-Depends-On-Patch: acls.diff
-Depends-On-Patch: xattrs.diff
-
This patch adds a new option: --fake-super, which tells rsync to copy in a
fake super-user mode that stores various file attributes in an extended-
-attribute value instead of as real file-system attributes. The items
-affected are:
-
- mode the real mode of a file is always (666 & umask) while
- the real mode of a directory is always (777 & umask).
-
- rdev devices and special files are created as zero-length
- normal files.
-
- uid the real owner is always left unchanged.
-
- gid the real group is always left unchanged.
-
-A daemon can set "fake super = yes" in the rsync.conf file for any module
-that you'd like to run without root perms while pretending it has them (the
-client cannot affect this).
-
-The --fake-super option only affects the side where the option is used. To
-affect the remote side of a remote-shell connection, specify an rsync path:
+attribute value instead of as real file-system attributes. See the changes
+to the manpages for details.
- rsync -av --rsync-path='rsync --fake-super' /src/ host:/dest/
+To use this patch, run these commands for a successful build:
-For a local copy where you want to affect only one side or the other,
-you'll need to turn the copy into a remote copy to localhost.
-
-After applying this patch, run these commands for a successful build:
-
- ./prepare-source
- ./configure --enable-xattr-support
- make
-
-or, if you want ACL support too:
-
- ./prepare-source
- ./configure --enable-acl-support --enable-xattr-support
+ patch -p1 <patches/fake-super.diff
+ ./configure (optional if already run)
make
--- old/backup.c
+++ new/backup.c
-@@ -129,7 +129,7 @@ static int make_bak_dir(char *fullpath)
+@@ -127,7 +127,7 @@ static int make_bak_dir(char *fullpath)
if (p >= rel) {
/* Try to transfer the directory settings of the
* actual dir that the files are coming from. */
rsyserr(FERROR, errno,
"make_bak_dir stat %s failed",
full_fname(rel));
-@@ -200,7 +200,7 @@ static int keep_backup(char *fname)
+@@ -200,7 +200,7 @@ static int keep_backup(const char *fname
int ret_code;
/* return if no file to keep */
sx.acc_acl = sx.def_acl = NULL;
--- old/clientserver.c
+++ new/clientserver.c
-@@ -625,6 +625,11 @@ static int rsync_module(int f_in, int f_
- ret = parse_arguments(&argc, (const char ***) &argv, 0);
- quiet = 0; /* Don't let someone try to be tricky. */
+@@ -630,6 +630,11 @@ static int rsync_module(int f_in, int f_
+ if (lp_ignore_errors(module_id))
+ ignore_errors = 1;
+ if (lp_fake_super(i))
+ am_root = -1;
--- old/flist.c
+++ new/flist.c
-@@ -181,7 +181,7 @@ static int readlink_stat(const char *pat
+@@ -196,12 +196,12 @@ static int readlink_stat(const char *pat
+ rprintf(FINFO,"copying unsafe symlink \"%s\" -> \"%s\"\n",
+ path, linkbuf);
+ }
+- return do_stat(path, stp);
++ return x_stat(path, stp, NULL);
+ }
}
return 0;
#else
#endif
}
-@@ -189,17 +189,17 @@ int link_stat(const char *path, STRUCT_S
+@@ -209,17 +209,17 @@ int link_stat(const char *path, STRUCT_S
{
#ifdef SUPPORT_LINKS
if (copy_links)
#endif
}
-@@ -793,7 +793,7 @@ struct file_struct *make_file(char *fnam
+@@ -254,26 +254,6 @@ static int is_excluded(char *fname, int
+ return 0;
+ }
+
+-static int to_wire_mode(mode_t mode)
+-{
+-#ifdef SUPPORT_LINKS
+-#if _S_IFLNK != 0120000
+- if (S_ISLNK(mode))
+- return (mode & ~(_S_IFMT)) | 0120000;
+-#endif
+-#endif
+- return mode;
+-}
+-
+-static mode_t from_wire_mode(int mode)
+-{
+-#if _S_IFLNK != 0120000
+- if ((mode & (_S_IFMT)) == 0120000)
+- return (mode & ~(_S_IFMT)) | _S_IFLNK;
+-#endif
+- return mode;
+-}
+-
+ static void send_directory(int f, struct file_list *flist, int ndx,
+ char *fbuf, int len, int flags);
+
+@@ -954,7 +934,7 @@ struct file_struct *make_file(const char
if (save_errno == ENOENT) {
#ifdef SUPPORT_LINKS
/* Avoid "vanished" error if symlink points nowhere. */
&& S_ISLNK(st.st_mode)) {
io_error |= IOERR_GENERAL;
rprintf(FERROR, "symlink has no referent: %s\n",
-@@ -963,7 +963,7 @@ struct file_struct *make_file(char *fnam
+@@ -1126,7 +1106,7 @@ struct file_struct *make_file(const char
int save_mode = file->mode;
file->mode = S_IFDIR; /* Find a directory with our name. */
- if (flist_find(the_file_list, file) >= 0
+ if (flist_find(dir_flist, file) >= 0
- && do_stat(thisname, &st2) == 0 && S_ISDIR(st2.st_mode)) {
+ && x_stat(thisname, &st2, NULL) == 0 && S_ISDIR(st2.st_mode)) {
file->modtime = st2.st_mtime;
- file->length = st2.st_size;
+ file->len32 = 0;
file->mode = st2.st_mode;
---- old/generator.c
-+++ new/generator.c
-@@ -1510,13 +1510,14 @@ void generate_files(int f_out, struct fi
- recv_generator(fbuf, file, i, itemizing, maybe_ATTRS_REPORT,
- code, f_out);
-
-- /* We need to ensure that any dirs we create have writeable
-+ /* We need to ensure that any dirs we create have rwx
- * permissions during the time we are putting files within
- * them. This is then fixed after the transfer is done. */
- #ifdef HAVE_CHMOD
-- if (!am_root && S_ISDIR(file->mode) && !(file->mode & S_IWUSR)
-+ if (am_root <= 0 && S_ISDIR(file->mode)
-+ && (file->mode & S_IRWXU) != S_IRWXU
- && dir_tweaking) {
-- mode_t mode = file->mode | S_IWUSR; /* user write */
-+ mode_t mode = file->mode | S_IRWXU; /* user rwx */
- char *fname = local_name ? local_name : fbuf;
- if (do_chmod(fname, mode) < 0) {
- rsyserr(FERROR, errno,
--- old/loadparm.c
+++ new/loadparm.c
-@@ -150,6 +150,7 @@ typedef struct
+@@ -149,6 +149,7 @@ typedef struct
int syslog_facility;
int timeout;
BOOL ignore_errors;
BOOL ignore_nonreadable;
BOOL list;
-@@ -197,6 +198,7 @@ static service sDefault =
+@@ -196,6 +197,7 @@ static service sDefault =
/* syslog_facility; */ LOG_DAEMON,
/* timeout; */ 0,
/* ignore_errors; */ False,
/* ignore_nonreadable; */ False,
/* list; */ True,
-@@ -298,6 +300,7 @@ static struct parm_struct parm_table[] =
+@@ -297,6 +299,7 @@ static struct parm_struct parm_table[] =
{"dont compress", P_STRING, P_LOCAL, &sDefault.dont_compress, NULL,0},
{"exclude from", P_STRING, P_LOCAL, &sDefault.exclude_from, NULL,0},
{"exclude", P_STRING, P_LOCAL, &sDefault.exclude, NULL,0},
{"filter", P_STRING, P_LOCAL, &sDefault.filter, NULL,0},
{"gid", P_STRING, P_LOCAL, &sDefault.gid, NULL,0},
{"hosts allow", P_STRING, P_LOCAL, &sDefault.hosts_allow, NULL,0},
-@@ -412,6 +415,7 @@ FN_LOCAL_INTEGER(lp_max_connections, max
+@@ -411,6 +414,7 @@ FN_LOCAL_INTEGER(lp_max_connections, max
FN_LOCAL_INTEGER(lp_max_verbosity, max_verbosity)
FN_LOCAL_INTEGER(lp_timeout, timeout)
FN_LOCAL_BOOL(lp_ignore_errors, ignore_errors)
FN_LOCAL_BOOL(lp_ignore_nonreadable, ignore_nonreadable)
FN_LOCAL_BOOL(lp_list, list)
-@@ -816,7 +820,7 @@ BOOL lp_load(char *pszFname, int globals
+@@ -814,7 +818,7 @@ BOOL lp_load(char *pszFname, int globals
if (pszFname)
pstrcpy(n2,pszFname);
pstrcpy(n2,RSYNCD_SYSCONF);
--- old/options.c
+++ new/options.c
-@@ -73,7 +73,7 @@ int protocol_version = PROTOCOL_VERSION;
+@@ -72,7 +72,7 @@ int protocol_version = PROTOCOL_VERSION;
int sparse_files = 0;
int do_compression = 0;
int def_compress_level = Z_DEFAULT_COMPRESSION;
-int am_root = 0;
-+int am_root = 0; /* 0 = normal, 1 = super, 2 = --super, -1 = --fake-super */
++int am_root = 0; /* 0 = normal, 1 = root, 2 = --super, -1 = --fake-super */
int am_server = 0;
int am_sender = 0;
int am_generator = 0;
-@@ -330,6 +330,7 @@ void usage(enum logcode F)
+@@ -326,6 +326,9 @@ void usage(enum logcode F)
rprintf(F," -t, --times preserve times\n");
rprintf(F," -O, --omit-dir-times omit directories when preserving times\n");
rprintf(F," --super receiver attempts super-user activities\n");
-+ rprintf(F," --fake-super fake root by storing/reading ownership/etc in EAs\n");
++#ifdef SUPPORT_XATTRS
++ rprintf(F," --fake-super store/recover privileged attrs using xattrs\n");
++#endif
rprintf(F," -S, --sparse handle sparse files efficiently\n");
rprintf(F," -n, --dry-run show what would have been transferred\n");
rprintf(F," -W, --whole-file copy files whole (without rsync algorithm)\n");
-@@ -454,6 +455,7 @@ static struct poptOption long_options[]
+@@ -455,6 +458,7 @@ static struct poptOption long_options[]
{"modify-window", 0, POPT_ARG_INT, &modify_window, OPT_MODIFY_WINDOW, 0, 0 },
{"super", 0, POPT_ARG_VAL, &am_root, 2, 0, 0 },
{"no-super", 0, POPT_ARG_VAL, &am_root, 0, 0, 0 },
{"owner", 'o', POPT_ARG_VAL, &preserve_uid, 1, 0, 0 },
{"no-owner", 0, POPT_ARG_VAL, &preserve_uid, 0, 0, 0 },
{"no-o", 0, POPT_ARG_VAL, &preserve_uid, 0, 0, 0 },
---- old/receiver.c
-+++ new/receiver.c
-@@ -528,7 +528,7 @@ int recv_files(int f_in, struct file_lis
- if (fd1 == -1) {
- st.st_mode = 0;
- st.st_size = 0;
-- } else if (do_fstat(fd1,&st) != 0) {
-+ } else if (x_fstat(fd1, &st, NULL) != 0) {
- rsyserr(FERROR, errno, "fstat %s failed",
- full_fname(fnamecmp));
- discard_receive_data(f_in, file->length);
+@@ -1187,6 +1191,14 @@ int parse_arguments(int *argc, const cha
+ }
+ #endif
+
++#ifndef SUPPORT_XATTRS
++ if (am_root < 0) {
++ snprintf(err_buf, sizeof err_buf,
++ "--fake-super requires an rsync with extended attributes enabled\n");
++ return 0;
++ }
++#endif
++
+ if (write_batch && read_batch) {
+ snprintf(err_buf, sizeof err_buf,
+ "--write-batch and --read-batch can not be used together\n");
--- old/rsync.c
+++ new/rsync.c
-@@ -49,7 +49,6 @@ extern int preserve_gid;
- extern int inplace;
- extern int keep_dirlinks;
- extern int make_backups;
--extern mode_t orig_umask;
- extern struct stats stats;
- extern struct chmod_mode_struct *daemon_chmod_modes;
-
-@@ -197,7 +196,9 @@ int set_file_attrs(char *fname, struct f
- (long)sxp->st.st_gid, (long)file->gid);
+@@ -261,6 +261,8 @@ int set_file_attrs(const char *fname, st
+ #ifdef SUPPORT_XATTRS
+ if (preserve_xattrs && fnamecmp)
+ set_xattr(fname, file, fnamecmp, sxp);
++ if (am_root < 0)
++ set_stat_xattr(fname, file);
+ #endif
+
+ if (!preserve_times || (S_ISDIR(sxp->st.st_mode) && omit_dir_times))
+@@ -300,7 +302,9 @@ int set_file_attrs(const char *fname, st
+ (long)sxp->st.st_gid, (long)F_GID(file));
}
}
- if (do_lchown(fname,
-+ if (am_root < 0)
++ if (am_root < 0) {
+ ;
-+ else if (do_lchown(fname,
- change_uid ? file->uid : sxp->st.st_uid,
- change_gid ? file->gid : sxp->st.st_gid) != 0) {
++ } else if (do_lchown(fname,
+ change_uid ? F_UID(file) : sxp->st.st_uid,
+ change_gid ? F_GID(file) : sxp->st.st_gid) != 0) {
/* shouldn't have attempted to change uid or gid
-@@ -206,7 +207,7 @@ int set_file_attrs(char *fname, struct f
+@@ -309,7 +313,7 @@ int set_file_attrs(const char *fname, st
change_uid ? "chown" : "chgrp",
full_fname(fname));
goto cleanup;
/* a lchown had been done - we have to re-stat if the
* destination had the setuid or setgid bits set due
* to the side effect of the chown call */
-@@ -224,6 +225,24 @@ int set_file_attrs(char *fname, struct f
- if (preserve_xattrs && set_xattr(fname, file, sxp) == 0)
- updated = 1;
- #endif
-+
-+ if (am_root < 0 && !S_ISLNK(file->mode)) {
-+ switch (set_stat_xattr(fname, file)) {
-+ case 0:
-+ break;
-+ case -1:
-+ rsyserr(FERROR, errno,
-+ "write of stat xattr failed for %s",
-+ full_fname(fname));
-+ break;
-+ case -2:
-+ rsyserr(FERROR, errno,
-+ "delete of stat xattr failed for %s",
-+ full_fname(fname));
-+ break;
-+ }
-+ }
-+
- #ifdef SUPPORT_ACLS
- /* It's OK to call set_acl() now, even for a dir, as the generator
- * will enable owner-writability using chmod, if necessary.
-@@ -237,7 +256,7 @@ int set_file_attrs(char *fname, struct f
+@@ -336,7 +340,7 @@ int set_file_attrs(const char *fname, st
#ifdef HAVE_CHMOD
- if ((sxp->st.st_mode & CHMOD_BITS) != (new_mode & CHMOD_BITS)) {
+ if (!BITS_EQUAL(sxp->st.st_mode, new_mode, CHMOD_BITS)) {
- int ret = do_chmod(fname, new_mode);
+ int ret = am_root < 0 ? 0 : do_chmod(fname, new_mode);
if (ret < 0) {
rsyserr(FERROR, errno,
"failed to set permissions on %s",
+--- old/rsync.h
++++ new/rsync.h
+@@ -805,6 +805,12 @@ typedef struct {
+
+ #include "proto.h"
+
++#ifndef SUPPORT_XATTRS
++#define x_stat(fn,fst,xst) do_stat(fn,fst)
++#define x_lstat(fn,fst,xst) do_lstat(fn,fst)
++#define x_fstat(fd,fst,xst) do_fstat(fd,fst)
++#endif
++
+ /* We have replacement versions of these if they're missing. */
+ #ifndef HAVE_ASPRINTF
+ int asprintf(char **ptr, const char *format, ...);
+@@ -1023,6 +1029,26 @@ int inet_pton(int af, const char *src, v
+ const char *get_panic_action(void);
+ #endif
+
++static inline int to_wire_mode(mode_t mode)
++{
++#ifdef SUPPORT_LINKS
++#if _S_IFLNK != 0120000
++ if (S_ISLNK(mode))
++ return (mode & ~(_S_IFMT)) | 0120000;
++#endif
++#endif
++ return mode;
++}
++
++static inline mode_t from_wire_mode(int mode)
++{
++#if _S_IFLNK != 0120000
++ if ((mode & (_S_IFMT)) == 0120000)
++ return (mode & ~(_S_IFMT)) | _S_IFLNK;
++#endif
++ return mode;
++}
++
+ static inline int
+ isDigit(const char *ptr)
+ {
+--- old/rsync.yo
++++ new/rsync.yo
+@@ -333,6 +333,7 @@ to the detailed description below for a
+ -t, --times preserve times
+ -O, --omit-dir-times omit directories when preserving times
+ --super receiver attempts super-user activities
++ --fake-super store/recover privileged attrs using xattrs
+ -S, --sparse handle sparse files efficiently
+ -n, --dry-run show what would have been transferred
+ -W, --whole-file copy files whole (without rsync algorithm)
+@@ -859,7 +860,7 @@ permission value can be applied to the f
+ dit(bf(-o, --owner)) This option causes rsync to set the owner of the
+ destination file to be the same as the source file, but only if the
+ receiving rsync is being run as the super-user (see also the bf(--super)
+-option to force rsync to attempt super-user activities).
++and bf(--fake-super) options).
+ Without this option, the owner is set to the invoking user on the
+ receiving side.
+
+@@ -882,7 +883,7 @@ default, but may fall back to using the
+ dit(bf(--devices)) This option causes rsync to transfer character and
+ block device files to the remote system to recreate these devices.
+ This option has no effect if the receiving rsync is not run as the
+-super-user and bf(--super) is not specified.
++super-user (see also the bf(--super) and bf(--fake-super) options).
+
+ dit(bf(--specials)) This option causes rsync to transfer special files
+ such as named sockets and fifos.
+@@ -912,6 +913,33 @@ also for ensuring that you will get erro
+ being running as the super-user. To turn off super-user activities, the
+ super-user can use bf(--no-super).
+
++dit(bf(--fake-super)) When this option is enabled, rsync simulates
++super-user activities by saving/restoring the privileged attributes via a
++special extended attribute that is attached to each file (as needed). This
++includes the file's owner and group (if it is not the default), the file's
++device info (device & special files are created as empty text files), and
++any permission bits that we won't allow to be set on the real file (e.g.
++the real file gets u-s,g-s,o-t for safety) or that would limit the owner's
++access (since the real super-user can always access/change a file or
++directory, the files we create can always be accessed/changed by the
++creating user).
++
++The bf(--fake-super) option only affects the side where the option is used.
++To affect the remote side of a remote-shell connection, specify an rsync
++path:
++
++quote(tt( rsync -av --rsync-path="rsync --fake-super" /src/ host:/dest/))
++
++Since there is only one "side" in a local copy, this option affects both
++the sending and recieving of files. You'll need to specify a copy using
++"localhost" if you need to avoid this. Note, however, that it is always
++safe to copy from some non-fake-super files into some fake-super files
++using a local bf(--fake-super) command because the non-fake source files
++will just have their normal attributes.
++
++See also the "fake super" setting in the daemon's rsyncd.conf file.
++This option is overridden by both bf(--super) and bf(--no-super).
++
+ dit(bf(-S, --sparse)) Try to handle sparse files efficiently so they take
+ up less space on the destination. Conflicts with bf(--inplace) because it's
+ not possible to overwrite data in a sparse fashion.
+--- old/rsyncd.conf.yo
++++ new/rsyncd.conf.yo
+@@ -226,6 +226,11 @@ file transfers to and from that module s
+ was run as root. This complements the "uid" option. The default is gid -2,
+ which is normally the group "nobody".
+
++dit(bf(fake super)) Setting "fake super = yes" for a module causes the
++daemon side to behave as if the bf(--fake-user) command-line option had
++been specified. This allows the full attributes of a file to be stored
++without having to have the daemon actually running as root.
++
+ dit(bf(filter)) The "filter" option allows you to specify a space-separated
+ list of filter rules that the daemon will not allow to be read or written.
+ This is only superficially equivalent to the client specifying these
--- old/syscall.c
+++ new/syscall.c
-@@ -28,6 +28,7 @@
+@@ -27,6 +27,7 @@
#endif
extern int dry_run;
extern int read_only;
extern int list_only;
extern int preserve_perms;
-@@ -79,6 +80,15 @@ int do_mknod(char *pathname, mode_t mode
+@@ -78,6 +79,15 @@ int do_mknod(const char *pathname, mode_
{
if (dry_run) return 0;
RETURN_ERROR_IF_RO_OR_LO;
return mkfifo(pathname, mode);
--- old/t_unsafe.c
+++ new/t_unsafe.c
-@@ -24,7 +24,11 @@
+@@ -23,7 +23,11 @@
#include "rsync.h"
/* These are to make syscall.o shut up. */
int dry_run = 0;
-+int am_root = 0; /* TODO: add option to set this to -1. */
++int am_root = 0;
int read_only = 1;
int list_only = 0;
int preserve_perms = 0;
--- old/trimslash.c
+++ new/trimslash.c
-@@ -23,6 +23,7 @@
+@@ -22,6 +22,7 @@
/* These are to make syscall.o shut up. */
int dry_run = 0;
int read_only = 1;
int list_only = 0;
int preserve_perms = 0;
---- old/xattr.c
-+++ new/xattr.c
-@@ -26,11 +26,15 @@
- #ifdef SUPPORT_XATTRS
-
- extern int dry_run;
-+extern int am_root;
-+extern mode_t orig_umask;
- extern unsigned int file_struct_len;
+--- old/xattrs.c
++++ new/xattrs.c
+@@ -53,11 +53,16 @@ extern int checksum_seed;
+ #define SPRE_LEN ((int)sizeof SYSTEM_PREFIX - 1)
- #define RSYNC_XAL_INITIAL 5
- #define RSYNC_XAL_LIST_INITIAL 100
-
-+#define FAKE_XATTR "user.rsync%stat"
+ #ifdef HAVE_LINUX_XATTRS
+-#define RPRE_LEN 0
++#define MIGHT_NEED_RPRE (am_root < 0)
++#define RSYNC_PREFIX USER_PREFIX "rsync."
+ #else
++#define MIGHT_NEED_RPRE am_root
+ #define RSYNC_PREFIX "rsync."
+-#define RPRE_LEN ((int)sizeof RSYNC_PREFIX - 1)
+ #endif
++#define RPRE_LEN ((int)sizeof RSYNC_PREFIX - 1)
+
++#define XSTAT_ATTR RSYNC_PREFIX "%stat"
++#define XSTAT_LEN ((int)sizeof XSTAT_ATTR - 1)
+
typedef struct {
- char *name;
- char *datum;
-@@ -130,9 +134,15 @@ static int rsync_xal_get(const char *fna
- if (name_size == 0)
- return 0;
- for (left = name_size, name = namebuf; left > 0 ; left -= len, name += len) {
-- rsync_xa *rxas = EXPAND_ITEM_LIST(xalp, rsync_xa, RSYNC_XAL_INITIAL);
-+ rsync_xa *rxas;
-
- len = strlen(name) + 1;
-+ if (am_root < 0 && len == sizeof FAKE_XATTR
-+ && name[10] == '%' && strcmp(name, FAKE_XATTR) == 0)
+ char *datum, *name;
+@@ -218,6 +223,10 @@ static int rsync_xal_get(const char *fna
+ continue;
+ #endif
+
++ if (am_root < 0 && name_len == XSTAT_LEN + 1
++ && name[RPRE_LEN] == '%' && strcmp(name, XSTAT_ATTR) == 0)
+ continue;
+
-+ rxas = EXPAND_ITEM_LIST(xalp, rsync_xa, RSYNC_XAL_INITIAL);
-+
- datum_size = sys_lgetxattr(fname, name, NULL, 0);
- if (datum_size < 0) {
- if (errno == ENOTSUP)
-@@ -285,10 +295,19 @@ void receive_xattr(struct file_struct *f
- out_of_memory("receive_xattr");
- read_buf(f, ptr, name_len);
- read_buf(f, ptr + name_len, datum_len);
-+
-+ if (am_root < 0 && name_len == sizeof FAKE_XATTR
-+ && ptr[10] == '%' && strcmp(ptr, FAKE_XATTR) == 0) {
-+ free(ptr);
-+ temp_xattr.count--;
-+ continue;
-+ }
-+
- rxa->name_len = name_len;
- rxa->datum_len = datum_len;
- rxa->name = ptr;
- rxa->datum = ptr + name_len;
-+
- #ifdef HAVE_OSX_XATTRS
- if (strncmp(rxa->name, UNIQUE_PREFIX, UPRE_LEN) == 0) {
- rxa->name_len -= UPRE_LEN;
-@@ -365,4 +384,103 @@ int set_xattr(const char *fname, const s
- return rsync_xal_set(fname, lst + ndx); /* TODO: This needs to return 1 if no xattrs changed! */
+ datum_len = name_len; /* Pass extra size to get_xattr_data() */
+ if (!(ptr = get_xattr_data(fname, name, &datum_len, 0)))
+ return -1;
+@@ -236,6 +245,14 @@ static int rsync_xal_get(const char *fna
+ } else
+ name_offset = datum_len;
+
++#ifdef HAVE_LINUX_XATTRS
++ if (am_root < 0 && name_len > RPRE_LEN
++ && HAS_PREFIX(name, RSYNC_PREFIX)) {
++ name += RPRE_LEN;
++ name_len -= RPRE_LEN;
++ }
++#endif
++
+ rxas = EXPAND_ITEM_LIST(xalp, rsync_xa, RSYNC_XAL_INITIAL);
+ rxas->name = ptr + name_offset;
+ memcpy(rxas->name, name, name_len);
+@@ -576,13 +593,9 @@ void receive_xattr(struct file_struct *f
+ size_t name_len = read_abbrevint(f);
+ size_t datum_len = read_abbrevint(f);
+ size_t dget_len = datum_len > MAX_FULL_DATUM ? 1 + MAX_DIGEST_LEN : datum_len;
+-#ifdef HAVE_LINUX_XATTRS
+- size_t extra_len = 0;
+-#else
+- size_t extra_len = am_root ? RPRE_LEN : 0;
++ size_t extra_len = MIGHT_NEED_RPRE ? RPRE_LEN : 0;
+ if (dget_len + extra_len < dget_len)
+ out_of_memory("receive_xattr"); /* overflow */
+-#endif
+ if (dget_len + extra_len + name_len < dget_len)
+ out_of_memory("receive_xattr"); /* overflow */
+ ptr = new_array(char, dget_len + extra_len + name_len);
+@@ -598,9 +611,14 @@ void receive_xattr(struct file_struct *f
+ }
+ #ifdef HAVE_LINUX_XATTRS
+ /* Non-root can only save the user namespace. */
+- if (!am_root && !HAS_PREFIX(name, USER_PREFIX)) {
+- free(ptr);
+- continue;
++ if (am_root <= 0 && !HAS_PREFIX(name, USER_PREFIX)) {
++ if (!am_root) {
++ free(ptr);
++ continue;
++ }
++ name -= RPRE_LEN;
++ name_len += RPRE_LEN;
++ memcpy(name, RSYNC_PREFIX, RPRE_LEN);
+ }
+ #else
+ /* This OS only has a user namespace, so we either
+@@ -618,6 +636,11 @@ void receive_xattr(struct file_struct *f
+ continue;
+ }
+ #endif
++ if (am_root < 0 && name_len == XSTAT_LEN + 1
++ && name[RPRE_LEN] == '%' && strcmp(name, XSTAT_ATTR) == 0) {
++ free(ptr);
++ continue;
++ }
+ rxa = EXPAND_ITEM_LIST(&temp_xattr, rsync_xa, 1);
+ rxa->name = name;
+ rxa->datum = ptr;
+@@ -772,4 +795,150 @@ int set_xattr(const char *fname, const s
+ return rsync_xal_set(fname, lst + ndx, fnamecmp, sxp);
}
-+int get_stat_xattr(const char *fname, int fd, STRUCT_STAT *st)
++int get_stat_xattr(const char *fname, int fd, STRUCT_STAT *fst, STRUCT_STAT *xst)
+{
+ int mode, rdev_major, rdev_minor, uid, gid, len;
+ char buf[256];
+
-+ if (fname)
-+ len = sys_lgetxattr(fname, FAKE_XATTR, buf, sizeof buf - 1);
++ if (am_root >= 0 || IS_DEVICE(fst->st_mode) || IS_SPECIAL(fst->st_mode))
++ return -1;
++
++ if (xst)
++ *xst = *fst;
+ else
-+ len = sys_fgetxattr(fd, FAKE_XATTR, buf, sizeof buf - 1);
-+ if (len < 0 || len >= (int)sizeof buf) {
++ xst = fst;
++ if (fname) {
++ fd = -1;
++ len = sys_lgetxattr(fname, XSTAT_ATTR, buf, sizeof buf - 1);
++ } else {
++ fname = "fd";
++ len = sys_fgetxattr(fd, XSTAT_ATTR, buf, sizeof buf - 1);
++ }
++ if (len >= (int)sizeof buf) {
++ len = -1;
++ errno = ERANGE;
++ }
++ if (len < 0) {
+ if (errno == ENOTSUP || errno == ENOATTR)
+ return -1;
++ if (errno == EPERM && S_ISLNK(fst->st_mode)) {
++ xst->st_uid = 0;
++ xst->st_gid = 0;
++ return 0;
++ }
++ rsyserr(FERROR, errno, "failed to read xattr %s for %s",
++ XSTAT_ATTR, full_fname(fname));
+ return -1;
+ }
+ buf[len] = '\0';
+
+ if (sscanf(buf, "%o %d,%d %d:%d",
+ &mode, &rdev_major, &rdev_minor, &uid, &gid) != 5) {
-+ errno = EINVAL;
-+ return -1;
++ rprintf(FERROR, "Corrupt %s xattr attached to %s: \"%s\"\n",
++ XSTAT_ATTR, full_fname(fname), buf);
++ exit_cleanup(RERR_FILEIO);
+ }
+
-+ st->st_mode = mode;
-+ st->st_rdev = MAKEDEV(rdev_major, rdev_minor);
-+ st->st_uid = uid;
-+ st->st_gid = gid;
++ xst->st_mode = from_wire_mode(mode);
++ xst->st_rdev = MAKEDEV(rdev_major, rdev_minor);
++ xst->st_uid = uid;
++ xst->st_gid = gid;
+
+ return 0;
+}
+{
+ STRUCT_STAT fst, xst;
+ dev_t rdev;
-+ mode_t mode;
++ mode_t mode, fmode;
+
+ if (dry_run)
+ return 0;
+
-+ if (x_stat(fname, &fst, &xst) < 0)
++ if (read_only || list_only) {
++ rsyserr(FERROR, EROFS, "failed to write xattr %s for %s",
++ XSTAT_ATTR, full_fname(fname));
+ return -1;
++ }
+
-+ if (IS_DEVICE(file->mode) || IS_SPECIAL(file->mode))
-+ rdev = file->u.rdev;
-+ else
++ if (x_lstat(fname, &fst, &xst) < 0) {
++ rsyserr(FERROR, errno, "failed to re-stat %s",
++ full_fname(fname));
++ return -1;
++ }
++
++ fst.st_mode &= (_S_IFMT | CHMOD_BITS);
++ fmode = file->mode & (_S_IFMT | CHMOD_BITS);
++
++ if (IS_DEVICE(fmode) || IS_SPECIAL(fmode)) {
++ uint32 *devp = F_RDEV_P(file);
++ rdev = MAKEDEV(DEV_MAJOR(devp), DEV_MINOR(devp));
++ } else
+ rdev = 0;
+
-+ /* Force the real file's mode to our liking. */
-+ mode = (fst.st_mode & ~CHMOD_BITS)
-+ | ((S_ISDIR(fst.st_mode) ? 0777 : 0666) & (~orig_umask | S_IRWXU));
++ /* Dump the special permissions and enable full owner access. */
++ mode = (fst.st_mode & _S_IFMT) | (fmode & ACCESSPERMS)
++ | (S_ISDIR(fst.st_mode) ? 0700 : 0600);
+ if (fst.st_mode != mode)
+ do_chmod(fname, mode);
+ if (!IS_DEVICE(fst.st_mode) && !IS_SPECIAL(fst.st_mode))
+ fst.st_rdev = 0; /* just in case */
+
-+ if (mode == file->mode && fst.st_rdev == rdev
-+ && fst.st_uid == file->uid && fst.st_gid == file->gid) {
++ if (mode == fmode && fst.st_rdev == rdev
++ && fst.st_uid == F_UID(file) && fst.st_gid == F_GID(file)) {
+ /* xst.st_mode will be 0 if there's no current stat xattr */
-+ if (xst.st_mode && sys_lremovexattr(fname, FAKE_XATTR) < 0)
-+ return -2;
++ if (xst.st_mode && sys_lremovexattr(fname, XSTAT_ATTR) < 0) {
++ rsyserr(FERROR, errno,
++ "delete of stat xattr failed for %s",
++ full_fname(fname));
++ return -1;
++ }
+ return 0;
+ }
+
-+ if (xst.st_mode != file->mode || xst.st_rdev != rdev
-+ || xst.st_uid != file->uid || xst.st_gid != file->gid) {
++ if (xst.st_mode != fmode || xst.st_rdev != rdev
++ || xst.st_uid != F_UID(file) || xst.st_gid != F_GID(file)) {
+ char buf[256];
+ int len = snprintf(buf, sizeof buf, "%o %u,%u %u:%u",
-+ (int)file->mode,
++ to_wire_mode(fmode),
+ (int)major(rdev), (int)minor(rdev),
-+ (int)file->uid, (int)file->gid);
-+ return sys_lsetxattr(fname, FAKE_XATTR, buf, len, 0);
++ (int)F_UID(file), (int)F_GID(file));
++ if (sys_lsetxattr(fname, XSTAT_ATTR, buf, len) < 0) {
++ if (errno == EPERM && S_ISLNK(fst.st_mode))
++ return 0;
++ rsyserr(FERROR, errno,
++ "failed to write xattr %s for %s",
++ XSTAT_ATTR, full_fname(fname));
++ return -1;
++ }
+ }
++
+ return 0;
+}
+
+int x_stat(const char *fname, STRUCT_STAT *fst, STRUCT_STAT *xst)
+{
+ int ret = do_stat(fname, fst);
-+ if (get_stat_xattr(fname, -1, xst? xst : fst) != 0 && xst)
++ if ((ret < 0 || get_stat_xattr(fname, -1, fst, xst) < 0) && xst)
+ xst->st_mode = 0;
+ return ret;
+}
+int x_lstat(const char *fname, STRUCT_STAT *fst, STRUCT_STAT *xst)
+{
+ int ret = do_lstat(fname, fst);
-+ if (get_stat_xattr(fname, -1, xst? xst : fst) != 0 && xst)
++ if ((ret < 0 || get_stat_xattr(fname, -1, fst, xst) < 0) && xst)
+ xst->st_mode = 0;
+ return ret;
+}
+int x_fstat(int fd, STRUCT_STAT *fst, STRUCT_STAT *xst)
+{
+ int ret = do_fstat(fd, fst);
-+ if (get_stat_xattr(NULL, fd, xst? xst : fst) != 0 && xst)
++ if ((ret < 0 || get_stat_xattr(NULL, fd, fst, xst) < 0) && xst)
+ xst->st_mode = 0;
+ return ret;
+}