1 After applying this patch, run these commands for a successful build:
4 ./configure --enable-acl-support
7 See the --acls (-A) option in the revised man page for a note on using this
8 latest ACL-enabling patch to send files to an older ACL-enabled rsync.
10 This code does not yet itemize changes in ACL information (see --itemize).
14 @@ -25,15 +25,15 @@ VERSION=@VERSION@
18 -HEADERS=byteorder.h config.h errcode.h proto.h rsync.h lib/pool_alloc.h
19 +HEADERS=byteorder.h config.h errcode.h proto.h rsync.h smb_acls.h lib/pool_alloc.h
20 LIBOBJ=lib/wildmatch.o lib/compat.o lib/snprintf.o lib/mdfour.o \
21 - lib/permstring.o lib/pool_alloc.o @LIBOBJS@
22 + lib/permstring.o lib/pool_alloc.o lib/sysacls.o @LIBOBJS@
23 ZLIBOBJ=zlib/deflate.o zlib/inffast.o zlib/inflate.o zlib/inftrees.o \
24 zlib/trees.o zlib/zutil.o zlib/adler32.o zlib/compress.o zlib/crc32.o
25 OBJS1=rsync.o generator.o receiver.o cleanup.o sender.o exclude.o util.o \
26 main.o checksum.o match.o syscall.o log.o backup.o
27 OBJS2=options.o flist.o io.o compat.o hlink.o token.o uidlist.o socket.o \
28 - fileio.o batch.o clientname.o chmod.o
29 + fileio.o batch.o clientname.o chmod.o acls.o
30 OBJS3=progress.o pipe.o
31 DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o
32 popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \
36 +/* -*- c-file-style: "linux" -*-
37 + Copyright (C) Andrew Tridgell 1996
38 + Copyright (C) Paul Mackerras 1996
39 + Copyright (C) Matt McCutchen 2006
40 + Copyright (C) Wayne Davison 2006
42 + This program is free software; you can redistribute it and/or modify
43 + it under the terms of the GNU General Public License as published by
44 + the Free Software Foundation; either version 2 of the License, or
45 + (at your option) any later version.
47 + This program is distributed in the hope that it will be useful,
48 + but WITHOUT ANY WARRANTY; without even the implied warranty of
49 + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
50 + GNU General Public License for more details.
52 + You should have received a copy of the GNU General Public License
53 + along with this program; if not, write to the Free Software
54 + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
57 +/* handle passing ACLs between systems */
60 +#include "lib/sysacls.h"
66 +extern int orig_umask;
67 +extern int preserve_acls;
80 +#define ACL_NO_ENTRY ((uchar)0x80)
84 + /* These will be ACL_NO_ENTRY if there's no such entry. */
91 +static const rsync_acl rsync_acl_initializer = {
92 + {0, 0, NULL}, {0, 0, NULL},
93 + ACL_NO_ENTRY, ACL_NO_ENTRY, ACL_NO_ENTRY, ACL_NO_ENTRY
96 +#define OTHER_TYPE(t) (SMB_ACL_TYPE_ACCESS+SMB_ACL_TYPE_DEFAULT-(t))
97 +#define BUMP_TYPE(t) ((t = OTHER_TYPE(t)) == SMB_ACL_TYPE_DEFAULT)
99 +/* a few useful calculations */
101 +static int count_racl_entries(const rsync_acl *racl)
103 + return racl->users.count + racl->groups.count
104 + + (racl->user_obj != ACL_NO_ENTRY)
105 + + (racl->group_obj != ACL_NO_ENTRY)
106 + + (racl->mask != ACL_NO_ENTRY)
107 + + (racl->other != ACL_NO_ENTRY);
110 +static int calc_sacl_entries(const rsync_acl *racl)
112 + return racl->users.count + racl->groups.count
113 +#ifdef ACLS_NEED_MASK
116 + + (racl->mask != ACL_NO_ENTRY) + 3;
120 +static int rsync_acl_get_perms(const rsync_acl *racl)
122 + /* Note that (ACL_NO_ENTRY & 7) is 0. */
123 + return ((racl->user_obj & 7) << 6)
124 + + (((racl->mask != ACL_NO_ENTRY ? racl->mask : racl->group_obj) & 7) << 3)
125 + + (racl->other & 7);
128 +static void rsync_acl_strip_perms(rsync_acl *racl)
130 + racl->user_obj = ACL_NO_ENTRY;
131 + if (racl->mask == ACL_NO_ENTRY)
132 + racl->group_obj = ACL_NO_ENTRY;
134 + racl->mask = ACL_NO_ENTRY;
135 + racl->other = ACL_NO_ENTRY;
138 +static void expand_ida_list(ida_list *idal)
140 + /* First time through, 0 <= 0, so list is expanded. */
141 + if (idal->malloced <= idal->count) {
142 + id_access *new_ptr;
143 + size_t new_size = idal->malloced + 10;
144 + new_ptr = realloc_array(idal->idas, id_access, new_size);
145 + if (verbose >= 4) {
146 + rprintf(FINFO, "expand rsync_acl to %.0f bytes, did%s move\n",
147 + (double) new_size * sizeof idal->idas[0],
148 + idal->idas ? "" : " not");
151 + idal->idas = new_ptr;
152 + idal->malloced = new_size;
155 + out_of_memory("expand_ida_list");
159 +static void ida_list_free(ida_list *idal)
164 + idal->malloced = 0;
167 +static void rsync_acl_free(rsync_acl *racl)
169 + ida_list_free(&racl->users);
170 + ida_list_free(&racl->groups);
173 +static int id_access_sorter(const void *r1, const void *r2)
175 + id_access *ida1 = (id_access *)r1;
176 + id_access *ida2 = (id_access *)r2;
177 + id_t rid1 = ida1->id, rid2 = ida2->id;
178 + return rid1 == rid2 ? 0 : rid1 < rid2 ? -1 : 1;
181 +static void sort_ida_list(ida_list *idal)
185 + qsort((void **)idal->idas, idal->count, sizeof idal->idas[0],
186 + &id_access_sorter);
189 +static BOOL unpack_smb_acl(rsync_acl *racl, SMB_ACL_T sacl)
191 + SMB_ACL_ENTRY_T entry;
192 + const char *errfun;
195 + *racl = rsync_acl_initializer;
196 + errfun = "sys_acl_get_entry";
197 + for (rc = sys_acl_get_entry(sacl, SMB_ACL_FIRST_ENTRY, &entry);
199 + rc = sys_acl_get_entry(sacl, SMB_ACL_NEXT_ENTRY, &entry)) {
200 + SMB_ACL_TAG_T tag_type;
201 + SMB_ACL_PERMSET_T permset;
206 + if ((rc = sys_acl_get_tag_type(entry, &tag_type))) {
207 + errfun = "sys_acl_get_tag_type";
210 + if ((rc = sys_acl_get_permset(entry, &permset))) {
211 + errfun = "sys_acl_get_tag_type";
214 + access = (sys_acl_get_perm(permset, SMB_ACL_READ) ? 4 : 0)
215 + | (sys_acl_get_perm(permset, SMB_ACL_WRITE) ? 2 : 0)
216 + | (sys_acl_get_perm(permset, SMB_ACL_EXECUTE) ? 1 : 0);
217 + /* continue == done with entry; break == store in given idal */
218 + switch (tag_type) {
219 + case SMB_ACL_USER_OBJ:
220 + if (racl->user_obj == ACL_NO_ENTRY)
221 + racl->user_obj = access;
223 + rprintf(FINFO, "unpack_smb_acl: warning: duplicate USER_OBJ entry ignored\n");
226 + idal = &racl->users;
228 + case SMB_ACL_GROUP_OBJ:
229 + if (racl->group_obj == ACL_NO_ENTRY)
230 + racl->group_obj = access;
232 + rprintf(FINFO, "unpack_smb_acl: warning: duplicate GROUP_OBJ entry ignored\n");
234 + case SMB_ACL_GROUP:
235 + idal = &racl->groups;
238 + if (racl->mask == ACL_NO_ENTRY)
239 + racl->mask = access;
241 + rprintf(FINFO, "unpack_smb_acl: warning: duplicate MASK entry ignored\n");
243 + case SMB_ACL_OTHER:
244 + if (racl->other == ACL_NO_ENTRY)
245 + racl->other = access;
247 + rprintf(FINFO, "unpack_smb_acl: warning: duplicate OTHER entry ignored\n");
250 + rprintf(FINFO, "unpack_smb_acl: warning: entry with unrecognized tag type ignored\n");
253 + if (!(qualifier = sys_acl_get_qualifier(entry))) {
254 + errfun = "sys_acl_get_tag_type";
258 + expand_ida_list(idal);
259 + ida = &idal->idas[idal->count++];
260 + ida->id = *((id_t *)qualifier);
261 + ida->access = access;
262 + sys_acl_free_qualifier(qualifier, tag_type);
265 + rprintf(FERROR, "unpack_smb_acl: %s(): %s\n",
266 + errfun, strerror(errno));
267 + rsync_acl_free(racl);
271 + sort_ida_list(&racl->users);
272 + sort_ida_list(&racl->groups);
277 +static BOOL ida_lists_equal(const ida_list *ial1, const ida_list *ial2)
279 + id_access *ida1, *ida2;
280 + size_t count = ial1->count;
281 + if (count != ial2->count)
285 + for (; count--; ida1++, ida2++) {
286 + if (ida1->access != ida2->access || ida1->id != ida2->id)
292 +static BOOL rsync_acls_equal(const rsync_acl *racl1, const rsync_acl *racl2)
294 + return (racl1->user_obj == racl2->user_obj
295 + && racl1->group_obj == racl2->group_obj
296 + && racl1->mask == racl2->mask
297 + && racl1->other == racl2->other
298 + && ida_lists_equal(&racl1->users, &racl2->users)
299 + && ida_lists_equal(&racl1->groups, &racl2->groups));
302 +static BOOL rsync_acl_extended_parts_equal(const rsync_acl *racl1, const rsync_acl *racl2)
304 + /* We ignore any differences that chmod() can take care of. */
305 + if ((racl1->mask ^ racl2->mask) & ACL_NO_ENTRY)
307 + if (racl1->mask != ACL_NO_ENTRY && racl1->group_obj != racl2->group_obj)
309 + return ida_lists_equal(&racl1->users, &racl2->users)
310 + && ida_lists_equal(&racl1->groups, &racl2->groups);
319 +static rsync_acl_list _rsync_acl_lists[] = {
320 + { 0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */
321 + { 0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */
324 +static inline rsync_acl_list *rsync_acl_lists(SMB_ACL_TYPE_T type)
326 + return &_rsync_acl_lists[type != SMB_ACL_TYPE_ACCESS];
329 +static void expand_rsync_acl_list(rsync_acl_list *racl_list)
331 + /* First time through, 0 <= 0, so list is expanded. */
332 + if (racl_list->malloced <= racl_list->count) {
333 + rsync_acl *new_ptr;
335 + if (racl_list->malloced < 1000)
336 + new_size = racl_list->malloced + 1000;
338 + new_size = racl_list->malloced * 2;
339 + new_ptr = realloc_array(racl_list->racls, rsync_acl, new_size);
340 + if (verbose >= 3) {
341 + rprintf(FINFO, "expand_rsync_acl_list to %.0f bytes, did%s move\n",
342 + (double) new_size * sizeof racl_list->racls[0],
343 + racl_list->racls ? "" : " not");
346 + racl_list->racls = new_ptr;
347 + racl_list->malloced = new_size;
349 + if (!racl_list->racls)
350 + out_of_memory("expand_rsync_acl_list");
354 +static int find_matching_rsync_acl(SMB_ACL_TYPE_T type,
355 + const rsync_acl_list *racl_list,
356 + const rsync_acl *racl)
358 + static int access_match = -1, default_match = -1;
359 + int *match = type == SMB_ACL_TYPE_ACCESS ? &access_match : &default_match;
360 + size_t count = racl_list->count;
362 + /* If this is the first time through or we didn't match the last
363 + * time, then start at the end of the list, which should be the
364 + * best place to start hunting. */
366 + *match = racl_list->count - 1;
368 + if (rsync_acls_equal(&racl_list->racls[*match], racl))
371 + *match = racl_list->count - 1;
378 +/* The general strategy with the tag_type <-> character mapping is that
379 + * lowercase implies that no qualifier follows, where uppercase does.
380 + * A similar idiom for the acl type (access or default) itself, but
381 + * lowercase in this instance means there's no ACL following, so the
382 + * ACL is a repeat, so the receiver should reuse the last of the same
384 +static void send_ida_list(int f, const ida_list *idal, char tag_char)
387 + size_t count = idal->count;
388 + for (ida = idal->idas; count--; ida++) {
389 + write_byte(f, tag_char);
390 + write_byte(f, ida->access);
391 + write_int(f, ida->id);
392 + /* FIXME: sorta wasteful: we should maybe buffer as
393 + * many ids as max(ACL_USER + ACL_GROUP) objects to
394 + * keep from making so many calls. */
395 + if (tag_char == 'U')
402 +static void send_rsync_acl(int f, const rsync_acl *racl)
404 + size_t count = count_racl_entries(racl);
405 + write_int(f, count);
406 + if (racl->user_obj != ACL_NO_ENTRY) {
407 + write_byte(f, 'u');
408 + write_byte(f, racl->user_obj);
410 + send_ida_list(f, &racl->users, 'U');
411 + if (racl->group_obj != ACL_NO_ENTRY) {
412 + write_byte(f, 'g');
413 + write_byte(f, racl->group_obj);
415 + send_ida_list(f, &racl->groups, 'G');
416 + if (racl->mask != ACL_NO_ENTRY) {
417 + write_byte(f, 'm');
418 + write_byte(f, racl->mask);
420 + if (racl->other != ACL_NO_ENTRY) {
421 + write_byte(f, 'o');
422 + write_byte(f, racl->other);
426 +static rsync_acl _curr_rsync_acls[2];
428 +static const char *str_acl_type(SMB_ACL_TYPE_T type)
430 + return type == SMB_ACL_TYPE_ACCESS ? "SMB_ACL_TYPE_ACCESS"
431 + : type == SMB_ACL_TYPE_DEFAULT ? "SMB_ACL_TYPE_DEFAULT"
432 + : "unknown SMB_ACL_TYPE_T";
435 +/* Generate the ACL(s) for this flist entry;
436 + * ACL(s) are either sent or cleaned-up by send_acl() below. */
437 +int make_acl(const struct file_struct *file, const char *fname)
439 + SMB_ACL_TYPE_T type;
440 + rsync_acl *curr_racl;
442 + if (S_ISLNK(file->mode))
445 + curr_racl = &_curr_rsync_acls[0];
446 + type = SMB_ACL_TYPE_ACCESS;
450 + if ((sacl = sys_acl_get_file(fname, type)) != 0) {
451 + ok = unpack_smb_acl(curr_racl, sacl);
452 + sys_acl_free_acl(sacl);
455 + /* Avoid sending a redundant group/mask value. */
456 + if (curr_racl->group_obj == curr_racl->mask
457 + && (preserve_acls == 1
458 + || (!curr_racl->users.count
459 + && !curr_racl->groups.count)))
460 + curr_racl->mask = ACL_NO_ENTRY;
461 + /* Strip access ACLs of permission-bit entries. */
462 + if (type == SMB_ACL_TYPE_ACCESS && preserve_acls == 1)
463 + rsync_acl_strip_perms(curr_racl);
464 + } else if (errno == ENOTSUP) {
465 + /* ACLs are not supported. Leave list empty. */
466 + *curr_racl = rsync_acl_initializer;
468 + rprintf(FERROR, "send_acl: sys_acl_get_file(%s, %s): %s\n",
469 + fname, str_acl_type(type), strerror(errno));
473 + } while (BUMP_TYPE(type) && S_ISDIR(file->mode));
478 +/* Send the make_acl()-generated ACLs for this flist entry,
479 + * or clean up after an flist entry that's not being sent (f == -1). */
480 +void send_acl(const struct file_struct *file, int f)
482 + SMB_ACL_TYPE_T type;
483 + rsync_acl *curr_racl;
485 + if (S_ISLNK(file->mode))
488 + curr_racl = &_curr_rsync_acls[0];
489 + type = SMB_ACL_TYPE_ACCESS;
492 + rsync_acl_list *racl_list = rsync_acl_lists(type);
494 + rsync_acl_free(curr_racl);
497 + if ((index = find_matching_rsync_acl(type, racl_list, curr_racl))
499 + write_byte(f, type == SMB_ACL_TYPE_ACCESS ? 'a' : 'd');
500 + write_int(f, index);
501 + rsync_acl_free(curr_racl);
503 + write_byte(f, type == SMB_ACL_TYPE_ACCESS ? 'A' : 'D');
504 + send_rsync_acl(f, curr_racl);
505 + expand_rsync_acl_list(racl_list);
506 + racl_list->racls[racl_list->count++] = *curr_racl;
509 + } while (BUMP_TYPE(type) && S_ISDIR(file->mode));
512 +/* The below stuff is only used by the receiver: */
514 +/* structure to hold index to rsync_acl_list member corresponding to
515 + * flist->files[i] */
518 + const struct file_struct *file;
525 + file_acl_index *fais;
526 +} file_acl_index_list;
528 +static file_acl_index_list _file_acl_index_lists[] = {
529 + {0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */
530 + {0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */
533 +static inline file_acl_index_list *file_acl_index_lists(SMB_ACL_TYPE_T type)
535 + return &_file_acl_index_lists[type != SMB_ACL_TYPE_ACCESS];
538 +static void expand_file_acl_index_list(file_acl_index_list *flst)
540 + /* First time through, 0 <= 0, so list is expanded. */
541 + if (flst->malloced <= flst->count) {
542 + file_acl_index *new_ptr;
545 + if (flst->malloced < 1000)
546 + new_size = flst->malloced + 1000;
548 + new_size = flst->malloced * 2;
549 + new_ptr = realloc_array(flst->fais, file_acl_index, new_size);
550 + if (verbose >= 3) {
551 + rprintf(FINFO, "expand_file_acl_index_list to %.0f bytes, did%s move\n",
552 + (double) new_size * sizeof flst->fais[0],
553 + flst->fais ? "" : " not");
556 + flst->fais = new_ptr;
557 + flst->malloced = new_size;
560 + out_of_memory("expand_file_acl_index_list");
564 +/* lists to hold the SMB_ACL_Ts corresponding to the rsync_acl_list entries */
572 +static smb_acl_list _smb_acl_lists[] = {
573 + { 0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */
574 + { 0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */
577 +static inline smb_acl_list *smb_acl_lists(SMB_ACL_TYPE_T type)
579 + return &_smb_acl_lists[type != SMB_ACL_TYPE_ACCESS];
582 +static void expand_smb_acl_list(smb_acl_list *sacl_list)
584 + /* First time through, 0 <= 0, so list is expanded. */
585 + if (sacl_list->malloced <= sacl_list->count) {
586 + SMB_ACL_T *new_ptr;
588 + if (sacl_list->malloced < 1000)
589 + new_size = sacl_list->malloced + 1000;
591 + new_size = sacl_list->malloced * 2;
592 + new_ptr = realloc_array(sacl_list->sacls, SMB_ACL_T, new_size);
593 + if (verbose >= 3) {
594 + rprintf(FINFO, "expand_smb_acl_list to %.0f bytes, did%s move\n",
595 + (double) new_size * sizeof sacl_list->sacls[0],
596 + sacl_list->sacls ? "" : " not");
599 + sacl_list->sacls = new_ptr;
600 + sacl_list->malloced = new_size;
602 + if (!sacl_list->sacls)
603 + out_of_memory("expand_smb_acl_list");
607 +#define CALL_OR_ERROR(func,args,str) \
615 +#define COE(func,args) CALL_OR_ERROR(func,args,#func)
616 +#define COE2(func,args) CALL_OR_ERROR(func,args,NULL)
618 +static int store_access_in_entry(uchar access, SMB_ACL_ENTRY_T entry)
620 + const char *errfun = NULL;
621 + SMB_ACL_PERMSET_T permset;
623 + COE( sys_acl_get_permset,(entry, &permset) );
624 + COE( sys_acl_clear_perms,(permset) );
626 + COE( sys_acl_add_perm,(permset, SMB_ACL_READ) );
628 + COE( sys_acl_add_perm,(permset, SMB_ACL_WRITE) );
630 + COE( sys_acl_add_perm,(permset, SMB_ACL_EXECUTE) );
631 + COE( sys_acl_set_permset,(entry, permset) );
636 + rprintf(FERROR, "store_access_in_entry %s(): %s\n", errfun,
641 +/* build an SMB_ACL_T corresponding to an rsync_acl */
642 +static BOOL pack_smb_acl(SMB_ACL_T *smb_acl, const rsync_acl *racl)
646 + const char *errfun = NULL;
647 + SMB_ACL_ENTRY_T entry;
649 + if (!(*smb_acl = sys_acl_init(calc_sacl_entries(racl)))) {
650 + rprintf(FERROR, "pack_smb_acl: sys_acl_init(): %s\n",
655 + COE( sys_acl_create_entry,(smb_acl, &entry) );
656 + COE( sys_acl_set_tag_type,(entry, SMB_ACL_USER_OBJ) );
657 + COE2( store_access_in_entry,(racl->user_obj & 7, entry) );
659 + for (ida = racl->users.idas, count = racl->users.count;
661 + COE( sys_acl_create_entry,(smb_acl, &entry) );
662 + COE( sys_acl_set_tag_type,(entry, SMB_ACL_USER) );
663 + COE( sys_acl_set_qualifier,(entry, (void*)&ida->id) );
664 + COE2( store_access_in_entry,(ida->access, entry) );
667 + COE( sys_acl_create_entry,(smb_acl, &entry) );
668 + COE( sys_acl_set_tag_type,(entry, SMB_ACL_GROUP_OBJ) );
669 + COE2( store_access_in_entry,(racl->group_obj & 7, entry) );
671 + for (ida = racl->groups.idas, count = racl->groups.count;
673 + COE( sys_acl_create_entry,(smb_acl, &entry) );
674 + COE( sys_acl_set_tag_type,(entry, SMB_ACL_GROUP) );
675 + COE( sys_acl_set_qualifier,(entry, (void*)&ida->id) );
676 + COE2( store_access_in_entry,(ida->access, entry) );
678 +#ifndef ACLS_NEED_MASK
679 + if (racl->mask != ACL_NO_ENTRY) {
681 + COE( sys_acl_create_entry,(smb_acl, &entry) );
682 + COE( sys_acl_set_tag_type,(entry, SMB_ACL_MASK) );
683 + COE2( store_access_in_entry,(racl->mask, entry) );
684 +#ifndef ACLS_NEED_MASK
688 + COE( sys_acl_create_entry,(smb_acl, &entry) );
689 + COE( sys_acl_set_tag_type,(entry, SMB_ACL_OTHER) );
690 + COE2( store_access_in_entry,(racl->other & 7, entry) );
693 + if (sys_acl_valid(*smb_acl) < 0)
694 + rprintf(FINFO, "pack_smb_acl: warning: system says the ACL I packed is invalid\n");
701 + rprintf(FERROR, "pack_smb_acl %s(): %s\n", errfun,
704 + sys_acl_free_acl(*smb_acl);
708 +static mode_t change_sacl_perms(SMB_ACL_T sacl, rsync_acl *racl, mode_t old_mode, mode_t mode)
710 + SMB_ACL_ENTRY_T entry;
711 + const char *errfun;
714 + if (S_ISDIR(mode)) {
715 + /* If the sticky bit is going on, it's not safe to allow all
716 + * the new ACLs to go into effect before it gets set. */
717 +#ifdef SMB_ACL_LOSES_SPECIAL_MODE_BITS
718 + if (mode & S_ISVTX)
721 + if (mode & S_ISVTX && !(old_mode & S_ISVTX))
724 + /* If setuid or setgid is going off, it's not safe to allow all
725 + * the new ACLs to go into effect before they get cleared. */
726 + if ((old_mode & S_ISUID && !(mode & S_ISUID))
727 + || (old_mode & S_ISGID && !(mode & S_ISGID)))
732 + errfun = "sys_acl_get_entry";
733 + for (rc = sys_acl_get_entry(sacl, SMB_ACL_FIRST_ENTRY, &entry);
735 + rc = sys_acl_get_entry(sacl, SMB_ACL_NEXT_ENTRY, &entry)) {
736 + SMB_ACL_TAG_T tag_type;
737 + if ((rc = sys_acl_get_tag_type(entry, &tag_type))) {
738 + errfun = "sys_acl_get_tag_type";
741 + switch (tag_type) {
742 + case SMB_ACL_USER_OBJ:
743 + COE2( store_access_in_entry,((mode >> 6) & 7, entry) );
745 + case SMB_ACL_GROUP_OBJ:
746 + /* group is only empty when identical to group perms. */
747 + if (racl->group_obj != ACL_NO_ENTRY)
749 + COE2( store_access_in_entry,((mode >> 3) & 7, entry) );
752 +#ifndef ACLS_NEED_MASK
753 + /* mask is only empty when we don't need it. */
754 + if (racl->mask == ACL_NO_ENTRY)
757 + COE2( store_access_in_entry,((mode >> 3) & 7, entry) );
759 + case SMB_ACL_OTHER:
760 + COE2( store_access_in_entry,(mode & 7, entry) );
767 + rprintf(FERROR, "change_sacl_perms: %s(): %s\n",
768 + errfun, strerror(errno));
773 +#ifdef SMB_ACL_LOSES_SPECIAL_MODE_BITS
774 + /* Ensure that chmod() will be called to restore any lost setid bits. */
775 + if (old_mode & (S_ISUID | S_ISGID | S_ISVTX)
776 + && (old_mode & CHMOD_BITS) == (mode & CHMOD_BITS))
777 + old_mode &= ~(S_ISUID | S_ISGID | S_ISVTX);
780 + /* Return the mode of the file on disk, as we will set them. */
781 + return (old_mode & ~ACCESSPERMS) | (mode & ACCESSPERMS);
784 +static void receive_rsync_acl(rsync_acl *racl, int f, SMB_ACL_TYPE_T type)
786 + uchar computed_mask_bits = 0;
787 + ida_list *idal = NULL;
791 + *racl = rsync_acl_initializer;
793 + if (!(count = read_int(f)))
797 + char tag = read_byte(f);
798 + uchar access = read_byte(f);
799 + if (access & ~ (4 | 2 | 1)) {
800 + rprintf(FERROR, "receive_rsync_acl: bogus permset %o\n",
802 + exit_cleanup(RERR_STREAMIO);
806 + if (racl->user_obj != ACL_NO_ENTRY) {
807 + rprintf(FERROR, "receive_rsync_acl: error: duplicate USER_OBJ entry\n");
808 + exit_cleanup(RERR_STREAMIO);
810 + racl->user_obj = access;
813 + idal = &racl->users;
816 + if (racl->group_obj != ACL_NO_ENTRY) {
817 + rprintf(FERROR, "receive_rsync_acl: error: duplicate GROUP_OBJ entry\n");
818 + exit_cleanup(RERR_STREAMIO);
820 + racl->group_obj = access;
823 + idal = &racl->groups;
826 + if (racl->mask != ACL_NO_ENTRY) {
827 + rprintf(FERROR, "receive_rsync_acl: error: duplicate MASK entry\n");
828 + exit_cleanup(RERR_STREAMIO);
830 + racl->mask = access;
833 + if (racl->other != ACL_NO_ENTRY) {
834 + rprintf(FERROR, "receive_rsync_acl: error: duplicate OTHER entry\n");
835 + exit_cleanup(RERR_STREAMIO);
837 + racl->other = access;
840 + rprintf(FERROR, "receive_rsync_acl: unknown tag %c\n",
842 + exit_cleanup(RERR_STREAMIO);
844 + expand_ida_list(idal);
845 + ida = &idal->idas[idal->count++];
846 + ida->access = access;
847 + ida->id = read_int(f);
848 + computed_mask_bits |= access;
851 + if (type == SMB_ACL_TYPE_DEFAULT) {
852 + /* Ensure that these are never unset. */
853 + if (racl->user_obj == ACL_NO_ENTRY)
854 + racl->user_obj = 7;
855 + if (racl->group_obj == ACL_NO_ENTRY)
856 + racl->group_obj = 0;
857 + if (racl->other == ACL_NO_ENTRY)
860 +#ifndef ACLS_NEED_MASK
861 + if (!racl->users.count && !racl->groups.count) {
862 + /* If we, a system without ACLS_NEED_MASK, received a
863 + * superfluous mask, throw it away. */
864 + if (racl->mask != ACL_NO_ENTRY) {
865 + /* mask off group perms with it first */
866 + racl->group_obj &= racl->mask | ACL_NO_ENTRY;
867 + racl->mask = ACL_NO_ENTRY;
871 + if (racl->mask == ACL_NO_ENTRY) /* Always non-empty when needed. */
872 + racl->mask = computed_mask_bits | (racl->group_obj & 7);
875 +/* receive and build the rsync_acl_lists */
876 +void receive_acl(struct file_struct *file, int f)
878 + SMB_ACL_TYPE_T type;
881 + if (S_ISLNK(file->mode))
884 + fname = f_name(file, NULL);
885 + type = SMB_ACL_TYPE_ACCESS;
888 + file_acl_index_list *flst = file_acl_index_lists(type);
890 + expand_file_acl_index_list(flst);
892 + tag = read_byte(f);
893 + if (tag == 'A' || tag == 'a') {
894 + if (type != SMB_ACL_TYPE_ACCESS) {
895 + rprintf(FERROR, "receive_acl %s: duplicate access ACL\n",
897 + exit_cleanup(RERR_STREAMIO);
899 + } else if (tag == 'D' || tag == 'd') {
900 + if (type == SMB_ACL_TYPE_ACCESS) {
901 + rprintf(FERROR, "receive_acl %s: expecting access ACL; got default\n",
903 + exit_cleanup(RERR_STREAMIO);
906 + rprintf(FERROR, "receive_acl %s: unknown ACL type tag: %c\n",
908 + exit_cleanup(RERR_STREAMIO);
910 + if (tag == 'A' || tag == 'D') {
912 + rsync_acl_list *racl_list = rsync_acl_lists(type);
913 + smb_acl_list *sacl_list = smb_acl_lists(type);
914 + flst->fais[flst->count].aclidx = racl_list->count;
915 + flst->fais[flst->count++].file = file;
916 + receive_rsync_acl(&racl, f, type);
917 + expand_rsync_acl_list(racl_list);
918 + racl_list->racls[racl_list->count++] = racl;
919 + expand_smb_acl_list(sacl_list);
920 + sacl_list->sacls[sacl_list->count++] = NULL;
922 + int index = read_int(f);
923 + rsync_acl_list *racl_list = rsync_acl_lists(type);
924 + if ((size_t) index >= racl_list->count) {
925 + rprintf(FERROR, "receive_acl %s: %s ACL index %d out of range\n",
927 + str_acl_type(type),
929 + exit_cleanup(RERR_STREAMIO);
931 + flst->fais[flst->count].aclidx = index;
932 + flst->fais[flst->count++].file = file;
934 + } while (BUMP_TYPE(type) && S_ISDIR(file->mode));
937 +static int file_acl_index_list_sorter(const void *f1, const void *f2)
939 + const file_acl_index *fileaclidx1 = (const file_acl_index *)f1;
940 + const file_acl_index *fileaclidx2 = (const file_acl_index *)f2;
941 + return fileaclidx1->file == fileaclidx2->file ? 0
942 + : fileaclidx1->file < fileaclidx2->file ? -1 : 1;
945 +void sort_file_acl_index_lists()
947 + SMB_ACL_TYPE_T type;
949 + type = SMB_ACL_TYPE_ACCESS;
951 + file_acl_index_list *flst = file_acl_index_lists(type);
956 + qsort(flst->fais, flst->count, sizeof flst->fais[0],
957 + &file_acl_index_list_sorter);
958 + } while (BUMP_TYPE(type));
961 +static int find_file_acl_index(const file_acl_index_list *flst,
962 + const struct file_struct *file)
964 + int low = 0, high = flst->count;
965 + const struct file_struct *file_mid;
970 + int mid = (high + low) / 2;
971 + file_mid = flst->fais[mid].file;
972 + if (file_mid == file)
973 + return flst->fais[mid].aclidx;
974 + if (file_mid > file)
978 + } while (low < high);
980 + file_mid = flst->fais[low].file;
981 + if (file_mid == file)
982 + return flst->fais[low].aclidx;
985 + "find_file_acl_index: can't find entry for file in list\n");
986 + exit_cleanup(RERR_STREAMIO);
990 +/* for duplicating ACLs on backups when using backup_dir */
991 +int dup_acl(const char *orig, const char *bak, mode_t mode)
993 + SMB_ACL_TYPE_T type;
996 + type = SMB_ACL_TYPE_ACCESS;
998 + SMB_ACL_T sacl_orig, sacl_bak;
999 + rsync_acl racl_orig, racl_bak;
1000 + if (!(sacl_orig = sys_acl_get_file(orig, type))) {
1001 + rprintf(FERROR, "dup_acl: sys_acl_get_file(%s, %s): %s\n",
1002 + orig, str_acl_type(type), strerror(errno));
1006 + if (!(sacl_bak = sys_acl_get_file(orig, type))) {
1007 + rprintf(FERROR, "dup_acl: sys_acl_get_file(%s, %s): %s. ignoring\n",
1008 + bak, str_acl_type(type), strerror(errno));
1010 + /* try to forge on through */
1012 + if (!unpack_smb_acl(&racl_orig, sacl_orig)) {
1014 + goto out_with_sacls;
1017 + if (!unpack_smb_acl(&racl_bak, sacl_bak)) {
1019 + goto out_with_one_racl;
1021 + if (rsync_acls_equal(&racl_orig, &racl_bak))
1022 + goto out_with_all;
1024 + ; /* presume they're unequal */
1026 + if (type == SMB_ACL_TYPE_DEFAULT
1027 + && racl_orig.user_obj == ACL_NO_ENTRY) {
1028 + if (sys_acl_delete_def_file(bak) < 0) {
1029 + rprintf(FERROR, "dup_acl: sys_acl_delete_def_file(%s): %s\n",
1030 + bak, strerror(errno));
1033 + } else if (sys_acl_set_file(bak, type, sacl_bak) < 0) {
1034 + rprintf(FERROR, "dup_acl: sys_acl_set_file(%s, %s): %s\n",
1035 + bak, str_acl_type(type), strerror(errno));
1040 + rsync_acl_free(&racl_bak);
1041 + out_with_one_racl:
1042 + rsync_acl_free(&racl_orig);
1045 + sys_acl_free_acl(sacl_bak);
1046 + /* out_with_one_sacl: */
1048 + sys_acl_free_acl(sacl_orig);
1049 + } while (BUMP_TYPE(type) && S_ISDIR(mode));
1054 +/* Stuff for redirecting calls to set_acl() from set_file_attrs()
1055 + * for keep_backup(). */
1056 +static const struct file_struct *backup_orig_file = NULL;
1057 +static const char null_string[] = "";
1058 +static const char *backup_orig_fname = null_string;
1059 +static const char *backup_dest_fname = null_string;
1060 +static SMB_ACL_T _backup_sacl[] = { NULL, NULL };
1062 +void push_keep_backup_acl(const struct file_struct *file,
1063 + const char *orig, const char *dest)
1065 + SMB_ACL_TYPE_T type;
1068 + backup_orig_file = file;
1069 + backup_orig_fname = orig;
1070 + backup_dest_fname = dest;
1072 + sacl = &_backup_sacl[0];
1073 + type = SMB_ACL_TYPE_ACCESS;
1075 + if (type == SMB_ACL_TYPE_DEFAULT && !S_ISDIR(file->mode)) {
1079 + if (!(*sacl = sys_acl_get_file(orig, type))) {
1081 + "push_keep_backup_acl: sys_acl_get_file(%s, %s): %s\n",
1082 + orig, str_acl_type(type),
1085 + } while (BUMP_TYPE(type));
1088 +static int set_keep_backup_acl()
1090 + SMB_ACL_TYPE_T type;
1094 + sacl = &_backup_sacl[0];
1095 + type = SMB_ACL_TYPE_ACCESS;
1098 + && sys_acl_set_file(backup_dest_fname, type, *sacl) < 0) {
1100 + "push_keep_backup_acl: sys_acl_get_file(%s, %s): %s\n",
1101 + backup_dest_fname,
1102 + str_acl_type(type),
1106 + } while (BUMP_TYPE(type));
1111 +void cleanup_keep_backup_acl()
1113 + SMB_ACL_TYPE_T type;
1116 + backup_orig_file = NULL;
1117 + backup_orig_fname = null_string;
1118 + backup_dest_fname = null_string;
1120 + sacl = &_backup_sacl[0];
1121 + type = SMB_ACL_TYPE_ACCESS;
1124 + sys_acl_free_acl(*sacl);
1127 + } while (BUMP_TYPE(type));
1130 +/* set ACL on rsync-ed or keep_backup-ed file
1132 + * This sets extended access ACL entries and default ACLs. If convenient,
1133 + * it sets permission bits along with the access ACLs and signals having
1134 + * done so by modifying mode_p, which should point into the stat buffer.
1136 + * returns: 1 for unchanged, 0 for changed, -1 for failed
1137 + * Pass NULL for mode_p to get the return code without changing anything. */
1138 +int set_acl(const char *fname, const struct file_struct *file, mode_t *mode_p)
1140 + int unchanged = 1;
1141 + SMB_ACL_TYPE_T type;
1143 + if (S_ISLNK(file->mode))
1146 + if (file == backup_orig_file) {
1147 + if (!strcmp(fname, backup_dest_fname))
1148 + return set_keep_backup_acl();
1150 + type = SMB_ACL_TYPE_ACCESS;
1153 + SMB_ACL_T sacl_orig, *sacl_new;
1154 + rsync_acl racl_orig, *racl_new;
1155 + int aclidx = find_file_acl_index(file_acl_index_lists(type), file);
1157 + racl_new = &(rsync_acl_lists(type)->racls[aclidx]);
1158 + sacl_new = &(smb_acl_lists(type)->sacls[aclidx]);
1159 + sacl_orig = sys_acl_get_file(fname, type);
1161 + rprintf(FERROR, "set_acl: sys_acl_get_file(%s, %s): %s\n",
1162 + fname, str_acl_type(type), strerror(errno));
1166 + ok = unpack_smb_acl(&racl_orig, sacl_orig);
1167 + sys_acl_free_acl(sacl_orig);
1172 + if (type == SMB_ACL_TYPE_ACCESS)
1173 + ok = rsync_acl_extended_parts_equal(&racl_orig, racl_new);
1175 + ok = rsync_acls_equal(&racl_orig, racl_new);
1176 + rsync_acl_free(&racl_orig);
1179 + if (!dry_run && mode_p) {
1180 + if (type == SMB_ACL_TYPE_DEFAULT
1181 + && racl_new->user_obj == ACL_NO_ENTRY) {
1182 + if (sys_acl_delete_def_file(fname) < 0) {
1183 + rprintf(FERROR, "set_acl: sys_acl_delete_def_file(%s): %s\n",
1184 + fname, strerror(errno));
1189 + mode_t cur_mode = *mode_p;
1191 + && !pack_smb_acl(sacl_new, racl_new)) {
1195 + if (type == SMB_ACL_TYPE_ACCESS) {
1196 + cur_mode = change_sacl_perms(*sacl_new, racl_new,
1197 + cur_mode, file->mode);
1198 + if (cur_mode == ~0u)
1201 + if (sys_acl_set_file(fname, type, *sacl_new) < 0) {
1202 + rprintf(FERROR, "set_acl: sys_acl_set_file(%s, %s): %s\n",
1203 + fname, str_acl_type(type),
1208 + if (type == SMB_ACL_TYPE_ACCESS)
1209 + *mode_p = cur_mode;
1212 + if (unchanged == 1)
1214 + } while (BUMP_TYPE(type) && S_ISDIR(file->mode));
1219 +/* Enumeration functions for uid mapping: */
1221 +/* Context -- one and only one. Should be cycled through once on uid
1222 + * mapping and once on gid mapping. */
1223 +static rsync_acl_list *_enum_racl_lists[] = {
1224 + &_rsync_acl_lists[0], &_rsync_acl_lists[1], NULL
1227 +static rsync_acl_list **enum_racl_list = &_enum_racl_lists[0];
1228 +static size_t enum_racl_index = 0;
1229 +static size_t enum_ida_index = 0;
1231 +/* This returns the next tag_type id from the given acl for the next entry,
1232 + * or it returns 0 if there are no more tag_type ids in the acl. */
1233 +static id_t *next_ace_id(SMB_ACL_TAG_T tag_type, const rsync_acl *racl)
1235 + const ida_list *idal = tag_type == SMB_ACL_USER ? &racl->users : &racl->groups;
1236 + if (enum_ida_index < idal->count) {
1237 + id_access *ida = &idal->idas[enum_ida_index++];
1240 + enum_ida_index = 0;
1244 +static id_t *next_acl_id(SMB_ACL_TAG_T tag_type, const rsync_acl_list *racl_list)
1246 + for (; enum_racl_index < racl_list->count; enum_racl_index++) {
1247 + rsync_acl *racl = &racl_list->racls[enum_racl_index];
1248 + id_t *id = next_ace_id(tag_type, racl);
1252 + enum_racl_index = 0;
1256 +static id_t *next_acl_list_id(SMB_ACL_TAG_T tag_type)
1258 + for (; *enum_racl_list; enum_racl_list++) {
1259 + id_t *id = next_acl_id(tag_type, *enum_racl_list);
1263 + enum_racl_list = &_enum_racl_lists[0];
1267 +id_t *next_acl_uid()
1269 + return next_acl_list_id(SMB_ACL_USER);
1272 +id_t *next_acl_gid()
1274 + return next_acl_list_id(SMB_ACL_GROUP);
1277 +int default_perms_for_dir(const char *dir)
1286 + perms = ACCESSPERMS & ~orig_umask;
1287 + /* Read the directory's default ACL. If it has none, this will successfully return an empty ACL. */
1288 + sacl = sys_acl_get_file(dir, SMB_ACL_TYPE_DEFAULT);
1289 + if (sacl == NULL) {
1290 + /* Couldn't get an ACL. Darn. */
1293 + /* ACLs are disabled. We could yell at the user to turn them on, but... */
1297 + /* We're doing a dry run, so the containing directory
1298 + * wasn't actually created. Don't worry about it. */
1301 + /* Otherwise fall through. */
1303 + rprintf(FERROR, "default_perms_for_dir: sys_acl_get_file(%s, %s): %s, falling back on umask\n",
1304 + dir, str_acl_type(SMB_ACL_TYPE_DEFAULT), strerror(errno));
1310 + ok = unpack_smb_acl(&racl, sacl);
1311 + sys_acl_free_acl(sacl);
1313 + rprintf(FERROR, "default_perms_for_dir: unpack_smb_acl failed, falling back on umask\n");
1317 + /* Apply the permission-bit entries of the default ACL, if any. */
1318 + if (racl.user_obj != ACL_NO_ENTRY) {
1319 + perms = rsync_acl_get_perms(&racl);
1321 + rprintf(FINFO, "got ACL-based default perms %o for directory %s\n", perms, dir);
1324 + rsync_acl_free(&racl);
1328 +#endif /* SUPPORT_ACLS */
1331 @@ -28,6 +28,7 @@ extern char *backup_suffix;
1332 extern char *backup_dir;
1335 +extern int preserve_acls;
1336 extern int preserve_devices;
1337 extern int preserve_specials;
1338 extern int preserve_links;
1339 @@ -132,6 +133,10 @@ static int make_bak_dir(char *fullpath)
1341 do_lchown(fullpath, st.st_uid, st.st_gid);
1342 do_chmod(fullpath, st.st_mode);
1343 +#ifdef SUPPORT_ACLS
1344 + if (preserve_acls)
1345 + dup_acl(end, fullpath, st.st_mode);
1350 @@ -185,6 +190,11 @@ static int keep_backup(char *fname)
1351 if (!(buf = get_backup_name(fname)))
1354 +#ifdef SUPPORT_ACLS
1355 + if (preserve_acls)
1356 + push_keep_backup_acl(file, fname, buf);
1359 /* Check to see if this is a device file, or link */
1360 if ((am_root && preserve_devices && IS_DEVICE(file->mode))
1361 || (preserve_specials && IS_SPECIAL(file->mode))) {
1362 @@ -260,6 +270,10 @@ static int keep_backup(char *fname)
1365 set_file_attrs(buf, file, NULL, 0);
1366 +#ifdef SUPPORT_ACLS
1367 + if (preserve_acls)
1368 + cleanup_keep_backup_acl();
1373 --- old/configure.in
1374 +++ new/configure.in
1375 @@ -482,6 +482,11 @@ if test x"$ac_cv_func_strcasecmp" = x"no
1376 AC_CHECK_LIB(resolv, strcasecmp)
1379 +AC_CHECK_FUNCS(aclsort)
1380 +if test x"$ac_cv_func_aclsort" = x"no"; then
1381 + AC_CHECK_LIB(sec, aclsort)
1384 dnl At the moment we don't test for a broken memcmp(), because all we
1385 dnl need to do is test for equality, not comparison, and it seems that
1386 dnl every platform has a memcmp that can do at least that.
1387 @@ -738,6 +743,77 @@ AC_SUBST(OBJ_RESTORE)
1388 AC_SUBST(CC_SHOBJ_FLAG)
1389 AC_SUBST(BUILD_POPT)
1391 +AC_CHECK_HEADERS(sys/acl.h)
1392 +AC_CHECK_FUNCS(_acl __acl _facl __facl)
1393 +#################################################
1394 +# check for ACL support
1396 +AC_MSG_CHECKING(whether to support ACLs)
1397 +AC_ARG_ENABLE(acl-support,
1398 +AC_HELP_STRING([--enable-acl-support], [Include ACL support (default=no)]),
1399 +[ case "$enableval" in
1402 + case "$host_os" in
1404 + AC_MSG_RESULT(Using UnixWare ACLs)
1405 + AC_DEFINE(HAVE_UNIXWARE_ACLS, 1, [true if you have UnixWare ACLs])
1407 + *solaris*|*cygwin*)
1408 + AC_MSG_RESULT(Using solaris ACLs)
1409 + AC_DEFINE(HAVE_SOLARIS_ACLS, 1, [true if you have solaris ACLs])
1412 + AC_MSG_RESULT(Using HPUX ACLs)
1413 + AC_DEFINE(HAVE_HPUX_ACLS, 1, [true if you have HPUX ACLs])
1416 + AC_MSG_RESULT(Using IRIX ACLs)
1417 + AC_DEFINE(HAVE_IRIX_ACLS, 1, [true if you have IRIX ACLs])
1420 + AC_MSG_RESULT(Using AIX ACLs)
1421 + AC_DEFINE(HAVE_AIX_ACLS, 1, [true if you have AIX ACLs])
1424 + AC_MSG_RESULT(Using Tru64 ACLs)
1425 + AC_DEFINE(HAVE_TRU64_ACLS, 1, [true if you have Tru64 ACLs])
1426 + LIBS="$LIBS -lpacl"
1429 + AC_MSG_RESULT(ACLs requested -- running tests)
1430 + AC_CHECK_LIB(acl,acl_get_file)
1431 + AC_CACHE_CHECK([for ACL support],samba_cv_HAVE_POSIX_ACLS,[
1432 + AC_TRY_LINK([#include <sys/types.h>
1433 +#include <sys/acl.h>],
1434 +[ acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p);],
1435 +samba_cv_HAVE_POSIX_ACLS=yes,samba_cv_HAVE_POSIX_ACLS=no)])
1436 + if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then
1437 + AC_MSG_RESULT(Using posix ACLs)
1438 + AC_DEFINE(HAVE_POSIX_ACLS, 1, [true if you have posix ACLs])
1439 + AC_CACHE_CHECK([for acl_get_perm_np],samba_cv_HAVE_ACL_GET_PERM_NP,[
1440 + AC_TRY_LINK([#include <sys/types.h>
1441 +#include <sys/acl.h>],
1442 +[ acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm);],
1443 +samba_cv_HAVE_ACL_GET_PERM_NP=yes,samba_cv_HAVE_ACL_GET_PERM_NP=no)])
1444 + if test x"$samba_cv_HAVE_ACL_GET_PERM_NP" = x"yes"; then
1445 + AC_DEFINE(HAVE_ACL_GET_PERM_NP, 1, [true if you have acl_get_perm_np])
1448 + AC_MSG_ERROR(Failed to find ACL support)
1455 + AC_DEFINE(HAVE_NO_ACLS, 1, [true if you don't have ACLs])
1458 + AC_DEFINE(HAVE_NO_ACLS, 1, [true if you don't have ACLs])
1462 AC_CONFIG_FILES([Makefile lib/dummy zlib/dummy popt/dummy shconfig])
1467 @@ -44,6 +44,7 @@ extern int filesfrom_fd;
1468 extern int one_file_system;
1469 extern int copy_dirlinks;
1470 extern int keep_dirlinks;
1471 +extern int preserve_acls;
1472 extern int preserve_links;
1473 extern int preserve_hard_links;
1474 extern int preserve_devices;
1475 @@ -970,6 +971,11 @@ static struct file_struct *send_file_nam
1476 if (chmod_modes && !S_ISLNK(file->mode))
1477 file->mode = tweak_mode(file->mode, chmod_modes);
1479 +#ifdef SUPPORT_ACLS
1480 + if (preserve_acls && make_acl(file, fname) < 0)
1484 maybe_emit_filelist_progress(flist->count + flist_count_offset);
1486 flist_expand(flist);
1487 @@ -977,6 +983,16 @@ static struct file_struct *send_file_nam
1488 if (file->basename[0]) {
1489 flist->files[flist->count++] = file;
1490 send_file_entry(file, f);
1491 +#ifdef SUPPORT_ACLS
1492 + if (preserve_acls)
1493 + send_acl(file, f);
1496 +#ifdef SUPPORT_ACLS
1497 + /* Cleanup unsent ACL(s). */
1498 + if (preserve_acls)
1499 + send_acl(file, -1);
1504 @@ -1365,6 +1381,11 @@ struct file_list *recv_file_list(int f)
1505 flags |= read_byte(f) << 8;
1506 file = receive_file_entry(flist, flags, f);
1508 +#ifdef SUPPORT_ACLS
1509 + if (preserve_acls)
1510 + receive_acl(file, f);
1513 if (S_ISREG(file->mode) || S_ISLNK(file->mode))
1514 stats.total_size += file->length;
1516 @@ -1387,6 +1408,11 @@ struct file_list *recv_file_list(int f)
1518 clean_flist(flist, relative_paths, 1);
1520 +#ifdef SUPPORT_ACLS
1521 + if (preserve_acls)
1522 + sort_file_acl_index_lists();
1526 recv_uid_list(f, flist);
1530 @@ -85,6 +85,7 @@ extern long block_size; /* "long" becaus
1531 extern int max_delete;
1532 extern int force_delete;
1533 extern int one_file_system;
1534 +extern mode_t orig_umask;
1535 extern struct stats stats;
1536 extern dev_t filesystem_dev;
1537 extern char *backup_dir;
1538 @@ -321,6 +322,8 @@ static void do_delete_pass(struct file_l
1540 int unchanged_attrs(struct file_struct *file, STRUCT_STAT *st)
1542 + /* FIXME: Flag ACL changes. */
1545 && (st->st_mode & CHMOD_BITS) != (file->mode & CHMOD_BITS))
1547 @@ -355,6 +358,7 @@ void itemize(struct file_struct *file, i
1548 if (preserve_gid && file->gid != GID_NONE
1549 && st->st_gid != file->gid)
1550 iflags |= ITEM_REPORT_GROUP;
1551 + /* FIXME: Itemize ACL changes. ITEM_REPORT_XATTR? */
1553 iflags |= ITEM_IS_NEW;
1555 @@ -753,6 +757,7 @@ static int try_dests_non(struct file_str
1558 static int phase = 0;
1559 +static int dflt_perms;
1561 /* Acts on the_file_list->file's ndx'th item, whose name is fname. If a dir,
1562 * make sure it exists, and has the right permissions/timestamp info. For
1563 @@ -844,6 +849,10 @@ static void recv_generator(char *fname,
1566 need_fuzzy_dirlist = 1;
1567 +#ifdef SUPPORT_ACLS
1568 + if (!preserve_perms)
1569 + dflt_perms = default_perms_for_dir(dn);
1572 parent_dirname = dn;
1574 @@ -871,7 +880,8 @@ static void recv_generator(char *fname,
1575 if (!preserve_perms) {
1576 int exists = statret == 0
1577 && S_ISDIR(st.st_mode) == S_ISDIR(file->mode);
1578 - file->mode = dest_mode(file->mode, st.st_mode, exists);
1579 + file->mode = dest_mode(file->mode, st.st_mode, dflt_perms,
1583 if (S_ISDIR(file->mode)) {
1584 @@ -1343,6 +1353,8 @@ void generate_files(int f_out, struct fi
1585 * notice that and let us know via the redo pipe (or its closing). */
1588 + dflt_perms = (ACCESSPERMS & ~orig_umask);
1590 for (i = 0; i < flist->count; i++) {
1591 struct file_struct *file = flist->files[i];
1593 --- old/lib/sysacls.c
1594 +++ new/lib/sysacls.c
1597 + Unix SMB/CIFS implementation.
1598 + Samba system utilities for ACL support.
1599 + Copyright (C) Jeremy Allison 2000.
1601 + This program is free software; you can redistribute it and/or modify
1602 + it under the terms of the GNU General Public License as published by
1603 + the Free Software Foundation; either version 2 of the License, or
1604 + (at your option) any later version.
1606 + This program is distributed in the hope that it will be useful,
1607 + but WITHOUT ANY WARRANTY; without even the implied warranty of
1608 + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1609 + GNU General Public License for more details.
1611 + You should have received a copy of the GNU General Public License
1612 + along with this program; if not, write to the Free Software
1613 + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
1617 +#include "sysacls.h" /****** ADDED ******/
1619 +/****** EXTRAS -- THESE ITEMS ARE NOT FROM THE SAMBA SOURCE ******/
1620 +void SAFE_FREE(void *mem)
1626 +char *uidtoname(uid_t uid)
1628 + static char idbuf[12];
1629 + struct passwd *pw;
1631 + if ((pw = getpwuid(uid)) == NULL) {
1632 + slprintf(idbuf, sizeof(idbuf)-1, "%ld", (long)uid);
1635 + return pw->pw_name;
1637 +/****** EXTRAS -- END ******/
1640 + This file wraps all differing system ACL interfaces into a consistent
1641 + one based on the POSIX interface. It also returns the correct errors
1642 + for older UNIX systems that don't support ACLs.
1644 + The interfaces that each ACL implementation must support are as follows :
1646 + int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
1647 + int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
1648 + int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p
1649 + void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
1650 + SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
1651 + SMB_ACL_T sys_acl_get_fd(int fd)
1652 + int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset);
1653 + int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
1654 + char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen)
1655 + SMB_ACL_T sys_acl_init( int count)
1656 + int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
1657 + int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
1658 + int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
1659 + int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
1660 + int sys_acl_valid( SMB_ACL_T theacl )
1661 + int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
1662 + int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
1663 + int sys_acl_delete_def_file(const char *path)
1665 + This next one is not POSIX complient - but we *have* to have it !
1666 + More POSIX braindamage.
1668 + int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1670 + The generic POSIX free is the following call. We split this into
1671 + several different free functions as we may need to add tag info
1672 + to structures when emulating the POSIX interface.
1674 + int sys_acl_free( void *obj_p)
1676 + The calls we actually use are :
1678 + int sys_acl_free_text(char *text) - free acl_to_text
1679 + int sys_acl_free_acl(SMB_ACL_T posix_acl)
1680 + int sys_acl_free_qualifier(void *qualifier, SMB_ACL_TAG_T tagtype)
1684 +#if defined(HAVE_POSIX_ACLS)
1686 +/* Identity mapping - easy. */
1688 +int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
1690 + return acl_get_entry( the_acl, entry_id, entry_p);
1693 +int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
1695 + return acl_get_tag_type( entry_d, tag_type_p);
1698 +int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
1700 + return acl_get_permset( entry_d, permset_p);
1703 +void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
1705 + return acl_get_qualifier( entry_d);
1708 +SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
1710 + return acl_get_file( path_p, type);
1713 +SMB_ACL_T sys_acl_get_fd(int fd)
1715 + return acl_get_fd(fd);
1718 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
1720 + return acl_clear_perms(permset);
1723 +int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1725 + return acl_add_perm(permset, perm);
1728 +int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1730 +#if defined(HAVE_ACL_GET_PERM_NP)
1732 + * Required for TrustedBSD-based ACL implementations where
1733 + * non-POSIX.1e functions are denoted by a _np (non-portable)
1736 + return acl_get_perm_np(permset, perm);
1738 + return acl_get_perm(permset, perm);
1742 +char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
1744 + return acl_to_text( the_acl, plen);
1747 +SMB_ACL_T sys_acl_init( int count)
1749 + return acl_init(count);
1752 +int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
1754 + return acl_create_entry(pacl, pentry);
1757 +int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
1759 + return acl_set_tag_type(entry, tagtype);
1762 +int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
1764 + return acl_set_qualifier(entry, qual);
1767 +int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
1769 + return acl_set_permset(entry, permset);
1772 +int sys_acl_valid( SMB_ACL_T theacl )
1774 + return acl_valid(theacl);
1777 +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
1779 + return acl_set_file(name, acltype, theacl);
1782 +int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
1784 + return acl_set_fd(fd, theacl);
1787 +int sys_acl_delete_def_file(const char *name)
1789 + return acl_delete_def_file(name);
1792 +int sys_acl_free_text(char *text)
1794 + return acl_free(text);
1797 +int sys_acl_free_acl(SMB_ACL_T the_acl)
1799 + return acl_free(the_acl);
1802 +int sys_acl_free_qualifier(void *qual, UNUSED(SMB_ACL_TAG_T tagtype))
1804 + return acl_free(qual);
1807 +#elif defined(HAVE_TRU64_ACLS)
1809 + * The interface to DEC/Compaq Tru64 UNIX ACLs
1810 + * is based on Draft 13 of the POSIX spec which is
1811 + * slightly different from the Draft 16 interface.
1813 + * Also, some of the permset manipulation functions
1814 + * such as acl_clear_perm() and acl_add_perm() appear
1815 + * to be broken on Tru64 so we have to manipulate
1816 + * the permission bits in the permset directly.
1818 +int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
1820 + SMB_ACL_ENTRY_T entry;
1822 + if (entry_id == SMB_ACL_FIRST_ENTRY && acl_first_entry(the_acl) != 0) {
1827 + if ((entry = acl_get_entry(the_acl)) != NULL) {
1832 + return errno ? -1 : 0;
1835 +int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
1837 + return acl_get_tag_type( entry_d, tag_type_p);
1840 +int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
1842 + return acl_get_permset( entry_d, permset_p);
1845 +void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
1847 + return acl_get_qualifier( entry_d);
1850 +SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
1852 + return acl_get_file((char *)path_p, type);
1855 +SMB_ACL_T sys_acl_get_fd(int fd)
1857 + return acl_get_fd(fd, ACL_TYPE_ACCESS);
1860 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
1862 + *permset = 0; /* acl_clear_perm() is broken on Tru64 */
1867 +int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1869 + if (perm & ~(SMB_ACL_READ | SMB_ACL_WRITE | SMB_ACL_EXECUTE)) {
1874 + *permset |= perm; /* acl_add_perm() is broken on Tru64 */
1879 +int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1881 + return *permset & perm; /* Tru64 doesn't have acl_get_perm() */
1884 +char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
1886 + return acl_to_text( the_acl, plen);
1889 +SMB_ACL_T sys_acl_init( int count)
1891 + return acl_init(count);
1894 +int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
1896 + SMB_ACL_ENTRY_T entry;
1898 + if ((entry = acl_create_entry(pacl)) == NULL) {
1906 +int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
1908 + return acl_set_tag_type(entry, tagtype);
1911 +int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
1913 + return acl_set_qualifier(entry, qual);
1916 +int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
1918 + return acl_set_permset(entry, permset);
1921 +int sys_acl_valid( SMB_ACL_T theacl )
1923 + acl_entry_t entry;
1925 + return acl_valid(theacl, &entry);
1928 +int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
1930 + return acl_set_file((char *)name, acltype, theacl);
1933 +int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
1935 + return acl_set_fd(fd, ACL_TYPE_ACCESS, theacl);
1938 +int sys_acl_delete_def_file(const char *name)
1940 + return acl_delete_def_file((char *)name);
1943 +int sys_acl_free_text(char *text)
1946 + * (void) cast and explicit return 0 are for DEC UNIX
1947 + * which just #defines acl_free_text() to be free()
1949 + (void) acl_free_text(text);
1953 +int sys_acl_free_acl(SMB_ACL_T the_acl)
1955 + return acl_free(the_acl);
1958 +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
1960 + return acl_free_qualifier(qual, tagtype);
1963 +#elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS)
1966 + * Donated by Michael Davidson <md@sco.COM> for UnixWare / OpenUNIX.
1967 + * Modified by Toomas Soome <tsoome@ut.ee> for Solaris.
1971 + * Note that while this code implements sufficient functionality
1972 + * to support the sys_acl_* interfaces it does not provide all
1973 + * of the semantics of the POSIX ACL interfaces.
1975 + * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
1976 + * from a call to sys_acl_get_entry() should not be assumed to be
1977 + * valid after calling any of the following functions, which may
1978 + * reorder the entries in the ACL.
1981 + * sys_acl_set_file()
1982 + * sys_acl_set_fd()
1986 + * The only difference between Solaris and UnixWare / OpenUNIX is
1987 + * that the #defines for the ACL operations have different names
1989 +#if defined(HAVE_UNIXWARE_ACLS)
1991 +#define SETACL ACL_SET
1992 +#define GETACL ACL_GET
1993 +#define GETACLCNT ACL_CNT
1998 +int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
2000 + if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
2005 + if (entry_p == NULL) {
2010 + if (entry_id == SMB_ACL_FIRST_ENTRY) {
2014 + if (acl_d->next < 0) {
2019 + if (acl_d->next >= acl_d->count) {
2023 + *entry_p = &acl_d->acl[acl_d->next++];
2028 +int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
2030 + *type_p = entry_d->a_type;
2035 +int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
2037 + *permset_p = &entry_d->a_perm;
2042 +void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
2044 + if (entry_d->a_type != SMB_ACL_USER
2045 + && entry_d->a_type != SMB_ACL_GROUP) {
2050 + return &entry_d->a_id;
2054 + * There is no way of knowing what size the ACL returned by
2055 + * GETACL will be unless you first call GETACLCNT which means
2056 + * making an additional system call.
2058 + * In the hope of avoiding the cost of the additional system
2059 + * call in most cases, we initially allocate enough space for
2060 + * an ACL with INITIAL_ACL_SIZE entries. If this turns out to
2061 + * be too small then we use GETACLCNT to find out the actual
2062 + * size, reallocate the ACL buffer, and then call GETACL again.
2065 +#define INITIAL_ACL_SIZE 16
2067 +SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
2070 + int count; /* # of ACL entries allocated */
2071 + int naccess; /* # of access ACL entries */
2072 + int ndefault; /* # of default ACL entries */
2074 + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
2079 + count = INITIAL_ACL_SIZE;
2080 + if ((acl_d = sys_acl_init(count)) == NULL) {
2085 + * If there isn't enough space for the ACL entries we use
2086 + * GETACLCNT to determine the actual number of ACL entries
2087 + * reallocate and try again. This is in a loop because it
2088 + * is possible that someone else could modify the ACL and
2089 + * increase the number of entries between the call to
2090 + * GETACLCNT and the call to GETACL.
2092 + while ((count = acl(path_p, GETACL, count, &acl_d->acl[0])) < 0
2093 + && errno == ENOSPC) {
2095 + sys_acl_free_acl(acl_d);
2097 + if ((count = acl(path_p, GETACLCNT, 0, NULL)) < 0) {
2101 + if ((acl_d = sys_acl_init(count)) == NULL) {
2107 + sys_acl_free_acl(acl_d);
2112 + * calculate the number of access and default ACL entries
2114 + * Note: we assume that the acl() system call returned a
2115 + * well formed ACL which is sorted so that all of the
2116 + * access ACL entries preceed any default ACL entries
2118 + for (naccess = 0; naccess < count; naccess++) {
2119 + if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
2122 + ndefault = count - naccess;
2125 + * if the caller wants the default ACL we have to copy
2126 + * the entries down to the start of the acl[] buffer
2127 + * and mask out the ACL_DEFAULT flag from the type field
2129 + if (type == SMB_ACL_TYPE_DEFAULT) {
2132 + for (i = 0, j = naccess; i < ndefault; i++, j++) {
2133 + acl_d->acl[i] = acl_d->acl[j];
2134 + acl_d->acl[i].a_type &= ~ACL_DEFAULT;
2137 + acl_d->count = ndefault;
2139 + acl_d->count = naccess;
2145 +SMB_ACL_T sys_acl_get_fd(int fd)
2148 + int count; /* # of ACL entries allocated */
2149 + int naccess; /* # of access ACL entries */
2151 + count = INITIAL_ACL_SIZE;
2152 + if ((acl_d = sys_acl_init(count)) == NULL) {
2156 + while ((count = facl(fd, GETACL, count, &acl_d->acl[0])) < 0
2157 + && errno == ENOSPC) {
2159 + sys_acl_free_acl(acl_d);
2161 + if ((count = facl(fd, GETACLCNT, 0, NULL)) < 0) {
2165 + if ((acl_d = sys_acl_init(count)) == NULL) {
2171 + sys_acl_free_acl(acl_d);
2176 + * calculate the number of access ACL entries
2178 + for (naccess = 0; naccess < count; naccess++) {
2179 + if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
2183 + acl_d->count = naccess;
2188 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
2195 +int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
2197 + if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
2198 + && perm != SMB_ACL_EXECUTE) {
2203 + if (permset_d == NULL) {
2208 + *permset_d |= perm;
2213 +int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
2215 + return *permset_d & perm;
2218 +char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
2225 + * use an initial estimate of 20 bytes per ACL entry
2226 + * when allocating memory for the text representation
2230 + maxlen = 20 * acl_d->count;
2231 + if ((text = SMB_MALLOC(maxlen)) == NULL) {
2236 + for (i = 0; i < acl_d->count; i++) {
2237 + struct acl *ap = &acl_d->acl[i];
2246 + switch (ap->a_type) {
2248 + * for debugging purposes it's probably more
2249 + * useful to dump unknown tag types rather
2250 + * than just returning an error
2253 + slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x",
2256 + slprintf(idbuf, sizeof(idbuf)-1, "%ld",
2261 + case SMB_ACL_USER:
2262 + id = uidtoname(ap->a_id);
2263 + case SMB_ACL_USER_OBJ:
2267 + case SMB_ACL_GROUP:
2268 + if ((gr = getgrgid(ap->a_id)) == NULL) {
2269 + slprintf(idbuf, sizeof(idbuf)-1, "%ld",
2275 + case SMB_ACL_GROUP_OBJ:
2279 + case SMB_ACL_OTHER:
2283 + case SMB_ACL_MASK:
2289 + perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-';
2290 + perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-';
2291 + perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-';
2294 + /* <tag> : <qualifier> : rwx \n \0 */
2295 + nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1;
2298 + * If this entry would overflow the buffer
2299 + * allocate enough additional memory for this
2300 + * entry and an estimate of another 20 bytes
2301 + * for each entry still to be processed
2303 + if ((len + nbytes) > maxlen) {
2304 + char *oldtext = text;
2306 + maxlen += nbytes + 20 * (acl_d->count - i);
2308 + if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) {
2309 + SAFE_FREE(oldtext);
2315 + slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms);
2316 + len += nbytes - 1;
2325 +SMB_ACL_T sys_acl_init(int count)
2335 + * note that since the definition of the structure pointed
2336 + * to by the SMB_ACL_T includes the first element of the
2337 + * acl[] array, this actually allocates an ACL with room
2338 + * for (count+1) entries
2340 + if ((a = (SMB_ACL_T)SMB_MALLOC(sizeof(struct SMB_ACL_T) + count * sizeof(struct acl))) == NULL) {
2345 + a->size = count + 1;
2353 +int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
2356 + SMB_ACL_ENTRY_T entry_d;
2358 + if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
2363 + if (acl_d->count >= acl_d->size) {
2368 + entry_d = &acl_d->acl[acl_d->count++];
2369 + entry_d->a_type = 0;
2370 + entry_d->a_id = -1;
2371 + entry_d->a_perm = 0;
2372 + *entry_p = entry_d;
2377 +int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
2379 + switch (tag_type) {
2380 + case SMB_ACL_USER:
2381 + case SMB_ACL_USER_OBJ:
2382 + case SMB_ACL_GROUP:
2383 + case SMB_ACL_GROUP_OBJ:
2384 + case SMB_ACL_OTHER:
2385 + case SMB_ACL_MASK:
2386 + entry_d->a_type = tag_type;
2396 +int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
2398 + if (entry_d->a_type != SMB_ACL_GROUP
2399 + && entry_d->a_type != SMB_ACL_USER) {
2404 + entry_d->a_id = *((id_t *)qual_p);
2409 +int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
2411 + if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
2415 + entry_d->a_perm = *permset_d;
2421 + * sort the ACL and check it for validity
2423 + * if it's a minimal ACL with only 4 entries then we
2424 + * need to recalculate the mask permissions to make
2425 + * sure that they are the same as the GROUP_OBJ
2426 + * permissions as required by the UnixWare acl() system call.
2428 + * (note: since POSIX allows minimal ACLs which only contain
2429 + * 3 entries - ie there is no mask entry - we should, in theory,
2430 + * check for this and add a mask entry if necessary - however
2431 + * we "know" that the caller of this interface always specifies
2432 + * a mask so, in practice "this never happens" (tm) - if it *does*
2433 + * happen aclsort() will fail and return an error and someone will
2434 + * have to fix it ...)
2437 +static int acl_sort(SMB_ACL_T acl_d)
2439 + int fixmask = (acl_d->count <= 4);
2441 + if (aclsort(acl_d->count, fixmask, acl_d->acl) != 0) {
2448 +int sys_acl_valid(SMB_ACL_T acl_d)
2450 + return acl_sort(acl_d);
2453 +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
2456 + struct acl *acl_p;
2458 + struct acl *acl_buf = NULL;
2461 + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
2466 + if (acl_sort(acl_d) != 0) {
2470 + acl_p = &acl_d->acl[0];
2471 + acl_count = acl_d->count;
2474 + * if it's a directory there is extra work to do
2475 + * since the acl() system call will replace both
2476 + * the access ACLs and the default ACLs (if any)
2478 + if (stat(name, &s) != 0) {
2481 + if (S_ISDIR(s.st_mode)) {
2482 + SMB_ACL_T acc_acl;
2483 + SMB_ACL_T def_acl;
2484 + SMB_ACL_T tmp_acl;
2487 + if (type == SMB_ACL_TYPE_ACCESS) {
2489 + def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
2493 + acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
2496 + if (tmp_acl == NULL) {
2501 + * allocate a temporary buffer for the complete ACL
2503 + acl_count = acc_acl->count + def_acl->count;
2504 + acl_p = acl_buf = SMB_MALLOC_ARRAY(struct acl, acl_count);
2506 + if (acl_buf == NULL) {
2507 + sys_acl_free_acl(tmp_acl);
2513 + * copy the access control and default entries into the buffer
2515 + memcpy(&acl_buf[0], &acc_acl->acl[0],
2516 + acc_acl->count * sizeof(acl_buf[0]));
2518 + memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0],
2519 + def_acl->count * sizeof(acl_buf[0]));
2522 + * set the ACL_DEFAULT flag on the default entries
2524 + for (i = acc_acl->count; i < acl_count; i++) {
2525 + acl_buf[i].a_type |= ACL_DEFAULT;
2528 + sys_acl_free_acl(tmp_acl);
2530 + } else if (type != SMB_ACL_TYPE_ACCESS) {
2535 + ret = acl(name, SETACL, acl_count, acl_p);
2537 + SAFE_FREE(acl_buf);
2542 +int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
2544 + if (acl_sort(acl_d) != 0) {
2548 + return facl(fd, SETACL, acl_d->count, &acl_d->acl[0]);
2551 +int sys_acl_delete_def_file(const char *path)
2557 + * fetching the access ACL and rewriting it has
2558 + * the effect of deleting the default ACL
2560 + if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) {
2564 + ret = acl(path, SETACL, acl_d->count, acl_d->acl);
2566 + sys_acl_free_acl(acl_d);
2571 +int sys_acl_free_text(char *text)
2577 +int sys_acl_free_acl(SMB_ACL_T acl_d)
2583 +int sys_acl_free_qualifier(UNUSED(void *qual), UNUSED(SMB_ACL_TAG_T tagtype))
2588 +#elif defined(HAVE_HPUX_ACLS)
2592 + * Based on the Solaris/SCO code - with modifications.
2596 + * Note that while this code implements sufficient functionality
2597 + * to support the sys_acl_* interfaces it does not provide all
2598 + * of the semantics of the POSIX ACL interfaces.
2600 + * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
2601 + * from a call to sys_acl_get_entry() should not be assumed to be
2602 + * valid after calling any of the following functions, which may
2603 + * reorder the entries in the ACL.
2606 + * sys_acl_set_file()
2607 + * sys_acl_set_fd()
2610 +/* This checks if the POSIX ACL system call is defined */
2611 +/* which basically corresponds to whether JFS 3.3 or */
2612 +/* higher is installed. If acl() was called when it */
2613 +/* isn't defined, it causes the process to core dump */
2614 +/* so it is important to check this and avoid acl() */
2615 +/* calls if it isn't there. */
2617 +static BOOL hpux_acl_call_presence(void)
2620 + shl_t handle = NULL;
2623 + static BOOL already_checked=0;
2625 + if(already_checked)
2629 + ret_val = shl_findsym(&handle, "acl", TYPE_PROCEDURE, &value);
2631 + if(ret_val != 0) {
2632 + DEBUG(5, ("hpux_acl_call_presence: shl_findsym() returned %d, errno = %d, error %s\n",
2633 + ret_val, errno, strerror(errno)));
2634 + DEBUG(5,("hpux_acl_call_presence: acl() system call is not present. Check if you have JFS 3.3 and above?\n"));
2638 + DEBUG(10,("hpux_acl_call_presence: acl() system call is present. We have JFS 3.3 or above \n"));
2640 + already_checked = True;
2644 +int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
2646 + if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
2651 + if (entry_p == NULL) {
2656 + if (entry_id == SMB_ACL_FIRST_ENTRY) {
2660 + if (acl_d->next < 0) {
2665 + if (acl_d->next >= acl_d->count) {
2669 + *entry_p = &acl_d->acl[acl_d->next++];
2674 +int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
2676 + *type_p = entry_d->a_type;
2681 +int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
2683 + *permset_p = &entry_d->a_perm;
2688 +void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
2690 + if (entry_d->a_type != SMB_ACL_USER
2691 + && entry_d->a_type != SMB_ACL_GROUP) {
2696 + return &entry_d->a_id;
2700 + * There is no way of knowing what size the ACL returned by
2701 + * ACL_GET will be unless you first call ACL_CNT which means
2702 + * making an additional system call.
2704 + * In the hope of avoiding the cost of the additional system
2705 + * call in most cases, we initially allocate enough space for
2706 + * an ACL with INITIAL_ACL_SIZE entries. If this turns out to
2707 + * be too small then we use ACL_CNT to find out the actual
2708 + * size, reallocate the ACL buffer, and then call ACL_GET again.
2711 +#define INITIAL_ACL_SIZE 16
2713 +SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
2716 + int count; /* # of ACL entries allocated */
2717 + int naccess; /* # of access ACL entries */
2718 + int ndefault; /* # of default ACL entries */
2720 + if(hpux_acl_call_presence() == False) {
2721 + /* Looks like we don't have the acl() system call on HPUX.
2722 + * May be the system doesn't have the latest version of JFS.
2727 + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
2732 + count = INITIAL_ACL_SIZE;
2733 + if ((acl_d = sys_acl_init(count)) == NULL) {
2738 + * If there isn't enough space for the ACL entries we use
2739 + * ACL_CNT to determine the actual number of ACL entries
2740 + * reallocate and try again. This is in a loop because it
2741 + * is possible that someone else could modify the ACL and
2742 + * increase the number of entries between the call to
2743 + * ACL_CNT and the call to ACL_GET.
2745 + while ((count = acl(path_p, ACL_GET, count, &acl_d->acl[0])) < 0 && errno == ENOSPC) {
2747 + sys_acl_free_acl(acl_d);
2749 + if ((count = acl(path_p, ACL_CNT, 0, NULL)) < 0) {
2753 + if ((acl_d = sys_acl_init(count)) == NULL) {
2759 + sys_acl_free_acl(acl_d);
2764 + * calculate the number of access and default ACL entries
2766 + * Note: we assume that the acl() system call returned a
2767 + * well formed ACL which is sorted so that all of the
2768 + * access ACL entries preceed any default ACL entries
2770 + for (naccess = 0; naccess < count; naccess++) {
2771 + if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
2774 + ndefault = count - naccess;
2777 + * if the caller wants the default ACL we have to copy
2778 + * the entries down to the start of the acl[] buffer
2779 + * and mask out the ACL_DEFAULT flag from the type field
2781 + if (type == SMB_ACL_TYPE_DEFAULT) {
2784 + for (i = 0, j = naccess; i < ndefault; i++, j++) {
2785 + acl_d->acl[i] = acl_d->acl[j];
2786 + acl_d->acl[i].a_type &= ~ACL_DEFAULT;
2789 + acl_d->count = ndefault;
2791 + acl_d->count = naccess;
2797 +SMB_ACL_T sys_acl_get_fd(int fd)
2800 + * HPUX doesn't have the facl call. Fake it using the path.... JRA.
2803 + files_struct *fsp = file_find_fd(fd);
2805 + if (fsp == NULL) {
2811 + * We know we're in the same conn context. So we
2812 + * can use the relative path.
2815 + return sys_acl_get_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS);
2818 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
2825 +int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
2827 + if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
2828 + && perm != SMB_ACL_EXECUTE) {
2833 + if (permset_d == NULL) {
2838 + *permset_d |= perm;
2843 +int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
2845 + return *permset_d & perm;
2848 +char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
2855 + * use an initial estimate of 20 bytes per ACL entry
2856 + * when allocating memory for the text representation
2860 + maxlen = 20 * acl_d->count;
2861 + if ((text = SMB_MALLOC(maxlen)) == NULL) {
2866 + for (i = 0; i < acl_d->count; i++) {
2867 + struct acl *ap = &acl_d->acl[i];
2876 + switch (ap->a_type) {
2878 + * for debugging purposes it's probably more
2879 + * useful to dump unknown tag types rather
2880 + * than just returning an error
2883 + slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x",
2886 + slprintf(idbuf, sizeof(idbuf)-1, "%ld",
2891 + case SMB_ACL_USER:
2892 + id = uidtoname(ap->a_id);
2893 + case SMB_ACL_USER_OBJ:
2897 + case SMB_ACL_GROUP:
2898 + if ((gr = getgrgid(ap->a_id)) == NULL) {
2899 + slprintf(idbuf, sizeof(idbuf)-1, "%ld",
2905 + case SMB_ACL_GROUP_OBJ:
2909 + case SMB_ACL_OTHER:
2913 + case SMB_ACL_MASK:
2919 + perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-';
2920 + perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-';
2921 + perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-';
2924 + /* <tag> : <qualifier> : rwx \n \0 */
2925 + nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1;
2928 + * If this entry would overflow the buffer
2929 + * allocate enough additional memory for this
2930 + * entry and an estimate of another 20 bytes
2931 + * for each entry still to be processed
2933 + if ((len + nbytes) > maxlen) {
2934 + char *oldtext = text;
2936 + maxlen += nbytes + 20 * (acl_d->count - i);
2938 + if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) {
2945 + slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms);
2946 + len += nbytes - 1;
2955 +SMB_ACL_T sys_acl_init(int count)
2965 + * note that since the definition of the structure pointed
2966 + * to by the SMB_ACL_T includes the first element of the
2967 + * acl[] array, this actually allocates an ACL with room
2968 + * for (count+1) entries
2970 + if ((a = SMB_MALLOC(sizeof(struct SMB_ACL_T) + count * sizeof(struct acl))) == NULL) {
2975 + a->size = count + 1;
2983 +int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
2986 + SMB_ACL_ENTRY_T entry_d;
2988 + if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
2993 + if (acl_d->count >= acl_d->size) {
2998 + entry_d = &acl_d->acl[acl_d->count++];
2999 + entry_d->a_type = 0;
3000 + entry_d->a_id = -1;
3001 + entry_d->a_perm = 0;
3002 + *entry_p = entry_d;
3007 +int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
3009 + switch (tag_type) {
3010 + case SMB_ACL_USER:
3011 + case SMB_ACL_USER_OBJ:
3012 + case SMB_ACL_GROUP:
3013 + case SMB_ACL_GROUP_OBJ:
3014 + case SMB_ACL_OTHER:
3015 + case SMB_ACL_MASK:
3016 + entry_d->a_type = tag_type;
3026 +int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
3028 + if (entry_d->a_type != SMB_ACL_GROUP
3029 + && entry_d->a_type != SMB_ACL_USER) {
3034 + entry_d->a_id = *((id_t *)qual_p);
3039 +int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
3041 + if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
3045 + entry_d->a_perm = *permset_d;
3050 +/* Structure to capture the count for each type of ACE. */
3052 +struct hpux_acl_types {
3056 + int n_def_user_obj;
3061 + int n_def_group_obj;
3065 + int n_def_other_obj;
3068 + int n_def_class_obj;
3070 + int n_illegal_obj;
3074 + * Counts the different number of objects in a given array of ACL
3078 + * acl_count - Count of ACLs in the array of ACL strucutres.
3079 + * aclp - Array of ACL structures.
3080 + * acl_type_count - Pointer to acl_types structure. Should already be
3084 + * acl_type_count - This structure is filled up with counts of various
3088 +static int hpux_count_obj(int acl_count, struct acl *aclp, struct hpux_acl_types *acl_type_count)
3092 + memset(acl_type_count, 0, sizeof(struct hpux_acl_types));
3094 + for(i=0;i<acl_count;i++) {
3095 + switch(aclp[i].a_type) {
3097 + acl_type_count->n_user++;
3100 + acl_type_count->n_user_obj++;
3102 + case DEF_USER_OBJ:
3103 + acl_type_count->n_def_user_obj++;
3106 + acl_type_count->n_group++;
3109 + acl_type_count->n_group_obj++;
3111 + case DEF_GROUP_OBJ:
3112 + acl_type_count->n_def_group_obj++;
3115 + acl_type_count->n_other_obj++;
3117 + case DEF_OTHER_OBJ:
3118 + acl_type_count->n_def_other_obj++;
3121 + acl_type_count->n_class_obj++;
3123 + case DEF_CLASS_OBJ:
3124 + acl_type_count->n_def_class_obj++;
3127 + acl_type_count->n_def_user++;
3130 + acl_type_count->n_def_group++;
3133 + acl_type_count->n_illegal_obj++;
3139 +/* swap_acl_entries: Swaps two ACL entries.
3141 + * Inputs: aclp0, aclp1 - ACL entries to be swapped.
3144 +static void hpux_swap_acl_entries(struct acl *aclp0, struct acl *aclp1)
3146 + struct acl temp_acl;
3148 + temp_acl.a_type = aclp0->a_type;
3149 + temp_acl.a_id = aclp0->a_id;
3150 + temp_acl.a_perm = aclp0->a_perm;
3152 + aclp0->a_type = aclp1->a_type;
3153 + aclp0->a_id = aclp1->a_id;
3154 + aclp0->a_perm = aclp1->a_perm;
3156 + aclp1->a_type = temp_acl.a_type;
3157 + aclp1->a_id = temp_acl.a_id;
3158 + aclp1->a_perm = temp_acl.a_perm;
3161 +/* prohibited_duplicate_type
3162 + * Identifies if given ACL type can have duplicate entries or
3165 + * Inputs: acl_type - ACL Type.
3171 + * True - If the ACL type matches any of the prohibited types.
3172 + * False - If the ACL type doesn't match any of the prohibited types.
3175 +static BOOL hpux_prohibited_duplicate_type(int acl_type)
3177 + switch(acl_type) {
3188 +/* get_needed_class_perm
3189 + * Returns the permissions of a ACL structure only if the ACL
3190 + * type matches one of the pre-determined types for computing
3191 + * CLASS_OBJ permissions.
3193 + * Inputs: aclp - Pointer to ACL structure.
3196 +static int hpux_get_needed_class_perm(struct acl *aclp)
3198 + switch(aclp->a_type) {
3202 + case DEF_USER_OBJ:
3204 + case DEF_GROUP_OBJ:
3206 + case DEF_CLASS_OBJ:
3207 + case DEF_OTHER_OBJ:
3208 + return aclp->a_perm;
3214 +/* acl_sort for HPUX.
3215 + * Sorts the array of ACL structures as per the description in
3216 + * aclsort man page. Refer to aclsort man page for more details
3220 + * acl_count - Count of ACLs in the array of ACL structures.
3221 + * calclass - If this is not zero, then we compute the CLASS_OBJ
3223 + * aclp - Array of ACL structures.
3227 + * aclp - Sorted array of ACL structures.
3231 + * Returns 0 for success -1 for failure. Prints a message to the Samba
3232 + * debug log in case of failure.
3235 +static int hpux_acl_sort(int acl_count, int calclass, struct acl *aclp)
3237 +#if !defined(HAVE_HPUX_ACLSORT)
3239 + * The aclsort() system call is availabe on the latest HPUX General
3240 + * Patch Bundles. So for HPUX, we developed our version of acl_sort
3241 + * function. Because, we don't want to update to a new
3242 + * HPUX GR bundle just for aclsort() call.
3245 + struct hpux_acl_types acl_obj_count;
3246 + int n_class_obj_perm = 0;
3250 + DEBUG(10,("Zero acl count passed. Returning Success\n"));
3254 + if(aclp == NULL) {
3255 + DEBUG(0,("Null ACL pointer in hpux_acl_sort. Returning Failure. \n"));
3259 + /* Count different types of ACLs in the ACLs array */
3261 + hpux_count_obj(acl_count, aclp, &acl_obj_count);
3263 + /* There should be only one entry each of type USER_OBJ, GROUP_OBJ,
3264 + * CLASS_OBJ and OTHER_OBJ
3267 + if( (acl_obj_count.n_user_obj != 1) ||
3268 + (acl_obj_count.n_group_obj != 1) ||
3269 + (acl_obj_count.n_class_obj != 1) ||
3270 + (acl_obj_count.n_other_obj != 1)
3272 + DEBUG(0,("hpux_acl_sort: More than one entry or no entries for \
3273 +USER OBJ or GROUP_OBJ or OTHER_OBJ or CLASS_OBJ\n"));
3277 + /* If any of the default objects are present, there should be only
3278 + * one of them each.
3281 + if( (acl_obj_count.n_def_user_obj > 1) || (acl_obj_count.n_def_group_obj > 1) ||
3282 + (acl_obj_count.n_def_other_obj > 1) || (acl_obj_count.n_def_class_obj > 1) ) {
3283 + DEBUG(0,("hpux_acl_sort: More than one entry for DEF_CLASS_OBJ \
3284 +or DEF_USER_OBJ or DEF_GROUP_OBJ or DEF_OTHER_OBJ\n"));
3288 + /* We now have proper number of OBJ and DEF_OBJ entries. Now sort the acl
3291 + * Sorting crieteria - First sort by ACL type. If there are multiple entries of
3292 + * same ACL type, sort by ACL id.
3294 + * I am using the trival kind of sorting method here because, performance isn't
3295 + * really effected by the ACLs feature. More over there aren't going to be more
3296 + * than 17 entries on HPUX.
3299 + for(i=0; i<acl_count;i++) {
3300 + for (j=i+1; j<acl_count; j++) {
3301 + if( aclp[i].a_type > aclp[j].a_type ) {
3302 + /* ACL entries out of order, swap them */
3304 + hpux_swap_acl_entries((aclp+i), (aclp+j));
3306 + } else if ( aclp[i].a_type == aclp[j].a_type ) {
3308 + /* ACL entries of same type, sort by id */
3310 + if(aclp[i].a_id > aclp[j].a_id) {
3311 + hpux_swap_acl_entries((aclp+i), (aclp+j));
3312 + } else if (aclp[i].a_id == aclp[j].a_id) {
3313 + /* We have a duplicate entry. */
3314 + if(hpux_prohibited_duplicate_type(aclp[i].a_type)) {
3315 + DEBUG(0, ("hpux_acl_sort: Duplicate entry: Type(hex): %x Id: %d\n",
3316 + aclp[i].a_type, aclp[i].a_id));
3325 + /* set the class obj permissions to the computed one. */
3327 + int n_class_obj_index = -1;
3329 + for(i=0;i<acl_count;i++) {
3330 + n_class_obj_perm |= hpux_get_needed_class_perm((aclp+i));
3332 + if(aclp[i].a_type == CLASS_OBJ)
3333 + n_class_obj_index = i;
3335 + aclp[n_class_obj_index].a_perm = n_class_obj_perm;
3340 + return aclsort(acl_count, calclass, aclp);
3345 + * sort the ACL and check it for validity
3347 + * if it's a minimal ACL with only 4 entries then we
3348 + * need to recalculate the mask permissions to make
3349 + * sure that they are the same as the GROUP_OBJ
3350 + * permissions as required by the UnixWare acl() system call.
3352 + * (note: since POSIX allows minimal ACLs which only contain
3353 + * 3 entries - ie there is no mask entry - we should, in theory,
3354 + * check for this and add a mask entry if necessary - however
3355 + * we "know" that the caller of this interface always specifies
3356 + * a mask so, in practice "this never happens" (tm) - if it *does*
3357 + * happen aclsort() will fail and return an error and someone will
3358 + * have to fix it ...)
3361 +static int acl_sort(SMB_ACL_T acl_d)
3363 + int fixmask = (acl_d->count <= 4);
3365 + if (hpux_acl_sort(acl_d->count, fixmask, acl_d->acl) != 0) {
3372 +int sys_acl_valid(SMB_ACL_T acl_d)
3374 + return acl_sort(acl_d);
3377 +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
3380 + struct acl *acl_p;
3382 + struct acl *acl_buf = NULL;
3385 + if(hpux_acl_call_presence() == False) {
3386 + /* Looks like we don't have the acl() system call on HPUX.
3387 + * May be the system doesn't have the latest version of JFS.
3393 + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
3398 + if (acl_sort(acl_d) != 0) {
3402 + acl_p = &acl_d->acl[0];
3403 + acl_count = acl_d->count;
3406 + * if it's a directory there is extra work to do
3407 + * since the acl() system call will replace both
3408 + * the access ACLs and the default ACLs (if any)
3410 + if (stat(name, &s) != 0) {
3413 + if (S_ISDIR(s.st_mode)) {
3414 + SMB_ACL_T acc_acl;
3415 + SMB_ACL_T def_acl;
3416 + SMB_ACL_T tmp_acl;
3419 + if (type == SMB_ACL_TYPE_ACCESS) {
3421 + def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
3425 + acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
3428 + if (tmp_acl == NULL) {
3433 + * allocate a temporary buffer for the complete ACL
3435 + acl_count = acc_acl->count + def_acl->count;
3436 + acl_p = acl_buf = SMB_MALLOC_ARRAY(struct acl, acl_count);
3438 + if (acl_buf == NULL) {
3439 + sys_acl_free_acl(tmp_acl);
3445 + * copy the access control and default entries into the buffer
3447 + memcpy(&acl_buf[0], &acc_acl->acl[0],
3448 + acc_acl->count * sizeof(acl_buf[0]));
3450 + memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0],
3451 + def_acl->count * sizeof(acl_buf[0]));
3454 + * set the ACL_DEFAULT flag on the default entries
3456 + for (i = acc_acl->count; i < acl_count; i++) {
3457 + acl_buf[i].a_type |= ACL_DEFAULT;
3460 + sys_acl_free_acl(tmp_acl);
3462 + } else if (type != SMB_ACL_TYPE_ACCESS) {
3467 + ret = acl(name, ACL_SET, acl_count, acl_p);
3476 +int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
3479 + * HPUX doesn't have the facl call. Fake it using the path.... JRA.
3482 + files_struct *fsp = file_find_fd(fd);
3484 + if (fsp == NULL) {
3489 + if (acl_sort(acl_d) != 0) {
3494 + * We know we're in the same conn context. So we
3495 + * can use the relative path.
3498 + return sys_acl_set_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS, acl_d);
3501 +int sys_acl_delete_def_file(const char *path)
3507 + * fetching the access ACL and rewriting it has
3508 + * the effect of deleting the default ACL
3510 + if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) {
3514 + ret = acl(path, ACL_SET, acl_d->count, acl_d->acl);
3516 + sys_acl_free_acl(acl_d);
3521 +int sys_acl_free_text(char *text)
3527 +int sys_acl_free_acl(SMB_ACL_T acl_d)
3533 +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
3538 +#elif defined(HAVE_IRIX_ACLS)
3540 +int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
3542 + if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
3547 + if (entry_p == NULL) {
3552 + if (entry_id == SMB_ACL_FIRST_ENTRY) {
3556 + if (acl_d->next < 0) {
3561 + if (acl_d->next >= acl_d->aclp->acl_cnt) {
3565 + *entry_p = &acl_d->aclp->acl_entry[acl_d->next++];
3570 +int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
3572 + *type_p = entry_d->ae_tag;
3577 +int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
3579 + *permset_p = entry_d;
3584 +void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
3586 + if (entry_d->ae_tag != SMB_ACL_USER
3587 + && entry_d->ae_tag != SMB_ACL_GROUP) {
3592 + return &entry_d->ae_id;
3595 +SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
3599 + if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) {
3603 + if ((a->aclp = acl_get_file(path_p, type)) == NULL) {
3608 + a->freeaclp = True;
3612 +SMB_ACL_T sys_acl_get_fd(int fd)
3616 + if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) {
3620 + if ((a->aclp = acl_get_fd(fd)) == NULL) {
3625 + a->freeaclp = True;
3629 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
3631 + permset_d->ae_perm = 0;
3636 +int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
3638 + if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
3639 + && perm != SMB_ACL_EXECUTE) {
3644 + if (permset_d == NULL) {
3649 + permset_d->ae_perm |= perm;
3654 +int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
3656 + return permset_d->ae_perm & perm;
3659 +char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
3661 + return acl_to_text(acl_d->aclp, len_p);
3664 +SMB_ACL_T sys_acl_init(int count)
3673 + if ((a = SMB_MALLOC(sizeof(struct SMB_ACL_T) + sizeof(struct acl))) == NULL) {
3679 + a->freeaclp = False;
3680 + a->aclp = (struct acl *)(&a->aclp + sizeof(struct acl *));
3681 + a->aclp->acl_cnt = 0;
3687 +int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
3690 + SMB_ACL_ENTRY_T entry_d;
3692 + if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
3697 + if (acl_d->aclp->acl_cnt >= ACL_MAX_ENTRIES) {
3702 + entry_d = &acl_d->aclp->acl_entry[acl_d->aclp->acl_cnt++];
3703 + entry_d->ae_tag = 0;
3704 + entry_d->ae_id = 0;
3705 + entry_d->ae_perm = 0;
3706 + *entry_p = entry_d;
3711 +int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
3713 + switch (tag_type) {
3714 + case SMB_ACL_USER:
3715 + case SMB_ACL_USER_OBJ:
3716 + case SMB_ACL_GROUP:
3717 + case SMB_ACL_GROUP_OBJ:
3718 + case SMB_ACL_OTHER:
3719 + case SMB_ACL_MASK:
3720 + entry_d->ae_tag = tag_type;
3730 +int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
3732 + if (entry_d->ae_tag != SMB_ACL_GROUP
3733 + && entry_d->ae_tag != SMB_ACL_USER) {
3738 + entry_d->ae_id = *((id_t *)qual_p);
3743 +int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
3745 + if (permset_d->ae_perm & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
3749 + entry_d->ae_perm = permset_d->ae_perm;
3754 +int sys_acl_valid(SMB_ACL_T acl_d)
3756 + return acl_valid(acl_d->aclp);
3759 +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
3761 + return acl_set_file(name, type, acl_d->aclp);
3764 +int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
3766 + return acl_set_fd(fd, acl_d->aclp);
3769 +int sys_acl_delete_def_file(const char *name)
3771 + return acl_delete_def_file(name);
3774 +int sys_acl_free_text(char *text)
3776 + return acl_free(text);
3779 +int sys_acl_free_acl(SMB_ACL_T acl_d)
3781 + if (acl_d->freeaclp) {
3782 + acl_free(acl_d->aclp);
3788 +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
3793 +#elif defined(HAVE_AIX_ACLS)
3795 +/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
3797 +int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
3799 + struct acl_entry_link *link;
3800 + struct new_acl_entry *entry;
3803 + DEBUG(10,("This is the count: %d\n",theacl->count));
3805 + /* Check if count was previously set to -1. *
3806 + * If it was, that means we reached the end *
3807 + * of the acl last time. */
3808 + if(theacl->count == -1)
3812 + /* To get to the next acl, traverse linked list until index *
3813 + * of acl matches the count we are keeping. This count is *
3814 + * incremented each time we return an acl entry. */
3816 + for(keep_going = 0; keep_going < theacl->count; keep_going++)
3817 + link = link->nextp;
3819 + entry = *entry_p = link->entryp;
3821 + DEBUG(10,("*entry_p is %d\n",entry_p));
3822 + DEBUG(10,("*entry_p->ace_access is %d\n",entry->ace_access));
3824 + /* Increment count */
3826 + if(link->nextp == NULL)
3827 + theacl->count = -1;
3832 +int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
3834 + /* Initialize tag type */
3837 + DEBUG(10,("the tagtype is %d\n",entry_d->ace_id->id_type));
3839 + /* Depending on what type of entry we have, *
3840 + * return tag type. */
3841 + switch(entry_d->ace_id->id_type) {
3843 + *tag_type_p = SMB_ACL_USER;
3846 + *tag_type_p = SMB_ACL_GROUP;
3849 + case SMB_ACL_USER_OBJ:
3850 + case SMB_ACL_GROUP_OBJ:
3851 + case SMB_ACL_OTHER:
3852 + *tag_type_p = entry_d->ace_id->id_type;
3862 +int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
3864 + DEBUG(10,("Starting AIX sys_acl_get_permset\n"));
3865 + *permset_p = &entry_d->ace_access;
3866 + DEBUG(10,("**permset_p is %d\n",**permset_p));
3867 + if(!(**permset_p & S_IXUSR) &&
3868 + !(**permset_p & S_IWUSR) &&
3869 + !(**permset_p & S_IRUSR) &&
3870 + (**permset_p != 0))
3873 + DEBUG(10,("Ending AIX sys_acl_get_permset\n"));
3877 +void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
3879 + return(entry_d->ace_id->id_data);
3882 +SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
3884 + struct acl *file_acl = (struct acl *)NULL;
3885 + struct acl_entry *acl_entry;
3886 + struct new_acl_entry *new_acl_entry;
3887 + struct ace_id *idp;
3888 + struct acl_entry_link *acl_entry_link;
3889 + struct acl_entry_link *acl_entry_link_head;
3894 + /* AIX has no DEFAULT */
3895 + if ( type == SMB_ACL_TYPE_DEFAULT )
3898 + /* Get the acl using statacl */
3900 + DEBUG(10,("Entering sys_acl_get_file\n"));
3901 + DEBUG(10,("path_p is %s\n",path_p));
3903 + file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
3905 + if(file_acl == NULL) {
3907 + DEBUG(0,("Error in AIX sys_acl_get_file: %d\n",errno));
3911 + memset(file_acl,0,BUFSIZ);
3913 + rc = statacl((char *)path_p,0,file_acl,BUFSIZ);
3915 + DEBUG(0,("statacl returned %d with errno %d\n",rc,errno));
3916 + SAFE_FREE(file_acl);
3920 + DEBUG(10,("Got facl and returned it\n"));
3922 + /* Point to the first acl entry in the acl */
3923 + acl_entry = file_acl->acl_ext;
3925 + /* Begin setting up the head of the linked list *
3926 + * that will be used for the storing the acl *
3927 + * in a way that is useful for the posix_acls.c *
3930 + acl_entry_link_head = acl_entry_link = sys_acl_init(0);
3931 + if(acl_entry_link_head == NULL)
3934 + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
3935 + if(acl_entry_link->entryp == NULL) {
3936 + SAFE_FREE(file_acl);
3938 + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
3942 + DEBUG(10,("acl_entry is %d\n",acl_entry));
3943 + DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl)));
3945 + /* Check if the extended acl bit is on. *
3946 + * If it isn't, do not show the *
3947 + * contents of the acl since AIX intends *
3948 + * the extended info to remain unused */
3950 + if(file_acl->acl_mode & S_IXACL){
3951 + /* while we are not pointing to the very end */
3952 + while(acl_entry < acl_last(file_acl)) {
3953 + /* before we malloc anything, make sure this is */
3954 + /* a valid acl entry and one that we want to map */
3955 + idp = id_nxt(acl_entry->ace_id);
3956 + if((acl_entry->ace_type == ACC_SPECIFY ||
3957 + (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) {
3958 + acl_entry = acl_nxt(acl_entry);
3962 + idp = acl_entry->ace_id;
3964 + /* Check if this is the first entry in the linked list. *
3965 + * The first entry needs to keep prevp pointing to NULL *
3966 + * and already has entryp allocated. */
3968 + if(acl_entry_link_head->count != 0) {
3969 + acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
3971 + if(acl_entry_link->nextp == NULL) {
3972 + SAFE_FREE(file_acl);
3974 + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
3978 + acl_entry_link->nextp->prevp = acl_entry_link;
3979 + acl_entry_link = acl_entry_link->nextp;
3980 + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
3981 + if(acl_entry_link->entryp == NULL) {
3982 + SAFE_FREE(file_acl);
3984 + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
3987 + acl_entry_link->nextp = NULL;
3990 + acl_entry_link->entryp->ace_len = acl_entry->ace_len;
3992 + /* Don't really need this since all types are going *
3993 + * to be specified but, it's better than leaving it 0 */
3995 + acl_entry_link->entryp->ace_type = acl_entry->ace_type;
3997 + acl_entry_link->entryp->ace_access = acl_entry->ace_access;
3999 + memcpy(acl_entry_link->entryp->ace_id,idp,sizeof(struct ace_id));
4001 + /* The access in the acl entries must be left shifted by *
4002 + * three bites, because they will ultimately be compared *
4003 + * to S_IRUSR, S_IWUSR, and S_IXUSR. */
4005 + switch(acl_entry->ace_type){
4008 + acl_entry_link->entryp->ace_access = acl_entry->ace_access;
4009 + acl_entry_link->entryp->ace_access <<= 6;
4010 + acl_entry_link_head->count++;
4013 + /* Since there is no way to return a DENY acl entry *
4014 + * change to PERMIT and then shift. */
4015 + DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access));
4016 + acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7;
4017 + DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access));
4018 + acl_entry_link->entryp->ace_access <<= 6;
4019 + acl_entry_link_head->count++;
4025 + DEBUG(10,("acl_entry = %d\n",acl_entry));
4026 + DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type));
4028 + acl_entry = acl_nxt(acl_entry);
4030 + } /* end of if enabled */
4032 + /* Since owner, group, other acl entries are not *
4033 + * part of the acl entries in an acl, they must *
4034 + * be dummied up to become part of the list. */
4036 + for( i = 1; i < 4; i++) {
4037 + DEBUG(10,("i is %d\n",i));
4038 + if(acl_entry_link_head->count != 0) {
4039 + acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
4040 + if(acl_entry_link->nextp == NULL) {
4041 + SAFE_FREE(file_acl);
4043 + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
4047 + acl_entry_link->nextp->prevp = acl_entry_link;
4048 + acl_entry_link = acl_entry_link->nextp;
4049 + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
4050 + if(acl_entry_link->entryp == NULL) {
4051 + SAFE_FREE(file_acl);
4053 + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
4058 + acl_entry_link->nextp = NULL;
4060 + new_acl_entry = acl_entry_link->entryp;
4061 + idp = new_acl_entry->ace_id;
4063 + new_acl_entry->ace_len = sizeof(struct acl_entry);
4064 + new_acl_entry->ace_type = ACC_PERMIT;
4065 + idp->id_len = sizeof(struct ace_id);
4066 + DEBUG(10,("idp->id_len = %d\n",idp->id_len));
4067 + memset(idp->id_data,0,sizeof(uid_t));
4071 + new_acl_entry->ace_access = file_acl->g_access << 6;
4072 + idp->id_type = SMB_ACL_GROUP_OBJ;
4076 + new_acl_entry->ace_access = file_acl->o_access << 6;
4077 + idp->id_type = SMB_ACL_OTHER;
4081 + new_acl_entry->ace_access = file_acl->u_access << 6;
4082 + idp->id_type = SMB_ACL_USER_OBJ;
4090 + acl_entry_link_head->count++;
4091 + DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access));
4094 + acl_entry_link_head->count = 0;
4095 + SAFE_FREE(file_acl);
4097 + return(acl_entry_link_head);
4100 +SMB_ACL_T sys_acl_get_fd(int fd)
4102 + struct acl *file_acl = (struct acl *)NULL;
4103 + struct acl_entry *acl_entry;
4104 + struct new_acl_entry *new_acl_entry;
4105 + struct ace_id *idp;
4106 + struct acl_entry_link *acl_entry_link;
4107 + struct acl_entry_link *acl_entry_link_head;
4112 + /* Get the acl using fstatacl */
4114 + DEBUG(10,("Entering sys_acl_get_fd\n"));
4115 + DEBUG(10,("fd is %d\n",fd));
4116 + file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
4118 + if(file_acl == NULL) {
4120 + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
4124 + memset(file_acl,0,BUFSIZ);
4126 + rc = fstatacl(fd,0,file_acl,BUFSIZ);
4128 + DEBUG(0,("The fstatacl call returned %d with errno %d\n",rc,errno));
4129 + SAFE_FREE(file_acl);
4133 + DEBUG(10,("Got facl and returned it\n"));
4135 + /* Point to the first acl entry in the acl */
4137 + acl_entry = file_acl->acl_ext;
4138 + /* Begin setting up the head of the linked list *
4139 + * that will be used for the storing the acl *
4140 + * in a way that is useful for the posix_acls.c *
4143 + acl_entry_link_head = acl_entry_link = sys_acl_init(0);
4144 + if(acl_entry_link_head == NULL){
4145 + SAFE_FREE(file_acl);
4149 + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
4151 + if(acl_entry_link->entryp == NULL) {
4153 + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
4154 + SAFE_FREE(file_acl);
4158 + DEBUG(10,("acl_entry is %d\n",acl_entry));
4159 + DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl)));
4161 + /* Check if the extended acl bit is on. *
4162 + * If it isn't, do not show the *
4163 + * contents of the acl since AIX intends *
4164 + * the extended info to remain unused */
4166 + if(file_acl->acl_mode & S_IXACL){
4167 + /* while we are not pointing to the very end */
4168 + while(acl_entry < acl_last(file_acl)) {
4169 + /* before we malloc anything, make sure this is */
4170 + /* a valid acl entry and one that we want to map */
4172 + idp = id_nxt(acl_entry->ace_id);
4173 + if((acl_entry->ace_type == ACC_SPECIFY ||
4174 + (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) {
4175 + acl_entry = acl_nxt(acl_entry);
4179 + idp = acl_entry->ace_id;
4181 + /* Check if this is the first entry in the linked list. *
4182 + * The first entry needs to keep prevp pointing to NULL *
4183 + * and already has entryp allocated. */
4185 + if(acl_entry_link_head->count != 0) {
4186 + acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
4187 + if(acl_entry_link->nextp == NULL) {
4189 + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
4190 + SAFE_FREE(file_acl);
4193 + acl_entry_link->nextp->prevp = acl_entry_link;
4194 + acl_entry_link = acl_entry_link->nextp;
4195 + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
4196 + if(acl_entry_link->entryp == NULL) {
4198 + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
4199 + SAFE_FREE(file_acl);
4203 + acl_entry_link->nextp = NULL;
4206 + acl_entry_link->entryp->ace_len = acl_entry->ace_len;
4208 + /* Don't really need this since all types are going *
4209 + * to be specified but, it's better than leaving it 0 */
4211 + acl_entry_link->entryp->ace_type = acl_entry->ace_type;
4212 + acl_entry_link->entryp->ace_access = acl_entry->ace_access;
4214 + memcpy(acl_entry_link->entryp->ace_id, idp, sizeof(struct ace_id));
4216 + /* The access in the acl entries must be left shifted by *
4217 + * three bites, because they will ultimately be compared *
4218 + * to S_IRUSR, S_IWUSR, and S_IXUSR. */
4220 + switch(acl_entry->ace_type){
4223 + acl_entry_link->entryp->ace_access = acl_entry->ace_access;
4224 + acl_entry_link->entryp->ace_access <<= 6;
4225 + acl_entry_link_head->count++;
4228 + /* Since there is no way to return a DENY acl entry *
4229 + * change to PERMIT and then shift. */
4230 + DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access));
4231 + acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7;
4232 + DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access));
4233 + acl_entry_link->entryp->ace_access <<= 6;
4234 + acl_entry_link_head->count++;
4240 + DEBUG(10,("acl_entry = %d\n",acl_entry));
4241 + DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type));
4243 + acl_entry = acl_nxt(acl_entry);
4245 + } /* end of if enabled */
4247 + /* Since owner, group, other acl entries are not *
4248 + * part of the acl entries in an acl, they must *
4249 + * be dummied up to become part of the list. */
4251 + for( i = 1; i < 4; i++) {
4252 + DEBUG(10,("i is %d\n",i));
4253 + if(acl_entry_link_head->count != 0){
4254 + acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
4255 + if(acl_entry_link->nextp == NULL) {
4257 + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
4258 + SAFE_FREE(file_acl);
4262 + acl_entry_link->nextp->prevp = acl_entry_link;
4263 + acl_entry_link = acl_entry_link->nextp;
4264 + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
4266 + if(acl_entry_link->entryp == NULL) {
4267 + SAFE_FREE(file_acl);
4269 + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
4274 + acl_entry_link->nextp = NULL;
4276 + new_acl_entry = acl_entry_link->entryp;
4277 + idp = new_acl_entry->ace_id;
4279 + new_acl_entry->ace_len = sizeof(struct acl_entry);
4280 + new_acl_entry->ace_type = ACC_PERMIT;
4281 + idp->id_len = sizeof(struct ace_id);
4282 + DEBUG(10,("idp->id_len = %d\n",idp->id_len));
4283 + memset(idp->id_data,0,sizeof(uid_t));
4287 + new_acl_entry->ace_access = file_acl->g_access << 6;
4288 + idp->id_type = SMB_ACL_GROUP_OBJ;
4292 + new_acl_entry->ace_access = file_acl->o_access << 6;
4293 + idp->id_type = SMB_ACL_OTHER;
4297 + new_acl_entry->ace_access = file_acl->u_access << 6;
4298 + idp->id_type = SMB_ACL_USER_OBJ;
4305 + acl_entry_link_head->count++;
4306 + DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access));
4309 + acl_entry_link_head->count = 0;
4310 + SAFE_FREE(file_acl);
4312 + return(acl_entry_link_head);
4315 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
4317 + *permset = *permset & ~0777;
4321 +int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
4324 + (perm & (S_IXUSR | S_IWUSR | S_IRUSR)) == 0)
4328 + DEBUG(10,("This is the permset now: %d\n",*permset));
4332 +char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen)
4337 +SMB_ACL_T sys_acl_init( int count)
4339 + struct acl_entry_link *theacl = NULL;
4341 + DEBUG(10,("Entering sys_acl_init\n"));
4343 + theacl = SMB_MALLOC_P(struct acl_entry_link);
4344 + if(theacl == NULL) {
4346 + DEBUG(0,("Error in sys_acl_init is %d\n",errno));
4350 + theacl->count = 0;
4351 + theacl->nextp = NULL;
4352 + theacl->prevp = NULL;
4353 + theacl->entryp = NULL;
4354 + DEBUG(10,("Exiting sys_acl_init\n"));
4358 +int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
4360 + struct acl_entry_link *theacl;
4361 + struct acl_entry_link *acl_entryp;
4362 + struct acl_entry_link *temp_entry;
4365 + DEBUG(10,("Entering the sys_acl_create_entry\n"));
4367 + theacl = acl_entryp = *pacl;
4369 + /* Get to the end of the acl before adding entry */
4371 + for(counting=0; counting < theacl->count; counting++){
4372 + DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
4373 + temp_entry = acl_entryp;
4374 + acl_entryp = acl_entryp->nextp;
4377 + if(theacl->count != 0){
4378 + temp_entry->nextp = acl_entryp = SMB_MALLOC_P(struct acl_entry_link);
4379 + if(acl_entryp == NULL) {
4381 + DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
4385 + DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
4386 + acl_entryp->prevp = temp_entry;
4387 + DEBUG(10,("The acl_entryp->prevp is %d\n",acl_entryp->prevp));
4390 + *pentry = acl_entryp->entryp = SMB_MALLOC_P(struct new_acl_entry);
4391 + if(*pentry == NULL) {
4393 + DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
4397 + memset(*pentry,0,sizeof(struct new_acl_entry));
4398 + acl_entryp->entryp->ace_len = sizeof(struct acl_entry);
4399 + acl_entryp->entryp->ace_type = ACC_PERMIT;
4400 + acl_entryp->entryp->ace_id->id_len = sizeof(struct ace_id);
4401 + acl_entryp->nextp = NULL;
4403 + DEBUG(10,("Exiting sys_acl_create_entry\n"));
4407 +int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
4409 + DEBUG(10,("Starting AIX sys_acl_set_tag_type\n"));
4410 + entry->ace_id->id_type = tagtype;
4411 + DEBUG(10,("The tag type is %d\n",entry->ace_id->id_type));
4412 + DEBUG(10,("Ending AIX sys_acl_set_tag_type\n"));
4415 +int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
4417 + DEBUG(10,("Starting AIX sys_acl_set_qualifier\n"));
4418 + memcpy(entry->ace_id->id_data,qual,sizeof(uid_t));
4419 + DEBUG(10,("Ending AIX sys_acl_set_qualifier\n"));
4423 +int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
4425 + DEBUG(10,("Starting AIX sys_acl_set_permset\n"));
4426 + if(!(*permset & S_IXUSR) &&
4427 + !(*permset & S_IWUSR) &&
4428 + !(*permset & S_IRUSR) &&
4432 + entry->ace_access = *permset;
4433 + DEBUG(10,("entry->ace_access = %d\n",entry->ace_access));
4434 + DEBUG(10,("Ending AIX sys_acl_set_permset\n"));
4438 +int sys_acl_valid( SMB_ACL_T theacl )
4441 + int group_obj = 0;
4442 + int other_obj = 0;
4443 + struct acl_entry_link *acl_entry;
4445 + for(acl_entry=theacl; acl_entry != NULL; acl_entry = acl_entry->nextp) {
4446 + user_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_USER_OBJ);
4447 + group_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_GROUP_OBJ);
4448 + other_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_OTHER);
4451 + DEBUG(10,("user_obj=%d, group_obj=%d, other_obj=%d\n",user_obj,group_obj,other_obj));
4453 + if(user_obj != 1 || group_obj != 1 || other_obj != 1)
4459 +int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
4461 + struct acl_entry_link *acl_entry_link = NULL;
4462 + struct acl *file_acl = NULL;
4463 + struct acl *file_acl_temp = NULL;
4464 + struct acl_entry *acl_entry = NULL;
4465 + struct ace_id *ace_id = NULL;
4472 + DEBUG(10,("Entering sys_acl_set_file\n"));
4473 + DEBUG(10,("File name is %s\n",name));
4475 + /* AIX has no default ACL */
4476 + if(acltype == SMB_ACL_TYPE_DEFAULT)
4479 + acl_length = BUFSIZ;
4480 + file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
4482 + if(file_acl == NULL) {
4484 + DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
4488 + memset(file_acl,0,BUFSIZ);
4490 + file_acl->acl_len = ACL_SIZ;
4491 + file_acl->acl_mode = S_IXACL;
4493 + for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
4494 + acl_entry_link->entryp->ace_access >>= 6;
4495 + id_type = acl_entry_link->entryp->ace_id->id_type;
4498 + case SMB_ACL_USER_OBJ:
4499 + file_acl->u_access = acl_entry_link->entryp->ace_access;
4501 + case SMB_ACL_GROUP_OBJ:
4502 + file_acl->g_access = acl_entry_link->entryp->ace_access;
4504 + case SMB_ACL_OTHER:
4505 + file_acl->o_access = acl_entry_link->entryp->ace_access;
4507 + case SMB_ACL_MASK:
4511 + if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
4512 + acl_length += sizeof(struct acl_entry);
4513 + file_acl_temp = (struct acl *)SMB_MALLOC(acl_length);
4514 + if(file_acl_temp == NULL) {
4515 + SAFE_FREE(file_acl);
4517 + DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
4521 + memcpy(file_acl_temp,file_acl,file_acl->acl_len);
4522 + SAFE_FREE(file_acl);
4523 + file_acl = file_acl_temp;
4526 + acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
4527 + file_acl->acl_len += sizeof(struct acl_entry);
4528 + acl_entry->ace_len = acl_entry_link->entryp->ace_len;
4529 + acl_entry->ace_access = acl_entry_link->entryp->ace_access;
4531 + /* In order to use this, we'll need to wait until we can get denies */
4532 + /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
4533 + acl_entry->ace_type = ACC_SPECIFY; */
4535 + acl_entry->ace_type = ACC_SPECIFY;
4537 + ace_id = acl_entry->ace_id;
4539 + ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
4540 + DEBUG(10,("The id type is %d\n",ace_id->id_type));
4541 + ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
4542 + memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t));
4543 + memcpy(acl_entry->ace_id->id_data, &user_id, sizeof(uid_t));
4546 + rc = chacl(name,file_acl,file_acl->acl_len);
4547 + DEBUG(10,("errno is %d\n",errno));
4548 + DEBUG(10,("return code is %d\n",rc));
4549 + SAFE_FREE(file_acl);
4550 + DEBUG(10,("Exiting the sys_acl_set_file\n"));
4554 +int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
4556 + struct acl_entry_link *acl_entry_link = NULL;
4557 + struct acl *file_acl = NULL;
4558 + struct acl *file_acl_temp = NULL;
4559 + struct acl_entry *acl_entry = NULL;
4560 + struct ace_id *ace_id = NULL;
4566 + DEBUG(10,("Entering sys_acl_set_fd\n"));
4567 + acl_length = BUFSIZ;
4568 + file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
4570 + if(file_acl == NULL) {
4572 + DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
4576 + memset(file_acl,0,BUFSIZ);
4578 + file_acl->acl_len = ACL_SIZ;
4579 + file_acl->acl_mode = S_IXACL;
4581 + for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
4582 + acl_entry_link->entryp->ace_access >>= 6;
4583 + id_type = acl_entry_link->entryp->ace_id->id_type;
4584 + DEBUG(10,("The id_type is %d\n",id_type));
4587 + case SMB_ACL_USER_OBJ:
4588 + file_acl->u_access = acl_entry_link->entryp->ace_access;
4590 + case SMB_ACL_GROUP_OBJ:
4591 + file_acl->g_access = acl_entry_link->entryp->ace_access;
4593 + case SMB_ACL_OTHER:
4594 + file_acl->o_access = acl_entry_link->entryp->ace_access;
4596 + case SMB_ACL_MASK:
4600 + if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
4601 + acl_length += sizeof(struct acl_entry);
4602 + file_acl_temp = (struct acl *)SMB_MALLOC(acl_length);
4603 + if(file_acl_temp == NULL) {
4604 + SAFE_FREE(file_acl);
4606 + DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
4610 + memcpy(file_acl_temp,file_acl,file_acl->acl_len);
4611 + SAFE_FREE(file_acl);
4612 + file_acl = file_acl_temp;
4615 + acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
4616 + file_acl->acl_len += sizeof(struct acl_entry);
4617 + acl_entry->ace_len = acl_entry_link->entryp->ace_len;
4618 + acl_entry->ace_access = acl_entry_link->entryp->ace_access;
4620 + /* In order to use this, we'll need to wait until we can get denies */
4621 + /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
4622 + acl_entry->ace_type = ACC_SPECIFY; */
4624 + acl_entry->ace_type = ACC_SPECIFY;
4626 + ace_id = acl_entry->ace_id;
4628 + ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
4629 + DEBUG(10,("The id type is %d\n",ace_id->id_type));
4630 + ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
4631 + memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t));
4632 + memcpy(ace_id->id_data, &user_id, sizeof(uid_t));
4635 + rc = fchacl(fd,file_acl,file_acl->acl_len);
4636 + DEBUG(10,("errno is %d\n",errno));
4637 + DEBUG(10,("return code is %d\n",rc));
4638 + SAFE_FREE(file_acl);
4639 + DEBUG(10,("Exiting sys_acl_set_fd\n"));
4643 +int sys_acl_delete_def_file(const char *name)
4645 + /* AIX has no default ACL */
4649 +int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
4651 + return(*permset & perm);
4654 +int sys_acl_free_text(char *text)
4659 +int sys_acl_free_acl(SMB_ACL_T posix_acl)
4661 + struct acl_entry_link *acl_entry_link;
4663 + for(acl_entry_link = posix_acl->nextp; acl_entry_link->nextp != NULL; acl_entry_link = acl_entry_link->nextp) {
4664 + SAFE_FREE(acl_entry_link->prevp->entryp);
4665 + SAFE_FREE(acl_entry_link->prevp);
4668 + SAFE_FREE(acl_entry_link->prevp->entryp);
4669 + SAFE_FREE(acl_entry_link->prevp);
4670 + SAFE_FREE(acl_entry_link->entryp);
4671 + SAFE_FREE(acl_entry_link);
4676 +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
4681 +#else /* No ACLs. */
4683 +int sys_acl_get_entry(UNUSED(SMB_ACL_T the_acl), UNUSED(int entry_id), UNUSED(SMB_ACL_ENTRY_T *entry_p))
4689 +int sys_acl_get_tag_type(UNUSED(SMB_ACL_ENTRY_T entry_d), UNUSED(SMB_ACL_TAG_T *tag_type_p))
4695 +int sys_acl_get_permset(UNUSED(SMB_ACL_ENTRY_T entry_d), UNUSED(SMB_ACL_PERMSET_T *permset_p))
4701 +void *sys_acl_get_qualifier(UNUSED(SMB_ACL_ENTRY_T entry_d))
4707 +SMB_ACL_T sys_acl_get_file(UNUSED(const char *path_p), UNUSED(SMB_ACL_TYPE_T type))
4710 + return (SMB_ACL_T)NULL;
4713 +SMB_ACL_T sys_acl_get_fd(UNUSED(int fd))
4716 + return (SMB_ACL_T)NULL;
4719 +int sys_acl_clear_perms(UNUSED(SMB_ACL_PERMSET_T permset))
4725 +int sys_acl_add_perm( UNUSED(SMB_ACL_PERMSET_T permset), UNUSED(SMB_ACL_PERM_T perm))
4731 +int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
4734 + return (permset & perm) ? 1 : 0;
4737 +char *sys_acl_to_text(UNUSED(SMB_ACL_T the_acl), UNUSED(ssize_t *plen))
4743 +int sys_acl_free_text(UNUSED(char *text))
4749 +SMB_ACL_T sys_acl_init(UNUSED(int count))
4755 +int sys_acl_create_entry(UNUSED(SMB_ACL_T *pacl), UNUSED(SMB_ACL_ENTRY_T *pentry))
4761 +int sys_acl_set_tag_type(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(SMB_ACL_TAG_T tagtype))
4767 +int sys_acl_set_qualifier(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(void *qual))
4773 +int sys_acl_set_permset(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(SMB_ACL_PERMSET_T permset))
4779 +int sys_acl_valid(UNUSED(SMB_ACL_T theacl))
4785 +int sys_acl_set_file(UNUSED(const char *name), UNUSED(SMB_ACL_TYPE_T acltype), UNUSED(SMB_ACL_T theacl))
4791 +int sys_acl_set_fd(UNUSED(int fd), UNUSED(SMB_ACL_T theacl))
4797 +int sys_acl_delete_def_file(UNUSED(const char *name))
4803 +int sys_acl_free_acl(UNUSED(SMB_ACL_T the_acl))
4809 +int sys_acl_free_qualifier(UNUSED(void *qual), UNUSED(SMB_ACL_TAG_T tagtype))
4815 +#endif /* No ACLs. */
4817 +/************************************************************************
4818 + Deliberately outside the ACL defines. Return 1 if this is a "no acls"
4820 +************************************************************************/
4822 +int no_acl_syscall_error(int err)
4824 +#if defined(ENOSYS)
4825 + if (err == ENOSYS) {
4829 +#if defined(ENOTSUP)
4830 + if (err == ENOTSUP) {
4836 --- old/lib/sysacls.h
4837 +++ new/lib/sysacls.h
4839 +#define SMB_MALLOC(cnt) new_array(char, cnt)
4840 +#define SMB_MALLOC_P(obj) new_array(obj, 1)
4841 +#define SMB_MALLOC_ARRAY(obj, cnt) new_array(obj, cnt)
4842 +#define SMB_REALLOC(mem, cnt) realloc_array(mem, char, cnt)
4843 +#define slprintf snprintf
4845 +int sys_acl_get_entry(SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p);
4846 +int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p);
4847 +int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p);
4848 +void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d);
4849 +SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type);
4850 +SMB_ACL_T sys_acl_get_fd(int fd);
4851 +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset);
4852 +int sys_acl_add_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
4853 +int sys_acl_get_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
4854 +char *sys_acl_to_text(SMB_ACL_T the_acl, ssize_t *plen);
4855 +SMB_ACL_T sys_acl_init(int count);
4856 +int sys_acl_create_entry(SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry);
4857 +int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype);
4858 +int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry, void *qual);
4859 +int sys_acl_set_permset(SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset);
4860 +int sys_acl_valid(SMB_ACL_T theacl);
4861 +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);
4862 +int sys_acl_set_fd(int fd, SMB_ACL_T theacl);
4863 +int sys_acl_delete_def_file(const char *name);
4864 +int sys_acl_free_text(char *text);
4865 +int sys_acl_free_acl(SMB_ACL_T the_acl);
4866 +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype);
4869 @@ -58,7 +58,7 @@ BEGIN {
4873 -!/^OFF_T|^size_t|^off_t|^pid_t|^unsigned|^mode_t|^DIR|^user|^int|^char|^uint|^uchar|^short|^struct|^BOOL|^void|^time|^const|^RETSIGTYPE/ {
4874 +!/^OFF_T|^size_t|^off_t|^pid_t|^id_t|^unsigned|^mode_t|^DIR|^user|^int|^char|^uint|^uchar|^short|^struct|^BOOL|^void|^time|^const|^RETSIGTYPE/ {
4880 @@ -45,6 +45,7 @@ int copy_dirlinks = 0;
4882 int preserve_links = 0;
4883 int preserve_hard_links = 0;
4884 +int preserve_acls = 0;
4885 int preserve_perms = 0;
4886 int preserve_executability = 0;
4887 int preserve_devices = 0;
4888 @@ -194,6 +195,7 @@ static void print_rsync_version(enum log
4889 char const *got_socketpair = "no ";
4890 char const *have_inplace = "no ";
4891 char const *hardlinks = "no ";
4892 + char const *acls = "no ";
4893 char const *links = "no ";
4894 char const *ipv6 = "no ";
4895 STRUCT_STAT *dumstat;
4896 @@ -210,6 +212,10 @@ static void print_rsync_version(enum log
4900 +#ifdef SUPPORT_ACLS
4904 #ifdef SUPPORT_LINKS
4907 @@ -223,9 +229,9 @@ static void print_rsync_version(enum log
4908 rprintf(f, "Copyright (C) 1996-2006 by Andrew Tridgell, Wayne Davison, and others.\n");
4909 rprintf(f, "<http://rsync.samba.org/>\n");
4910 rprintf(f, "Capabilities: %d-bit files, %ssocketpairs, "
4911 - "%shard links, %ssymlinks, batchfiles,\n",
4912 + "%shard links, %sACLs, %ssymlinks, batchfiles,\n",
4913 (int) (sizeof (OFF_T) * 8),
4914 - got_socketpair, hardlinks, links);
4915 + got_socketpair, hardlinks, acls, links);
4917 /* Note that this field may not have type ino_t. It depends
4918 * on the complicated interaction between largefile feature
4919 @@ -295,6 +301,9 @@ void usage(enum logcode F)
4920 rprintf(F," -H, --hard-links preserve hard links\n");
4921 rprintf(F," -p, --perms preserve permissions\n");
4922 rprintf(F," -E, --executability preserve the file's executability\n");
4923 +#ifdef SUPPORT_ACLS
4924 + rprintf(F," -A, --acls preserve ACLs (implies --perms)\n");
4926 rprintf(F," --chmod=CHMOD change destination permissions\n");
4927 rprintf(F," -o, --owner preserve owner (super-user only)\n");
4928 rprintf(F," -g, --group preserve group\n");
4929 @@ -410,6 +419,9 @@ static struct poptOption long_options[]
4930 {"no-perms", 0, POPT_ARG_VAL, &preserve_perms, 0, 0, 0 },
4931 {"no-p", 0, POPT_ARG_VAL, &preserve_perms, 0, 0, 0 },
4932 {"executability", 'E', POPT_ARG_NONE, &preserve_executability, 0, 0, 0 },
4933 + {"acls", 'A', POPT_ARG_NONE, 0, 'A', 0, 0 },
4934 + {"no-acls", 0, POPT_ARG_VAL, &preserve_acls, 0, 0, 0 },
4935 + {"no-A", 0, POPT_ARG_VAL, &preserve_acls, 0, 0, 0 },
4936 {"times", 't', POPT_ARG_VAL, &preserve_times, 1, 0, 0 },
4937 {"no-times", 0, POPT_ARG_VAL, &preserve_times, 0, 0, 0 },
4938 {"no-t", 0, POPT_ARG_VAL, &preserve_times, 0, 0, 0 },
4939 @@ -1068,6 +1080,24 @@ int parse_arguments(int *argc, const cha
4944 +#ifdef SUPPORT_ACLS
4946 + preserve_perms = 1;
4949 + /* FIXME: this should probably be ignored with a
4950 + * warning and then countermeasures taken to
4951 + * restrict group and other access in the presence
4952 + * of any more restrictive ACLs, but this is safe
4954 + snprintf(err_buf,sizeof(err_buf),
4955 + "ACLs are not supported on this %s\n",
4956 + am_server ? "server" : "client");
4962 /* A large opt value means that set_refuse_options()
4963 * turned this option off. */
4964 @@ -1511,6 +1541,10 @@ void server_options(char **args,int *arg
4966 if (preserve_hard_links)
4968 +#ifdef SUPPORT_ACLS
4969 + if (preserve_acls)
4970 + argstr[x++] = 'A';
4977 @@ -46,6 +46,7 @@ extern int keep_partial;
4978 extern int checksum_seed;
4980 extern int delay_updates;
4981 +extern mode_t orig_umask;
4982 extern struct stats stats;
4983 extern char *log_format;
4984 extern char *tmpdir;
4985 @@ -344,6 +345,10 @@ int recv_files(int f_in, struct file_lis
4986 int itemizing = am_daemon ? daemon_log_format_has_i
4987 : !am_server && log_format_has_i;
4988 int max_phase = protocol_version >= 29 ? 2 : 1;
4989 + int dflt_perms = (ACCESSPERMS & ~orig_umask);
4990 +#ifdef SUPPORT_ACLS
4991 + char *parent_dirname = "";
4996 @@ -541,7 +546,16 @@ int recv_files(int f_in, struct file_lis
4997 * mode based on the local permissions and some heuristics. */
4998 if (!preserve_perms) {
4999 int exists = fd1 != -1;
5000 - file->mode = dest_mode(file->mode, st.st_mode, exists);
5001 +#ifdef SUPPORT_ACLS
5002 + char *dn = file->dirname ? file->dirname : ".";
5003 + if (parent_dirname != dn
5004 + && strcmp(parent_dirname, dn) != 0) {
5005 + dflt_perms = default_perms_for_dir(dn);
5006 + parent_dirname = dn;
5009 + file->mode = dest_mode(file->mode, st.st_mode,
5010 + dflt_perms, exists);
5013 /* We now check to see if we are writing file "inplace" */
5019 extern int daemon_log_format_has_i;
5020 +extern int preserve_acls;
5021 extern int preserve_perms;
5022 extern int preserve_executability;
5023 extern int preserve_times;
5024 @@ -101,7 +102,8 @@ void free_sums(struct sum_struct *s)
5026 /* This is only called when we aren't preserving permissions. Figure out what
5027 * the permissions should be and return them merged back into the mode. */
5028 -mode_t dest_mode(mode_t flist_mode, mode_t cur_mode, int exists)
5029 +mode_t dest_mode(mode_t flist_mode, mode_t cur_mode, int dflt_perms,
5032 /* If the file already exists, we'll return the local permissions,
5033 * possibly tweaked by the --executability option. */
5034 @@ -116,7 +118,7 @@ mode_t dest_mode(mode_t flist_mode, mode
5035 cur_mode |= (cur_mode & 0444) >> 2;
5038 - cur_mode = flist_mode & ACCESSPERMS & ~orig_umask;
5039 + cur_mode = flist_mode & ACCESSPERMS & dflt_perms;
5040 if (daemon_chmod_modes && !S_ISLNK(flist_mode))
5041 cur_mode = tweak_mode(cur_mode, daemon_chmod_modes);
5042 return (flist_mode & ~CHMOD_BITS) | (cur_mode & CHMOD_BITS);
5043 @@ -203,6 +205,17 @@ int set_file_attrs(char *fname, struct f
5047 +#ifdef SUPPORT_ACLS
5048 + /* It's OK to call set_acl() now, even for a dir, as the generator
5049 + * will enable owner-writability using chmod, if necessary.
5051 + * If set_acl changes permission bits in the process of setting
5052 + * an access ACL, it changes st->st_mode so we know whether we
5053 + * need to chmod. */
5054 + if (preserve_acls && set_acl(fname, file, &st->st_mode) == 0)
5059 if ((st->st_mode & CHMOD_BITS) != (file->mode & CHMOD_BITS)) {
5060 int ret = do_chmod(fname, file->mode);
5063 @@ -660,6 +660,20 @@ struct chmod_mode_struct;
5065 #define UNUSED(x) x __attribute__((__unused__))
5067 +#if HAVE_POSIX_ACLS|HAVE_UNIXWARE_ACLS|HAVE_SOLARIS_ACLS|\
5068 + HAVE_HPUX_ACLS|HAVE_IRIX_ACLS|HAVE_AIX_ACLS|HAVE_TRU64_ACLS
5069 +#define SUPPORT_ACLS 1
5072 +#if HAVE_UNIXWARE_ACLS|HAVE_SOLARIS_ACLS|HAVE_HPUX_ACLS
5073 +#define ACLS_NEED_MASK 1
5076 +#if defined SUPPORT_ACLS && defined HAVE_SYS_ACL_H
5077 +#include <sys/acl.h>
5079 +#include "smb_acls.h"
5083 /* We have replacement versions of these if they're missing. */
5086 @@ -321,6 +321,7 @@ to the detailed description below for a
5087 -H, --hard-links preserve hard links
5088 -p, --perms preserve permissions
5089 -E, --executability preserve executability
5090 + -A, --acls preserve ACLs (implies -p) [non-standard]
5091 --chmod=CHMOD change destination permissions
5092 -o, --owner preserve owner (super-user only)
5093 -g, --group preserve group
5094 @@ -742,7 +743,9 @@ quote(itemize(
5095 permissions, though the bf(--executability) option might change just
5096 the execute permission for the file.
5097 it() New files get their "normal" permission bits set to the source
5098 - file's permissions masked with the receiving end's umask setting, and
5099 + file's permissions masked with the receiving directory's default
5100 + permissions (either the receiving process's umask, or the permissions
5101 + specified via the destination directory's default ACL), and
5102 their special permission bits disabled except in the case where a new
5103 directory inherits a setgid bit from its parent directory.
5105 @@ -773,9 +776,11 @@ The preservation of the destination's se
5106 directories when bf(--perms) is off was added in rsync 2.6.7. Older rsync
5107 versions erroneously preserved the three special permission bits for
5108 newly-created files when bf(--perms) was off, while overriding the
5109 -destination's setgid bit setting on a newly-created directory. (Keep in
5110 -mind that it is the version of the receiving rsync that affects this
5112 +destination's setgid bit setting on a newly-created directory. Default ACL
5113 +observance was added to the ACL patch for rsync 2.6.7, so older (or
5114 +non-ACL-enabled) rsyncs use the umask even if default ACLs are present.
5115 +(Keep in mind that it is the version of the receiving rsync that affects
5118 dit(bf(-E, --executability)) This option causes rsync to preserve the
5119 executability (or non-executability) of regular files when bf(--perms) is
5120 @@ -793,6 +798,15 @@ quote(itemize(
5122 If bf(--perms) is enabled, this option is ignored.
5124 +dit(bf(-A, --acls)) This option causes rsync to update the destination
5125 +ACLs to be the same as the source ACLs. This nonstandard option only
5126 +works if the remote rsync also supports it. bf(--acls) implies bf(--perms).
5128 +Note also that an optimization of the ACL-sending protocol used by this
5129 +version makes it incompatible with sending files to an older ACL-enabled
5130 +rsync unless you double the bf(--acls) option (e.g. bf(-AA)). This
5131 +doubling is not needed when pulling files from an older rsync.
5133 dit(bf(--chmod)) This option tells rsync to apply one or more
5134 comma-separated "chmod" strings to the permission of the files in the
5135 transfer. The resulting value is treated as though it was the permissions
5140 + Unix SMB/Netbios implementation.
5142 + Portable SMB ACL interface
5143 + Copyright (C) Jeremy Allison 2000
5145 + This program is free software; you can redistribute it and/or modify
5146 + it under the terms of the GNU General Public License as published by
5147 + the Free Software Foundation; either version 2 of the License, or
5148 + (at your option) any later version.
5150 + This program is distributed in the hope that it will be useful,
5151 + but WITHOUT ANY WARRANTY; without even the implied warranty of
5152 + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
5153 + GNU General Public License for more details.
5155 + You should have received a copy of the GNU General Public License
5156 + along with this program; if not, write to the Free Software
5157 + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
5160 +#ifndef _SMB_ACLS_H
5161 +#define _SMB_ACLS_H
5163 +#if defined HAVE_POSIX_ACLS
5165 +/* This is an identity mapping (just remove the SMB_). */
5167 +#define SMB_ACL_TAG_T acl_tag_t
5168 +#define SMB_ACL_TYPE_T acl_type_t
5169 +#define SMB_ACL_PERMSET_T acl_permset_t
5170 +#define SMB_ACL_PERM_T acl_perm_t
5171 +#define SMB_ACL_READ ACL_READ
5172 +#define SMB_ACL_WRITE ACL_WRITE
5173 +#define SMB_ACL_EXECUTE ACL_EXECUTE
5175 +/* Types of ACLs. */
5176 +#define SMB_ACL_USER ACL_USER
5177 +#define SMB_ACL_USER_OBJ ACL_USER_OBJ
5178 +#define SMB_ACL_GROUP ACL_GROUP
5179 +#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ
5180 +#define SMB_ACL_OTHER ACL_OTHER
5181 +#define SMB_ACL_MASK ACL_MASK
5183 +#define SMB_ACL_T acl_t
5185 +#define SMB_ACL_ENTRY_T acl_entry_t
5187 +#define SMB_ACL_FIRST_ENTRY ACL_FIRST_ENTRY
5188 +#define SMB_ACL_NEXT_ENTRY ACL_NEXT_ENTRY
5190 +#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS
5191 +#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT
5193 +#elif defined HAVE_TRU64_ACLS
5195 +/* This is for DEC/Compaq Tru64 UNIX */
5197 +#define SMB_ACL_TAG_T acl_tag_t
5198 +#define SMB_ACL_TYPE_T acl_type_t
5199 +#define SMB_ACL_PERMSET_T acl_permset_t
5200 +#define SMB_ACL_PERM_T acl_perm_t
5201 +#define SMB_ACL_READ ACL_READ
5202 +#define SMB_ACL_WRITE ACL_WRITE
5203 +#define SMB_ACL_EXECUTE ACL_EXECUTE
5205 +/* Types of ACLs. */
5206 +#define SMB_ACL_USER ACL_USER
5207 +#define SMB_ACL_USER_OBJ ACL_USER_OBJ
5208 +#define SMB_ACL_GROUP ACL_GROUP
5209 +#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ
5210 +#define SMB_ACL_OTHER ACL_OTHER
5211 +#define SMB_ACL_MASK ACL_MASK
5213 +#define SMB_ACL_T acl_t
5215 +#define SMB_ACL_ENTRY_T acl_entry_t
5217 +#define SMB_ACL_FIRST_ENTRY 0
5218 +#define SMB_ACL_NEXT_ENTRY 1
5220 +#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS
5221 +#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT
5223 +#elif defined HAVE_UNIXWARE_ACLS || defined HAVE_SOLARIS_ACLS
5225 + * Donated by Michael Davidson <md@sco.COM> for UnixWare / OpenUNIX.
5226 + * Modified by Toomas Soome <tsoome@ut.ee> for Solaris.
5229 +/* SVR4.2 ES/MP ACLs */
5230 +typedef int SMB_ACL_TAG_T;
5231 +typedef int SMB_ACL_TYPE_T;
5232 +typedef ushort *SMB_ACL_PERMSET_T;
5233 +typedef ushort SMB_ACL_PERM_T;
5234 +#define SMB_ACL_READ 4
5235 +#define SMB_ACL_WRITE 2
5236 +#define SMB_ACL_EXECUTE 1
5238 +/* Types of ACLs. */
5239 +#define SMB_ACL_USER USER
5240 +#define SMB_ACL_USER_OBJ USER_OBJ
5241 +#define SMB_ACL_GROUP GROUP
5242 +#define SMB_ACL_GROUP_OBJ GROUP_OBJ
5243 +#define SMB_ACL_OTHER OTHER_OBJ
5244 +#define SMB_ACL_MASK CLASS_OBJ
5246 +typedef struct SMB_ACL_T {
5250 + struct acl acl[1];
5253 +typedef struct acl *SMB_ACL_ENTRY_T;
5255 +#define SMB_ACL_FIRST_ENTRY 0
5256 +#define SMB_ACL_NEXT_ENTRY 1
5258 +#define SMB_ACL_TYPE_ACCESS 0
5259 +#define SMB_ACL_TYPE_DEFAULT 1
5262 +#define SMB_ACL_LOSES_SPECIAL_MODE_BITS
5265 +#elif defined HAVE_HPUX_ACLS
5268 + * Based on the Solaris & UnixWare code.
5272 +#include <sys/aclv.h>
5274 +/* SVR4.2 ES/MP ACLs */
5275 +typedef int SMB_ACL_TAG_T;
5276 +typedef int SMB_ACL_TYPE_T;
5277 +typedef ushort *SMB_ACL_PERMSET_T;
5278 +typedef ushort SMB_ACL_PERM_T;
5279 +#define SMB_ACL_READ 4
5280 +#define SMB_ACL_WRITE 2
5281 +#define SMB_ACL_EXECUTE 1
5283 +/* Types of ACLs. */
5284 +#define SMB_ACL_USER USER
5285 +#define SMB_ACL_USER_OBJ USER_OBJ
5286 +#define SMB_ACL_GROUP GROUP
5287 +#define SMB_ACL_GROUP_OBJ GROUP_OBJ
5288 +#define SMB_ACL_OTHER OTHER_OBJ
5289 +#define SMB_ACL_MASK CLASS_OBJ
5291 +typedef struct SMB_ACL_T {
5295 + struct acl acl[1];
5298 +typedef struct acl *SMB_ACL_ENTRY_T;
5300 +#define SMB_ACL_FIRST_ENTRY 0
5301 +#define SMB_ACL_NEXT_ENTRY 1
5303 +#define SMB_ACL_TYPE_ACCESS 0
5304 +#define SMB_ACL_TYPE_DEFAULT 1
5306 +#elif defined HAVE_IRIX_ACLS
5308 +#define SMB_ACL_TAG_T acl_tag_t
5309 +#define SMB_ACL_TYPE_T acl_type_t
5310 +#define SMB_ACL_PERMSET_T acl_permset_t
5311 +#define SMB_ACL_PERM_T acl_perm_t
5312 +#define SMB_ACL_READ ACL_READ
5313 +#define SMB_ACL_WRITE ACL_WRITE
5314 +#define SMB_ACL_EXECUTE ACL_EXECUTE
5316 +/* Types of ACLs. */
5317 +#define SMB_ACL_USER ACL_USER
5318 +#define SMB_ACL_USER_OBJ ACL_USER_OBJ
5319 +#define SMB_ACL_GROUP ACL_GROUP
5320 +#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ
5321 +#define SMB_ACL_OTHER ACL_OTHER_OBJ
5322 +#define SMB_ACL_MASK ACL_MASK
5324 +typedef struct SMB_ACL_T {
5330 +#define SMB_ACL_ENTRY_T acl_entry_t
5332 +#define SMB_ACL_FIRST_ENTRY 0
5333 +#define SMB_ACL_NEXT_ENTRY 1
5335 +#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS
5336 +#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT
5338 +#elif defined HAVE_AIX_ACLS
5340 +/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
5342 +#include "/usr/include/acl.h"
5344 +typedef uint *SMB_ACL_PERMSET_T;
5346 +struct acl_entry_link{
5347 + struct acl_entry_link *prevp;
5348 + struct new_acl_entry *entryp;
5349 + struct acl_entry_link *nextp;
5353 +struct new_acl_entry{
5354 + unsigned short ace_len;
5355 + unsigned short ace_type;
5356 + unsigned int ace_access;
5357 + struct ace_id ace_id[1];
5360 +#define SMB_ACL_ENTRY_T struct new_acl_entry*
5361 +#define SMB_ACL_T struct acl_entry_link*
5363 +#define SMB_ACL_TAG_T unsigned short
5364 +#define SMB_ACL_TYPE_T int
5365 +#define SMB_ACL_PERM_T uint
5366 +#define SMB_ACL_READ S_IRUSR
5367 +#define SMB_ACL_WRITE S_IWUSR
5368 +#define SMB_ACL_EXECUTE S_IXUSR
5370 +/* Types of ACLs. */
5371 +#define SMB_ACL_USER ACEID_USER
5372 +#define SMB_ACL_USER_OBJ 3
5373 +#define SMB_ACL_GROUP ACEID_GROUP
5374 +#define SMB_ACL_GROUP_OBJ 4
5375 +#define SMB_ACL_OTHER 5
5376 +#define SMB_ACL_MASK 6
5379 +#define SMB_ACL_FIRST_ENTRY 1
5380 +#define SMB_ACL_NEXT_ENTRY 2
5382 +#define SMB_ACL_TYPE_ACCESS 0
5383 +#define SMB_ACL_TYPE_DEFAULT 1
5385 +#else /* No ACLs. */
5387 +/* No ACLS - fake it. */
5388 +#define SMB_ACL_TAG_T int
5389 +#define SMB_ACL_TYPE_T int
5390 +#define SMB_ACL_PERMSET_T mode_t
5391 +#define SMB_ACL_PERM_T mode_t
5392 +#define SMB_ACL_READ S_IRUSR
5393 +#define SMB_ACL_WRITE S_IWUSR
5394 +#define SMB_ACL_EXECUTE S_IXUSR
5396 +/* Types of ACLs. */
5397 +#define SMB_ACL_USER 0
5398 +#define SMB_ACL_USER_OBJ 1
5399 +#define SMB_ACL_GROUP 2
5400 +#define SMB_ACL_GROUP_OBJ 3
5401 +#define SMB_ACL_OTHER 4
5402 +#define SMB_ACL_MASK 5
5404 +typedef struct SMB_ACL_T {
5408 +typedef struct SMB_ACL_ENTRY_T {
5410 +} *SMB_ACL_ENTRY_T;
5412 +#define SMB_ACL_FIRST_ENTRY 0
5413 +#define SMB_ACL_NEXT_ENTRY 1
5415 +#define SMB_ACL_TYPE_ACCESS 0
5416 +#define SMB_ACL_TYPE_DEFAULT 1
5418 +#endif /* No ACLs. */
5419 +#endif /* _SMB_ACLS_H */
5420 --- old/testsuite/default-acls.test
5421 +++ new/testsuite/default-acls.test
5425 +# This program is distributable under the terms of the GNU GPL see
5428 +# Test that rsync obeys default ACLs. -- Matt McCutchen
5430 +. $srcdir/testsuite/rsync.fns
5432 +$RSYNC --version | grep ", ACLs" >/dev/null || test_skipped "Rsync is configured without ACL support"
5433 +case "$setfacl_nodef" in
5434 +*-k*) opts='-dm u::7,g::5,o:5' ;;
5435 +*) opts='-m d:u::7,d:g::5,d:o:5' ;;
5437 +setfacl $opts "$scratchdir" || test_skipped "Your filesystem has ACLs disabled"
5439 +# Call as: testit <dirname> <default-acl> <file-expected> <program-expected>
5441 + todir="$scratchdir/$1"
5443 + $setfacl_nodef "$todir"
5445 + case "$setfacl_nodef" in
5446 + *-k*) opts="-dm $2" ;;
5447 + *) opts="-m `echo $2 | sed 's/\([ugom]:\)/d:\1/g'`"
5449 + setfacl $opts "$todir"
5451 + # Make sure we obey ACLs when creating a directory to hold multiple transferred files,
5452 + # even though the directory itself is outside the transfer
5453 + $RSYNC -rvv "$scratchdir/dir" "$scratchdir/file" "$scratchdir/program" "$todir/to/"
5454 + check_perms "$todir/to" $4 "Target $1"
5455 + check_perms "$todir/to/dir" $4 "Target $1"
5456 + check_perms "$todir/to/file" $3 "Target $1"
5457 + check_perms "$todir/to/program" $4 "Target $1"
5458 + # Make sure get_local_name doesn't mess us up when transferring only one file
5459 + $RSYNC -rvv "$scratchdir/file" "$todir/to/anotherfile"
5460 + check_perms "$todir/to/anotherfile" $3 "Target $1"
5461 + # Make sure we obey default ACLs when not transferring a regular file
5462 + $RSYNC -rvv "$scratchdir/dir/" "$todir/to/anotherdir/"
5463 + check_perms "$todir/to/anotherdir" $4 "Target $1"
5466 +mkdir "$scratchdir/dir"
5467 +echo "File!" >"$scratchdir/file"
5468 +echo "#!/bin/sh" >"$scratchdir/program"
5469 +chmod 777 "$scratchdir/dir"
5470 +chmod 666 "$scratchdir/file"
5471 +chmod 777 "$scratchdir/program"
5473 +# Test some target directories
5475 +testit da777 u::7,g::7,o:7 rw-rw-rw- rwxrwxrwx
5476 +testit da775 u::7,g::7,o:5 rw-rw-r-- rwxrwxr-x
5477 +testit da750 u::7,g::5,o:0 rw-r----- rwxr-x---
5478 +testit da770mask u::7,u:0:7,g::0,m:7,o:0 rw-rw---- rwxrwx---
5479 +testit noda1 '' rw------- rwx------
5481 +testit noda2 '' rw-rw-rw- rwxrwxrwx
5483 +testit noda3 '' rw-r--r-- rwxr-xr-x
5491 extern int preserve_uid;
5492 extern int preserve_gid;
5493 +extern int preserve_acls;
5494 extern int numeric_ids;
5497 @@ -274,7 +275,7 @@ void send_uid_list(int f)
5501 - if (preserve_uid) {
5502 + if (preserve_uid || preserve_acls) {
5504 /* we send sequences of uid/byte-length/name */
5505 for (list = uidlist; list; list = list->next) {
5506 @@ -291,7 +292,7 @@ void send_uid_list(int f)
5510 - if (preserve_gid) {
5511 + if (preserve_gid || preserve_acls) {
5513 for (list = gidlist; list; list = list->next) {
5515 @@ -312,7 +313,7 @@ void recv_uid_list(int f, struct file_li
5519 - if (preserve_uid && !numeric_ids) {
5520 + if ((preserve_uid || preserve_acls) && !numeric_ids) {
5521 /* read the uid list */
5522 while ((id = read_int(f)) != 0) {
5523 int len = read_byte(f);
5524 @@ -324,7 +325,7 @@ void recv_uid_list(int f, struct file_li
5528 - if (preserve_gid && !numeric_ids) {
5529 + if ((preserve_gid || preserve_acls) && !numeric_ids) {
5530 /* read the gid list */
5531 while ((id = read_int(f)) != 0) {
5532 int len = read_byte(f);
5533 @@ -336,6 +337,16 @@ void recv_uid_list(int f, struct file_li
5537 +#ifdef SUPPORT_ACLS
5538 + if (preserve_acls && !numeric_ids) {
5540 + while ((id = next_acl_uid(flist)) != NULL)
5541 + *id = match_uid(*id);
5542 + while ((id = next_acl_gid(flist)) != NULL)
5543 + *id = match_gid(*id);
5547 /* Now convert all the uids/gids from sender values to our values. */
5548 if (am_root && preserve_uid && !numeric_ids) {
5549 for (i = 0; i < flist->count; i++)