : &racl->groups;
1242 + if (enum_ida_index < idal->count) {
1243 + id_access *ida = &idal->idas[enum_ida_index++];
1246 + enum_ida_index = 0;
1250 +static id_t *next_acl_id(SMB_ACL_TAG_T tag_type, const rsync_acl_list *racl_list)
1252 + for (; enum_racl_index < racl_list->count; enum_racl_index++) {
1253 + rsync_acl *racl = &racl_list->racls[enum_racl_index];
1254 + id_t *id = next_ace_id(tag_type, racl);
1258 + enum_racl_index = 0;
1262 +static id_t *next_acl_list_id(SMB_ACL_TAG_T tag_type)
1264 + for (; *enum_racl_list; enum_racl_list++) {
1265 + id_t *id = next_acl_id(tag_type, *enum_racl_list);
1269 + enum_racl_list = &_enum_racl_lists[0];
1273 +id_t *next_acl_uid()
1275 + return next_acl_list_id(SMB_ACL_USER);
1278 +id_t *next_acl_gid()
1280 + return next_acl_list_id(SMB_ACL_GROUP);
1283 +int default_perms_for_dir(const char *dir)
1292 + perms = ACCESSPERMS & ~orig_umask;
1293 + /* Read the directory's default ACL. If it has none, this will successfully return an empty ACL. */
1294 + sacl = sys_acl_get_file(dir, SMB_ACL_TYPE_DEFAULT);
1295 + if (sacl == NULL) {
1296 + /* Couldn't get an ACL. Darn. */
1299 + /* ACLs are disabled. We could yell at the user to turn them on, but... */
1303 + /* We're doing a dry run, so the containing directory
1304 + * wasn't actually created. Don't worry about it. */
1307 + /* Otherwise fall through. */
1309 + rprintf(FERROR, "default_perms_for_dir: sys_acl_get_file(%s, %s): %s, falling back on umask\n",
1310 + dir, str_acl_type(SMB_ACL_TYPE_DEFAULT), strerror(errno));
1316 + ok = unpack_smb_acl(&racl, sacl);
1317 + sys_acl_free_acl(sacl);
1319 + rprintf(FERROR, "default_perms_for_dir: unpack_smb_acl failed, falling back on umask\n");
1323 + /* Apply the permission-bit entries of the default ACL, if any. */
1324 + if (racl.user_obj != ACL_NO_ENTRY) {
1325 + perms = rsync_acl_get_perms(&racl);
1327 + rprintf(FINFO, "got ACL-based default perms %o for directory %s\n", perms, dir);
1330 + rsync_acl_free(&racl);
1334 +#endif /* SUPPORT_ACLS */
1337 @@ -28,6 +28,7 @@ extern char *backup_suffix;
1338 extern char *backup_dir;
1341 +extern int preserve_acls;
1342 extern int preserve_devices;
1343 extern int preserve_specials;
1344 extern int preserve_links;
1345 @@ -132,6 +133,10 @@ static int make_bak_dir(char *fullpath)
1347 do_lchown(fullpath, st.st_uid, st.st_gid);
1348 do_chmod(fullpath, st.st_mode);
1349 +#ifdef SUPPORT_ACLS
1350 + if (preserve_acls)
1351 + dup_acl(end, fullpath, st.st_mode);
1356 @@ -185,6 +190,11 @@ static int keep_backup(char *fname)
1357 if (!(buf = get_backup_name(fname)))
1360 +#ifdef SUPPORT_ACLS
1361 + if (preserve_acls)
1362 + push_keep_backup_acl(file, fname, buf);
1365 /* Check to see if this is a device file, or link */
1366 if ((am_root && preserve_devices && IS_DEVICE(file->mode))
1367 || (preserve_specials && IS_SPECIAL(file->mode))) {
1368 @@ -260,6 +270,10 @@ static int keep_backup(char *fname)
1371 set_file_attrs(buf, file, NULL, 0);
1372 +#ifdef SUPPORT_ACLS
1373 + if (preserve_acls)
1374 + cleanup_keep_backup_acl();
1379 --- old/configure.in
1380 +++ new/configure.in
1381 @@ -482,6 +482,11 @@ if test x"$ac_cv_func_strcasecmp" = x"no
1382 AC_CHECK_LIB(resolv, strcasecmp)
1385 +AC_CHECK_FUNCS(aclsort)
1386 +if test x"$ac_cv_func_aclsort" = x"no"; then
1387 + AC_CHECK_LIB(sec, aclsort)
1390 dnl At the moment we don't test for a broken memcmp(), because all we
1391 dnl need to do is test for equality, not comparison, and it seems that
1392 dnl every platform has a memcmp that can do at least that.
1393 @@ -738,6 +743,77 @@ AC_SUBST(OBJ_RESTORE)
1394 AC_SUBST(CC_SHOBJ_FLAG)
1395 AC_SUBST(BUILD_POPT)
1397 +AC_CHECK_HEADERS(sys/acl.h)
1398 +AC_CHECK_FUNCS(_acl __acl _facl __facl)
1399 +#################################################
1400 +# check for ACL support
1402 +AC_MSG_CHECKING(whether to support ACLs)
1403 +AC_ARG_ENABLE(acl-support,
1404 +AC_HELP_STRING([--enable-acl-support], [Include ACL support (default=no)]),
1405 +[ case "$enableval" in
1408 + case "$host_os" in
1410 + AC_MSG_RESULT(Using UnixWare ACLs)
1411 + AC_DEFINE(HAVE_UNIXWARE_ACLS, 1, [true if you have UnixWare ACLs])
1413 + *solaris*|*cygwin*)
1414 + AC_MSG_RESULT(Using solaris ACLs)
1415 + AC_DEFINE(HAVE_SOLARIS_ACLS, 1, [true if you have solaris ACLs])
1418 + AC_MSG_RESULT(Using HPUX ACLs)
1419 + AC_DEFINE(HAVE_HPUX_ACLS, 1, [true if you have HPUX ACLs])
1422 + AC_MSG_RESULT(Using IRIX ACLs)
1423 + AC_DEFINE(HAVE_IRIX_ACLS, 1, [true if you have IRIX ACLs])
1426 + AC_MSG_RESULT(Using AIX ACLs)
1427 + AC_DEFINE(HAVE_AIX_ACLS, 1, [true if you have AIX ACLs])
1430 + AC_MSG_RESULT(Using Tru64 ACLs)
1431 + AC_DEFINE(HAVE_TRU64_ACLS, 1, [true if you have Tru64 ACLs])
1432 + LIBS="$LIBS -lpacl"
1435 + AC_MSG_RESULT(ACLs requested -- running tests)
1436 + AC_CHECK_LIB(acl,acl_get_file)
1437 + AC_CACHE_CHECK([for ACL support],samba_cv_HAVE_POSIX_ACLS,[
1438 + AC_TRY_LINK([#include <sys/types.h>
1439 +#include <sys/acl.h>],
1440 +[ acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p);],
1441 +samba_cv_HAVE_POSIX_ACLS=yes,samba_cv_HAVE_POSIX_ACLS=no)])
1442 + if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then
1443 + AC_MSG_RESULT(Using posix ACLs)
1444 + AC_DEFINE(HAVE_POSIX_ACLS, 1, [true if you have posix ACLs])
1445 + AC_CACHE_CHECK([for acl_get_perm_np],samba_cv_HAVE_ACL_GET_PERM_NP,[
1446 + AC_TRY_LINK([#include <sys/types.h>
1447 +#include <sys/acl.h>],
1448 +[ acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm);],
1449 +samba_cv_HAVE_ACL_GET_PERM_NP=yes,samba_cv_HAVE_ACL_GET_PERM_NP=no)])
1450 + if test x"$samba_cv_HAVE_ACL_GET_PERM_NP" = x"yes"; then
1451 + AC_DEFINE(HAVE_ACL_GET_PERM_NP, 1, [true if you have acl_get_perm_np])
1454 + AC_MSG_ERROR(Failed to find ACL support)
1461 + AC_DEFINE(HAVE_NO_ACLS, 1, [true if you don't have ACLs])
1464 + AC_DEFINE(HAVE_NO_ACLS, 1, [true if you don't have ACLs])
1468 AC_CONFIG_FILES([Makefile lib/dummy zlib/dummy popt/dummy shconfig])
1473 @@ -44,6 +44,7 @@ extern int filesfrom_fd;
1474 extern int one_file_system;
1475 extern int copy_dirlinks;
1476 extern int keep_dirlinks;
1477 +extern int preserve_acls;
1478 extern int preserve_links;
1479 extern int preserve_hard_links;
1480 extern int preserve_devices;
1481 @@ -970,6 +971,11 @@ static struct file_struct *send_file_nam
1482 if (chmod_modes && !S_ISLNK(file->mode))
1483 file->mode = tweak_mode(file->mode, chmod_modes);
1485 +#ifdef SUPPORT_ACLS
1486 + if (preserve_acls && make_acl(file, fname) < 0)
1490 maybe_emit_filelist_progress(flist->count + flist_count_offset);
1492 flist_expand(flist);
1493 @@ -977,6 +983,16 @@ static struct file_struct *send_file_nam
1494 if (file->basename[0]) {
1495 flist->files[flist->count++] = file;
1496 send_file_entry(file, f);
1497 +#ifdef SUPPORT_ACLS
1498 + if (preserve_acls)
1499 + send_acl(file, f);
1502 +#ifdef SUPPORT_ACLS
1503 + /* Cleanup unsent ACL(s). */
1504 + if (preserve_acls)
1505 + send_acl(file, -1);
1510 @@ -1365,6 +1381,11 @@ struct file_list *recv_file_list(int f)
1511 flags |= read_byte(f) << 8;
1512 file = receive_file_entry(flist, flags, f);
1514 +#ifdef SUPPORT_ACLS
1515 + if (preserve_acls)
1516 + receive_acl(file, f);
1519 if (S_ISREG(file->mode) || S_ISLNK(file->mode))
1520 stats.total_size += file->length;
1522 @@ -1387,6 +1408,11 @@ struct file_list *recv_file_list(int f)
1524 clean_flist(flist, relative_paths, 1);
1526 +#ifdef SUPPORT_ACLS
1527 + if (preserve_acls)
1528 + sort_file_acl_index_lists();
1532 recv_uid_list(f, flist);
1536 @@ -85,6 +85,7 @@ extern long block_size; /* "long" becaus
1537 extern int max_delete;
1538 extern int force_delete;
1539 extern int one_file_system;
1540 +extern mode_t orig_umask;
1541 extern struct stats stats;
1542 extern dev_t filesystem_dev;
1543 extern char *backup_dir;
1544 @@ -321,6 +322,8 @@ static void do_delete_pass(struct file_l
1546 int unchanged_attrs(struct file_struct *file, STRUCT_STAT *st)
1548 + /* FIXME: Flag ACL changes. */
1551 && (st->st_mode & CHMOD_BITS) != (file->mode & CHMOD_BITS))
1553 @@ -355,6 +358,7 @@ void itemize(struct file_struct *file, i
1554 if (preserve_gid && file->gid != GID_NONE
1555 && st->st_gid != file->gid)
1556 iflags |= ITEM_REPORT_GROUP;
1557 + /* FIXME: Itemize ACL changes. ITEM_REPORT_XATTR? */
1559 iflags |= ITEM_IS_NEW;
1561 @@ -753,6 +757,7 @@ static int try_dests_non(struct file_str
1564 static int phase = 0;
1565 +static int dflt_perms;
1567 /* Acts on the_file_list->file's ndx'th item, whose name is fname. If a dir,
1568 * make sure it exists, and has the right permissions/timestamp info. For
1569 @@ -844,6 +849,10 @@ static void recv_generator(char *fname,
1572 need_fuzzy_dirlist = 1;
1573 +#ifdef SUPPORT_ACLS
1574 + if (!preserve_perms)
1575 + dflt_perms = default_perms_for_dir(dn);
1578 parent_dirname = dn;
1580 @@ -871,7 +880,8 @@ static void recv_generator(char *fname,
1581 if (!preserve_perms) {
1582 int exists = statret == 0
1583 && S_ISDIR(st.st_mode) == S_ISDIR(file->mode);
1584 - file->mode = dest_mode(file->mode, st.st_mode, exists);
1585 + file->mode = dest_mode(file->mode, st.st_mode, dflt_perms,
1589 if (S_ISDIR(file->mode)) {
1590 @@ -1343,6 +1353,8 @@ void generate_files(int f_out, struct fi
1591 * notice that and let us know via the redo pipe (or its closing). */
1594 + dflt_perms = (ACCESSPERMS & ~orig_umask);
1596 for (i = 0; i < flist->count; i++) {
1597 struct file_struct *file = flist->files[i];
1599 --- old/lib/sysacls.c
1600 +++ new/lib/sysacls.c
1603 + Unix SMB/CIFS implementation.
1604 + Samba system utilities for ACL support.
1605 + Copyright (C) Jeremy Allison 2000.
1607 + This program is free software; you can redistribute it and/or modify
1608 + it under the terms of the GNU General Public License as published by
1609 + the Free Software Foundation; either version 2 of the License, or
1610 + (at your option) any later version.
1612 + This program is distributed in the hope that it will be useful,
1613 + but WITHOUT ANY WARRANTY; without even the implied warranty of
1614 + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1615 + GNU General Public License for more details.
1617 + You should have received a copy of the GNU General Public License
1618 + along with this program; if not, write to the Free Software
1619 + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
1623 +#include "sysacls.h" /****** ADDED ******/
1625 +/****** EXTRAS -- THESE ITEMS ARE NOT FROM THE SAMBA SOURCE ******/
1626 +void SAFE_FREE(void *mem)
1632 +char *uidtoname(uid_t uid)
1634 + static char idbuf[12];
1635 + struct passwd *pw;
1637 + if ((pw = getpwuid(uid)) == NULL) {
1638 + slprintf(idbuf, sizeof(idbuf)-1, "%ld", (long)uid);
1641 + return pw->pw_name;
1643 +/****** EXTRAS -- END ******/
1646 + This file wraps all differing system ACL interfaces into a consistent
1647 + one based on the POSIX interface. It also returns the correct errors
1648 + for older UNIX systems that don't support ACLs.
1650 + The interfaces that each ACL implementation must support are as follows :
1652 + int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
1653 + int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
1654 + int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p
1655 + void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
1656 + SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
1657 + SMB_ACL_T sys_acl_get_fd(int fd)
1658 + int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset);
1659 + int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
1660 + char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen)
1661 + SMB_ACL_T sys_acl_init( int count)
1662 + int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
1663 + int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
1664 + int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
1665 + int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
1666 + int sys_acl_valid( SMB_ACL_T theacl )
1667 + int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
1668 + int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
1669 + int sys_acl_delete_def_file(const char *path)
1671 + This next one is not POSIX complient - but we *have* to have it !
1672 + More POSIX braindamage.
1674 + int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1676 + The generic POSIX free is the following call. We split this into
1677 + several different free functions as we may need to add tag info
1678 + to structures when emulating the POSIX interface.
1680 + int sys_acl_free( void *obj_p)
1682 + The calls we actually use are :
1684 + int sys_acl_free_text(char *text) - free acl_to_text
1685 + int sys_acl_free_acl(SMB_ACL_T posix_acl)
1686 + int sys_acl_free_qualifier(void *qualifier, SMB_ACL_TAG_T tagtype)
1690 +#if defined(HAVE_POSIX_ACLS)
1692 +/* Identity mapping - easy. */
1694 +int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
1696 + return acl_get_entry( the_acl, entry_id, entry_p);
1699 +int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
1701 + return acl_get_tag_type( entry_d, tag_type_p);
1704 +int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
1706 + return acl_get_permset( entry_d, permset_p);
1709 +void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
1711 + return acl_get_qualifier( entry_d);
1714 +SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
1716 + return acl_get_file( path_p, type);
1719 +SMB_ACL_T sys_acl_get_fd(int fd)
1721 + return acl_get_fd(fd);
1724 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
1726 + return acl_clear_perms(permset);
1729 +int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1731 + return acl_add_perm(permset, perm);
1734 +int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1736 +#if defined(HAVE_ACL_GET_PERM_NP)
1738 + * Required for TrustedBSD-based ACL implementations where
1739 + * non-POSIX.1e functions are denoted by a _np (non-portable)
1742 + return acl_get_perm_np(permset, perm);
1744 + return acl_get_perm(permset, perm);
1748 +char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
1750 + return acl_to_text( the_acl, plen);
1753 +SMB_ACL_T sys_acl_init( int count)
1755 + return acl_init(count);
1758 +int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
1760 + return acl_create_entry(pacl, pentry);
1763 +int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
1765 + return acl_set_tag_type(entry, tagtype);
1768 +int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
1770 + return acl_set_qualifier(entry, qual);
1773 +int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
1775 + return acl_set_permset(entry, permset);
1778 +int sys_acl_valid( SMB_ACL_T theacl )
1780 + return acl_valid(theacl);
1783 +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
1785 + return acl_set_file(name, acltype, theacl);
1788 +int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
1790 + return acl_set_fd(fd, theacl);
1793 +int sys_acl_delete_def_file(const char *name)
1795 + return acl_delete_def_file(name);
1798 +int sys_acl_free_text(char *text)
1800 + return acl_free(text);
1803 +int sys_acl_free_acl(SMB_ACL_T the_acl)
1805 + return acl_free(the_acl);
1808 +int sys_acl_free_qualifier(void *qual, UNUSED(SMB_ACL_TAG_T tagtype))
1810 + return acl_free(qual);
1813 +#elif defined(HAVE_TRU64_ACLS)
1815 + * The interface to DEC/Compaq Tru64 UNIX ACLs
1816 + * is based on Draft 13 of the POSIX spec which is
1817 + * slightly different from the Draft 16 interface.
1819 + * Also, some of the permset manipulation functions
1820 + * such as acl_clear_perm() and acl_add_perm() appear
1821 + * to be broken on Tru64 so we have to manipulate
1822 + * the permission bits in the permset directly.
1824 +int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
1826 + SMB_ACL_ENTRY_T entry;
1828 + if (entry_id == SMB_ACL_FIRST_ENTRY && acl_first_entry(the_acl) != 0) {
1833 + if ((entry = acl_get_entry(the_acl)) != NULL) {
1838 + return errno ? -1 : 0;
1841 +int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
1843 + return acl_get_tag_type( entry_d, tag_type_p);
1846 +int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
1848 + return acl_get_permset( entry_d, permset_p);
1851 +void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
1853 + return acl_get_qualifier( entry_d);
1856 +SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
1858 + return acl_get_file((char *)path_p, type);
1861 +SMB_ACL_T sys_acl_get_fd(int fd)
1863 + return acl_get_fd(fd, ACL_TYPE_ACCESS);
1866 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
1868 + *permset = 0; /* acl_clear_perm() is broken on Tru64 */
1873 +int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1875 + if (perm & ~(SMB_ACL_READ | SMB_ACL_WRITE | SMB_ACL_EXECUTE)) {
1880 + *permset |= perm; /* acl_add_perm() is broken on Tru64 */
1885 +int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1887 + return *permset & perm; /* Tru64 doesn't have acl_get_perm() */
1890 +char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
1892 + return acl_to_text( the_acl, plen);
1895 +SMB_ACL_T sys_acl_init( int count)
1897 + return acl_init(count);
1900 +int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
1902 + SMB_ACL_ENTRY_T entry;
1904 + if ((entry = acl_create_entry(pacl)) == NULL) {
1912 +int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
1914 + return acl_set_tag_type(entry, tagtype);
1917 +int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
1919 + return acl_set_qualifier(entry, qual);
1922 +int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
1924 + return acl_set_permset(entry, permset);
1927 +int sys_acl_valid( SMB_ACL_T theacl )
1929 + acl_entry_t entry;
1931 + return acl_valid(theacl, &entry);
1934 +int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
1936 + return acl_set_file((char *)name, acltype, theacl);
1939 +int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
1941 + return acl_set_fd(fd, ACL_TYPE_ACCESS, theacl);
1944 +int sys_acl_delete_def_file(const char *name)
1946 + return acl_delete_def_file((char *)name);
1949 +int sys_acl_free_text(char *text)
1952 + * (void) cast and explicit return 0 are for DEC UNIX
1953 + * which just #defines acl_free_text() to be free()
1955 + (void) acl_free_text(text);
1959 +int sys_acl_free_acl(SMB_ACL_T the_acl)
1961 + return acl_free(the_acl);
1964 +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
1966 + return acl_free_qualifier(qual, tagtype);
1969 +#elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS)
1972 + * Donated by Michael Davidson <md@sco.COM> for UnixWare / OpenUNIX.
1973 + * Modified by Toomas Soome <tsoome@ut.ee> for Solaris.
1977 + * Note that while this code implements sufficient functionality
1978 + * to support the sys_acl_* interfaces it does not provide all
1979 + * of the semantics of the POSIX ACL interfaces.
1981 + * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
1982 + * from a call to sys_acl_get_entry() should not be assumed to be
1983 + * valid after calling any of the following functions, which may
1984 + * reorder the entries in the ACL.
1987 + * sys_acl_set_file()
1988 + * sys_acl_set_fd()
1992 + * The only difference between Solaris and UnixWare / OpenUNIX is
1993 + * that the #defines for the ACL operations have different names
1995 +#if defined(HAVE_UNIXWARE_ACLS)
1997 +#define SETACL ACL_SET
1998 +#define GETACL ACL_GET
1999 +#define GETACLCNT ACL_CNT
2004 +int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
2006 + if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
2011 + if (entry_p == NULL) {
2016 + if (entry_id == SMB_ACL_FIRST_ENTRY) {
2020 + if (acl_d->next < 0) {
2025 + if (acl_d->next >= acl_d->count) {
2029 + *entry_p = &acl_d->acl[acl_d->next++];
2034 +int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
2036 + *type_p = entry_d->a_type;
2041 +int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
2043 + *permset_p = &entry_d->a_perm;
2048 +void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
2050 + if (entry_d->a_type != SMB_ACL_USER
2051 + && entry_d->a_type != SMB_ACL_GROUP) {
2056 + return &entry_d->a_id;
2060 + * There is no way of knowing what size the ACL returned by
2061 + * GETACL will be unless you first call GETACLCNT which means
2062 + * making an additional system call.
2064 + * In the hope of avoiding the cost of the additional system
2065 + * call in most cases, we initially allocate enough space for
2066 + * an ACL with INITIAL_ACL_SIZE entries. If this turns out to
2067 + * be too small then we use GETACLCNT to find out the actual
2068 + * size, reallocate the ACL buffer, and then call GETACL again.
2071 +#define INITIAL_ACL_SIZE 16
2073 +SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
2076 + int count; /* # of ACL entries allocated */
2077 + int naccess; /* # of access ACL entries */
2078 + int ndefault; /* # of default ACL entries */
2080 + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
2085 + count = INITIAL_ACL_SIZE;
2086 + if ((acl_d = sys_acl_init(count)) == NULL) {
2091 + * If there isn't enough space for the ACL entries we use
2092 + * GETACLCNT to determine the actual number of ACL entries
2093 + * reallocate and try again. This is in a loop because it
2094 + * is possible that someone else could modify the ACL and
2095 + * increase the number of entries between the call to
2096 + * GETACLCNT and the call to GETACL.
2098 + while ((count = acl(path_p, GETACL, count, &acl_d->acl[0])) < 0
2099 + && errno == ENOSPC) {
2101 + sys_acl_free_acl(acl_d);
2103 + if ((count = acl(path_p, GETACLCNT, 0, NULL)) < 0) {
2107 + if ((acl_d = sys_acl_init(count)) == NULL) {
2113 + sys_acl_free_acl(acl_d);
2118 + * calculate the number of access and default ACL entries
2120 + * Note: we assume that the acl() system call returned a
2121 + * well formed ACL which is sorted so that all of the
2122 + * access ACL entries preceed any default ACL entries
2124 + for (naccess = 0; naccess < count; naccess++) {
2125 + if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
2128 + ndefault = count - naccess;
2131 + * if the caller wants the default ACL we have to copy
2132 + * the entries down to the start of the acl[] buffer
2133 + * and mask out the ACL_DEFAULT flag from the type field
2135 + if (type == SMB_ACL_TYPE_DEFAULT) {
2138 + for (i = 0, j = naccess; i < ndefault; i++, j++) {
2139 + acl_d->acl[i] = acl_d->acl[j];
2140 + acl_d->acl[i].a_type &= ~ACL_DEFAULT;
2143 + acl_d->count = ndefault;
2145 + acl_d->count = naccess;
2151 +SMB_ACL_T sys_acl_get_fd(int fd)
2154 + int count; /* # of ACL entries allocated */
2155 + int naccess; /* # of access ACL entries */
2157 + count = INITIAL_ACL_SIZE;
2158 + if ((acl_d = sys_acl_init(count)) == NULL) {
2162 + while ((count = facl(fd, GETACL, count, &acl_d->acl[0])) < 0
2163 + && errno == ENOSPC) {
2165 + sys_acl_free_acl(acl_d);
2167 + if ((count = facl(fd, GETACLCNT, 0, NULL)) < 0) {
2171 + if ((acl_d = sys_acl_init(count)) == NULL) {
2177 + sys_acl_free_acl(acl_d);
2182 + * calculate the number of access ACL entries
2184 + for (naccess = 0; naccess < count; naccess++) {
2185 + if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
2189 + acl_d->count = naccess;
2194 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
2201 +int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
2203 + if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
2204 + && perm != SMB_ACL_EXECUTE) {
2209 + if (permset_d == NULL) {
2214 + *permset_d |= perm;
2219 +int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
2221 + return *permset_d & perm;
2224 +char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
2231 + * use an initial estimate of 20 bytes per ACL entry
2232 + * when allocating memory for the text representation
2236 + maxlen = 20 * acl_d->count;
2237 + if ((text = SMB_MALLOC(maxlen)) == NULL) {
2242 + for (i = 0; i < acl_d->count; i++) {
2243 + struct acl *ap = &acl_d->acl[i];
2252 + switch (ap->a_type) {
2254 + * for debugging purposes it's probably more
2255 + * useful to dump unknown tag types rather
2256 + * than just returning an error
2259 + slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x",
2262 + slprintf(idbuf, sizeof(idbuf)-1, "%ld",
2267 + case SMB_ACL_USER:
2268 + id = uidtoname(ap->a_id);
2269 + case SMB_ACL_USER_OBJ:
2273 + case SMB_ACL_GROUP:
2274 + if ((gr = getgrgid(ap->a_id)) == NULL) {
2275 + slprintf(idbuf, sizeof(idbuf)-1, "%ld",
2281 + case SMB_ACL_GROUP_OBJ:
2285 + case SMB_ACL_OTHER:
2289 + case SMB_ACL_MASK:
2295 + perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-';
2296 + perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-';
2297 + perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-';
2300 + /* <tag> : <qualifier> : rwx \n \0 */
2301 + nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1;
2304 + * If this entry would overflow the buffer
2305 + * allocate enough additional memory for this
2306 + * entry and an estimate of another 20 bytes
2307 + * for each entry still to be processed
2309 + if ((len + nbytes) > maxlen) {
2310 + char *oldtext = text;
2312 + maxlen += nbytes + 20 * (acl_d->count - i);
2314 + if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) {
2315 + SAFE_FREE(oldtext);
2321 + slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms);
2322 + len += nbytes - 1;
2331 +SMB_ACL_T sys_acl_init(int count)
2341 + * note that since the definition of the structure pointed
2342 + * to by the SMB_ACL_T includes the first element of the
2343 + * acl[] array, this actually allocates an ACL with room
2344 + * for (count+1) entries
2346 + if ((a = (SMB_ACL_T)SMB_MALLOC(sizeof(struct SMB_ACL_T) + count * sizeof(struct acl))) == NULL) {
2351 + a->size = count + 1;
2359 +int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
2362 + SMB_ACL_ENTRY_T entry_d;
2364 + if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
2369 + if (acl_d->count >= acl_d->size) {
2374 + entry_d = &acl_d->acl[acl_d->count++];
2375 + entry_d->a_type = 0;
2376 + entry_d->a_id = -1;
2377 + entry_d->a_perm = 0;
2378 + *entry_p = entry_d;
2383 +int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
2385 + switch (tag_type) {
2386 + case SMB_ACL_USER:
2387 + case SMB_ACL_USER_OBJ:
2388 + case SMB_ACL_GROUP:
2389 + case SMB_ACL_GROUP_OBJ:
2390 + case SMB_ACL_OTHER:
2391 + case SMB_ACL_MASK:
2392 + entry_d->a_type = tag_type;
2402 +int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
2404 + if (entry_d->a_type != SMB_ACL_GROUP
2405 + && entry_d->a_type != SMB_ACL_USER) {
2410 + entry_d->a_id = *((id_t *)qual_p);
2415 +int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
2417 + if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
2421 + entry_d->a_perm = *permset_d;
2427 + * sort the ACL and check it for validity
2429 + * if it's a minimal ACL with only 4 entries then we
2430 + * need to recalculate the mask permissions to make
2431 + * sure that they are the same as the GROUP_OBJ
2432 + * permissions as required by the UnixWare acl() system call.
2434 + * (note: since POSIX allows minimal ACLs which only contain
2435 + * 3 entries - ie there is no mask entry - we should, in theory,
2436 + * check for this and add a mask entry if necessary - however
2437 + * we "know" that the caller of this interface always specifies
2438 + * a mask so, in practice "this never happens" (tm) - if it *does*
2439 + * happen aclsort() will fail and return an error and someone will
2440 + * have to fix it ...)
2443 +static int acl_sort(SMB_ACL_T acl_d)
2445 + int fixmask = (acl_d->count <= 4);
2447 + if (aclsort(acl_d->count, fixmask, acl_d->acl) != 0) {
2454 +int sys_acl_valid(SMB_ACL_T acl_d)
2456 + return acl_sort(acl_d);
2459 +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
2462 + struct acl *acl_p;
2464 + struct acl *acl_buf = NULL;
2467 + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
2472 + if (acl_sort(acl_d) != 0) {
2476 + acl_p = &acl_d->acl[0];
2477 + acl_count = acl_d->count;
2480 + * if it's a directory there is extra work to do
2481 + * since the acl() system call will replace both
2482 + * the access ACLs and the default ACLs (if any)
2484 + if (stat(name, &s) != 0) {
2487 + if (S_ISDIR(s.st_mode)) {
2488 + SMB_ACL_T acc_acl;
2489 + SMB_ACL_T def_acl;
2490 + SMB_ACL_T tmp_acl;
2493 + if (type == SMB_ACL_TYPE_ACCESS) {
2495 + def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
2499 + acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
2502 + if (tmp_acl == NULL) {
2507 + * allocate a temporary buffer for the complete ACL
2509 + acl_count = acc_acl->count + def_acl->count;
2510 + acl_p = acl_buf = SMB_MALLOC_ARRAY(struct acl, acl_count);
2512 + if (acl_buf == NULL) {
2513 + sys_acl_free_acl(tmp_acl);
2519 + * copy the access control and default entries into the buffer
2521 + memcpy(&acl_buf[0], &acc_acl->acl[0],
2522 + acc_acl->count * sizeof(acl_buf[0]));
2524 + memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0],
2525 + def_acl->count * sizeof(acl_buf[0]));
2528 + * set the ACL_DEFAULT flag on the default entries
2530 + for (i = acc_acl->count; i < acl_count; i++) {
2531 + acl_buf[i].a_type |= ACL_DEFAULT;
2534 + sys_acl_free_acl(tmp_acl);
2536 + } else if (type != SMB_ACL_TYPE_ACCESS) {
2541 + ret = acl(name, SETACL, acl_count, acl_p);
2543 + SAFE_FREE(acl_buf);
2548 +int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
2550 + if (acl_sort(acl_d) != 0) {
2554 + return facl(fd, SETACL, acl_d->count, &acl_d->acl[0]);
2557 +int sys_acl_delete_def_file(const char *path)
2563 + * fetching the access ACL and rewriting it has
2564 + * the effect of deleting the default ACL
2566 + if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) {
2570 + ret = acl(path, SETACL, acl_d->count, acl_d->acl);
2572 + sys_acl_free_acl(acl_d);
2577 +int sys_acl_free_text(char *text)
2583 +int sys_acl_free_acl(SMB_ACL_T acl_d)
2589 +int sys_acl_free_qualifier(UNUSED(void *qual), UNUSED(SMB_ACL_TAG_T tagtype))
2594 +#elif defined(HAVE_HPUX_ACLS)
2598 + * Based on the Solaris/SCO code - with modifications.
2602 + * Note that while this code implements sufficient functionality
2603 + * to support the sys_acl_* interfaces it does not provide all
2604 + * of the semantics of the POSIX ACL interfaces.
2606 + * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
2607 + * from a call to sys_acl_get_entry() should not be assumed to be
2608 + * valid after calling any of the following functions, which may
2609 + * reorder the entries in the ACL.
2612 + * sys_acl_set_file()
2613 + * sys_acl_set_fd()
2616 +/* This checks if the POSIX ACL system call is defined */
2617 +/* which basically corresponds to whether JFS 3.3 or */
2618 +/* higher is installed. If acl() was called when it */
2619 +/* isn't defined, it causes the process to core dump */
2620 +/* so it is important to check this and avoid acl() */
2621 +/* calls if it isn't there. */
2623 +static BOOL hpux_acl_call_presence(void)
2626 + shl_t handle = NULL;
2629 + static BOOL already_checked=0;
2631 + if(already_checked)
2635 + ret_val = shl_findsym(&handle, "acl", TYPE_PROCEDURE, &value);
2637 + if(ret_val != 0) {
2638 + DEBUG(5, ("hpux_acl_call_presence: shl_findsym() returned %d, errno = %d, error %s\n",
2639 + ret_val, errno, strerror(errno)));
2640 + DEBUG(5,("hpux_acl_call_presence: acl() system call is not present. Check if you have JFS 3.3 and above?\n"));
2644 + DEBUG(10,("hpux_acl_call_presence: acl() system call is present. We have JFS 3.3 or above \n"));
2646 + already_checked = True;
2650 +int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
2652 + if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
2657 + if (entry_p == NULL) {
2662 + if (entry_id == SMB_ACL_FIRST_ENTRY) {
2666 + if (acl_d->next < 0) {
2671 + if (acl_d->next >= acl_d->count) {
2675 + *entry_p = &acl_d->acl[acl_d->next++];
2680 +int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
2682 + *type_p = entry_d->a_type;
2687 +int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
2689 + *permset_p = &entry_d->a_perm;
2694 +void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
2696 + if (entry_d->a_type != SMB_ACL_USER
2697 + && entry_d->a_type != SMB_ACL_GROUP) {
2702 + return &entry_d->a_id;
2706 + * There is no way of knowing what size the ACL returned by
2707 + * ACL_GET will be unless you first call ACL_CNT which means
2708 + * making an additional system call.
2710 + * In the hope of avoiding the cost of the additional system
2711 + * call in most cases, we initially allocate enough space for
2712 + * an ACL with INITIAL_ACL_SIZE entries. If this turns out to
2713 + * be too small then we use ACL_CNT to find out the actual
2714 + * size, reallocate the ACL buffer, and then call ACL_GET again.
2717 +#define INITIAL_ACL_SIZE 16
2719 +SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
2722 + int count; /* # of ACL entries allocated */
2723 + int naccess; /* # of access ACL entries */
2724 + int ndefault; /* # of default ACL entries */
2726 + if(hpux_acl_call_presence() == False) {
2727 + /* Looks like we don't have the acl() system call on HPUX.
2728 + * May be the system doesn't have the latest version of JFS.
2733 + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
2738 + count = INITIAL_ACL_SIZE;
2739 + if ((acl_d = sys_acl_init(count)) == NULL) {
2744 + * If there isn't enough space for the ACL entries we use
2745 + * ACL_CNT to determine the actual number of ACL entries
2746 + * reallocate and try again. This is in a loop because it
2747 + * is possible that someone else could modify the ACL and
2748 + * increase the number of entries between the call to
2749 + * ACL_CNT and the call to ACL_GET.
2751 + while ((count = acl(path_p, ACL_GET, count, &acl_d->acl[0])) < 0 && errno == ENOSPC) {
2753 + sys_acl_free_acl(acl_d);
2755 + if ((count = acl(path_p, ACL_CNT, 0, NULL)) < 0) {
2759 + if ((acl_d = sys_acl_init(count)) == NULL) {
2765 + sys_acl_free_acl(acl_d);
2770 + * calculate the number of access and default ACL entries
2772 + * Note: we assume that the acl() system call returned a
2773 + * well formed ACL which is sorted so that all of the
2774 + * access ACL entries preceed any default ACL entries
2776 + for (naccess = 0; naccess < count; naccess++) {
2777 + if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
2780 + ndefault = count - naccess;
2783 + * if the caller wants the default ACL we have to copy
2784 + * the entries down to the start of the acl[] buffer
2785 + * and mask out the ACL_DEFAULT flag from the type field
2787 + if (type == SMB_ACL_TYPE_DEFAULT) {
2790 + for (i = 0, j = naccess; i < ndefault; i++, j++) {
2791 + acl_d->acl[i] = acl_d->acl[j];
2792 + acl_d->acl[i].a_type &= ~ACL_DEFAULT;
2795 + acl_d->count = ndefault;
2797 + acl_d->count = naccess;
2803 +SMB_ACL_T sys_acl_get_fd(int fd)
2806 + * HPUX doesn't have the facl call. Fake it using the path.... JRA.
2809 + files_struct *fsp = file_find_fd(fd);
2811 + if (fsp == NULL) {
2817 + * We know we're in the same conn context. So we
2818 + * can use the relative path.
2821 + return sys_acl_get_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS);
2824 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
2831 +int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
2833 + if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
2834 + && perm != SMB_ACL_EXECUTE) {
2839 + if (permset_d == NULL) {
2844 + *permset_d |= perm;
2849 +int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
2851 + return *permset_d & perm;
2854 +char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
2861 + * use an initial estimate of 20 bytes per ACL entry
2862 + * when allocating memory for the text representation
2866 + maxlen = 20 * acl_d->count;
2867 + if ((text = SMB_MALLOC(maxlen)) == NULL) {
2872 + for (i = 0; i < acl_d->count; i++) {
2873 + struct acl *ap = &acl_d->acl[i];
2882 + switch (ap->a_type) {
2884 + * for debugging purposes it's probably more
2885 + * useful to dump unknown tag types rather
2886 + * than just returning an error
2889 + slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x",
2892 + slprintf(idbuf, sizeof(idbuf)-1, "%ld",
2897 + case SMB_ACL_USER:
2898 + id = uidtoname(ap->a_id);
2899 + case SMB_ACL_USER_OBJ:
2903 + case SMB_ACL_GROUP:
2904 + if ((gr = getgrgid(ap->a_id)) == NULL) {
2905 + slprintf(idbuf, sizeof(idbuf)-1, "%ld",
2911 + case SMB_ACL_GROUP_OBJ:
2915 + case SMB_ACL_OTHER:
2919 + case SMB_ACL_MASK:
2925 + perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-';
2926 + perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-';
2927 + perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-';
2930 + /* <tag> : <qualifier> : rwx \n \0 */
2931 + nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1;
2934 + * If this entry would overflow the buffer
2935 + * allocate enough additional memory for this
2936 + * entry and an estimate of another 20 bytes
2937 + * for each entry still to be processed
2939 + if ((len + nbytes) > maxlen) {
2940 + char *oldtext = text;
2942 + maxlen += nbytes + 20 * (acl_d->count - i);
2944 + if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) {
2951 + slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms);
2952 + len += nbytes - 1;
2961 +SMB_ACL_T sys_acl_init(int count)
2971 + * note that since the definition of the structure pointed
2972 + * to by the SMB_ACL_T includes the first element of the
2973 + * acl[] array, this actually allocates an ACL with room
2974 + * for (count+1) entries
2976 + if ((a = SMB_MALLOC(sizeof(struct SMB_ACL_T) + count * sizeof(struct acl))) == NULL) {
2981 + a->size = count + 1;
2989 +int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
2992 + SMB_ACL_ENTRY_T entry_d;
2994 + if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
2999 + if (acl_d->count >= acl_d->size) {
3004 + entry_d = &acl_d->acl[acl_d->count++];
3005 + entry_d->a_type = 0;
3006 + entry_d->a_id = -1;
3007 + entry_d->a_perm = 0;
3008 + *entry_p = entry_d;
3013 +int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
3015 + switch (tag_type) {
3016 + case SMB_ACL_USER:
3017 + case SMB_ACL_USER_OBJ:
3018 + case SMB_ACL_GROUP:
3019 + case SMB_ACL_GROUP_OBJ:
3020 + case SMB_ACL_OTHER:
3021 + case SMB_ACL_MASK:
3022 + entry_d->a_type = tag_type;
3032 +int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
3034 + if (entry_d->a_type != SMB_ACL_GROUP
3035 + && entry_d->a_type != SMB_ACL_USER) {
3040 + entry_d->a_id = *((id_t *)qual_p);
3045 +int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
3047 + if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
3051 + entry_d->a_perm = *permset_d;
3056 +/* Structure to capture the count for each type of ACE. */
3058 +struct hpux_acl_types {
3062 + int n_def_user_obj;
3067 + int n_def_group_obj;
3071 + int n_def_other_obj;
3074 + int n_def_class_obj;
3076 + int n_illegal_obj;
3080 + * Counts the different number of objects in a given array of ACL
3084 + * acl_count - Count of ACLs in the array of ACL strucutres.
3085 + * aclp - Array of ACL structures.
3086 + * acl_type_count - Pointer to acl_types structure. Should already be
3090 + * acl_type_count - This structure is filled up with counts of various
3094 +static int hpux_count_obj(int acl_count, struct acl *aclp, struct hpux_acl_types *acl_type_count)
3098 + memset(acl_type_count, 0, sizeof(struct hpux_acl_types));
3100 + for(i=0;i<acl_count;i++) {
3101 + switch(aclp[i].a_type) {
3103 + acl_type_count->n_user++;
3106 + acl_type_count->n_user_obj++;
3108 + case DEF_USER_OBJ:
3109 + acl_type_count->n_def_user_obj++;
3112 + acl_type_count->n_group++;
3115 + acl_type_count->n_group_obj++;
3117 + case DEF_GROUP_OBJ:
3118 + acl_type_count->n_def_group_obj++;
3121 + acl_type_count->n_other_obj++;
3123 + case DEF_OTHER_OBJ:
3124 + acl_type_count->n_def_other_obj++;
3127 + acl_type_count->n_class_obj++;
3129 + case DEF_CLASS_OBJ:
3130 + acl_type_count->n_def_class_obj++;
3133 + acl_type_count->n_def_user++;
3136 + acl_type_count->n_def_group++;
3139 + acl_type_count->n_illegal_obj++;
3145 +/* swap_acl_entries: Swaps two ACL entries.
3147 + * Inputs: aclp0, aclp1 - ACL entries to be swapped.
3150 +static void hpux_swap_acl_entries(struct acl *aclp0, struct acl *aclp1)
3152 + struct acl temp_acl;
3154 + temp_acl.a_type = aclp0->a_type;
3155 + temp_acl.a_id = aclp0->a_id;
3156 + temp_acl.a_perm = aclp0->a_perm;
3158 + aclp0->a_type = aclp1->a_type;
3159 + aclp0->a_id = aclp1->a_id;
3160 + aclp0->a_perm = aclp1->a_perm;
3162 + aclp1->a_type = temp_acl.a_type;
3163 + aclp1->a_id = temp_acl.a_id;
3164 + aclp1->a_perm = temp_acl.a_perm;
3167 +/* prohibited_duplicate_type
3168 + * Identifies if given ACL type can have duplicate entries or
3171 + * Inputs: acl_type - ACL Type.
3177 + * True - If the ACL type matches any of the prohibited types.
3178 + * False - If the ACL type doesn't match any of the prohibited types.
3181 +static BOOL hpux_prohibited_duplicate_type(int acl_type)
3183 + switch(acl_type) {
3194 +/* get_needed_class_perm
3195 + * Returns the permissions of a ACL structure only if the ACL
3196 + * type matches one of the pre-determined types for computing
3197 + * CLASS_OBJ permissions.
3199 + * Inputs: aclp - Pointer to ACL structure.
3202 +static int hpux_get_needed_class_perm(struct acl *aclp)
3204 + switch(aclp->a_type) {
3208 + case DEF_USER_OBJ:
3210 + case DEF_GROUP_OBJ:
3212 + case DEF_CLASS_OBJ:
3213 + case DEF_OTHER_OBJ:
3214 + return aclp->a_perm;
3220 +/* acl_sort for HPUX.
3221 + * Sorts the array of ACL structures as per the description in
3222 + * aclsort man page. Refer to aclsort man page for more details
3226 + * acl_count - Count of ACLs in the array of ACL structures.
3227 + * calclass - If this is not zero, then we compute the CLASS_OBJ
3229 + * aclp - Array of ACL structures.
3233 + * aclp - Sorted array of ACL structures.
3237 + * Returns 0 for success -1 for failure. Prints a message to the Samba
3238 + * debug log in case of failure.
3241 +static int hpux_acl_sort(int acl_count, int calclass, struct acl *aclp)
3243 +#if !defined(HAVE_HPUX_ACLSORT)
3245 + * The aclsort() system call is availabe on the latest HPUX General
3246 + * Patch Bundles. So for HPUX, we developed our version of acl_sort
3247 + * function. Because, we don't want to update to a new
3248 + * HPUX GR bundle just for aclsort() call.
3251 + struct hpux_acl_types acl_obj_count;
3252 + int n_class_obj_perm = 0;
3256 + DEBUG(10,("Zero acl count passed. Returning Success\n"));
3260 + if(aclp == NULL) {
3261 + DEBUG(0,("Null ACL pointer in hpux_acl_sort. Returning Failure. \n"));
3265 + /* Count different types of ACLs in the ACLs array */
3267 + hpux_count_obj(acl_count, aclp, &acl_obj_count);
3269 + /* There should be only one entry each of type USER_OBJ, GROUP_OBJ,
3270 + * CLASS_OBJ and OTHER_OBJ
3273 + if( (acl_obj_count.n_user_obj != 1) ||
3274 + (acl_obj_count.n_group_obj != 1) ||
3275 + (acl_obj_count.n_class_obj != 1) ||
3276 + (acl_obj_count.n_other_obj != 1)
3278 + DEBUG(0,("hpux_acl_sort: More than one entry or no entries for \
3279 +USER OBJ or GROUP_OBJ or OTHER_OBJ or CLASS_OBJ\n"));
3283 + /* If any of the default objects are present, there should be only
3284 + * one of them each.
3287 + if( (acl_obj_count.n_def_user_obj > 1) || (acl_obj_count.n_def_group_obj > 1) ||
3288 + (acl_obj_count.n_def_other_obj > 1) || (acl_obj_count.n_def_class_obj > 1) ) {
3289 + DEBUG(0,("hpux_acl_sort: More than one entry for DEF_CLASS_OBJ \
3290 +or DEF_USER_OBJ or DEF_GROUP_OBJ or DEF_OTHER_OBJ\n"));
3294 + /* We now have proper number of OBJ and DEF_OBJ entries. Now sort the acl
3297 + * Sorting crieteria - First sort by ACL type. If there are multiple entries of
3298 + * same ACL type, sort by ACL id.
3300 + * I am using the trival kind of sorting method here because, performance isn't
3301 + * really effected by the ACLs feature. More over there aren't going to be more
3302 + * than 17 entries on HPUX.
3305 + for(i=0; i<acl_count;i++) {
3306 + for (j=i+1; j<acl_count; j++) {
3307 + if( aclp[i].a_type > aclp[j].a_type ) {
3308 + /* ACL entries out of order, swap them */
3310 + hpux_swap_acl_entries((aclp+i), (aclp+j));
3312 + } else if ( aclp[i].a_type == aclp[j].a_type ) {
3314 + /* ACL entries of same type, sort by id */
3316 + if(aclp[i].a_id > aclp[j].a_id) {
3317 + hpux_swap_acl_entries((aclp+i), (aclp+j));
3318 + } else if (aclp[i].a_id == aclp[j].a_id) {
3319 + /* We have a duplicate entry. */
3320 + if(hpux_prohibited_duplicate_type(aclp[i].a_type)) {
3321 + DEBUG(0, ("hpux_acl_sort: Duplicate entry: Type(hex): %x Id: %d\n",
3322 + aclp[i].a_type, aclp[i].a_id));
3331 + /* set the class obj permissions to the computed one. */
3333 + int n_class_obj_index = -1;
3335 + for(i=0;i<acl_count;i++) {
3336 + n_class_obj_perm |= hpux_get_needed_class_perm((aclp+i));
3338 + if(aclp[i].a_type == CLASS_OBJ)
3339 + n_class_obj_index = i;
3341 + aclp[n_class_obj_index].a_perm = n_class_obj_perm;
3346 + return aclsort(acl_count, calclass, aclp);
3351 + * sort the ACL and check it for validity
3353 + * if it's a minimal ACL with only 4 entries then we
3354 + * need to recalculate the mask permissions to make
3355 + * sure that they are the same as the GROUP_OBJ
3356 + * permissions as required by the UnixWare acl() system call.
3358 + * (note: since POSIX allows minimal ACLs which only contain
3359 + * 3 entries - ie there is no mask entry - we should, in theory,
3360 + * check for this and add a mask entry if necessary - however
3361 + * we "know" that the caller of this interface always specifies
3362 + * a mask so, in practice "this never happens" (tm) - if it *does*
3363 + * happen aclsort() will fail and return an error and someone will
3364 + * have to fix it ...)
3367 +static int acl_sort(SMB_ACL_T acl_d)
3369 + int fixmask = (acl_d->count <= 4);
3371 + if (hpux_acl_sort(acl_d->count, fixmask, acl_d->acl) != 0) {
3378 +int sys_acl_valid(SMB_ACL_T acl_d)
3380 + return acl_sort(acl_d);
3383 +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
3386 + struct acl *acl_p;
3388 + struct acl *acl_buf = NULL;
3391 + if(hpux_acl_call_presence() == False) {
3392 + /* Looks like we don't have the acl() system call on HPUX.
3393 + * May be the system doesn't have the latest version of JFS.
3399 + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
3404 + if (acl_sort(acl_d) != 0) {
3408 + acl_p = &acl_d->acl[0];
3409 + acl_count = acl_d->count;
3412 + * if it's a directory there is extra work to do
3413 + * since the acl() system call will replace both
3414 + * the access ACLs and the default ACLs (if any)
3416 + if (stat(name, &s) != 0) {
3419 + if (S_ISDIR(s.st_mode)) {
3420 + SMB_ACL_T acc_acl;
3421 + SMB_ACL_T def_acl;
3422 + SMB_ACL_T tmp_acl;
3425 + if (type == SMB_ACL_TYPE_ACCESS) {
3427 + def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
3431 + acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
3434 + if (tmp_acl == NULL) {
3439 + * allocate a temporary buffer for the complete ACL
3441 + acl_count = acc_acl->count + def_acl->count;
3442 + acl_p = acl_buf = SMB_MALLOC_ARRAY(struct acl, acl_count);
3444 + if (acl_buf == NULL) {
3445 + sys_acl_free_acl(tmp_acl);
3451 + * copy the access control and default entries into the buffer
3453 + memcpy(&acl_buf[0], &acc_acl->acl[0],
3454 + acc_acl->count * sizeof(acl_buf[0]));
3456 + memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0],
3457 + def_acl->count * sizeof(acl_buf[0]));
3460 + * set the ACL_DEFAULT flag on the default entries
3462 + for (i = acc_acl->count; i < acl_count; i++) {
3463 + acl_buf[i].a_type |= ACL_DEFAULT;
3466 + sys_acl_free_acl(tmp_acl);
3468 + } else if (type != SMB_ACL_TYPE_ACCESS) {
3473 + ret = acl(name, ACL_SET, acl_count, acl_p);
3482 +int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
3485 + * HPUX doesn't have the facl call. Fake it using the path.... JRA.
3488 + files_struct *fsp = file_find_fd(fd);
3490 + if (fsp == NULL) {
3495 + if (acl_sort(acl_d) != 0) {
3500 + * We know we're in the same conn context. So we
3501 + * can use the relative path.
3504 + return sys_acl_set_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS, acl_d);
3507 +int sys_acl_delete_def_file(const char *path)
3513 + * fetching the access ACL and rewriting it has
3514 + * the effect of deleting the default ACL
3516 + if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) {
3520 + ret = acl(path, ACL_SET, acl_d->count, acl_d->acl);
3522 + sys_acl_free_acl(acl_d);
3527 +int sys_acl_free_text(char *text)
3533 +int sys_acl_free_acl(SMB_ACL_T acl_d)
3539 +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
3544 +#elif defined(HAVE_IRIX_ACLS)
3546 +int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
3548 + if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
3553 + if (entry_p == NULL) {
3558 + if (entry_id == SMB_ACL_FIRST_ENTRY) {
3562 + if (acl_d->next < 0) {
3567 + if (acl_d->next >= acl_d->aclp->acl_cnt) {
3571 + *entry_p = &acl_d->aclp->acl_entry[acl_d->next++];
3576 +int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
3578 + *type_p = entry_d->ae_tag;
3583 +int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
3585 + *permset_p = entry_d;
3590 +void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
3592 + if (entry_d->ae_tag != SMB_ACL_USER
3593 + && entry_d->ae_tag != SMB_ACL_GROUP) {
3598 + return &entry_d->ae_id;
3601 +SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
3605 + if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) {
3609 + if ((a->aclp = acl_get_file(path_p, type)) == NULL) {
3614 + a->freeaclp = True;
3618 +SMB_ACL_T sys_acl_get_fd(int fd)
3622 + if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) {
3626 + if ((a->aclp = acl_get_fd(fd)) == NULL) {
3631 + a->freeaclp = True;
3635 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
3637 + permset_d->ae_perm = 0;
3642 +int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
3644 + if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
3645 + && perm != SMB_ACL_EXECUTE) {
3650 + if (permset_d == NULL) {
3655 + permset_d->ae_perm |= perm;
3660 +int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
3662 + return permset_d->ae_perm & perm;
3665 +char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
3667 + return acl_to_text(acl_d->aclp, len_p);
3670 +SMB_ACL_T sys_acl_init(int count)
3679 + if ((a = SMB_MALLOC(sizeof(struct SMB_ACL_T) + sizeof(struct acl))) == NULL) {
3685 + a->freeaclp = False;
3686 + a->aclp = (struct acl *)(&a->aclp + sizeof(struct acl *));
3687 + a->aclp->acl_cnt = 0;
3693 +int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
3696 + SMB_ACL_ENTRY_T entry_d;
3698 + if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
3703 + if (acl_d->aclp->acl_cnt >= ACL_MAX_ENTRIES) {
3708 + entry_d = &acl_d->aclp->acl_entry[acl_d->aclp->acl_cnt++];
3709 + entry_d->ae_tag = 0;
3710 + entry_d->ae_id = 0;
3711 + entry_d->ae_perm = 0;
3712 + *entry_p = entry_d;
3717 +int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
3719 + switch (tag_type) {
3720 + case SMB_ACL_USER:
3721 + case SMB_ACL_USER_OBJ:
3722 + case SMB_ACL_GROUP:
3723 + case SMB_ACL_GROUP_OBJ:
3724 + case SMB_ACL_OTHER:
3725 + case SMB_ACL_MASK:
3726 + entry_d->ae_tag = tag_type;
3736 +int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
3738 + if (entry_d->ae_tag != SMB_ACL_GROUP
3739 + && entry_d->ae_tag != SMB_ACL_USER) {
3744 + entry_d->ae_id = *((id_t *)qual_p);
3749 +int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
3751 + if (permset_d->ae_perm & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
3755 + entry_d->ae_perm = permset_d->ae_perm;
3760 +int sys_acl_valid(SMB_ACL_T acl_d)
3762 + return acl_valid(acl_d->aclp);
3765 +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
3767 + return acl_set_file(name, type, acl_d->aclp);
3770 +int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
3772 + return acl_set_fd(fd, acl_d->aclp);
3775 +int sys_acl_delete_def_file(const char *name)
3777 + return acl_delete_def_file(name);
3780 +int sys_acl_free_text(char *text)
3782 + return acl_free(text);
3785 +int sys_acl_free_acl(SMB_ACL_T acl_d)
3787 + if (acl_d->freeaclp) {
3788 + acl_free(acl_d->aclp);
3794 +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
3799 +#elif defined(HAVE_AIX_ACLS)
3801 +/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
3803 +int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
3805 + struct acl_entry_link *link;
3806 + struct new_acl_entry *entry;
3809 + DEBUG(10,("This is the count: %d\n",theacl->count));
3811 + /* Check if count was previously set to -1. *
3812 + * If it was, that means we reached the end *
3813 + * of the acl last time. */
3814 + if(theacl->count == -1)
3818 + /* To get to the next acl, traverse linked list until index *
3819 + * of acl matches the count we are keeping. This count is *
3820 + * incremented each time we return an acl entry. */
3822 + for(keep_going = 0; keep_going < theacl->count; keep_going++)
3823 + link = link->nextp;
3825 + entry = *entry_p = link->entryp;
3827 + DEBUG(10,("*entry_p is %d\n",entry_p));
3828 + DEBUG(10,("*entry_p->ace_access is %d\n",entry->ace_access));
3830 + /* Increment count */
3832 + if(link->nextp == NULL)
3833 + theacl->count = -1;
3838 +int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
3840 + /* Initialize tag type */
3843 + DEBUG(10,("the tagtype is %d\n",entry_d->ace_id->id_type));
3845 + /* Depending on what type of entry we have, *
3846 + * return tag type. */
3847 + switch(entry_d->ace_id->id_type) {
3849 + *tag_type_p = SMB_ACL_USER;
3852 + *tag_type_p = SMB_ACL_GROUP;
3855 + case SMB_ACL_USER_OBJ:
3856 + case SMB_ACL_GROUP_OBJ:
3857 + case SMB_ACL_OTHER:
3858 + *tag_type_p = entry_d->ace_id->id_type;
3868 +int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
3870 + DEBUG(10,("Starting AIX sys_acl_get_permset\n"));
3871 + *permset_p = &entry_d->ace_access;
3872 + DEBUG(10,("**permset_p is %d\n",**permset_p));
3873 + if(!(**permset_p & S_IXUSR) &&
3874 + !(**permset_p & S_IWUSR) &&
3875 + !(**permset_p & S_IRUSR) &&
3876 + (**permset_p != 0))
3879 + DEBUG(10,("Ending AIX sys_acl_get_permset\n"));
3883 +void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
3885 + return(entry_d->ace_id->id_data);
3888 +SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
3890 + struct acl *file_acl = (struct acl *)NULL;
3891 + struct acl_entry *acl_entry;
3892 + struct new_acl_entry *new_acl_entry;
3893 + struct ace_id *idp;
3894 + struct acl_entry_link *acl_entry_link;
3895 + struct acl_entry_link *acl_entry_link_head;
3900 + /* AIX has no DEFAULT */
3901 + if ( type == SMB_ACL_TYPE_DEFAULT )
3904 + /* Get the acl using statacl */
3906 + DEBUG(10,("Entering sys_acl_get_file\n"));
3907 + DEBUG(10,("path_p is %s\n",path_p));
3909 + file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
3911 + if(file_acl == NULL) {
3913 + DEBUG(0,("Error in AIX sys_acl_get_file: %d\n",errno));
3917 + memset(file_acl,0,BUFSIZ);
3919 + rc = statacl((char *)path_p,0,file_acl,BUFSIZ);
3921 + DEBUG(0,("statacl returned %d with errno %d\n",rc,errno));
3922 + SAFE_FREE(file_acl);
3926 + DEBUG(10,("Got facl and returned it\n"));
3928 + /* Point to the first acl entry in the acl */
3929 + acl_entry = file_acl->acl_ext;
3931 + /* Begin setting up the head of the linked list *
3932 + * that will be used for the storing the acl *
3933 + * in a way that is useful for the posix_acls.c *
3936 + acl_entry_link_head = acl_entry_link = sys_acl_init(0);
3937 + if(acl_entry_link_head == NULL)
3940 + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
3941 + if(acl_entry_link->entryp == NULL) {
3942 + SAFE_FREE(file_acl);
3944 + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
3948 + DEBUG(10,("acl_entry is %d\n",acl_entry));
3949 + DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl)));
3951 + /* Check if the extended acl bit is on. *
3952 + * If it isn't, do not show the *
3953 + * contents of the acl since AIX intends *
3954 + * the extended info to remain unused */
3956 + if(file_acl->acl_mode & S_IXACL){
3957 + /* while we are not pointing to the very end */
3958 + while(acl_entry < acl_last(file_acl)) {
3959 + /* before we malloc anything, make sure this is */
3960 + /* a valid acl entry and one that we want to map */
3961 + idp = id_nxt(acl_entry->ace_id);
3962 + if((acl_entry->ace_type == ACC_SPECIFY ||
3963 + (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) {
3964 + acl_entry = acl_nxt(acl_entry);
3968 + idp = acl_entry->ace_id;
3970 + /* Check if this is the first entry in the linked list. *
3971 + * The first entry needs to keep prevp pointing to NULL *
3972 + * and already has entryp allocated. */
3974 + if(acl_entry_link_head->count != 0) {
3975 + acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
3977 + if(acl_entry_link->nextp == NULL) {
3978 + SAFE_FREE(file_acl);
3980 + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
3984 + acl_entry_link->nextp->prevp = acl_entry_link;
3985 + acl_entry_link = acl_entry_link->nextp;
3986 + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
3987 + if(acl_entry_link->entryp == NULL) {
3988 + SAFE_FREE(file_acl);
3990 + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
3993 + acl_entry_link->nextp = NULL;
3996 + acl_entry_link->entryp->ace_len = acl_entry->ace_len;
3998 + /* Don't really need this since all types are going *
3999 + * to be specified but, it's better than leaving it 0 */
4001 + acl_entry_link->entryp->ace_type = acl_entry->ace_type;
4003 + acl_entry_link->entryp->ace_access = acl_entry->ace_access;
4005 + memcpy(acl_entry_link->entryp->ace_id,idp,sizeof(struct ace_id));
4007 + /* The access in the acl entries must be left shifted by *
4008 + * three bites, because they will ultimately be compared *
4009 + * to S_IRUSR, S_IWUSR, and S_IXUSR. */
4011 + switch(acl_entry->ace_type){
4014 + acl_entry_link->entryp->ace_access = acl_entry->ace_access;
4015 + acl_entry_link->entryp->ace_access <<= 6;
4016 + acl_entry_link_head->count++;
4019 + /* Since there is no way to return a DENY acl entry *
4020 + * change to PERMIT and then shift. */
4021 + DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access));
4022 + acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7;
4023 + DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access));
4024 + acl_entry_link->entryp->ace_access <<= 6;
4025 + acl_entry_link_head->count++;
4031 + DEBUG(10,("acl_entry = %d\n",acl_entry));
4032 + DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type));
4034 + acl_entry = acl_nxt(acl_entry);
4036 + } /* end of if enabled */
4038 + /* Since owner, group, other acl entries are not *
4039 + * part of the acl entries in an acl, they must *
4040 + * be dummied up to become part of the list. */
4042 + for( i = 1; i < 4; i++) {
4043 + DEBUG(10,("i is %d\n",i));
4044 + if(acl_entry_link_head->count != 0) {
4045 + acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
4046 + if(acl_entry_link->nextp == NULL) {
4047 + SAFE_FREE(file_acl);
4049 + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
4053 + acl_entry_link->nextp->prevp = acl_entry_link;
4054 + acl_entry_link = acl_entry_link->nextp;
4055 + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
4056 + if(acl_entry_link->entryp == NULL) {
4057 + SAFE_FREE(file_acl);
4059 + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
4064 + acl_entry_link->nextp = NULL;
4066 + new_acl_entry = acl_entry_link->entryp;
4067 + idp = new_acl_entry->ace_id;
4069 + new_acl_entry->ace_len = sizeof(struct acl_entry);
4070 + new_acl_entry->ace_type = ACC_PERMIT;
4071 + idp->id_len = sizeof(struct ace_id);
4072 + DEBUG(10,("idp->id_len = %d\n",idp->id_len));
4073 + memset(idp->id_data,0,sizeof(uid_t));
4077 + new_acl_entry->ace_access = file_acl->g_access << 6;
4078 + idp->id_type = SMB_ACL_GROUP_OBJ;
4082 + new_acl_entry->ace_access = file_acl->o_access << 6;
4083 + idp->id_type = SMB_ACL_OTHER;
4087 + new_acl_entry->ace_access = file_acl->u_access << 6;
4088 + idp->id_type = SMB_ACL_USER_OBJ;
4096 + acl_entry_link_head->count++;
4097 + DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access));
4100 + acl_entry_link_head->count = 0;
4101 + SAFE_FREE(file_acl);
4103 + return(acl_entry_link_head);
4106 +SMB_ACL_T sys_acl_get_fd(int fd)
4108 + struct acl *file_acl = (struct acl *)NULL;
4109 + struct acl_entry *acl_entry;
4110 + struct new_acl_entry *new_acl_entry;
4111 + struct ace_id *idp;
4112 + struct acl_entry_link *acl_entry_link;
4113 + struct acl_entry_link *acl_entry_link_head;
4118 + /* Get the acl using fstatacl */
4120 + DEBUG(10,("Entering sys_acl_get_fd\n"));
4121 + DEBUG(10,("fd is %d\n",fd));
4122 + file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
4124 + if(file_acl == NULL) {
4126 + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
4130 + memset(file_acl,0,BUFSIZ);
4132 + rc = fstatacl(fd,0,file_acl,BUFSIZ);
4134 + DEBUG(0,("The fstatacl call returned %d with errno %d\n",rc,errno));
4135 + SAFE_FREE(file_acl);
4139 + DEBUG(10,("Got facl and returned it\n"));
4141 + /* Point to the first acl entry in the acl */
4143 + acl_entry = file_acl->acl_ext;
4144 + /* Begin setting up the head of the linked list *
4145 + * that will be used for the storing the acl *
4146 + * in a way that is useful for the posix_acls.c *
4149 + acl_entry_link_head = acl_entry_link = sys_acl_init(0);
4150 + if(acl_entry_link_head == NULL){
4151 + SAFE_FREE(file_acl);
4155 + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
4157 + if(acl_entry_link->entryp == NULL) {
4159 + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
4160 + SAFE_FREE(file_acl);
4164 + DEBUG(10,("acl_entry is %d\n",acl_entry));
4165 + DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl)));
4167 + /* Check if the extended acl bit is on. *
4168 + * If it isn't, do not show the *
4169 + * contents of the acl since AIX intends *
4170 + * the extended info to remain unused */
4172 + if(file_acl->acl_mode & S_IXACL){
4173 + /* while we are not pointing to the very end */
4174 + while(acl_entry < acl_last(file_acl)) {
4175 + /* before we malloc anything, make sure this is */
4176 + /* a valid acl entry and one that we want to map */
4178 + idp = id_nxt(acl_entry->ace_id);
4179 + if((acl_entry->ace_type == ACC_SPECIFY ||
4180 + (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) {
4181 + acl_entry = acl_nxt(acl_entry);
4185 + idp = acl_entry->ace_id;
4187 + /* Check if this is the first entry in the linked list. *
4188 + * The first entry needs to keep prevp pointing to NULL *
4189 + * and already has entryp allocated. */
4191 + if(acl_entry_link_head->count != 0) {
4192 + acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
4193 + if(acl_entry_link->nextp == NULL) {
4195 + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
4196 + SAFE_FREE(file_acl);
4199 + acl_entry_link->nextp->prevp = acl_entry_link;
4200 + acl_entry_link = acl_entry_link->nextp;
4201 + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
4202 + if(acl_entry_link->entryp == NULL) {
4204 + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
4205 + SAFE_FREE(file_acl);
4209 + acl_entry_link->nextp = NULL;
4212 + acl_entry_link->entryp->ace_len = acl_entry->ace_len;
4214 + /* Don't really need this since all types are going *
4215 + * to be specified but, it's better than leaving it 0 */
4217 + acl_entry_link->entryp->ace_type = acl_entry->ace_type;
4218 + acl_entry_link->entryp->ace_access = acl_entry->ace_access;
4220 + memcpy(acl_entry_link->entryp->ace_id, idp, sizeof(struct ace_id));
4222 + /* The access in the acl entries must be left shifted by *
4223 + * three bites, because they will ultimately be compared *
4224 + * to S_IRUSR, S_IWUSR, and S_IXUSR. */
4226 + switch(acl_entry->ace_type){
4229 + acl_entry_link->entryp->ace_access = acl_entry->ace_access;
4230 + acl_entry_link->entryp->ace_access <<= 6;
4231 + acl_entry_link_head->count++;
4234 + /* Since there is no way to return a DENY acl entry *
4235 + * change to PERMIT and then shift. */
4236 + DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access));
4237 + acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7;
4238 + DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access));
4239 + acl_entry_link->entryp->ace_access <<= 6;
4240 + acl_entry_link_head->count++;
4246 + DEBUG(10,("acl_entry = %d\n",acl_entry));
4247 + DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type));
4249 + acl_entry = acl_nxt(acl_entry);
4251 + } /* end of if enabled */
4253 + /* Since owner, group, other acl entries are not *
4254 + * part of the acl entries in an acl, they must *
4255 + * be dummied up to become part of the list. */
4257 + for( i = 1; i < 4; i++) {
4258 + DEBUG(10,("i is %d\n",i));
4259 + if(acl_entry_link_head->count != 0){
4260 + acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
4261 + if(acl_entry_link->nextp == NULL) {
4263 + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
4264 + SAFE_FREE(file_acl);
4268 + acl_entry_link->nextp->prevp = acl_entry_link;
4269 + acl_entry_link = acl_entry_link->nextp;
4270 + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
4272 + if(acl_entry_link->entryp == NULL) {
4273 + SAFE_FREE(file_acl);
4275 + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
4280 + acl_entry_link->nextp = NULL;
4282 + new_acl_entry = acl_entry_link->entryp;
4283 + idp = new_acl_entry->ace_id;
4285 + new_acl_entry->ace_len = sizeof(struct acl_entry);
4286 + new_acl_entry->ace_type = ACC_PERMIT;
4287 + idp->id_len = sizeof(struct ace_id);
4288 + DEBUG(10,("idp->id_len = %d\n",idp->id_len));
4289 + memset(idp->id_data,0,sizeof(uid_t));
4293 + new_acl_entry->ace_access = file_acl->g_access << 6;
4294 + idp->id_type = SMB_ACL_GROUP_OBJ;
4298 + new_acl_entry->ace_access = file_acl->o_access << 6;
4299 + idp->id_type = SMB_ACL_OTHER;
4303 + new_acl_entry->ace_access = file_acl->u_access << 6;
4304 + idp->id_type = SMB_ACL_USER_OBJ;
4311 + acl_entry_link_head->count++;
4312 + DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access));
4315 + acl_entry_link_head->count = 0;
4316 + SAFE_FREE(file_acl);
4318 + return(acl_entry_link_head);
4321 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
4323 + *permset = *permset & ~0777;
4327 +int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
4330 + (perm & (S_IXUSR | S_IWUSR | S_IRUSR)) == 0)
4334 + DEBUG(10,("This is the permset now: %d\n",*permset));
4338 +char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen)
4343 +SMB_ACL_T sys_acl_init( int count)
4345 + struct acl_entry_link *theacl = NULL;
4347 + DEBUG(10,("Entering sys_acl_init\n"));
4349 + theacl = SMB_MALLOC_P(struct acl_entry_link);
4350 + if(theacl == NULL) {
4352 + DEBUG(0,("Error in sys_acl_init is %d\n",errno));
4356 + theacl->count = 0;
4357 + theacl->nextp = NULL;
4358 + theacl->prevp = NULL;
4359 + theacl->entryp = NULL;
4360 + DEBUG(10,("Exiting sys_acl_init\n"));
4364 +int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
4366 + struct acl_entry_link *theacl;
4367 + struct acl_entry_link *acl_entryp;
4368 + struct acl_entry_link *temp_entry;
4371 + DEBUG(10,("Entering the sys_acl_create_entry\n"));
4373 + theacl = acl_entryp = *pacl;
4375 + /* Get to the end of the acl before adding entry */
4377 + for(counting=0; counting < theacl->count; counting++){
4378 + DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
4379 + temp_entry = acl_entryp;
4380 + acl_entryp = acl_entryp->nextp;
4383 + if(theacl->count != 0){
4384 + temp_entry->nextp = acl_entryp = SMB_MALLOC_P(struct acl_entry_link);
4385 + if(acl_entryp == NULL) {
4387 + DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
4391 + DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
4392 + acl_entryp->prevp = temp_entry;
4393 + DEBUG(10,("The acl_entryp->prevp is %d\n",acl_entryp->prevp));
4396 + *pentry = acl_entryp->entryp = SMB_MALLOC_P(struct new_acl_entry);
4397 + if(*pentry == NULL) {
4399 + DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
4403 + memset(*pentry,0,sizeof(struct new_acl_entry));
4404 + acl_entryp->entryp->ace_len = sizeof(struct acl_entry);
4405 + acl_entryp->entryp->ace_type = ACC_PERMIT;
4406 + acl_entryp->entryp->ace_id->id_len = sizeof(struct ace_id);
4407 + acl_entryp->nextp = NULL;
4409 + DEBUG(10,("Exiting sys_acl_create_entry\n"));
4413 +int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
4415 + DEBUG(10,("Starting AIX sys_acl_set_tag_type\n"));
4416 + entry->ace_id->id_type = tagtype;
4417 + DEBUG(10,("The tag type is %d\n",entry->ace_id->id_type));
4418 + DEBUG(10,("Ending AIX sys_acl_set_tag_type\n"));
4421 +int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
4423 + DEBUG(10,("Starting AIX sys_acl_set_qualifier\n"));
4424 + memcpy(entry->ace_id->id_data,qual,sizeof(uid_t));
4425 + DEBUG(10,("Ending AIX sys_acl_set_qualifier\n"));
4429 +int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
4431 + DEBUG(10,("Starting AIX sys_acl_set_permset\n"));
4432 + if(!(*permset & S_IXUSR) &&
4433 + !(*permset & S_IWUSR) &&
4434 + !(*permset & S_IRUSR) &&
4438 + entry->ace_access = *permset;
4439 + DEBUG(10,("entry->ace_access = %d\n",entry->ace_access));
4440 + DEBUG(10,("Ending AIX sys_acl_set_permset\n"));
4444 +int sys_acl_valid( SMB_ACL_T theacl )
4447 + int group_obj = 0;
4448 + int other_obj = 0;
4449 + struct acl_entry_link *acl_entry;
4451 + for(acl_entry=theacl; acl_entry != NULL; acl_entry = acl_entry->nextp) {
4452 + user_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_USER_OBJ);
4453 + group_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_GROUP_OBJ);
4454 + other_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_OTHER);
4457 + DEBUG(10,("user_obj=%d, group_obj=%d, other_obj=%d\n",user_obj,group_obj,other_obj));
4459 + if(user_obj != 1 || group_obj != 1 || other_obj != 1)
4465 +int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
4467 + struct acl_entry_link *acl_entry_link = NULL;
4468 + struct acl *file_acl = NULL;
4469 + struct acl *file_acl_temp = NULL;
4470 + struct acl_entry *acl_entry = NULL;
4471 + struct ace_id *ace_id = NULL;
4478 + DEBUG(10,("Entering sys_acl_set_file\n"));
4479 + DEBUG(10,("File name is %s\n",name));
4481 + /* AIX has no default ACL */
4482 + if(acltype == SMB_ACL_TYPE_DEFAULT)
4485 + acl_length = BUFSIZ;
4486 + file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
4488 + if(file_acl == NULL) {
4490 + DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
4494 + memset(file_acl,0,BUFSIZ);
4496 + file_acl->acl_len = ACL_SIZ;
4497 + file_acl->acl_mode = S_IXACL;
4499 + for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
4500 + acl_entry_link->entryp->ace_access >>= 6;
4501 + id_type = acl_entry_link->entryp->ace_id->id_type;
4504 + case SMB_ACL_USER_OBJ:
4505 + file_acl->u_access = acl_entry_link->entryp->ace_access;
4507 + case SMB_ACL_GROUP_OBJ:
4508 + file_acl->g_access = acl_entry_link->entryp->ace_access;
4510 + case SMB_ACL_OTHER:
4511 + file_acl->o_access = acl_entry_link->entryp->ace_access;
4513 + case SMB_ACL_MASK:
4517 + if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
4518 + acl_length += sizeof(struct acl_entry);
4519 + file_acl_temp = (struct acl *)SMB_MALLOC(acl_length);
4520 + if(file_acl_temp == NULL) {
4521 + SAFE_FREE(file_acl);
4523 + DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
4527 + memcpy(file_acl_temp,file_acl,file_acl->acl_len);
4528 + SAFE_FREE(file_acl);
4529 + file_acl = file_acl_temp;
4532 + acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
4533 + file_acl->acl_len += sizeof(struct acl_entry);
4534 + acl_entry->ace_len = acl_entry_link->entryp->ace_len;
4535 + acl_entry->ace_access = acl_entry_link->entryp->ace_access;
4537 + /* In order to use this, we'll need to wait until we can get denies */
4538 + /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
4539 + acl_entry->ace_type = ACC_SPECIFY; */
4541 + acl_entry->ace_type = ACC_SPECIFY;
4543 + ace_id = acl_entry->ace_id;
4545 + ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
4546 + DEBUG(10,("The id type is %d\n",ace_id->id_type));
4547 + ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
4548 + memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t));
4549 + memcpy(acl_entry->ace_id->id_data, &user_id, sizeof(uid_t));
4552 + rc = chacl(name,file_acl,file_acl->acl_len);
4553 + DEBUG(10,("errno is %d\n",errno));
4554 + DEBUG(10,("return code is %d\n",rc));
4555 + SAFE_FREE(file_acl);
4556 + DEBUG(10,("Exiting the sys_acl_set_file\n"));
4560 +int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
4562 + struct acl_entry_link *acl_entry_link = NULL;
4563 + struct acl *file_acl = NULL;
4564 + struct acl *file_acl_temp = NULL;
4565 + struct acl_entry *acl_entry = NULL;
4566 + struct ace_id *ace_id = NULL;
4572 + DEBUG(10,("Entering sys_acl_set_fd\n"));
4573 + acl_length = BUFSIZ;
4574 + file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
4576 + if(file_acl == NULL) {
4578 + DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
4582 + memset(file_acl,0,BUFSIZ);
4584 + file_acl->acl_len = ACL_SIZ;
4585 + file_acl->acl_mode = S_IXACL;
4587 + for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
4588 + acl_entry_link->entryp->ace_access >>= 6;
4589 + id_type = acl_entry_link->entryp->ace_id->id_type;
4590 + DEBUG(10,("The id_type is %d\n",id_type));
4593 + case SMB_ACL_USER_OBJ:
4594 + file_acl->u_access = acl_entry_link->entryp->ace_access;
4596 + case SMB_ACL_GROUP_OBJ:
4597 + file_acl->g_access = acl_entry_link->entryp->ace_access;
4599 + case SMB_ACL_OTHER:
4600 + file_acl->o_access = acl_entry_link->entryp->ace_access;
4602 + case SMB_ACL_MASK:
4606 + if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
4607 + acl_length += sizeof(struct acl_entry);
4608 + file_acl_temp = (struct acl *)SMB_MALLOC(acl_length);
4609 + if(file_acl_temp == NULL) {
4610 + SAFE_FREE(file_acl);
4612 + DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
4616 + memcpy(file_acl_temp,file_acl,file_acl->acl_len);
4617 + SAFE_FREE(file_acl);
4618 + file_acl = file_acl_temp;
4621 + acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
4622 + file_acl->acl_len += sizeof(struct acl_entry);
4623 + acl_entry->ace_len = acl_entry_link->entryp->ace_len;
4624 + acl_entry->ace_access = acl_entry_link->entryp->ace_access;
4626 + /* In order to use this, we'll need to wait until we can get denies */
4627 + /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
4628 + acl_entry->ace_type = ACC_SPECIFY; */
4630 + acl_entry->ace_type = ACC_SPECIFY;
4632 + ace_id = acl_entry->ace_id;
4634 + ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
4635 + DEBUG(10,("The id type is %d\n",ace_id->id_type));
4636 + ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
4637 + memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t));
4638 + memcpy(ace_id->id_data, &user_id, sizeof(uid_t));
4641 + rc = fchacl(fd,file_acl,file_acl->acl_len);
4642 + DEBUG(10,("errno is %d\n",errno));
4643 + DEBUG(10,("return code is %d\n",rc));
4644 + SAFE_FREE(file_acl);
4645 + DEBUG(10,("Exiting sys_acl_set_fd\n"));
4649 +int sys_acl_delete_def_file(const char *name)
4651 + /* AIX has no default ACL */
4655 +int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
4657 + return(*permset & perm);
4660 +int sys_acl_free_text(char *text)
4665 +int sys_acl_free_acl(SMB_ACL_T posix_acl)
4667 + struct acl_entry_link *acl_entry_link;
4669 + for(acl_entry_link = posix_acl->nextp; acl_entry_link->nextp != NULL; acl_entry_link = acl_entry_link->nextp) {
4670 + SAFE_FREE(acl_entry_link->prevp->entryp);
4671 + SAFE_FREE(acl_entry_link->prevp);
4674 + SAFE_FREE(acl_entry_link->prevp->entryp);
4675 + SAFE_FREE(acl_entry_link->prevp);
4676 + SAFE_FREE(acl_entry_link->entryp);
4677 + SAFE_FREE(acl_entry_link);
4682 +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
4687 +#else /* No ACLs. */
4689 +int sys_acl_get_entry(UNUSED(SMB_ACL_T the_acl), UNUSED(int entry_id), UNUSED(SMB_ACL_ENTRY_T *entry_p))
4695 +int sys_acl_get_tag_type(UNUSED(SMB_ACL_ENTRY_T entry_d), UNUSED(SMB_ACL_TAG_T *tag_type_p))
4701 +int sys_acl_get_permset(UNUSED(SMB_ACL_ENTRY_T entry_d), UNUSED(SMB_ACL_PERMSET_T *permset_p))
4707 +void *sys_acl_get_qualifier(UNUSED(SMB_ACL_ENTRY_T entry_d))
4713 +SMB_ACL_T sys_acl_get_file(UNUSED(const char *path_p), UNUSED(SMB_ACL_TYPE_T type))
4716 + return (SMB_ACL_T)NULL;
4719 +SMB_ACL_T sys_acl_get_fd(UNUSED(int fd))
4722 + return (SMB_ACL_T)NULL;
4725 +int sys_acl_clear_perms(UNUSED(SMB_ACL_PERMSET_T permset))
4731 +int sys_acl_add_perm( UNUSED(SMB_ACL_PERMSET_T permset), UNUSED(SMB_ACL_PERM_T perm))
4737 +int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
4740 + return (permset & perm) ? 1 : 0;
4743 +char *sys_acl_to_text(UNUSED(SMB_ACL_T the_acl), UNUSED(ssize_t *plen))
4749 +int sys_acl_free_text(UNUSED(char *text))
4755 +SMB_ACL_T sys_acl_init(UNUSED(int count))
4761 +int sys_acl_create_entry(UNUSED(SMB_ACL_T *pacl), UNUSED(SMB_ACL_ENTRY_T *pentry))
4767 +int sys_acl_set_tag_type(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(SMB_ACL_TAG_T tagtype))
4773 +int sys_acl_set_qualifier(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(void *qual))
4779 +int sys_acl_set_permset(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(SMB_ACL_PERMSET_T permset))
4785 +int sys_acl_valid(UNUSED(SMB_ACL_T theacl))
4791 +int sys_acl_set_file(UNUSED(const char *name), UNUSED(SMB_ACL_TYPE_T acltype), UNUSED(SMB_ACL_T theacl))
4797 +int sys_acl_set_fd(UNUSED(int fd), UNUSED(SMB_ACL_T theacl))
4803 +int sys_acl_delete_def_file(UNUSED(const char *name))
4809 +int sys_acl_free_acl(UNUSED(SMB_ACL_T the_acl))
4815 +int sys_acl_free_qualifier(UNUSED(void *qual), UNUSED(SMB_ACL_TAG_T tagtype))
4821 +#endif /* No ACLs. */
4823 +/************************************************************************
4824 + Deliberately outside the ACL defines. Return 1 if this is a "no acls"
4826 +************************************************************************/
4828 +int no_acl_syscall_error(int err)
4830 +#if defined(ENOSYS)
4831 + if (err == ENOSYS) {
4835 +#if defined(ENOTSUP)
4836 + if (err == ENOTSUP) {
4842 --- old/lib/sysacls.h
4843 +++ new/lib/sysacls.h
4845 +#define SMB_MALLOC(cnt) new_array(char, cnt)
4846 +#define SMB_MALLOC_P(obj) new_array(obj, 1)
4847 +#define SMB_MALLOC_ARRAY(obj, cnt) new_array(obj, cnt)
4848 +#define SMB_REALLOC(mem, cnt) realloc_array(mem, char, cnt)
4849 +#define slprintf snprintf
4851 +int sys_acl_get_entry(SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p);
4852 +int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p);
4853 +int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p);
4854 +void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d);
4855 +SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type);
4856 +SMB_ACL_T sys_acl_get_fd(int fd);
4857 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset);
4858 +int sys_acl_add_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
4859 +int sys_acl_get_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
4860 +char *sys_acl_to_text(SMB_ACL_T the_acl, ssize_t *plen);
4861 +SMB_ACL_T sys_acl_init(int count);
4862 +int sys_acl_create_entry(SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry);
4863 +int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype);
4864 +int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry, void *qual);
4865 +int sys_acl_set_permset(SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset);
4866 +int sys_acl_valid(SMB_ACL_T theacl);
4867 +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);
4868 +int sys_acl_set_fd(int fd, SMB_ACL_T theacl);
4869 +int sys_acl_delete_def_file(const char *name);
4870 +int sys_acl_free_text(char *text);
4871 +int sys_acl_free_acl(SMB_ACL_T the_acl);
4872 +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype);
4875 @@ -58,7 +58,7 @@ BEGIN {
4879 -!/^OFF_T|^size_t|^off_t|^pid_t|^unsigned|^mode_t|^DIR|^user|^int|^char|^uint|^uchar|^short|^struct|^BOOL|^void|^time|^const|^RETSIGTYPE/ {
4880 +!/^OFF_T|^size_t|^off_t|^pid_t|^id_t|^unsigned|^mode_t|^DIR|^user|^int|^char|^uint|^uchar|^short|^struct|^BOOL|^void|^time|^const|^RETSIGTYPE/ {
4886 @@ -45,6 +45,7 @@ int copy_dirlinks = 0;
4888 int preserve_links = 0;
4889 int preserve_hard_links = 0;
4890 +int preserve_acls = 0;
4891 int preserve_perms = 0;
4892 int preserve_executability = 0;
4893 int preserve_devices = 0;
4894 @@ -194,6 +195,7 @@ static void print_rsync_version(enum log
4895 char const *got_socketpair = "no ";
4896 char const *have_inplace = "no ";
4897 char const *hardlinks = "no ";
4898 + char const *acls = "no ";
4899 char const *links = "no ";
4900 char const *ipv6 = "no ";
4901 STRUCT_STAT *dumstat;
4902 @@ -210,6 +212,10 @@ static void print_rsync_version(enum log
4906 +#ifdef SUPPORT_ACLS
4910 #ifdef SUPPORT_LINKS
4913 @@ -223,9 +229,9 @@ static void print_rsync_version(enum log
4914 rprintf(f, "Copyright (C) 1996-2006 by Andrew Tridgell, Wayne Davison, and others.\n");
4915 rprintf(f, "<http://rsync.samba.org/>\n");
4916 rprintf(f, "Capabilities: %d-bit files, %ssocketpairs, "
4917 - "%shard links, %ssymlinks, batchfiles,\n",
4918 + "%shard links, %sACLs, %ssymlinks, batchfiles,\n",
4919 (int) (sizeof (OFF_T) * 8),
4920 - got_socketpair, hardlinks, links);
4921 + got_socketpair, hardlinks, acls, links);
4923 /* Note that this field may not have type ino_t. It depends
4924 * on the complicated interaction between largefile feature
4925 @@ -295,6 +301,9 @@ void usage(enum logcode F)
4926 rprintf(F," -H, --hard-links preserve hard links\n");
4927 rprintf(F," -p, --perms preserve permissions\n");
4928 rprintf(F," -E, --executability preserve the file's executability\n");
4929 +#ifdef SUPPORT_ACLS
4930 + rprintf(F," -A, --acls preserve ACLs (implies --perms)\n");
4932 rprintf(F," --chmod=CHMOD change destination permissions\n");
4933 rprintf(F," -o, --owner preserve owner (super-user only)\n");
4934 rprintf(F," -g, --group preserve group\n");
4935 @@ -410,6 +419,9 @@ static struct poptOption long_options[]
4936 {"no-perms", 0, POPT_ARG_VAL, &preserve_perms, 0, 0, 0 },
4937 {"no-p", 0, POPT_ARG_VAL, &preserve_perms, 0, 0, 0 },
4938 {"executability", 'E', POPT_ARG_NONE, &preserve_executability, 0, 0, 0 },
4939 + {"acls", 'A', POPT_ARG_NONE, 0, 'A', 0, 0 },
4940 + {"no-acls", 0, POPT_ARG_VAL, &preserve_acls, 0, 0, 0 },
4941 + {"no-A", 0, POPT_ARG_VAL, &preserve_acls, 0, 0, 0 },
4942 {"times", 't', POPT_ARG_VAL, &preserve_times, 1, 0, 0 },
4943 {"no-times", 0, POPT_ARG_VAL, &preserve_times, 0, 0, 0 },
4944 {"no-t", 0, POPT_ARG_VAL, &preserve_times, 0, 0, 0 },
4945 @@ -1068,6 +1080,24 @@ int parse_arguments(int *argc, const cha
4950 +#ifdef SUPPORT_ACLS
4952 + preserve_perms = 1;
4955 + /* FIXME: this should probably be ignored with a
4956 + * warning and then countermeasures taken to
4957 + * restrict group and other access in the presence
4958 + * of any more restrictive ACLs, but this is safe
4960 + snprintf(err_buf,sizeof(err_buf),
4961 + "ACLs are not supported on this %s\n",
4962 + am_server ? "server" : "client");
4968 /* A large opt value means that set_refuse_options()
4969 * turned this option off. */
4970 @@ -1511,6 +1541,10 @@ void server_options(char **args,int *arg
4972 if (preserve_hard_links)
4974 +#ifdef SUPPORT_ACLS
4975 + if (preserve_acls)
4976 + argstr[x++] = 'A';
4983 @@ -46,6 +46,7 @@ extern int keep_partial;
4984 extern int checksum_seed;
4986 extern int delay_updates;
4987 +extern mode_t orig_umask;
4988 extern struct stats stats;
4989 extern char *log_format;
4990 extern char *tmpdir;
4991 @@ -344,6 +345,10 @@ int recv_files(int f_in, struct file_lis
4992 int itemizing = am_daemon ? daemon_log_format_has_i
4993 : !am_server && log_format_has_i;
4994 int max_phase = protocol_version >= 29 ? 2 : 1;
4995 + int dflt_perms = (ACCESSPERMS & ~orig_umask);
4996 +#ifdef SUPPORT_ACLS
4997 + char *parent_dirname = "";
5002 @@ -541,7 +546,16 @@ int recv_files(int f_in, struct file_lis
5003 * mode based on the local permissions and some heuristics. */
5004 if (!preserve_perms) {
5005 int exists = fd1 != -1;
5006 - file->mode = dest_mode(file->mode, st.st_mode, exists);
5007 +#ifdef SUPPORT_ACLS
5008 + char *dn = file->dirname ? file->dirname : ".";
5009 + if (parent_dirname != dn
5010 + && strcmp(parent_dirname, dn) != 0) {
5011 + dflt_perms = default_perms_for_dir(dn);
5012 + parent_dirname = dn;
5015 + file->mode = dest_mode(file->mode, st.st_mode,
5016 + dflt_perms, exists);
5019 /* We now check to see if we are writing file "inplace" */
5025 extern int daemon_log_format_has_i;
5026 +extern int preserve_acls;
5027 extern int preserve_perms;
5028 extern int preserve_executability;
5029 extern int preserve_times;
5030 @@ -101,7 +102,8 @@ void free_sums(struct sum_struct *s)
5032 /* This is only called when we aren't preserving permissions. Figure out what
5033 * the permissions should be and return them merged back into the mode. */
5034 -mode_t dest_mode(mode_t flist_mode, mode_t cur_mode, int exists)
5035 +mode_t dest_mode(mode_t flist_mode, mode_t cur_mode, int dflt_perms,
5038 /* If the file already exists, we'll return the local permissions,
5039 * possibly tweaked by the --executability option. */
5040 @@ -116,7 +118,7 @@ mode_t dest_mode(mode_t flist_mode, mode
5041 cur_mode |= (cur_mode & 0444) >> 2;
5044 - cur_mode = flist_mode & ACCESSPERMS & ~orig_umask;
5045 + cur_mode = flist_mode & ACCESSPERMS & dflt_perms;
5046 if (daemon_chmod_modes && !S_ISLNK(flist_mode))
5047 cur_mode = tweak_mode(cur_mode, daemon_chmod_modes);
5048 return (flist_mode & ~CHMOD_BITS) | (cur_mode & CHMOD_BITS);
5049 @@ -203,6 +205,17 @@ int set_file_attrs(char *fname, struct f
5053 +#ifdef SUPPORT_ACLS
5054 + /* It's OK to call set_acl() now, even for a dir, as the generator
5055 + * will enable owner-writability using chmod, if necessary.
5057 + * If set_acl changes permission bits in the process of setting
5058 + * an access ACL, it changes st->st_mode so we know whether we
5059 + * need to chmod. */
5060 + if (preserve_acls && set_acl(fname, file, &st->st_mode) == 0)
5065 if ((st->st_mode & CHMOD_BITS) != (file->mode & CHMOD_BITS)) {
5066 int ret = do_chmod(fname, file->mode);
5069 @@ -660,6 +660,20 @@ struct chmod_mode_struct;
5071 #define UNUSED(x) x __attribute__((__unused__))
5073 +#if HAVE_POSIX_ACLS|HAVE_UNIXWARE_ACLS|HAVE_SOLARIS_ACLS|\
5074 + HAVE_HPUX_ACLS|HAVE_IRIX_ACLS|HAVE_AIX_ACLS|HAVE_TRU64_ACLS
5075 +#define SUPPORT_ACLS 1
5078 +#if HAVE_UNIXWARE_ACLS|HAVE_SOLARIS_ACLS|HAVE_HPUX_ACLS
5079 +#define ACLS_NEED_MASK 1
5082 +#if defined SUPPORT_ACLS && defined HAVE_SYS_ACL_H
5083 +#include <sys/acl.h>
5085 +#include "smb_acls.h"
5089 /* We have replacement versions of these if they're missing. */
5092 @@ -321,6 +321,7 @@ to the detailed description below for a
5093 -H, --hard-links preserve hard links
5094 -p, --perms preserve permissions
5095 -E, --executability preserve executability
5096 + -A, --acls preserve ACLs (implies -p) [non-standard]
5097 --chmod=CHMOD change destination permissions
5098 -o, --owner preserve owner (super-user only)
5099 -g, --group preserve group
5100 @@ -742,7 +743,9 @@ quote(itemize(
5101 permissions, though the bf(--executability) option might change just
5102 the execute permission for the file.
5103 it() New files get their "normal" permission bits set to the source
5104 - file's permissions masked with the receiving end's umask setting, and
5105 + file's permissions masked with the receiving directory's default
5106 + permissions (either the receiving process's umask, or the permissions
5107 + specified via the destination directory's default ACL), and
5108 their special permission bits disabled except in the case where a new
5109 directory inherits a setgid bit from its parent directory.
5111 @@ -773,9 +776,11 @@ The preservation of the destination's se
5112 directories when bf(--perms) is off was added in rsync 2.6.7. Older rsync
5113 versions erroneously preserved the three special permission bits for
5114 newly-created files when bf(--perms) was off, while overriding the
5115 -destination's setgid bit setting on a newly-created directory. (Keep in
5116 -mind that it is the version of the receiving rsync that affects this
5118 +destination's setgid bit setting on a newly-created directory. Default ACL
5119 +observance was added to the ACL patch for rsync 2.6.7, so older (or
5120 +non-ACL-enabled) rsyncs use the umask even if default ACLs are present.
5121 +(Keep in mind that it is the version of the receiving rsync that affects
5124 dit(bf(-E, --executability)) This option causes rsync to preserve the
5125 executability (or non-executability) of regular files when bf(--perms) is
5126 @@ -793,6 +798,15 @@ quote(itemize(
5128 If bf(--perms) is enabled, this option is ignored.
5130 +dit(bf(-A, --acls)) This option causes rsync to update the destination
5131 +ACLs to be the same as the source ACLs. This nonstandard option only
5132 +works if the remote rsync also supports it. bf(--acls) implies bf(--perms).
5134 +Note also that an optimization of the ACL-sending protocol used by this
5135 +version makes it incompatible with sending files to an older ACL-enabled
5136 +rsync unless you double the bf(--acls) option (e.g. bf(-AA)). This
5137 +doubling is not needed when pulling files from an older rsync.
5139 dit(bf(--chmod)) This option tells rsync to apply one or more
5140 comma-separated "chmod" strings to the permission of the files in the
5141 transfer. The resulting value is treated as though it was the permissions
5146 + Unix SMB/Netbios implementation.
5148 + Portable SMB ACL interface
5149 + Copyright (C) Jeremy Allison 2000
5151 + This program is free software; you can redistribute it and/or modify
5152 + it under the terms of the GNU General Public License as published by
5153 + the Free Software Foundation; either version 2 of the License, or
5154 + (at your option) any later version.
5156 + This program is distributed in the hope that it will be useful,
5157 + but WITHOUT ANY WARRANTY; without even the implied warranty of
5158 + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
5159 + GNU General Public License for more details.
5161 + You should have received a copy of the GNU General Public License
5162 + along with this program; if not, write to the Free Software
5163 + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
5166 +#ifndef _SMB_ACLS_H
5167 +#define _SMB_ACLS_H
5169 +#if defined HAVE_POSIX_ACLS
5171 +/* This is an identity mapping (just remove the SMB_). */
5173 +#define SMB_ACL_TAG_T acl_tag_t
5174 +#define SMB_ACL_TYPE_T acl_type_t
5175 +#define SMB_ACL_PERMSET_T acl_permset_t
5176 +#define SMB_ACL_PERM_T acl_perm_t
5177 +#define SMB_ACL_READ ACL_READ
5178 +#define SMB_ACL_WRITE ACL_WRITE
5179 +#define SMB_ACL_EXECUTE ACL_EXECUTE
5181 +/* Types of ACLs. */
5182 +#define SMB_ACL_USER ACL_USER
5183 +#define SMB_ACL_USER_OBJ ACL_USER_OBJ
5184 +#define SMB_ACL_GROUP ACL_GROUP
5185 +#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ
5186 +#define SMB_ACL_OTHER ACL_OTHER
5187 +#define SMB_ACL_MASK ACL_MASK
5189 +#define SMB_ACL_T acl_t
5191 +#define SMB_ACL_ENTRY_T acl_entry_t
5193 +#define SMB_ACL_FIRST_ENTRY ACL_FIRST_ENTRY
5194 +#define SMB_ACL_NEXT_ENTRY ACL_NEXT_ENTRY
5196 +#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS
5197 +#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT
5199 +#elif defined HAVE_TRU64_ACLS
5201 +/* This is for DEC/Compaq Tru64 UNIX */
5203 +#define SMB_ACL_TAG_T acl_tag_t
5204 +#define SMB_ACL_TYPE_T acl_type_t
5205 +#define SMB_ACL_PERMSET_T acl_permset_t
5206 +#define SMB_ACL_PERM_T acl_perm_t
5207 +#define SMB_ACL_READ ACL_READ
5208 +#define SMB_ACL_WRITE ACL_WRITE
5209 +#define SMB_ACL_EXECUTE ACL_EXECUTE
5211 +/* Types of ACLs. */
5212 +#define SMB_ACL_USER ACL_USER
5213 +#define SMB_ACL_USER_OBJ ACL_USER_OBJ
5214 +#define SMB_ACL_GROUP ACL_GROUP
5215 +#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ
5216 +#define SMB_ACL_OTHER ACL_OTHER
5217 +#define SMB_ACL_MASK ACL_MASK
5219 +#define SMB_ACL_T acl_t
5221 +#define SMB_ACL_ENTRY_T acl_entry_t
5223 +#define SMB_ACL_FIRST_ENTRY 0
5224 +#define SMB_ACL_NEXT_ENTRY 1
5226 +#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS
5227 +#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT
5229 +#elif defined HAVE_UNIXWARE_ACLS || defined HAVE_SOLARIS_ACLS
5231 + * Donated by Michael Davidson <md@sco.COM> for UnixWare / OpenUNIX.
5232 + * Modified by Toomas Soome <tsoome@ut.ee> for Solaris.
5235 +/* SVR4.2 ES/MP ACLs */
5236 +typedef int SMB_ACL_TAG_T;
5237 +typedef int SMB_ACL_TYPE_T;
5238 +typedef ushort *SMB_ACL_PERMSET_T;
5239 +typedef ushort SMB_ACL_PERM_T;
5240 +#define SMB_ACL_READ 4
5241 +#define SMB_ACL_WRITE 2
5242 +#define SMB_ACL_EXECUTE 1
5244 +/* Types of ACLs. */
5245 +#define SMB_ACL_USER USER
5246 +#define SMB_ACL_USER_OBJ USER_OBJ
5247 +#define SMB_ACL_GROUP GROUP
5248 +#define SMB_ACL_GROUP_OBJ GROUP_OBJ
5249 +#define SMB_ACL_OTHER OTHER_OBJ
5250 +#define SMB_ACL_MASK CLASS_OBJ
5252 +typedef struct SMB_ACL_T {
5256 + struct acl acl[1];
5259 +typedef struct acl *SMB_ACL_ENTRY_T;
5261 +#define SMB_ACL_FIRST_ENTRY 0
5262 +#define SMB_ACL_NEXT_ENTRY 1
5264 +#define SMB_ACL_TYPE_ACCESS 0
5265 +#define SMB_ACL_TYPE_DEFAULT 1
5268 +#define SMB_ACL_LOSES_SPECIAL_MODE_BITS
5271 +#elif defined HAVE_HPUX_ACLS
5274 + * Based on the Solaris & UnixWare code.
5278 +#include <sys/aclv.h>
5280 +/* SVR4.2 ES/MP ACLs */
5281 +typedef int SMB_ACL_TAG_T;
5282 +typedef int SMB_ACL_TYPE_T;
5283 +typedef ushort *SMB_ACL_PERMSET_T;
5284 +typedef ushort SMB_ACL_PERM_T;
5285 +#define SMB_ACL_READ 4
5286 +#define SMB_ACL_WRITE 2
5287 +#define SMB_ACL_EXECUTE 1
5289 +/* Types of ACLs. */
5290 +#define SMB_ACL_USER USER
5291 +#define SMB_ACL_USER_OBJ USER_OBJ
5292 +#define SMB_ACL_GROUP GROUP
5293 +#define SMB_ACL_GROUP_OBJ GROUP_OBJ
5294 +#define SMB_ACL_OTHER OTHER_OBJ
5295 +#define SMB_ACL_MASK CLASS_OBJ
5297 +typedef struct SMB_ACL_T {
5301 + struct acl acl[1];
5304 +typedef struct acl *SMB_ACL_ENTRY_T;
5306 +#define SMB_ACL_FIRST_ENTRY 0
5307 +#define SMB_ACL_NEXT_ENTRY 1
5309 +#define SMB_ACL_TYPE_ACCESS 0
5310 +#define SMB_ACL_TYPE_DEFAULT 1
5312 +#elif defined HAVE_IRIX_ACLS
5314 +#define SMB_ACL_TAG_T acl_tag_t
5315 +#define SMB_ACL_TYPE_T acl_type_t
5316 +#define SMB_ACL_PERMSET_T acl_permset_t
5317 +#define SMB_ACL_PERM_T acl_perm_t
5318 +#define SMB_ACL_READ ACL_READ
5319 +#define SMB_ACL_WRITE ACL_WRITE
5320 +#define SMB_ACL_EXECUTE ACL_EXECUTE
5322 +/* Types of ACLs. */
5323 +#define SMB_ACL_USER ACL_USER
5324 +#define SMB_ACL_USER_OBJ ACL_USER_OBJ
5325 +#define SMB_ACL_GROUP ACL_GROUP
5326 +#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ
5327 +#define SMB_ACL_OTHER ACL_OTHER_OBJ
5328 +#define SMB_ACL_MASK ACL_MASK
5330 +typedef struct SMB_ACL_T {
5336 +#define SMB_ACL_ENTRY_T acl_entry_t
5338 +#define SMB_ACL_FIRST_ENTRY 0
5339 +#define SMB_ACL_NEXT_ENTRY 1
5341 +#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS
5342 +#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT
5344 +#elif defined HAVE_AIX_ACLS
5346 +/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
5348 +#include "/usr/include/acl.h"
5350 +typedef uint *SMB_ACL_PERMSET_T;
5352 +struct acl_entry_link{
5353 + struct acl_entry_link *prevp;
5354 + struct new_acl_entry *entryp;
5355 + struct acl_entry_link *nextp;
5359 +struct new_acl_entry{
5360 + unsigned short ace_len;
5361 + unsigned short ace_type;
5362 + unsigned int ace_access;
5363 + struct ace_id ace_id[1];
5366 +#define SMB_ACL_ENTRY_T struct new_acl_entry*
5367 +#define SMB_ACL_T struct acl_entry_link*
5369 +#define SMB_ACL_TAG_T unsigned short
5370 +#define SMB_ACL_TYPE_T int
5371 +#define SMB_ACL_PERM_T uint
5372 +#define SMB_ACL_READ S_IRUSR
5373 +#define SMB_ACL_WRITE S_IWUSR
5374 +#define SMB_ACL_EXECUTE S_IXUSR
5376 +/* Types of ACLs. */
5377 +#define SMB_ACL_USER ACEID_USER
5378 +#define SMB_ACL_USER_OBJ 3
5379 +#define SMB_ACL_GROUP ACEID_GROUP
5380 +#define SMB_ACL_GROUP_OBJ 4
5381 +#define SMB_ACL_OTHER 5
5382 +#define SMB_ACL_MASK 6
5385 +#define SMB_ACL_FIRST_ENTRY 1
5386 +#define SMB_ACL_NEXT_ENTRY 2
5388 +#define SMB_ACL_TYPE_ACCESS 0
5389 +#define SMB_ACL_TYPE_DEFAULT 1
5391 +#else /* No ACLs. */
5393 +/* No ACLS - fake it. */
5394 +#define SMB_ACL_TAG_T int
5395 +#define SMB_ACL_TYPE_T int
5396 +#define SMB_ACL_PERMSET_T mode_t
5397 +#define SMB_ACL_PERM_T mode_t
5398 +#define SMB_ACL_READ S_IRUSR
5399 +#define SMB_ACL_WRITE S_IWUSR
5400 +#define SMB_ACL_EXECUTE S_IXUSR
5402 +/* Types of ACLs. */
5403 +#define SMB_ACL_USER 0
5404 +#define SMB_ACL_USER_OBJ 1
5405 +#define SMB_ACL_GROUP 2
5406 +#define SMB_ACL_GROUP_OBJ 3
5407 +#define SMB_ACL_OTHER 4
5408 +#define SMB_ACL_MASK 5
5410 +typedef struct SMB_ACL_T {
5414 +typedef struct SMB_ACL_ENTRY_T {
5416 +} *SMB_ACL_ENTRY_T;
5418 +#define SMB_ACL_FIRST_ENTRY 0
5419 +#define SMB_ACL_NEXT_ENTRY 1
5421 +#define SMB_ACL_TYPE_ACCESS 0
5422 +#define SMB_ACL_TYPE_DEFAULT 1
5424 +#endif /* No ACLs. */
5425 +#endif /* _SMB_ACLS_H */
5426 --- old/testsuite/default-acls.test
5427 +++ new/testsuite/default-acls.test
5431 +# This program is distributable under the terms of the GNU GPL see
5434 +# Test that rsync obeys default ACLs. -- Matt McCutchen
5436 +. $srcdir/testsuite/rsync.fns
5438 +$RSYNC --version | grep ", ACLs" >/dev/null || test_skipped "Rsync is configured without ACL support"
5439 +case "$setfacl_nodef" in
5440 +*-k*) opts='-dm u::7,g::5,o:5' ;;
5441 +*) opts='-m d:u::7,d:g::5,d:o:5' ;;
5443 +setfacl $opts "$scratchdir" || test_skipped "Your filesystem has ACLs disabled"
5445 +# Call as: testit <dirname> <default-acl> <file-expected> <program-expected>
5447 + todir="$scratchdir/$1"
5449 + $setfacl_nodef "$todir"
5451 + case "$setfacl_nodef" in
5452 + *-k*) opts="-dm $2" ;;
5453 + *) opts="-m `echo $2 | sed 's/\([ugom]:\)/d:\1/g'`"
5455 + setfacl $opts "$todir"
5457 + # Make sure we obey ACLs when creating a directory to hold multiple transferred files,
5458 + # even though the directory itself is outside the transfer
5459 + $RSYNC -rvv "$scratchdir/dir" "$scratchdir/file" "$scratchdir/program" "$todir/to/"
5460 + check_perms "$todir/to" $4 "Target $1"
5461 + check_perms "$todir/to/dir" $4 "Target $1"
5462 + check_perms "$todir/to/file" $3 "Target $1"
5463 + check_perms "$todir/to/program" $4 "Target $1"
5464 + # Make sure get_local_name doesn't mess us up when transferring only one file
5465 + $RSYNC -rvv "$scratchdir/file" "$todir/to/anotherfile"
5466 + check_perms "$todir/to/anotherfile" $3 "Target $1"
5467 + # Make sure we obey default ACLs when not transferring a regular file
5468 + $RSYNC -rvv "$scratchdir/dir/" "$todir/to/anotherdir/"
5469 + check_perms "$todir/to/anotherdir" $4 "Target $1"
5472 +mkdir "$scratchdir/dir"
5473 +echo "File!" >"$scratchdir/file"
5474 +echo "#!/bin/sh" >"$scratchdir/program"
5475 +chmod 777 "$scratchdir/dir"
5476 +chmod 666 "$scratchdir/file"
5477 +chmod 777 "$scratchdir/program"
5479 +# Test some target directories
5481 +testit da777 u::7,g::7,o:7 rw-rw-rw- rwxrwxrwx
5482 +testit da775 u::7,g::7,o:5 rw-rw-r-- rwxrwxr-x
5483 +testit da750 u::7,g::5,o:0 rw-r----- rwxr-x---
5484 +testit da770mask u::7,u:0:7,g::0,m:7,o:0 rw-rw---- rwxrwx---
5485 +testit noda1 '' rw------- rwx------
5487 +testit noda2 '' rw-rw-rw- rwxrwxrwx
5489 +testit noda3 '' rw-r--r-- rwxr-xr-x
5497 extern int preserve_uid;
5498 extern int preserve_gid;
5499 +extern int preserve_acls;
5500 extern int numeric_ids;
5503 @@ -274,7 +275,7 @@ void send_uid_list(int f)
5507 - if (preserve_uid) {
5508 + if (preserve_uid || preserve_acls) {
5510 /* we send sequences of uid/byte-length/name */
5511 for (list = uidlist; list; list = list->next) {
5512 @@ -291,7 +292,7 @@ void send_uid_list(int f)
5516 - if (preserve_gid) {
5517 + if (preserve_gid || preserve_acls) {
5519 for (list = gidlist; list; list = list->next) {
5521 @@ -312,7 +313,7 @@ void recv_uid_list(int f, struct file_li
5525 - if (preserve_uid && !numeric_ids) {
5526 + if ((preserve_uid || preserve_acls) && !numeric_ids) {
5527 /* read the uid list */
5528 while ((id = read_int(f)) != 0) {
5529 int len = read_byte(f);
5530 @@ -324,7 +325,7 @@ void recv_uid_list(int f, struct file_li
5534 - if (preserve_gid && !numeric_ids) {
5535 + if ((preserve_gid || preserve_acls) && !numeric_ids) {
5536 /* read the gid list */
5537 while ((id = read_int(f)) != 0) {
5538 int len = read_byte(f);
5539 @@ -336,6 +337,16 @@ void recv_uid_list(int f, struct file_li
5543 +#ifdef SUPPORT_ACLS
5544 + if (preserve_acls && !numeric_ids) {
5546 + while ((id = next_acl_uid(flist)) != NULL)
5547 + *id = match_uid(*id);
5548 + while ((id = next_acl_gid(flist)) != NULL)
5549 + *id = match_gid(*id);
5553 /* Now convert all the uids/gids from sender values to our values. */
5554 if (am_root && preserve_uid && !numeric_ids) {
5555 for (i = 0; i < flist->count; i++)