X-Git-Url: https://mattmccutchen.net/rsync/rsync-patches.git/blobdiff_plain/7ac2aef2fd35ed0cffe2b558b69643f12662a03e..5ff5e82f366d036c89cae48182daa9b6ced9a20d:/fake-super.diff diff --git a/fake-super.diff b/fake-super.diff index ef69f25..a70b890 100644 --- a/fake-super.diff +++ b/fake-super.diff @@ -1,55 +1,17 @@ -Depends-On-Patch: acls.diff -Depends-On-Patch: xattrs.diff - This patch adds a new option: --fake-super, which tells rsync to copy in a fake super-user mode that stores various file attributes in an extended- -attribute value instead of as real file-system attributes. The items -affected are: - - mode the real mode of the file always has the special-permission bits - cleared (u-s,g-s,o-t) and full owner access is always enabled - (u+rw for files and u+rwx for directories). The former makes - the files safe if the user and/or group info was not really - preserved, and the latter ensures that our fake-super process - can always read & write & scan the files and directories. - - rdev devices and special files are created as zero-length normal - files (with all the attributes preserved in the xattr-stat). - - uid the real owner will be the executor of the receiving rsync. - - gid the real group will be the default group of the executor. - -The --fake-super option only affects the side where the option is used. To -affect the remote side of a remote-shell connection, specify an rsync path: - - rsync -av --rsync-path='rsync --fake-super' /src/ host:/dest/ - -The --fake-super option affects both sides of a local copy, so if you want -to affect only one side or the other, you'll need to turn the copy into a -remote copy to/from localhost. However, it's always safe to copy from some -non-fake-super files into some fake-super files using a normal local copy -since the non-fake source files will just have their normal attributes. - -A daemon can set "fake super = yes" in the rsync.conf file for any module -that you'd like to be able to preserve all attributes without having it -run as root (the client cannot affect this setting on the daemon). - -After applying this patch, run these commands for a successful build: - - ./prepare-source - ./configure --enable-xattr-support - make +attribute value instead of as real file-system attributes. See the changes +to the manpages for details. -or, if you want ACL support too: +To use this patch, run these commands for a successful build: - ./prepare-source - ./configure --enable-acl-support --enable-xattr-support + patch -p1 = rel) { /* Try to transfer the directory settings of the * actual dir that the files are coming from. */ @@ -58,7 +20,7 @@ or, if you want ACL support too: rsyserr(FERROR, errno, "make_bak_dir stat %s failed", full_fname(rel)); -@@ -200,7 +200,7 @@ static int keep_backup(char *fname) +@@ -200,7 +200,7 @@ static int keep_backup(const char *fname int ret_code; /* return if no file to keep */ @@ -69,9 +31,9 @@ or, if you want ACL support too: sx.acc_acl = sx.def_acl = NULL; --- old/clientserver.c +++ new/clientserver.c -@@ -625,6 +625,11 @@ static int rsync_module(int f_in, int f_ - ret = parse_arguments(&argc, (const char ***) &argv, 0); - quiet = 0; /* Don't let someone try to be tricky. */ +@@ -630,6 +630,11 @@ static int rsync_module(int f_in, int f_ + if (lp_ignore_errors(module_id)) + ignore_errors = 1; + if (lp_fake_super(i)) + am_root = -1; @@ -83,7 +45,13 @@ or, if you want ACL support too: --- old/flist.c +++ new/flist.c -@@ -181,7 +181,7 @@ static int readlink_stat(const char *pat +@@ -196,12 +196,12 @@ static int readlink_stat(const char *pat + rprintf(FINFO,"copying unsafe symlink \"%s\" -> \"%s\"\n", + path, linkbuf); + } +- return do_stat(path, stp); ++ return x_stat(path, stp, NULL); + } } return 0; #else @@ -92,7 +60,7 @@ or, if you want ACL support too: #endif } -@@ -189,17 +189,17 @@ int link_stat(const char *path, STRUCT_S +@@ -209,17 +209,17 @@ int link_stat(const char *path, STRUCT_S { #ifdef SUPPORT_LINKS if (copy_links) @@ -114,7 +82,34 @@ or, if you want ACL support too: #endif } -@@ -793,7 +793,7 @@ struct file_struct *make_file(char *fnam +@@ -254,26 +254,6 @@ static int is_excluded(char *fname, int + return 0; + } + +-static int to_wire_mode(mode_t mode) +-{ +-#ifdef SUPPORT_LINKS +-#if _S_IFLNK != 0120000 +- if (S_ISLNK(mode)) +- return (mode & ~(_S_IFMT)) | 0120000; +-#endif +-#endif +- return mode; +-} +- +-static mode_t from_wire_mode(int mode) +-{ +-#if _S_IFLNK != 0120000 +- if ((mode & (_S_IFMT)) == 0120000) +- return (mode & ~(_S_IFMT)) | _S_IFLNK; +-#endif +- return mode; +-} +- + static void send_directory(int f, struct file_list *flist, int ndx, + char *fbuf, int len, int flags); + +@@ -954,7 +934,7 @@ struct file_struct *make_file(const char if (save_errno == ENOENT) { #ifdef SUPPORT_LINKS /* Avoid "vanished" error if symlink points nowhere. */ @@ -123,38 +118,18 @@ or, if you want ACL support too: && S_ISLNK(st.st_mode)) { io_error |= IOERR_GENERAL; rprintf(FERROR, "symlink has no referent: %s\n", -@@ -963,7 +963,7 @@ struct file_struct *make_file(char *fnam +@@ -1126,7 +1106,7 @@ struct file_struct *make_file(const char int save_mode = file->mode; file->mode = S_IFDIR; /* Find a directory with our name. */ - if (flist_find(the_file_list, file) >= 0 + if (flist_find(dir_flist, file) >= 0 - && do_stat(thisname, &st2) == 0 && S_ISDIR(st2.st_mode)) { + && x_stat(thisname, &st2, NULL) == 0 && S_ISDIR(st2.st_mode)) { file->modtime = st2.st_mtime; - file->length = st2.st_size; + file->len32 = 0; file->mode = st2.st_mode; ---- old/generator.c -+++ new/generator.c -@@ -1510,13 +1510,14 @@ void generate_files(int f_out, struct fi - recv_generator(fbuf, file, i, itemizing, maybe_ATTRS_REPORT, - code, f_out); - -- /* We need to ensure that any dirs we create have writeable -+ /* We need to ensure that any dirs we create have rwx - * permissions during the time we are putting files within - * them. This is then fixed after the transfer is done. */ - #ifdef HAVE_CHMOD -- if (!am_root && S_ISDIR(file->mode) && !(file->mode & S_IWUSR) -+ if (am_root <= 0 && S_ISDIR(file->mode) -+ && (file->mode & S_IRWXU) != S_IRWXU - && dir_tweaking) { -- mode_t mode = file->mode | S_IWUSR; /* user write */ -+ mode_t mode = file->mode | S_IRWXU; /* user rwx */ - char *fname = local_name ? local_name : fbuf; - if (do_chmod(fname, mode) < 0) { - rsyserr(FERROR, errno, --- old/loadparm.c +++ new/loadparm.c -@@ -150,6 +150,7 @@ typedef struct +@@ -149,6 +149,7 @@ typedef struct int syslog_facility; int timeout; @@ -162,7 +137,7 @@ or, if you want ACL support too: BOOL ignore_errors; BOOL ignore_nonreadable; BOOL list; -@@ -197,6 +198,7 @@ static service sDefault = +@@ -196,6 +197,7 @@ static service sDefault = /* syslog_facility; */ LOG_DAEMON, /* timeout; */ 0, @@ -170,7 +145,7 @@ or, if you want ACL support too: /* ignore_errors; */ False, /* ignore_nonreadable; */ False, /* list; */ True, -@@ -298,6 +300,7 @@ static struct parm_struct parm_table[] = +@@ -297,6 +299,7 @@ static struct parm_struct parm_table[] = {"dont compress", P_STRING, P_LOCAL, &sDefault.dont_compress, NULL,0}, {"exclude from", P_STRING, P_LOCAL, &sDefault.exclude_from, NULL,0}, {"exclude", P_STRING, P_LOCAL, &sDefault.exclude, NULL,0}, @@ -178,7 +153,7 @@ or, if you want ACL support too: {"filter", P_STRING, P_LOCAL, &sDefault.filter, NULL,0}, {"gid", P_STRING, P_LOCAL, &sDefault.gid, NULL,0}, {"hosts allow", P_STRING, P_LOCAL, &sDefault.hosts_allow, NULL,0}, -@@ -412,6 +415,7 @@ FN_LOCAL_INTEGER(lp_max_connections, max +@@ -411,6 +414,7 @@ FN_LOCAL_INTEGER(lp_max_connections, max FN_LOCAL_INTEGER(lp_max_verbosity, max_verbosity) FN_LOCAL_INTEGER(lp_timeout, timeout) @@ -186,7 +161,7 @@ or, if you want ACL support too: FN_LOCAL_BOOL(lp_ignore_errors, ignore_errors) FN_LOCAL_BOOL(lp_ignore_nonreadable, ignore_nonreadable) FN_LOCAL_BOOL(lp_list, list) -@@ -816,7 +820,7 @@ BOOL lp_load(char *pszFname, int globals +@@ -814,7 +818,7 @@ BOOL lp_load(char *pszFname, int globals if (pszFname) pstrcpy(n2,pszFname); @@ -197,24 +172,26 @@ or, if you want ACL support too: pstrcpy(n2,RSYNCD_SYSCONF); --- old/options.c +++ new/options.c -@@ -73,7 +73,7 @@ int protocol_version = PROTOCOL_VERSION; +@@ -72,7 +72,7 @@ int protocol_version = PROTOCOL_VERSION; int sparse_files = 0; int do_compression = 0; int def_compress_level = Z_DEFAULT_COMPRESSION; -int am_root = 0; -+int am_root = 0; /* 0 = normal, 1 = super, 2 = --super, -1 = --fake-super */ ++int am_root = 0; /* 0 = normal, 1 = root, 2 = --super, -1 = --fake-super */ int am_server = 0; int am_sender = 0; int am_generator = 0; -@@ -330,6 +330,7 @@ void usage(enum logcode F) +@@ -326,6 +326,9 @@ void usage(enum logcode F) rprintf(F," -t, --times preserve times\n"); rprintf(F," -O, --omit-dir-times omit directories when preserving times\n"); rprintf(F," --super receiver attempts super-user activities\n"); ++#ifdef SUPPORT_XATTRS + rprintf(F," --fake-super store/recover privileged attrs using xattrs\n"); ++#endif rprintf(F," -S, --sparse handle sparse files efficiently\n"); rprintf(F," -n, --dry-run show what would have been transferred\n"); rprintf(F," -W, --whole-file copy files whole (without rsync algorithm)\n"); -@@ -454,6 +455,7 @@ static struct poptOption long_options[] +@@ -455,6 +458,7 @@ static struct poptOption long_options[] {"modify-window", 0, POPT_ARG_INT, &modify_window, OPT_MODIFY_WINDOW, 0, 0 }, {"super", 0, POPT_ARG_VAL, &am_root, 2, 0, 0 }, {"no-super", 0, POPT_ARG_VAL, &am_root, 0, 0, 0 }, @@ -222,39 +199,44 @@ or, if you want ACL support too: {"owner", 'o', POPT_ARG_VAL, &preserve_uid, 1, 0, 0 }, {"no-owner", 0, POPT_ARG_VAL, &preserve_uid, 0, 0, 0 }, {"no-o", 0, POPT_ARG_VAL, &preserve_uid, 0, 0, 0 }, ---- old/receiver.c -+++ new/receiver.c -@@ -528,7 +528,7 @@ int recv_files(int f_in, struct file_lis - if (fd1 == -1) { - st.st_mode = 0; - st.st_size = 0; -- } else if (do_fstat(fd1,&st) != 0) { -+ } else if (x_fstat(fd1, &st, NULL) != 0) { - rsyserr(FERROR, errno, "fstat %s failed", - full_fname(fnamecmp)); - discard_receive_data(f_in, file->length); +@@ -1187,6 +1191,14 @@ int parse_arguments(int *argc, const cha + } + #endif + ++#ifndef SUPPORT_XATTRS ++ if (am_root < 0) { ++ snprintf(err_buf, sizeof err_buf, ++ "--fake-super requires an rsync with extended attributes enabled\n"); ++ return 0; ++ } ++#endif ++ + if (write_batch && read_batch) { + snprintf(err_buf, sizeof err_buf, + "--write-batch and --read-batch can not be used together\n"); --- old/rsync.c +++ new/rsync.c -@@ -49,7 +49,6 @@ extern int preserve_gid; - extern int inplace; - extern int keep_dirlinks; - extern int make_backups; --extern mode_t orig_umask; - extern struct stats stats; - extern struct chmod_mode_struct *daemon_chmod_modes; - -@@ -197,7 +196,9 @@ int set_file_attrs(char *fname, struct f - (long)sxp->st.st_gid, (long)file->gid); +@@ -261,6 +261,8 @@ int set_file_attrs(const char *fname, st + #ifdef SUPPORT_XATTRS + if (preserve_xattrs && fnamecmp) + set_xattr(fname, file, fnamecmp, sxp); ++ if (am_root < 0) ++ set_stat_xattr(fname, file); + #endif + + if (!preserve_times || (S_ISDIR(sxp->st.st_mode) && omit_dir_times)) +@@ -300,7 +302,9 @@ int set_file_attrs(const char *fname, st + (long)sxp->st.st_gid, (long)F_GID(file)); } } - if (do_lchown(fname, -+ if (am_root < 0) ++ if (am_root < 0) { + ; -+ else if (do_lchown(fname, - change_uid ? file->uid : sxp->st.st_uid, - change_gid ? file->gid : sxp->st.st_gid) != 0) { ++ } else if (do_lchown(fname, + change_uid ? F_UID(file) : sxp->st.st_uid, + change_gid ? F_GID(file) : sxp->st.st_gid) != 0) { /* shouldn't have attempted to change uid or gid -@@ -206,7 +207,7 @@ int set_file_attrs(char *fname, struct f +@@ -309,7 +313,7 @@ int set_file_attrs(const char *fname, st change_uid ? "chown" : "chgrp", full_fname(fname)); goto cleanup; @@ -263,40 +245,57 @@ or, if you want ACL support too: /* a lchown had been done - we have to re-stat if the * destination had the setuid or setgid bits set due * to the side effect of the chown call */ -@@ -224,6 +225,24 @@ int set_file_attrs(char *fname, struct f - if (preserve_xattrs && set_xattr(fname, file, sxp) == 0) - updated = 1; - #endif -+ -+ if (am_root < 0 && !S_ISLNK(file->mode)) { -+ switch (set_stat_xattr(fname, file)) { -+ case 0: -+ break; -+ case -1: -+ rsyserr(FERROR, errno, -+ "write of stat xattr failed for %s", -+ full_fname(fname)); -+ break; -+ case -2: -+ rsyserr(FERROR, errno, -+ "delete of stat xattr failed for %s", -+ full_fname(fname)); -+ break; -+ } -+ } -+ - #ifdef SUPPORT_ACLS - /* It's OK to call set_acl() now, even for a dir, as the generator - * will enable owner-writability using chmod, if necessary. -@@ -237,7 +256,7 @@ int set_file_attrs(char *fname, struct f +@@ -336,7 +340,7 @@ int set_file_attrs(const char *fname, st #ifdef HAVE_CHMOD - if ((sxp->st.st_mode & CHMOD_BITS) != (new_mode & CHMOD_BITS)) { + if (!BITS_EQUAL(sxp->st.st_mode, new_mode, CHMOD_BITS)) { - int ret = do_chmod(fname, new_mode); + int ret = am_root < 0 ? 0 : do_chmod(fname, new_mode); if (ret < 0) { rsyserr(FERROR, errno, "failed to set permissions on %s", +--- old/rsync.h ++++ new/rsync.h +@@ -805,6 +805,12 @@ typedef struct { + + #include "proto.h" + ++#ifndef SUPPORT_XATTRS ++#define x_stat(fn,fst,xst) do_stat(fn,fst) ++#define x_lstat(fn,fst,xst) do_lstat(fn,fst) ++#define x_fstat(fd,fst,xst) do_fstat(fd,fst) ++#endif ++ + /* We have replacement versions of these if they're missing. */ + #ifndef HAVE_ASPRINTF + int asprintf(char **ptr, const char *format, ...); +@@ -1023,6 +1029,26 @@ int inet_pton(int af, const char *src, v + const char *get_panic_action(void); + #endif + ++static inline int to_wire_mode(mode_t mode) ++{ ++#ifdef SUPPORT_LINKS ++#if _S_IFLNK != 0120000 ++ if (S_ISLNK(mode)) ++ return (mode & ~(_S_IFMT)) | 0120000; ++#endif ++#endif ++ return mode; ++} ++ ++static inline mode_t from_wire_mode(int mode) ++{ ++#if _S_IFLNK != 0120000 ++ if ((mode & (_S_IFMT)) == 0120000) ++ return (mode & ~(_S_IFMT)) | _S_IFLNK; ++#endif ++ return mode; ++} ++ + static inline int + isDigit(const char *ptr) + { --- old/rsync.yo +++ new/rsync.yo @@ -333,6 +333,7 @@ to the detailed description below for a @@ -307,19 +306,38 @@ or, if you want ACL support too: -S, --sparse handle sparse files efficiently -n, --dry-run show what would have been transferred -W, --whole-file copy files whole (without rsync algorithm) -@@ -899,6 +900,31 @@ also for ensuring that you will get erro +@@ -859,7 +860,7 @@ permission value can be applied to the f + dit(bf(-o, --owner)) This option causes rsync to set the owner of the + destination file to be the same as the source file, but only if the + receiving rsync is being run as the super-user (see also the bf(--super) +-option to force rsync to attempt super-user activities). ++and bf(--fake-super) options). + Without this option, the owner is set to the invoking user on the + receiving side. + +@@ -882,7 +883,7 @@ default, but may fall back to using the + dit(bf(--devices)) This option causes rsync to transfer character and + block device files to the remote system to recreate these devices. + This option has no effect if the receiving rsync is not run as the +-super-user and bf(--super) is not specified. ++super-user (see also the bf(--super) and bf(--fake-super) options). + + dit(bf(--specials)) This option causes rsync to transfer special files + such as named sockets and fifos. +@@ -912,6 +913,33 @@ also for ensuring that you will get erro being running as the super-user. To turn off super-user activities, the super-user can use bf(--no-super). -+dit(bf(--fake-super)) When this option is enabled, privileged attributes -+are stored and recovered via a special extended attribute that is attached -+to each file (as needed). This includes the file's owner and group (if it -+is not the default), the file's device info (device & special files are -+created as empty text files), and any permission bits that we won't allow -+to be set on the real file (e.g. the real file gets u-s,g-s,o-t for safety) -+or that would limit the owner's access (since the real super user can -+always access a file or directory, the files we create can always be -+accessed by the creating user too). ++dit(bf(--fake-super)) When this option is enabled, rsync simulates ++super-user activities by saving/restoring the privileged attributes via a ++special extended attribute that is attached to each file (as needed). This ++includes the file's owner and group (if it is not the default), the file's ++device info (device & special files are created as empty text files), and ++any permission bits that we won't allow to be set on the real file (e.g. ++the real file gets u-s,g-s,o-t for safety) or that would limit the owner's ++access (since the real super-user can always access/change a file or ++directory, the files we create can always be accessed/changed by the ++creating user). + +The bf(--fake-super) option only affects the side where the option is used. +To affect the remote side of a remote-shell connection, specify an rsync @@ -327,14 +345,15 @@ or, if you want ACL support too: + +quote(tt( rsync -av --rsync-path="rsync --fake-super" /src/ host:/dest/)) + -+The bf(--fake-super) option affects both sides of a em(local) copy, so if -+you want to affect only one side or the other, you'll need to turn the copy -+into a remote copy to/from localhost. However, it's always safe to copy -+from some non-fake-super files into some fake-super files using a normal -+local copy since the non-fake source files will just have their normal -+attributes. ++Since there is only one "side" in a local copy, this option affects both ++the sending and recieving of files. You'll need to specify a copy using ++"localhost" if you need to avoid this. Note, however, that it is always ++safe to copy from some non-fake-super files into some fake-super files ++using a local bf(--fake-super) command because the non-fake source files ++will just have their normal attributes. + +See also the "fake super" setting in the daemon's rsyncd.conf file. ++This option is overridden by both bf(--super) and bf(--no-super). + dit(bf(-S, --sparse)) Try to handle sparse files efficiently so they take up less space on the destination. Conflicts with bf(--inplace) because it's @@ -355,7 +374,7 @@ or, if you want ACL support too: This is only superficially equivalent to the client specifying these --- old/syscall.c +++ new/syscall.c -@@ -28,6 +28,7 @@ +@@ -27,6 +27,7 @@ #endif extern int dry_run; @@ -363,7 +382,7 @@ or, if you want ACL support too: extern int read_only; extern int list_only; extern int preserve_perms; -@@ -79,6 +80,15 @@ int do_mknod(char *pathname, mode_t mode +@@ -78,6 +79,15 @@ int do_mknod(const char *pathname, mode_ { if (dry_run) return 0; RETURN_ERROR_IF_RO_OR_LO; @@ -381,7 +400,7 @@ or, if you want ACL support too: return mkfifo(pathname, mode); --- old/t_unsafe.c +++ new/t_unsafe.c -@@ -24,7 +24,11 @@ +@@ -23,7 +23,11 @@ #include "rsync.h" @@ -400,13 +419,13 @@ or, if you want ACL support too: /* These are to make syscall.o shut up. */ int dry_run = 0; -+int am_root = 0; /* TODO: add option to set this to -1. */ ++int am_root = 0; int read_only = 1; int list_only = 0; int preserve_perms = 0; --- old/trimslash.c +++ new/trimslash.c -@@ -23,6 +23,7 @@ +@@ -22,6 +22,7 @@ /* These are to make syscall.o shut up. */ int dry_run = 0; @@ -414,91 +433,150 @@ or, if you want ACL support too: int read_only = 1; int list_only = 0; int preserve_perms = 0; ---- old/xattr.c -+++ new/xattr.c -@@ -26,11 +26,15 @@ - #ifdef SUPPORT_XATTRS - - extern int dry_run; -+extern int am_root; -+extern mode_t orig_umask; - extern unsigned int file_struct_len; - - #define RSYNC_XAL_INITIAL 5 - #define RSYNC_XAL_LIST_INITIAL 100 +--- old/xattrs.c ++++ new/xattrs.c +@@ -53,11 +53,16 @@ extern int checksum_seed; + #define SPRE_LEN ((int)sizeof SYSTEM_PREFIX - 1) -+#define FAKE_XATTR "user.rsync%stat" + #ifdef HAVE_LINUX_XATTRS +-#define RPRE_LEN 0 ++#define MIGHT_NEED_RPRE (am_root < 0) ++#define RSYNC_PREFIX USER_PREFIX "rsync." + #else ++#define MIGHT_NEED_RPRE am_root + #define RSYNC_PREFIX "rsync." +-#define RPRE_LEN ((int)sizeof RSYNC_PREFIX - 1) + #endif ++#define RPRE_LEN ((int)sizeof RSYNC_PREFIX - 1) + ++#define XSTAT_ATTR RSYNC_PREFIX "%stat" ++#define XSTAT_LEN ((int)sizeof XSTAT_ATTR - 1) + typedef struct { - char *name; - char *datum; -@@ -130,9 +134,15 @@ static int rsync_xal_get(const char *fna - if (name_size == 0) - return 0; - for (left = name_size, name = namebuf; left > 0 ; left -= len, name += len) { -- rsync_xa *rxas = EXPAND_ITEM_LIST(xalp, rsync_xa, RSYNC_XAL_INITIAL); -+ rsync_xa *rxas; - - len = strlen(name) + 1; -+ if (am_root < 0 && len == sizeof FAKE_XATTR -+ && name[10] == '%' && strcmp(name, FAKE_XATTR) == 0) + char *datum, *name; +@@ -218,6 +223,10 @@ static int rsync_xal_get(const char *fna + continue; + #endif + ++ if (am_root < 0 && name_len == XSTAT_LEN + 1 ++ && name[RPRE_LEN] == '%' && strcmp(name, XSTAT_ATTR) == 0) + continue; + -+ rxas = EXPAND_ITEM_LIST(xalp, rsync_xa, RSYNC_XAL_INITIAL); -+ - datum_size = sys_lgetxattr(fname, name, NULL, 0); - if (datum_size < 0) { - if (errno == ENOTSUP) -@@ -285,10 +295,19 @@ void receive_xattr(struct file_struct *f - out_of_memory("receive_xattr"); - read_buf(f, ptr, name_len); - read_buf(f, ptr + name_len, datum_len); -+ -+ if (am_root < 0 && name_len == sizeof FAKE_XATTR -+ && ptr[10] == '%' && strcmp(ptr, FAKE_XATTR) == 0) { -+ free(ptr); -+ temp_xattr.count--; -+ continue; -+ } -+ - rxa->name_len = name_len; - rxa->datum_len = datum_len; - rxa->name = ptr; - rxa->datum = ptr + name_len; -+ - #ifdef HAVE_OSX_XATTRS - if (strncmp(rxa->name, UNIQUE_PREFIX, UPRE_LEN) == 0) { - rxa->name_len -= UPRE_LEN; -@@ -365,4 +384,103 @@ int set_xattr(const char *fname, const s - return rsync_xal_set(fname, lst + ndx); /* TODO: This needs to return 1 if no xattrs changed! */ + datum_len = name_len; /* Pass extra size to get_xattr_data() */ + if (!(ptr = get_xattr_data(fname, name, &datum_len, 0))) + return -1; +@@ -236,6 +245,14 @@ static int rsync_xal_get(const char *fna + } else + name_offset = datum_len; + ++#ifdef HAVE_LINUX_XATTRS ++ if (am_root < 0 && name_len > RPRE_LEN ++ && HAS_PREFIX(name, RSYNC_PREFIX)) { ++ name += RPRE_LEN; ++ name_len -= RPRE_LEN; ++ } ++#endif ++ + rxas = EXPAND_ITEM_LIST(xalp, rsync_xa, RSYNC_XAL_INITIAL); + rxas->name = ptr + name_offset; + memcpy(rxas->name, name, name_len); +@@ -576,13 +593,9 @@ void receive_xattr(struct file_struct *f + size_t name_len = read_abbrevint(f); + size_t datum_len = read_abbrevint(f); + size_t dget_len = datum_len > MAX_FULL_DATUM ? 1 + MAX_DIGEST_LEN : datum_len; +-#ifdef HAVE_LINUX_XATTRS +- size_t extra_len = 0; +-#else +- size_t extra_len = am_root ? RPRE_LEN : 0; ++ size_t extra_len = MIGHT_NEED_RPRE ? RPRE_LEN : 0; + if (dget_len + extra_len < dget_len) + out_of_memory("receive_xattr"); /* overflow */ +-#endif + if (dget_len + extra_len + name_len < dget_len) + out_of_memory("receive_xattr"); /* overflow */ + ptr = new_array(char, dget_len + extra_len + name_len); +@@ -598,9 +611,14 @@ void receive_xattr(struct file_struct *f + } + #ifdef HAVE_LINUX_XATTRS + /* Non-root can only save the user namespace. */ +- if (!am_root && !HAS_PREFIX(name, USER_PREFIX)) { +- free(ptr); +- continue; ++ if (am_root <= 0 && !HAS_PREFIX(name, USER_PREFIX)) { ++ if (!am_root) { ++ free(ptr); ++ continue; ++ } ++ name -= RPRE_LEN; ++ name_len += RPRE_LEN; ++ memcpy(name, RSYNC_PREFIX, RPRE_LEN); + } + #else + /* This OS only has a user namespace, so we either +@@ -618,6 +636,11 @@ void receive_xattr(struct file_struct *f + continue; + } + #endif ++ if (am_root < 0 && name_len == XSTAT_LEN + 1 ++ && name[RPRE_LEN] == '%' && strcmp(name, XSTAT_ATTR) == 0) { ++ free(ptr); ++ continue; ++ } + rxa = EXPAND_ITEM_LIST(&temp_xattr, rsync_xa, 1); + rxa->name = name; + rxa->datum = ptr; +@@ -772,4 +795,150 @@ int set_xattr(const char *fname, const s + return rsync_xal_set(fname, lst + ndx, fnamecmp, sxp); } -+int get_stat_xattr(const char *fname, int fd, STRUCT_STAT *st) ++int get_stat_xattr(const char *fname, int fd, STRUCT_STAT *fst, STRUCT_STAT *xst) +{ + int mode, rdev_major, rdev_minor, uid, gid, len; + char buf[256]; + -+ if (fname) -+ len = sys_lgetxattr(fname, FAKE_XATTR, buf, sizeof buf - 1); ++ if (am_root >= 0 || IS_DEVICE(fst->st_mode) || IS_SPECIAL(fst->st_mode)) ++ return -1; ++ ++ if (xst) ++ *xst = *fst; + else -+ len = sys_fgetxattr(fd, FAKE_XATTR, buf, sizeof buf - 1); -+ if (len < 0 || len >= (int)sizeof buf) { ++ xst = fst; ++ if (fname) { ++ fd = -1; ++ len = sys_lgetxattr(fname, XSTAT_ATTR, buf, sizeof buf - 1); ++ } else { ++ fname = "fd"; ++ len = sys_fgetxattr(fd, XSTAT_ATTR, buf, sizeof buf - 1); ++ } ++ if (len >= (int)sizeof buf) { ++ len = -1; ++ errno = ERANGE; ++ } ++ if (len < 0) { + if (errno == ENOTSUP || errno == ENOATTR) + return -1; ++ if (errno == EPERM && S_ISLNK(fst->st_mode)) { ++ xst->st_uid = 0; ++ xst->st_gid = 0; ++ return 0; ++ } ++ rsyserr(FERROR, errno, "failed to read xattr %s for %s", ++ XSTAT_ATTR, full_fname(fname)); + return -1; + } + buf[len] = '\0'; + + if (sscanf(buf, "%o %d,%d %d:%d", + &mode, &rdev_major, &rdev_minor, &uid, &gid) != 5) { -+ errno = EINVAL; -+ return -1; ++ rprintf(FERROR, "Corrupt %s xattr attached to %s: \"%s\"\n", ++ XSTAT_ATTR, full_fname(fname), buf); ++ exit_cleanup(RERR_FILEIO); + } + -+ st->st_mode = mode; -+ st->st_rdev = MAKEDEV(rdev_major, rdev_minor); -+ st->st_uid = uid; -+ st->st_gid = gid; ++ xst->st_mode = from_wire_mode(mode); ++ xst->st_rdev = MAKEDEV(rdev_major, rdev_minor); ++ xst->st_uid = uid; ++ xst->st_gid = gid; + + return 0; +} @@ -507,51 +585,76 @@ or, if you want ACL support too: +{ + STRUCT_STAT fst, xst; + dev_t rdev; -+ mode_t mode; ++ mode_t mode, fmode; + + if (dry_run) + return 0; + -+ if (x_stat(fname, &fst, &xst) < 0) ++ if (read_only || list_only) { ++ rsyserr(FERROR, EROFS, "failed to write xattr %s for %s", ++ XSTAT_ATTR, full_fname(fname)); + return -1; ++ } + -+ if (IS_DEVICE(file->mode) || IS_SPECIAL(file->mode)) -+ rdev = file->u.rdev; -+ else ++ if (x_lstat(fname, &fst, &xst) < 0) { ++ rsyserr(FERROR, errno, "failed to re-stat %s", ++ full_fname(fname)); ++ return -1; ++ } ++ ++ fst.st_mode &= (_S_IFMT | CHMOD_BITS); ++ fmode = file->mode & (_S_IFMT | CHMOD_BITS); ++ ++ if (IS_DEVICE(fmode) || IS_SPECIAL(fmode)) { ++ uint32 *devp = F_RDEV_P(file); ++ rdev = MAKEDEV(DEV_MAJOR(devp), DEV_MINOR(devp)); ++ } else + rdev = 0; + + /* Dump the special permissions and enable full owner access. */ -+ mode = (fst.st_mode & ~CHMOD_BITS) | (file->mode & ACCESSPERMS) ++ mode = (fst.st_mode & _S_IFMT) | (fmode & ACCESSPERMS) + | (S_ISDIR(fst.st_mode) ? 0700 : 0600); + if (fst.st_mode != mode) + do_chmod(fname, mode); + if (!IS_DEVICE(fst.st_mode) && !IS_SPECIAL(fst.st_mode)) + fst.st_rdev = 0; /* just in case */ + -+ if (mode == file->mode && fst.st_rdev == rdev -+ && fst.st_uid == file->uid && fst.st_gid == file->gid) { ++ if (mode == fmode && fst.st_rdev == rdev ++ && fst.st_uid == F_UID(file) && fst.st_gid == F_GID(file)) { + /* xst.st_mode will be 0 if there's no current stat xattr */ -+ if (xst.st_mode && sys_lremovexattr(fname, FAKE_XATTR) < 0) -+ return -2; ++ if (xst.st_mode && sys_lremovexattr(fname, XSTAT_ATTR) < 0) { ++ rsyserr(FERROR, errno, ++ "delete of stat xattr failed for %s", ++ full_fname(fname)); ++ return -1; ++ } + return 0; + } + -+ if (xst.st_mode != file->mode || xst.st_rdev != rdev -+ || xst.st_uid != file->uid || xst.st_gid != file->gid) { ++ if (xst.st_mode != fmode || xst.st_rdev != rdev ++ || xst.st_uid != F_UID(file) || xst.st_gid != F_GID(file)) { + char buf[256]; + int len = snprintf(buf, sizeof buf, "%o %u,%u %u:%u", -+ (int)file->mode, ++ to_wire_mode(fmode), + (int)major(rdev), (int)minor(rdev), -+ (int)file->uid, (int)file->gid); -+ return sys_lsetxattr(fname, FAKE_XATTR, buf, len, 0); ++ (int)F_UID(file), (int)F_GID(file)); ++ if (sys_lsetxattr(fname, XSTAT_ATTR, buf, len) < 0) { ++ if (errno == EPERM && S_ISLNK(fst.st_mode)) ++ return 0; ++ rsyserr(FERROR, errno, ++ "failed to write xattr %s for %s", ++ XSTAT_ATTR, full_fname(fname)); ++ return -1; ++ } + } ++ + return 0; +} + +int x_stat(const char *fname, STRUCT_STAT *fst, STRUCT_STAT *xst) +{ + int ret = do_stat(fname, fst); -+ if (get_stat_xattr(fname, -1, xst? xst : fst) != 0 && xst) ++ if ((ret < 0 || get_stat_xattr(fname, -1, fst, xst) < 0) && xst) + xst->st_mode = 0; + return ret; +} @@ -559,7 +662,7 @@ or, if you want ACL support too: +int x_lstat(const char *fname, STRUCT_STAT *fst, STRUCT_STAT *xst) +{ + int ret = do_lstat(fname, fst); -+ if (get_stat_xattr(fname, -1, xst? xst : fst) != 0 && xst) ++ if ((ret < 0 || get_stat_xattr(fname, -1, fst, xst) < 0) && xst) + xst->st_mode = 0; + return ret; +} @@ -567,7 +670,7 @@ or, if you want ACL support too: +int x_fstat(int fd, STRUCT_STAT *fst, STRUCT_STAT *xst) +{ + int ret = do_fstat(fd, fst); -+ if (get_stat_xattr(NULL, fd, xst? xst : fst) != 0 && xst) ++ if ((ret < 0 || get_stat_xattr(NULL, fd, fst, xst) < 0) && xst) + xst->st_mode = 0; + return ret; +}