-After applying this patch, run these commands for a successful build:
+This patch adds backward-compatibility support for the --acls option.
+Since the main release has never had ACL support, the trunk doesn't
+need this code. If you want to make rsync 3.0.x communicate with an
+older (patched) release, use this.
- autoconf
- autoheader
- ./configure --enable-acl-support
- make proto
- make
+To use this patch, run these commands for a successful build:
-The program currently complains when the --acls (-A) option is used to copy
-from a disk that doesn't support ACLs. This should be changed to silently
-notice that no ACLs are available to copy. Of course, trying to write out
-ACLs to a non-ACL-supporting disk should complain.
+ patch -p1 <patches/acls.diff
+ ./configure (optional if already run)
+ make
---- orig/Makefile.in 2006-01-14 08:14:29
-+++ Makefile.in 2005-11-07 04:31:05
-@@ -25,15 +25,15 @@ VERSION=@VERSION@
- .SUFFIXES:
- .SUFFIXES: .c .o
+--- old/acls.c
++++ new/acls.c
+@@ -98,6 +98,18 @@ static const char *str_acl_type(SMB_ACL_
+ : "unknown SMB_ACL_TYPE_T";
+ }
--HEADERS=byteorder.h config.h errcode.h proto.h rsync.h lib/pool_alloc.h
-+HEADERS=byteorder.h config.h errcode.h proto.h rsync.h smb_acls.h lib/pool_alloc.h
- LIBOBJ=lib/wildmatch.o lib/compat.o lib/snprintf.o lib/mdfour.o \
-- lib/permstring.o lib/pool_alloc.o @LIBOBJS@
-+ lib/permstring.o lib/pool_alloc.o lib/sysacls.o @LIBOBJS@
- ZLIBOBJ=zlib/deflate.o zlib/inffast.o zlib/inflate.o zlib/inftrees.o \
- zlib/trees.o zlib/zutil.o zlib/adler32.o zlib/compress.o zlib/crc32.o
- OBJS1=rsync.o generator.o receiver.o cleanup.o sender.o exclude.o util.o \
- main.o checksum.o match.o syscall.o log.o backup.o
- OBJS2=options.o flist.o io.o compat.o hlink.o token.o uidlist.o socket.o \
-- fileio.o batch.o clientname.o chmod.o
-+ fileio.o batch.o clientname.o chmod.o acls.o
- OBJS3=progress.o pipe.o
- DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o
- popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \
---- orig/acls.c 2006-01-31 19:25:53
-+++ acls.c 2006-01-31 19:25:53
-@@ -0,0 +1,1202 @@
-+/* -*- c-file-style: "linux" -*-
-+ Copyright (C) Andrew Tridgell 1996
-+ Copyright (C) Paul Mackerras 1996
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 2 of the License, or
-+ (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program; if not, write to the Free Software
-+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+*/
-+
-+/* handle passing ACLs between systems */
-+
-+#include "rsync.h"
-+#include "lib/sysacls.h"
++#define OTHER_TYPE(t) (SMB_ACL_TYPE_ACCESS+SMB_ACL_TYPE_DEFAULT-(t))
++#define BUMP_TYPE(t) ((t = OTHER_TYPE(t)) == SMB_ACL_TYPE_DEFAULT)
+
-+#ifdef SUPPORT_ACLS
-+
-+extern int preserve_acls;
-+extern int am_root;
-+extern int dry_run;
-+extern int orig_umask;
-+
-+typedef struct {
-+ id_t id;
-+ uchar access;
-+ SMB_ACL_TAG_T tag_type;
-+} rsync_ace;
-+
-+typedef struct {
-+ size_t count;
-+ size_t malloced;
-+ rsync_ace *races;
-+} rsync_acl;
-+
-+static const rsync_acl rsync_acl_initializer = { 0, 0, NULL };
-+
-+static void expand_rsync_acl(rsync_acl *racl)
++static int old_count_racl_entries(const rsync_acl *racl)
+{
-+ /* First time through, 0 <= 0, so list is expanded.
-+ * (Diabolical, rsync guys!) */
-+ if (racl->malloced <= racl->count) {
-+ rsync_ace *new_ptr;
-+ size_t new_size = racl->malloced + 10;
-+ new_ptr = realloc_array(racl->races, rsync_ace, new_size);
-+ if (verbose >= 4) {
-+ rprintf(FINFO, "expand rsync_acl to %.0f bytes, did%s move\n",
-+ (double) new_size * sizeof racl->races[0],
-+ racl->races ? "" : " not");
-+ }
-+
-+ racl->races = new_ptr;
-+ racl->malloced = new_size;
-+
-+ if (!racl->races)
-+ out_of_memory("expand_rsync_acl");
-+ }
++ return racl->names.count
++ + (racl->user_obj != NO_ENTRY)
++ + (racl->group_obj != NO_ENTRY)
++ + (racl->mask_obj != NO_ENTRY)
++ + (racl->other_obj != NO_ENTRY);
+}
+
-+static void rsync_acl_free(rsync_acl *racl)
-+{
-+ free(racl->races);
-+ racl->races = NULL;
-+ racl->count = 0;
-+ racl->malloced = 0;
-+}
+ static int calc_sacl_entries(const rsync_acl *racl)
+ {
+ /* A System ACL always gets user/group/other permission entries. */
+@@ -522,6 +534,96 @@ int get_acl(const char *fname, statx *sx
+ return 0;
+ }
+
++/* === OLD Send functions === */
+
-+static int rsync_ace_sorter(const void *r1, const void *r2)
++/* Send the ida list over the file descriptor. */
++static void old_send_ida_entries(int f, const ida_entries *idal, char tag_char)
+{
-+ rsync_ace *race1 = (rsync_ace *)r1;
-+ SMB_ACL_TAG_T rtag1 = race1->tag_type;
-+ id_t rid1 = race1->id;
-+ rsync_ace *race2 = (rsync_ace *)r2;
-+ SMB_ACL_TAG_T rtag2 = race2->tag_type;
-+ id_t rid2 = race2->id;
-+ /* start at the extrema */
-+ if (rtag1 == SMB_ACL_USER_OBJ || rtag2 == SMB_ACL_MASK)
-+ return -1;
-+ if (rtag2 == SMB_ACL_USER_OBJ || rtag1 == SMB_ACL_MASK)
-+ return 1;
-+ /* work inwards */
-+ if (rtag1 == SMB_ACL_OTHER)
-+ return 1;
-+ if (rtag2 == SMB_ACL_OTHER)
-+ return -1;
-+ /* only SMB_ACL_USERs and SMB_ACL_GROUP*s left */
-+ if (rtag1 == SMB_ACL_USER) {
-+ switch (rtag2) {
-+ case SMB_ACL_GROUP:
-+ case SMB_ACL_GROUP_OBJ:
-+ case SMB_ACL_OTHER:
-+ return -1;
++ id_access *ida;
++ size_t count = idal->count;
++ for (ida = idal->idas; count--; ida++) {
++ if (tag_char == 'U') {
++ if (!(ida->access & NAME_IS_USER))
++ continue;
++ add_uid(ida->id);
++ } else {
++ if (ida->access & NAME_IS_USER)
++ continue;
++ add_gid(ida->id);
+ }
-+ /* both USER */
-+ return rid1 == rid2 ? 0 : rid1 < rid2 ? -1 : 1;
++ write_byte(f, tag_char);
++ write_byte(f, ida->access);
++ write_int(f, ida->id);
+ }
-+ if (rtag2 == SMB_ACL_USER)
-+ return 1;
-+ /* only SMB_ACL_GROUP*s to worry about; kick out GROUP_OBJs first */
-+ if (rtag1 == SMB_ACL_GROUP_OBJ)
-+ return -1;
-+ if (rtag2 == SMB_ACL_GROUP_OBJ)
-+ return 1;
-+ /* only SMB_ACL_GROUPs left */
-+ return rid1 == rid2 ? 0 : rid1 < rid2 ? -1 : 1;
-+}
-+
-+static void sort_rsync_acl(rsync_acl *racl)
-+{
-+ if (!racl->count)
-+ return;
-+ qsort((void **)racl->races, racl->count, sizeof racl->races[0],
-+ &rsync_ace_sorter);
+}
+
-+static BOOL unpack_smb_acl(rsync_acl *racl, SMB_ACL_T sacl)
++/* Send an rsync ACL over the file descriptor. */
++static void old_send_rsync_acl(int f, const rsync_acl *racl)
+{
-+ SMB_ACL_ENTRY_T entry;
-+ int rc;
-+ const char *errfun;
-+ *racl = rsync_acl_initializer;
-+ errfun = "sys_acl_get_entry";
-+ for (rc = sys_acl_get_entry(sacl, SMB_ACL_FIRST_ENTRY, &entry);
-+ rc == 1;
-+ rc = sys_acl_get_entry(sacl, SMB_ACL_NEXT_ENTRY, &entry)) {
-+ SMB_ACL_PERMSET_T permset;
-+ void *qualifier;
-+ rsync_ace *race;
-+ expand_rsync_acl(racl);
-+ race = &racl->races[racl->count++];
-+ if ((rc = sys_acl_get_tag_type(entry, &race->tag_type))) {
-+ errfun = "sys_acl_get_tag_type";
-+ break;
-+ }
-+ if ((rc = sys_acl_get_permset(entry, &permset))) {
-+ errfun = "sys_acl_get_tag_type";
-+ break;
-+ }
-+ race->access = (sys_acl_get_perm(permset, SMB_ACL_READ) ? 4 : 0)
-+ | (sys_acl_get_perm(permset, SMB_ACL_WRITE) ? 2 : 0)
-+ | (sys_acl_get_perm(permset, SMB_ACL_EXECUTE) ? 1 : 0);
-+ switch (race->tag_type) {
-+ case SMB_ACL_USER:
-+ case SMB_ACL_GROUP:
-+ break;
-+ default:
-+ continue;
-+ }
-+ if (!(qualifier = sys_acl_get_qualifier(entry))) {
-+ errfun = "sys_acl_get_tag_type";
-+ rc = EINVAL;
-+ break;
-+ }
-+ race->id = *((id_t *)qualifier);
-+ sys_acl_free_qualifier(qualifier, race->tag_type);
-+ }
-+ if (rc) {
-+ rprintf(FERROR, "unpack_smb_acl: %s(): %s\n",
-+ errfun, strerror(errno));
-+ rsync_acl_free(racl);
-+ return False;
++ size_t count = old_count_racl_entries(racl);
++ write_int(f, count);
++ if (racl->user_obj != NO_ENTRY) {
++ write_byte(f, 'u');
++ write_byte(f, racl->user_obj);
+ }
-+ sort_rsync_acl(racl);
-+ return True;
-+}
-+
-+static BOOL rsync_acls_equal(const rsync_acl *racl1, const rsync_acl *racl2)
-+{
-+ rsync_ace *race1, *race2;
-+ size_t count = racl1->count;
-+ if (count != racl2->count)
-+ return False;
-+ race1 = racl1->races;
-+ race2 = racl2->races;
-+ for (; count--; race1++, race2++) {
-+ if (race1->tag_type != race2->tag_type
-+ || race1->access != race2->access
-+ || ((race1->tag_type == SMB_ACL_USER
-+ || race1->tag_type == SMB_ACL_GROUP)
-+ && race1->id != race2->id))
-+ return False;
++ old_send_ida_entries(f, &racl->names, 'U');
++ if (racl->group_obj != NO_ENTRY) {
++ write_byte(f, 'g');
++ write_byte(f, racl->group_obj);
+ }
-+ return True;
-+}
-+
-+typedef struct {
-+ size_t count;
-+ size_t malloced;
-+ rsync_acl *racls;
-+} rsync_acl_list;
-+
-+static rsync_acl_list _rsync_acl_lists[] = {
-+ { 0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */
-+ { 0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */
-+};
-+
-+static inline rsync_acl_list *rsync_acl_lists(SMB_ACL_TYPE_T type)
-+{
-+ return type == SMB_ACL_TYPE_ACCESS ? &_rsync_acl_lists[0]
-+ : &_rsync_acl_lists[1];
-+}
-+
-+static void expand_rsync_acl_list(rsync_acl_list *racl_list)
-+{
-+ /* First time through, 0 <= 0, so list is expanded.
-+ * (Diabolical, rsync guys!) */
-+ if (racl_list->malloced <= racl_list->count) {
-+ rsync_acl *new_ptr;
-+ size_t new_size;
-+ if (racl_list->malloced < 1000)
-+ new_size = racl_list->malloced + 1000;
-+ else
-+ new_size = racl_list->malloced * 2;
-+ new_ptr = realloc_array(racl_list->racls, rsync_acl, new_size);
-+ if (verbose >= 3) {
-+ rprintf(FINFO, "expand_rsync_acl_list to %.0f bytes, did%s move\n",
-+ (double) new_size * sizeof racl_list->racls[0],
-+ racl_list->racls ? "" : " not");
-+ }
-+
-+ racl_list->racls = new_ptr;
-+ racl_list->malloced = new_size;
-+
-+ if (!racl_list->racls)
-+ out_of_memory("expand_rsync_acl_list");
++ old_send_ida_entries(f, &racl->names, 'G');
++ if (racl->mask_obj != NO_ENTRY) {
++ write_byte(f, 'm');
++ write_byte(f, racl->mask_obj);
+ }
-+}
-+
-+#if 0
-+static void free_rsync_acl_list(rsync_acl_list *racl_list)
-+{
-+ /* Run this in reverse, so references are freed before referents,
-+ * although not currently necessary. */
-+ while (racl_list->count--) {
-+ rsync_acl *racl = &racl_list->racls[racl_list->count];
-+ if (racl)
-+ rsync_acl_free(racl);
++ if (racl->other_obj != NO_ENTRY) {
++ write_byte(f, 'o');
++ write_byte(f, racl->other_obj);
+ }
-+ free(racl_list->racls);
-+ racl_list->racls = NULL;
-+ racl_list->malloced = 0;
+}
-+#endif
+
-+static int find_matching_rsync_acl(SMB_ACL_TYPE_T type,
-+ const rsync_acl_list *racl_list,
-+ const rsync_acl *racl)
++/* Send the ACL from the statx structure down the indicated file descriptor.
++ * This also frees the ACL data. */
++void old_send_acl(statx *sxp, int f)
+{
-+ static int access_match = -1, default_match = -1;
-+ int *match = (type == SMB_ACL_TYPE_ACCESS) ?
-+ &access_match : &default_match;
-+ size_t count = racl_list->count;
-+ /* If this is the first time through or we didn't match the last
-+ * time, then start at the end of the list, which should be the
-+ * best place to start hunting. */
-+ if (*match == -1)
-+ *match = racl_list->count - 1;
-+ while (count--) {
-+ if (rsync_acls_equal(&racl_list->racls[*match], racl))
-+ return *match;
-+ if (!(*match)--)
-+ *match = racl_list->count - 1;
-+ }
-+ *match = -1;
-+ return *match;
-+}
-+
-+/* The general strategy with the tag_type <-> character mapping is that
-+ * lowercase implies that no qualifier follows, where uppercase does.
-+ * A similar idiom for the acl type (access or default) itself, but
-+ * lowercase in this instance means there's no ACL following, so the
-+ * ACL is a repeat, so the receiver should reuse the last of the same
-+ * type ACL. */
++ SMB_ACL_TYPE_T type;
++ rsync_acl *racl, *new_racl;
++ item_list *racl_list;
++ int ndx;
+
-+static void send_rsync_acl(int f, const rsync_acl *racl)
-+{
-+ rsync_ace *race;
-+ size_t count = racl->count;
-+ write_int(f, count);
-+ for (race = racl->races; count--; race++) {
-+ char ch;
-+ switch (race->tag_type) {
-+ case SMB_ACL_USER_OBJ:
-+ ch = 'u';
-+ break;
-+ case SMB_ACL_USER:
-+ ch = 'U';
-+ break;
-+ case SMB_ACL_GROUP_OBJ:
-+ ch = 'g';
-+ break;
-+ case SMB_ACL_GROUP:
-+ ch = 'G';
-+ break;
-+ case SMB_ACL_OTHER:
-+ ch = 'o';
-+ break;
-+ case SMB_ACL_MASK:
-+ ch = 'm';
-+ break;
-+ default:
-+ rprintf(FERROR,
-+ "send_rsync_acl: unknown tag_type (%0x) on ACE; disregarding\n",
-+ race->tag_type);
-+ continue;
-+ }
-+ write_byte(f, ch);
-+ write_byte(f, race->access);
-+ if (isupper((int)ch)) {
-+ write_int(f, race->id);
-+ /* FIXME: sorta wasteful: we should maybe buffer as
-+ * many ids as max(ACL_USER + ACL_GROUP) objects to
-+ * keep from making so many calls. */
-+ if (ch == 'U')
-+ add_uid(race->id);
-+ else
-+ add_gid(race->id);
++ type = SMB_ACL_TYPE_ACCESS;
++ racl = sxp->acc_acl;
++ racl_list = &access_acl_list;
++ do {
++ if (!racl) {
++ racl = new(rsync_acl);
++ if (!racl)
++ out_of_memory("send_acl");
++ *racl = empty_rsync_acl;
++ if (type == SMB_ACL_TYPE_ACCESS) {
++ rsync_acl_fake_perms(racl, sxp->st.st_mode);
++ sxp->acc_acl = racl;
++ } else
++ sxp->def_acl = racl;
++ }
++
++ if ((ndx = find_matching_rsync_acl(racl, type, racl_list)) != -1) {
++ write_byte(f, type == SMB_ACL_TYPE_ACCESS ? 'a' : 'd');
++ write_int(f, ndx);
++ } else {
++ new_racl = EXPAND_ITEM_LIST(racl_list, rsync_acl, 1000);
++ write_byte(f, type == SMB_ACL_TYPE_ACCESS ? 'A' : 'D');
++ old_send_rsync_acl(f, racl);
++ *new_racl = *racl;
++ *racl = empty_rsync_acl;
+ }
-+ }
-+}
-+
-+static rsync_acl _curr_rsync_acls[2];
-+
-+
-+static const char *str_acl_type(SMB_ACL_TYPE_T type)
-+{
-+ return type == SMB_ACL_TYPE_ACCESS ? "SMB_ACL_TYPE_ACCESS" :
-+ type == SMB_ACL_TYPE_DEFAULT ? "SMB_ACL_TYPE_DEFAULT" :
-+ "unknown SMB_ACL_TYPE_T";
-+}
++ racl = sxp->def_acl;
++ racl_list = &default_acl_list;
++ } while (BUMP_TYPE(type) && S_ISDIR(sxp->st.st_mode));
+
-+/* Generate the ACL(s) for this flist entry;
-+ * ACL(s) are either sent or cleaned-up by send_acl() below. */
-+
-+int make_acl(const struct file_struct *file, const char *fname)
-+{
-+ SMB_ACL_TYPE_T *type,
-+ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
-+ rsync_acl *curr_racl;
-+ if (!preserve_acls || S_ISLNK(file->mode))
-+ return 1;
-+ for (type = &types[0], curr_racl = &_curr_rsync_acls[0];
-+ type < &types[0] + sizeof types / sizeof types[0]
-+ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode));
-+ type++, curr_racl++) {
-+ SMB_ACL_T sacl;
-+ BOOL ok;
-+ *curr_racl = rsync_acl_initializer;
-+ if (!(sacl = sys_acl_get_file(fname, *type))) {
-+ rprintf(FERROR, "send_acl: sys_acl_get_file(%s, %s): %s\n",
-+ fname, str_acl_type(*type), strerror(errno));
-+ return -1;
-+ }
-+ ok = unpack_smb_acl(curr_racl, sacl);
-+ sys_acl_free_acl(sacl);
-+ if (!ok)
-+ return -1;
-+ }
-+ return 0;
++ free_acl(sxp);
+}
+
-+/* Send the make_acl()-generated ACLs for this flist entry,
-+ * or clean up after an flist entry that's not being sent (f == -1). */
-+
-+void send_acl(const struct file_struct *file, int f)
-+{
-+ SMB_ACL_TYPE_T *type,
-+ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
-+ rsync_acl *curr_racl;
-+ if (!preserve_acls || S_ISLNK(file->mode))
+ /* === Send functions === */
+
+ /* The general strategy with the tag_type <-> character mapping is that
+@@ -604,6 +706,11 @@ static void send_rsync_acl(rsync_acl *ra
+ * This also frees the ACL data. */
+ void send_acl(statx *sxp, int f)
+ {
++ if (protocol_version < 30) {
++ old_send_acl(sxp, f);
+ return;
-+ for (type = &types[0], curr_racl = &_curr_rsync_acls[0];
-+ type < &types[0] + sizeof types / sizeof types[0]
-+ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode));
-+ type++, curr_racl++) {
-+ int index;
-+ rsync_acl_list *racl_list = rsync_acl_lists(*type);
-+ if (f == -1) {
-+ rsync_acl_free(curr_racl);
-+ continue;
-+ }
-+ if ((index = find_matching_rsync_acl(*type, racl_list, curr_racl))
-+ != -1) {
-+ write_byte(f, *type == SMB_ACL_TYPE_ACCESS ? 'a' : 'd');
-+ write_int(f, index);
-+ rsync_acl_free(curr_racl);
-+ } else {
-+ write_byte(f, *type == SMB_ACL_TYPE_ACCESS ? 'A' : 'D');
-+ send_rsync_acl(f, curr_racl);
-+ expand_rsync_acl_list(racl_list);
-+ racl_list->racls[racl_list->count++] = *curr_racl;
-+ }
+ }
-+}
-+
-+/* The below stuff is only used by the receiver: */
-+
-+/* structure to hold index to rsync_acl_list member corresponding to
-+ * flist->files[i] */
-+
-+typedef struct {
-+ const struct file_struct *file;
-+ int aclidx;
-+} file_acl_index;
-+
-+typedef struct {
-+ size_t count;
-+ size_t malloced;
-+ file_acl_index *fileaclidxs;
-+} file_acl_index_list;
-+
-+static file_acl_index_list _file_acl_index_lists[] = {
-+ {0, 0, NULL },/* SMB_ACL_TYPE_ACCESS */
-+ {0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */
-+};
-+
-+static inline file_acl_index_list *file_acl_index_lists(SMB_ACL_TYPE_T type)
-+{
-+ return type == SMB_ACL_TYPE_ACCESS ?
-+ &_file_acl_index_lists[0] : &_file_acl_index_lists[1];
-+}
-+
-+static void expand_file_acl_index_list(file_acl_index_list *fileaclidx_list)
-+{
-+ /* First time through, 0 <= 0, so list is expanded.
-+ * (Diabolical, rsync guys!) */
-+ if (fileaclidx_list->malloced <= fileaclidx_list->count) {
-+ file_acl_index *new_ptr;
-+ size_t new_size;
-+ if (fileaclidx_list->malloced < 1000)
-+ new_size = fileaclidx_list->malloced + 1000;
-+ else
-+ new_size = fileaclidx_list->malloced * 2;
-+ new_ptr = realloc_array(fileaclidx_list->fileaclidxs, file_acl_index, new_size);
-+ if (verbose >= 3) {
-+ rprintf(FINFO, "expand_file_acl_index_list to %.0f bytes, did%s move\n",
-+ (double) new_size * sizeof fileaclidx_list->fileaclidxs[0],
-+ fileaclidx_list->fileaclidxs ? "" : " not");
-+ }
+
-+ fileaclidx_list->fileaclidxs = new_ptr;
-+ fileaclidx_list->malloced = new_size;
-+
-+ if (!fileaclidx_list->fileaclidxs)
-+ out_of_memory("expand_file_acl_index_list");
-+ }
-+}
+ if (!sxp->acc_acl) {
+ sxp->acc_acl = create_racl();
+ rsync_acl_fake_perms(sxp->acc_acl, sxp->st.st_mode);
+@@ -621,6 +728,160 @@ void send_acl(statx *sxp, int f)
+ }
+ }
+
++/* === OLD Receive functions */
+
-+#if 0
-+static void free_file_acl_index_list(file_acl_index_list *fileaclidx_list)
++static void old_recv_rsync_acl(rsync_acl *racl, int f)
+{
-+ free(fileaclidx_list->fileaclidxs);
-+ fileaclidx_list->fileaclidxs = NULL;
-+ fileaclidx_list->malloced = 0;
-+}
-+#endif
-+
-+/* lists to hold the SMB_ACL_Ts corresponding to the rsync_acl_list entries */
-+
-+typedef struct {
++ static item_list temp_ida_list = EMPTY_ITEM_LIST;
++ SMB_ACL_TAG_T tag_type = 0;
++ uchar computed_mask_bits = 0;
++ id_access *ida;
+ size_t count;
-+ size_t malloced;
-+ SMB_ACL_T *sacls;
-+} smb_acl_list;
-+
-+static smb_acl_list _smb_acl_lists[] = {
-+ { 0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */
-+ { 0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */
-+};
-+
-+static inline smb_acl_list *smb_acl_lists(SMB_ACL_TYPE_T type)
-+{
-+ return type == SMB_ACL_TYPE_ACCESS ? &_smb_acl_lists[0] :
-+ &_smb_acl_lists[1];
-+}
-+
-+static void expand_smb_acl_list(smb_acl_list *sacl_list)
-+{
-+ /* First time through, 0 <= 0, so list is expanded.
-+ * (Diabolical, rsync guys!) */
-+ if (sacl_list->malloced <= sacl_list->count) {
-+ SMB_ACL_T *new_ptr;
-+ size_t new_size;
-+ if (sacl_list->malloced < 1000)
-+ new_size = sacl_list->malloced + 1000;
-+ else
-+ new_size = sacl_list->malloced * 2;
-+ new_ptr = realloc_array(sacl_list->sacls, SMB_ACL_T, new_size);
-+ if (verbose >= 3) {
-+ rprintf(FINFO, "expand_smb_acl_list to %.0f bytes, did%s move\n",
-+ (double) new_size * sizeof sacl_list->sacls[0],
-+ sacl_list->sacls ? "" : " not");
-+ }
-+
-+ sacl_list->sacls = new_ptr;
-+ sacl_list->malloced = new_size;
-+
-+ if (!sacl_list->sacls)
-+ out_of_memory("expand_smb_acl_list");
-+ }
-+}
-+
-+#if 0
-+static void free_smb_acl_list(SMB_ACL_TYPE_T type)
-+{
-+ smb_acl_list *sacl_list = smb_acl_lists(type);
-+ SMB_ACL_T *sacl = sacl_list->sacls;
-+ while (sacl_list->count--) {
-+ if (*sacl)
-+ sys_acl_free_acl(*sacl++);
-+ }
-+ free(sacl_list->sacls);
-+ sacl_list->sacls = NULL;
-+ sacl_list->malloced = 0;
-+}
-+#endif
-+
-+/* build an SMB_ACL_T corresponding to an rsync_acl */
-+static BOOL pack_smb_acl(SMB_ACL_T *smb_acl, const rsync_acl *racl)
-+{
-+ size_t count = racl->count;
-+ rsync_ace *race = racl->races;
-+ const char *errfun = NULL;
-+ *smb_acl = sys_acl_init(count);
-+ if (!*smb_acl) {
-+ rprintf(FERROR, "pack_smb_acl: sys_acl_int(): %s\n",
-+ strerror(errno));
-+ return False;
-+ }
-+ for (; count--; race++) {
-+ SMB_ACL_ENTRY_T entry;
-+ SMB_ACL_PERMSET_T permset;
-+ if (sys_acl_create_entry(smb_acl, &entry)) {
-+ errfun = "sys_acl_create)";
-+ break;
-+ }
-+ if (sys_acl_set_tag_type(entry, race->tag_type)) {
-+ errfun = "sys_acl_set_tag";
-+ break;
-+ }
-+ if (race->tag_type == SMB_ACL_USER ||
-+ race->tag_type == SMB_ACL_GROUP)
-+ if (sys_acl_set_qualifier(entry, (void*)&race->id)) {
-+ errfun = "sys_acl_set_qualfier";
-+ break;
-+ }
-+ if (sys_acl_get_permset(entry, &permset)) {
-+ errfun = "sys_acl_get_permset";
-+ break;
-+ }
-+ if (sys_acl_clear_perms(permset)) {
-+ errfun = "sys_acl_clear_perms";
-+ break;
-+ }
-+ if (race->access & 4)
-+ if (sys_acl_add_perm(permset, SMB_ACL_READ)) {
-+ errfun = "sys_acl_add_perm";
-+ break;
-+ }
-+ if (race->access & 2)
-+ if (sys_acl_add_perm(permset, SMB_ACL_WRITE)) {
-+ errfun = "sys_acl_add_perm";
-+ break;
-+ }
-+ if (race->access & 1)
-+ if (sys_acl_add_perm(permset, SMB_ACL_EXECUTE)) {
-+ errfun = "sys_acl_add_perm";
-+ break;
-+ }
-+ if (sys_acl_set_permset(entry, permset)) {
-+ errfun = "sys_acl_set_permset";
-+ break;
-+ }
-+ }
-+ if (errfun) {
-+ sys_acl_free_acl(*smb_acl);
-+ rprintf(FERROR, "pack_smb_acl %s(): %s\n", errfun,
-+ strerror(errno));
-+ return False;
-+ }
-+ return True;
-+}
+
-+static void receive_rsync_acl(rsync_acl *racl, int f)
-+{
-+#if ACLS_NEED_MASK
-+ uchar required_mask_perm = 0;
-+#endif
-+ BOOL saw_mask = False;
-+ BOOL saw_user_obj = False, saw_group_obj = False,
-+ saw_other = False;
-+ size_t count = read_int(f);
-+ rsync_ace *race;
-+ if (!count)
++ if (!(count = read_int(f)))
+ return;
++
+ while (count--) {
-+ uchar tag = read_byte(f);
-+ expand_rsync_acl(racl);
-+ race = &racl->races[racl->count++];
++ char tag = read_byte(f);
++ uchar access = read_byte(f);
++ if (access & ~ (4 | 2 | 1)) {
++ rprintf(FERROR, "old_recv_rsync_acl: bogus permset %o\n",
++ access);
++ exit_cleanup(RERR_STREAMIO);
++ }
+ switch (tag) {
+ case 'u':
-+ race->tag_type = SMB_ACL_USER_OBJ;
-+ saw_user_obj = True;
-+ break;
++ if (racl->user_obj != NO_ENTRY) {
++ rprintf(FERROR, "old_recv_rsync_acl: error: duplicate USER_OBJ entry\n");
++ exit_cleanup(RERR_STREAMIO);
++ }
++ racl->user_obj = access;
++ continue;
+ case 'U':
-+ race->tag_type = SMB_ACL_USER;
++ tag_type = SMB_ACL_USER;
+ break;
+ case 'g':
-+ race->tag_type = SMB_ACL_GROUP_OBJ;
-+ saw_group_obj = True;
-+ break;
++ if (racl->group_obj != NO_ENTRY) {
++ rprintf(FERROR, "old_recv_rsync_acl: error: duplicate GROUP_OBJ entry\n");
++ exit_cleanup(RERR_STREAMIO);
++ }
++ racl->group_obj = access;
++ continue;
+ case 'G':
-+ race->tag_type = SMB_ACL_GROUP;
-+ break;
-+ case 'o':
-+ race->tag_type = SMB_ACL_OTHER;
-+ saw_other = True;
++ tag_type = SMB_ACL_GROUP;
+ break;
+ case 'm':
-+ race->tag_type = SMB_ACL_MASK;
-+ saw_mask = True;
-+ break;
++ if (racl->mask_obj != NO_ENTRY) {
++ rprintf(FERROR, "old_recv_rsync_acl: error: duplicate MASK entry\n");
++ exit_cleanup(RERR_STREAMIO);
++ }
++ racl->mask_obj = access;
++ continue;
++ case 'o':
++ if (racl->other_obj != NO_ENTRY) {
++ rprintf(FERROR, "old_recv_rsync_acl: error: duplicate OTHER entry\n");
++ exit_cleanup(RERR_STREAMIO);
++ }
++ racl->other_obj = access;
++ continue;
+ default:
-+ rprintf(FERROR, "receive_rsync_acl: unknown tag %c\n",
++ rprintf(FERROR, "old_recv_rsync_acl: unknown tag %c\n",
+ tag);
+ exit_cleanup(RERR_STREAMIO);
+ }
-+ race->access = read_byte(f);
-+ if (race->access & ~ (4 | 2 | 1)) {
-+ rprintf(FERROR, "receive_rsync_acl: bogus permset %o\n",
-+ race->access);
-+ exit_cleanup(RERR_STREAMIO);
-+ }
-+ if (race->tag_type == SMB_ACL_USER ||
-+ race->tag_type == SMB_ACL_GROUP) {
-+ race->id = read_int(f);
-+#if ACLS_NEED_MASK
-+ required_mask_perm |= race->access;
-+#endif
++ ida = EXPAND_ITEM_LIST(&temp_ida_list, id_access, -10);
++ ida->access = access | (tag_type == SMB_ACL_USER ? NAME_IS_USER : 0);
++ ida->id = read_int(f);
++ computed_mask_bits |= access;
++ }
++
++ /* Transfer the count id_access items out of the temp_ida_list
++ * into the names ida_entries list in racl. */
++ if (temp_ida_list.count) {
++#ifdef SMB_ACL_NEED_SORT
++ if (temp_ida_list.count > 1) {
++ qsort(temp_ida_list.items, temp_ida_list.count,
++ sizeof (id_access), id_access_sorter);
+ }
-+#if ACLS_NEED_MASK
-+ else if (race->tag_type == SMB_ACL_GROUP_OBJ)
-+ required_mask_perm |= race->access;
+#endif
++ if (!(racl->names.idas = new_array(id_access, temp_ida_list.count)))
++ out_of_memory("unpack_smb_acl");
++ memcpy(racl->names.idas, temp_ida_list.items,
++ temp_ida_list.count * sizeof (id_access));
++ } else
++ racl->names.idas = NULL;
+
-+ }
-+ if (!saw_user_obj) {
-+ expand_rsync_acl(racl);
-+ race = &racl->races[racl->count++];
-+ race->tag_type = SMB_ACL_USER_OBJ;
-+ race->access = 7;
-+ }
-+ if (!saw_group_obj) {
-+ expand_rsync_acl(racl);
-+ race = &racl->races[racl->count++];
-+ race->tag_type = SMB_ACL_GROUP_OBJ;
-+ race->access = 0;
-+ }
-+ if (!saw_other) {
-+ expand_rsync_acl(racl);
-+ race = &racl->races[racl->count++];
-+ race->tag_type = SMB_ACL_OTHER;
-+ race->access = 0;
-+ }
-+#if ACLS_NEED_MASK
-+ if (!saw_mask) {
-+ expand_rsync_acl(racl);
-+ race = &racl->races[racl->count++];
-+ race->tag_type = SMB_ACL_MASK;
-+ race->access = required_mask_perm;
-+ }
-+#else
-+ /* If we, a system without ACLS_NEED_MASK, received data from a
-+ * system that has masks, throw away the extraneous CLASS_OBJs. */
-+ if (saw_mask && racl->count == 4) {
-+ rsync_ace *group_obj_race = NULL, *mask_race = NULL;
-+ rsync_ace *p;
-+ size_t i;
-+ for (i = 0, p = racl->races; i < racl->count; i++, p++) {
-+ if (p->tag_type == SMB_ACL_MASK)
-+ mask_race = p;
-+ else if (p->tag_type == SMB_ACL_GROUP_OBJ)
-+ group_obj_race = p;
-+ }
-+ if (mask_race == NULL || group_obj_race == NULL) {
-+ rprintf(FERROR, "receive_rsync_acl: have four ACES "
-+ "and one's ACL_MASK but missing "
-+ "either it or ACL_GROUP_OBJ, "
-+ "when pruning ACL\n");
-+ } else {
-+ /* mask off group perms with it first */
-+ group_obj_race->access &= mask_race->access;
-+ /* dump mask_race; re-slot any followers-on */
-+ racl->count--;
-+ if (mask_race != &racl->races[racl->count]) {
-+ *mask_race = racl->races[racl->count];
-+ saw_user_obj = False; /* force re-sort */
-+ }
++ racl->names.count = temp_ida_list.count;
++
++ /* Truncate the temporary list now that its idas have been saved. */
++ temp_ida_list.count = 0;
++
++ if (!racl->names.count) {
++ /* If we received a superfluous mask, throw it away. */
++ if (racl->mask_obj != NO_ENTRY) {
++ /* Mask off the group perms with it first. */
++ racl->group_obj &= racl->mask_obj | NO_ENTRY;
++ racl->mask_obj = NO_ENTRY;
+ }
-+ }
-+#endif
-+#if ACLS_NEED_MASK
-+ if (!(saw_user_obj && saw_group_obj && saw_other && saw_mask))
-+#else
-+ if (!(saw_user_obj && saw_group_obj && saw_other))
-+#endif
-+ sort_rsync_acl(racl);
++ } else if (racl->mask_obj == NO_ENTRY) /* Must be non-empty with lists. */
++ racl->mask_obj = (computed_mask_bits | racl->group_obj) & 7;
+}
+
-+/* receive and build the rsync_acl_lists */
-+
-+void receive_acl(struct file_struct *file, int f)
++/* Receive the ACL info the sender has included for this file-list entry. */
++void old_recv_acl(struct file_struct *file, int f)
+{
-+ SMB_ACL_TYPE_T *type,
-+ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
-+ char *fname;
-+ if (!preserve_acls || S_ISLNK(file->mode))
++ SMB_ACL_TYPE_T type;
++ item_list *racl_list;
++
++ if (S_ISLNK(file->mode))
+ return;
-+ fname = f_name(file, NULL);
-+ for (type = &types[0];
-+ type < &types[0] + sizeof types / sizeof types[0]
-+ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode));
-+ type++) {
-+ file_acl_index_list *fileaclidx_list =
-+ file_acl_index_lists(*type);
-+ uchar tag;
-+ expand_file_acl_index_list(fileaclidx_list);
+
-+ tag = read_byte(f);
++ type = SMB_ACL_TYPE_ACCESS;
++ racl_list = &access_acl_list;
++ do {
++ char tag = read_byte(f);
++ int ndx;
++
+ if (tag == 'A' || tag == 'a') {
-+ if (*type != SMB_ACL_TYPE_ACCESS) {
++ if (type != SMB_ACL_TYPE_ACCESS) {
+ rprintf(FERROR, "receive_acl %s: duplicate access ACL\n",
-+ fname);
++ f_name(file, NULL));
+ exit_cleanup(RERR_STREAMIO);
+ }
+ } else if (tag == 'D' || tag == 'd') {
-+ if (*type == SMB_ACL_TYPE_ACCESS) {
++ if (type == SMB_ACL_TYPE_ACCESS) {
+ rprintf(FERROR, "receive_acl %s: expecting access ACL; got default\n",
-+ fname);
++ f_name(file, NULL));
+ exit_cleanup(RERR_STREAMIO);
+ }
+ } else {
+ rprintf(FERROR, "receive_acl %s: unknown ACL type tag: %c\n",
-+ fname, tag);
++ f_name(file, NULL), tag);
+ exit_cleanup(RERR_STREAMIO);
+ }
+ if (tag == 'A' || tag == 'D') {
-+ rsync_acl racl = rsync_acl_initializer;
-+ rsync_acl_list *racl_list = rsync_acl_lists(*type);
-+ smb_acl_list *sacl_list = smb_acl_lists(*type);
-+ fileaclidx_list->fileaclidxs[fileaclidx_list->count].
-+ aclidx = racl_list->count;
-+ fileaclidx_list->fileaclidxs[fileaclidx_list->count++].
-+ file = file;
-+ receive_rsync_acl(&racl, f);
-+ expand_rsync_acl_list(racl_list);
-+ racl_list->racls[racl_list->count++] = racl;
-+ expand_smb_acl_list(sacl_list);
-+ sacl_list->sacls[sacl_list->count++] = NULL;
++ acl_duo *duo_item;
++ ndx = racl_list->count;
++ duo_item = EXPAND_ITEM_LIST(racl_list, acl_duo, 1000);
++ duo_item->racl = empty_rsync_acl;
++ old_recv_rsync_acl(&duo_item->racl, f);
++ duo_item->sacl = NULL;
+ } else {
-+ int index = read_int(f);
-+ rsync_acl_list *racl_list = rsync_acl_lists(*type);
-+ if ((size_t) index >= racl_list->count) {
++ ndx = read_int(f);
++ if (ndx < 0 || (size_t)ndx >= racl_list->count) {
+ rprintf(FERROR, "receive_acl %s: %s ACL index %d out of range\n",
-+ fname,
-+ str_acl_type(*type),
-+ index);
++ f_name(file, NULL), str_acl_type(type), ndx);
+ exit_cleanup(RERR_STREAMIO);
+ }
-+ fileaclidx_list->fileaclidxs[fileaclidx_list->count].
-+ aclidx = index;
-+ fileaclidx_list->fileaclidxs[fileaclidx_list->count++].
-+ file = file;
+ }
-+ }
-+}
-+
-+static int file_acl_index_list_sorter(const void *f1, const void *f2)
-+{
-+ const file_acl_index *fileaclidx1 = (const file_acl_index *)f1;
-+ const file_acl_index *fileaclidx2 = (const file_acl_index *)f2;
-+ return fileaclidx1->file == fileaclidx2->file ? 0 :
-+ fileaclidx1->file < fileaclidx2->file ? -1 : 1;
-+}
-+
-+void sort_file_acl_index_lists()
-+{
-+ SMB_ACL_TYPE_T *type,
-+ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
-+ if (!preserve_acls)
-+ return;
-+ for (type = &types[0];
-+ type < &types[0] + sizeof types / sizeof types[0];
-+ type++)
-+ {
-+ file_acl_index_list *fileaclidx_list =
-+ file_acl_index_lists(*type);
-+ if (!fileaclidx_list->count)
-+ continue;
-+ qsort(fileaclidx_list->fileaclidxs, fileaclidx_list->count,
-+ sizeof fileaclidx_list->fileaclidxs[0],
-+ &file_acl_index_list_sorter);
-+ }
-+}
-+
-+static int find_file_acl_index(const file_acl_index_list *fileaclidx_list,
-+ const struct file_struct *file) {
-+ int low = 0, high = fileaclidx_list->count;
-+ const struct file_struct *file_mid;
-+ if (!high--)
-+ return -1;
-+ do {
-+ int mid = (high + low) / 2;
-+ file_mid = fileaclidx_list->fileaclidxs[mid].file;
-+ if (file_mid == file)
-+ return fileaclidx_list->fileaclidxs[mid].aclidx;
-+ if (file_mid > file)
-+ high = mid - 1;
++ if (type == SMB_ACL_TYPE_ACCESS)
++ F_ACL(file) = ndx;
+ else
-+ low = mid + 1;
-+ } while (low < high);
-+ if (low == high) {
-+ file_mid = fileaclidx_list->fileaclidxs[low].file;
-+ if (file_mid == file)
-+ return fileaclidx_list->fileaclidxs[low].aclidx;
-+ }
-+ rprintf(FERROR,
-+ "find_file_acl_index: can't find entry for file in list\n");
-+ exit_cleanup(RERR_STREAMIO);
-+ return -1;
-+}
-+
-+/* for duplicating ACLs on backups when using backup_dir */
-+
-+int dup_acl(const char *orig, const char *bak, mode_t mode)
-+{
-+ SMB_ACL_TYPE_T *type,
-+ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
-+ int ret = 0;
-+ if (!preserve_acls)
-+ return 1;
-+ for (type = &types[0];
-+ type < &types[0] + sizeof types / sizeof types[0]
-+ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(mode));
-+ type++) {
-+ SMB_ACL_T sacl_orig, sacl_bak;
-+ rsync_acl racl_orig, racl_bak;
-+ if (!(sacl_orig = sys_acl_get_file(orig, *type))) {
-+ rprintf(FERROR, "dup_acl: sys_acl_get_file(%s, %s): %s\n",
-+ orig, str_acl_type(*type), strerror(errno));
-+ ret = -1;
-+ continue;
-+ }
-+ if (!(sacl_bak = sys_acl_get_file(orig, *type))) {
-+ rprintf(FERROR, "dup_acl: sys_acl_get_file(%s, %s): %s. ignoring\n",
-+ bak, str_acl_type(*type), strerror(errno));
-+ ret = -1;
-+ /* try to forge on through */
-+ }
-+ if (!unpack_smb_acl(&racl_orig, sacl_orig)) {
-+ ret = -1;
-+ goto out_with_sacls;
-+ }
-+ if (sacl_bak) {
-+ if (!unpack_smb_acl(&racl_bak, sacl_bak)) {
-+ ret = -1;
-+ goto out_with_one_racl;
-+ }
-+ if (rsync_acls_equal(&racl_orig, &racl_bak))
-+ goto out_with_all;
-+ } else {
-+ ; /* presume they're unequal */
-+ }
-+ if (*type == SMB_ACL_TYPE_DEFAULT && !racl_orig.count) {
-+ if (-1 == sys_acl_delete_def_file(bak)) {
-+ rprintf(FERROR, "dup_acl: sys_acl_delete_def_file(%s): %s\n",
-+ bak, strerror(errno));
-+ ret = -1;
-+ }
-+ } else if (-1 == sys_acl_set_file(bak, *type, sacl_bak)) {
-+ rprintf(FERROR, "dup_acl: sys_acl_set_file(%s, %s): %s\n",
-+ bak, str_acl_type(*type), strerror(errno));
-+ ret = -1;
-+ }
-+ out_with_all:
-+ if (sacl_bak)
-+ rsync_acl_free(&racl_bak);
-+ out_with_one_racl:
-+ rsync_acl_free(&racl_orig);
-+ out_with_sacls:
-+ if (sacl_bak)
-+ sys_acl_free_acl(sacl_bak);
-+ /* out_with_one_sacl: */
-+ if (sacl_orig)
-+ sys_acl_free_acl(sacl_orig);
-+ }
-+ return ret;
-+}
-+
-+/* Stuff for redirecting calls to set_acl() from set_file_attrs()
-+ * for keep_backup(). */
-+static const struct file_struct *backup_orig_file = NULL;
-+static const char null_string[] = "";
-+static const char *backup_orig_fname = null_string;
-+static const char *backup_dest_fname = null_string;
-+static SMB_ACL_T _backup_sacl[] = { NULL, NULL };
-+
-+void push_keep_backup_acl(const struct file_struct *file,
-+ const char *orig, const char *dest)
-+{
-+ if (preserve_acls) {
-+ SMB_ACL_TYPE_T *type,
-+ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
-+ SMB_ACL_T *sacl;
-+ backup_orig_file = file;
-+ backup_orig_fname = orig;
-+ backup_dest_fname = dest;
-+ for (type = &types[0], sacl = &_backup_sacl[0];
-+ type < &types[0] + sizeof types / sizeof types[0];
-+ type++) {
-+ if (*type == SMB_ACL_TYPE_DEFAULT && !S_ISDIR(file->mode))
-+ *sacl = NULL;
-+ else {
-+ if (!(*sacl = sys_acl_get_file(orig, *type))) {
-+ rprintf(FERROR, "push_keep_backup_acl: sys_acl_get_file(%s, %s): %s\n",
-+ orig, str_acl_type(*type),
-+ strerror(errno));
-+ }
-+ }
-+ }
-+ }
-+}
-+
-+static int set_keep_backup_acl()
-+{
-+ if (preserve_acls) {
-+ SMB_ACL_TYPE_T *type,
-+ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
-+ SMB_ACL_T *sacl;
-+ int ret = 0;
-+ for (type = &types[0], sacl = &_backup_sacl[0];
-+ type < &types[0] + sizeof types / sizeof types[0];
-+ type++) {
-+ if (*sacl) {
-+ if (-1 == sys_acl_set_file(backup_dest_fname,
-+ *type, *sacl))
-+ {
-+ rprintf(FERROR, "push_keep_backup_acl: sys_acl_get_file(%s, %s): %s\n",
-+ backup_dest_fname,
-+ str_acl_type(*type),
-+ strerror(errno));
-+ ret = -1;
-+ }
-+ }
-+ }
-+ return ret;
-+ }
-+ return 1;
-+}
-+
-+void cleanup_keep_backup_acl()
-+{
-+ if (preserve_acls) {
-+ SMB_ACL_TYPE_T *type,
-+ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
-+ SMB_ACL_T *sacl;
-+ backup_orig_file = NULL;
-+ backup_orig_fname = null_string;
-+ backup_dest_fname = null_string;
-+ for (type = &types[0], sacl = &_backup_sacl[0];
-+ type < &types[0] + sizeof types / sizeof types[0];
-+ type++) {
-+ if (*sacl)
-+ sys_acl_free_acl(*sacl);
-+ *sacl = NULL;
-+ }
-+ }
++ F_DEF_ACL(file) = ndx;
++ racl_list = &default_acl_list;
++ } while (BUMP_TYPE(type) && S_ISDIR(file->mode));
+}
+
-+/* set ACL on rsync-ed or keep_backup-ed file */
-+
-+int set_acl(const char *fname, const struct file_struct *file)
-+{
-+ int updated = 0;
-+ SMB_ACL_TYPE_T *type,
-+ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
-+ if (dry_run || !preserve_acls || S_ISLNK(file->mode))
-+ return 1;
-+ if (file == backup_orig_file) {
-+ if (!strcmp(fname, backup_dest_fname))
-+ return set_keep_backup_acl();
-+ }
-+ for (type = &types[0];
-+ type < &types[0] + sizeof types / sizeof types[0]
-+ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode));
-+ type++) {
-+ SMB_ACL_T sacl_orig, *sacl_new;
-+ rsync_acl racl_orig, *racl_new;
-+ int aclidx = find_file_acl_index(file_acl_index_lists(*type),
-+ file);
-+ BOOL ok;
-+ racl_new = &(rsync_acl_lists(*type)->racls[aclidx]);
-+ sacl_new = &(smb_acl_lists(*type)->sacls[aclidx]);
-+ sacl_orig = sys_acl_get_file(fname, *type);
-+ if (!sacl_orig) {
-+ rprintf(FERROR, "set_acl: sys_acl_get_file(%s, %s): %s\n",
-+ fname, str_acl_type(*type), strerror(errno));
-+ updated = -1;
-+ continue;
-+ }
-+ ok = unpack_smb_acl(&racl_orig, sacl_orig);
-+ sys_acl_free_acl(sacl_orig);
-+ if (!ok) {
-+ updated = -1;
-+ continue;
-+ }
-+ ok = rsync_acls_equal(&racl_orig, racl_new);
-+ rsync_acl_free(&racl_orig);
-+ if (ok)
-+ continue;
-+ if (*type == SMB_ACL_TYPE_DEFAULT && !racl_new->count) {
-+ if (-1 == sys_acl_delete_def_file(fname)) {
-+ rprintf(FERROR, "set_acl: sys_acl_delete_def_file(%s): %s\n",
-+ fname, strerror(errno));
-+ updated = -1;
-+ continue;
-+ }
-+ } else {
-+ if (!*sacl_new)
-+ if (!pack_smb_acl(sacl_new, racl_new)) {
-+ updated = -1;
-+ continue;
-+ }
-+ if (-1 == sys_acl_set_file(fname, *type, *sacl_new)) {
-+ rprintf(FERROR, "set_acl: sys_acl_set_file(%s, %s): %s\n",
-+ fname, str_acl_type(*type),
-+ strerror(errno));
-+ updated = -1;
-+ continue;
-+ }
-+ }
-+ if (!updated)
-+ updated = 1;
-+ }
-+ return updated;
-+}
-+
-+/* Enumeration functions for uid mapping: */
-+
-+/* Context -- one and only one. Should be cycled through once on uid
-+ * mapping and once on gid mapping. */
-+static rsync_acl_list *_enum_racl_lists[] = {
-+ &_rsync_acl_lists[0], &_rsync_acl_lists[1], NULL
-+};
-+
-+static rsync_acl_list **enum_racl_list = &_enum_racl_lists[0];
-+static size_t enum_racl_index = 0;
-+static size_t enum_race_index = 0;
-+
-+/* This returns the next tag_type id from the given acl for the next entry,
-+ * or it returns 0 if there are no more tag_type ids in the acl. */
-+
-+static id_t next_ace_id(SMB_ACL_TAG_T tag_type, const rsync_acl *racl)
-+{
-+ for (; enum_race_index < racl->count; enum_race_index++) {
-+ rsync_ace *race = &racl->races[enum_race_index];
-+ if (race->tag_type == tag_type)
-+ return race->id;
-+ }
-+ enum_race_index = 0;
-+ return 0;
-+}
-+
-+static id_t next_acl_id(SMB_ACL_TAG_T tag_type, const rsync_acl_list *racl_list)
-+{
-+ for (; enum_racl_index < racl_list->count; enum_racl_index++) {
-+ rsync_acl *racl = &racl_list->racls[enum_racl_index];
-+ id_t id = next_ace_id(tag_type, racl);
-+ if (id)
-+ return id;
-+ }
-+ enum_racl_index = 0;
-+ return 0;
-+}
-+
-+static id_t next_acl_list_id(SMB_ACL_TAG_T tag_type)
-+{
-+ for (; *enum_racl_list; enum_racl_list++) {
-+ id_t id = next_acl_id(tag_type, *enum_racl_list);
-+ if (id)
-+ return id;
-+ }
-+ enum_racl_list = &_enum_racl_lists[0];
-+ return 0;
-+}
-+
-+id_t next_acl_uid()
-+{
-+ return next_acl_list_id(SMB_ACL_USER);
-+}
-+
-+id_t next_acl_gid()
-+{
-+ return next_acl_list_id(SMB_ACL_GROUP);
-+}
-+
-+/* referring to the global context enum_entry, sets the entry's id */
-+static void set_acl_id(id_t id)
-+{
-+ (*enum_racl_list)->racls[enum_racl_index].races[enum_race_index++].id = id;
-+}
-+
-+void acl_uid_map(id_t uid)
-+{
-+ set_acl_id(uid);
-+}
-+
-+void acl_gid_map(id_t gid)
-+{
-+ set_acl_id(gid);
-+}
-+
-+#define PERMS_SPLICE(perms,newbits,where) (((perms) & ~(7 << (where))) | ((newbits) << (where)))
-+
-+int default_perms_for_dir(const char *dir)
-+{
-+ rsync_acl racl;
-+ SMB_ACL_T sacl;
-+ BOOL ok, saw_mask = False;
-+ size_t i;
-+ int perms;
-+
-+ if (dir == NULL)
-+ dir = ".";
-+ perms = ACCESSPERMS & ~orig_umask;
-+ /* Read the directory's default ACL. If it has none, this will successfully return an empty ACL. */
-+ sacl = sys_acl_get_file(dir, SMB_ACL_TYPE_DEFAULT);
-+ if (sacl == NULL) {
-+ /* Couldn't get an ACL. Darn. */
-+ switch (errno) {
-+ case ENOTSUP:
-+ /* ACLs are disabled. We could yell at the user to turn them on, but... */
-+ break;
-+ case ENOENT:
-+ if (dry_run) {
-+ /* We're doing a dry run, so the containing directory
-+ * wasn't actually created. Don't worry about it. */
-+ break;
-+ }
-+ /* Otherwise fall through. */
-+ default:
-+ rprintf(FERROR, "default_perms_for_dir: sys_acl_get_file(%s, %s): %s, falling back on umask\n",
-+ dir, str_acl_type(SMB_ACL_TYPE_DEFAULT), strerror(errno));
-+ }
-+ return perms;
-+ }
-+
-+ /* Convert it. */
-+ ok = unpack_smb_acl(&racl, sacl);
-+ sys_acl_free_acl(sacl);
-+ if (!ok) {
-+ rprintf(FERROR, "default_perms_for_dir: unpack_smb_acl failed, falling back on umask\n");
-+ return perms;
-+ }
-+
-+ /* Look at each default ACL entry and possibly modify three bits of `perms' accordingly.
-+ * If there's "no" default ACL, there will be zero entries and the umask-based perms is unchanged. */
-+ for (i = 0; i < racl.count; i++) {
-+ switch (racl.races[i].tag_type) {
-+ case SMB_ACL_USER_OBJ:
-+ perms = PERMS_SPLICE(perms, racl.races[i].access, 6);
-+ break;
-+ case SMB_ACL_GROUP_OBJ:
-+ if (!saw_mask)
-+ perms = PERMS_SPLICE(perms, racl.races[i].access, 3);
-+ break;
-+ case SMB_ACL_MASK:
-+ saw_mask = True;
-+ perms = PERMS_SPLICE(perms, racl.races[i].access, 3);
-+ break;
-+ case SMB_ACL_OTHER:
-+ perms = PERMS_SPLICE(perms, racl.races[i].access, 0);
-+ break;
-+ default:
-+ break;
-+ }
-+ }
-+ rsync_acl_free(&racl);
-+ if (verbose > 2)
-+ rprintf(FINFO, "got ACL-based default perms %o for directory %s\n", perms, dir);
-+ return perms;
-+}
-+
-+#endif /* SUPPORT_ACLS */
---- orig/backup.c 2006-01-30 07:18:27
-+++ backup.c 2004-10-06 00:13:09
-@@ -135,6 +135,7 @@ static int make_bak_dir(char *fullpath)
- } else {
- do_lchown(fullpath, st.st_uid, st.st_gid);
- do_chmod(fullpath, st.st_mode);
-+ (void)DUP_ACL(end, fullpath, st.st_mode);
- }
- }
- *p = '/';
-@@ -188,6 +189,8 @@ static int keep_backup(char *fname)
- if (!(buf = get_backup_name(fname)))
- return 0;
-
-+ PUSH_KEEP_BACKUP_ACL(file, fname, buf);
-+
- /* Check to see if this is a device file, or link */
- if ((am_root && preserve_devices && IS_DEVICE(file->mode))
- || (preserve_specials && IS_SPECIAL(file->mode))) {
-@@ -263,6 +266,7 @@ static int keep_backup(char *fname)
- }
- }
- set_file_attrs(buf, file, NULL, 0);
-+ CLEANUP_KEEP_BACKUP_ACL();
- free(file);
-
- if (verbose > 1) {
---- orig/configure.in 2006-02-02 02:41:09
-+++ configure.in 2004-08-19 19:53:27
-@@ -478,6 +478,11 @@ if test x"$ac_cv_func_strcasecmp" = x"no
- AC_CHECK_LIB(resolv, strcasecmp)
- fi
-
-+AC_CHECK_FUNCS(aclsort)
-+if test x"$ac_cv_func_aclsort" = x"no"; then
-+ AC_CHECK_LIB(sec, aclsort)
-+fi
-+
- dnl At the moment we don't test for a broken memcmp(), because all we
- dnl need to do is test for equality, not comparison, and it seems that
- dnl every platform has a memcmp that can do at least that.
-@@ -751,6 +756,77 @@ AC_SUBST(OBJ_RESTORE)
- AC_SUBST(CC_SHOBJ_FLAG)
- AC_SUBST(BUILD_POPT)
-
-+AC_CHECK_HEADERS(sys/acl.h)
-+AC_CHECK_FUNCS(_acl __acl _facl __facl)
-+#################################################
-+# check for ACL support
-+
-+AC_MSG_CHECKING(whether to support ACLs)
-+AC_ARG_ENABLE(acl-support,
-+AC_HELP_STRING([--enable-acl-support], [Include ACL support (default=no)]),
-+[ case "$enableval" in
-+ yes)
-+
-+ case "$host_os" in
-+ *sysv5*)
-+ AC_MSG_RESULT(Using UnixWare ACLs)
-+ AC_DEFINE(HAVE_UNIXWARE_ACLS, 1, [true if you have UnixWare ACLs])
-+ ;;
-+ *solaris*)
-+ AC_MSG_RESULT(Using solaris ACLs)
-+ AC_DEFINE(HAVE_SOLARIS_ACLS, 1, [true if you have solaris ACLs])
-+ ;;
-+ *hpux*)
-+ AC_MSG_RESULT(Using HPUX ACLs)
-+ AC_DEFINE(HAVE_HPUX_ACLS, 1, [true if you have HPUX ACLs])
-+ ;;
-+ *irix*)
-+ AC_MSG_RESULT(Using IRIX ACLs)
-+ AC_DEFINE(HAVE_IRIX_ACLS, 1, [true if you have IRIX ACLs])
-+ ;;
-+ *aix*)
-+ AC_MSG_RESULT(Using AIX ACLs)
-+ AC_DEFINE(HAVE_AIX_ACLS, 1, [true if you have AIX ACLs])
-+ ;;
-+ *osf*)
-+ AC_MSG_RESULT(Using Tru64 ACLs)
-+ AC_DEFINE(HAVE_TRU64_ACLS, 1, [true if you have Tru64 ACLs])
-+ LIBS="$LIBS -lpacl"
-+ ;;
-+ *)
-+ AC_MSG_RESULT(ACLs requested -- running tests)
-+ AC_CHECK_LIB(acl,acl_get_file)
-+ AC_CACHE_CHECK([for ACL support],samba_cv_HAVE_POSIX_ACLS,[
-+ AC_TRY_LINK([#include <sys/types.h>
-+#include <sys/acl.h>],
-+[ acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p);],
-+samba_cv_HAVE_POSIX_ACLS=yes,samba_cv_HAVE_POSIX_ACLS=no)])
-+ if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then
-+ AC_MSG_RESULT(Using posix ACLs)
-+ AC_DEFINE(HAVE_POSIX_ACLS, 1, [true if you have posix ACLs])
-+ AC_CACHE_CHECK([for acl_get_perm_np],samba_cv_HAVE_ACL_GET_PERM_NP,[
-+ AC_TRY_LINK([#include <sys/types.h>
-+#include <sys/acl.h>],
-+[ acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm);],
-+samba_cv_HAVE_ACL_GET_PERM_NP=yes,samba_cv_HAVE_ACL_GET_PERM_NP=no)])
-+ if test x"$samba_cv_HAVE_ACL_GET_PERM_NP" = x"yes"; then
-+ AC_DEFINE(HAVE_ACL_GET_PERM_NP, 1, [true if you have acl_get_perm_np])
-+ fi
-+ else
-+ AC_MSG_ERROR(Failed to find ACL support)
-+ fi
-+ ;;
-+ esac
-+ ;;
-+ *)
-+ AC_MSG_RESULT(no)
-+ AC_DEFINE(HAVE_NO_ACLS, 1, [true if you don't have ACLs])
-+ ;;
-+ esac ],
-+ AC_DEFINE(HAVE_NO_ACLS, 1, [true if you don't have ACLs])
-+ AC_MSG_RESULT(no)
-+)
-+
- AC_CONFIG_FILES([Makefile lib/dummy zlib/dummy popt/dummy shconfig])
- AC_OUTPUT
-
---- orig/flist.c 2006-01-31 02:30:18
-+++ flist.c 2006-01-31 02:37:33
-@@ -967,6 +967,8 @@ static struct file_struct *send_file_nam
- f == -2 ? SERVER_FILTERS : ALL_FILTERS);
- if (!file)
- return NULL;
-+ if (MAKE_ACL(file, fname) < 0)
-+ return NULL;
-
- if (chmod_modes && !S_ISLNK(file->mode))
- file->mode = tweak_mode(file->mode, chmod_modes);
-@@ -978,6 +980,10 @@ static struct file_struct *send_file_nam
- if (file->basename[0]) {
- flist->files[flist->count++] = file;
- send_file_entry(file, f);
-+ SEND_ACL(file, f);
-+ } else {
-+ /* Cleanup unsent ACL(s). */
-+ SEND_ACL(file, -1);
- }
- return file;
- }
-@@ -1366,6 +1372,8 @@ struct file_list *recv_file_list(int f)
- flags |= read_byte(f) << 8;
- file = receive_file_entry(flist, flags, f);
-
-+ RECEIVE_ACL(file, f);
-+
- if (S_ISREG(file->mode))
- stats.total_size += file->length;
-
-@@ -1388,6 +1396,8 @@ struct file_list *recv_file_list(int f)
-
- clean_flist(flist, relative_paths, 1);
-
-+ SORT_FILE_ACL_INDEX_LISTS();
-+
- if (f >= 0) {
- recv_uid_list(f, flist);
-
---- orig/generator.c 2006-01-31 18:59:39
-+++ generator.c 2006-02-03 05:44:04
-@@ -756,6 +756,7 @@ static int try_dests_non(struct file_str
- }
-
- static int phase = 0;
-+static int dflt_perms;
-
- /* Acts on the_file_list->file's ndx'th item, whose name is fname. If a dir,
- * make sure it exists, and has the right permissions/timestamp info. For
-@@ -772,7 +773,7 @@ static void recv_generator(char *fname,
- enum logcode code, int f_out)
- {
- static int missing_below = -1, excluded_below = -1;
-- static char *fuzzy_dirname = "";
-+ static char *parent_dirname = "";
- static struct file_list *fuzzy_dirlist = NULL;
- struct file_struct *fuzzy_file = NULL;
- int fd = -1, f_copy = -1;
-@@ -791,12 +792,12 @@ static void recv_generator(char *fname,
- if (fuzzy_dirlist) {
- flist_free(fuzzy_dirlist);
- fuzzy_dirlist = NULL;
-- fuzzy_dirname = "";
- }
- if (missing_below >= 0) {
- dry_run--;
- missing_below = -1;
- }
-+ parent_dirname = "";
- return;
- }
-
-@@ -831,15 +832,20 @@ static void recv_generator(char *fname,
- statret = -1;
- stat_errno = ENOENT;
- } else {
-- if (fuzzy_basis && S_ISREG(file->mode)) {
-+ if ((fuzzy_basis || !preserve_perms) && S_ISREG(file->mode)) {
- char *dn = file->dirname ? file->dirname : ".";
-- if (fuzzy_dirname != dn
-- && strcmp(fuzzy_dirname, dn) != 0) {
-+ if (parent_dirname != dn
-+ && strcmp(parent_dirname, dn) != 0) {
- if (fuzzy_dirlist)
- flist_free(fuzzy_dirlist);
-- fuzzy_dirlist = get_dirlist(dn, -1, 1);
-+ if (fuzzy_basis)
-+ fuzzy_dirlist = get_dirlist(dn, -1, 1);
-+#ifdef SUPPORT_ACLS
-+ if (!preserve_perms)
-+ dflt_perms = default_perms_for_dir(dn);
-+#endif
- }
-- fuzzy_dirname = dn;
-+ parent_dirname = dn;
- }
-
- statret = link_stat(fname, &st,
-@@ -861,7 +867,8 @@ static void recv_generator(char *fname,
- if (!preserve_perms) {
- int exists = statret == 0
- && S_ISDIR(st.st_mode) == S_ISDIR(file->mode);
-- file->mode = dest_mode(file->mode, st.st_mode, exists);
-+ file->mode = dest_mode(file->mode, st.st_mode, dflt_perms,
-+ exists);
- }
-
- if (S_ISDIR(file->mode)) {
-@@ -895,6 +902,10 @@ static void recv_generator(char *fname,
- if (set_file_attrs(fname, file, statret ? NULL : &st, 0)
- && verbose && code && f_out != -1)
- rprintf(code, "%s/\n", fname);
-+#ifdef SUPPORT_ACLS
-+ if (f_out == -1)
-+ SET_ACL(fname, file);
-+#endif
- if (delete_during && f_out != -1 && !phase && dry_run < 2
- && (file->flags & FLAG_DEL_HERE))
- delete_in_dir(the_file_list, fname, file, &st);
-@@ -1330,6 +1341,8 @@ void generate_files(int f_out, struct fi
- * notice that and let us know via the redo pipe (or its closing). */
- ignore_timeout = 1;
-
-+ dflt_perms = (ACCESSPERMS & ~orig_umask);
-+
- for (i = 0; i < flist->count; i++) {
- struct file_struct *file = flist->files[i];
-
---- orig/lib/sysacls.c 2005-05-16 23:27:53
-+++ lib/sysacls.c 2005-05-16 23:27:53
-@@ -0,0 +1,3242 @@
-+/*
-+ Unix SMB/CIFS implementation.
-+ Samba system utilities for ACL support.
-+ Copyright (C) Jeremy Allison 2000.
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 2 of the License, or
-+ (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program; if not, write to the Free Software
-+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+*/
-+
-+#include "rsync.h"
-+#include "sysacls.h" /****** ADDED ******/
-+
-+/****** EXTRAS -- THESE ITEMS ARE NOT FROM THE SAMBA SOURCE ******/
-+void SAFE_FREE(void *mem)
-+{
-+ if (mem)
-+ free(mem);
-+}
-+
-+char *uidtoname(uid_t uid)
-+{
-+ static char idbuf[12];
-+ struct passwd *pw;
-+
-+ if ((pw = getpwuid(uid)) == NULL) {
-+ slprintf(idbuf, sizeof(idbuf)-1, "%ld", (long)uid);
-+ return idbuf;
-+ }
-+ return pw->pw_name;
-+}
-+/****** EXTRAS -- END ******/
-+
-+/*
-+ This file wraps all differing system ACL interfaces into a consistent
-+ one based on the POSIX interface. It also returns the correct errors
-+ for older UNIX systems that don't support ACLs.
-+
-+ The interfaces that each ACL implementation must support are as follows :
-+
-+ int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
-+ int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
-+ int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p
-+ void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
-+ SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
-+ SMB_ACL_T sys_acl_get_fd(int fd)
-+ int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset);
-+ int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
-+ char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen)
-+ SMB_ACL_T sys_acl_init( int count)
-+ int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
-+ int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
-+ int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
-+ int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
-+ int sys_acl_valid( SMB_ACL_T theacl )
-+ int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
-+ int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
-+ int sys_acl_delete_def_file(const char *path)
-+
-+ This next one is not POSIX complient - but we *have* to have it !
-+ More POSIX braindamage.
-+
-+ int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
-+
-+ The generic POSIX free is the following call. We split this into
-+ several different free functions as we may need to add tag info
-+ to structures when emulating the POSIX interface.
-+
-+ int sys_acl_free( void *obj_p)
-+
-+ The calls we actually use are :
-+
-+ int sys_acl_free_text(char *text) - free acl_to_text
-+ int sys_acl_free_acl(SMB_ACL_T posix_acl)
-+ int sys_acl_free_qualifier(void *qualifier, SMB_ACL_TAG_T tagtype)
-+
-+*/
-+
-+#if defined(HAVE_POSIX_ACLS)
-+
-+/* Identity mapping - easy. */
-+
-+int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
-+{
-+ return acl_get_entry( the_acl, entry_id, entry_p);
-+}
-+
-+int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
-+{
-+ return acl_get_tag_type( entry_d, tag_type_p);
-+}
-+
-+int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
-+{
-+ return acl_get_permset( entry_d, permset_p);
-+}
-+
-+void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
-+{
-+ return acl_get_qualifier( entry_d);
-+}
-+
-+SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
-+{
-+ return acl_get_file( path_p, type);
-+}
-+
-+SMB_ACL_T sys_acl_get_fd(int fd)
-+{
-+ return acl_get_fd(fd);
-+}
-+
-+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
-+{
-+ return acl_clear_perms(permset);
-+}
-+
-+int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
-+{
-+ return acl_add_perm(permset, perm);
-+}
-+
-+int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
-+{
-+#if defined(HAVE_ACL_GET_PERM_NP)
-+ /*
-+ * Required for TrustedBSD-based ACL implementations where
-+ * non-POSIX.1e functions are denoted by a _np (non-portable)
-+ * suffix.
-+ */
-+ return acl_get_perm_np(permset, perm);
-+#else
-+ return acl_get_perm(permset, perm);
-+#endif
-+}
-+
-+char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
-+{
-+ return acl_to_text( the_acl, plen);
-+}
-+
-+SMB_ACL_T sys_acl_init( int count)
-+{
-+ return acl_init(count);
-+}
-+
-+int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
-+{
-+ return acl_create_entry(pacl, pentry);
-+}
-+
-+int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
-+{
-+ return acl_set_tag_type(entry, tagtype);
-+}
-+
-+int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
-+{
-+ return acl_set_qualifier(entry, qual);
-+}
-+
-+int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
-+{
-+ return acl_set_permset(entry, permset);
-+}
-+
-+int sys_acl_valid( SMB_ACL_T theacl )
-+{
-+ return acl_valid(theacl);
-+}
-+
-+int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
-+{
-+ return acl_set_file(name, acltype, theacl);
-+}
-+
-+int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
-+{
-+ return acl_set_fd(fd, theacl);
-+}
-+
-+int sys_acl_delete_def_file(const char *name)
-+{
-+ return acl_delete_def_file(name);
-+}
-+
-+int sys_acl_free_text(char *text)
-+{
-+ return acl_free(text);
-+}
-+
-+int sys_acl_free_acl(SMB_ACL_T the_acl)
-+{
-+ return acl_free(the_acl);
-+}
-+
-+int sys_acl_free_qualifier(void *qual, UNUSED(SMB_ACL_TAG_T tagtype))
-+{
-+ return acl_free(qual);
-+}
-+
-+#elif defined(HAVE_TRU64_ACLS)
-+/*
-+ * The interface to DEC/Compaq Tru64 UNIX ACLs
-+ * is based on Draft 13 of the POSIX spec which is
-+ * slightly different from the Draft 16 interface.
-+ *
-+ * Also, some of the permset manipulation functions
-+ * such as acl_clear_perm() and acl_add_perm() appear
-+ * to be broken on Tru64 so we have to manipulate
-+ * the permission bits in the permset directly.
-+ */
-+int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
-+{
-+ SMB_ACL_ENTRY_T entry;
-+
-+ if (entry_id == SMB_ACL_FIRST_ENTRY && acl_first_entry(the_acl) != 0) {
-+ return -1;
-+ }
-+
-+ errno = 0;
-+ if ((entry = acl_get_entry(the_acl)) != NULL) {
-+ *entry_p = entry;
-+ return 1;
-+ }
-+
-+ return errno ? -1 : 0;
-+}
-+
-+int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
-+{
-+ return acl_get_tag_type( entry_d, tag_type_p);
-+}
-+
-+int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
-+{
-+ return acl_get_permset( entry_d, permset_p);
-+}
-+
-+void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
-+{
-+ return acl_get_qualifier( entry_d);
-+}
-+
-+SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
-+{
-+ return acl_get_file((char *)path_p, type);
-+}
-+
-+SMB_ACL_T sys_acl_get_fd(int fd)
-+{
-+ return acl_get_fd(fd, ACL_TYPE_ACCESS);
-+}
-+
-+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
-+{
-+ *permset = 0; /* acl_clear_perm() is broken on Tru64 */
-+
-+ return 0;
-+}
-+
-+int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
-+{
-+ if (perm & ~(SMB_ACL_READ | SMB_ACL_WRITE | SMB_ACL_EXECUTE)) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ *permset |= perm; /* acl_add_perm() is broken on Tru64 */
-+
-+ return 0;
-+}
-+
-+int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
-+{
-+ return *permset & perm; /* Tru64 doesn't have acl_get_perm() */
-+}
-+
-+char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
-+{
-+ return acl_to_text( the_acl, plen);
-+}
-+
-+SMB_ACL_T sys_acl_init( int count)
-+{
-+ return acl_init(count);
-+}
-+
-+int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
-+{
-+ SMB_ACL_ENTRY_T entry;
-+
-+ if ((entry = acl_create_entry(pacl)) == NULL) {
-+ return -1;
-+ }
-+
-+ *pentry = entry;
-+ return 0;
-+}
-+
-+int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
-+{
-+ return acl_set_tag_type(entry, tagtype);
-+}
-+
-+int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
-+{
-+ return acl_set_qualifier(entry, qual);
-+}
-+
-+int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
-+{
-+ return acl_set_permset(entry, permset);
-+}
-+
-+int sys_acl_valid( SMB_ACL_T theacl )
-+{
-+ acl_entry_t entry;
-+
-+ return acl_valid(theacl, &entry);
-+}
-+
-+int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
-+{
-+ return acl_set_file((char *)name, acltype, theacl);
-+}
-+
-+int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
-+{
-+ return acl_set_fd(fd, ACL_TYPE_ACCESS, theacl);
-+}
-+
-+int sys_acl_delete_def_file(const char *name)
-+{
-+ return acl_delete_def_file((char *)name);
-+}
-+
-+int sys_acl_free_text(char *text)
-+{
-+ /*
-+ * (void) cast and explicit return 0 are for DEC UNIX
-+ * which just #defines acl_free_text() to be free()
-+ */
-+ (void) acl_free_text(text);
-+ return 0;
-+}
-+
-+int sys_acl_free_acl(SMB_ACL_T the_acl)
-+{
-+ return acl_free(the_acl);
-+}
-+
-+int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
-+{
-+ return acl_free_qualifier(qual, tagtype);
-+}
-+
-+#elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS)
-+
-+/*
-+ * Donated by Michael Davidson <md@sco.COM> for UnixWare / OpenUNIX.
-+ * Modified by Toomas Soome <tsoome@ut.ee> for Solaris.
-+ */
-+
-+/*
-+ * Note that while this code implements sufficient functionality
-+ * to support the sys_acl_* interfaces it does not provide all
-+ * of the semantics of the POSIX ACL interfaces.
-+ *
-+ * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
-+ * from a call to sys_acl_get_entry() should not be assumed to be
-+ * valid after calling any of the following functions, which may
-+ * reorder the entries in the ACL.
-+ *
-+ * sys_acl_valid()
-+ * sys_acl_set_file()
-+ * sys_acl_set_fd()
-+ */
-+
-+/*
-+ * The only difference between Solaris and UnixWare / OpenUNIX is
-+ * that the #defines for the ACL operations have different names
-+ */
-+#if defined(HAVE_UNIXWARE_ACLS)
-+
-+#define SETACL ACL_SET
-+#define GETACL ACL_GET
-+#define GETACLCNT ACL_CNT
-+
-+#endif
-+
-+
-+int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
-+{
-+ if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (entry_p == NULL) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (entry_id == SMB_ACL_FIRST_ENTRY) {
-+ acl_d->next = 0;
-+ }
-+
-+ if (acl_d->next < 0) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (acl_d->next >= acl_d->count) {
-+ return 0;
-+ }
-+
-+ *entry_p = &acl_d->acl[acl_d->next++];
-+
-+ return 1;
-+}
-+
-+int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
-+{
-+ *type_p = entry_d->a_type;
-+
-+ return 0;
-+}
-+
-+int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
-+{
-+ *permset_p = &entry_d->a_perm;
-+
-+ return 0;
-+}
-+
-+void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
-+{
-+ if (entry_d->a_type != SMB_ACL_USER
-+ && entry_d->a_type != SMB_ACL_GROUP) {
-+ errno = EINVAL;
-+ return NULL;
-+ }
-+
-+ return &entry_d->a_id;
-+}
-+
-+/*
-+ * There is no way of knowing what size the ACL returned by
-+ * GETACL will be unless you first call GETACLCNT which means
-+ * making an additional system call.
-+ *
-+ * In the hope of avoiding the cost of the additional system
-+ * call in most cases, we initially allocate enough space for
-+ * an ACL with INITIAL_ACL_SIZE entries. If this turns out to
-+ * be too small then we use GETACLCNT to find out the actual
-+ * size, reallocate the ACL buffer, and then call GETACL again.
-+ */
-+
-+#define INITIAL_ACL_SIZE 16
-+
-+SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
-+{
-+ SMB_ACL_T acl_d;
-+ int count; /* # of ACL entries allocated */
-+ int naccess; /* # of access ACL entries */
-+ int ndefault; /* # of default ACL entries */
-+
-+ if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
-+ errno = EINVAL;
-+ return NULL;
-+ }
-+
-+ count = INITIAL_ACL_SIZE;
-+ if ((acl_d = sys_acl_init(count)) == NULL) {
-+ return NULL;
-+ }
-+
-+ /*
-+ * If there isn't enough space for the ACL entries we use
-+ * GETACLCNT to determine the actual number of ACL entries
-+ * reallocate and try again. This is in a loop because it
-+ * is possible that someone else could modify the ACL and
-+ * increase the number of entries between the call to
-+ * GETACLCNT and the call to GETACL.
-+ */
-+ while ((count = acl(path_p, GETACL, count, &acl_d->acl[0])) < 0
-+ && errno == ENOSPC) {
-+
-+ sys_acl_free_acl(acl_d);
-+
-+ if ((count = acl(path_p, GETACLCNT, 0, NULL)) < 0) {
-+ return NULL;
-+ }
-+
-+ if ((acl_d = sys_acl_init(count)) == NULL) {
-+ return NULL;
-+ }
-+ }
-+
-+ if (count < 0) {
-+ sys_acl_free_acl(acl_d);
-+ return NULL;
-+ }
-+
-+ /*
-+ * calculate the number of access and default ACL entries
-+ *
-+ * Note: we assume that the acl() system call returned a
-+ * well formed ACL which is sorted so that all of the
-+ * access ACL entries preceed any default ACL entries
-+ */
-+ for (naccess = 0; naccess < count; naccess++) {
-+ if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
-+ break;
-+ }
-+ ndefault = count - naccess;
-+
-+ /*
-+ * if the caller wants the default ACL we have to copy
-+ * the entries down to the start of the acl[] buffer
-+ * and mask out the ACL_DEFAULT flag from the type field
-+ */
-+ if (type == SMB_ACL_TYPE_DEFAULT) {
-+ int i, j;
-+
-+ for (i = 0, j = naccess; i < ndefault; i++, j++) {
-+ acl_d->acl[i] = acl_d->acl[j];
-+ acl_d->acl[i].a_type &= ~ACL_DEFAULT;
-+ }
-+
-+ acl_d->count = ndefault;
-+ } else {
-+ acl_d->count = naccess;
-+ }
-+
-+ return acl_d;
-+}
-+
-+SMB_ACL_T sys_acl_get_fd(int fd)
-+{
-+ SMB_ACL_T acl_d;
-+ int count; /* # of ACL entries allocated */
-+ int naccess; /* # of access ACL entries */
-+
-+ count = INITIAL_ACL_SIZE;
-+ if ((acl_d = sys_acl_init(count)) == NULL) {
-+ return NULL;
-+ }
-+
-+ while ((count = facl(fd, GETACL, count, &acl_d->acl[0])) < 0
-+ && errno == ENOSPC) {
-+
-+ sys_acl_free_acl(acl_d);
-+
-+ if ((count = facl(fd, GETACLCNT, 0, NULL)) < 0) {
-+ return NULL;
-+ }
-+
-+ if ((acl_d = sys_acl_init(count)) == NULL) {
-+ return NULL;
-+ }
-+ }
-+
-+ if (count < 0) {
-+ sys_acl_free_acl(acl_d);
-+ return NULL;
-+ }
-+
-+ /*
-+ * calculate the number of access ACL entries
-+ */
-+ for (naccess = 0; naccess < count; naccess++) {
-+ if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
-+ break;
-+ }
-+
-+ acl_d->count = naccess;
-+
-+ return acl_d;
-+}
-+
-+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
-+{
-+ *permset_d = 0;
-+
-+ return 0;
-+}
-+
-+int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
-+{
-+ if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
-+ && perm != SMB_ACL_EXECUTE) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (permset_d == NULL) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ *permset_d |= perm;
-+
-+ return 0;
-+}
-+
-+int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
-+{
-+ return *permset_d & perm;
-+}
-+
-+char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
-+{
-+ int i;
-+ int len, maxlen;
-+ char *text;
-+
-+ /*
-+ * use an initial estimate of 20 bytes per ACL entry
-+ * when allocating memory for the text representation
-+ * of the ACL
-+ */
-+ len = 0;
-+ maxlen = 20 * acl_d->count;
-+ if ((text = SMB_MALLOC(maxlen)) == NULL) {
-+ errno = ENOMEM;
-+ return NULL;
-+ }
-+
-+ for (i = 0; i < acl_d->count; i++) {
-+ struct acl *ap = &acl_d->acl[i];
-+ struct passwd *pw;
-+ struct group *gr;
-+ char tagbuf[12];
-+ char idbuf[12];
-+ char *tag;
-+ char *id = "";
-+ char perms[4];
-+ int nbytes;
-+
-+ switch (ap->a_type) {
-+ /*
-+ * for debugging purposes it's probably more
-+ * useful to dump unknown tag types rather
-+ * than just returning an error
-+ */
-+ default:
-+ slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x",
-+ ap->a_type);
-+ tag = tagbuf;
-+ slprintf(idbuf, sizeof(idbuf)-1, "%ld",
-+ (long)ap->a_id);
-+ id = idbuf;
-+ break;
-+
-+ case SMB_ACL_USER:
-+ id = uidtoname(ap->a_id);
-+ case SMB_ACL_USER_OBJ:
-+ tag = "user";
-+ break;
-+
-+ case SMB_ACL_GROUP:
-+ if ((gr = getgrgid(ap->a_id)) == NULL) {
-+ slprintf(idbuf, sizeof(idbuf)-1, "%ld",
-+ (long)ap->a_id);
-+ id = idbuf;
-+ } else {
-+ id = gr->gr_name;
-+ }
-+ case SMB_ACL_GROUP_OBJ:
-+ tag = "group";
-+ break;
-+
-+ case SMB_ACL_OTHER:
-+ tag = "other";
-+ break;
-+
-+ case SMB_ACL_MASK:
-+ tag = "mask";
-+ break;
-+
-+ }
-+
-+ perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-';
-+ perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-';
-+ perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-';
-+ perms[3] = '\0';
-+
-+ /* <tag> : <qualifier> : rwx \n \0 */
-+ nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1;
-+
-+ /*
-+ * If this entry would overflow the buffer
-+ * allocate enough additional memory for this
-+ * entry and an estimate of another 20 bytes
-+ * for each entry still to be processed
-+ */
-+ if ((len + nbytes) > maxlen) {
-+ char *oldtext = text;
-+
-+ maxlen += nbytes + 20 * (acl_d->count - i);
-+
-+ if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) {
-+ SAFE_FREE(oldtext);
-+ errno = ENOMEM;
-+ return NULL;
-+ }
-+ }
-+
-+ slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms);
-+ len += nbytes - 1;
-+ }
-+
-+ if (len_p)
-+ *len_p = len;
-+
-+ return text;
-+}
-+
-+SMB_ACL_T sys_acl_init(int count)
-+{
-+ SMB_ACL_T a;
-+
-+ if (count < 0) {
-+ errno = EINVAL;
-+ return NULL;
-+ }
-+
-+ /*
-+ * note that since the definition of the structure pointed
-+ * to by the SMB_ACL_T includes the first element of the
-+ * acl[] array, this actually allocates an ACL with room
-+ * for (count+1) entries
-+ */
-+ if ((a = SMB_MALLOC(sizeof(struct SMB_ACL_T) + count * sizeof(struct acl))) == NULL) {
-+ errno = ENOMEM;
-+ return NULL;
-+ }
-+
-+ a->size = count + 1;
-+ a->count = 0;
-+ a->next = -1;
-+
-+ return a;
-+}
-+
-+
-+int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
-+{
-+ SMB_ACL_T acl_d;
-+ SMB_ACL_ENTRY_T entry_d;
-+
-+ if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (acl_d->count >= acl_d->size) {
-+ errno = ENOSPC;
-+ return -1;
-+ }
-+
-+ entry_d = &acl_d->acl[acl_d->count++];
-+ entry_d->a_type = 0;
-+ entry_d->a_id = -1;
-+ entry_d->a_perm = 0;
-+ *entry_p = entry_d;
-+
-+ return 0;
-+}
-+
-+int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
-+{
-+ switch (tag_type) {
-+ case SMB_ACL_USER:
-+ case SMB_ACL_USER_OBJ:
-+ case SMB_ACL_GROUP:
-+ case SMB_ACL_GROUP_OBJ:
-+ case SMB_ACL_OTHER:
-+ case SMB_ACL_MASK:
-+ entry_d->a_type = tag_type;
-+ break;
-+ default:
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ return 0;
-+}
-+
-+int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
-+{
-+ if (entry_d->a_type != SMB_ACL_GROUP
-+ && entry_d->a_type != SMB_ACL_USER) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ entry_d->a_id = *((id_t *)qual_p);
-+
-+ return 0;
-+}
-+
-+int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
-+{
-+ if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
-+ return EINVAL;
-+ }
-+
-+ entry_d->a_perm = *permset_d;
-+
-+ return 0;
-+}
-+
-+/*
-+ * sort the ACL and check it for validity
-+ *
-+ * if it's a minimal ACL with only 4 entries then we
-+ * need to recalculate the mask permissions to make
-+ * sure that they are the same as the GROUP_OBJ
-+ * permissions as required by the UnixWare acl() system call.
-+ *
-+ * (note: since POSIX allows minimal ACLs which only contain
-+ * 3 entries - ie there is no mask entry - we should, in theory,
-+ * check for this and add a mask entry if necessary - however
-+ * we "know" that the caller of this interface always specifies
-+ * a mask so, in practice "this never happens" (tm) - if it *does*
-+ * happen aclsort() will fail and return an error and someone will
-+ * have to fix it ...)
-+ */
-+
-+static int acl_sort(SMB_ACL_T acl_d)
-+{
-+ int fixmask = (acl_d->count <= 4);
-+
-+ if (aclsort(acl_d->count, fixmask, acl_d->acl) != 0) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+ return 0;
-+}
-+
-+int sys_acl_valid(SMB_ACL_T acl_d)
-+{
-+ return acl_sort(acl_d);
-+}
-+
-+int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
-+{
-+ struct stat s;
-+ struct acl *acl_p;
-+ int acl_count;
-+ struct acl *acl_buf = NULL;
-+ int ret;
-+
-+ if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (acl_sort(acl_d) != 0) {
-+ return -1;
-+ }
-+
-+ acl_p = &acl_d->acl[0];
-+ acl_count = acl_d->count;
-+
-+ /*
-+ * if it's a directory there is extra work to do
-+ * since the acl() system call will replace both
-+ * the access ACLs and the default ACLs (if any)
-+ */
-+ if (stat(name, &s) != 0) {
-+ return -1;
-+ }
-+ if (S_ISDIR(s.st_mode)) {
-+ SMB_ACL_T acc_acl;
-+ SMB_ACL_T def_acl;
-+ SMB_ACL_T tmp_acl;
-+ int i;
-+
-+ if (type == SMB_ACL_TYPE_ACCESS) {
-+ acc_acl = acl_d;
-+ def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
-+
-+ } else {
-+ def_acl = acl_d;
-+ acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
-+ }
-+
-+ if (tmp_acl == NULL) {
-+ return -1;
-+ }
-+
-+ /*
-+ * allocate a temporary buffer for the complete ACL
-+ */
-+ acl_count = acc_acl->count + def_acl->count;
-+ acl_p = acl_buf = SMB_MALLOC_ARRAY(struct acl, acl_count);
-+
-+ if (acl_buf == NULL) {
-+ sys_acl_free_acl(tmp_acl);
-+ errno = ENOMEM;
-+ return -1;
-+ }
-+
-+ /*
-+ * copy the access control and default entries into the buffer
-+ */
-+ memcpy(&acl_buf[0], &acc_acl->acl[0],
-+ acc_acl->count * sizeof(acl_buf[0]));
-+
-+ memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0],
-+ def_acl->count * sizeof(acl_buf[0]));
-+
-+ /*
-+ * set the ACL_DEFAULT flag on the default entries
-+ */
-+ for (i = acc_acl->count; i < acl_count; i++) {
-+ acl_buf[i].a_type |= ACL_DEFAULT;
-+ }
-+
-+ sys_acl_free_acl(tmp_acl);
-+
-+ } else if (type != SMB_ACL_TYPE_ACCESS) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ ret = acl(name, SETACL, acl_count, acl_p);
-+
-+ SAFE_FREE(acl_buf);
-+
-+ return ret;
-+}
-+
-+int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
-+{
-+ if (acl_sort(acl_d) != 0) {
-+ return -1;
-+ }
-+
-+ return facl(fd, SETACL, acl_d->count, &acl_d->acl[0]);
-+}
-+
-+int sys_acl_delete_def_file(const char *path)
-+{
-+ SMB_ACL_T acl_d;
-+ int ret;
-+
-+ /*
-+ * fetching the access ACL and rewriting it has
-+ * the effect of deleting the default ACL
-+ */
-+ if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) {
-+ return -1;
-+ }
-+
-+ ret = acl(path, SETACL, acl_d->count, acl_d->acl);
-+
-+ sys_acl_free_acl(acl_d);
-+
-+ return ret;
-+}
-+
-+int sys_acl_free_text(char *text)
-+{
-+ SAFE_FREE(text);
-+ return 0;
-+}
-+
-+int sys_acl_free_acl(SMB_ACL_T acl_d)
-+{
-+ SAFE_FREE(acl_d);
-+ return 0;
-+}
-+
-+int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
-+{
-+ return 0;
-+}
-+
-+#elif defined(HAVE_HPUX_ACLS)
-+#include <dl.h>
-+
-+/*
-+ * Based on the Solaris/SCO code - with modifications.
-+ */
-+
-+/*
-+ * Note that while this code implements sufficient functionality
-+ * to support the sys_acl_* interfaces it does not provide all
-+ * of the semantics of the POSIX ACL interfaces.
-+ *
-+ * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
-+ * from a call to sys_acl_get_entry() should not be assumed to be
-+ * valid after calling any of the following functions, which may
-+ * reorder the entries in the ACL.
-+ *
-+ * sys_acl_valid()
-+ * sys_acl_set_file()
-+ * sys_acl_set_fd()
-+ */
-+
-+/* This checks if the POSIX ACL system call is defined */
-+/* which basically corresponds to whether JFS 3.3 or */
-+/* higher is installed. If acl() was called when it */
-+/* isn't defined, it causes the process to core dump */
-+/* so it is important to check this and avoid acl() */
-+/* calls if it isn't there. */
-+
-+static BOOL hpux_acl_call_presence(void)
-+{
-+
-+ shl_t handle = NULL;
-+ void *value;
-+ int ret_val=0;
-+ static BOOL already_checked=0;
-+
-+ if(already_checked)
-+ return True;
-+
-+
-+ ret_val = shl_findsym(&handle, "acl", TYPE_PROCEDURE, &value);
-+
-+ if(ret_val != 0) {
-+ DEBUG(5, ("hpux_acl_call_presence: shl_findsym() returned %d, errno = %d, error %s\n",
-+ ret_val, errno, strerror(errno)));
-+ DEBUG(5,("hpux_acl_call_presence: acl() system call is not present. Check if you have JFS 3.3 and above?\n"));
-+ return False;
-+ }
-+
-+ DEBUG(10,("hpux_acl_call_presence: acl() system call is present. We have JFS 3.3 or above \n"));
-+
-+ already_checked = True;
-+ return True;
-+}
-+
-+int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
-+{
-+ if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (entry_p == NULL) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (entry_id == SMB_ACL_FIRST_ENTRY) {
-+ acl_d->next = 0;
-+ }
-+
-+ if (acl_d->next < 0) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (acl_d->next >= acl_d->count) {
-+ return 0;
-+ }
-+
-+ *entry_p = &acl_d->acl[acl_d->next++];
-+
-+ return 1;
-+}
-+
-+int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
-+{
-+ *type_p = entry_d->a_type;
-+
-+ return 0;
-+}
-+
-+int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
-+{
-+ *permset_p = &entry_d->a_perm;
-+
-+ return 0;
-+}
-+
-+void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
-+{
-+ if (entry_d->a_type != SMB_ACL_USER
-+ && entry_d->a_type != SMB_ACL_GROUP) {
-+ errno = EINVAL;
-+ return NULL;
-+ }
-+
-+ return &entry_d->a_id;
-+}
-+
-+/*
-+ * There is no way of knowing what size the ACL returned by
-+ * ACL_GET will be unless you first call ACL_CNT which means
-+ * making an additional system call.
-+ *
-+ * In the hope of avoiding the cost of the additional system
-+ * call in most cases, we initially allocate enough space for
-+ * an ACL with INITIAL_ACL_SIZE entries. If this turns out to
-+ * be too small then we use ACL_CNT to find out the actual
-+ * size, reallocate the ACL buffer, and then call ACL_GET again.
-+ */
-+
-+#define INITIAL_ACL_SIZE 16
-+
-+SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
-+{
-+ SMB_ACL_T acl_d;
-+ int count; /* # of ACL entries allocated */
-+ int naccess; /* # of access ACL entries */
-+ int ndefault; /* # of default ACL entries */
-+
-+ if(hpux_acl_call_presence() == False) {
-+ /* Looks like we don't have the acl() system call on HPUX.
-+ * May be the system doesn't have the latest version of JFS.
-+ */
-+ return NULL;
-+ }
-+
-+ if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
-+ errno = EINVAL;
-+ return NULL;
-+ }
-+
-+ count = INITIAL_ACL_SIZE;
-+ if ((acl_d = sys_acl_init(count)) == NULL) {
-+ return NULL;
-+ }
-+
-+ /*
-+ * If there isn't enough space for the ACL entries we use
-+ * ACL_CNT to determine the actual number of ACL entries
-+ * reallocate and try again. This is in a loop because it
-+ * is possible that someone else could modify the ACL and
-+ * increase the number of entries between the call to
-+ * ACL_CNT and the call to ACL_GET.
-+ */
-+ while ((count = acl(path_p, ACL_GET, count, &acl_d->acl[0])) < 0 && errno == ENOSPC) {
-+
-+ sys_acl_free_acl(acl_d);
-+
-+ if ((count = acl(path_p, ACL_CNT, 0, NULL)) < 0) {
-+ return NULL;
-+ }
-+
-+ if ((acl_d = sys_acl_init(count)) == NULL) {
-+ return NULL;
-+ }
-+ }
-+
-+ if (count < 0) {
-+ sys_acl_free_acl(acl_d);
-+ return NULL;
-+ }
-+
-+ /*
-+ * calculate the number of access and default ACL entries
-+ *
-+ * Note: we assume that the acl() system call returned a
-+ * well formed ACL which is sorted so that all of the
-+ * access ACL entries preceed any default ACL entries
-+ */
-+ for (naccess = 0; naccess < count; naccess++) {
-+ if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
-+ break;
-+ }
-+ ndefault = count - naccess;
-+
-+ /*
-+ * if the caller wants the default ACL we have to copy
-+ * the entries down to the start of the acl[] buffer
-+ * and mask out the ACL_DEFAULT flag from the type field
-+ */
-+ if (type == SMB_ACL_TYPE_DEFAULT) {
-+ int i, j;
-+
-+ for (i = 0, j = naccess; i < ndefault; i++, j++) {
-+ acl_d->acl[i] = acl_d->acl[j];
-+ acl_d->acl[i].a_type &= ~ACL_DEFAULT;
-+ }
-+
-+ acl_d->count = ndefault;
-+ } else {
-+ acl_d->count = naccess;
-+ }
-+
-+ return acl_d;
-+}
-+
-+SMB_ACL_T sys_acl_get_fd(int fd)
-+{
-+ /*
-+ * HPUX doesn't have the facl call. Fake it using the path.... JRA.
-+ */
-+
-+ files_struct *fsp = file_find_fd(fd);
-+
-+ if (fsp == NULL) {
-+ errno = EBADF;
-+ return NULL;
-+ }
-+
-+ /*
-+ * We know we're in the same conn context. So we
-+ * can use the relative path.
-+ */
-+
-+ return sys_acl_get_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS);
-+}
-+
-+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
-+{
-+ *permset_d = 0;
-+
-+ return 0;
-+}
-+
-+int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
-+{
-+ if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
-+ && perm != SMB_ACL_EXECUTE) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (permset_d == NULL) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ *permset_d |= perm;
-+
-+ return 0;
-+}
-+
-+int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
-+{
-+ return *permset_d & perm;
-+}
-+
-+char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
-+{
-+ int i;
-+ int len, maxlen;
-+ char *text;
-+
-+ /*
-+ * use an initial estimate of 20 bytes per ACL entry
-+ * when allocating memory for the text representation
-+ * of the ACL
-+ */
-+ len = 0;
-+ maxlen = 20 * acl_d->count;
-+ if ((text = SMB_MALLOC(maxlen)) == NULL) {
-+ errno = ENOMEM;
-+ return NULL;
-+ }
-+
-+ for (i = 0; i < acl_d->count; i++) {
-+ struct acl *ap = &acl_d->acl[i];
-+ struct passwd *pw;
-+ struct group *gr;
-+ char tagbuf[12];
-+ char idbuf[12];
-+ char *tag;
-+ char *id = "";
-+ char perms[4];
-+ int nbytes;
-+
-+ switch (ap->a_type) {
-+ /*
-+ * for debugging purposes it's probably more
-+ * useful to dump unknown tag types rather
-+ * than just returning an error
-+ */
-+ default:
-+ slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x",
-+ ap->a_type);
-+ tag = tagbuf;
-+ slprintf(idbuf, sizeof(idbuf)-1, "%ld",
-+ (long)ap->a_id);
-+ id = idbuf;
-+ break;
-+
-+ case SMB_ACL_USER:
-+ id = uidtoname(ap->a_id);
-+ case SMB_ACL_USER_OBJ:
-+ tag = "user";
-+ break;
-+
-+ case SMB_ACL_GROUP:
-+ if ((gr = getgrgid(ap->a_id)) == NULL) {
-+ slprintf(idbuf, sizeof(idbuf)-1, "%ld",
-+ (long)ap->a_id);
-+ id = idbuf;
-+ } else {
-+ id = gr->gr_name;
-+ }
-+ case SMB_ACL_GROUP_OBJ:
-+ tag = "group";
-+ break;
-+
-+ case SMB_ACL_OTHER:
-+ tag = "other";
-+ break;
-+
-+ case SMB_ACL_MASK:
-+ tag = "mask";
-+ break;
-+
-+ }
-+
-+ perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-';
-+ perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-';
-+ perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-';
-+ perms[3] = '\0';
-+
-+ /* <tag> : <qualifier> : rwx \n \0 */
-+ nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1;
-+
-+ /*
-+ * If this entry would overflow the buffer
-+ * allocate enough additional memory for this
-+ * entry and an estimate of another 20 bytes
-+ * for each entry still to be processed
-+ */
-+ if ((len + nbytes) > maxlen) {
-+ char *oldtext = text;
-+
-+ maxlen += nbytes + 20 * (acl_d->count - i);
-+
-+ if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) {
-+ free(oldtext);
-+ errno = ENOMEM;
-+ return NULL;
-+ }
-+ }
-+
-+ slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms);
-+ len += nbytes - 1;
-+ }
-+
-+ if (len_p)
-+ *len_p = len;
-+
-+ return text;
-+}
-+
-+SMB_ACL_T sys_acl_init(int count)
-+{
-+ SMB_ACL_T a;
-+
-+ if (count < 0) {
-+ errno = EINVAL;
-+ return NULL;
-+ }
-+
-+ /*
-+ * note that since the definition of the structure pointed
-+ * to by the SMB_ACL_T includes the first element of the
-+ * acl[] array, this actually allocates an ACL with room
-+ * for (count+1) entries
-+ */
-+ if ((a = SMB_MALLOC(sizeof(struct SMB_ACL_T) + count * sizeof(struct acl))) == NULL) {
-+ errno = ENOMEM;
-+ return NULL;
-+ }
-+
-+ a->size = count + 1;
-+ a->count = 0;
-+ a->next = -1;
-+
-+ return a;
-+}
-+
-+
-+int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
-+{
-+ SMB_ACL_T acl_d;
-+ SMB_ACL_ENTRY_T entry_d;
-+
-+ if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (acl_d->count >= acl_d->size) {
-+ errno = ENOSPC;
-+ return -1;
-+ }
-+
-+ entry_d = &acl_d->acl[acl_d->count++];
-+ entry_d->a_type = 0;
-+ entry_d->a_id = -1;
-+ entry_d->a_perm = 0;
-+ *entry_p = entry_d;
-+
-+ return 0;
-+}
-+
-+int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
-+{
-+ switch (tag_type) {
-+ case SMB_ACL_USER:
-+ case SMB_ACL_USER_OBJ:
-+ case SMB_ACL_GROUP:
-+ case SMB_ACL_GROUP_OBJ:
-+ case SMB_ACL_OTHER:
-+ case SMB_ACL_MASK:
-+ entry_d->a_type = tag_type;
-+ break;
-+ default:
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ return 0;
-+}
-+
-+int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
-+{
-+ if (entry_d->a_type != SMB_ACL_GROUP
-+ && entry_d->a_type != SMB_ACL_USER) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ entry_d->a_id = *((id_t *)qual_p);
-+
-+ return 0;
-+}
-+
-+int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
-+{
-+ if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
-+ return EINVAL;
-+ }
-+
-+ entry_d->a_perm = *permset_d;
-+
-+ return 0;
-+}
-+
-+/* Structure to capture the count for each type of ACE. */
-+
-+struct hpux_acl_types {
-+ int n_user;
-+ int n_def_user;
-+ int n_user_obj;
-+ int n_def_user_obj;
-+
-+ int n_group;
-+ int n_def_group;
-+ int n_group_obj;
-+ int n_def_group_obj;
-+
-+ int n_other;
-+ int n_other_obj;
-+ int n_def_other_obj;
-+
-+ int n_class_obj;
-+ int n_def_class_obj;
-+
-+ int n_illegal_obj;
-+};
-+
-+/* count_obj:
-+ * Counts the different number of objects in a given array of ACL
-+ * structures.
-+ * Inputs:
-+ *
-+ * acl_count - Count of ACLs in the array of ACL strucutres.
-+ * aclp - Array of ACL structures.
-+ * acl_type_count - Pointer to acl_types structure. Should already be
-+ * allocated.
-+ * Output:
-+ *
-+ * acl_type_count - This structure is filled up with counts of various
-+ * acl types.
-+ */
-+
-+static int hpux_count_obj(int acl_count, struct acl *aclp, struct hpux_acl_types *acl_type_count)
-+{
-+ int i;
-+
-+ memset(acl_type_count, 0, sizeof(struct hpux_acl_types));
-+
-+ for(i=0;i<acl_count;i++) {
-+ switch(aclp[i].a_type) {
-+ case USER:
-+ acl_type_count->n_user++;
-+ break;
-+ case USER_OBJ:
-+ acl_type_count->n_user_obj++;
-+ break;
-+ case DEF_USER_OBJ:
-+ acl_type_count->n_def_user_obj++;
-+ break;
-+ case GROUP:
-+ acl_type_count->n_group++;
-+ break;
-+ case GROUP_OBJ:
-+ acl_type_count->n_group_obj++;
-+ break;
-+ case DEF_GROUP_OBJ:
-+ acl_type_count->n_def_group_obj++;
-+ break;
-+ case OTHER_OBJ:
-+ acl_type_count->n_other_obj++;
-+ break;
-+ case DEF_OTHER_OBJ:
-+ acl_type_count->n_def_other_obj++;
-+ break;
-+ case CLASS_OBJ:
-+ acl_type_count->n_class_obj++;
-+ break;
-+ case DEF_CLASS_OBJ:
-+ acl_type_count->n_def_class_obj++;
-+ break;
-+ case DEF_USER:
-+ acl_type_count->n_def_user++;
-+ break;
-+ case DEF_GROUP:
-+ acl_type_count->n_def_group++;
-+ break;
-+ default:
-+ acl_type_count->n_illegal_obj++;
-+ break;
-+ }
-+ }
-+}
-+
-+/* swap_acl_entries: Swaps two ACL entries.
-+ *
-+ * Inputs: aclp0, aclp1 - ACL entries to be swapped.
-+ */
-+
-+static void hpux_swap_acl_entries(struct acl *aclp0, struct acl *aclp1)
-+{
-+ struct acl temp_acl;
-+
-+ temp_acl.a_type = aclp0->a_type;
-+ temp_acl.a_id = aclp0->a_id;
-+ temp_acl.a_perm = aclp0->a_perm;
-+
-+ aclp0->a_type = aclp1->a_type;
-+ aclp0->a_id = aclp1->a_id;
-+ aclp0->a_perm = aclp1->a_perm;
-+
-+ aclp1->a_type = temp_acl.a_type;
-+ aclp1->a_id = temp_acl.a_id;
-+ aclp1->a_perm = temp_acl.a_perm;
-+}
-+
-+/* prohibited_duplicate_type
-+ * Identifies if given ACL type can have duplicate entries or
-+ * not.
-+ *
-+ * Inputs: acl_type - ACL Type.
-+ *
-+ * Outputs:
-+ *
-+ * Return..
-+ *
-+ * True - If the ACL type matches any of the prohibited types.
-+ * False - If the ACL type doesn't match any of the prohibited types.
-+ */
-+
-+static BOOL hpux_prohibited_duplicate_type(int acl_type)
-+{
-+ switch(acl_type) {
-+ case USER:
-+ case GROUP:
-+ case DEF_USER:
-+ case DEF_GROUP:
-+ return True;
-+ default:
-+ return False;
-+ }
-+}
-+
-+/* get_needed_class_perm
-+ * Returns the permissions of a ACL structure only if the ACL
-+ * type matches one of the pre-determined types for computing
-+ * CLASS_OBJ permissions.
-+ *
-+ * Inputs: aclp - Pointer to ACL structure.
-+ */
-+
-+static int hpux_get_needed_class_perm(struct acl *aclp)
-+{
-+ switch(aclp->a_type) {
-+ case USER:
-+ case GROUP_OBJ:
-+ case GROUP:
-+ case DEF_USER_OBJ:
-+ case DEF_USER:
-+ case DEF_GROUP_OBJ:
-+ case DEF_GROUP:
-+ case DEF_CLASS_OBJ:
-+ case DEF_OTHER_OBJ:
-+ return aclp->a_perm;
-+ default:
-+ return 0;
-+ }
-+}
-+
-+/* acl_sort for HPUX.
-+ * Sorts the array of ACL structures as per the description in
-+ * aclsort man page. Refer to aclsort man page for more details
-+ *
-+ * Inputs:
-+ *
-+ * acl_count - Count of ACLs in the array of ACL structures.
-+ * calclass - If this is not zero, then we compute the CLASS_OBJ
-+ * permissions.
-+ * aclp - Array of ACL structures.
-+ *
-+ * Outputs:
-+ *
-+ * aclp - Sorted array of ACL structures.
-+ *
-+ * Outputs:
-+ *
-+ * Returns 0 for success -1 for failure. Prints a message to the Samba
-+ * debug log in case of failure.
-+ */
-+
-+static int hpux_acl_sort(int acl_count, int calclass, struct acl *aclp)
-+{
-+#if !defined(HAVE_HPUX_ACLSORT)
-+ /*
-+ * The aclsort() system call is availabe on the latest HPUX General
-+ * Patch Bundles. So for HPUX, we developed our version of acl_sort
-+ * function. Because, we don't want to update to a new
-+ * HPUX GR bundle just for aclsort() call.
-+ */
-+
-+ struct hpux_acl_types acl_obj_count;
-+ int n_class_obj_perm = 0;
-+ int i, j;
-+
-+ if(!acl_count) {
-+ DEBUG(10,("Zero acl count passed. Returning Success\n"));
-+ return 0;
-+ }
-+
-+ if(aclp == NULL) {
-+ DEBUG(0,("Null ACL pointer in hpux_acl_sort. Returning Failure. \n"));
-+ return -1;
-+ }
-+
-+ /* Count different types of ACLs in the ACLs array */
-+
-+ hpux_count_obj(acl_count, aclp, &acl_obj_count);
-+
-+ /* There should be only one entry each of type USER_OBJ, GROUP_OBJ,
-+ * CLASS_OBJ and OTHER_OBJ
-+ */
-+
-+ if( (acl_obj_count.n_user_obj != 1) ||
-+ (acl_obj_count.n_group_obj != 1) ||
-+ (acl_obj_count.n_class_obj != 1) ||
-+ (acl_obj_count.n_other_obj != 1)
-+ ) {
-+ DEBUG(0,("hpux_acl_sort: More than one entry or no entries for \
-+USER OBJ or GROUP_OBJ or OTHER_OBJ or CLASS_OBJ\n"));
-+ return -1;
-+ }
-+
-+ /* If any of the default objects are present, there should be only
-+ * one of them each.
-+ */
-+
-+ if( (acl_obj_count.n_def_user_obj > 1) || (acl_obj_count.n_def_group_obj > 1) ||
-+ (acl_obj_count.n_def_other_obj > 1) || (acl_obj_count.n_def_class_obj > 1) ) {
-+ DEBUG(0,("hpux_acl_sort: More than one entry for DEF_CLASS_OBJ \
-+or DEF_USER_OBJ or DEF_GROUP_OBJ or DEF_OTHER_OBJ\n"));
-+ return -1;
-+ }
-+
-+ /* We now have proper number of OBJ and DEF_OBJ entries. Now sort the acl
-+ * structures.
-+ *
-+ * Sorting crieteria - First sort by ACL type. If there are multiple entries of
-+ * same ACL type, sort by ACL id.
-+ *
-+ * I am using the trival kind of sorting method here because, performance isn't
-+ * really effected by the ACLs feature. More over there aren't going to be more
-+ * than 17 entries on HPUX.
-+ */
-+
-+ for(i=0; i<acl_count;i++) {
-+ for (j=i+1; j<acl_count; j++) {
-+ if( aclp[i].a_type > aclp[j].a_type ) {
-+ /* ACL entries out of order, swap them */
-+
-+ hpux_swap_acl_entries((aclp+i), (aclp+j));
-+
-+ } else if ( aclp[i].a_type == aclp[j].a_type ) {
-+
-+ /* ACL entries of same type, sort by id */
-+
-+ if(aclp[i].a_id > aclp[j].a_id) {
-+ hpux_swap_acl_entries((aclp+i), (aclp+j));
-+ } else if (aclp[i].a_id == aclp[j].a_id) {
-+ /* We have a duplicate entry. */
-+ if(hpux_prohibited_duplicate_type(aclp[i].a_type)) {
-+ DEBUG(0, ("hpux_acl_sort: Duplicate entry: Type(hex): %x Id: %d\n",
-+ aclp[i].a_type, aclp[i].a_id));
-+ return -1;
-+ }
-+ }
-+
-+ }
-+ }
-+ }
-+
-+ /* set the class obj permissions to the computed one. */
-+ if(calclass) {
-+ int n_class_obj_index = -1;
-+
-+ for(i=0;i<acl_count;i++) {
-+ n_class_obj_perm |= hpux_get_needed_class_perm((aclp+i));
-+
-+ if(aclp[i].a_type == CLASS_OBJ)
-+ n_class_obj_index = i;
-+ }
-+ aclp[n_class_obj_index].a_perm = n_class_obj_perm;
-+ }
-+
-+ return 0;
-+#else
-+ return aclsort(acl_count, calclass, aclp);
-+#endif
-+}
-+
-+/*
-+ * sort the ACL and check it for validity
-+ *
-+ * if it's a minimal ACL with only 4 entries then we
-+ * need to recalculate the mask permissions to make
-+ * sure that they are the same as the GROUP_OBJ
-+ * permissions as required by the UnixWare acl() system call.
-+ *
-+ * (note: since POSIX allows minimal ACLs which only contain
-+ * 3 entries - ie there is no mask entry - we should, in theory,
-+ * check for this and add a mask entry if necessary - however
-+ * we "know" that the caller of this interface always specifies
-+ * a mask so, in practice "this never happens" (tm) - if it *does*
-+ * happen aclsort() will fail and return an error and someone will
-+ * have to fix it ...)
-+ */
-+
-+static int acl_sort(SMB_ACL_T acl_d)
-+{
-+ int fixmask = (acl_d->count <= 4);
-+
-+ if (hpux_acl_sort(acl_d->count, fixmask, acl_d->acl) != 0) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+ return 0;
-+}
-+
-+int sys_acl_valid(SMB_ACL_T acl_d)
-+{
-+ return acl_sort(acl_d);
-+}
-+
-+int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
-+{
-+ struct stat s;
-+ struct acl *acl_p;
-+ int acl_count;
-+ struct acl *acl_buf = NULL;
-+ int ret;
-+
-+ if(hpux_acl_call_presence() == False) {
-+ /* Looks like we don't have the acl() system call on HPUX.
-+ * May be the system doesn't have the latest version of JFS.
-+ */
-+ errno=ENOSYS;
-+ return -1;
-+ }
-+
-+ if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (acl_sort(acl_d) != 0) {
-+ return -1;
-+ }
-+
-+ acl_p = &acl_d->acl[0];
-+ acl_count = acl_d->count;
-+
-+ /*
-+ * if it's a directory there is extra work to do
-+ * since the acl() system call will replace both
-+ * the access ACLs and the default ACLs (if any)
-+ */
-+ if (stat(name, &s) != 0) {
-+ return -1;
-+ }
-+ if (S_ISDIR(s.st_mode)) {
-+ SMB_ACL_T acc_acl;
-+ SMB_ACL_T def_acl;
-+ SMB_ACL_T tmp_acl;
-+ int i;
-+
-+ if (type == SMB_ACL_TYPE_ACCESS) {
-+ acc_acl = acl_d;
-+ def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
-+
-+ } else {
-+ def_acl = acl_d;
-+ acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
-+ }
-+
-+ if (tmp_acl == NULL) {
-+ return -1;
-+ }
-+
-+ /*
-+ * allocate a temporary buffer for the complete ACL
-+ */
-+ acl_count = acc_acl->count + def_acl->count;
-+ acl_p = acl_buf = SMB_MALLOC_ARRAY(struct acl, acl_count);
-+
-+ if (acl_buf == NULL) {
-+ sys_acl_free_acl(tmp_acl);
-+ errno = ENOMEM;
-+ return -1;
-+ }
-+
-+ /*
-+ * copy the access control and default entries into the buffer
-+ */
-+ memcpy(&acl_buf[0], &acc_acl->acl[0],
-+ acc_acl->count * sizeof(acl_buf[0]));
-+
-+ memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0],
-+ def_acl->count * sizeof(acl_buf[0]));
-+
-+ /*
-+ * set the ACL_DEFAULT flag on the default entries
-+ */
-+ for (i = acc_acl->count; i < acl_count; i++) {
-+ acl_buf[i].a_type |= ACL_DEFAULT;
-+ }
-+
-+ sys_acl_free_acl(tmp_acl);
-+
-+ } else if (type != SMB_ACL_TYPE_ACCESS) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ ret = acl(name, ACL_SET, acl_count, acl_p);
-+
-+ if (acl_buf) {
-+ free(acl_buf);
-+ }
-+
-+ return ret;
-+}
-+
-+int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
-+{
-+ /*
-+ * HPUX doesn't have the facl call. Fake it using the path.... JRA.
-+ */
-+
-+ files_struct *fsp = file_find_fd(fd);
-+
-+ if (fsp == NULL) {
-+ errno = EBADF;
-+ return NULL;
-+ }
-+
-+ if (acl_sort(acl_d) != 0) {
-+ return -1;
-+ }
-+
-+ /*
-+ * We know we're in the same conn context. So we
-+ * can use the relative path.
-+ */
-+
-+ return sys_acl_set_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS, acl_d);
-+}
-+
-+int sys_acl_delete_def_file(const char *path)
-+{
-+ SMB_ACL_T acl_d;
-+ int ret;
-+
-+ /*
-+ * fetching the access ACL and rewriting it has
-+ * the effect of deleting the default ACL
-+ */
-+ if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) {
-+ return -1;
-+ }
-+
-+ ret = acl(path, ACL_SET, acl_d->count, acl_d->acl);
-+
-+ sys_acl_free_acl(acl_d);
-+
-+ return ret;
-+}
-+
-+int sys_acl_free_text(char *text)
-+{
-+ free(text);
-+ return 0;
-+}
-+
-+int sys_acl_free_acl(SMB_ACL_T acl_d)
-+{
-+ free(acl_d);
-+ return 0;
-+}
-+
-+int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
-+{
-+ return 0;
-+}
-+
-+#elif defined(HAVE_IRIX_ACLS)
-+
-+int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
-+{
-+ if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (entry_p == NULL) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (entry_id == SMB_ACL_FIRST_ENTRY) {
-+ acl_d->next = 0;
-+ }
-+
-+ if (acl_d->next < 0) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (acl_d->next >= acl_d->aclp->acl_cnt) {
-+ return 0;
-+ }
-+
-+ *entry_p = &acl_d->aclp->acl_entry[acl_d->next++];
-+
-+ return 1;
-+}
-+
-+int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
-+{
-+ *type_p = entry_d->ae_tag;
-+
-+ return 0;
-+}
-+
-+int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
-+{
-+ *permset_p = entry_d;
-+
-+ return 0;
-+}
-+
-+void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
-+{
-+ if (entry_d->ae_tag != SMB_ACL_USER
-+ && entry_d->ae_tag != SMB_ACL_GROUP) {
-+ errno = EINVAL;
-+ return NULL;
-+ }
-+
-+ return &entry_d->ae_id;
-+}
-+
-+SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
-+{
-+ SMB_ACL_T a;
-+
-+ if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) {
-+ errno = ENOMEM;
-+ return NULL;
-+ }
-+ if ((a->aclp = acl_get_file(path_p, type)) == NULL) {
-+ SAFE_FREE(a);
-+ return NULL;
-+ }
-+ a->next = -1;
-+ a->freeaclp = True;
-+ return a;
-+}
-+
-+SMB_ACL_T sys_acl_get_fd(int fd)
-+{
-+ SMB_ACL_T a;
-+
-+ if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) {
-+ errno = ENOMEM;
-+ return NULL;
-+ }
-+ if ((a->aclp = acl_get_fd(fd)) == NULL) {
-+ SAFE_FREE(a);
-+ return NULL;
-+ }
-+ a->next = -1;
-+ a->freeaclp = True;
-+ return a;
-+}
-+
-+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
-+{
-+ permset_d->ae_perm = 0;
-+
-+ return 0;
-+}
-+
-+int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
-+{
-+ if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
-+ && perm != SMB_ACL_EXECUTE) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (permset_d == NULL) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ permset_d->ae_perm |= perm;
-+
-+ return 0;
-+}
-+
-+int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
-+{
-+ return permset_d->ae_perm & perm;
-+}
-+
-+char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
-+{
-+ return acl_to_text(acl_d->aclp, len_p);
-+}
-+
-+SMB_ACL_T sys_acl_init(int count)
-+{
-+ SMB_ACL_T a;
-+
-+ if (count < 0) {
-+ errno = EINVAL;
-+ return NULL;
-+ }
-+
-+ if ((a = SMB_MALLOC(sizeof(struct SMB_ACL_T) + sizeof(struct acl))) == NULL) {
-+ errno = ENOMEM;
-+ return NULL;
-+ }
-+
-+ a->next = -1;
-+ a->freeaclp = False;
-+ a->aclp = (struct acl *)(&a->aclp + sizeof(struct acl *));
-+ a->aclp->acl_cnt = 0;
-+
-+ return a;
-+}
-+
-+
-+int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
-+{
-+ SMB_ACL_T acl_d;
-+ SMB_ACL_ENTRY_T entry_d;
-+
-+ if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (acl_d->aclp->acl_cnt >= ACL_MAX_ENTRIES) {
-+ errno = ENOSPC;
-+ return -1;
-+ }
-+
-+ entry_d = &acl_d->aclp->acl_entry[acl_d->aclp->acl_cnt++];
-+ entry_d->ae_tag = 0;
-+ entry_d->ae_id = 0;
-+ entry_d->ae_perm = 0;
-+ *entry_p = entry_d;
-+
-+ return 0;
-+}
-+
-+int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
-+{
-+ switch (tag_type) {
-+ case SMB_ACL_USER:
-+ case SMB_ACL_USER_OBJ:
-+ case SMB_ACL_GROUP:
-+ case SMB_ACL_GROUP_OBJ:
-+ case SMB_ACL_OTHER:
-+ case SMB_ACL_MASK:
-+ entry_d->ae_tag = tag_type;
-+ break;
-+ default:
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ return 0;
-+}
-+
-+int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
-+{
-+ if (entry_d->ae_tag != SMB_ACL_GROUP
-+ && entry_d->ae_tag != SMB_ACL_USER) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ entry_d->ae_id = *((id_t *)qual_p);
-+
-+ return 0;
-+}
-+
-+int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
-+{
-+ if (permset_d->ae_perm & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
-+ return EINVAL;
-+ }
-+
-+ entry_d->ae_perm = permset_d->ae_perm;
-+
-+ return 0;
-+}
-+
-+int sys_acl_valid(SMB_ACL_T acl_d)
-+{
-+ return acl_valid(acl_d->aclp);
-+}
-+
-+int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
-+{
-+ return acl_set_file(name, type, acl_d->aclp);
-+}
-+
-+int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
-+{
-+ return acl_set_fd(fd, acl_d->aclp);
-+}
-+
-+int sys_acl_delete_def_file(const char *name)
-+{
-+ return acl_delete_def_file(name);
-+}
-+
-+int sys_acl_free_text(char *text)
-+{
-+ return acl_free(text);
-+}
-+
-+int sys_acl_free_acl(SMB_ACL_T acl_d)
-+{
-+ if (acl_d->freeaclp) {
-+ acl_free(acl_d->aclp);
-+ }
-+ acl_free(acl_d);
-+ return 0;
-+}
-+
-+int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
-+{
-+ return 0;
-+}
-+
-+#elif defined(HAVE_AIX_ACLS)
-+
-+/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
-+
-+int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
-+{
-+ struct acl_entry_link *link;
-+ struct new_acl_entry *entry;
-+ int keep_going;
-+
-+ DEBUG(10,("This is the count: %d\n",theacl->count));
-+
-+ /* Check if count was previously set to -1. *
-+ * If it was, that means we reached the end *
-+ * of the acl last time. */
-+ if(theacl->count == -1)
-+ return(0);
-+
-+ link = theacl;
-+ /* To get to the next acl, traverse linked list until index *
-+ * of acl matches the count we are keeping. This count is *
-+ * incremented each time we return an acl entry. */
-+
-+ for(keep_going = 0; keep_going < theacl->count; keep_going++)
-+ link = link->nextp;
-+
-+ entry = *entry_p = link->entryp;
-+
-+ DEBUG(10,("*entry_p is %d\n",entry_p));
-+ DEBUG(10,("*entry_p->ace_access is %d\n",entry->ace_access));
-+
-+ /* Increment count */
-+ theacl->count++;
-+ if(link->nextp == NULL)
-+ theacl->count = -1;
-+
-+ return(1);
-+}
-+
-+int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
-+{
-+ /* Initialize tag type */
-+
-+ *tag_type_p = -1;
-+ DEBUG(10,("the tagtype is %d\n",entry_d->ace_id->id_type));
-+
-+ /* Depending on what type of entry we have, *
-+ * return tag type. */
-+ switch(entry_d->ace_id->id_type) {
-+ case ACEID_USER:
-+ *tag_type_p = SMB_ACL_USER;
-+ break;
-+ case ACEID_GROUP:
-+ *tag_type_p = SMB_ACL_GROUP;
-+ break;
-+
-+ case SMB_ACL_USER_OBJ:
-+ case SMB_ACL_GROUP_OBJ:
-+ case SMB_ACL_OTHER:
-+ *tag_type_p = entry_d->ace_id->id_type;
-+ break;
-+
-+ default:
-+ return(-1);
-+ }
-+
-+ return(0);
-+}
-+
-+int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
-+{
-+ DEBUG(10,("Starting AIX sys_acl_get_permset\n"));
-+ *permset_p = &entry_d->ace_access;
-+ DEBUG(10,("**permset_p is %d\n",**permset_p));
-+ if(!(**permset_p & S_IXUSR) &&
-+ !(**permset_p & S_IWUSR) &&
-+ !(**permset_p & S_IRUSR) &&
-+ (**permset_p != 0))
-+ return(-1);
-+
-+ DEBUG(10,("Ending AIX sys_acl_get_permset\n"));
-+ return(0);
-+}
-+
-+void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
-+{
-+ return(entry_d->ace_id->id_data);
-+}
-+
-+SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
-+{
-+ struct acl *file_acl = (struct acl *)NULL;
-+ struct acl_entry *acl_entry;
-+ struct new_acl_entry *new_acl_entry;
-+ struct ace_id *idp;
-+ struct acl_entry_link *acl_entry_link;
-+ struct acl_entry_link *acl_entry_link_head;
-+ int i;
-+ int rc = 0;
-+ uid_t user_id;
-+
-+ /* AIX has no DEFAULT */
-+ if ( type == SMB_ACL_TYPE_DEFAULT )
-+ return NULL;
-+
-+ /* Get the acl using statacl */
-+
-+ DEBUG(10,("Entering sys_acl_get_file\n"));
-+ DEBUG(10,("path_p is %s\n",path_p));
-+
-+ file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
-+
-+ if(file_acl == NULL) {
-+ errno=ENOMEM;
-+ DEBUG(0,("Error in AIX sys_acl_get_file: %d\n",errno));
-+ return(NULL);
-+ }
-+
-+ memset(file_acl,0,BUFSIZ);
-+
-+ rc = statacl((char *)path_p,0,file_acl,BUFSIZ);
-+ if(rc == -1) {
-+ DEBUG(0,("statacl returned %d with errno %d\n",rc,errno));
-+ SAFE_FREE(file_acl);
-+ return(NULL);
-+ }
-+
-+ DEBUG(10,("Got facl and returned it\n"));
-+
-+ /* Point to the first acl entry in the acl */
-+ acl_entry = file_acl->acl_ext;
-+
-+ /* Begin setting up the head of the linked list *
-+ * that will be used for the storing the acl *
-+ * in a way that is useful for the posix_acls.c *
-+ * code. */
-+
-+ acl_entry_link_head = acl_entry_link = sys_acl_init(0);
-+ if(acl_entry_link_head == NULL)
-+ return(NULL);
-+
-+ acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
-+ if(acl_entry_link->entryp == NULL) {
-+ SAFE_FREE(file_acl);
-+ errno = ENOMEM;
-+ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
-+ return(NULL);
-+ }
-+
-+ DEBUG(10,("acl_entry is %d\n",acl_entry));
-+ DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl)));
-+
-+ /* Check if the extended acl bit is on. *
-+ * If it isn't, do not show the *
-+ * contents of the acl since AIX intends *
-+ * the extended info to remain unused */
-+
-+ if(file_acl->acl_mode & S_IXACL){
-+ /* while we are not pointing to the very end */
-+ while(acl_entry < acl_last(file_acl)) {
-+ /* before we malloc anything, make sure this is */
-+ /* a valid acl entry and one that we want to map */
-+ idp = id_nxt(acl_entry->ace_id);
-+ if((acl_entry->ace_type == ACC_SPECIFY ||
-+ (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) {
-+ acl_entry = acl_nxt(acl_entry);
-+ continue;
-+ }
-+
-+ idp = acl_entry->ace_id;
-+
-+ /* Check if this is the first entry in the linked list. *
-+ * The first entry needs to keep prevp pointing to NULL *
-+ * and already has entryp allocated. */
-+
-+ if(acl_entry_link_head->count != 0) {
-+ acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
-+
-+ if(acl_entry_link->nextp == NULL) {
-+ SAFE_FREE(file_acl);
-+ errno = ENOMEM;
-+ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
-+ return(NULL);
-+ }
-+
-+ acl_entry_link->nextp->prevp = acl_entry_link;
-+ acl_entry_link = acl_entry_link->nextp;
-+ acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
-+ if(acl_entry_link->entryp == NULL) {
-+ SAFE_FREE(file_acl);
-+ errno = ENOMEM;
-+ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
-+ return(NULL);
-+ }
-+ acl_entry_link->nextp = NULL;
-+ }
-+
-+ acl_entry_link->entryp->ace_len = acl_entry->ace_len;
-+
-+ /* Don't really need this since all types are going *
-+ * to be specified but, it's better than leaving it 0 */
-+
-+ acl_entry_link->entryp->ace_type = acl_entry->ace_type;
-+
-+ acl_entry_link->entryp->ace_access = acl_entry->ace_access;
-+
-+ memcpy(acl_entry_link->entryp->ace_id,idp,sizeof(struct ace_id));
-+
-+ /* The access in the acl entries must be left shifted by *
-+ * three bites, because they will ultimately be compared *
-+ * to S_IRUSR, S_IWUSR, and S_IXUSR. */
-+
-+ switch(acl_entry->ace_type){
-+ case ACC_PERMIT:
-+ case ACC_SPECIFY:
-+ acl_entry_link->entryp->ace_access = acl_entry->ace_access;
-+ acl_entry_link->entryp->ace_access <<= 6;
-+ acl_entry_link_head->count++;
-+ break;
-+ case ACC_DENY:
-+ /* Since there is no way to return a DENY acl entry *
-+ * change to PERMIT and then shift. */
-+ DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access));
-+ acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7;
-+ DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access));
-+ acl_entry_link->entryp->ace_access <<= 6;
-+ acl_entry_link_head->count++;
-+ break;
-+ default:
-+ return(0);
-+ }
-+
-+ DEBUG(10,("acl_entry = %d\n",acl_entry));
-+ DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type));
-+
-+ acl_entry = acl_nxt(acl_entry);
-+ }
-+ } /* end of if enabled */
-+
-+ /* Since owner, group, other acl entries are not *
-+ * part of the acl entries in an acl, they must *
-+ * be dummied up to become part of the list. */
-+
-+ for( i = 1; i < 4; i++) {
-+ DEBUG(10,("i is %d\n",i));
-+ if(acl_entry_link_head->count != 0) {
-+ acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
-+ if(acl_entry_link->nextp == NULL) {
-+ SAFE_FREE(file_acl);
-+ errno = ENOMEM;
-+ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
-+ return(NULL);
-+ }
-+
-+ acl_entry_link->nextp->prevp = acl_entry_link;
-+ acl_entry_link = acl_entry_link->nextp;
-+ acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
-+ if(acl_entry_link->entryp == NULL) {
-+ SAFE_FREE(file_acl);
-+ errno = ENOMEM;
-+ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
-+ return(NULL);
-+ }
-+ }
-+
-+ acl_entry_link->nextp = NULL;
-+
-+ new_acl_entry = acl_entry_link->entryp;
-+ idp = new_acl_entry->ace_id;
-+
-+ new_acl_entry->ace_len = sizeof(struct acl_entry);
-+ new_acl_entry->ace_type = ACC_PERMIT;
-+ idp->id_len = sizeof(struct ace_id);
-+ DEBUG(10,("idp->id_len = %d\n",idp->id_len));
-+ memset(idp->id_data,0,sizeof(uid_t));
-+
-+ switch(i) {
-+ case 2:
-+ new_acl_entry->ace_access = file_acl->g_access << 6;
-+ idp->id_type = SMB_ACL_GROUP_OBJ;
-+ break;
-+
-+ case 3:
-+ new_acl_entry->ace_access = file_acl->o_access << 6;
-+ idp->id_type = SMB_ACL_OTHER;
-+ break;
-+
-+ case 1:
-+ new_acl_entry->ace_access = file_acl->u_access << 6;
-+ idp->id_type = SMB_ACL_USER_OBJ;
-+ break;
-+
-+ default:
-+ return(NULL);
-+
-+ }
-+
-+ acl_entry_link_head->count++;
-+ DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access));
-+ }
-+
-+ acl_entry_link_head->count = 0;
-+ SAFE_FREE(file_acl);
-+
-+ return(acl_entry_link_head);
-+}
-+
-+SMB_ACL_T sys_acl_get_fd(int fd)
-+{
-+ struct acl *file_acl = (struct acl *)NULL;
-+ struct acl_entry *acl_entry;
-+ struct new_acl_entry *new_acl_entry;
-+ struct ace_id *idp;
-+ struct acl_entry_link *acl_entry_link;
-+ struct acl_entry_link *acl_entry_link_head;
-+ int i;
-+ int rc = 0;
-+ uid_t user_id;
-+
-+ /* Get the acl using fstatacl */
-+
-+ DEBUG(10,("Entering sys_acl_get_fd\n"));
-+ DEBUG(10,("fd is %d\n",fd));
-+ file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
-+
-+ if(file_acl == NULL) {
-+ errno=ENOMEM;
-+ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
-+ return(NULL);
-+ }
-+
-+ memset(file_acl,0,BUFSIZ);
-+
-+ rc = fstatacl(fd,0,file_acl,BUFSIZ);
-+ if(rc == -1) {
-+ DEBUG(0,("The fstatacl call returned %d with errno %d\n",rc,errno));
-+ SAFE_FREE(file_acl);
-+ return(NULL);
-+ }
-+
-+ DEBUG(10,("Got facl and returned it\n"));
-+
-+ /* Point to the first acl entry in the acl */
-+
-+ acl_entry = file_acl->acl_ext;
-+ /* Begin setting up the head of the linked list *
-+ * that will be used for the storing the acl *
-+ * in a way that is useful for the posix_acls.c *
-+ * code. */
-+
-+ acl_entry_link_head = acl_entry_link = sys_acl_init(0);
-+ if(acl_entry_link_head == NULL){
-+ SAFE_FREE(file_acl);
-+ return(NULL);
-+ }
-+
-+ acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
-+
-+ if(acl_entry_link->entryp == NULL) {
-+ errno = ENOMEM;
-+ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
-+ SAFE_FREE(file_acl);
-+ return(NULL);
-+ }
-+
-+ DEBUG(10,("acl_entry is %d\n",acl_entry));
-+ DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl)));
-+
-+ /* Check if the extended acl bit is on. *
-+ * If it isn't, do not show the *
-+ * contents of the acl since AIX intends *
-+ * the extended info to remain unused */
-+
-+ if(file_acl->acl_mode & S_IXACL){
-+ /* while we are not pointing to the very end */
-+ while(acl_entry < acl_last(file_acl)) {
-+ /* before we malloc anything, make sure this is */
-+ /* a valid acl entry and one that we want to map */
-+
-+ idp = id_nxt(acl_entry->ace_id);
-+ if((acl_entry->ace_type == ACC_SPECIFY ||
-+ (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) {
-+ acl_entry = acl_nxt(acl_entry);
-+ continue;
-+ }
-+
-+ idp = acl_entry->ace_id;
-+
-+ /* Check if this is the first entry in the linked list. *
-+ * The first entry needs to keep prevp pointing to NULL *
-+ * and already has entryp allocated. */
-+
-+ if(acl_entry_link_head->count != 0) {
-+ acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
-+ if(acl_entry_link->nextp == NULL) {
-+ errno = ENOMEM;
-+ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
-+ SAFE_FREE(file_acl);
-+ return(NULL);
-+ }
-+ acl_entry_link->nextp->prevp = acl_entry_link;
-+ acl_entry_link = acl_entry_link->nextp;
-+ acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
-+ if(acl_entry_link->entryp == NULL) {
-+ errno = ENOMEM;
-+ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
-+ SAFE_FREE(file_acl);
-+ return(NULL);
-+ }
-+
-+ acl_entry_link->nextp = NULL;
-+ }
-+
-+ acl_entry_link->entryp->ace_len = acl_entry->ace_len;
-+
-+ /* Don't really need this since all types are going *
-+ * to be specified but, it's better than leaving it 0 */
-+
-+ acl_entry_link->entryp->ace_type = acl_entry->ace_type;
-+ acl_entry_link->entryp->ace_access = acl_entry->ace_access;
-+
-+ memcpy(acl_entry_link->entryp->ace_id, idp, sizeof(struct ace_id));
-+
-+ /* The access in the acl entries must be left shifted by *
-+ * three bites, because they will ultimately be compared *
-+ * to S_IRUSR, S_IWUSR, and S_IXUSR. */
-+
-+ switch(acl_entry->ace_type){
-+ case ACC_PERMIT:
-+ case ACC_SPECIFY:
-+ acl_entry_link->entryp->ace_access = acl_entry->ace_access;
-+ acl_entry_link->entryp->ace_access <<= 6;
-+ acl_entry_link_head->count++;
-+ break;
-+ case ACC_DENY:
-+ /* Since there is no way to return a DENY acl entry *
-+ * change to PERMIT and then shift. */
-+ DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access));
-+ acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7;
-+ DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access));
-+ acl_entry_link->entryp->ace_access <<= 6;
-+ acl_entry_link_head->count++;
-+ break;
-+ default:
-+ return(0);
-+ }
-+
-+ DEBUG(10,("acl_entry = %d\n",acl_entry));
-+ DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type));
-+
-+ acl_entry = acl_nxt(acl_entry);
-+ }
-+ } /* end of if enabled */
-+
-+ /* Since owner, group, other acl entries are not *
-+ * part of the acl entries in an acl, they must *
-+ * be dummied up to become part of the list. */
-+
-+ for( i = 1; i < 4; i++) {
-+ DEBUG(10,("i is %d\n",i));
-+ if(acl_entry_link_head->count != 0){
-+ acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
-+ if(acl_entry_link->nextp == NULL) {
-+ errno = ENOMEM;
-+ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
-+ SAFE_FREE(file_acl);
-+ return(NULL);
-+ }
-+
-+ acl_entry_link->nextp->prevp = acl_entry_link;
-+ acl_entry_link = acl_entry_link->nextp;
-+ acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
-+
-+ if(acl_entry_link->entryp == NULL) {
-+ SAFE_FREE(file_acl);
-+ errno = ENOMEM;
-+ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
-+ return(NULL);
-+ }
-+ }
-+
-+ acl_entry_link->nextp = NULL;
-+
-+ new_acl_entry = acl_entry_link->entryp;
-+ idp = new_acl_entry->ace_id;
-+
-+ new_acl_entry->ace_len = sizeof(struct acl_entry);
-+ new_acl_entry->ace_type = ACC_PERMIT;
-+ idp->id_len = sizeof(struct ace_id);
-+ DEBUG(10,("idp->id_len = %d\n",idp->id_len));
-+ memset(idp->id_data,0,sizeof(uid_t));
-+
-+ switch(i) {
-+ case 2:
-+ new_acl_entry->ace_access = file_acl->g_access << 6;
-+ idp->id_type = SMB_ACL_GROUP_OBJ;
-+ break;
-+
-+ case 3:
-+ new_acl_entry->ace_access = file_acl->o_access << 6;
-+ idp->id_type = SMB_ACL_OTHER;
-+ break;
-+
-+ case 1:
-+ new_acl_entry->ace_access = file_acl->u_access << 6;
-+ idp->id_type = SMB_ACL_USER_OBJ;
-+ break;
-+
-+ default:
-+ return(NULL);
-+ }
-+
-+ acl_entry_link_head->count++;
-+ DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access));
-+ }
-+
-+ acl_entry_link_head->count = 0;
-+ SAFE_FREE(file_acl);
-+
-+ return(acl_entry_link_head);
-+}
-+
-+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
-+{
-+ *permset = *permset & ~0777;
-+ return(0);
-+}
-+
-+int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
-+{
-+ if((perm != 0) &&
-+ (perm & (S_IXUSR | S_IWUSR | S_IRUSR)) == 0)
-+ return(-1);
-+
-+ *permset |= perm;
-+ DEBUG(10,("This is the permset now: %d\n",*permset));
-+ return(0);
-+}
-+
-+char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen)
-+{
-+ return(NULL);
-+}
-+
-+SMB_ACL_T sys_acl_init( int count)
-+{
-+ struct acl_entry_link *theacl = NULL;
-+
-+ DEBUG(10,("Entering sys_acl_init\n"));
-+
-+ theacl = SMB_MALLOC_P(struct acl_entry_link);
-+ if(theacl == NULL) {
-+ errno = ENOMEM;
-+ DEBUG(0,("Error in sys_acl_init is %d\n",errno));
-+ return(NULL);
-+ }
-+
-+ theacl->count = 0;
-+ theacl->nextp = NULL;
-+ theacl->prevp = NULL;
-+ theacl->entryp = NULL;
-+ DEBUG(10,("Exiting sys_acl_init\n"));
-+ return(theacl);
-+}
-+
-+int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
-+{
-+ struct acl_entry_link *theacl;
-+ struct acl_entry_link *acl_entryp;
-+ struct acl_entry_link *temp_entry;
-+ int counting;
-+
-+ DEBUG(10,("Entering the sys_acl_create_entry\n"));
-+
-+ theacl = acl_entryp = *pacl;
-+
-+ /* Get to the end of the acl before adding entry */
-+
-+ for(counting=0; counting < theacl->count; counting++){
-+ DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
-+ temp_entry = acl_entryp;
-+ acl_entryp = acl_entryp->nextp;
-+ }
-+
-+ if(theacl->count != 0){
-+ temp_entry->nextp = acl_entryp = SMB_MALLOC_P(struct acl_entry_link);
-+ if(acl_entryp == NULL) {
-+ errno = ENOMEM;
-+ DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
-+ return(-1);
-+ }
-+
-+ DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
-+ acl_entryp->prevp = temp_entry;
-+ DEBUG(10,("The acl_entryp->prevp is %d\n",acl_entryp->prevp));
-+ }
-+
-+ *pentry = acl_entryp->entryp = SMB_MALLOC_P(struct new_acl_entry);
-+ if(*pentry == NULL) {
-+ errno = ENOMEM;
-+ DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
-+ return(-1);
-+ }
-+
-+ memset(*pentry,0,sizeof(struct new_acl_entry));
-+ acl_entryp->entryp->ace_len = sizeof(struct acl_entry);
-+ acl_entryp->entryp->ace_type = ACC_PERMIT;
-+ acl_entryp->entryp->ace_id->id_len = sizeof(struct ace_id);
-+ acl_entryp->nextp = NULL;
-+ theacl->count++;
-+ DEBUG(10,("Exiting sys_acl_create_entry\n"));
-+ return(0);
-+}
-+
-+int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
-+{
-+ DEBUG(10,("Starting AIX sys_acl_set_tag_type\n"));
-+ entry->ace_id->id_type = tagtype;
-+ DEBUG(10,("The tag type is %d\n",entry->ace_id->id_type));
-+ DEBUG(10,("Ending AIX sys_acl_set_tag_type\n"));
-+}
-+
-+int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
-+{
-+ DEBUG(10,("Starting AIX sys_acl_set_qualifier\n"));
-+ memcpy(entry->ace_id->id_data,qual,sizeof(uid_t));
-+ DEBUG(10,("Ending AIX sys_acl_set_qualifier\n"));
-+ return(0);
-+}
-+
-+int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
-+{
-+ DEBUG(10,("Starting AIX sys_acl_set_permset\n"));
-+ if(!(*permset & S_IXUSR) &&
-+ !(*permset & S_IWUSR) &&
-+ !(*permset & S_IRUSR) &&
-+ (*permset != 0))
-+ return(-1);
-+
-+ entry->ace_access = *permset;
-+ DEBUG(10,("entry->ace_access = %d\n",entry->ace_access));
-+ DEBUG(10,("Ending AIX sys_acl_set_permset\n"));
-+ return(0);
-+}
-+
-+int sys_acl_valid( SMB_ACL_T theacl )
-+{
-+ int user_obj = 0;
-+ int group_obj = 0;
-+ int other_obj = 0;
-+ struct acl_entry_link *acl_entry;
-+
-+ for(acl_entry=theacl; acl_entry != NULL; acl_entry = acl_entry->nextp) {
-+ user_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_USER_OBJ);
-+ group_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_GROUP_OBJ);
-+ other_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_OTHER);
-+ }
-+
-+ DEBUG(10,("user_obj=%d, group_obj=%d, other_obj=%d\n",user_obj,group_obj,other_obj));
-+
-+ if(user_obj != 1 || group_obj != 1 || other_obj != 1)
-+ return(-1);
-+
-+ return(0);
-+}
-+
-+int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
-+{
-+ struct acl_entry_link *acl_entry_link = NULL;
-+ struct acl *file_acl = NULL;
-+ struct acl *file_acl_temp = NULL;
-+ struct acl_entry *acl_entry = NULL;
-+ struct ace_id *ace_id = NULL;
-+ uint id_type;
-+ uint ace_access;
-+ uint user_id;
-+ uint acl_length;
-+ uint rc;
-+
-+ DEBUG(10,("Entering sys_acl_set_file\n"));
-+ DEBUG(10,("File name is %s\n",name));
-+
-+ /* AIX has no default ACL */
-+ if(acltype == SMB_ACL_TYPE_DEFAULT)
-+ return(0);
-+
-+ acl_length = BUFSIZ;
-+ file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
-+
-+ if(file_acl == NULL) {
-+ errno = ENOMEM;
-+ DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
-+ return(-1);
-+ }
-+
-+ memset(file_acl,0,BUFSIZ);
-+
-+ file_acl->acl_len = ACL_SIZ;
-+ file_acl->acl_mode = S_IXACL;
-+
-+ for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
-+ acl_entry_link->entryp->ace_access >>= 6;
-+ id_type = acl_entry_link->entryp->ace_id->id_type;
-+
-+ switch(id_type) {
-+ case SMB_ACL_USER_OBJ:
-+ file_acl->u_access = acl_entry_link->entryp->ace_access;
-+ continue;
-+ case SMB_ACL_GROUP_OBJ:
-+ file_acl->g_access = acl_entry_link->entryp->ace_access;
-+ continue;
-+ case SMB_ACL_OTHER:
-+ file_acl->o_access = acl_entry_link->entryp->ace_access;
-+ continue;
-+ case SMB_ACL_MASK:
-+ continue;
-+ }
-+
-+ if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
-+ acl_length += sizeof(struct acl_entry);
-+ file_acl_temp = (struct acl *)SMB_MALLOC(acl_length);
-+ if(file_acl_temp == NULL) {
-+ SAFE_FREE(file_acl);
-+ errno = ENOMEM;
-+ DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
-+ return(-1);
-+ }
-+
-+ memcpy(file_acl_temp,file_acl,file_acl->acl_len);
-+ SAFE_FREE(file_acl);
-+ file_acl = file_acl_temp;
-+ }
-+
-+ acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
-+ file_acl->acl_len += sizeof(struct acl_entry);
-+ acl_entry->ace_len = acl_entry_link->entryp->ace_len;
-+ acl_entry->ace_access = acl_entry_link->entryp->ace_access;
-+
-+ /* In order to use this, we'll need to wait until we can get denies */
-+ /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
-+ acl_entry->ace_type = ACC_SPECIFY; */
-+
-+ acl_entry->ace_type = ACC_SPECIFY;
-+
-+ ace_id = acl_entry->ace_id;
-+
-+ ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
-+ DEBUG(10,("The id type is %d\n",ace_id->id_type));
-+ ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
-+ memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t));
-+ memcpy(acl_entry->ace_id->id_data, &user_id, sizeof(uid_t));
-+ }
-+
-+ rc = chacl(name,file_acl,file_acl->acl_len);
-+ DEBUG(10,("errno is %d\n",errno));
-+ DEBUG(10,("return code is %d\n",rc));
-+ SAFE_FREE(file_acl);
-+ DEBUG(10,("Exiting the sys_acl_set_file\n"));
-+ return(rc);
-+}
-+
-+int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
-+{
-+ struct acl_entry_link *acl_entry_link = NULL;
-+ struct acl *file_acl = NULL;
-+ struct acl *file_acl_temp = NULL;
-+ struct acl_entry *acl_entry = NULL;
-+ struct ace_id *ace_id = NULL;
-+ uint id_type;
-+ uint user_id;
-+ uint acl_length;
-+ uint rc;
-+
-+ DEBUG(10,("Entering sys_acl_set_fd\n"));
-+ acl_length = BUFSIZ;
-+ file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
-+
-+ if(file_acl == NULL) {
-+ errno = ENOMEM;
-+ DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
-+ return(-1);
-+ }
-+
-+ memset(file_acl,0,BUFSIZ);
-+
-+ file_acl->acl_len = ACL_SIZ;
-+ file_acl->acl_mode = S_IXACL;
-+
-+ for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
-+ acl_entry_link->entryp->ace_access >>= 6;
-+ id_type = acl_entry_link->entryp->ace_id->id_type;
-+ DEBUG(10,("The id_type is %d\n",id_type));
-+
-+ switch(id_type) {
-+ case SMB_ACL_USER_OBJ:
-+ file_acl->u_access = acl_entry_link->entryp->ace_access;
-+ continue;
-+ case SMB_ACL_GROUP_OBJ:
-+ file_acl->g_access = acl_entry_link->entryp->ace_access;
-+ continue;
-+ case SMB_ACL_OTHER:
-+ file_acl->o_access = acl_entry_link->entryp->ace_access;
-+ continue;
-+ case SMB_ACL_MASK:
-+ continue;
-+ }
-+
-+ if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
-+ acl_length += sizeof(struct acl_entry);
-+ file_acl_temp = (struct acl *)SMB_MALLOC(acl_length);
-+ if(file_acl_temp == NULL) {
-+ SAFE_FREE(file_acl);
-+ errno = ENOMEM;
-+ DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
-+ return(-1);
-+ }
-+
-+ memcpy(file_acl_temp,file_acl,file_acl->acl_len);
-+ SAFE_FREE(file_acl);
-+ file_acl = file_acl_temp;
-+ }
-+
-+ acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
-+ file_acl->acl_len += sizeof(struct acl_entry);
-+ acl_entry->ace_len = acl_entry_link->entryp->ace_len;
-+ acl_entry->ace_access = acl_entry_link->entryp->ace_access;
-+
-+ /* In order to use this, we'll need to wait until we can get denies */
-+ /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
-+ acl_entry->ace_type = ACC_SPECIFY; */
-+
-+ acl_entry->ace_type = ACC_SPECIFY;
-+
-+ ace_id = acl_entry->ace_id;
-+
-+ ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
-+ DEBUG(10,("The id type is %d\n",ace_id->id_type));
-+ ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
-+ memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t));
-+ memcpy(ace_id->id_data, &user_id, sizeof(uid_t));
-+ }
-+
-+ rc = fchacl(fd,file_acl,file_acl->acl_len);
-+ DEBUG(10,("errno is %d\n",errno));
-+ DEBUG(10,("return code is %d\n",rc));
-+ SAFE_FREE(file_acl);
-+ DEBUG(10,("Exiting sys_acl_set_fd\n"));
-+ return(rc);
-+}
-+
-+int sys_acl_delete_def_file(const char *name)
-+{
-+ /* AIX has no default ACL */
-+ return 0;
-+}
-+
-+int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
-+{
-+ return(*permset & perm);
-+}
-+
-+int sys_acl_free_text(char *text)
-+{
-+ return(0);
-+}
-+
-+int sys_acl_free_acl(SMB_ACL_T posix_acl)
-+{
-+ struct acl_entry_link *acl_entry_link;
-+
-+ for(acl_entry_link = posix_acl->nextp; acl_entry_link->nextp != NULL; acl_entry_link = acl_entry_link->nextp) {
-+ SAFE_FREE(acl_entry_link->prevp->entryp);
-+ SAFE_FREE(acl_entry_link->prevp);
-+ }
-+
-+ SAFE_FREE(acl_entry_link->prevp->entryp);
-+ SAFE_FREE(acl_entry_link->prevp);
-+ SAFE_FREE(acl_entry_link->entryp);
-+ SAFE_FREE(acl_entry_link);
-+
-+ return(0);
-+}
-+
-+int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
-+{
-+ return(0);
-+}
-+
-+#else /* No ACLs. */
-+
-+int sys_acl_get_entry(UNUSED(SMB_ACL_T the_acl), UNUSED(int entry_id), UNUSED(SMB_ACL_ENTRY_T *entry_p))
-+{
-+ errno = ENOSYS;
-+ return -1;
-+}
-+
-+int sys_acl_get_tag_type(UNUSED(SMB_ACL_ENTRY_T entry_d), UNUSED(SMB_ACL_TAG_T *tag_type_p))
-+{
-+ errno = ENOSYS;
-+ return -1;
-+}
-+
-+int sys_acl_get_permset(UNUSED(SMB_ACL_ENTRY_T entry_d), UNUSED(SMB_ACL_PERMSET_T *permset_p))
-+{
-+ errno = ENOSYS;
-+ return -1;
-+}
-+
-+void *sys_acl_get_qualifier(UNUSED(SMB_ACL_ENTRY_T entry_d))
-+{
-+ errno = ENOSYS;
-+ return NULL;
-+}
-+
-+SMB_ACL_T sys_acl_get_file(UNUSED(const char *path_p), UNUSED(SMB_ACL_TYPE_T type))
-+{
-+ errno = ENOSYS;
-+ return (SMB_ACL_T)NULL;
-+}
-+
-+SMB_ACL_T sys_acl_get_fd(UNUSED(int fd))
-+{
-+ errno = ENOSYS;
-+ return (SMB_ACL_T)NULL;
-+}
-+
-+int sys_acl_clear_perms(UNUSED(SMB_ACL_PERMSET_T permset))
-+{
-+ errno = ENOSYS;
-+ return -1;
-+}
-+
-+int sys_acl_add_perm( UNUSED(SMB_ACL_PERMSET_T permset), UNUSED(SMB_ACL_PERM_T perm))
-+{
-+ errno = ENOSYS;
-+ return -1;
-+}
-+
-+int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
-+{
-+ errno = ENOSYS;
-+ return (permset & perm) ? 1 : 0;
-+}
-+
-+char *sys_acl_to_text(UNUSED(SMB_ACL_T the_acl), UNUSED(ssize_t *plen))
-+{
-+ errno = ENOSYS;
-+ return NULL;
-+}
-+
-+int sys_acl_free_text(UNUSED(char *text))
-+{
-+ errno = ENOSYS;
-+ return -1;
-+}
-+
-+SMB_ACL_T sys_acl_init(UNUSED(int count))
-+{
-+ errno = ENOSYS;
-+ return NULL;
-+}
-+
-+int sys_acl_create_entry(UNUSED(SMB_ACL_T *pacl), UNUSED(SMB_ACL_ENTRY_T *pentry))
-+{
-+ errno = ENOSYS;
-+ return -1;
-+}
-+
-+int sys_acl_set_tag_type(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(SMB_ACL_TAG_T tagtype))
-+{
-+ errno = ENOSYS;
-+ return -1;
-+}
-+
-+int sys_acl_set_qualifier(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(void *qual))
-+{
-+ errno = ENOSYS;
-+ return -1;
-+}
-+
-+int sys_acl_set_permset(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(SMB_ACL_PERMSET_T permset))
-+{
-+ errno = ENOSYS;
-+ return -1;
-+}
-+
-+int sys_acl_valid(UNUSED(SMB_ACL_T theacl))
-+{
-+ errno = ENOSYS;
-+ return -1;
-+}
-+
-+int sys_acl_set_file(UNUSED(const char *name), UNUSED(SMB_ACL_TYPE_T acltype), UNUSED(SMB_ACL_T theacl))
-+{
-+ errno = ENOSYS;
-+ return -1;
-+}
-+
-+int sys_acl_set_fd(UNUSED(int fd), UNUSED(SMB_ACL_T theacl))
-+{
-+ errno = ENOSYS;
-+ return -1;
-+}
-+
-+int sys_acl_delete_def_file(UNUSED(const char *name))
-+{
-+ errno = ENOSYS;
-+ return -1;
-+}
-+
-+int sys_acl_free_acl(UNUSED(SMB_ACL_T the_acl))
-+{
-+ errno = ENOSYS;
-+ return -1;
-+}
-+
-+int sys_acl_free_qualifier(UNUSED(void *qual), UNUSED(SMB_ACL_TAG_T tagtype))
-+{
-+ errno = ENOSYS;
-+ return -1;
-+}
-+
-+#endif /* No ACLs. */
-+
-+/************************************************************************
-+ Deliberately outside the ACL defines. Return 1 if this is a "no acls"
-+ errno, 0 if not.
-+************************************************************************/
-+
-+int no_acl_syscall_error(int err)
-+{
-+#if defined(ENOSYS)
-+ if (err == ENOSYS) {
-+ return 1;
-+ }
-+#endif
-+#if defined(ENOTSUP)
-+ if (err == ENOTSUP) {
-+ return 1;
-+ }
-+#endif
-+ return 0;
-+}
---- orig/lib/sysacls.h 2005-05-16 23:25:51
-+++ lib/sysacls.h 2005-05-16 23:25:51
-@@ -0,0 +1,28 @@
-+#define SMB_MALLOC(cnt) new_array(char, cnt)
-+#define SMB_MALLOC_P(obj) new_array(obj, 1)
-+#define SMB_MALLOC_ARRAY(obj, cnt) new_array(obj, cnt)
-+#define SMB_REALLOC(mem, cnt) realloc_array(mem, char, cnt)
-+#define slprintf snprintf
-+
-+int sys_acl_get_entry(SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p);
-+int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p);
-+int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p);
-+void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d);
-+SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type);
-+SMB_ACL_T sys_acl_get_fd(int fd);
-+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset);
-+int sys_acl_add_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
-+int sys_acl_get_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
-+char *sys_acl_to_text(SMB_ACL_T the_acl, ssize_t *plen);
-+SMB_ACL_T sys_acl_init(int count);
-+int sys_acl_create_entry(SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry);
-+int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype);
-+int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry, void *qual);
-+int sys_acl_set_permset(SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset);
-+int sys_acl_valid(SMB_ACL_T theacl);
-+int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);
-+int sys_acl_set_fd(int fd, SMB_ACL_T theacl);
-+int sys_acl_delete_def_file(const char *name);
-+int sys_acl_free_text(char *text);
-+int sys_acl_free_acl(SMB_ACL_T the_acl);
-+int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype);
---- orig/mkproto.awk 2006-02-02 02:41:09
-+++ mkproto.awk 2006-02-02 02:41:47
-@@ -58,7 +58,7 @@ BEGIN {
- next;
- }
-
--!/^OFF_T|^size_t|^off_t|^pid_t|^unsigned|^mode_t|^DIR|^user|^int|^char|^uint|^uchar|^short|^struct|^BOOL|^void|^time|^const|^RETSIGTYPE/ {
-+!/^OFF_T|^size_t|^off_t|^pid_t|^id_t|^unsigned|^mode_t|^DIR|^user|^int|^char|^uint|^uchar|^short|^struct|^BOOL|^void|^time|^const|^RETSIGTYPE/ {
- next;
- }
-
---- orig/options.c 2006-02-02 11:40:45
-+++ options.c 2006-02-02 11:45:46
-@@ -44,6 +44,7 @@ int keep_dirlinks = 0;
- int copy_links = 0;
- int preserve_links = 0;
- int preserve_hard_links = 0;
-+int preserve_acls = 0;
- int preserve_perms = 0;
- int preserve_executability = 0;
- int preserve_devices = 0;
-@@ -193,6 +194,7 @@ static void print_rsync_version(enum log
- char const *got_socketpair = "no ";
- char const *have_inplace = "no ";
- char const *hardlinks = "no ";
-+ char const *acls = "no ";
- char const *links = "no ";
- char const *ipv6 = "no ";
- STRUCT_STAT *dumstat;
-@@ -209,6 +211,10 @@ static void print_rsync_version(enum log
- hardlinks = "";
- #endif
+ /* === Receive functions === */
-+#ifdef SUPPORT_ACLS
-+ acls = "";
-+#endif
-+
- #ifdef SUPPORT_LINKS
- links = "";
- #endif
-@@ -222,9 +228,9 @@ static void print_rsync_version(enum log
- rprintf(f, "Copyright (C) 1996-2006 by Andrew Tridgell, Wayne Davison, and others.\n");
- rprintf(f, "<http://rsync.samba.org/>\n");
- rprintf(f, "Capabilities: %d-bit files, %ssocketpairs, "
-- "%shard links, %ssymlinks, batchfiles,\n",
-+ "%shard links, %sACLs, %ssymlinks, batchfiles,\n",
- (int) (sizeof (OFF_T) * 8),
-- got_socketpair, hardlinks, links);
-+ got_socketpair, hardlinks, acls, links);
-
- /* Note that this field may not have type ino_t. It depends
- * on the complicated interaction between largefile feature
-@@ -293,6 +299,7 @@ void usage(enum logcode F)
- rprintf(F," -K, --keep-dirlinks treat symlinked dir on receiver as dir\n");
- rprintf(F," -p, --perms preserve permissions\n");
- rprintf(F," -E, --executability preserve the file's executability\n");
-+ rprintf(F," -A, --acls preserve ACLs (implies --perms)\n");
- rprintf(F," --chmod=CHMOD change destination permissions\n");
- rprintf(F," -o, --owner preserve owner (super-user only)\n");
- rprintf(F," -g, --group preserve group\n");
-@@ -409,6 +416,9 @@ static struct poptOption long_options[]
- {"no-perms", 0, POPT_ARG_VAL, &preserve_perms, 0, 0, 0 },
- {"no-p", 0, POPT_ARG_VAL, &preserve_perms, 0, 0, 0 },
- {"executability", 'E', POPT_ARG_NONE, &preserve_executability, 0, 0, 0 },
-+ {"acls", 'A', POPT_ARG_NONE, 0, 'A', 0, 0 },
-+ {"no-acls", 0, POPT_ARG_VAL, &preserve_acls, 0, 0, 0 },
-+ {"no-A", 0, POPT_ARG_VAL, &preserve_acls, 0, 0, 0 },
- {"times", 't', POPT_ARG_VAL, &preserve_times, 1, 0, 0 },
- {"no-times", 0, POPT_ARG_VAL, &preserve_times, 0, 0, 0 },
- {"no-t", 0, POPT_ARG_VAL, &preserve_times, 0, 0, 0 },
-@@ -1057,6 +1067,24 @@ int parse_arguments(int *argc, const cha
- usage(FINFO);
- exit_cleanup(0);
-
-+ case 'A':
-+#ifdef SUPPORT_ACLS
-+ preserve_acls = 1;
-+ preserve_perms = 1;
-+ break;
-+#else
-+ /* FIXME: this should probably be ignored with a
-+ * warning and then countermeasures taken to
-+ * restrict group and other access in the presence
-+ * of any more restrictive ACLs, but this is safe
-+ * for now */
-+ snprintf(err_buf,sizeof(err_buf),
-+ "ACLs are not supported on this %s\n",
-+ am_server ? "server" : "client");
-+ return 0;
-+#endif /* SUPPORT_ACLS */
-+
-+
- default:
- /* A large opt value means that set_refuse_options()
- * turned this option off. */
-@@ -1497,6 +1525,8 @@ void server_options(char **args,int *arg
-
- if (preserve_hard_links)
- argstr[x++] = 'H';
-+ if (preserve_acls)
-+ argstr[x++] = 'A';
- if (preserve_uid)
- argstr[x++] = 'o';
- if (preserve_gid)
---- orig/receiver.c 2006-01-31 02:30:18
-+++ receiver.c 2006-02-03 05:46:43
-@@ -410,6 +410,10 @@ int recv_files(int f_in, struct file_lis
- int itemizing = am_daemon ? daemon_log_format_has_i
- : !am_server && log_format_has_i;
- int max_phase = protocol_version >= 29 ? 2 : 1;
-+ int dflt_perms = (ACCESSPERMS & ~orig_umask);
-+#ifdef SUPPORT_ACLS
-+ char *parent_dirname = "";
-+#endif
- int i, recv_ok;
-
- if (verbose > 2)
-@@ -607,7 +611,16 @@ int recv_files(int f_in, struct file_lis
- * mode based on the local permissions and some heuristics. */
- if (!preserve_perms) {
- int exists = fd1 != -1;
-- file->mode = dest_mode(file->mode, st.st_mode, exists);
-+#ifdef SUPPORT_ACLS
-+ char *dn = file->dirname ? file->dirname : ".";
-+ if (parent_dirname != dn
-+ && strcmp(parent_dirname, dn) != 0) {
-+ dflt_perms = default_perms_for_dir(dn);
-+ parent_dirname = dn;
-+ }
-+#endif
-+ file->mode = dest_mode(file->mode, st.st_mode,
-+ dflt_perms, exists);
- }
-
- /* We now check to see if we are writing file "inplace" */
---- orig/rsync.c 2006-02-02 02:41:09
-+++ rsync.c 2006-01-31 19:35:44
-@@ -53,7 +53,8 @@ void free_sums(struct sum_struct *s)
-
- /* This is only called when we aren't preserving permissions. Figure out what
- * the permissions should be and return them merged back into the mode. */
--mode_t dest_mode(mode_t flist_mode, mode_t dest_mode, int exists)
-+mode_t dest_mode(mode_t flist_mode, mode_t dest_mode, int dflt_perms,
-+ int exists)
+ static uint32 recv_acl_access(uchar *name_follows_ptr, int f)
+@@ -738,6 +999,11 @@ static int recv_rsync_acl(item_list *rac
+ /* Receive the ACL info the sender has included for this file-list entry. */
+ void receive_acl(struct file_struct *file, int f)
{
- /* If the file already exists we'll return the local permissions,
- * possibly tweaked by the --executability option. */
-@@ -68,7 +69,7 @@ mode_t dest_mode(mode_t flist_mode, mode
- dest_mode |= (dest_mode & 0444) >> 2;
- }
- } else
-- dest_mode = flist_mode & ~orig_umask;
-+ dest_mode = ((flist_mode & CHMOD_BITS) & dflt_perms) | S_IWUSR;
- return (flist_mode & ~CHMOD_BITS) | (dest_mode & CHMOD_BITS);
- }
-
-@@ -161,6 +162,14 @@ int set_file_attrs(char *fname, struct f
- }
- #endif
-
-+ /* If this is a directory, SET_ACL() will be called on the cleanup
-+ * receive_generator() pass (if we called it here, we might clobber
-+ * writability on the directory). Everything else is OK to do now. */
-+ if (!S_ISDIR(st->st_mode)) {
-+ if (SET_ACL(fname, file) == 0)
-+ updated = 1;
-+ }
-+
- if (verbose > 1 && flags & ATTRS_REPORT) {
- enum logcode code = daemon_log_format_has_i || dry_run
- ? FCLIENT : FINFO;
---- orig/rsync.h 2006-02-03 05:40:23
-+++ rsync.h 2006-01-31 19:27:00
-@@ -657,6 +657,44 @@ struct chmod_mode_struct;
-
- #define UNUSED(x) x __attribute__((__unused__))
-
-+#if HAVE_POSIX_ACLS|HAVE_UNIXWARE_ACLS|HAVE_SOLARIS_ACLS|\
-+ HAVE_HPUX_ACLS|HAVE_IRIX_ACLS|HAVE_AIX_ACLS|HAVE_TRU64_ACLS
-+#define SUPPORT_ACLS 1
-+#endif
-+
-+#if HAVE_UNIXWARE_ACLS|HAVE_SOLARIS_ACLS|HAVE_HPUX_ACLS
-+#define ACLS_NEED_MASK 1
-+#endif
-+
-+#ifdef SUPPORT_ACLS
-+#ifdef HAVE_SYS_ACL_H
-+#include <sys/acl.h>
-+#endif
-+#define MAKE_ACL(file, fname) make_acl(file, fname)
-+#define SEND_ACL(file, f) send_acl(file, f)
-+#define RECEIVE_ACL(file, f) receive_acl(file, f)
-+#define SORT_FILE_ACL_INDEX_LISTS() sort_file_acl_index_lists()
-+#define SET_ACL(fname, file) set_acl(fname, file)
-+#define NEXT_ACL_UID() next_acl_uid()
-+#define ACL_UID_MAP(uid) acl_uid_map(uid)
-+#define PUSH_KEEP_BACKUP_ACL(file, orig, dest) \
-+ push_keep_backup_acl(file, orig, dest)
-+#define CLEANUP_KEEP_BACKUP_ACL() cleanup_keep_backup_acl()
-+#define DUP_ACL(orig, dest, mode) dup_acl(orig, dest, mode)
-+#else /* SUPPORT_ACLS */
-+#define MAKE_ACL(file, fname) 1 /* checked return value */
-+#define SEND_ACL(file, f)
-+#define RECEIVE_ACL(file, f)
-+#define SORT_FILE_ACL_INDEX_LISTS()
-+#define SET_ACL(fname, file) 1 /* checked return value */
-+#define NEXT_ACL_UID()
-+#define ACL_UID_MAP(uid)
-+#define PUSH_KEEP_BACKUP_ACL(file, orig, dest)
-+#define CLEANUP_KEEP_BACKUP_ACL()
-+#define DUP_ACL(src, orig, mode) 1 /* checked return value */
-+#endif /* SUPPORT_ACLS */
-+#include "smb_acls.h"
-+
- #include "proto.h"
-
- /* We have replacement versions of these if they're missing. */
---- orig/rsync.yo 2006-01-31 03:05:44
-+++ rsync.yo 2006-01-31 03:14:05
-@@ -317,6 +317,7 @@ to the detailed description below for a
- -K, --keep-dirlinks treat symlinked dir on receiver as dir
- -p, --perms preserve permissions
- -E, --executability preserve executability
-+ -A, --acls preserve ACLs (implies -p) [non-standard]
- --chmod=CHMOD change destination permissions
- -o, --owner preserve owner (super-user only)
- -g, --group preserve group
-@@ -691,14 +692,23 @@ quote(itemize(
- permissions, though the bf(--executability) option might change just
- the execute permission for the file.
- it() Each new file gets its permissions set based on the source file's
-- permissions, but masked by the receiving end's umask setting (including
-+ permissions, but masked by the receiving end's destination-default
-+ permissions (which is either based on the ACL of the destination
-+ directory, if available, or the receiving end's umask setting) and
-+ includes
- the stripping of the three special permission bits).
-+ Hint: Using bf(--chmod=ugo=rwX) without bf(--perms) will cause new
-+ files to get all the destination-default permissions.
- ))
-
- Thus, when bf(--perms) and bf(--executability) are both disabled,
- rsync's behavior is the same as that of other file-copy utilities,
- such as bf(cp)(1) and bf(tar)(1).
-
-+This version of rsync observes default ACLs; patched versions of rsync only
-+applied the umask, and could thus set wrong permissions in the presence of
-+default ACLs.
-+
- dit(bf(-E, --executability)) This option causes rsync to preserve the
- executability (or non-executability) of regular files when bf(--perms) is
- not enabled. A regular file is considered to be executable if at least one
-@@ -713,6 +723,10 @@ quote(itemize(
-
- If bf(--perms) is enabled, this option is ignored.
-
-+dit(bf(-A, --acls)) This option causes rsync to update the destination
-+ACLs to be the same as the source ACLs. This nonstandard option only
-+works if the remote rsync also supports it. bf(--acls) implies bf(--perms).
-+
- dit(bf(--chmod)) This option tells rsync to apply one or more
- comma-separated "chmod" strings to the permission of the files in the
- transfer. The resulting value is treated as though it was the permissions
---- orig/smb_acls.h 2004-06-30 00:04:07
-+++ smb_acls.h 2004-06-30 00:04:07
-@@ -0,0 +1,277 @@
-+/*
-+ Unix SMB/Netbios implementation.
-+ Version 2.2.x
-+ Portable SMB ACL interface
-+ Copyright (C) Jeremy Allison 2000
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 2 of the License, or
-+ (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program; if not, write to the Free Software
-+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+*/
-+
-+#ifndef _SMB_ACLS_H
-+#define _SMB_ACLS_H
-+
-+#if defined(HAVE_POSIX_ACLS)
-+
-+/* This is an identity mapping (just remove the SMB_). */
-+
-+#define SMB_ACL_TAG_T acl_tag_t
-+#define SMB_ACL_TYPE_T acl_type_t
-+#define SMB_ACL_PERMSET_T acl_permset_t
-+#define SMB_ACL_PERM_T acl_perm_t
-+#define SMB_ACL_READ ACL_READ
-+#define SMB_ACL_WRITE ACL_WRITE
-+#define SMB_ACL_EXECUTE ACL_EXECUTE
-+
-+/* Types of ACLs. */
-+#define SMB_ACL_USER ACL_USER
-+#define SMB_ACL_USER_OBJ ACL_USER_OBJ
-+#define SMB_ACL_GROUP ACL_GROUP
-+#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ
-+#define SMB_ACL_OTHER ACL_OTHER
-+#define SMB_ACL_MASK ACL_MASK
-+
-+#define SMB_ACL_T acl_t
-+
-+#define SMB_ACL_ENTRY_T acl_entry_t
-+
-+#define SMB_ACL_FIRST_ENTRY ACL_FIRST_ENTRY
-+#define SMB_ACL_NEXT_ENTRY ACL_NEXT_ENTRY
-+
-+#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS
-+#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT
-+
-+#elif defined(HAVE_TRU64_ACLS)
-+
-+/* This is for DEC/Compaq Tru64 UNIX */
-+
-+#define SMB_ACL_TAG_T acl_tag_t
-+#define SMB_ACL_TYPE_T acl_type_t
-+#define SMB_ACL_PERMSET_T acl_permset_t
-+#define SMB_ACL_PERM_T acl_perm_t
-+#define SMB_ACL_READ ACL_READ
-+#define SMB_ACL_WRITE ACL_WRITE
-+#define SMB_ACL_EXECUTE ACL_EXECUTE
-+
-+/* Types of ACLs. */
-+#define SMB_ACL_USER ACL_USER
-+#define SMB_ACL_USER_OBJ ACL_USER_OBJ
-+#define SMB_ACL_GROUP ACL_GROUP
-+#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ
-+#define SMB_ACL_OTHER ACL_OTHER
-+#define SMB_ACL_MASK ACL_MASK
-+
-+#define SMB_ACL_T acl_t
-+
-+#define SMB_ACL_ENTRY_T acl_entry_t
-+
-+#define SMB_ACL_FIRST_ENTRY 0
-+#define SMB_ACL_NEXT_ENTRY 1
-+
-+#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS
-+#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT
-+
-+#elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS)
-+/*
-+ * Donated by Michael Davidson <md@sco.COM> for UnixWare / OpenUNIX.
-+ * Modified by Toomas Soome <tsoome@ut.ee> for Solaris.
-+ */
-+
-+/* SVR4.2 ES/MP ACLs */
-+typedef int SMB_ACL_TAG_T;
-+typedef int SMB_ACL_TYPE_T;
-+typedef ushort *SMB_ACL_PERMSET_T;
-+typedef ushort SMB_ACL_PERM_T;
-+#define SMB_ACL_READ 4
-+#define SMB_ACL_WRITE 2
-+#define SMB_ACL_EXECUTE 1
-+
-+/* Types of ACLs. */
-+#define SMB_ACL_USER USER
-+#define SMB_ACL_USER_OBJ USER_OBJ
-+#define SMB_ACL_GROUP GROUP
-+#define SMB_ACL_GROUP_OBJ GROUP_OBJ
-+#define SMB_ACL_OTHER OTHER_OBJ
-+#define SMB_ACL_MASK CLASS_OBJ
-+
-+typedef struct SMB_ACL_T {
-+ int size;
-+ int count;
-+ int next;
-+ struct acl acl[1];
-+} *SMB_ACL_T;
-+
-+typedef struct acl *SMB_ACL_ENTRY_T;
-+
-+#define SMB_ACL_FIRST_ENTRY 0
-+#define SMB_ACL_NEXT_ENTRY 1
-+
-+#define SMB_ACL_TYPE_ACCESS 0
-+#define SMB_ACL_TYPE_DEFAULT 1
-+
-+#elif defined(HAVE_HPUX_ACLS)
-+
-+/*
-+ * Based on the Solaris & UnixWare code.
-+ */
-+
-+#undef GROUP
-+#include <sys/aclv.h>
-+
-+/* SVR4.2 ES/MP ACLs */
-+typedef int SMB_ACL_TAG_T;
-+typedef int SMB_ACL_TYPE_T;
-+typedef ushort *SMB_ACL_PERMSET_T;
-+typedef ushort SMB_ACL_PERM_T;
-+#define SMB_ACL_READ 4
-+#define SMB_ACL_WRITE 2
-+#define SMB_ACL_EXECUTE 1
-+
-+/* Types of ACLs. */
-+#define SMB_ACL_USER USER
-+#define SMB_ACL_USER_OBJ USER_OBJ
-+#define SMB_ACL_GROUP GROUP
-+#define SMB_ACL_GROUP_OBJ GROUP_OBJ
-+#define SMB_ACL_OTHER OTHER_OBJ
-+#define SMB_ACL_MASK CLASS_OBJ
-+
-+typedef struct SMB_ACL_T {
-+ int size;
-+ int count;
-+ int next;
-+ struct acl acl[1];
-+} *SMB_ACL_T;
-+
-+typedef struct acl *SMB_ACL_ENTRY_T;
-+
-+#define SMB_ACL_FIRST_ENTRY 0
-+#define SMB_ACL_NEXT_ENTRY 1
-+
-+#define SMB_ACL_TYPE_ACCESS 0
-+#define SMB_ACL_TYPE_DEFAULT 1
-+
-+#elif defined(HAVE_IRIX_ACLS)
-+
-+#define SMB_ACL_TAG_T acl_tag_t
-+#define SMB_ACL_TYPE_T acl_type_t
-+#define SMB_ACL_PERMSET_T acl_permset_t
-+#define SMB_ACL_PERM_T acl_perm_t
-+#define SMB_ACL_READ ACL_READ
-+#define SMB_ACL_WRITE ACL_WRITE
-+#define SMB_ACL_EXECUTE ACL_EXECUTE
-+
-+/* Types of ACLs. */
-+#define SMB_ACL_USER ACL_USER
-+#define SMB_ACL_USER_OBJ ACL_USER_OBJ
-+#define SMB_ACL_GROUP ACL_GROUP
-+#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ
-+#define SMB_ACL_OTHER ACL_OTHER_OBJ
-+#define SMB_ACL_MASK ACL_MASK
-+
-+typedef struct SMB_ACL_T {
-+ int next;
-+ BOOL freeaclp;
-+ struct acl *aclp;
-+} *SMB_ACL_T;
-+
-+#define SMB_ACL_ENTRY_T acl_entry_t
-+
-+#define SMB_ACL_FIRST_ENTRY 0
-+#define SMB_ACL_NEXT_ENTRY 1
-+
-+#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS
-+#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT
-+
-+#elif defined(HAVE_AIX_ACLS)
-+
-+/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
-+
-+#include "/usr/include/acl.h"
-+
-+typedef uint *SMB_ACL_PERMSET_T;
-+
-+struct acl_entry_link{
-+ struct acl_entry_link *prevp;
-+ struct new_acl_entry *entryp;
-+ struct acl_entry_link *nextp;
-+ int count;
-+};
-+
-+struct new_acl_entry{
-+ unsigned short ace_len;
-+ unsigned short ace_type;
-+ unsigned int ace_access;
-+ struct ace_id ace_id[1];
-+};
-+
-+#define SMB_ACL_ENTRY_T struct new_acl_entry*
-+#define SMB_ACL_T struct acl_entry_link*
-+
-+#define SMB_ACL_TAG_T unsigned short
-+#define SMB_ACL_TYPE_T int
-+#define SMB_ACL_PERM_T uint
-+#define SMB_ACL_READ S_IRUSR
-+#define SMB_ACL_WRITE S_IWUSR
-+#define SMB_ACL_EXECUTE S_IXUSR
-+
-+/* Types of ACLs. */
-+#define SMB_ACL_USER ACEID_USER
-+#define SMB_ACL_USER_OBJ 3
-+#define SMB_ACL_GROUP ACEID_GROUP
-+#define SMB_ACL_GROUP_OBJ 4
-+#define SMB_ACL_OTHER 5
-+#define SMB_ACL_MASK 6
-+
-+
-+#define SMB_ACL_FIRST_ENTRY 1
-+#define SMB_ACL_NEXT_ENTRY 2
-+
-+#define SMB_ACL_TYPE_ACCESS 0
-+#define SMB_ACL_TYPE_DEFAULT 1
-+
-+#else /* No ACLs. */
-+
-+/* No ACLS - fake it. */
-+#define SMB_ACL_TAG_T int
-+#define SMB_ACL_TYPE_T int
-+#define SMB_ACL_PERMSET_T mode_t
-+#define SMB_ACL_PERM_T mode_t
-+#define SMB_ACL_READ S_IRUSR
-+#define SMB_ACL_WRITE S_IWUSR
-+#define SMB_ACL_EXECUTE S_IXUSR
-+
-+/* Types of ACLs. */
-+#define SMB_ACL_USER 0
-+#define SMB_ACL_USER_OBJ 1
-+#define SMB_ACL_GROUP 2
-+#define SMB_ACL_GROUP_OBJ 3
-+#define SMB_ACL_OTHER 4
-+#define SMB_ACL_MASK 5
-+
-+typedef struct SMB_ACL_T {
-+ int dummy;
-+} *SMB_ACL_T;
-+
-+typedef struct SMB_ACL_ENTRY_T {
-+ int dummy;
-+} *SMB_ACL_ENTRY_T;
-+
-+#define SMB_ACL_FIRST_ENTRY 0
-+#define SMB_ACL_NEXT_ENTRY 1
-+
-+#define SMB_ACL_TYPE_ACCESS 0
-+#define SMB_ACL_TYPE_DEFAULT 1
-+
-+#endif /* No ACLs. */
-+#endif /* _SMB_ACLS_H */
---- orig/testsuite/default-acls-obey.test 2005-10-15 16:08:45
-+++ testsuite/default-acls-obey.test 2005-10-15 16:08:45
-@@ -0,0 +1,51 @@
-+#! /bin/sh
-+
-+# This program is distributable under the terms of the GNU GPL see
-+# COPYING).
-+
-+# Test that rsync obeys default ACLs. -- Matt McCutchen
-+
-+. $srcdir/testsuite/rsync.fns
-+
-+set -x
-+
-+$RSYNC --help | grep -q "ACLs" || test_skipped "Rsync is configured without ACL support"
-+setfacl -dm u::rwx,g::---,o::--- "$scratchdir" || test_skipped "Your filesystem has ACLs disabled"
-+
-+echo "File!" >"$scratchdir/file"
-+echo "#!/bin/bash" >"$scratchdir/program"
-+chmod 666 "$scratchdir/file"
-+chmod 777 "$scratchdir/program"
-+
-+# Call as: testit <dirname> <default-acl> <file-expected> <program-expected>
-+function testit {
-+ todir="$scratchdir/$1"
-+ mkdir "$todir"
-+ setfacl -k "$todir"
-+ chmod g-s "$todir" ### Don't let directory setgid interfere
-+ [ "$2" ] && setfacl -dm "$2" "$todir"
-+ # Make sure we obey ACLs when creating a directory to hold multiple transferred files,
-+ # even though the directory itself is outside the transfer
-+ $RSYNC -rvv "$scratchdir/file" "$scratchdir/program" "$todir/to/"
-+ [ `stat --format=%a "$todir/to"` == $4 ] || test_fail "Target $1: to should have $4 permissions"
-+ [ `stat --format=%a "$todir/to/file"` == $3 ] || test_fail "Target $1: to/file should have $3 permissions"
-+ [ `stat --format=%a "$todir/to/program"` == $4 ] || test_fail "Target $1: to/program should have $4 permissions"
-+ # Make sure get_local_name doesn't mess us up when transferring only one file
-+ $RSYNC -rvv "$scratchdir/file" "$todir/to/anotherfile"
-+ [ `stat --format=%a "$todir/to/anotherfile"` == $3 ] || test_fail "Target $1: to/anotherfile should have $3 permissions"
-+}
-+
-+# Test some target directories
-+umask 0077
-+testit da777 u::rwx,g::rwx,o::rwx 666 777
-+testit da775 u::rwx,g::rwx,o::r-x 664 775
-+testit da750 u::rwx,g::r-x,o::--- 640 750
-+testit da770mask u::rwx,g::---,m::rwx,o::--- 660 770
-+testit noda1 '' 600 700
-+umask 0000
-+testit noda2 '' 666 777
-+umask 0022
-+testit noda3 '' 644 755
-+
-+# Hooray
-+exit 0
---- orig/uidlist.c 2006-01-25 17:15:13
-+++ uidlist.c 2006-01-25 17:45:21
-@@ -34,6 +34,7 @@
- extern int verbose;
- extern int preserve_uid;
- extern int preserve_gid;
-+extern int preserve_acls;
- extern int numeric_ids;
- extern int am_root;
-
-@@ -274,7 +275,7 @@ void send_uid_list(int f)
- if (numeric_ids)
- return;
-
-- if (preserve_uid) {
-+ if (preserve_uid || preserve_acls) {
- int len;
- /* we send sequences of uid/byte-length/name */
- for (list = uidlist; list; list = list->next) {
-@@ -291,7 +292,7 @@ void send_uid_list(int f)
- write_int(f, 0);
- }
-
-- if (preserve_gid) {
-+ if (preserve_gid || preserve_acls) {
- int len;
- for (list = gidlist; list; list = list->next) {
- if (!list->name)
-@@ -312,7 +313,7 @@ void recv_uid_list(int f, struct file_li
- int id, i;
- char *name;
-
-- if (preserve_uid && !numeric_ids) {
-+ if ((preserve_uid || preserve_acls) && !numeric_ids) {
- /* read the uid list */
- while ((id = read_int(f)) != 0) {
- int len = read_byte(f);
-@@ -324,7 +325,7 @@ void recv_uid_list(int f, struct file_li
- }
- }
-
-- if (preserve_gid && !numeric_ids) {
-+ if ((preserve_gid || preserve_acls) && !numeric_ids) {
- /* read the gid list */
- while ((id = read_int(f)) != 0) {
- int len = read_byte(f);
-@@ -336,6 +337,18 @@ void recv_uid_list(int f, struct file_li
- }
- }
-
-+#ifdef SUPPORT_ACLS
-+ if (preserve_acls && !numeric_ids) {
-+ id_t id;
-+ /* The enumerations don't return 0 except to flag the last
-+ * entry, since uidlist doesn't munge 0 anyway. */
-+ while ((id = next_acl_uid(flist)) != 0)
-+ acl_uid_map(match_uid(id));
-+ while ((id = next_acl_gid(flist)) != 0)
-+ acl_gid_map(match_gid(id));
++ if (protocol_version < 30) {
++ old_recv_acl(file, f);
++ return;
+ }
-+#endif /* SUPPORT_ACLS */
+
- /* Now convert all the uids/gids from sender values to our values. */
- if (am_root && preserve_uid && !numeric_ids) {
- for (i = 0; i < flist->count; i++)
+ F_ACL(file) = recv_rsync_acl(&access_acl_list, SMB_ACL_TYPE_ACCESS, f);
+
+ if (S_ISDIR(file->mode))
+--- old/compat.c
++++ new/compat.c
+@@ -148,13 +148,6 @@ void setup_protocol(int f_out,int f_in)
+ if (protocol_version < 30) {
+ if (append_mode == 1)
+ append_mode = 2;
+- if (preserve_acls && !local_server) {
+- rprintf(FERROR,
+- "--acls requires protocol 30 or higher"
+- " (negotiated %d).\n",
+- protocol_version);
+- exit_cleanup(RERR_PROTOCOL);
+- }
+ if (preserve_xattrs && !local_server) {
+ rprintf(FERROR,
+ "--xattrs requires protocol 30 or higher"