1 After applying this patch, run these commands for a successful build:
4 ./configure --enable-acl-support
7 See the --acls (-A) option in the revised man page for a note on using this
8 latest ACL-enabling patch to send files to an older ACL-enabled rsync.
12 - The -i option does not yet itemize changes in ACL information.
14 - The --link-dest option might link together two files that differ just
15 in their ACL info, and if that happens the file in the --link-dest dir
16 would get its ACLs updated.
20 @@ -25,15 +25,15 @@ VERSION=@VERSION@
24 -HEADERS=byteorder.h config.h errcode.h proto.h rsync.h lib/pool_alloc.h
25 +HEADERS=byteorder.h config.h errcode.h proto.h rsync.h smb_acls.h lib/pool_alloc.h
26 LIBOBJ=lib/wildmatch.o lib/compat.o lib/snprintf.o lib/mdfour.o \
27 - lib/permstring.o lib/pool_alloc.o @LIBOBJS@
28 + lib/permstring.o lib/pool_alloc.o lib/sysacls.o @LIBOBJS@
29 ZLIBOBJ=zlib/deflate.o zlib/inffast.o zlib/inflate.o zlib/inftrees.o \
30 zlib/trees.o zlib/zutil.o zlib/adler32.o zlib/compress.o zlib/crc32.o
31 OBJS1=rsync.o generator.o receiver.o cleanup.o sender.o exclude.o util.o \
32 main.o checksum.o match.o syscall.o log.o backup.o
33 OBJS2=options.o flist.o io.o compat.o hlink.o token.o uidlist.o socket.o \
34 - fileio.o batch.o clientname.o chmod.o
35 + fileio.o batch.o clientname.o chmod.o acls.o
36 OBJS3=progress.o pipe.o
37 DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o
38 popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \
42 +/* -*- c-file-style: "linux" -*-
43 + Copyright (C) Andrew Tridgell 1996
44 + Copyright (C) Paul Mackerras 1996
45 + Copyright (C) Matt McCutchen 2006
46 + Copyright (C) Wayne Davison 2006
48 + This program is free software; you can redistribute it and/or modify
49 + it under the terms of the GNU General Public License as published by
50 + the Free Software Foundation; either version 2 of the License, or
51 + (at your option) any later version.
53 + This program is distributed in the hope that it will be useful,
54 + but WITHOUT ANY WARRANTY; without even the implied warranty of
55 + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
56 + GNU General Public License for more details.
58 + You should have received a copy of the GNU General Public License
59 + along with this program; if not, write to the Free Software
60 + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
63 +/* handle passing ACLs between systems */
66 +#include "lib/sysacls.h"
72 +extern int orig_umask;
73 +extern int preserve_acls;
86 +#define ACL_NO_ENTRY ((uchar)0x80)
90 + /* These will be ACL_NO_ENTRY if there's no such entry. */
97 +static const rsync_acl rsync_acl_initializer = {
98 + {0, 0, NULL}, {0, 0, NULL},
99 + ACL_NO_ENTRY, ACL_NO_ENTRY, ACL_NO_ENTRY, ACL_NO_ENTRY
102 +#define OTHER_TYPE(t) (SMB_ACL_TYPE_ACCESS+SMB_ACL_TYPE_DEFAULT-(t))
103 +#define BUMP_TYPE(t) ((t = OTHER_TYPE(t)) == SMB_ACL_TYPE_DEFAULT)
105 +/* a few useful calculations */
107 +static int count_racl_entries(const rsync_acl *racl)
109 + return racl->users.count + racl->groups.count
110 + + (racl->user_obj != ACL_NO_ENTRY)
111 + + (racl->group_obj != ACL_NO_ENTRY)
112 + + (racl->mask != ACL_NO_ENTRY)
113 + + (racl->other != ACL_NO_ENTRY);
116 +static int calc_sacl_entries(const rsync_acl *racl)
118 + return racl->users.count + racl->groups.count
119 +#ifdef ACLS_NEED_MASK
122 + + (racl->mask != ACL_NO_ENTRY) + 3;
126 +static int rsync_acl_get_perms(const rsync_acl *racl)
128 + /* Note that (ACL_NO_ENTRY & 7) is 0. */
129 + return ((racl->user_obj & 7) << 6)
130 + + (((racl->mask != ACL_NO_ENTRY ? racl->mask : racl->group_obj) & 7) << 3)
131 + + (racl->other & 7);
134 +static void rsync_acl_strip_perms(rsync_acl *racl)
136 + racl->user_obj = ACL_NO_ENTRY;
137 + if (racl->mask == ACL_NO_ENTRY)
138 + racl->group_obj = ACL_NO_ENTRY;
140 + racl->mask = ACL_NO_ENTRY;
141 + racl->other = ACL_NO_ENTRY;
144 +static void expand_ida_list(ida_list *idal)
146 + /* First time through, 0 <= 0, so list is expanded. */
147 + if (idal->malloced <= idal->count) {
148 + id_access *new_ptr;
149 + size_t new_size = idal->malloced + 10;
150 + new_ptr = realloc_array(idal->idas, id_access, new_size);
151 + if (verbose >= 4) {
152 + rprintf(FINFO, "expand rsync_acl to %.0f bytes, did%s move\n",
153 + (double) new_size * sizeof idal->idas[0],
154 + idal->idas ? "" : " not");
157 + idal->idas = new_ptr;
158 + idal->malloced = new_size;
161 + out_of_memory("expand_ida_list");
165 +static void ida_list_free(ida_list *idal)
170 + idal->malloced = 0;
173 +static void rsync_acl_free(rsync_acl *racl)
175 + ida_list_free(&racl->users);
176 + ida_list_free(&racl->groups);
179 +static int id_access_sorter(const void *r1, const void *r2)
181 + id_access *ida1 = (id_access *)r1;
182 + id_access *ida2 = (id_access *)r2;
183 + id_t rid1 = ida1->id, rid2 = ida2->id;
184 + return rid1 == rid2 ? 0 : rid1 < rid2 ? -1 : 1;
187 +static void sort_ida_list(ida_list *idal)
191 + qsort((void **)idal->idas, idal->count, sizeof idal->idas[0],
192 + &id_access_sorter);
195 +static BOOL unpack_smb_acl(rsync_acl *racl, SMB_ACL_T sacl)
197 + SMB_ACL_ENTRY_T entry;
198 + const char *errfun;
201 + *racl = rsync_acl_initializer;
202 + errfun = "sys_acl_get_entry";
203 + for (rc = sys_acl_get_entry(sacl, SMB_ACL_FIRST_ENTRY, &entry);
205 + rc = sys_acl_get_entry(sacl, SMB_ACL_NEXT_ENTRY, &entry)) {
206 + SMB_ACL_TAG_T tag_type;
207 + SMB_ACL_PERMSET_T permset;
212 + if ((rc = sys_acl_get_tag_type(entry, &tag_type))) {
213 + errfun = "sys_acl_get_tag_type";
216 + if ((rc = sys_acl_get_permset(entry, &permset))) {
217 + errfun = "sys_acl_get_tag_type";
220 + access = (sys_acl_get_perm(permset, SMB_ACL_READ) ? 4 : 0)
221 + | (sys_acl_get_perm(permset, SMB_ACL_WRITE) ? 2 : 0)
222 + | (sys_acl_get_perm(permset, SMB_ACL_EXECUTE) ? 1 : 0);
223 + /* continue == done with entry; break == store in given idal */
224 + switch (tag_type) {
225 + case SMB_ACL_USER_OBJ:
226 + if (racl->user_obj == ACL_NO_ENTRY)
227 + racl->user_obj = access;
229 + rprintf(FINFO, "unpack_smb_acl: warning: duplicate USER_OBJ entry ignored\n");
232 + idal = &racl->users;
234 + case SMB_ACL_GROUP_OBJ:
235 + if (racl->group_obj == ACL_NO_ENTRY)
236 + racl->group_obj = access;
238 + rprintf(FINFO, "unpack_smb_acl: warning: duplicate GROUP_OBJ entry ignored\n");
240 + case SMB_ACL_GROUP:
241 + idal = &racl->groups;
244 + if (racl->mask == ACL_NO_ENTRY)
245 + racl->mask = access;
247 + rprintf(FINFO, "unpack_smb_acl: warning: duplicate MASK entry ignored\n");
249 + case SMB_ACL_OTHER:
250 + if (racl->other == ACL_NO_ENTRY)
251 + racl->other = access;
253 + rprintf(FINFO, "unpack_smb_acl: warning: duplicate OTHER entry ignored\n");
256 + rprintf(FINFO, "unpack_smb_acl: warning: entry with unrecognized tag type ignored\n");
259 + if (!(qualifier = sys_acl_get_qualifier(entry))) {
260 + errfun = "sys_acl_get_tag_type";
264 + expand_ida_list(idal);
265 + ida = &idal->idas[idal->count++];
266 + ida->id = *((id_t *)qualifier);
267 + ida->access = access;
268 + sys_acl_free_qualifier(qualifier, tag_type);
271 + rprintf(FERROR, "unpack_smb_acl: %s(): %s\n",
272 + errfun, strerror(errno));
273 + rsync_acl_free(racl);
277 + sort_ida_list(&racl->users);
278 + sort_ida_list(&racl->groups);
283 +static BOOL ida_lists_equal(const ida_list *ial1, const ida_list *ial2)
285 + id_access *ida1, *ida2;
286 + size_t count = ial1->count;
287 + if (count != ial2->count)
291 + for (; count--; ida1++, ida2++) {
292 + if (ida1->access != ida2->access || ida1->id != ida2->id)
298 +static BOOL rsync_acls_equal(const rsync_acl *racl1, const rsync_acl *racl2)
300 + return (racl1->user_obj == racl2->user_obj
301 + && racl1->group_obj == racl2->group_obj
302 + && racl1->mask == racl2->mask
303 + && racl1->other == racl2->other
304 + && ida_lists_equal(&racl1->users, &racl2->users)
305 + && ida_lists_equal(&racl1->groups, &racl2->groups));
308 +static BOOL rsync_acl_extended_parts_equal(const rsync_acl *racl1, const rsync_acl *racl2)
310 + /* We ignore any differences that chmod() can take care of. */
311 + if ((racl1->mask ^ racl2->mask) & ACL_NO_ENTRY)
313 + if (racl1->mask != ACL_NO_ENTRY && racl1->group_obj != racl2->group_obj)
315 + return ida_lists_equal(&racl1->users, &racl2->users)
316 + && ida_lists_equal(&racl1->groups, &racl2->groups);
325 +static rsync_acl_list _rsync_acl_lists[] = {
326 + { 0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */
327 + { 0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */
330 +static inline rsync_acl_list *rsync_acl_lists(SMB_ACL_TYPE_T type)
332 + return &_rsync_acl_lists[type != SMB_ACL_TYPE_ACCESS];
335 +static void expand_rsync_acl_list(rsync_acl_list *racl_list)
337 + /* First time through, 0 <= 0, so list is expanded. */
338 + if (racl_list->malloced <= racl_list->count) {
339 + rsync_acl *new_ptr;
341 + if (racl_list->malloced < 1000)
342 + new_size = racl_list->malloced + 1000;
344 + new_size = racl_list->malloced * 2;
345 + new_ptr = realloc_array(racl_list->racls, rsync_acl, new_size);
346 + if (verbose >= 3) {
347 + rprintf(FINFO, "expand_rsync_acl_list to %.0f bytes, did%s move\n",
348 + (double) new_size * sizeof racl_list->racls[0],
349 + racl_list->racls ? "" : " not");
352 + racl_list->racls = new_ptr;
353 + racl_list->malloced = new_size;
355 + if (!racl_list->racls)
356 + out_of_memory("expand_rsync_acl_list");
360 +static int find_matching_rsync_acl(SMB_ACL_TYPE_T type,
361 + const rsync_acl_list *racl_list,
362 + const rsync_acl *racl)
364 + static int access_match = -1, default_match = -1;
365 + int *match = type == SMB_ACL_TYPE_ACCESS ? &access_match : &default_match;
366 + size_t count = racl_list->count;
368 + /* If this is the first time through or we didn't match the last
369 + * time, then start at the end of the list, which should be the
370 + * best place to start hunting. */
372 + *match = racl_list->count - 1;
374 + if (rsync_acls_equal(&racl_list->racls[*match], racl))
377 + *match = racl_list->count - 1;
384 +/* The general strategy with the tag_type <-> character mapping is that
385 + * lowercase implies that no qualifier follows, where uppercase does.
386 + * A similar idiom for the acl type (access or default) itself, but
387 + * lowercase in this instance means there's no ACL following, so the
388 + * ACL is a repeat, so the receiver should reuse the last of the same
390 +static void send_ida_list(int f, const ida_list *idal, char tag_char)
393 + size_t count = idal->count;
394 + for (ida = idal->idas; count--; ida++) {
395 + write_byte(f, tag_char);
396 + write_byte(f, ida->access);
397 + write_int(f, ida->id);
398 + /* FIXME: sorta wasteful: we should maybe buffer as
399 + * many ids as max(ACL_USER + ACL_GROUP) objects to
400 + * keep from making so many calls. */
401 + if (tag_char == 'U')
408 +static void send_rsync_acl(int f, const rsync_acl *racl)
410 + size_t count = count_racl_entries(racl);
411 + write_int(f, count);
412 + if (racl->user_obj != ACL_NO_ENTRY) {
413 + write_byte(f, 'u');
414 + write_byte(f, racl->user_obj);
416 + send_ida_list(f, &racl->users, 'U');
417 + if (racl->group_obj != ACL_NO_ENTRY) {
418 + write_byte(f, 'g');
419 + write_byte(f, racl->group_obj);
421 + send_ida_list(f, &racl->groups, 'G');
422 + if (racl->mask != ACL_NO_ENTRY) {
423 + write_byte(f, 'm');
424 + write_byte(f, racl->mask);
426 + if (racl->other != ACL_NO_ENTRY) {
427 + write_byte(f, 'o');
428 + write_byte(f, racl->other);
432 +static rsync_acl _curr_rsync_acls[2];
434 +static const char *str_acl_type(SMB_ACL_TYPE_T type)
436 + return type == SMB_ACL_TYPE_ACCESS ? "SMB_ACL_TYPE_ACCESS"
437 + : type == SMB_ACL_TYPE_DEFAULT ? "SMB_ACL_TYPE_DEFAULT"
438 + : "unknown SMB_ACL_TYPE_T";
441 +/* Generate the ACL(s) for this flist entry;
442 + * ACL(s) are either sent or cleaned-up by send_acl() below. */
443 +int make_acl(const struct file_struct *file, const char *fname)
445 + SMB_ACL_TYPE_T type;
446 + rsync_acl *curr_racl;
448 + if (S_ISLNK(file->mode))
451 + curr_racl = &_curr_rsync_acls[0];
452 + type = SMB_ACL_TYPE_ACCESS;
456 + if ((sacl = sys_acl_get_file(fname, type)) != 0) {
457 + ok = unpack_smb_acl(curr_racl, sacl);
458 + sys_acl_free_acl(sacl);
461 + /* Avoid sending a redundant group/mask value. */
462 + if (curr_racl->group_obj == curr_racl->mask
463 + && (preserve_acls == 1
464 + || (!curr_racl->users.count
465 + && !curr_racl->groups.count)))
466 + curr_racl->mask = ACL_NO_ENTRY;
467 + /* Strip access ACLs of permission-bit entries. */
468 + if (type == SMB_ACL_TYPE_ACCESS && preserve_acls == 1)
469 + rsync_acl_strip_perms(curr_racl);
470 + } else if (errno == ENOTSUP) {
471 + /* ACLs are not supported. Leave list empty. */
472 + *curr_racl = rsync_acl_initializer;
474 + rprintf(FERROR, "send_acl: sys_acl_get_file(%s, %s): %s\n",
475 + fname, str_acl_type(type), strerror(errno));
479 + } while (BUMP_TYPE(type) && S_ISDIR(file->mode));
484 +/* Send the make_acl()-generated ACLs for this flist entry,
485 + * or clean up after an flist entry that's not being sent (f == -1). */
486 +void send_acl(const struct file_struct *file, int f)
488 + SMB_ACL_TYPE_T type;
489 + rsync_acl *curr_racl;
491 + if (S_ISLNK(file->mode))
494 + curr_racl = &_curr_rsync_acls[0];
495 + type = SMB_ACL_TYPE_ACCESS;
498 + rsync_acl_list *racl_list = rsync_acl_lists(type);
500 + rsync_acl_free(curr_racl);
503 + if ((index = find_matching_rsync_acl(type, racl_list, curr_racl))
505 + write_byte(f, type == SMB_ACL_TYPE_ACCESS ? 'a' : 'd');
506 + write_int(f, index);
507 + rsync_acl_free(curr_racl);
509 + write_byte(f, type == SMB_ACL_TYPE_ACCESS ? 'A' : 'D');
510 + send_rsync_acl(f, curr_racl);
511 + expand_rsync_acl_list(racl_list);
512 + racl_list->racls[racl_list->count++] = *curr_racl;
515 + } while (BUMP_TYPE(type) && S_ISDIR(file->mode));
518 +/* The below stuff is only used by the receiver: */
520 +/* structure to hold index to rsync_acl_list member corresponding to
521 + * flist->files[i] */
524 + const struct file_struct *file;
531 + file_acl_index *fais;
532 +} file_acl_index_list;
534 +static file_acl_index_list _file_acl_index_lists[] = {
535 + {0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */
536 + {0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */
539 +static inline file_acl_index_list *file_acl_index_lists(SMB_ACL_TYPE_T type)
541 + return &_file_acl_index_lists[type != SMB_ACL_TYPE_ACCESS];
544 +static void expand_file_acl_index_list(file_acl_index_list *flst)
546 + /* First time through, 0 <= 0, so list is expanded. */
547 + if (flst->malloced <= flst->count) {
548 + file_acl_index *new_ptr;
551 + if (flst->malloced < 1000)
552 + new_size = flst->malloced + 1000;
554 + new_size = flst->malloced * 2;
555 + new_ptr = realloc_array(flst->fais, file_acl_index, new_size);
556 + if (verbose >= 3) {
557 + rprintf(FINFO, "expand_file_acl_index_list to %.0f bytes, did%s move\n",
558 + (double) new_size * sizeof flst->fais[0],
559 + flst->fais ? "" : " not");
562 + flst->fais = new_ptr;
563 + flst->malloced = new_size;
566 + out_of_memory("expand_file_acl_index_list");
570 +/* lists to hold the SMB_ACL_Ts corresponding to the rsync_acl_list entries */
578 +static smb_acl_list _smb_acl_lists[] = {
579 + { 0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */
580 + { 0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */
583 +static inline smb_acl_list *smb_acl_lists(SMB_ACL_TYPE_T type)
585 + return &_smb_acl_lists[type != SMB_ACL_TYPE_ACCESS];
588 +static void expand_smb_acl_list(smb_acl_list *sacl_list)
590 + /* First time through, 0 <= 0, so list is expanded. */
591 + if (sacl_list->malloced <= sacl_list->count) {
592 + SMB_ACL_T *new_ptr;
594 + if (sacl_list->malloced < 1000)
595 + new_size = sacl_list->malloced + 1000;
597 + new_size = sacl_list->malloced * 2;
598 + new_ptr = realloc_array(sacl_list->sacls, SMB_ACL_T, new_size);
599 + if (verbose >= 3) {
600 + rprintf(FINFO, "expand_smb_acl_list to %.0f bytes, did%s move\n",
601 + (double) new_size * sizeof sacl_list->sacls[0],
602 + sacl_list->sacls ? "" : " not");
605 + sacl_list->sacls = new_ptr;
606 + sacl_list->malloced = new_size;
608 + if (!sacl_list->sacls)
609 + out_of_memory("expand_smb_acl_list");
613 +#define CALL_OR_ERROR(func,args,str) \
621 +#define COE(func,args) CALL_OR_ERROR(func,args,#func)
622 +#define COE2(func,args) CALL_OR_ERROR(func,args,NULL)
624 +static int store_access_in_entry(uchar access, SMB_ACL_ENTRY_T entry)
626 + const char *errfun = NULL;
627 + SMB_ACL_PERMSET_T permset;
629 + COE( sys_acl_get_permset,(entry, &permset) );
630 + COE( sys_acl_clear_perms,(permset) );
632 + COE( sys_acl_add_perm,(permset, SMB_ACL_READ) );
634 + COE( sys_acl_add_perm,(permset, SMB_ACL_WRITE) );
636 + COE( sys_acl_add_perm,(permset, SMB_ACL_EXECUTE) );
637 + COE( sys_acl_set_permset,(entry, permset) );
642 + rprintf(FERROR, "store_access_in_entry %s(): %s\n", errfun,
647 +/* build an SMB_ACL_T corresponding to an rsync_acl */
648 +static BOOL pack_smb_acl(SMB_ACL_T *smb_acl, const rsync_acl *racl)
652 + const char *errfun = NULL;
653 + SMB_ACL_ENTRY_T entry;
655 + if (!(*smb_acl = sys_acl_init(calc_sacl_entries(racl)))) {
656 + rprintf(FERROR, "pack_smb_acl: sys_acl_init(): %s\n",
661 + COE( sys_acl_create_entry,(smb_acl, &entry) );
662 + COE( sys_acl_set_tag_type,(entry, SMB_ACL_USER_OBJ) );
663 + COE2( store_access_in_entry,(racl->user_obj & 7, entry) );
665 + for (ida = racl->users.idas, count = racl->users.count;
667 + COE( sys_acl_create_entry,(smb_acl, &entry) );
668 + COE( sys_acl_set_tag_type,(entry, SMB_ACL_USER) );
669 + COE( sys_acl_set_qualifier,(entry, (void*)&ida->id) );
670 + COE2( store_access_in_entry,(ida->access, entry) );
673 + COE( sys_acl_create_entry,(smb_acl, &entry) );
674 + COE( sys_acl_set_tag_type,(entry, SMB_ACL_GROUP_OBJ) );
675 + COE2( store_access_in_entry,(racl->group_obj & 7, entry) );
677 + for (ida = racl->groups.idas, count = racl->groups.count;
679 + COE( sys_acl_create_entry,(smb_acl, &entry) );
680 + COE( sys_acl_set_tag_type,(entry, SMB_ACL_GROUP) );
681 + COE( sys_acl_set_qualifier,(entry, (void*)&ida->id) );
682 + COE2( store_access_in_entry,(ida->access, entry) );
684 +#ifndef ACLS_NEED_MASK
685 + if (racl->mask != ACL_NO_ENTRY) {
687 + COE( sys_acl_create_entry,(smb_acl, &entry) );
688 + COE( sys_acl_set_tag_type,(entry, SMB_ACL_MASK) );
689 + COE2( store_access_in_entry,(racl->mask, entry) );
690 +#ifndef ACLS_NEED_MASK
694 + COE( sys_acl_create_entry,(smb_acl, &entry) );
695 + COE( sys_acl_set_tag_type,(entry, SMB_ACL_OTHER) );
696 + COE2( store_access_in_entry,(racl->other & 7, entry) );
699 + if (sys_acl_valid(*smb_acl) < 0)
700 + rprintf(FINFO, "pack_smb_acl: warning: system says the ACL I packed is invalid\n");
707 + rprintf(FERROR, "pack_smb_acl %s(): %s\n", errfun,
710 + sys_acl_free_acl(*smb_acl);
714 +static mode_t change_sacl_perms(SMB_ACL_T sacl, rsync_acl *racl, mode_t old_mode, mode_t mode)
716 + SMB_ACL_ENTRY_T entry;
717 + const char *errfun;
720 + if (S_ISDIR(mode)) {
721 + /* If the sticky bit is going on, it's not safe to allow all
722 + * the new ACLs to go into effect before it gets set. */
723 +#ifdef SMB_ACL_LOSES_SPECIAL_MODE_BITS
724 + if (mode & S_ISVTX)
727 + if (mode & S_ISVTX && !(old_mode & S_ISVTX))
730 + /* If setuid or setgid is going off, it's not safe to allow all
731 + * the new ACLs to go into effect before they get cleared. */
732 + if ((old_mode & S_ISUID && !(mode & S_ISUID))
733 + || (old_mode & S_ISGID && !(mode & S_ISGID)))
738 + errfun = "sys_acl_get_entry";
739 + for (rc = sys_acl_get_entry(sacl, SMB_ACL_FIRST_ENTRY, &entry);
741 + rc = sys_acl_get_entry(sacl, SMB_ACL_NEXT_ENTRY, &entry)) {
742 + SMB_ACL_TAG_T tag_type;
743 + if ((rc = sys_acl_get_tag_type(entry, &tag_type))) {
744 + errfun = "sys_acl_get_tag_type";
747 + switch (tag_type) {
748 + case SMB_ACL_USER_OBJ:
749 + COE2( store_access_in_entry,((mode >> 6) & 7, entry) );
751 + case SMB_ACL_GROUP_OBJ:
752 + /* group is only empty when identical to group perms. */
753 + if (racl->group_obj != ACL_NO_ENTRY)
755 + COE2( store_access_in_entry,((mode >> 3) & 7, entry) );
758 +#ifndef ACLS_NEED_MASK
759 + /* mask is only empty when we don't need it. */
760 + if (racl->mask == ACL_NO_ENTRY)
763 + COE2( store_access_in_entry,((mode >> 3) & 7, entry) );
765 + case SMB_ACL_OTHER:
766 + COE2( store_access_in_entry,(mode & 7, entry) );
773 + rprintf(FERROR, "change_sacl_perms: %s(): %s\n",
774 + errfun, strerror(errno));
779 +#ifdef SMB_ACL_LOSES_SPECIAL_MODE_BITS
780 + /* Ensure that chmod() will be called to restore any lost setid bits. */
781 + if (old_mode & (S_ISUID | S_ISGID | S_ISVTX)
782 + && (old_mode & CHMOD_BITS) == (mode & CHMOD_BITS))
783 + old_mode &= ~(S_ISUID | S_ISGID | S_ISVTX);
786 + /* Return the mode of the file on disk, as we will set them. */
787 + return (old_mode & ~ACCESSPERMS) | (mode & ACCESSPERMS);
790 +static void receive_rsync_acl(rsync_acl *racl, int f, SMB_ACL_TYPE_T type)
792 + uchar computed_mask_bits = 0;
793 + ida_list *idal = NULL;
797 + *racl = rsync_acl_initializer;
799 + if (!(count = read_int(f)))
803 + char tag = read_byte(f);
804 + uchar access = read_byte(f);
805 + if (access & ~ (4 | 2 | 1)) {
806 + rprintf(FERROR, "receive_rsync_acl: bogus permset %o\n",
808 + exit_cleanup(RERR_STREAMIO);
812 + if (racl->user_obj != ACL_NO_ENTRY) {
813 + rprintf(FERROR, "receive_rsync_acl: error: duplicate USER_OBJ entry\n");
814 + exit_cleanup(RERR_STREAMIO);
816 + racl->user_obj = access;
819 + idal = &racl->users;
822 + if (racl->group_obj != ACL_NO_ENTRY) {
823 + rprintf(FERROR, "receive_rsync_acl: error: duplicate GROUP_OBJ entry\n");
824 + exit_cleanup(RERR_STREAMIO);
826 + racl->group_obj = access;
829 + idal = &racl->groups;
832 + if (racl->mask != ACL_NO_ENTRY) {
833 + rprintf(FERROR, "receive_rsync_acl: error: duplicate MASK entry\n");
834 + exit_cleanup(RERR_STREAMIO);
836 + racl->mask = access;
839 + if (racl->other != ACL_NO_ENTRY) {
840 + rprintf(FERROR, "receive_rsync_acl: error: duplicate OTHER entry\n");
841 + exit_cleanup(RERR_STREAMIO);
843 + racl->other = access;
846 + rprintf(FERROR, "receive_rsync_acl: unknown tag %c\n",
848 + exit_cleanup(RERR_STREAMIO);
850 + expand_ida_list(idal);
851 + ida = &idal->idas[idal->count++];
852 + ida->access = access;
853 + ida->id = read_int(f);
854 + computed_mask_bits |= access;
857 + if (type == SMB_ACL_TYPE_DEFAULT) {
858 + /* Ensure that these are never unset. */
859 + if (racl->user_obj == ACL_NO_ENTRY)
860 + racl->user_obj = 7;
861 + if (racl->group_obj == ACL_NO_ENTRY)
862 + racl->group_obj = 0;
863 + if (racl->other == ACL_NO_ENTRY)
866 +#ifndef ACLS_NEED_MASK
867 + if (!racl->users.count && !racl->groups.count) {
868 + /* If we, a system without ACLS_NEED_MASK, received a
869 + * superfluous mask, throw it away. */
870 + if (racl->mask != ACL_NO_ENTRY) {
871 + /* mask off group perms with it first */
872 + racl->group_obj &= racl->mask | ACL_NO_ENTRY;
873 + racl->mask = ACL_NO_ENTRY;
877 + if (racl->mask == ACL_NO_ENTRY) /* Always non-empty when needed. */
878 + racl->mask = computed_mask_bits | (racl->group_obj & 7);
881 +/* receive and build the rsync_acl_lists */
882 +void receive_acl(struct file_struct *file, int f)
884 + SMB_ACL_TYPE_T type;
887 + if (S_ISLNK(file->mode))
890 + fname = f_name(file, NULL);
891 + type = SMB_ACL_TYPE_ACCESS;
894 + file_acl_index_list *flst = file_acl_index_lists(type);
896 + expand_file_acl_index_list(flst);
898 + tag = read_byte(f);
899 + if (tag == 'A' || tag == 'a') {
900 + if (type != SMB_ACL_TYPE_ACCESS) {
901 + rprintf(FERROR, "receive_acl %s: duplicate access ACL\n",
903 + exit_cleanup(RERR_STREAMIO);
905 + } else if (tag == 'D' || tag == 'd') {
906 + if (type == SMB_ACL_TYPE_ACCESS) {
907 + rprintf(FERROR, "receive_acl %s: expecting access ACL; got default\n",
909 + exit_cleanup(RERR_STREAMIO);
912 + rprintf(FERROR, "receive_acl %s: unknown ACL type tag: %c\n",
914 + exit_cleanup(RERR_STREAMIO);
916 + if (tag == 'A' || tag == 'D') {
918 + rsync_acl_list *racl_list = rsync_acl_lists(type);
919 + smb_acl_list *sacl_list = smb_acl_lists(type);
920 + flst->fais[flst->count].aclidx = racl_list->count;
921 + flst->fais[flst->count++].file = file;
922 + receive_rsync_acl(&racl, f, type);
923 + expand_rsync_acl_list(racl_list);
924 + racl_list->racls[racl_list->count++] = racl;
925 + expand_smb_acl_list(sacl_list);
926 + sacl_list->sacls[sacl_list->count++] = NULL;
928 + int index = read_int(f);
929 + rsync_acl_list *racl_list = rsync_acl_lists(type);
930 + if ((size_t) index >= racl_list->count) {
931 + rprintf(FERROR, "receive_acl %s: %s ACL index %d out of range\n",
933 + str_acl_type(type),
935 + exit_cleanup(RERR_STREAMIO);
937 + flst->fais[flst->count].aclidx = index;
938 + flst->fais[flst->count++].file = file;
940 + } while (BUMP_TYPE(type) && S_ISDIR(file->mode));
943 +static int file_acl_index_list_sorter(const void *f1, const void *f2)
945 + const file_acl_index *fileaclidx1 = (const file_acl_index *)f1;
946 + const file_acl_index *fileaclidx2 = (const file_acl_index *)f2;
947 + return fileaclidx1->file == fileaclidx2->file ? 0
948 + : fileaclidx1->file < fileaclidx2->file ? -1 : 1;
951 +void sort_file_acl_index_lists()
953 + SMB_ACL_TYPE_T type;
955 + type = SMB_ACL_TYPE_ACCESS;
957 + file_acl_index_list *flst = file_acl_index_lists(type);
962 + qsort(flst->fais, flst->count, sizeof flst->fais[0],
963 + &file_acl_index_list_sorter);
964 + } while (BUMP_TYPE(type));
967 +static int find_file_acl_index(const file_acl_index_list *flst,
968 + const struct file_struct *file)
970 + int low = 0, high = flst->count;
971 + const struct file_struct *file_mid;
976 + int mid = (high + low) / 2;
977 + file_mid = flst->fais[mid].file;
978 + if (file_mid == file)
979 + return flst->fais[mid].aclidx;
980 + if (file_mid > file)
984 + } while (low < high);
986 + file_mid = flst->fais[low].file;
987 + if (file_mid == file)
988 + return flst->fais[low].aclidx;
991 + "find_file_acl_index: can't find entry for file in list\n");
992 + exit_cleanup(RERR_STREAMIO);
996 +/* for duplicating ACLs on backups when using backup_dir */
997 +int dup_acl(const char *orig, const char *bak, mode_t mode)
999 + SMB_ACL_TYPE_T type;
1002 + type = SMB_ACL_TYPE_ACCESS;
1004 + SMB_ACL_T sacl_orig, sacl_bak;
1005 + rsync_acl racl_orig, racl_bak;
1006 + if (!(sacl_orig = sys_acl_get_file(orig, type))) {
1007 + rprintf(FERROR, "dup_acl: sys_acl_get_file(%s, %s): %s\n",
1008 + orig, str_acl_type(type), strerror(errno));
1012 + if (!(sacl_bak = sys_acl_get_file(orig, type))) {
1013 + rprintf(FERROR, "dup_acl: sys_acl_get_file(%s, %s): %s. ignoring\n",
1014 + bak, str_acl_type(type), strerror(errno));
1016 + /* try to forge on through */
1018 + if (!unpack_smb_acl(&racl_orig, sacl_orig)) {
1020 + goto out_with_sacls;
1023 + if (!unpack_smb_acl(&racl_bak, sacl_bak)) {
1025 + goto out_with_one_racl;
1027 + if (rsync_acls_equal(&racl_orig, &racl_bak))
1028 + goto out_with_all;
1030 + ; /* presume they're unequal */
1032 + if (type == SMB_ACL_TYPE_DEFAULT
1033 + && racl_orig.user_obj == ACL_NO_ENTRY) {
1034 + if (sys_acl_delete_def_file(bak) < 0) {
1035 + rprintf(FERROR, "dup_acl: sys_acl_delete_def_file(%s): %s\n",
1036 + bak, strerror(errno));
1039 + } else if (sys_acl_set_file(bak, type, sacl_bak) < 0) {
1040 + rprintf(FERROR, "dup_acl: sys_acl_set_file(%s, %s): %s\n",
1041 + bak, str_acl_type(type), strerror(errno));
1046 + rsync_acl_free(&racl_bak);
1047 + out_with_one_racl:
1048 + rsync_acl_free(&racl_orig);
1051 + sys_acl_free_acl(sacl_bak);
1052 + /* out_with_one_sacl: */
1054 + sys_acl_free_acl(sacl_orig);
1055 + } while (BUMP_TYPE(type) && S_ISDIR(mode));
1060 +/* Stuff for redirecting calls to set_acl() from set_file_attrs()
1061 + * for keep_backup(). */
1062 +static const struct file_struct *backup_orig_file = NULL;
1063 +static const char null_string[] = "";
1064 +static const char *backup_orig_fname = null_string;
1065 +static const char *backup_dest_fname = null_string;
1066 +static SMB_ACL_T _backup_sacl[] = { NULL, NULL };
1068 +void push_keep_backup_acl(const struct file_struct *file,
1069 + const char *orig, const char *dest)
1071 + SMB_ACL_TYPE_T type;
1074 + backup_orig_file = file;
1075 + backup_orig_fname = orig;
1076 + backup_dest_fname = dest;
1078 + sacl = &_backup_sacl[0];
1079 + type = SMB_ACL_TYPE_ACCESS;
1081 + if (type == SMB_ACL_TYPE_DEFAULT && !S_ISDIR(file->mode)) {
1085 + if (!(*sacl = sys_acl_get_file(orig, type))) {
1087 + "push_keep_backup_acl: sys_acl_get_file(%s, %s): %s\n",
1088 + orig, str_acl_type(type),
1091 + } while (BUMP_TYPE(type));
1094 +static int set_keep_backup_acl()
1096 + SMB_ACL_TYPE_T type;
1100 + sacl = &_backup_sacl[0];
1101 + type = SMB_ACL_TYPE_ACCESS;
1104 + && sys_acl_set_file(backup_dest_fname, type, *sacl) < 0) {
1106 + "push_keep_backup_acl: sys_acl_get_file(%s, %s): %s\n",
1107 + backup_dest_fname,
1108 + str_acl_type(type),
1112 + } while (BUMP_TYPE(type));
1117 +void cleanup_keep_backup_acl()
1119 + SMB_ACL_TYPE_T type;
1122 + backup_orig_file = NULL;
1123 + backup_orig_fname = null_string;
1124 + backup_dest_fname = null_string;
1126 + sacl = &_backup_sacl[0];
1127 + type = SMB_ACL_TYPE_ACCESS;
1130 + sys_acl_free_acl(*sacl);
1133 + } while (BUMP_TYPE(type));
1136 +/* set ACL on rsync-ed or keep_backup-ed file
1138 + * This sets extended access ACL entries and default ACLs. If convenient,
1139 + * it sets permission bits along with the access ACLs and signals having
1140 + * done so by modifying mode_p, which should point into the stat buffer.
1142 + * returns: 1 for unchanged, 0 for changed, -1 for failed
1143 + * Pass NULL for mode_p to get the return code without changing anything. */
1144 +int set_acl(const char *fname, const struct file_struct *file, mode_t *mode_p)
1146 + int unchanged = 1;
1147 + SMB_ACL_TYPE_T type;
1149 + if (S_ISLNK(file->mode))
1152 + if (file == backup_orig_file) {
1153 + if (!strcmp(fname, backup_dest_fname))
1154 + return set_keep_backup_acl();
1156 + type = SMB_ACL_TYPE_ACCESS;
1159 + SMB_ACL_T sacl_orig, *sacl_new;
1160 + rsync_acl racl_orig, *racl_new;
1161 + int aclidx = find_file_acl_index(file_acl_index_lists(type), file);
1163 + racl_new = &(rsync_acl_lists(type)->racls[aclidx]);
1164 + sacl_new = &(smb_acl_lists(type)->sacls[aclidx]);
1165 + sacl_orig = sys_acl_get_file(fname, type);
1167 + rprintf(FERROR, "set_acl: sys_acl_get_file(%s, %s): %s\n",
1168 + fname, str_acl_type(type), strerror(errno));
1172 + ok = unpack_smb_acl(&racl_orig, sacl_orig);
1173 + sys_acl_free_acl(sacl_orig);
1178 + if (type == SMB_ACL_TYPE_ACCESS)
1179 + ok = rsync_acl_extended_parts_equal(&racl_orig, racl_new);
1181 + ok = rsync_acls_equal(&racl_orig, racl_new);
1182 + rsync_acl_free(&racl_orig);
1185 + if (!dry_run && mode_p) {
1186 + if (type == SMB_ACL_TYPE_DEFAULT
1187 + && racl_new->user_obj == ACL_NO_ENTRY) {
1188 + if (sys_acl_delete_def_file(fname) < 0) {
1189 + rprintf(FERROR, "set_acl: sys_acl_delete_def_file(%s): %s\n",
1190 + fname, strerror(errno));
1195 + mode_t cur_mode = *mode_p;
1197 + && !pack_smb_acl(sacl_new, racl_new)) {
1201 + if (type == SMB_ACL_TYPE_ACCESS) {
1202 + cur_mode = change_sacl_perms(*sacl_new, racl_new,
1203 + cur_mode, file->mode);
1204 + if (cur_mode == ~0u)
1207 + if (sys_acl_set_file(fname, type, *sacl_new) < 0) {
1208 + rprintf(FERROR, "set_acl: sys_acl_set_file(%s, %s): %s\n",
1209 + fname, str_acl_type(type),
1214 + if (type == SMB_ACL_TYPE_ACCESS)
1215 + *mode_p = cur_mode;
1218 + if (unchanged == 1)
1220 + } while (BUMP_TYPE(type) && S_ISDIR(file->mode));
1225 +/* Enumeration functions for uid mapping: */
1227 +/* Context -- one and only one. Should be cycled through once on uid
1228 + * mapping and once on gid mapping. */
1229 +static rsync_acl_list *_enum_racl_lists[] = {
1230 + &_rsync_acl_lists[0], &_rsync_acl_lists[1], NULL
1233 +static rsync_acl_list **enum_racl_list = &_enum_racl_lists[0];
1234 +static size_t enum_racl_index = 0;
1235 +static size_t enum_ida_index = 0;
1237 +/* This returns the next tag_type id from the given acl for the next entry,
1238 + * or it returns 0 if there are no more tag_type ids in the acl. */
1239 +static id_t *next_ace_id(SMB_ACL_TAG_T tag_type, const rsync_acl *racl)
1241 + const ida_list *idal = tag_type == SMB_ACL_USER ? &racl->users : &racl->groups;
1242 + if (enum_ida_index < idal->count) {
1243 + id_access *ida = &idal->idas[enum_ida_index++];
1246 + enum_ida_index = 0;
1250 +static id_t *next_acl_id(SMB_ACL_TAG_T tag_type, const rsync_acl_list *racl_list)
1252 + for (; enum_racl_index < racl_list->count; enum_racl_index++) {
1253 + rsync_acl *racl = &racl_list->racls[enum_racl_index];
1254 + id_t *id = next_ace_id(tag_type, racl);
1258 + enum_racl_index = 0;
1262 +static id_t *next_acl_list_id(SMB_ACL_TAG_T tag_type)
1264 + for (; *enum_racl_list; enum_racl_list++) {
1265 + id_t *id = next_acl_id(tag_type, *enum_racl_list);
1269 + enum_racl_list = &_enum_racl_lists[0];
1273 +id_t *next_acl_uid()
1275 + return next_acl_list_id(SMB_ACL_USER);
1278 +id_t *next_acl_gid()
1280 + return next_acl_list_id(SMB_ACL_GROUP);
1283 +int default_perms_for_dir(const char *dir)
1292 + perms = ACCESSPERMS & ~orig_umask;
1293 + /* Read the directory's default ACL. If it has none, this will successfully return an empty ACL. */
1294 + sacl = sys_acl_get_file(dir, SMB_ACL_TYPE_DEFAULT);
1295 + if (sacl == NULL) {
1296 + /* Couldn't get an ACL. Darn. */
1299 + /* ACLs are disabled. We could yell at the user to turn them on, but... */
1303 + /* We're doing a dry run, so the containing directory
1304 + * wasn't actually created. Don't worry about it. */
1307 + /* Otherwise fall through. */
1309 + rprintf(FERROR, "default_perms_for_dir: sys_acl_get_file(%s, %s): %s, falling back on umask\n",
1310 + dir, str_acl_type(SMB_ACL_TYPE_DEFAULT), strerror(errno));
1316 + ok = unpack_smb_acl(&racl, sacl);
1317 + sys_acl_free_acl(sacl);
1319 + rprintf(FERROR, "default_perms_for_dir: unpack_smb_acl failed, falling back on umask\n");
1323 + /* Apply the permission-bit entries of the default ACL, if any. */
1324 + if (racl.user_obj != ACL_NO_ENTRY) {
1325 + perms = rsync_acl_get_perms(&racl);
1327 + rprintf(FINFO, "got ACL-based default perms %o for directory %s\n", perms, dir);
1330 + rsync_acl_free(&racl);
1334 +#endif /* SUPPORT_ACLS */
1337 @@ -28,6 +28,7 @@ extern char *backup_suffix;
1338 extern char *backup_dir;
1341 +extern int preserve_acls;
1342 extern int preserve_devices;
1343 extern int preserve_specials;
1344 extern int preserve_links;
1345 @@ -132,6 +133,10 @@ static int make_bak_dir(char *fullpath)
1347 do_lchown(fullpath, st.st_uid, st.st_gid);
1348 do_chmod(fullpath, st.st_mode);
1349 +#ifdef SUPPORT_ACLS
1350 + if (preserve_acls)
1351 + dup_acl(end, fullpath, st.st_mode);
1356 @@ -185,6 +190,11 @@ static int keep_backup(char *fname)
1357 if (!(buf = get_backup_name(fname)))
1360 +#ifdef SUPPORT_ACLS
1361 + if (preserve_acls)
1362 + push_keep_backup_acl(file, fname, buf);
1365 /* Check to see if this is a device file, or link */
1366 if ((am_root && preserve_devices && IS_DEVICE(file->mode))
1367 || (preserve_specials && IS_SPECIAL(file->mode))) {
1368 @@ -260,6 +270,10 @@ static int keep_backup(char *fname)
1371 set_file_attrs(buf, file, NULL, 0);
1372 +#ifdef SUPPORT_ACLS
1373 + if (preserve_acls)
1374 + cleanup_keep_backup_acl();
1379 --- old/configure.in
1380 +++ new/configure.in
1381 @@ -482,6 +482,11 @@ if test x"$ac_cv_func_strcasecmp" = x"no
1382 AC_CHECK_LIB(resolv, strcasecmp)
1385 +AC_CHECK_FUNCS(aclsort)
1386 +if test x"$ac_cv_func_aclsort" = x"no"; then
1387 + AC_CHECK_LIB(sec, aclsort)
1390 dnl At the moment we don't test for a broken memcmp(), because all we
1391 dnl need to do is test for equality, not comparison, and it seems that
1392 dnl every platform has a memcmp that can do at least that.
1393 @@ -738,6 +743,78 @@ AC_SUBST(OBJ_RESTORE)
1394 AC_SUBST(CC_SHOBJ_FLAG)
1395 AC_SUBST(BUILD_POPT)
1397 +AC_CHECK_HEADERS(sys/acl.h)
1398 +AC_CHECK_FUNCS(_acl __acl _facl __facl)
1399 +#################################################
1400 +# check for ACL support
1402 +AC_MSG_CHECKING(whether to support ACLs)
1403 +AC_ARG_ENABLE(acl-support,
1404 +AC_HELP_STRING([--enable-acl-support], [Include ACL support (default=no)]),
1405 +[ case "$enableval" in
1408 + case "$host_os" in
1410 + AC_MSG_RESULT(Using UnixWare ACLs)
1411 + AC_DEFINE(HAVE_UNIXWARE_ACLS, 1, [true if you have UnixWare ACLs])
1413 + *solaris*|*cygwin*)
1414 + AC_MSG_RESULT(Using solaris ACLs)
1415 + AC_DEFINE(HAVE_SOLARIS_ACLS, 1, [true if you have solaris ACLs])
1418 + AC_MSG_RESULT(Using HPUX ACLs)
1419 + AC_DEFINE(HAVE_HPUX_ACLS, 1, [true if you have HPUX ACLs])
1422 + AC_MSG_RESULT(Using IRIX ACLs)
1423 + AC_DEFINE(HAVE_IRIX_ACLS, 1, [true if you have IRIX ACLs])
1426 + AC_MSG_RESULT(Using AIX ACLs)
1427 + AC_DEFINE(HAVE_AIX_ACLS, 1, [true if you have AIX ACLs])
1430 + AC_MSG_RESULT(Using Tru64 ACLs)
1431 + AC_DEFINE(HAVE_TRU64_ACLS, 1, [true if you have Tru64 ACLs])
1432 + LIBS="$LIBS -lpacl"
1435 + AC_MSG_RESULT(ACLs requested -- running tests)
1436 + AC_CHECK_LIB(acl,acl_get_file)
1437 + AC_CACHE_CHECK([for ACL support],samba_cv_HAVE_POSIX_ACLS,[
1438 + AC_TRY_LINK([#include <sys/types.h>
1439 +#include <sys/acl.h>],
1440 +[ acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p);],
1441 +samba_cv_HAVE_POSIX_ACLS=yes,samba_cv_HAVE_POSIX_ACLS=no)])
1442 + AC_MSG_CHECKING(ACL test results)
1443 + if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then
1444 + AC_MSG_RESULT(Using posix ACLs)
1445 + AC_DEFINE(HAVE_POSIX_ACLS, 1, [true if you have posix ACLs])
1446 + AC_CACHE_CHECK([for acl_get_perm_np],samba_cv_HAVE_ACL_GET_PERM_NP,[
1447 + AC_TRY_LINK([#include <sys/types.h>
1448 +#include <sys/acl.h>],
1449 +[ acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm);],
1450 +samba_cv_HAVE_ACL_GET_PERM_NP=yes,samba_cv_HAVE_ACL_GET_PERM_NP=no)])
1451 + if test x"$samba_cv_HAVE_ACL_GET_PERM_NP" = x"yes"; then
1452 + AC_DEFINE(HAVE_ACL_GET_PERM_NP, 1, [true if you have acl_get_perm_np])
1455 + AC_MSG_ERROR(Failed to find ACL support)
1462 + AC_DEFINE(HAVE_NO_ACLS, 1, [true if you don't have ACLs])
1465 + AC_DEFINE(HAVE_NO_ACLS, 1, [true if you don't have ACLs])
1469 AC_CONFIG_FILES([Makefile lib/dummy zlib/dummy popt/dummy shconfig])
1474 @@ -44,6 +44,7 @@ extern int filesfrom_fd;
1475 extern int one_file_system;
1476 extern int copy_dirlinks;
1477 extern int keep_dirlinks;
1478 +extern int preserve_acls;
1479 extern int preserve_links;
1480 extern int preserve_hard_links;
1481 extern int preserve_devices;
1482 @@ -970,6 +971,11 @@ static struct file_struct *send_file_nam
1483 if (chmod_modes && !S_ISLNK(file->mode))
1484 file->mode = tweak_mode(file->mode, chmod_modes);
1486 +#ifdef SUPPORT_ACLS
1487 + if (preserve_acls && make_acl(file, fname) < 0)
1491 maybe_emit_filelist_progress(flist->count + flist_count_offset);
1493 flist_expand(flist);
1494 @@ -977,6 +983,16 @@ static struct file_struct *send_file_nam
1495 if (file->basename[0]) {
1496 flist->files[flist->count++] = file;
1497 send_file_entry(file, f);
1498 +#ifdef SUPPORT_ACLS
1499 + if (preserve_acls)
1500 + send_acl(file, f);
1503 +#ifdef SUPPORT_ACLS
1504 + /* Cleanup unsent ACL(s). */
1505 + if (preserve_acls)
1506 + send_acl(file, -1);
1511 @@ -1365,6 +1381,11 @@ struct file_list *recv_file_list(int f)
1512 flags |= read_byte(f) << 8;
1513 file = receive_file_entry(flist, flags, f);
1515 +#ifdef SUPPORT_ACLS
1516 + if (preserve_acls)
1517 + receive_acl(file, f);
1520 if (S_ISREG(file->mode) || S_ISLNK(file->mode))
1521 stats.total_size += file->length;
1523 @@ -1387,6 +1408,11 @@ struct file_list *recv_file_list(int f)
1525 clean_flist(flist, relative_paths, 1);
1527 +#ifdef SUPPORT_ACLS
1528 + if (preserve_acls)
1529 + sort_file_acl_index_lists();
1533 recv_uid_list(f, flist);
1537 @@ -85,6 +85,7 @@ extern long block_size; /* "long" becaus
1538 extern int max_delete;
1539 extern int force_delete;
1540 extern int one_file_system;
1541 +extern mode_t orig_umask;
1542 extern struct stats stats;
1543 extern dev_t filesystem_dev;
1544 extern char *backup_dir;
1545 @@ -321,6 +322,8 @@ static void do_delete_pass(struct file_l
1547 int unchanged_attrs(struct file_struct *file, STRUCT_STAT *st)
1549 + /* FIXME: Flag ACL changes. */
1552 && (st->st_mode & CHMOD_BITS) != (file->mode & CHMOD_BITS))
1554 @@ -355,6 +358,7 @@ void itemize(struct file_struct *file, i
1555 if (preserve_gid && file->gid != GID_NONE
1556 && st->st_gid != file->gid)
1557 iflags |= ITEM_REPORT_GROUP;
1558 + /* FIXME: Itemize ACL changes. ITEM_REPORT_XATTR? */
1560 iflags |= ITEM_IS_NEW;
1562 @@ -753,6 +757,7 @@ static int try_dests_non(struct file_str
1565 static int phase = 0;
1566 +static int dflt_perms;
1568 /* Acts on the_file_list->file's ndx'th item, whose name is fname. If a dir,
1569 * make sure it exists, and has the right permissions/timestamp info. For
1570 @@ -844,6 +849,10 @@ static void recv_generator(char *fname,
1573 need_fuzzy_dirlist = 1;
1574 +#ifdef SUPPORT_ACLS
1575 + if (!preserve_perms)
1576 + dflt_perms = default_perms_for_dir(dn);
1579 parent_dirname = dn;
1581 @@ -871,7 +880,8 @@ static void recv_generator(char *fname,
1582 if (!preserve_perms) {
1583 int exists = statret == 0
1584 && S_ISDIR(st.st_mode) == S_ISDIR(file->mode);
1585 - file->mode = dest_mode(file->mode, st.st_mode, exists);
1586 + file->mode = dest_mode(file->mode, st.st_mode, dflt_perms,
1590 if (S_ISDIR(file->mode)) {
1591 @@ -1343,6 +1353,8 @@ void generate_files(int f_out, struct fi
1592 * notice that and let us know via the redo pipe (or its closing). */
1595 + dflt_perms = (ACCESSPERMS & ~orig_umask);
1597 for (i = 0; i < flist->count; i++) {
1598 struct file_struct *file = flist->files[i];
1600 --- old/lib/sysacls.c
1601 +++ new/lib/sysacls.c
1604 + Unix SMB/CIFS implementation.
1605 + Samba system utilities for ACL support.
1606 + Copyright (C) Jeremy Allison 2000.
1608 + This program is free software; you can redistribute it and/or modify
1609 + it under the terms of the GNU General Public License as published by
1610 + the Free Software Foundation; either version 2 of the License, or
1611 + (at your option) any later version.
1613 + This program is distributed in the hope that it will be useful,
1614 + but WITHOUT ANY WARRANTY; without even the implied warranty of
1615 + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1616 + GNU General Public License for more details.
1618 + You should have received a copy of the GNU General Public License
1619 + along with this program; if not, write to the Free Software
1620 + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
1624 +#include "sysacls.h" /****** ADDED ******/
1626 +/****** EXTRAS -- THESE ITEMS ARE NOT FROM THE SAMBA SOURCE ******/
1627 +void SAFE_FREE(void *mem)
1633 +char *uidtoname(uid_t uid)
1635 + static char idbuf[12];
1636 + struct passwd *pw;
1638 + if ((pw = getpwuid(uid)) == NULL) {
1639 + slprintf(idbuf, sizeof(idbuf)-1, "%ld", (long)uid);
1642 + return pw->pw_name;
1644 +/****** EXTRAS -- END ******/
1647 + This file wraps all differing system ACL interfaces into a consistent
1648 + one based on the POSIX interface. It also returns the correct errors
1649 + for older UNIX systems that don't support ACLs.
1651 + The interfaces that each ACL implementation must support are as follows :
1653 + int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
1654 + int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
1655 + int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p
1656 + void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
1657 + SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
1658 + SMB_ACL_T sys_acl_get_fd(int fd)
1659 + int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset);
1660 + int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
1661 + char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen)
1662 + SMB_ACL_T sys_acl_init( int count)
1663 + int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
1664 + int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
1665 + int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
1666 + int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
1667 + int sys_acl_valid( SMB_ACL_T theacl )
1668 + int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
1669 + int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
1670 + int sys_acl_delete_def_file(const char *path)
1672 + This next one is not POSIX complient - but we *have* to have it !
1673 + More POSIX braindamage.
1675 + int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1677 + The generic POSIX free is the following call. We split this into
1678 + several different free functions as we may need to add tag info
1679 + to structures when emulating the POSIX interface.
1681 + int sys_acl_free( void *obj_p)
1683 + The calls we actually use are :
1685 + int sys_acl_free_text(char *text) - free acl_to_text
1686 + int sys_acl_free_acl(SMB_ACL_T posix_acl)
1687 + int sys_acl_free_qualifier(void *qualifier, SMB_ACL_TAG_T tagtype)
1691 +#if defined(HAVE_POSIX_ACLS)
1693 +/* Identity mapping - easy. */
1695 +int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
1697 + return acl_get_entry( the_acl, entry_id, entry_p);
1700 +int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
1702 + return acl_get_tag_type( entry_d, tag_type_p);
1705 +int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
1707 + return acl_get_permset( entry_d, permset_p);
1710 +void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
1712 + return acl_get_qualifier( entry_d);
1715 +SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
1717 + return acl_get_file( path_p, type);
1720 +SMB_ACL_T sys_acl_get_fd(int fd)
1722 + return acl_get_fd(fd);
1725 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
1727 + return acl_clear_perms(permset);
1730 +int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1732 + return acl_add_perm(permset, perm);
1735 +int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1737 +#if defined(HAVE_ACL_GET_PERM_NP)
1739 + * Required for TrustedBSD-based ACL implementations where
1740 + * non-POSIX.1e functions are denoted by a _np (non-portable)
1743 + return acl_get_perm_np(permset, perm);
1745 + return acl_get_perm(permset, perm);
1749 +char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
1751 + return acl_to_text( the_acl, plen);
1754 +SMB_ACL_T sys_acl_init( int count)
1756 + return acl_init(count);
1759 +int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
1761 + return acl_create_entry(pacl, pentry);
1764 +int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
1766 + return acl_set_tag_type(entry, tagtype);
1769 +int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
1771 + return acl_set_qualifier(entry, qual);
1774 +int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
1776 + return acl_set_permset(entry, permset);
1779 +int sys_acl_valid( SMB_ACL_T theacl )
1781 + return acl_valid(theacl);
1784 +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
1786 + return acl_set_file(name, acltype, theacl);
1789 +int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
1791 + return acl_set_fd(fd, theacl);
1794 +int sys_acl_delete_def_file(const char *name)
1796 + return acl_delete_def_file(name);
1799 +int sys_acl_free_text(char *text)
1801 + return acl_free(text);
1804 +int sys_acl_free_acl(SMB_ACL_T the_acl)
1806 + return acl_free(the_acl);
1809 +int sys_acl_free_qualifier(void *qual, UNUSED(SMB_ACL_TAG_T tagtype))
1811 + return acl_free(qual);
1814 +#elif defined(HAVE_TRU64_ACLS)
1816 + * The interface to DEC/Compaq Tru64 UNIX ACLs
1817 + * is based on Draft 13 of the POSIX spec which is
1818 + * slightly different from the Draft 16 interface.
1820 + * Also, some of the permset manipulation functions
1821 + * such as acl_clear_perm() and acl_add_perm() appear
1822 + * to be broken on Tru64 so we have to manipulate
1823 + * the permission bits in the permset directly.
1825 +int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
1827 + SMB_ACL_ENTRY_T entry;
1829 + if (entry_id == SMB_ACL_FIRST_ENTRY && acl_first_entry(the_acl) != 0) {
1834 + if ((entry = acl_get_entry(the_acl)) != NULL) {
1839 + return errno ? -1 : 0;
1842 +int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
1844 + return acl_get_tag_type( entry_d, tag_type_p);
1847 +int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
1849 + return acl_get_permset( entry_d, permset_p);
1852 +void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
1854 + return acl_get_qualifier( entry_d);
1857 +SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
1859 + return acl_get_file((char *)path_p, type);
1862 +SMB_ACL_T sys_acl_get_fd(int fd)
1864 + return acl_get_fd(fd, ACL_TYPE_ACCESS);
1867 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
1869 + *permset = 0; /* acl_clear_perm() is broken on Tru64 */
1874 +int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1876 + if (perm & ~(SMB_ACL_READ | SMB_ACL_WRITE | SMB_ACL_EXECUTE)) {
1881 + *permset |= perm; /* acl_add_perm() is broken on Tru64 */
1886 +int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1888 + return *permset & perm; /* Tru64 doesn't have acl_get_perm() */
1891 +char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
1893 + return acl_to_text( the_acl, plen);
1896 +SMB_ACL_T sys_acl_init( int count)
1898 + return acl_init(count);
1901 +int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
1903 + SMB_ACL_ENTRY_T entry;
1905 + if ((entry = acl_create_entry(pacl)) == NULL) {
1913 +int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
1915 + return acl_set_tag_type(entry, tagtype);
1918 +int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
1920 + return acl_set_qualifier(entry, qual);
1923 +int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
1925 + return acl_set_permset(entry, permset);
1928 +int sys_acl_valid( SMB_ACL_T theacl )
1930 + acl_entry_t entry;
1932 + return acl_valid(theacl, &entry);
1935 +int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
1937 + return acl_set_file((char *)name, acltype, theacl);
1940 +int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
1942 + return acl_set_fd(fd, ACL_TYPE_ACCESS, theacl);
1945 +int sys_acl_delete_def_file(const char *name)
1947 + return acl_delete_def_file((char *)name);
1950 +int sys_acl_free_text(char *text)
1953 + * (void) cast and explicit return 0 are for DEC UNIX
1954 + * which just #defines acl_free_text() to be free()
1956 + (void) acl_free_text(text);
1960 +int sys_acl_free_acl(SMB_ACL_T the_acl)
1962 + return acl_free(the_acl);
1965 +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
1967 + return acl_free_qualifier(qual, tagtype);
1970 +#elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS)
1973 + * Donated by Michael Davidson <md@sco.COM> for UnixWare / OpenUNIX.
1974 + * Modified by Toomas Soome <tsoome@ut.ee> for Solaris.
1978 + * Note that while this code implements sufficient functionality
1979 + * to support the sys_acl_* interfaces it does not provide all
1980 + * of the semantics of the POSIX ACL interfaces.
1982 + * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
1983 + * from a call to sys_acl_get_entry() should not be assumed to be
1984 + * valid after calling any of the following functions, which may
1985 + * reorder the entries in the ACL.
1988 + * sys_acl_set_file()
1989 + * sys_acl_set_fd()
1993 + * The only difference between Solaris and UnixWare / OpenUNIX is
1994 + * that the #defines for the ACL operations have different names
1996 +#if defined(HAVE_UNIXWARE_ACLS)
1998 +#define SETACL ACL_SET
1999 +#define GETACL ACL_GET
2000 +#define GETACLCNT ACL_CNT
2005 +int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
2007 + if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
2012 + if (entry_p == NULL) {
2017 + if (entry_id == SMB_ACL_FIRST_ENTRY) {
2021 + if (acl_d->next < 0) {
2026 + if (acl_d->next >= acl_d->count) {
2030 + *entry_p = &acl_d->acl[acl_d->next++];
2035 +int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
2037 + *type_p = entry_d->a_type;
2042 +int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
2044 + *permset_p = &entry_d->a_perm;
2049 +void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
2051 + if (entry_d->a_type != SMB_ACL_USER
2052 + && entry_d->a_type != SMB_ACL_GROUP) {
2057 + return &entry_d->a_id;
2061 + * There is no way of knowing what size the ACL returned by
2062 + * GETACL will be unless you first call GETACLCNT which means
2063 + * making an additional system call.
2065 + * In the hope of avoiding the cost of the additional system
2066 + * call in most cases, we initially allocate enough space for
2067 + * an ACL with INITIAL_ACL_SIZE entries. If this turns out to
2068 + * be too small then we use GETACLCNT to find out the actual
2069 + * size, reallocate the ACL buffer, and then call GETACL again.
2072 +#define INITIAL_ACL_SIZE 16
2074 +SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
2077 + int count; /* # of ACL entries allocated */
2078 + int naccess; /* # of access ACL entries */
2079 + int ndefault; /* # of default ACL entries */
2081 + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
2086 + count = INITIAL_ACL_SIZE;
2087 + if ((acl_d = sys_acl_init(count)) == NULL) {
2092 + * If there isn't enough space for the ACL entries we use
2093 + * GETACLCNT to determine the actual number of ACL entries
2094 + * reallocate and try again. This is in a loop because it
2095 + * is possible that someone else could modify the ACL and
2096 + * increase the number of entries between the call to
2097 + * GETACLCNT and the call to GETACL.
2099 + while ((count = acl(path_p, GETACL, count, &acl_d->acl[0])) < 0
2100 + && errno == ENOSPC) {
2102 + sys_acl_free_acl(acl_d);
2104 + if ((count = acl(path_p, GETACLCNT, 0, NULL)) < 0) {
2108 + if ((acl_d = sys_acl_init(count)) == NULL) {
2114 + sys_acl_free_acl(acl_d);
2119 + * calculate the number of access and default ACL entries
2121 + * Note: we assume that the acl() system call returned a
2122 + * well formed ACL which is sorted so that all of the
2123 + * access ACL entries preceed any default ACL entries
2125 + for (naccess = 0; naccess < count; naccess++) {
2126 + if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
2129 + ndefault = count - naccess;
2132 + * if the caller wants the default ACL we have to copy
2133 + * the entries down to the start of the acl[] buffer
2134 + * and mask out the ACL_DEFAULT flag from the type field
2136 + if (type == SMB_ACL_TYPE_DEFAULT) {
2139 + for (i = 0, j = naccess; i < ndefault; i++, j++) {
2140 + acl_d->acl[i] = acl_d->acl[j];
2141 + acl_d->acl[i].a_type &= ~ACL_DEFAULT;
2144 + acl_d->count = ndefault;
2146 + acl_d->count = naccess;
2152 +SMB_ACL_T sys_acl_get_fd(int fd)
2155 + int count; /* # of ACL entries allocated */
2156 + int naccess; /* # of access ACL entries */
2158 + count = INITIAL_ACL_SIZE;
2159 + if ((acl_d = sys_acl_init(count)) == NULL) {
2163 + while ((count = facl(fd, GETACL, count, &acl_d->acl[0])) < 0
2164 + && errno == ENOSPC) {
2166 + sys_acl_free_acl(acl_d);
2168 + if ((count = facl(fd, GETACLCNT, 0, NULL)) < 0) {
2172 + if ((acl_d = sys_acl_init(count)) == NULL) {
2178 + sys_acl_free_acl(acl_d);
2183 + * calculate the number of access ACL entries
2185 + for (naccess = 0; naccess < count; naccess++) {
2186 + if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
2190 + acl_d->count = naccess;
2195 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
2202 +int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
2204 + if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
2205 + && perm != SMB_ACL_EXECUTE) {
2210 + if (permset_d == NULL) {
2215 + *permset_d |= perm;
2220 +int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
2222 + return *permset_d & perm;
2225 +char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
2232 + * use an initial estimate of 20 bytes per ACL entry
2233 + * when allocating memory for the text representation
2237 + maxlen = 20 * acl_d->count;
2238 + if ((text = SMB_MALLOC(maxlen)) == NULL) {
2243 + for (i = 0; i < acl_d->count; i++) {
2244 + struct acl *ap = &acl_d->acl[i];
2253 + switch (ap->a_type) {
2255 + * for debugging purposes it's probably more
2256 + * useful to dump unknown tag types rather
2257 + * than just returning an error
2260 + slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x",
2263 + slprintf(idbuf, sizeof(idbuf)-1, "%ld",
2268 + case SMB_ACL_USER:
2269 + id = uidtoname(ap->a_id);
2270 + case SMB_ACL_USER_OBJ:
2274 + case SMB_ACL_GROUP:
2275 + if ((gr = getgrgid(ap->a_id)) == NULL) {
2276 + slprintf(idbuf, sizeof(idbuf)-1, "%ld",
2282 + case SMB_ACL_GROUP_OBJ:
2286 + case SMB_ACL_OTHER:
2290 + case SMB_ACL_MASK:
2296 + perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-';
2297 + perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-';
2298 + perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-';
2301 + /* <tag> : <qualifier> : rwx \n \0 */
2302 + nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1;
2305 + * If this entry would overflow the buffer
2306 + * allocate enough additional memory for this
2307 + * entry and an estimate of another 20 bytes
2308 + * for each entry still to be processed
2310 + if ((len + nbytes) > maxlen) {
2311 + char *oldtext = text;
2313 + maxlen += nbytes + 20 * (acl_d->count - i);
2315 + if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) {
2316 + SAFE_FREE(oldtext);
2322 + slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms);
2323 + len += nbytes - 1;
2332 +SMB_ACL_T sys_acl_init(int count)
2342 + * note that since the definition of the structure pointed
2343 + * to by the SMB_ACL_T includes the first element of the
2344 + * acl[] array, this actually allocates an ACL with room
2345 + * for (count+1) entries
2347 + if ((a = (SMB_ACL_T)SMB_MALLOC(sizeof(struct SMB_ACL_T) + count * sizeof(struct acl))) == NULL) {
2352 + a->size = count + 1;
2360 +int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
2363 + SMB_ACL_ENTRY_T entry_d;
2365 + if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
2370 + if (acl_d->count >= acl_d->size) {
2375 + entry_d = &acl_d->acl[acl_d->count++];
2376 + entry_d->a_type = 0;
2377 + entry_d->a_id = -1;
2378 + entry_d->a_perm = 0;
2379 + *entry_p = entry_d;
2384 +int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
2386 + switch (tag_type) {
2387 + case SMB_ACL_USER:
2388 + case SMB_ACL_USER_OBJ:
2389 + case SMB_ACL_GROUP:
2390 + case SMB_ACL_GROUP_OBJ:
2391 + case SMB_ACL_OTHER:
2392 + case SMB_ACL_MASK:
2393 + entry_d->a_type = tag_type;
2403 +int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
2405 + if (entry_d->a_type != SMB_ACL_GROUP
2406 + && entry_d->a_type != SMB_ACL_USER) {
2411 + entry_d->a_id = *((id_t *)qual_p);
2416 +int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
2418 + if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
2422 + entry_d->a_perm = *permset_d;
2428 + * sort the ACL and check it for validity
2430 + * if it's a minimal ACL with only 4 entries then we
2431 + * need to recalculate the mask permissions to make
2432 + * sure that they are the same as the GROUP_OBJ
2433 + * permissions as required by the UnixWare acl() system call.
2435 + * (note: since POSIX allows minimal ACLs which only contain
2436 + * 3 entries - ie there is no mask entry - we should, in theory,
2437 + * check for this and add a mask entry if necessary - however
2438 + * we "know" that the caller of this interface always specifies
2439 + * a mask so, in practice "this never happens" (tm) - if it *does*
2440 + * happen aclsort() will fail and return an error and someone will
2441 + * have to fix it ...)
2444 +static int acl_sort(SMB_ACL_T acl_d)
2446 + int fixmask = (acl_d->count <= 4);
2448 + if (aclsort(acl_d->count, fixmask, acl_d->acl) != 0) {
2455 +int sys_acl_valid(SMB_ACL_T acl_d)
2457 + return acl_sort(acl_d);
2460 +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
2463 + struct acl *acl_p;
2465 + struct acl *acl_buf = NULL;
2468 + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
2473 + if (acl_sort(acl_d) != 0) {
2477 + acl_p = &acl_d->acl[0];
2478 + acl_count = acl_d->count;
2481 + * if it's a directory there is extra work to do
2482 + * since the acl() system call will replace both
2483 + * the access ACLs and the default ACLs (if any)
2485 + if (stat(name, &s) != 0) {
2488 + if (S_ISDIR(s.st_mode)) {
2489 + SMB_ACL_T acc_acl;
2490 + SMB_ACL_T def_acl;
2491 + SMB_ACL_T tmp_acl;
2494 + if (type == SMB_ACL_TYPE_ACCESS) {
2496 + def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
2500 + acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
2503 + if (tmp_acl == NULL) {
2508 + * allocate a temporary buffer for the complete ACL
2510 + acl_count = acc_acl->count + def_acl->count;
2511 + acl_p = acl_buf = SMB_MALLOC_ARRAY(struct acl, acl_count);
2513 + if (acl_buf == NULL) {
2514 + sys_acl_free_acl(tmp_acl);
2520 + * copy the access control and default entries into the buffer
2522 + memcpy(&acl_buf[0], &acc_acl->acl[0],
2523 + acc_acl->count * sizeof(acl_buf[0]));
2525 + memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0],
2526 + def_acl->count * sizeof(acl_buf[0]));
2529 + * set the ACL_DEFAULT flag on the default entries
2531 + for (i = acc_acl->count; i < acl_count; i++) {
2532 + acl_buf[i].a_type |= ACL_DEFAULT;
2535 + sys_acl_free_acl(tmp_acl);
2537 + } else if (type != SMB_ACL_TYPE_ACCESS) {
2542 + ret = acl(name, SETACL, acl_count, acl_p);
2544 + SAFE_FREE(acl_buf);
2549 +int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
2551 + if (acl_sort(acl_d) != 0) {
2555 + return facl(fd, SETACL, acl_d->count, &acl_d->acl[0]);
2558 +int sys_acl_delete_def_file(const char *path)
2564 + * fetching the access ACL and rewriting it has
2565 + * the effect of deleting the default ACL
2567 + if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) {
2571 + ret = acl(path, SETACL, acl_d->count, acl_d->acl);
2573 + sys_acl_free_acl(acl_d);
2578 +int sys_acl_free_text(char *text)
2584 +int sys_acl_free_acl(SMB_ACL_T acl_d)
2590 +int sys_acl_free_qualifier(UNUSED(void *qual), UNUSED(SMB_ACL_TAG_T tagtype))
2595 +#elif defined(HAVE_HPUX_ACLS)
2599 + * Based on the Solaris/SCO code - with modifications.
2603 + * Note that while this code implements sufficient functionality
2604 + * to support the sys_acl_* interfaces it does not provide all
2605 + * of the semantics of the POSIX ACL interfaces.
2607 + * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
2608 + * from a call to sys_acl_get_entry() should not be assumed to be
2609 + * valid after calling any of the following functions, which may
2610 + * reorder the entries in the ACL.
2613 + * sys_acl_set_file()
2614 + * sys_acl_set_fd()
2617 +/* This checks if the POSIX ACL system call is defined */
2618 +/* which basically corresponds to whether JFS 3.3 or */
2619 +/* higher is installed. If acl() was called when it */
2620 +/* isn't defined, it causes the process to core dump */
2621 +/* so it is important to check this and avoid acl() */
2622 +/* calls if it isn't there. */
2624 +static BOOL hpux_acl_call_presence(void)
2627 + shl_t handle = NULL;
2630 + static BOOL already_checked=0;
2632 + if(already_checked)
2636 + ret_val = shl_findsym(&handle, "acl", TYPE_PROCEDURE, &value);
2638 + if(ret_val != 0) {
2639 + DEBUG(5, ("hpux_acl_call_presence: shl_findsym() returned %d, errno = %d, error %s\n",
2640 + ret_val, errno, strerror(errno)));
2641 + DEBUG(5,("hpux_acl_call_presence: acl() system call is not present. Check if you have JFS 3.3 and above?\n"));
2645 + DEBUG(10,("hpux_acl_call_presence: acl() system call is present. We have JFS 3.3 or above \n"));
2647 + already_checked = True;
2651 +int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
2653 + if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
2658 + if (entry_p == NULL) {
2663 + if (entry_id == SMB_ACL_FIRST_ENTRY) {
2667 + if (acl_d->next < 0) {
2672 + if (acl_d->next >= acl_d->count) {
2676 + *entry_p = &acl_d->acl[acl_d->next++];
2681 +int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
2683 + *type_p = entry_d->a_type;
2688 +int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
2690 + *permset_p = &entry_d->a_perm;
2695 +void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
2697 + if (entry_d->a_type != SMB_ACL_USER
2698 + && entry_d->a_type != SMB_ACL_GROUP) {
2703 + return &entry_d->a_id;
2707 + * There is no way of knowing what size the ACL returned by
2708 + * ACL_GET will be unless you first call ACL_CNT which means
2709 + * making an additional system call.
2711 + * In the hope of avoiding the cost of the additional system
2712 + * call in most cases, we initially allocate enough space for
2713 + * an ACL with INITIAL_ACL_SIZE entries. If this turns out to
2714 + * be too small then we use ACL_CNT to find out the actual
2715 + * size, reallocate the ACL buffer, and then call ACL_GET again.
2718 +#define INITIAL_ACL_SIZE 16
2720 +SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
2723 + int count; /* # of ACL entries allocated */
2724 + int naccess; /* # of access ACL entries */
2725 + int ndefault; /* # of default ACL entries */
2727 + if(hpux_acl_call_presence() == False) {
2728 + /* Looks like we don't have the acl() system call on HPUX.
2729 + * May be the system doesn't have the latest version of JFS.
2734 + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
2739 + count = INITIAL_ACL_SIZE;
2740 + if ((acl_d = sys_acl_init(count)) == NULL) {
2745 + * If there isn't enough space for the ACL entries we use
2746 + * ACL_CNT to determine the actual number of ACL entries
2747 + * reallocate and try again. This is in a loop because it
2748 + * is possible that someone else could modify the ACL and
2749 + * increase the number of entries between the call to
2750 + * ACL_CNT and the call to ACL_GET.
2752 + while ((count = acl(path_p, ACL_GET, count, &acl_d->acl[0])) < 0 && errno == ENOSPC) {
2754 + sys_acl_free_acl(acl_d);
2756 + if ((count = acl(path_p, ACL_CNT, 0, NULL)) < 0) {
2760 + if ((acl_d = sys_acl_init(count)) == NULL) {
2766 + sys_acl_free_acl(acl_d);
2771 + * calculate the number of access and default ACL entries
2773 + * Note: we assume that the acl() system call returned a
2774 + * well formed ACL which is sorted so that all of the
2775 + * access ACL entries preceed any default ACL entries
2777 + for (naccess = 0; naccess < count; naccess++) {
2778 + if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
2781 + ndefault = count - naccess;
2784 + * if the caller wants the default ACL we have to copy
2785 + * the entries down to the start of the acl[] buffer
2786 + * and mask out the ACL_DEFAULT flag from the type field
2788 + if (type == SMB_ACL_TYPE_DEFAULT) {
2791 + for (i = 0, j = naccess; i < ndefault; i++, j++) {
2792 + acl_d->acl[i] = acl_d->acl[j];
2793 + acl_d->acl[i].a_type &= ~ACL_DEFAULT;
2796 + acl_d->count = ndefault;
2798 + acl_d->count = naccess;
2804 +SMB_ACL_T sys_acl_get_fd(int fd)
2807 + * HPUX doesn't have the facl call. Fake it using the path.... JRA.
2810 + files_struct *fsp = file_find_fd(fd);
2812 + if (fsp == NULL) {
2818 + * We know we're in the same conn context. So we
2819 + * can use the relative path.
2822 + return sys_acl_get_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS);
2825 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
2832 +int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
2834 + if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
2835 + && perm != SMB_ACL_EXECUTE) {
2840 + if (permset_d == NULL) {
2845 + *permset_d |= perm;
2850 +int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
2852 + return *permset_d & perm;
2855 +char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
2862 + * use an initial estimate of 20 bytes per ACL entry
2863 + * when allocating memory for the text representation
2867 + maxlen = 20 * acl_d->count;
2868 + if ((text = SMB_MALLOC(maxlen)) == NULL) {
2873 + for (i = 0; i < acl_d->count; i++) {
2874 + struct acl *ap = &acl_d->acl[i];
2883 + switch (ap->a_type) {
2885 + * for debugging purposes it's probably more
2886 + * useful to dump unknown tag types rather
2887 + * than just returning an error
2890 + slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x",
2893 + slprintf(idbuf, sizeof(idbuf)-1, "%ld",
2898 + case SMB_ACL_USER:
2899 + id = uidtoname(ap->a_id);
2900 + case SMB_ACL_USER_OBJ:
2904 + case SMB_ACL_GROUP:
2905 + if ((gr = getgrgid(ap->a_id)) == NULL) {
2906 + slprintf(idbuf, sizeof(idbuf)-1, "%ld",
2912 + case SMB_ACL_GROUP_OBJ:
2916 + case SMB_ACL_OTHER:
2920 + case SMB_ACL_MASK:
2926 + perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-';
2927 + perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-';
2928 + perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-';
2931 + /* <tag> : <qualifier> : rwx \n \0 */
2932 + nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1;
2935 + * If this entry would overflow the buffer
2936 + * allocate enough additional memory for this
2937 + * entry and an estimate of another 20 bytes
2938 + * for each entry still to be processed
2940 + if ((len + nbytes) > maxlen) {
2941 + char *oldtext = text;
2943 + maxlen += nbytes + 20 * (acl_d->count - i);
2945 + if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) {
2952 + slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms);
2953 + len += nbytes - 1;
2962 +SMB_ACL_T sys_acl_init(int count)
2972 + * note that since the definition of the structure pointed
2973 + * to by the SMB_ACL_T includes the first element of the
2974 + * acl[] array, this actually allocates an ACL with room
2975 + * for (count+1) entries
2977 + if ((a = SMB_MALLOC(sizeof(struct SMB_ACL_T) + count * sizeof(struct acl))) == NULL) {
2982 + a->size = count + 1;
2990 +int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
2993 + SMB_ACL_ENTRY_T entry_d;
2995 + if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
3000 + if (acl_d->count >= acl_d->size) {
3005 + entry_d = &acl_d->acl[acl_d->count++];
3006 + entry_d->a_type = 0;
3007 + entry_d->a_id = -1;
3008 + entry_d->a_perm = 0;
3009 + *entry_p = entry_d;
3014 +int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
3016 + switch (tag_type) {
3017 + case SMB_ACL_USER:
3018 + case SMB_ACL_USER_OBJ:
3019 + case SMB_ACL_GROUP:
3020 + case SMB_ACL_GROUP_OBJ:
3021 + case SMB_ACL_OTHER:
3022 + case SMB_ACL_MASK:
3023 + entry_d->a_type = tag_type;
3033 +int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
3035 + if (entry_d->a_type != SMB_ACL_GROUP
3036 + && entry_d->a_type != SMB_ACL_USER) {
3041 + entry_d->a_id = *((id_t *)qual_p);
3046 +int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
3048 + if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
3052 + entry_d->a_perm = *permset_d;
3057 +/* Structure to capture the count for each type of ACE. */
3059 +struct hpux_acl_types {
3063 + int n_def_user_obj;
3068 + int n_def_group_obj;
3072 + int n_def_other_obj;
3075 + int n_def_class_obj;
3077 + int n_illegal_obj;
3081 + * Counts the different number of objects in a given array of ACL
3085 + * acl_count - Count of ACLs in the array of ACL strucutres.
3086 + * aclp - Array of ACL structures.
3087 + * acl_type_count - Pointer to acl_types structure. Should already be
3091 + * acl_type_count - This structure is filled up with counts of various
3095 +static int hpux_count_obj(int acl_count, struct acl *aclp, struct hpux_acl_types *acl_type_count)
3099 + memset(acl_type_count, 0, sizeof(struct hpux_acl_types));
3101 + for(i=0;i<acl_count;i++) {
3102 + switch(aclp[i].a_type) {
3104 + acl_type_count->n_user++;
3107 + acl_type_count->n_user_obj++;
3109 + case DEF_USER_OBJ:
3110 + acl_type_count->n_def_user_obj++;
3113 + acl_type_count->n_group++;
3116 + acl_type_count->n_group_obj++;
3118 + case DEF_GROUP_OBJ:
3119 + acl_type_count->n_def_group_obj++;
3122 + acl_type_count->n_other_obj++;
3124 + case DEF_OTHER_OBJ:
3125 + acl_type_count->n_def_other_obj++;
3128 + acl_type_count->n_class_obj++;
3130 + case DEF_CLASS_OBJ:
3131 + acl_type_count->n_def_class_obj++;
3134 + acl_type_count->n_def_user++;
3137 + acl_type_count->n_def_group++;
3140 + acl_type_count->n_illegal_obj++;
3146 +/* swap_acl_entries: Swaps two ACL entries.
3148 + * Inputs: aclp0, aclp1 - ACL entries to be swapped.
3151 +static void hpux_swap_acl_entries(struct acl *aclp0, struct acl *aclp1)
3153 + struct acl temp_acl;
3155 + temp_acl.a_type = aclp0->a_type;
3156 + temp_acl.a_id = aclp0->a_id;
3157 + temp_acl.a_perm = aclp0->a_perm;
3159 + aclp0->a_type = aclp1->a_type;
3160 + aclp0->a_id = aclp1->a_id;
3161 + aclp0->a_perm = aclp1->a_perm;
3163 + aclp1->a_type = temp_acl.a_type;
3164 + aclp1->a_id = temp_acl.a_id;
3165 + aclp1->a_perm = temp_acl.a_perm;
3168 +/* prohibited_duplicate_type
3169 + * Identifies if given ACL type can have duplicate entries or
3172 + * Inputs: acl_type - ACL Type.
3178 + * True - If the ACL type matches any of the prohibited types.
3179 + * False - If the ACL type doesn't match any of the prohibited types.
3182 +static BOOL hpux_prohibited_duplicate_type(int acl_type)
3184 + switch(acl_type) {
3195 +/* get_needed_class_perm
3196 + * Returns the permissions of a ACL structure only if the ACL
3197 + * type matches one of the pre-determined types for computing
3198 + * CLASS_OBJ permissions.
3200 + * Inputs: aclp - Pointer to ACL structure.
3203 +static int hpux_get_needed_class_perm(struct acl *aclp)
3205 + switch(aclp->a_type) {
3209 + case DEF_USER_OBJ:
3211 + case DEF_GROUP_OBJ:
3213 + case DEF_CLASS_OBJ:
3214 + case DEF_OTHER_OBJ:
3215 + return aclp->a_perm;
3221 +/* acl_sort for HPUX.
3222 + * Sorts the array of ACL structures as per the description in
3223 + * aclsort man page. Refer to aclsort man page for more details
3227 + * acl_count - Count of ACLs in the array of ACL structures.
3228 + * calclass - If this is not zero, then we compute the CLASS_OBJ
3230 + * aclp - Array of ACL structures.
3234 + * aclp - Sorted array of ACL structures.
3238 + * Returns 0 for success -1 for failure. Prints a message to the Samba
3239 + * debug log in case of failure.
3242 +static int hpux_acl_sort(int acl_count, int calclass, struct acl *aclp)
3244 +#if !defined(HAVE_HPUX_ACLSORT)
3246 + * The aclsort() system call is availabe on the latest HPUX General
3247 + * Patch Bundles. So for HPUX, we developed our version of acl_sort
3248 + * function. Because, we don't want to update to a new
3249 + * HPUX GR bundle just for aclsort() call.
3252 + struct hpux_acl_types acl_obj_count;
3253 + int n_class_obj_perm = 0;
3257 + DEBUG(10,("Zero acl count passed. Returning Success\n"));
3261 + if(aclp == NULL) {
3262 + DEBUG(0,("Null ACL pointer in hpux_acl_sort. Returning Failure. \n"));
3266 + /* Count different types of ACLs in the ACLs array */
3268 + hpux_count_obj(acl_count, aclp, &acl_obj_count);
3270 + /* There should be only one entry each of type USER_OBJ, GROUP_OBJ,
3271 + * CLASS_OBJ and OTHER_OBJ
3274 + if( (acl_obj_count.n_user_obj != 1) ||
3275 + (acl_obj_count.n_group_obj != 1) ||
3276 + (acl_obj_count.n_class_obj != 1) ||
3277 + (acl_obj_count.n_other_obj != 1)
3279 + DEBUG(0,("hpux_acl_sort: More than one entry or no entries for \
3280 +USER OBJ or GROUP_OBJ or OTHER_OBJ or CLASS_OBJ\n"));
3284 + /* If any of the default objects are present, there should be only
3285 + * one of them each.
3288 + if( (acl_obj_count.n_def_user_obj > 1) || (acl_obj_count.n_def_group_obj > 1) ||
3289 + (acl_obj_count.n_def_other_obj > 1) || (acl_obj_count.n_def_class_obj > 1) ) {
3290 + DEBUG(0,("hpux_acl_sort: More than one entry for DEF_CLASS_OBJ \
3291 +or DEF_USER_OBJ or DEF_GROUP_OBJ or DEF_OTHER_OBJ\n"));
3295 + /* We now have proper number of OBJ and DEF_OBJ entries. Now sort the acl
3298 + * Sorting crieteria - First sort by ACL type. If there are multiple entries of
3299 + * same ACL type, sort by ACL id.
3301 + * I am using the trival kind of sorting method here because, performance isn't
3302 + * really effected by the ACLs feature. More over there aren't going to be more
3303 + * than 17 entries on HPUX.
3306 + for(i=0; i<acl_count;i++) {
3307 + for (j=i+1; j<acl_count; j++) {
3308 + if( aclp[i].a_type > aclp[j].a_type ) {
3309 + /* ACL entries out of order, swap them */
3311 + hpux_swap_acl_entries((aclp+i), (aclp+j));
3313 + } else if ( aclp[i].a_type == aclp[j].a_type ) {
3315 + /* ACL entries of same type, sort by id */
3317 + if(aclp[i].a_id > aclp[j].a_id) {
3318 + hpux_swap_acl_entries((aclp+i), (aclp+j));
3319 + } else if (aclp[i].a_id == aclp[j].a_id) {
3320 + /* We have a duplicate entry. */
3321 + if(hpux_prohibited_duplicate_type(aclp[i].a_type)) {
3322 + DEBUG(0, ("hpux_acl_sort: Duplicate entry: Type(hex): %x Id: %d\n",
3323 + aclp[i].a_type, aclp[i].a_id));
3332 + /* set the class obj permissions to the computed one. */
3334 + int n_class_obj_index = -1;
3336 + for(i=0;i<acl_count;i++) {
3337 + n_class_obj_perm |= hpux_get_needed_class_perm((aclp+i));
3339 + if(aclp[i].a_type == CLASS_OBJ)
3340 + n_class_obj_index = i;
3342 + aclp[n_class_obj_index].a_perm = n_class_obj_perm;
3347 + return aclsort(acl_count, calclass, aclp);
3352 + * sort the ACL and check it for validity
3354 + * if it's a minimal ACL with only 4 entries then we
3355 + * need to recalculate the mask permissions to make
3356 + * sure that they are the same as the GROUP_OBJ
3357 + * permissions as required by the UnixWare acl() system call.
3359 + * (note: since POSIX allows minimal ACLs which only contain
3360 + * 3 entries - ie there is no mask entry - we should, in theory,
3361 + * check for this and add a mask entry if necessary - however
3362 + * we "know" that the caller of this interface always specifies
3363 + * a mask so, in practice "this never happens" (tm) - if it *does*
3364 + * happen aclsort() will fail and return an error and someone will
3365 + * have to fix it ...)
3368 +static int acl_sort(SMB_ACL_T acl_d)
3370 + int fixmask = (acl_d->count <= 4);
3372 + if (hpux_acl_sort(acl_d->count, fixmask, acl_d->acl) != 0) {
3379 +int sys_acl_valid(SMB_ACL_T acl_d)
3381 + return acl_sort(acl_d);
3384 +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
3387 + struct acl *acl_p;
3389 + struct acl *acl_buf = NULL;
3392 + if(hpux_acl_call_presence() == False) {
3393 + /* Looks like we don't have the acl() system call on HPUX.
3394 + * May be the system doesn't have the latest version of JFS.
3400 + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
3405 + if (acl_sort(acl_d) != 0) {
3409 + acl_p = &acl_d->acl[0];
3410 + acl_count = acl_d->count;
3413 + * if it's a directory there is extra work to do
3414 + * since the acl() system call will replace both
3415 + * the access ACLs and the default ACLs (if any)
3417 + if (stat(name, &s) != 0) {
3420 + if (S_ISDIR(s.st_mode)) {
3421 + SMB_ACL_T acc_acl;
3422 + SMB_ACL_T def_acl;
3423 + SMB_ACL_T tmp_acl;
3426 + if (type == SMB_ACL_TYPE_ACCESS) {
3428 + def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
3432 + acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
3435 + if (tmp_acl == NULL) {
3440 + * allocate a temporary buffer for the complete ACL
3442 + acl_count = acc_acl->count + def_acl->count;
3443 + acl_p = acl_buf = SMB_MALLOC_ARRAY(struct acl, acl_count);
3445 + if (acl_buf == NULL) {
3446 + sys_acl_free_acl(tmp_acl);
3452 + * copy the access control and default entries into the buffer
3454 + memcpy(&acl_buf[0], &acc_acl->acl[0],
3455 + acc_acl->count * sizeof(acl_buf[0]));
3457 + memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0],
3458 + def_acl->count * sizeof(acl_buf[0]));
3461 + * set the ACL_DEFAULT flag on the default entries
3463 + for (i = acc_acl->count; i < acl_count; i++) {
3464 + acl_buf[i].a_type |= ACL_DEFAULT;
3467 + sys_acl_free_acl(tmp_acl);
3469 + } else if (type != SMB_ACL_TYPE_ACCESS) {
3474 + ret = acl(name, ACL_SET, acl_count, acl_p);
3483 +int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
3486 + * HPUX doesn't have the facl call. Fake it using the path.... JRA.
3489 + files_struct *fsp = file_find_fd(fd);
3491 + if (fsp == NULL) {
3496 + if (acl_sort(acl_d) != 0) {
3501 + * We know we're in the same conn context. So we
3502 + * can use the relative path.
3505 + return sys_acl_set_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS, acl_d);
3508 +int sys_acl_delete_def_file(const char *path)
3514 + * fetching the access ACL and rewriting it has
3515 + * the effect of deleting the default ACL
3517 + if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) {
3521 + ret = acl(path, ACL_SET, acl_d->count, acl_d->acl);
3523 + sys_acl_free_acl(acl_d);
3528 +int sys_acl_free_text(char *text)
3534 +int sys_acl_free_acl(SMB_ACL_T acl_d)
3540 +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
3545 +#elif defined(HAVE_IRIX_ACLS)
3547 +int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
3549 + if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
3554 + if (entry_p == NULL) {
3559 + if (entry_id == SMB_ACL_FIRST_ENTRY) {
3563 + if (acl_d->next < 0) {
3568 + if (acl_d->next >= acl_d->aclp->acl_cnt) {
3572 + *entry_p = &acl_d->aclp->acl_entry[acl_d->next++];
3577 +int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
3579 + *type_p = entry_d->ae_tag;
3584 +int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
3586 + *permset_p = entry_d;
3591 +void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
3593 + if (entry_d->ae_tag != SMB_ACL_USER
3594 + && entry_d->ae_tag != SMB_ACL_GROUP) {
3599 + return &entry_d->ae_id;
3602 +SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
3606 + if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) {
3610 + if ((a->aclp = acl_get_file(path_p, type)) == NULL) {
3615 + a->freeaclp = True;
3619 +SMB_ACL_T sys_acl_get_fd(int fd)
3623 + if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) {
3627 + if ((a->aclp = acl_get_fd(fd)) == NULL) {
3632 + a->freeaclp = True;
3636 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
3638 + permset_d->ae_perm = 0;
3643 +int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
3645 + if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
3646 + && perm != SMB_ACL_EXECUTE) {
3651 + if (permset_d == NULL) {
3656 + permset_d->ae_perm |= perm;
3661 +int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
3663 + return permset_d->ae_perm & perm;
3666 +char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
3668 + return acl_to_text(acl_d->aclp, len_p);
3671 +SMB_ACL_T sys_acl_init(int count)
3680 + if ((a = SMB_MALLOC(sizeof(struct SMB_ACL_T) + sizeof(struct acl))) == NULL) {
3686 + a->freeaclp = False;
3687 + a->aclp = (struct acl *)(&a->aclp + sizeof(struct acl *));
3688 + a->aclp->acl_cnt = 0;
3694 +int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
3697 + SMB_ACL_ENTRY_T entry_d;
3699 + if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
3704 + if (acl_d->aclp->acl_cnt >= ACL_MAX_ENTRIES) {
3709 + entry_d = &acl_d->aclp->acl_entry[acl_d->aclp->acl_cnt++];
3710 + entry_d->ae_tag = 0;
3711 + entry_d->ae_id = 0;
3712 + entry_d->ae_perm = 0;
3713 + *entry_p = entry_d;
3718 +int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
3720 + switch (tag_type) {
3721 + case SMB_ACL_USER:
3722 + case SMB_ACL_USER_OBJ:
3723 + case SMB_ACL_GROUP:
3724 + case SMB_ACL_GROUP_OBJ:
3725 + case SMB_ACL_OTHER:
3726 + case SMB_ACL_MASK:
3727 + entry_d->ae_tag = tag_type;
3737 +int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
3739 + if (entry_d->ae_tag != SMB_ACL_GROUP
3740 + && entry_d->ae_tag != SMB_ACL_USER) {
3745 + entry_d->ae_id = *((id_t *)qual_p);
3750 +int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
3752 + if (permset_d->ae_perm & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
3756 + entry_d->ae_perm = permset_d->ae_perm;
3761 +int sys_acl_valid(SMB_ACL_T acl_d)
3763 + return acl_valid(acl_d->aclp);
3766 +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
3768 + return acl_set_file(name, type, acl_d->aclp);
3771 +int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
3773 + return acl_set_fd(fd, acl_d->aclp);
3776 +int sys_acl_delete_def_file(const char *name)
3778 + return acl_delete_def_file(name);
3781 +int sys_acl_free_text(char *text)
3783 + return acl_free(text);
3786 +int sys_acl_free_acl(SMB_ACL_T acl_d)
3788 + if (acl_d->freeaclp) {
3789 + acl_free(acl_d->aclp);
3795 +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
3800 +#elif defined(HAVE_AIX_ACLS)
3802 +/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
3804 +int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
3806 + struct acl_entry_link *link;
3807 + struct new_acl_entry *entry;
3810 + DEBUG(10,("This is the count: %d\n",theacl->count));
3812 + /* Check if count was previously set to -1. *
3813 + * If it was, that means we reached the end *
3814 + * of the acl last time. */
3815 + if(theacl->count == -1)
3819 + /* To get to the next acl, traverse linked list until index *
3820 + * of acl matches the count we are keeping. This count is *
3821 + * incremented each time we return an acl entry. */
3823 + for(keep_going = 0; keep_going < theacl->count; keep_going++)
3824 + link = link->nextp;
3826 + entry = *entry_p = link->entryp;
3828 + DEBUG(10,("*entry_p is %d\n",entry_p));
3829 + DEBUG(10,("*entry_p->ace_access is %d\n",entry->ace_access));
3831 + /* Increment count */
3833 + if(link->nextp == NULL)
3834 + theacl->count = -1;
3839 +int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
3841 + /* Initialize tag type */
3844 + DEBUG(10,("the tagtype is %d\n",entry_d->ace_id->id_type));
3846 + /* Depending on what type of entry we have, *
3847 + * return tag type. */
3848 + switch(entry_d->ace_id->id_type) {
3850 + *tag_type_p = SMB_ACL_USER;
3853 + *tag_type_p = SMB_ACL_GROUP;
3856 + case SMB_ACL_USER_OBJ:
3857 + case SMB_ACL_GROUP_OBJ:
3858 + case SMB_ACL_OTHER:
3859 + *tag_type_p = entry_d->ace_id->id_type;
3869 +int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
3871 + DEBUG(10,("Starting AIX sys_acl_get_permset\n"));
3872 + *permset_p = &entry_d->ace_access;
3873 + DEBUG(10,("**permset_p is %d\n",**permset_p));
3874 + if(!(**permset_p & S_IXUSR) &&
3875 + !(**permset_p & S_IWUSR) &&
3876 + !(**permset_p & S_IRUSR) &&
3877 + (**permset_p != 0))
3880 + DEBUG(10,("Ending AIX sys_acl_get_permset\n"));
3884 +void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
3886 + return(entry_d->ace_id->id_data);
3889 +SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
3891 + struct acl *file_acl = (struct acl *)NULL;
3892 + struct acl_entry *acl_entry;
3893 + struct new_acl_entry *new_acl_entry;
3894 + struct ace_id *idp;
3895 + struct acl_entry_link *acl_entry_link;
3896 + struct acl_entry_link *acl_entry_link_head;
3901 + /* AIX has no DEFAULT */
3902 + if ( type == SMB_ACL_TYPE_DEFAULT )
3905 + /* Get the acl using statacl */
3907 + DEBUG(10,("Entering sys_acl_get_file\n"));
3908 + DEBUG(10,("path_p is %s\n",path_p));
3910 + file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
3912 + if(file_acl == NULL) {
3914 + DEBUG(0,("Error in AIX sys_acl_get_file: %d\n",errno));
3918 + memset(file_acl,0,BUFSIZ);
3920 + rc = statacl((char *)path_p,0,file_acl,BUFSIZ);
3922 + DEBUG(0,("statacl returned %d with errno %d\n",rc,errno));
3923 + SAFE_FREE(file_acl);
3927 + DEBUG(10,("Got facl and returned it\n"));
3929 + /* Point to the first acl entry in the acl */
3930 + acl_entry = file_acl->acl_ext;
3932 + /* Begin setting up the head of the linked list *
3933 + * that will be used for the storing the acl *
3934 + * in a way that is useful for the posix_acls.c *
3937 + acl_entry_link_head = acl_entry_link = sys_acl_init(0);
3938 + if(acl_entry_link_head == NULL)
3941 + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
3942 + if(acl_entry_link->entryp == NULL) {
3943 + SAFE_FREE(file_acl);
3945 + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
3949 + DEBUG(10,("acl_entry is %d\n",acl_entry));
3950 + DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl)));
3952 + /* Check if the extended acl bit is on. *
3953 + * If it isn't, do not show the *
3954 + * contents of the acl since AIX intends *
3955 + * the extended info to remain unused */
3957 + if(file_acl->acl_mode & S_IXACL){
3958 + /* while we are not pointing to the very end */
3959 + while(acl_entry < acl_last(file_acl)) {
3960 + /* before we malloc anything, make sure this is */
3961 + /* a valid acl entry and one that we want to map */
3962 + idp = id_nxt(acl_entry->ace_id);
3963 + if((acl_entry->ace_type == ACC_SPECIFY ||
3964 + (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) {
3965 + acl_entry = acl_nxt(acl_entry);
3969 + idp = acl_entry->ace_id;
3971 + /* Check if this is the first entry in the linked list. *
3972 + * The first entry needs to keep prevp pointing to NULL *
3973 + * and already has entryp allocated. */
3975 + if(acl_entry_link_head->count != 0) {
3976 + acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
3978 + if(acl_entry_link->nextp == NULL) {
3979 + SAFE_FREE(file_acl);
3981 + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
3985 + acl_entry_link->nextp->prevp = acl_entry_link;
3986 + acl_entry_link = acl_entry_link->nextp;
3987 + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
3988 + if(acl_entry_link->entryp == NULL) {
3989 + SAFE_FREE(file_acl);
3991 + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
3994 + acl_entry_link->nextp = NULL;
3997 + acl_entry_link->entryp->ace_len = acl_entry->ace_len;
3999 + /* Don't really need this since all types are going *
4000 + * to be specified but, it's better than leaving it 0 */
4002 + acl_entry_link->entryp->ace_type = acl_entry->ace_type;
4004 + acl_entry_link->entryp->ace_access = acl_entry->ace_access;
4006 + memcpy(acl_entry_link->entryp->ace_id,idp,sizeof(struct ace_id));
4008 + /* The access in the acl entries must be left shifted by *
4009 + * three bites, because they will ultimately be compared *
4010 + * to S_IRUSR, S_IWUSR, and S_IXUSR. */
4012 + switch(acl_entry->ace_type){
4015 + acl_entry_link->entryp->ace_access = acl_entry->ace_access;
4016 + acl_entry_link->entryp->ace_access <<= 6;
4017 + acl_entry_link_head->count++;
4020 + /* Since there is no way to return a DENY acl entry *
4021 + * change to PERMIT and then shift. */
4022 + DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access));
4023 + acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7;
4024 + DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access));
4025 + acl_entry_link->entryp->ace_access <<= 6;
4026 + acl_entry_link_head->count++;
4032 + DEBUG(10,("acl_entry = %d\n",acl_entry));
4033 + DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type));
4035 + acl_entry = acl_nxt(acl_entry);
4037 + } /* end of if enabled */
4039 + /* Since owner, group, other acl entries are not *
4040 + * part of the acl entries in an acl, they must *
4041 + * be dummied up to become part of the list. */
4043 + for( i = 1; i < 4; i++) {
4044 + DEBUG(10,("i is %d\n",i));
4045 + if(acl_entry_link_head->count != 0) {
4046 + acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
4047 + if(acl_entry_link->nextp == NULL) {
4048 + SAFE_FREE(file_acl);
4050 + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
4054 + acl_entry_link->nextp->prevp = acl_entry_link;
4055 + acl_entry_link = acl_entry_link->nextp;
4056 + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
4057 + if(acl_entry_link->entryp == NULL) {
4058 + SAFE_FREE(file_acl);
4060 + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
4065 + acl_entry_link->nextp = NULL;
4067 + new_acl_entry = acl_entry_link->entryp;
4068 + idp = new_acl_entry->ace_id;
4070 + new_acl_entry->ace_len = sizeof(struct acl_entry);
4071 + new_acl_entry->ace_type = ACC_PERMIT;
4072 + idp->id_len = sizeof(struct ace_id);
4073 + DEBUG(10,("idp->id_len = %d\n",idp->id_len));
4074 + memset(idp->id_data,0,sizeof(uid_t));
4078 + new_acl_entry->ace_access = file_acl->g_access << 6;
4079 + idp->id_type = SMB_ACL_GROUP_OBJ;
4083 + new_acl_entry->ace_access = file_acl->o_access << 6;
4084 + idp->id_type = SMB_ACL_OTHER;
4088 + new_acl_entry->ace_access = file_acl->u_access << 6;
4089 + idp->id_type = SMB_ACL_USER_OBJ;
4097 + acl_entry_link_head->count++;
4098 + DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access));
4101 + acl_entry_link_head->count = 0;
4102 + SAFE_FREE(file_acl);
4104 + return(acl_entry_link_head);
4107 +SMB_ACL_T sys_acl_get_fd(int fd)
4109 + struct acl *file_acl = (struct acl *)NULL;
4110 + struct acl_entry *acl_entry;
4111 + struct new_acl_entry *new_acl_entry;
4112 + struct ace_id *idp;
4113 + struct acl_entry_link *acl_entry_link;
4114 + struct acl_entry_link *acl_entry_link_head;
4119 + /* Get the acl using fstatacl */
4121 + DEBUG(10,("Entering sys_acl_get_fd\n"));
4122 + DEBUG(10,("fd is %d\n",fd));
4123 + file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
4125 + if(file_acl == NULL) {
4127 + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
4131 + memset(file_acl,0,BUFSIZ);
4133 + rc = fstatacl(fd,0,file_acl,BUFSIZ);
4135 + DEBUG(0,("The fstatacl call returned %d with errno %d\n",rc,errno));
4136 + SAFE_FREE(file_acl);
4140 + DEBUG(10,("Got facl and returned it\n"));
4142 + /* Point to the first acl entry in the acl */
4144 + acl_entry = file_acl->acl_ext;
4145 + /* Begin setting up the head of the linked list *
4146 + * that will be used for the storing the acl *
4147 + * in a way that is useful for the posix_acls.c *
4150 + acl_entry_link_head = acl_entry_link = sys_acl_init(0);
4151 + if(acl_entry_link_head == NULL){
4152 + SAFE_FREE(file_acl);
4156 + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
4158 + if(acl_entry_link->entryp == NULL) {
4160 + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
4161 + SAFE_FREE(file_acl);
4165 + DEBUG(10,("acl_entry is %d\n",acl_entry));
4166 + DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl)));
4168 + /* Check if the extended acl bit is on. *
4169 + * If it isn't, do not show the *
4170 + * contents of the acl since AIX intends *
4171 + * the extended info to remain unused */
4173 + if(file_acl->acl_mode & S_IXACL){
4174 + /* while we are not pointing to the very end */
4175 + while(acl_entry < acl_last(file_acl)) {
4176 + /* before we malloc anything, make sure this is */
4177 + /* a valid acl entry and one that we want to map */
4179 + idp = id_nxt(acl_entry->ace_id);
4180 + if((acl_entry->ace_type == ACC_SPECIFY ||
4181 + (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) {
4182 + acl_entry = acl_nxt(acl_entry);
4186 + idp = acl_entry->ace_id;
4188 + /* Check if this is the first entry in the linked list. *
4189 + * The first entry needs to keep prevp pointing to NULL *
4190 + * and already has entryp allocated. */
4192 + if(acl_entry_link_head->count != 0) {
4193 + acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
4194 + if(acl_entry_link->nextp == NULL) {
4196 + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
4197 + SAFE_FREE(file_acl);
4200 + acl_entry_link->nextp->prevp = acl_entry_link;
4201 + acl_entry_link = acl_entry_link->nextp;
4202 + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
4203 + if(acl_entry_link->entryp == NULL) {
4205 + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
4206 + SAFE_FREE(file_acl);
4210 + acl_entry_link->nextp = NULL;
4213 + acl_entry_link->entryp->ace_len = acl_entry->ace_len;
4215 + /* Don't really need this since all types are going *
4216 + * to be specified but, it's better than leaving it 0 */
4218 + acl_entry_link->entryp->ace_type = acl_entry->ace_type;
4219 + acl_entry_link->entryp->ace_access = acl_entry->ace_access;
4221 + memcpy(acl_entry_link->entryp->ace_id, idp, sizeof(struct ace_id));
4223 + /* The access in the acl entries must be left shifted by *
4224 + * three bites, because they will ultimately be compared *
4225 + * to S_IRUSR, S_IWUSR, and S_IXUSR. */
4227 + switch(acl_entry->ace_type){
4230 + acl_entry_link->entryp->ace_access = acl_entry->ace_access;
4231 + acl_entry_link->entryp->ace_access <<= 6;
4232 + acl_entry_link_head->count++;
4235 + /* Since there is no way to return a DENY acl entry *
4236 + * change to PERMIT and then shift. */
4237 + DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access));
4238 + acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7;
4239 + DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access));
4240 + acl_entry_link->entryp->ace_access <<= 6;
4241 + acl_entry_link_head->count++;
4247 + DEBUG(10,("acl_entry = %d\n",acl_entry));
4248 + DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type));
4250 + acl_entry = acl_nxt(acl_entry);
4252 + } /* end of if enabled */
4254 + /* Since owner, group, other acl entries are not *
4255 + * part of the acl entries in an acl, they must *
4256 + * be dummied up to become part of the list. */
4258 + for( i = 1; i < 4; i++) {
4259 + DEBUG(10,("i is %d\n",i));
4260 + if(acl_entry_link_head->count != 0){
4261 + acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
4262 + if(acl_entry_link->nextp == NULL) {
4264 + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
4265 + SAFE_FREE(file_acl);
4269 + acl_entry_link->nextp->prevp = acl_entry_link;
4270 + acl_entry_link = acl_entry_link->nextp;
4271 + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
4273 + if(acl_entry_link->entryp == NULL) {
4274 + SAFE_FREE(file_acl);
4276 + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
4281 + acl_entry_link->nextp = NULL;
4283 + new_acl_entry = acl_entry_link->entryp;
4284 + idp = new_acl_entry->ace_id;
4286 + new_acl_entry->ace_len = sizeof(struct acl_entry);
4287 + new_acl_entry->ace_type = ACC_PERMIT;
4288 + idp->id_len = sizeof(struct ace_id);
4289 + DEBUG(10,("idp->id_len = %d\n",idp->id_len));
4290 + memset(idp->id_data,0,sizeof(uid_t));
4294 + new_acl_entry->ace_access = file_acl->g_access << 6;
4295 + idp->id_type = SMB_ACL_GROUP_OBJ;
4299 + new_acl_entry->ace_access = file_acl->o_access << 6;
4300 + idp->id_type = SMB_ACL_OTHER;
4304 + new_acl_entry->ace_access = file_acl->u_access << 6;
4305 + idp->id_type = SMB_ACL_USER_OBJ;
4312 + acl_entry_link_head->count++;
4313 + DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access));
4316 + acl_entry_link_head->count = 0;
4317 + SAFE_FREE(file_acl);
4319 + return(acl_entry_link_head);
4322 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
4324 + *permset = *permset & ~0777;
4328 +int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
4331 + (perm & (S_IXUSR | S_IWUSR | S_IRUSR)) == 0)
4335 + DEBUG(10,("This is the permset now: %d\n",*permset));
4339 +char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen)
4344 +SMB_ACL_T sys_acl_init( int count)
4346 + struct acl_entry_link *theacl = NULL;
4348 + DEBUG(10,("Entering sys_acl_init\n"));
4350 + theacl = SMB_MALLOC_P(struct acl_entry_link);
4351 + if(theacl == NULL) {
4353 + DEBUG(0,("Error in sys_acl_init is %d\n",errno));
4357 + theacl->count = 0;
4358 + theacl->nextp = NULL;
4359 + theacl->prevp = NULL;
4360 + theacl->entryp = NULL;
4361 + DEBUG(10,("Exiting sys_acl_init\n"));
4365 +int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
4367 + struct acl_entry_link *theacl;
4368 + struct acl_entry_link *acl_entryp;
4369 + struct acl_entry_link *temp_entry;
4372 + DEBUG(10,("Entering the sys_acl_create_entry\n"));
4374 + theacl = acl_entryp = *pacl;
4376 + /* Get to the end of the acl before adding entry */
4378 + for(counting=0; counting < theacl->count; counting++){
4379 + DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
4380 + temp_entry = acl_entryp;
4381 + acl_entryp = acl_entryp->nextp;
4384 + if(theacl->count != 0){
4385 + temp_entry->nextp = acl_entryp = SMB_MALLOC_P(struct acl_entry_link);
4386 + if(acl_entryp == NULL) {
4388 + DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
4392 + DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
4393 + acl_entryp->prevp = temp_entry;
4394 + DEBUG(10,("The acl_entryp->prevp is %d\n",acl_entryp->prevp));
4397 + *pentry = acl_entryp->entryp = SMB_MALLOC_P(struct new_acl_entry);
4398 + if(*pentry == NULL) {
4400 + DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
4404 + memset(*pentry,0,sizeof(struct new_acl_entry));
4405 + acl_entryp->entryp->ace_len = sizeof(struct acl_entry);
4406 + acl_entryp->entryp->ace_type = ACC_PERMIT;
4407 + acl_entryp->entryp->ace_id->id_len = sizeof(struct ace_id);
4408 + acl_entryp->nextp = NULL;
4410 + DEBUG(10,("Exiting sys_acl_create_entry\n"));
4414 +int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
4416 + DEBUG(10,("Starting AIX sys_acl_set_tag_type\n"));
4417 + entry->ace_id->id_type = tagtype;
4418 + DEBUG(10,("The tag type is %d\n",entry->ace_id->id_type));
4419 + DEBUG(10,("Ending AIX sys_acl_set_tag_type\n"));
4422 +int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
4424 + DEBUG(10,("Starting AIX sys_acl_set_qualifier\n"));
4425 + memcpy(entry->ace_id->id_data,qual,sizeof(uid_t));
4426 + DEBUG(10,("Ending AIX sys_acl_set_qualifier\n"));
4430 +int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
4432 + DEBUG(10,("Starting AIX sys_acl_set_permset\n"));
4433 + if(!(*permset & S_IXUSR) &&
4434 + !(*permset & S_IWUSR) &&
4435 + !(*permset & S_IRUSR) &&
4439 + entry->ace_access = *permset;
4440 + DEBUG(10,("entry->ace_access = %d\n",entry->ace_access));
4441 + DEBUG(10,("Ending AIX sys_acl_set_permset\n"));
4445 +int sys_acl_valid( SMB_ACL_T theacl )
4448 + int group_obj = 0;
4449 + int other_obj = 0;
4450 + struct acl_entry_link *acl_entry;
4452 + for(acl_entry=theacl; acl_entry != NULL; acl_entry = acl_entry->nextp) {
4453 + user_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_USER_OBJ);
4454 + group_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_GROUP_OBJ);
4455 + other_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_OTHER);
4458 + DEBUG(10,("user_obj=%d, group_obj=%d, other_obj=%d\n",user_obj,group_obj,other_obj));
4460 + if(user_obj != 1 || group_obj != 1 || other_obj != 1)
4466 +int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
4468 + struct acl_entry_link *acl_entry_link = NULL;
4469 + struct acl *file_acl = NULL;
4470 + struct acl *file_acl_temp = NULL;
4471 + struct acl_entry *acl_entry = NULL;
4472 + struct ace_id *ace_id = NULL;
4479 + DEBUG(10,("Entering sys_acl_set_file\n"));
4480 + DEBUG(10,("File name is %s\n",name));
4482 + /* AIX has no default ACL */
4483 + if(acltype == SMB_ACL_TYPE_DEFAULT)
4486 + acl_length = BUFSIZ;
4487 + file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
4489 + if(file_acl == NULL) {
4491 + DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
4495 + memset(file_acl,0,BUFSIZ);
4497 + file_acl->acl_len = ACL_SIZ;
4498 + file_acl->acl_mode = S_IXACL;
4500 + for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
4501 + acl_entry_link->entryp->ace_access >>= 6;
4502 + id_type = acl_entry_link->entryp->ace_id->id_type;
4505 + case SMB_ACL_USER_OBJ:
4506 + file_acl->u_access = acl_entry_link->entryp->ace_access;
4508 + case SMB_ACL_GROUP_OBJ:
4509 + file_acl->g_access = acl_entry_link->entryp->ace_access;
4511 + case SMB_ACL_OTHER:
4512 + file_acl->o_access = acl_entry_link->entryp->ace_access;
4514 + case SMB_ACL_MASK:
4518 + if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
4519 + acl_length += sizeof(struct acl_entry);
4520 + file_acl_temp = (struct acl *)SMB_MALLOC(acl_length);
4521 + if(file_acl_temp == NULL) {
4522 + SAFE_FREE(file_acl);
4524 + DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
4528 + memcpy(file_acl_temp,file_acl,file_acl->acl_len);
4529 + SAFE_FREE(file_acl);
4530 + file_acl = file_acl_temp;
4533 + acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
4534 + file_acl->acl_len += sizeof(struct acl_entry);
4535 + acl_entry->ace_len = acl_entry_link->entryp->ace_len;
4536 + acl_entry->ace_access = acl_entry_link->entryp->ace_access;
4538 + /* In order to use this, we'll need to wait until we can get denies */
4539 + /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
4540 + acl_entry->ace_type = ACC_SPECIFY; */
4542 + acl_entry->ace_type = ACC_SPECIFY;
4544 + ace_id = acl_entry->ace_id;
4546 + ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
4547 + DEBUG(10,("The id type is %d\n",ace_id->id_type));
4548 + ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
4549 + memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t));
4550 + memcpy(acl_entry->ace_id->id_data, &user_id, sizeof(uid_t));
4553 + rc = chacl(name,file_acl,file_acl->acl_len);
4554 + DEBUG(10,("errno is %d\n",errno));
4555 + DEBUG(10,("return code is %d\n",rc));
4556 + SAFE_FREE(file_acl);
4557 + DEBUG(10,("Exiting the sys_acl_set_file\n"));
4561 +int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
4563 + struct acl_entry_link *acl_entry_link = NULL;
4564 + struct acl *file_acl = NULL;
4565 + struct acl *file_acl_temp = NULL;
4566 + struct acl_entry *acl_entry = NULL;
4567 + struct ace_id *ace_id = NULL;
4573 + DEBUG(10,("Entering sys_acl_set_fd\n"));
4574 + acl_length = BUFSIZ;
4575 + file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
4577 + if(file_acl == NULL) {
4579 + DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
4583 + memset(file_acl,0,BUFSIZ);
4585 + file_acl->acl_len = ACL_SIZ;
4586 + file_acl->acl_mode = S_IXACL;
4588 + for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
4589 + acl_entry_link->entryp->ace_access >>= 6;
4590 + id_type = acl_entry_link->entryp->ace_id->id_type;
4591 + DEBUG(10,("The id_type is %d\n",id_type));
4594 + case SMB_ACL_USER_OBJ:
4595 + file_acl->u_access = acl_entry_link->entryp->ace_access;
4597 + case SMB_ACL_GROUP_OBJ:
4598 + file_acl->g_access = acl_entry_link->entryp->ace_access;
4600 + case SMB_ACL_OTHER:
4601 + file_acl->o_access = acl_entry_link->entryp->ace_access;
4603 + case SMB_ACL_MASK:
4607 + if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
4608 + acl_length += sizeof(struct acl_entry);
4609 + file_acl_temp = (struct acl *)SMB_MALLOC(acl_length);
4610 + if(file_acl_temp == NULL) {
4611 + SAFE_FREE(file_acl);
4613 + DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
4617 + memcpy(file_acl_temp,file_acl,file_acl->acl_len);
4618 + SAFE_FREE(file_acl);
4619 + file_acl = file_acl_temp;
4622 + acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
4623 + file_acl->acl_len += sizeof(struct acl_entry);
4624 + acl_entry->ace_len = acl_entry_link->entryp->ace_len;
4625 + acl_entry->ace_access = acl_entry_link->entryp->ace_access;
4627 + /* In order to use this, we'll need to wait until we can get denies */
4628 + /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
4629 + acl_entry->ace_type = ACC_SPECIFY; */
4631 + acl_entry->ace_type = ACC_SPECIFY;
4633 + ace_id = acl_entry->ace_id;
4635 + ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
4636 + DEBUG(10,("The id type is %d\n",ace_id->id_type));
4637 + ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
4638 + memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t));
4639 + memcpy(ace_id->id_data, &user_id, sizeof(uid_t));
4642 + rc = fchacl(fd,file_acl,file_acl->acl_len);
4643 + DEBUG(10,("errno is %d\n",errno));
4644 + DEBUG(10,("return code is %d\n",rc));
4645 + SAFE_FREE(file_acl);
4646 + DEBUG(10,("Exiting sys_acl_set_fd\n"));
4650 +int sys_acl_delete_def_file(const char *name)
4652 + /* AIX has no default ACL */
4656 +int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
4658 + return(*permset & perm);
4661 +int sys_acl_free_text(char *text)
4666 +int sys_acl_free_acl(SMB_ACL_T posix_acl)
4668 + struct acl_entry_link *acl_entry_link;
4670 + for(acl_entry_link = posix_acl->nextp; acl_entry_link->nextp != NULL; acl_entry_link = acl_entry_link->nextp) {
4671 + SAFE_FREE(acl_entry_link->prevp->entryp);
4672 + SAFE_FREE(acl_entry_link->prevp);
4675 + SAFE_FREE(acl_entry_link->prevp->entryp);
4676 + SAFE_FREE(acl_entry_link->prevp);
4677 + SAFE_FREE(acl_entry_link->entryp);
4678 + SAFE_FREE(acl_entry_link);
4683 +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
4688 +#else /* No ACLs. */
4690 +int sys_acl_get_entry(UNUSED(SMB_ACL_T the_acl), UNUSED(int entry_id), UNUSED(SMB_ACL_ENTRY_T *entry_p))
4696 +int sys_acl_get_tag_type(UNUSED(SMB_ACL_ENTRY_T entry_d), UNUSED(SMB_ACL_TAG_T *tag_type_p))
4702 +int sys_acl_get_permset(UNUSED(SMB_ACL_ENTRY_T entry_d), UNUSED(SMB_ACL_PERMSET_T *permset_p))
4708 +void *sys_acl_get_qualifier(UNUSED(SMB_ACL_ENTRY_T entry_d))
4714 +SMB_ACL_T sys_acl_get_file(UNUSED(const char *path_p), UNUSED(SMB_ACL_TYPE_T type))
4717 + return (SMB_ACL_T)NULL;
4720 +SMB_ACL_T sys_acl_get_fd(UNUSED(int fd))
4723 + return (SMB_ACL_T)NULL;
4726 +int sys_acl_clear_perms(UNUSED(SMB_ACL_PERMSET_T permset))
4732 +int sys_acl_add_perm( UNUSED(SMB_ACL_PERMSET_T permset), UNUSED(SMB_ACL_PERM_T perm))
4738 +int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
4741 + return (permset & perm) ? 1 : 0;
4744 +char *sys_acl_to_text(UNUSED(SMB_ACL_T the_acl), UNUSED(ssize_t *plen))
4750 +int sys_acl_free_text(UNUSED(char *text))
4756 +SMB_ACL_T sys_acl_init(UNUSED(int count))
4762 +int sys_acl_create_entry(UNUSED(SMB_ACL_T *pacl), UNUSED(SMB_ACL_ENTRY_T *pentry))
4768 +int sys_acl_set_tag_type(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(SMB_ACL_TAG_T tagtype))
4774 +int sys_acl_set_qualifier(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(void *qual))
4780 +int sys_acl_set_permset(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(SMB_ACL_PERMSET_T permset))
4786 +int sys_acl_valid(UNUSED(SMB_ACL_T theacl))
4792 +int sys_acl_set_file(UNUSED(const char *name), UNUSED(SMB_ACL_TYPE_T acltype), UNUSED(SMB_ACL_T theacl))
4798 +int sys_acl_set_fd(UNUSED(int fd), UNUSED(SMB_ACL_T theacl))
4804 +int sys_acl_delete_def_file(UNUSED(const char *name))
4810 +int sys_acl_free_acl(UNUSED(SMB_ACL_T the_acl))
4816 +int sys_acl_free_qualifier(UNUSED(void *qual), UNUSED(SMB_ACL_TAG_T tagtype))
4822 +#endif /* No ACLs. */
4824 +/************************************************************************
4825 + Deliberately outside the ACL defines. Return 1 if this is a "no acls"
4827 +************************************************************************/
4829 +int no_acl_syscall_error(int err)
4831 +#if defined(ENOSYS)
4832 + if (err == ENOSYS) {
4836 +#if defined(ENOTSUP)
4837 + if (err == ENOTSUP) {
4843 --- old/lib/sysacls.h
4844 +++ new/lib/sysacls.h
4846 +#define SMB_MALLOC(cnt) new_array(char, cnt)
4847 +#define SMB_MALLOC_P(obj) new_array(obj, 1)
4848 +#define SMB_MALLOC_ARRAY(obj, cnt) new_array(obj, cnt)
4849 +#define SMB_REALLOC(mem, cnt) realloc_array(mem, char, cnt)
4850 +#define slprintf snprintf
4852 +int sys_acl_get_entry(SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p);
4853 +int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p);
4854 +int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p);
4855 +void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d);
4856 +SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type);
4857 +SMB_ACL_T sys_acl_get_fd(int fd);
4858 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset);
4859 +int sys_acl_add_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
4860 +int sys_acl_get_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
4861 +char *sys_acl_to_text(SMB_ACL_T the_acl, ssize_t *plen);
4862 +SMB_ACL_T sys_acl_init(int count);
4863 +int sys_acl_create_entry(SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry);
4864 +int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype);
4865 +int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry, void *qual);
4866 +int sys_acl_set_permset(SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset);
4867 +int sys_acl_valid(SMB_ACL_T theacl);
4868 +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);
4869 +int sys_acl_set_fd(int fd, SMB_ACL_T theacl);
4870 +int sys_acl_delete_def_file(const char *name);
4871 +int sys_acl_free_text(char *text);
4872 +int sys_acl_free_acl(SMB_ACL_T the_acl);
4873 +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype);
4876 @@ -58,7 +58,7 @@ BEGIN {
4880 -!/^OFF_T|^size_t|^off_t|^pid_t|^unsigned|^mode_t|^DIR|^user|^int|^char|^uint|^uchar|^short|^struct|^BOOL|^void|^time|^const|^RETSIGTYPE/ {
4881 +!/^OFF_T|^size_t|^off_t|^pid_t|^id_t|^unsigned|^mode_t|^DIR|^user|^int|^char|^uint|^uchar|^short|^struct|^BOOL|^void|^time|^const|^RETSIGTYPE/ {
4887 @@ -45,6 +45,7 @@ int copy_dirlinks = 0;
4889 int preserve_links = 0;
4890 int preserve_hard_links = 0;
4891 +int preserve_acls = 0;
4892 int preserve_perms = 0;
4893 int preserve_executability = 0;
4894 int preserve_devices = 0;
4895 @@ -192,6 +193,7 @@ static void print_rsync_version(enum log
4896 char const *got_socketpair = "no ";
4897 char const *have_inplace = "no ";
4898 char const *hardlinks = "no ";
4899 + char const *acls = "no ";
4900 char const *links = "no ";
4901 char const *ipv6 = "no ";
4902 STRUCT_STAT *dumstat;
4903 @@ -208,6 +210,10 @@ static void print_rsync_version(enum log
4907 +#ifdef SUPPORT_ACLS
4911 #ifdef SUPPORT_LINKS
4914 @@ -221,9 +227,9 @@ static void print_rsync_version(enum log
4915 rprintf(f, "Copyright (C) 1996-2006 by Andrew Tridgell, Wayne Davison, and others.\n");
4916 rprintf(f, "<http://rsync.samba.org/>\n");
4917 rprintf(f, "Capabilities: %d-bit files, %ssocketpairs, "
4918 - "%shard links, %ssymlinks, batchfiles,\n",
4919 + "%shard links, %sACLs, %ssymlinks, batchfiles,\n",
4920 (int) (sizeof (OFF_T) * 8),
4921 - got_socketpair, hardlinks, links);
4922 + got_socketpair, hardlinks, acls, links);
4924 /* Note that this field may not have type ino_t. It depends
4925 * on the complicated interaction between largefile feature
4926 @@ -293,6 +299,9 @@ void usage(enum logcode F)
4927 rprintf(F," -H, --hard-links preserve hard links\n");
4928 rprintf(F," -p, --perms preserve permissions\n");
4929 rprintf(F," -E, --executability preserve the file's executability\n");
4930 +#ifdef SUPPORT_ACLS
4931 + rprintf(F," -A, --acls preserve ACLs (implies --perms)\n");
4933 rprintf(F," --chmod=CHMOD change destination permissions\n");
4934 rprintf(F," -o, --owner preserve owner (super-user only)\n");
4935 rprintf(F," -g, --group preserve group\n");
4936 @@ -408,6 +417,9 @@ static struct poptOption long_options[]
4937 {"no-perms", 0, POPT_ARG_VAL, &preserve_perms, 0, 0, 0 },
4938 {"no-p", 0, POPT_ARG_VAL, &preserve_perms, 0, 0, 0 },
4939 {"executability", 'E', POPT_ARG_NONE, &preserve_executability, 0, 0, 0 },
4940 + {"acls", 'A', POPT_ARG_NONE, 0, 'A', 0, 0 },
4941 + {"no-acls", 0, POPT_ARG_VAL, &preserve_acls, 0, 0, 0 },
4942 + {"no-A", 0, POPT_ARG_VAL, &preserve_acls, 0, 0, 0 },
4943 {"times", 't', POPT_ARG_VAL, &preserve_times, 1, 0, 0 },
4944 {"no-times", 0, POPT_ARG_VAL, &preserve_times, 0, 0, 0 },
4945 {"no-t", 0, POPT_ARG_VAL, &preserve_times, 0, 0, 0 },
4946 @@ -1066,6 +1078,24 @@ int parse_arguments(int *argc, const cha
4951 +#ifdef SUPPORT_ACLS
4953 + preserve_perms = 1;
4956 + /* FIXME: this should probably be ignored with a
4957 + * warning and then countermeasures taken to
4958 + * restrict group and other access in the presence
4959 + * of any more restrictive ACLs, but this is safe
4961 + snprintf(err_buf,sizeof(err_buf),
4962 + "ACLs are not supported on this %s\n",
4963 + am_server ? "server" : "client");
4969 /* A large opt value means that set_refuse_options()
4970 * turned this option off. */
4971 @@ -1508,6 +1538,10 @@ void server_options(char **args,int *arg
4973 if (preserve_hard_links)
4975 +#ifdef SUPPORT_ACLS
4976 + if (preserve_acls)
4977 + argstr[x++] = 'A';
4984 @@ -46,6 +46,7 @@ extern int keep_partial;
4985 extern int checksum_seed;
4987 extern int delay_updates;
4988 +extern mode_t orig_umask;
4989 extern struct stats stats;
4990 extern char *log_format;
4991 extern char *tmpdir;
4992 @@ -344,6 +345,10 @@ int recv_files(int f_in, struct file_lis
4993 int itemizing = am_daemon ? daemon_log_format_has_i
4994 : !am_server && log_format_has_i;
4995 int max_phase = protocol_version >= 29 ? 2 : 1;
4996 + int dflt_perms = (ACCESSPERMS & ~orig_umask);
4997 +#ifdef SUPPORT_ACLS
4998 + char *parent_dirname = "";
5003 @@ -541,7 +546,16 @@ int recv_files(int f_in, struct file_lis
5004 * mode based on the local permissions and some heuristics. */
5005 if (!preserve_perms) {
5006 int exists = fd1 != -1;
5007 - file->mode = dest_mode(file->mode, st.st_mode, exists);
5008 +#ifdef SUPPORT_ACLS
5009 + char *dn = file->dirname ? file->dirname : ".";
5010 + if (parent_dirname != dn
5011 + && strcmp(parent_dirname, dn) != 0) {
5012 + dflt_perms = default_perms_for_dir(dn);
5013 + parent_dirname = dn;
5016 + file->mode = dest_mode(file->mode, st.st_mode,
5017 + dflt_perms, exists);
5020 /* We now check to see if we are writing file "inplace" */
5026 extern int daemon_log_format_has_i;
5027 +extern int preserve_acls;
5028 extern int preserve_perms;
5029 extern int preserve_executability;
5030 extern int preserve_times;
5031 @@ -101,7 +102,8 @@ void free_sums(struct sum_struct *s)
5033 /* This is only called when we aren't preserving permissions. Figure out what
5034 * the permissions should be and return them merged back into the mode. */
5035 -mode_t dest_mode(mode_t flist_mode, mode_t cur_mode, int exists)
5036 +mode_t dest_mode(mode_t flist_mode, mode_t cur_mode, int dflt_perms,
5039 /* If the file already exists, we'll return the local permissions,
5040 * possibly tweaked by the --executability option. */
5041 @@ -116,7 +118,7 @@ mode_t dest_mode(mode_t flist_mode, mode
5042 cur_mode |= (cur_mode & 0444) >> 2;
5045 - cur_mode = flist_mode & ACCESSPERMS & ~orig_umask;
5046 + cur_mode = flist_mode & ACCESSPERMS & dflt_perms;
5047 if (daemon_chmod_modes && !S_ISLNK(flist_mode))
5048 cur_mode = tweak_mode(cur_mode, daemon_chmod_modes);
5049 return (flist_mode & ~CHMOD_BITS) | (cur_mode & CHMOD_BITS);
5050 @@ -203,6 +205,17 @@ int set_file_attrs(char *fname, struct f
5054 +#ifdef SUPPORT_ACLS
5055 + /* It's OK to call set_acl() now, even for a dir, as the generator
5056 + * will enable owner-writability using chmod, if necessary.
5058 + * If set_acl changes permission bits in the process of setting
5059 + * an access ACL, it changes st->st_mode so we know whether we
5060 + * need to chmod. */
5061 + if (preserve_acls && set_acl(fname, file, &st->st_mode) == 0)
5066 if ((st->st_mode & CHMOD_BITS) != (file->mode & CHMOD_BITS)) {
5067 int ret = do_chmod(fname, file->mode);
5070 @@ -661,6 +661,20 @@ struct chmod_mode_struct;
5072 #define UNUSED(x) x __attribute__((__unused__))
5074 +#if HAVE_POSIX_ACLS|HAVE_UNIXWARE_ACLS|HAVE_SOLARIS_ACLS|\
5075 + HAVE_HPUX_ACLS|HAVE_IRIX_ACLS|HAVE_AIX_ACLS|HAVE_TRU64_ACLS
5076 +#define SUPPORT_ACLS 1
5079 +#if HAVE_UNIXWARE_ACLS|HAVE_SOLARIS_ACLS|HAVE_HPUX_ACLS
5080 +#define ACLS_NEED_MASK 1
5083 +#if defined SUPPORT_ACLS && defined HAVE_SYS_ACL_H
5084 +#include <sys/acl.h>
5086 +#include "smb_acls.h"
5090 /* We have replacement versions of these if they're missing. */
5093 @@ -321,6 +321,7 @@ to the detailed description below for a
5094 -H, --hard-links preserve hard links
5095 -p, --perms preserve permissions
5096 -E, --executability preserve executability
5097 + -A, --acls preserve ACLs (implies -p) [non-standard]
5098 --chmod=CHMOD change destination permissions
5099 -o, --owner preserve owner (super-user only)
5100 -g, --group preserve group
5101 @@ -742,7 +743,9 @@ quote(itemize(
5102 permissions, though the bf(--executability) option might change just
5103 the execute permission for the file.
5104 it() New files get their "normal" permission bits set to the source
5105 - file's permissions masked with the receiving end's umask setting, and
5106 + file's permissions masked with the receiving directory's default
5107 + permissions (either the receiving process's umask, or the permissions
5108 + specified via the destination directory's default ACL), and
5109 their special permission bits disabled except in the case where a new
5110 directory inherits a setgid bit from its parent directory.
5112 @@ -773,9 +776,11 @@ The preservation of the destination's se
5113 directories when bf(--perms) is off was added in rsync 2.6.7. Older rsync
5114 versions erroneously preserved the three special permission bits for
5115 newly-created files when bf(--perms) was off, while overriding the
5116 -destination's setgid bit setting on a newly-created directory. (Keep in
5117 -mind that it is the version of the receiving rsync that affects this
5119 +destination's setgid bit setting on a newly-created directory. Default ACL
5120 +observance was added to the ACL patch for rsync 2.6.7, so older (or
5121 +non-ACL-enabled) rsyncs use the umask even if default ACLs are present.
5122 +(Keep in mind that it is the version of the receiving rsync that affects
5125 dit(bf(-E, --executability)) This option causes rsync to preserve the
5126 executability (or non-executability) of regular files when bf(--perms) is
5127 @@ -793,6 +798,15 @@ quote(itemize(
5129 If bf(--perms) is enabled, this option is ignored.
5131 +dit(bf(-A, --acls)) This option causes rsync to update the destination
5132 +ACLs to be the same as the source ACLs. This nonstandard option only
5133 +works if the remote rsync also supports it. bf(--acls) implies bf(--perms).
5135 +Note also that an optimization of the ACL-sending protocol used by this
5136 +version makes it incompatible with sending files to an older ACL-enabled
5137 +rsync unless you double the bf(--acls) option (e.g. bf(-AA)). This
5138 +doubling is not needed when pulling files from an older rsync.
5140 dit(bf(--chmod)) This option tells rsync to apply one or more
5141 comma-separated "chmod" strings to the permission of the files in the
5142 transfer. The resulting value is treated as though it was the permissions
5147 + Unix SMB/Netbios implementation.
5149 + Portable SMB ACL interface
5150 + Copyright (C) Jeremy Allison 2000
5152 + This program is free software; you can redistribute it and/or modify
5153 + it under the terms of the GNU General Public License as published by
5154 + the Free Software Foundation; either version 2 of the License, or
5155 + (at your option) any later version.
5157 + This program is distributed in the hope that it will be useful,
5158 + but WITHOUT ANY WARRANTY; without even the implied warranty of
5159 + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
5160 + GNU General Public License for more details.
5162 + You should have received a copy of the GNU General Public License
5163 + along with this program; if not, write to the Free Software
5164 + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
5167 +#ifndef _SMB_ACLS_H
5168 +#define _SMB_ACLS_H
5170 +#if defined HAVE_POSIX_ACLS
5172 +/* This is an identity mapping (just remove the SMB_). */
5174 +#define SMB_ACL_TAG_T acl_tag_t
5175 +#define SMB_ACL_TYPE_T acl_type_t
5176 +#define SMB_ACL_PERMSET_T acl_permset_t
5177 +#define SMB_ACL_PERM_T acl_perm_t
5178 +#define SMB_ACL_READ ACL_READ
5179 +#define SMB_ACL_WRITE ACL_WRITE
5180 +#define SMB_ACL_EXECUTE ACL_EXECUTE
5182 +/* Types of ACLs. */
5183 +#define SMB_ACL_USER ACL_USER
5184 +#define SMB_ACL_USER_OBJ ACL_USER_OBJ
5185 +#define SMB_ACL_GROUP ACL_GROUP
5186 +#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ
5187 +#define SMB_ACL_OTHER ACL_OTHER
5188 +#define SMB_ACL_MASK ACL_MASK
5190 +#define SMB_ACL_T acl_t
5192 +#define SMB_ACL_ENTRY_T acl_entry_t
5194 +#define SMB_ACL_FIRST_ENTRY ACL_FIRST_ENTRY
5195 +#define SMB_ACL_NEXT_ENTRY ACL_NEXT_ENTRY
5197 +#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS
5198 +#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT
5200 +#elif defined HAVE_TRU64_ACLS
5202 +/* This is for DEC/Compaq Tru64 UNIX */
5204 +#define SMB_ACL_TAG_T acl_tag_t
5205 +#define SMB_ACL_TYPE_T acl_type_t
5206 +#define SMB_ACL_PERMSET_T acl_permset_t
5207 +#define SMB_ACL_PERM_T acl_perm_t
5208 +#define SMB_ACL_READ ACL_READ
5209 +#define SMB_ACL_WRITE ACL_WRITE
5210 +#define SMB_ACL_EXECUTE ACL_EXECUTE
5212 +/* Types of ACLs. */
5213 +#define SMB_ACL_USER ACL_USER
5214 +#define SMB_ACL_USER_OBJ ACL_USER_OBJ
5215 +#define SMB_ACL_GROUP ACL_GROUP
5216 +#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ
5217 +#define SMB_ACL_OTHER ACL_OTHER
5218 +#define SMB_ACL_MASK ACL_MASK
5220 +#define SMB_ACL_T acl_t
5222 +#define SMB_ACL_ENTRY_T acl_entry_t
5224 +#define SMB_ACL_FIRST_ENTRY 0
5225 +#define SMB_ACL_NEXT_ENTRY 1
5227 +#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS
5228 +#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT
5230 +#elif defined HAVE_UNIXWARE_ACLS || defined HAVE_SOLARIS_ACLS
5232 + * Donated by Michael Davidson <md@sco.COM> for UnixWare / OpenUNIX.
5233 + * Modified by Toomas Soome <tsoome@ut.ee> for Solaris.
5236 +/* SVR4.2 ES/MP ACLs */
5237 +typedef int SMB_ACL_TAG_T;
5238 +typedef int SMB_ACL_TYPE_T;
5239 +typedef ushort *SMB_ACL_PERMSET_T;
5240 +typedef ushort SMB_ACL_PERM_T;
5241 +#define SMB_ACL_READ 4
5242 +#define SMB_ACL_WRITE 2
5243 +#define SMB_ACL_EXECUTE 1
5245 +/* Types of ACLs. */
5246 +#define SMB_ACL_USER USER
5247 +#define SMB_ACL_USER_OBJ USER_OBJ
5248 +#define SMB_ACL_GROUP GROUP
5249 +#define SMB_ACL_GROUP_OBJ GROUP_OBJ
5250 +#define SMB_ACL_OTHER OTHER_OBJ
5251 +#define SMB_ACL_MASK CLASS_OBJ
5253 +typedef struct SMB_ACL_T {
5257 + struct acl acl[1];
5260 +typedef struct acl *SMB_ACL_ENTRY_T;
5262 +#define SMB_ACL_FIRST_ENTRY 0
5263 +#define SMB_ACL_NEXT_ENTRY 1
5265 +#define SMB_ACL_TYPE_ACCESS 0
5266 +#define SMB_ACL_TYPE_DEFAULT 1
5269 +#define SMB_ACL_LOSES_SPECIAL_MODE_BITS
5272 +#elif defined HAVE_HPUX_ACLS
5275 + * Based on the Solaris & UnixWare code.
5279 +#include <sys/aclv.h>
5281 +/* SVR4.2 ES/MP ACLs */
5282 +typedef int SMB_ACL_TAG_T;
5283 +typedef int SMB_ACL_TYPE_T;
5284 +typedef ushort *SMB_ACL_PERMSET_T;
5285 +typedef ushort SMB_ACL_PERM_T;
5286 +#define SMB_ACL_READ 4
5287 +#define SMB_ACL_WRITE 2
5288 +#define SMB_ACL_EXECUTE 1
5290 +/* Types of ACLs. */
5291 +#define SMB_ACL_USER USER
5292 +#define SMB_ACL_USER_OBJ USER_OBJ
5293 +#define SMB_ACL_GROUP GROUP
5294 +#define SMB_ACL_GROUP_OBJ GROUP_OBJ
5295 +#define SMB_ACL_OTHER OTHER_OBJ
5296 +#define SMB_ACL_MASK CLASS_OBJ
5298 +typedef struct SMB_ACL_T {
5302 + struct acl acl[1];
5305 +typedef struct acl *SMB_ACL_ENTRY_T;
5307 +#define SMB_ACL_FIRST_ENTRY 0
5308 +#define SMB_ACL_NEXT_ENTRY 1
5310 +#define SMB_ACL_TYPE_ACCESS 0
5311 +#define SMB_ACL_TYPE_DEFAULT 1
5313 +#elif defined HAVE_IRIX_ACLS
5315 +#define SMB_ACL_TAG_T acl_tag_t
5316 +#define SMB_ACL_TYPE_T acl_type_t
5317 +#define SMB_ACL_PERMSET_T acl_permset_t
5318 +#define SMB_ACL_PERM_T acl_perm_t
5319 +#define SMB_ACL_READ ACL_READ
5320 +#define SMB_ACL_WRITE ACL_WRITE
5321 +#define SMB_ACL_EXECUTE ACL_EXECUTE
5323 +/* Types of ACLs. */
5324 +#define SMB_ACL_USER ACL_USER
5325 +#define SMB_ACL_USER_OBJ ACL_USER_OBJ
5326 +#define SMB_ACL_GROUP ACL_GROUP
5327 +#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ
5328 +#define SMB_ACL_OTHER ACL_OTHER_OBJ
5329 +#define SMB_ACL_MASK ACL_MASK
5331 +typedef struct SMB_ACL_T {
5337 +#define SMB_ACL_ENTRY_T acl_entry_t
5339 +#define SMB_ACL_FIRST_ENTRY 0
5340 +#define SMB_ACL_NEXT_ENTRY 1
5342 +#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS
5343 +#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT
5345 +#elif defined HAVE_AIX_ACLS
5347 +/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
5349 +#include "/usr/include/acl.h"
5351 +typedef uint *SMB_ACL_PERMSET_T;
5353 +struct acl_entry_link{
5354 + struct acl_entry_link *prevp;
5355 + struct new_acl_entry *entryp;
5356 + struct acl_entry_link *nextp;
5360 +struct new_acl_entry{
5361 + unsigned short ace_len;
5362 + unsigned short ace_type;
5363 + unsigned int ace_access;
5364 + struct ace_id ace_id[1];
5367 +#define SMB_ACL_ENTRY_T struct new_acl_entry*
5368 +#define SMB_ACL_T struct acl_entry_link*
5370 +#define SMB_ACL_TAG_T unsigned short
5371 +#define SMB_ACL_TYPE_T int
5372 +#define SMB_ACL_PERM_T uint
5373 +#define SMB_ACL_READ S_IRUSR
5374 +#define SMB_ACL_WRITE S_IWUSR
5375 +#define SMB_ACL_EXECUTE S_IXUSR
5377 +/* Types of ACLs. */
5378 +#define SMB_ACL_USER ACEID_USER
5379 +#define SMB_ACL_USER_OBJ 3
5380 +#define SMB_ACL_GROUP ACEID_GROUP
5381 +#define SMB_ACL_GROUP_OBJ 4
5382 +#define SMB_ACL_OTHER 5
5383 +#define SMB_ACL_MASK 6
5386 +#define SMB_ACL_FIRST_ENTRY 1
5387 +#define SMB_ACL_NEXT_ENTRY 2
5389 +#define SMB_ACL_TYPE_ACCESS 0
5390 +#define SMB_ACL_TYPE_DEFAULT 1
5392 +#else /* No ACLs. */
5394 +/* No ACLS - fake it. */
5395 +#define SMB_ACL_TAG_T int
5396 +#define SMB_ACL_TYPE_T int
5397 +#define SMB_ACL_PERMSET_T mode_t
5398 +#define SMB_ACL_PERM_T mode_t
5399 +#define SMB_ACL_READ S_IRUSR
5400 +#define SMB_ACL_WRITE S_IWUSR
5401 +#define SMB_ACL_EXECUTE S_IXUSR
5403 +/* Types of ACLs. */
5404 +#define SMB_ACL_USER 0
5405 +#define SMB_ACL_USER_OBJ 1
5406 +#define SMB_ACL_GROUP 2
5407 +#define SMB_ACL_GROUP_OBJ 3
5408 +#define SMB_ACL_OTHER 4
5409 +#define SMB_ACL_MASK 5
5411 +typedef struct SMB_ACL_T {
5415 +typedef struct SMB_ACL_ENTRY_T {
5417 +} *SMB_ACL_ENTRY_T;
5419 +#define SMB_ACL_FIRST_ENTRY 0
5420 +#define SMB_ACL_NEXT_ENTRY 1
5422 +#define SMB_ACL_TYPE_ACCESS 0
5423 +#define SMB_ACL_TYPE_DEFAULT 1
5425 +#endif /* No ACLs. */
5426 +#endif /* _SMB_ACLS_H */
5427 --- old/testsuite/acls.test
5428 +++ new/testsuite/acls.test
5432 +# This program is distributable under the terms of the GNU GPL (see
5435 +# Test that rsync handles basic ACL preservation.
5437 +. $srcdir/testsuite/rsync.fns
5439 +$RSYNC --version | grep ", ACLs" >/dev/null || test_skipped "Rsync is configured without ACL support"
5440 +case "$setfacl_nodef" in
5441 +true) test_skipped "I don't know how to use your setfacl command" ;;
5444 +makepath "$fromdir/foo"
5445 +echo something >"$fromdir/file1"
5446 +echo else >"$fromdir/file2"
5448 +files='foo file1 file2'
5450 +setfacl -m u:0:7 "$fromdir/foo" || test_skipped "Your filesystem has ACLs disabled"
5451 +setfacl -m u:0:5 "$fromdir/file1"
5452 +setfacl -m u:0:5 "$fromdir/file2"
5454 +$RSYNC -avvA "$fromdir/" "$todir/"
5457 +getfacl $files >"$scratchdir/acls.txt"
5460 +getfacl $files | diff $diffopt "$scratchdir/acls.txt" -
5462 +# The script would have aborted on error, so getting here means we've won.
5464 --- old/testsuite/default-acls.test
5465 +++ new/testsuite/default-acls.test
5469 +# This program is distributable under the terms of the GNU GPL (see
5472 +# Test that rsync obeys default ACLs. -- Matt McCutchen
5474 +. $srcdir/testsuite/rsync.fns
5476 +$RSYNC --version | grep ", ACLs" >/dev/null || test_skipped "Rsync is configured without ACL support"
5477 +case "$setfacl_nodef" in
5478 +true) test_skipped "I don't know how to use your setfacl command" ;;
5479 +*-k*) opts='-dm u::7,g::5,o:5' ;;
5480 +*) opts='-m d:u::7,d:g::5,d:o:5' ;;
5482 +setfacl $opts "$scratchdir" || test_skipped "Your filesystem has ACLs disabled"
5484 +# Call as: testit <dirname> <default-acl> <file-expected> <program-expected>
5486 + todir="$scratchdir/$1"
5488 + $setfacl_nodef "$todir"
5490 + case "$setfacl_nodef" in
5491 + *-k*) opts="-dm $2" ;;
5492 + *) opts="-m `echo $2 | sed 's/\([ugom]:\)/d:\1/g'`"
5494 + setfacl $opts "$todir"
5496 + # Make sure we obey ACLs when creating a directory to hold multiple transferred files,
5497 + # even though the directory itself is outside the transfer
5498 + $RSYNC -rvv "$scratchdir/dir" "$scratchdir/file" "$scratchdir/program" "$todir/to/"
5499 + check_perms "$todir/to" $4 "Target $1"
5500 + check_perms "$todir/to/dir" $4 "Target $1"
5501 + check_perms "$todir/to/file" $3 "Target $1"
5502 + check_perms "$todir/to/program" $4 "Target $1"
5503 + # Make sure get_local_name doesn't mess us up when transferring only one file
5504 + $RSYNC -rvv "$scratchdir/file" "$todir/to/anotherfile"
5505 + check_perms "$todir/to/anotherfile" $3 "Target $1"
5506 + # Make sure we obey default ACLs when not transferring a regular file
5507 + $RSYNC -rvv "$scratchdir/dir/" "$todir/to/anotherdir/"
5508 + check_perms "$todir/to/anotherdir" $4 "Target $1"
5511 +mkdir "$scratchdir/dir"
5512 +echo "File!" >"$scratchdir/file"
5513 +echo "#!/bin/sh" >"$scratchdir/program"
5514 +chmod 777 "$scratchdir/dir"
5515 +chmod 666 "$scratchdir/file"
5516 +chmod 777 "$scratchdir/program"
5518 +# Test some target directories
5520 +testit da777 u::7,g::7,o:7 rw-rw-rw- rwxrwxrwx
5521 +testit da775 u::7,g::7,o:5 rw-rw-r-- rwxrwxr-x
5522 +testit da750 u::7,g::5,o:0 rw-r----- rwxr-x---
5523 +testit da770mask u::7,u:0:7,g::0,m:7,o:0 rw-rw---- rwxrwx---
5524 +testit noda1 '' rw------- rwx------
5526 +testit noda2 '' rw-rw-rw- rwxrwxrwx
5528 +testit noda3 '' rw-r--r-- rwxr-xr-x
5536 extern int preserve_uid;
5537 extern int preserve_gid;
5538 +extern int preserve_acls;
5539 extern int numeric_ids;
5542 @@ -274,7 +275,7 @@ void send_uid_list(int f)
5546 - if (preserve_uid) {
5547 + if (preserve_uid || preserve_acls) {
5549 /* we send sequences of uid/byte-length/name */
5550 for (list = uidlist; list; list = list->next) {
5551 @@ -291,7 +292,7 @@ void send_uid_list(int f)
5555 - if (preserve_gid) {
5556 + if (preserve_gid || preserve_acls) {
5558 for (list = gidlist; list; list = list->next) {
5560 @@ -312,7 +313,7 @@ void recv_uid_list(int f, struct file_li
5564 - if (preserve_uid && !numeric_ids) {
5565 + if ((preserve_uid || preserve_acls) && !numeric_ids) {
5566 /* read the uid list */
5567 while ((id = read_int(f)) != 0) {
5568 int len = read_byte(f);
5569 @@ -324,7 +325,7 @@ void recv_uid_list(int f, struct file_li
5573 - if (preserve_gid && !numeric_ids) {
5574 + if ((preserve_gid || preserve_acls) && !numeric_ids) {
5575 /* read the gid list */
5576 while ((id = read_int(f)) != 0) {
5577 int len = read_byte(f);
5578 @@ -336,6 +337,16 @@ void recv_uid_list(int f, struct file_li
5582 +#ifdef SUPPORT_ACLS
5583 + if (preserve_acls && !numeric_ids) {
5585 + while ((id = next_acl_uid(flist)) != NULL)
5586 + *id = match_uid(*id);
5587 + while ((id = next_acl_gid(flist)) != NULL)
5588 + *id = match_gid(*id);
5592 /* Now convert all the uids/gids from sender values to our values. */
5593 if (am_root && preserve_uid && !numeric_ids) {
5594 for (i = 0; i < flist->count; i++)