After applying this patch, run these commands for a successful build:
autoconf
- automake
+ autoheader
./configure --with-acl-support
make proto
make
+The program currently complains when the --acls (-A) option is used to copy
+from a disk that doesn't support ACLs. This should be changed to silently
+notice that no ACLs are available to copy. Of course, trying to write out
+ACLs to a non-ACL-supporting disk should complain.
---- orig/Makefile.in 2004-05-15 00:53:53
+--- orig/Makefile.in 2004-08-13 07:18:58
+++ Makefile.in 2004-07-03 20:11:58
@@ -25,7 +25,7 @@ VERSION=@VERSION@
.SUFFIXES:
OBJS3=progress.o pipe.o
DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o
popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \
---- orig/acls.c 2004-06-30 00:04:05
-+++ acls.c 2004-06-30 00:04:05
-@@ -0,0 +1,1119 @@
+--- orig/acls.c 2004-09-08 06:09:30
++++ acls.c 2004-09-08 06:09:30
+@@ -0,0 +1,1144 @@
+/* -*- c-file-style: "linux" -*-
+ Copyright (C) Andrew Tridgell 1996
+ Copyright (C) Paul Mackerras 1996
+
+#include "rsync.h"
+
-+#ifdef SUPPORT_ACLS
++#if SUPPORT_ACLS
+
+extern int preserve_acls;
+extern int am_root;
+ BOOL ok;
+ *curr_racl = rsync_acl_initializer;
+ if (!(sacl = sys_acl_get_file(fname, *type))) {
-+ rprintf(FERROR, "send_acl : sys_acl_get_file(%s, %s): %s\n",
++ rprintf(FERROR, "send_acl: sys_acl_get_file(%s, %s): %s\n",
+ fname, str_acl_type(*type), strerror(errno));
+ return False;
+ }
+{
+#if ACLS_NEED_MASK
+ uchar required_mask_perm = 0;
-+ BOOL saw_mask = False;
+#endif
++ BOOL saw_mask = False;
+ BOOL saw_user_obj = False, saw_group_obj = False,
+ saw_other = False;
+ size_t count = read_int(f);
+ break;
+ case 'm':
+ race->tag_type = SMB_ACL_MASK;
-+#if ACLS_NEED_MASK
+ saw_mask = True;
-+#endif
+ break;
+ default:
+ rprintf(FERROR, "receive_rsync_acl: unknown tag %c\n",
+ race->tag_type = SMB_ACL_MASK;
+ race->access = required_mask_perm;
+ }
++#else
++ /* If we, a system without ACLS_NEED_MASK, received data from a
++ * system that has masks, throw away the extraneous CLASS_OBJs. */
++ if (saw_mask && racl->count == 4) {
++ rsync_ace *group_obj_race = NULL, *mask_race = NULL;
++ rsync_ace *p;
++ size_t i;
++ for (i = 0, p = racl->races; i < racl->count; i++, p++) {
++ if (p->tag_type == SMB_ACL_MASK)
++ mask_race = p;
++ else if (p->tag_type == SMB_ACL_GROUP_OBJ)
++ group_obj_race = p;
++ }
++ if (mask_race == NULL || group_obj_race == NULL) {
++ rprintf(FERROR, "receive_rsync_acl: have four ACES "
++ "and one's ACL_MASK but missing "
++ "either it or ACL_GROUP_OBJ, "
++ "when pruning ACL\n");
++ } else {
++ /* mask off group perms with it first */
++ group_obj_race->access &= mask_race->access;
++ /* dump mask_race; re-slot any followers-on */
++ racl->count--;
++ if (mask_race != &racl->races[racl->count]) {
++ *mask_race = racl->races[racl->count];
++ saw_user_obj = False; /* force re-sort */
++ }
++ }
++ }
+#endif
+#if ACLS_NEED_MASK
+ if (!(saw_user_obj && saw_group_obj && saw_other && saw_mask))
+ SMB_ACL_T sacl_orig, sacl_bak;
+ rsync_acl racl_orig, racl_bak;
+ if (!(sacl_orig = sys_acl_get_file(orig, *type))) {
-+ rprintf(FERROR, "dup_acl : sys_acl_get_file(%s, %s): %s\n",
++ rprintf(FERROR, "dup_acl: sys_acl_get_file(%s, %s): %s\n",
+ orig, str_acl_type(*type), strerror(errno));
+ ret = -1;
+ continue;
+ }
+ if (!(sacl_bak = sys_acl_get_file(orig, *type))) {
-+ rprintf(FERROR, "dup_acl : sys_acl_get_file(%s, %s): %s. ignoring\n",
++ rprintf(FERROR, "dup_acl: sys_acl_get_file(%s, %s): %s. ignoring\n",
+ bak, str_acl_type(*type), strerror(errno));
+ ret = -1;
+ /* try to forge on through */
+ ret = -1;
+ }
+ } else if (-1 == sys_acl_set_file(bak, *type, sacl_bak)) {
-+ rprintf(FERROR, "dup_acl : sys_acl_set_file(%s, %s): %s\n",
++ rprintf(FERROR, "dup_acl: sys_acl_set_file(%s, %s): %s\n",
+ bak, str_acl_type(*type), strerror(errno));
+ ret = -1;
+ }
+ *sacl = NULL;
+ else {
+ if (!(*sacl = sys_acl_get_file(orig, *type))) {
-+ rprintf(FERROR, "push_keep_backup_acl : sys_acl_get_file(%s, %s): %s\n",
++ rprintf(FERROR, "push_keep_backup_acl: sys_acl_get_file(%s, %s): %s\n",
+ orig, str_acl_type(*type),
+ strerror(errno));
+ }
+ if (-1 == sys_acl_set_file(backup_dest_fname,
+ *type, *sacl))
+ {
-+ rprintf(FERROR, "push_keep_backup_acl : sys_acl_get_file(%s, %s): %s\n",
++ rprintf(FERROR, "push_keep_backup_acl: sys_acl_get_file(%s, %s): %s\n",
+ backup_dest_fname,
+ str_acl_type(*type),
+ strerror(errno));
+ set_acl_id(gid);
+}
+
-+
-+
+#endif /* SUPPORT_ACLS */
---- orig/backup.c 2004-06-11 07:47:42
-+++ backup.c 2004-07-03 20:11:58
-@@ -105,6 +105,7 @@ static int make_bak_dir(char *fullpath)
+--- orig/backup.c 2004-09-20 19:50:13
++++ backup.c 2004-09-07 21:45:57
+@@ -119,6 +119,7 @@ static int make_bak_dir(char *fullpath)
} else {
do_lchown(fullpath, st.st_uid, st.st_gid);
do_chmod(fullpath, st.st_mode);
}
}
*p = '/';
-@@ -167,6 +168,8 @@ static int keep_backup(char *fname)
+@@ -176,6 +177,8 @@ static int keep_backup(char *fname)
+ if (!(buf = get_backup_name(fname)))
return 0;
- }
-+ PUSH_KEEP_BACKUP_ACL(file, fname, backup_dir_buf);
++ PUSH_KEEP_BACKUP_ACL(file, fname, buf);
+
#ifdef HAVE_MKNOD
/* Check to see if this is a device file, or link */
if (IS_DEVICE(file->mode)) {
-@@ -237,6 +240,7 @@ static int keep_backup(char *fname)
+@@ -251,6 +254,7 @@ static int keep_backup(char *fname)
}
}
- set_perms(backup_dir_buf, file, NULL, 0);
+ set_perms(buf, file, NULL, 0);
+ CLEANUP_KEEP_BACKUP_ACL();
free(file);
if (verbose > 1)
---- orig/configure.in 2004-04-30 18:04:07
-+++ configure.in 2004-07-03 20:11:58
+--- orig/configure.in 2004-08-13 07:18:59
++++ configure.in 2004-08-19 19:53:27
@@ -434,6 +434,11 @@ if test x"$ac_cv_func_strcasecmp" = x"no
AC_CHECK_LIB(resolv, strcasecmp)
fi
dnl At the moment we don't test for a broken memcmp(), because all we
dnl need to do is test for equality, not comparison, and it seems that
dnl every platform has a memcmp that can do at least that.
-@@ -655,6 +660,74 @@ AC_SUBST(OBJ_RESTORE)
+@@ -656,6 +661,77 @@ AC_SUBST(OBJ_RESTORE)
AC_SUBST(CC_SHOBJ_FLAG)
AC_SUBST(BUILD_POPT)
+ LIBS="$LIBS -lpacl"
+ ;;
+ *)
++ AC_MSG_RESULT(ACLs requested -- running tests)
+ AC_CHECK_LIB(acl,acl_get_file)
+ AC_CACHE_CHECK([for ACL support],samba_cv_HAVE_POSIX_ACLS,[
+ AC_TRY_LINK([#include <sys/types.h>
+ if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then
+ AC_MSG_RESULT(Using posix ACLs)
+ AC_DEFINE(HAVE_POSIX_ACLS, 1, [true if you have posix ACLs])
-+ AC_CACHE_CHECK([for acl_get_perm_np],samba_cv_HAVE_ACL_GET_PERM_NP,[
++ AC_CACHE_CHECK([for acl_get_perm_np],samba_cv_HAVE_ACL_GET_PERM_NP,[
+ AC_TRY_LINK([#include <sys/types.h>
+#include <sys/acl.h>],
+[ acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm);],
+samba_cv_HAVE_ACL_GET_PERM_NP=yes,samba_cv_HAVE_ACL_GET_PERM_NP=no)])
-+ if test x"$samba_cv_HAVE_ACL_GET_PERM_NP" = x"yes"; then
-+ AC_DEFINE(HAVE_ACL_GET_PERM_NP, 1, [true if you have acl_get_perm_np])
-+ fi
++ if test x"$samba_cv_HAVE_ACL_GET_PERM_NP" = x"yes"; then
++ AC_DEFINE(HAVE_ACL_GET_PERM_NP, 1, [true if you have acl_get_perm_np])
++ fi
++ else
++ AC_MSG_ERROR(Failed to find ACL support)
+ fi
+ ;;
+ esac
AC_CONFIG_FILES([Makefile lib/dummy zlib/dummy popt/dummy shconfig])
AC_OUTPUT
---- orig/flist.c 2004-06-18 16:23:07
+--- orig/flist.c 2004-09-21 09:40:27
+++ flist.c 2004-07-03 20:11:58
-@@ -945,6 +945,8 @@ void send_file_name(int f, struct file_l
+@@ -966,6 +966,8 @@ void send_file_name(int f, struct file_l
if (!file)
return;
maybe_emit_filelist_progress(flist);
-@@ -956,6 +958,10 @@ void send_file_name(int f, struct file_l
+@@ -974,6 +976,10 @@ void send_file_name(int f, struct file_l
if (file->basename[0]) {
flist->files[flist->count++] = file;
send_file_entry(file, f, base_flags);
}
if (recursive && S_ISDIR(file->mode)
-@@ -1274,6 +1280,8 @@ struct file_list *recv_file_list(int f)
+@@ -1291,6 +1297,8 @@ struct file_list *recv_file_list(int f)
flags |= read_byte(f) << 8;
receive_file_entry(&flist->files[i], flags, flist, f);
if (S_ISREG(flist->files[i]->mode))
stats.total_size += flist->files[i]->length;
-@@ -1296,6 +1304,8 @@ struct file_list *recv_file_list(int f)
+@@ -1313,6 +1321,8 @@ struct file_list *recv_file_list(int f)
clean_flist(flist, relative_paths, 1);
if (f != -1) {
/* Now send the uid/gid list. This was introduced in
* protocol version 15 */
---- orig/generator.c 2004-06-30 07:24:45
+--- orig/generator.c 2004-09-20 19:50:13
+++ generator.c 2004-07-03 20:11:58
-@@ -343,6 +343,10 @@ static void recv_generator(char *fname,
+@@ -338,6 +338,10 @@ static void recv_generator(char *fname,
if (set_perms(fname, file, statret ? NULL : &st, 0)
&& verbose && f_out != -1)
- rprintf(FINFO,"%s/\n",fname);
+ rprintf(FINFO, "%s/\n", safe_fname(fname));
+#if SUPPORT_ACLS
+ if (f_out == -1)
+ SET_ACL(fname, file);
next;
}
---- orig/options.c 2004-06-20 19:30:00
-+++ options.c 2004-07-03 20:11:58
+--- orig/options.c 2004-09-20 05:10:48
++++ options.c 2004-08-19 17:38:57
@@ -43,6 +43,7 @@ int keep_dirlinks = 0;
int copy_links = 0;
int preserve_links = 0;
int preserve_perms = 0;
int preserve_devices = 0;
int preserve_uid = 0;
-@@ -150,6 +151,7 @@ static void print_rsync_version(enum log
- {
+@@ -152,6 +153,7 @@ static void print_rsync_version(enum log
char const *got_socketpair = "no ";
+ char const *have_inplace = "no ";
char const *hardlinks = "no ";
+ char const *acls = "no ";
char const *links = "no ";
char const *ipv6 = "no ";
STRUCT_STAT *dumstat;
-@@ -162,6 +164,10 @@ static void print_rsync_version(enum log
+@@ -168,6 +170,10 @@ static void print_rsync_version(enum log
hardlinks = "";
#endif
#if SUPPORT_LINKS
links = "";
#endif
-@@ -176,9 +182,9 @@ static void print_rsync_version(enum log
+@@ -182,9 +188,9 @@ static void print_rsync_version(enum log
"Copyright (C) 1996-2004 by Andrew Tridgell and others\n");
rprintf(f, "<http://rsync.samba.org/>\n");
rprintf(f, "Capabilities: %d-bit files, %ssocketpairs, "
- "%shard links, %ssymlinks, batchfiles, \n",
-+ "%shard links, %sacls, %ssymlinks, batchfiles, \n",
++ "%shard links, %sACLs, %ssymlinks, batchfiles, \n",
(int) (sizeof (OFF_T) * 8),
- got_socketpair, hardlinks, links);
+ got_socketpair, hardlinks, acls, links);
/* Note that this field may not have type ino_t. It depends
* on the complicated interaction between largefile feature
-@@ -241,6 +247,7 @@ void usage(enum logcode F)
+@@ -249,6 +255,7 @@ void usage(enum logcode F)
rprintf(F," --safe-links ignore \"unsafe\" symlinks\n");
rprintf(F," -H, --hard-links preserve hard links\n");
rprintf(F," -p, --perms preserve permissions\n");
rprintf(F," -o, --owner preserve owner (root only)\n");
rprintf(F," -g, --group preserve group\n");
rprintf(F," -D, --devices preserve devices (root only)\n");
-@@ -386,6 +393,7 @@ static struct poptOption long_options[]
- {"address", 0, POPT_ARG_STRING, &bind_address, 0, 0, 0 },
- {"backup-dir", 0, POPT_ARG_STRING, &backup_dir, 0, 0, 0 },
- {"hard-links", 'H', POPT_ARG_NONE, &preserve_hard_links, 0, 0, 0 },
-+ {"acls", 'A', POPT_ARG_NONE, &preserve_acls, 0, 0, 0 },
- {"read-batch", 0, POPT_ARG_STRING, &batch_prefix, OPT_READ_BATCH, 0, 0 },
- {"write-batch", 0, POPT_ARG_STRING, &batch_prefix, OPT_WRITE_BATCH, 0, 0 },
- {"files-from", 0, POPT_ARG_STRING, &files_from, 0, 0, 0 },
-@@ -596,6 +604,31 @@ int parse_arguments(int *argc, const cha
+@@ -358,6 +365,7 @@ static struct poptOption long_options[]
+ {"no-whole-file", 0, POPT_ARG_VAL, &whole_file, 0, 0, 0 },
+ {"copy-unsafe-links", 0, POPT_ARG_NONE, ©_unsafe_links, 0, 0, 0 },
+ {"perms", 'p', POPT_ARG_NONE, &preserve_perms, 0, 0, 0 },
++ {"acls", 'A', POPT_ARG_NONE, 0, 'A', 0, 0 },
+ {"owner", 'o', POPT_ARG_NONE, &preserve_uid, 0, 0, 0 },
+ {"group", 'g', POPT_ARG_NONE, &preserve_gid, 0, 0, 0 },
+ {"devices", 'D', POPT_ARG_NONE, &preserve_devices, 0, 0, 0 },
+@@ -616,6 +624,24 @@ int parse_arguments(int *argc, const cha
return 0;
#endif
+ * restrict group and other access in the presence
+ * of any more restrictive ACLs, but this is safe
+ * for now */
-+ /* FIXME: Don't say "server" if this is
-+ * happening on the client. */
-+ /* FIXME: Why do we have the duplicated
-+ * rprintf? Everybody who gets this message
-+ * ought to send it to the client and also to
-+ * the logs. */
+ snprintf(err_buf,sizeof(err_buf),
+ "ACLs are not supported on this %s\n",
+ am_server ? "server" : "client");
-+ rprintf(FERROR,"ERROR: ACLs not supported on this platform\n");
+ return 0;
+#endif /* SUPPORT_ACLS */
+ break;
default:
/* A large opt value means that set_refuse_options()
* turned this option off (opt-BASE is its index). */
-@@ -833,6 +866,8 @@ void server_options(char **args,int *arg
+@@ -938,6 +964,8 @@ void server_options(char **args,int *arg
if (preserve_hard_links)
argstr[x++] = 'H';
if (preserve_uid)
argstr[x++] = 'o';
if (preserve_gid)
---- orig/rsync.c 2004-07-02 18:06:32
+--- orig/rsync.c 2004-09-07 21:45:30
+++ rsync.c 2004-07-03 20:11:58
-@@ -204,6 +204,14 @@ int set_perms(char *fname,struct file_st
+@@ -207,6 +207,14 @@ int set_perms(char *fname,struct file_st
}
#endif
if (verbose > 1 && flags & PERMS_REPORT) {
if (updated)
rprintf(FINFO,"%s\n",fname);
---- orig/rsync.h 2004-05-16 07:58:12
+--- orig/rsync.h 2004-08-03 15:41:32
+++ rsync.h 2004-07-03 20:11:58
-@@ -538,6 +538,40 @@ static inline int flist_up(struct file_l
+@@ -541,6 +541,40 @@ static inline int flist_up(struct file_l
#include "lib/permstring.h"
#include "lib/addrinfo.h"
#include "proto.h"
/* We have replacement versions of these if they're missing. */
---- orig/rsync.yo 2004-06-17 06:32:00
+--- orig/rsync.yo 2004-09-20 05:10:48
+++ rsync.yo 2004-07-03 20:11:58
-@@ -296,6 +296,7 @@ verb(
+@@ -326,6 +326,7 @@ verb(
--safe-links ignore "unsafe" symlinks
-H, --hard-links preserve hard links
-p, --perms preserve permissions
-o, --owner preserve owner (root only)
-g, --group preserve group
-D, --devices preserve devices (root only)
-@@ -527,6 +528,11 @@ source file's permissions and the umask
+@@ -578,6 +579,11 @@ source file's permissions and the umask
other files (including updated files) retain their existing permissions
(which is the same behavior as other file-copy utilities, such as cp).
+
+#endif /* No ACLs. */
+#endif /* _SMB_ACLS_H */
---- orig/sysacls.c 2004-06-30 00:04:08
-+++ sysacls.c 2004-06-30 00:04:08
+--- orig/sysacls.c 2004-08-19 17:38:21
++++ sysacls.c 2004-08-19 17:38:21
@@ -0,0 +1,3117 @@
+/*
+ Unix SMB/Netbios implementation.