X-Git-Url: https://mattmccutchen.net/rsync/rsync-patches.git/blobdiff_plain/a5e3a4cc3c254dc214abee920cfdae3cdbf31618..0ef5abcbbb95298fa9faf1d3eb275a9e76e1d951:/acls.diff diff --git a/acls.diff b/acls.diff index 70eb508..3cc4cb4 100644 --- a/acls.diff +++ b/acls.diff @@ -1,756 +1,167 @@ -After applying this patch, run these commands for a successful build: +This patch adds backward-compatibility support for the --acls option. +Since the main release has never had ACL support, the trunk doesn't +need this code. If you want to make rsync 3.0.x communicate with an +older (patched) release, use this. - ./prepare-source - ./configure --enable-acl-support - make - -See the --acls (-A) option in the revised man page for a note on using this -latest ACL-enabling patch to send files to an older ACL-enabled rsync. +To use this patch, run these commands for a successful build: -This code does not yet itemize changes in ACL information (see --itemize). + patch -p1 users.count + racl->groups.count ++static int old_count_racl_entries(const rsync_acl *racl) ++{ ++ return racl->names.count + + (racl->user_obj != NO_ENTRY) + + (racl->group_obj != NO_ENTRY) -+ + (racl->mask != NO_ENTRY) -+ + (racl->other != NO_ENTRY); -+} -+ -+static int rsync_acl_get_perms(const rsync_acl *racl) { -+ /* Note that (NO_ENTRY & 7) is 0. */ -+ return ((racl->user_obj & 7) << 6) -+ + (((racl->mask != NO_ENTRY ? racl->mask : racl->group_obj) & 7) << 3) -+ + (racl->other & 7); -+} -+ -+static void rsync_acl_strip_perms(rsync_acl *racl) { -+ racl->user_obj = NO_ENTRY; -+ if (racl->mask == NO_ENTRY) -+ racl->group_obj = NO_ENTRY; -+ else -+ racl->mask = NO_ENTRY; -+ racl->other = NO_ENTRY; -+} -+ -+static void expand_ida_list(ida_list *idal) -+{ -+ /* First time through, 0 <= 0, so list is expanded. */ -+ if (idal->malloced <= idal->count) { -+ id_access *new_ptr; -+ size_t new_size = idal->malloced + 10; -+ new_ptr = realloc_array(idal->idas, id_access, new_size); -+ if (verbose >= 4) { -+ rprintf(FINFO, "expand rsync_acl to %.0f bytes, did%s move\n", -+ (double) new_size * sizeof idal->idas[0], -+ idal->idas ? "" : " not"); -+ } -+ -+ idal->idas = new_ptr; -+ idal->malloced = new_size; -+ -+ if (!idal->idas) -+ out_of_memory("expand_ida_list"); -+ } -+} -+ -+static void ida_list_free(ida_list *idal) -+{ -+ free(idal->idas); -+ idal->idas = NULL; -+ idal->count = 0; -+ idal->malloced = 0; -+} -+ -+static void rsync_acl_free(rsync_acl *racl) -+{ -+ ida_list_free(&racl->users); -+ ida_list_free(&racl->groups); -+} -+ -+static int id_access_sorter(const void *r1, const void *r2) -+{ -+ id_access *ida1 = (id_access *)r1; -+ id_access *ida2 = (id_access *)r2; -+ id_t rid1 = ida1->id, rid2 = ida2->id; -+ return rid1 == rid2 ? 0 : rid1 < rid2 ? -1 : 1; -+} -+ -+static void sort_ida_list(ida_list *idal) -+{ -+ if (!idal->count) -+ return; -+ qsort((void **)idal->idas, idal->count, sizeof idal->idas[0], -+ &id_access_sorter); -+} -+ -+static BOOL unpack_smb_acl(rsync_acl *racl, SMB_ACL_T sacl) -+{ -+ SMB_ACL_ENTRY_T entry; -+ const char *errfun; -+ int rc; -+ -+ *racl = rsync_acl_initializer; -+ errfun = "sys_acl_get_entry"; -+ for (rc = sys_acl_get_entry(sacl, SMB_ACL_FIRST_ENTRY, &entry); -+ rc == 1; -+ rc = sys_acl_get_entry(sacl, SMB_ACL_NEXT_ENTRY, &entry)) { -+ SMB_ACL_TAG_T tag_type; -+ SMB_ACL_PERMSET_T permset; -+ uchar access; -+ void *qualifier; -+ id_access *ida; -+ ida_list *idal; -+ if ((rc = sys_acl_get_tag_type(entry, &tag_type))) { -+ errfun = "sys_acl_get_tag_type"; -+ break; -+ } -+ if ((rc = sys_acl_get_permset(entry, &permset))) { -+ errfun = "sys_acl_get_tag_type"; -+ break; -+ } -+ access = (sys_acl_get_perm(permset, SMB_ACL_READ) ? 4 : 0) -+ | (sys_acl_get_perm(permset, SMB_ACL_WRITE) ? 2 : 0) -+ | (sys_acl_get_perm(permset, SMB_ACL_EXECUTE) ? 1 : 0); -+ /* continue == done with entry; break == store in given idal */ -+ switch (tag_type) { -+ case SMB_ACL_USER_OBJ: -+ if (racl->user_obj == NO_ENTRY) -+ racl->user_obj = access; -+ else -+ rprintf(FINFO, "unpack_smb_acl: warning: duplicate USER_OBJ entry ignored\n"); -+ continue; -+ case SMB_ACL_USER: -+ idal = &racl->users; -+ break; -+ case SMB_ACL_GROUP_OBJ: -+ if (racl->group_obj == NO_ENTRY) -+ racl->group_obj = access; -+ else -+ rprintf(FINFO, "unpack_smb_acl: warning: duplicate GROUP_OBJ entry ignored\n"); -+ continue; -+ case SMB_ACL_GROUP: -+ idal = &racl->groups; -+ break; -+ case SMB_ACL_MASK: -+ if (racl->mask == NO_ENTRY) -+ racl->mask = access; -+ else -+ rprintf(FINFO, "unpack_smb_acl: warning: duplicate MASK entry ignored\n"); -+ continue; -+ case SMB_ACL_OTHER: -+ if (racl->other == NO_ENTRY) -+ racl->other = access; -+ else -+ rprintf(FINFO, "unpack_smb_acl: warning: duplicate OTHER entry ignored\n"); -+ continue; -+ default: -+ rprintf(FINFO, "unpack_smb_acl: warning: entry with unrecognized tag type ignored\n"); -+ continue; -+ } -+ if (!(qualifier = sys_acl_get_qualifier(entry))) { -+ errfun = "sys_acl_get_tag_type"; -+ rc = EINVAL; -+ break; -+ } -+ expand_ida_list(idal); -+ ida = &idal->idas[idal->count++]; -+ ida->id = *((id_t *)qualifier); -+ ida->access = access; -+ sys_acl_free_qualifier(qualifier, tag_type); -+ } -+ if (rc) { -+ rprintf(FERROR, "unpack_smb_acl: %s(): %s\n", -+ errfun, strerror(errno)); -+ rsync_acl_free(racl); -+ return False; -+ } -+ -+ sort_ida_list(&racl->users); -+ sort_ida_list(&racl->groups); -+ -+ return True; -+} -+ -+static BOOL ida_lists_equal(const ida_list *ial1, const ida_list *ial2) -+{ -+ id_access *ida1, *ida2; -+ size_t count = ial1->count; -+ if (count != ial2->count) -+ return False; -+ ida1 = ial1->idas; -+ ida2 = ial2->idas; -+ for (; count--; ida1++, ida2++) { -+ if (ida1->access != ida2->access || ida1->id != ida2->id) -+ return False; -+ } -+ return True; -+} -+ -+static BOOL rsync_acls_equal(const rsync_acl *racl1, const rsync_acl *racl2) -+{ -+ return (racl1->user_obj == racl2->user_obj -+ && racl1->group_obj == racl2->group_obj -+ && racl1->mask == racl2->mask -+ && racl1->other == racl2->other -+ && ida_lists_equal(&racl1->users, &racl2->users) -+ && ida_lists_equal(&racl1->groups, &racl2->groups)); -+} -+ -+static BOOL rsync_acl_extended_parts_equal(const rsync_acl *racl1, const rsync_acl *racl2) -+{ -+ /* We ignore any differences that chmod() can take care of. */ -+ if ((racl1->mask ^ racl2->mask) & NO_ENTRY) -+ return False; -+ if (racl1->mask != NO_ENTRY && racl1->group_obj != racl2->group_obj) -+ return False; -+ return ida_lists_equal(&racl1->users, &racl2->users) -+ && ida_lists_equal(&racl1->groups, &racl2->groups); -+} -+ -+typedef struct { -+ size_t count; -+ size_t malloced; -+ rsync_acl *racls; -+} rsync_acl_list; -+ -+static rsync_acl_list _rsync_acl_lists[] = { -+ { 0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */ -+ { 0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */ -+}; -+ -+static inline rsync_acl_list *rsync_acl_lists(SMB_ACL_TYPE_T type) -+{ -+ return type == SMB_ACL_TYPE_ACCESS ? &_rsync_acl_lists[0] -+ : &_rsync_acl_lists[1]; -+} -+ -+static void expand_rsync_acl_list(rsync_acl_list *racl_list) -+{ -+ /* First time through, 0 <= 0, so list is expanded. */ -+ if (racl_list->malloced <= racl_list->count) { -+ rsync_acl *new_ptr; -+ size_t new_size; -+ if (racl_list->malloced < 1000) -+ new_size = racl_list->malloced + 1000; -+ else -+ new_size = racl_list->malloced * 2; -+ new_ptr = realloc_array(racl_list->racls, rsync_acl, new_size); -+ if (verbose >= 3) { -+ rprintf(FINFO, "expand_rsync_acl_list to %.0f bytes, did%s move\n", -+ (double) new_size * sizeof racl_list->racls[0], -+ racl_list->racls ? "" : " not"); -+ } -+ -+ racl_list->racls = new_ptr; -+ racl_list->malloced = new_size; -+ -+ if (!racl_list->racls) -+ out_of_memory("expand_rsync_acl_list"); -+ } ++ + (racl->mask_obj != NO_ENTRY) ++ + (racl->other_obj != NO_ENTRY); +} + -+static int find_matching_rsync_acl(SMB_ACL_TYPE_T type, -+ const rsync_acl_list *racl_list, -+ const rsync_acl *racl) -+{ -+ static int access_match = -1, default_match = -1; -+ int *match = (type == SMB_ACL_TYPE_ACCESS) ? -+ &access_match : &default_match; -+ size_t count = racl_list->count; -+ /* If this is the first time through or we didn't match the last -+ * time, then start at the end of the list, which should be the -+ * best place to start hunting. */ -+ if (*match == -1) -+ *match = racl_list->count - 1; -+ while (count--) { -+ if (rsync_acls_equal(&racl_list->racls[*match], racl)) -+ return *match; -+ if (!(*match)--) -+ *match = racl_list->count - 1; -+ } -+ *match = -1; -+ return *match; -+} + static int calc_sacl_entries(const rsync_acl *racl) + { + /* A System ACL always gets user/group/other permission entries. */ +@@ -554,6 +567,96 @@ int get_acl(const char *fname, stat_x *sxp) + return 0; + } + ++/* === OLD Send functions === */ + -+/* The general strategy with the tag_type <-> character mapping is that -+ * lowercase implies that no qualifier follows, where uppercase does. -+ * A similar idiom for the acl type (access or default) itself, but -+ * lowercase in this instance means there's no ACL following, so the -+ * ACL is a repeat, so the receiver should reuse the last of the same -+ * type ACL. */ -+static void send_ida_list(int f, const ida_list *idal, char tag_char) ++/* Send the ida list over the file descriptor. */ ++static void old_send_ida_entries(int f, const ida_entries *idal, char tag_char) +{ + id_access *ida; + size_t count = idal->count; + for (ida = idal->idas; count--; ida++) { ++ if (tag_char == 'U') { ++ if (!(ida->access & NAME_IS_USER)) ++ continue; ++ add_uid(ida->id); ++ } else { ++ if (ida->access & NAME_IS_USER) ++ continue; ++ add_gid(ida->id); ++ } + write_byte(f, tag_char); + write_byte(f, ida->access); + write_int(f, ida->id); -+ /* FIXME: sorta wasteful: we should maybe buffer as -+ * many ids as max(ACL_USER + ACL_GROUP) objects to -+ * keep from making so many calls. */ -+ if (tag_char == 'U') -+ add_uid(ida->id); -+ else -+ add_gid(ida->id); + } +} + -+static void send_rsync_acl(int f, const rsync_acl *racl) ++/* Send an rsync ACL over the file descriptor. */ ++static void old_send_rsync_acl(int f, const rsync_acl *racl) +{ -+ size_t count = rsync_acl_count_entries(racl); ++ size_t count = old_count_racl_entries(racl); + write_int(f, count); + if (racl->user_obj != NO_ENTRY) { + write_byte(f, 'u'); + write_byte(f, racl->user_obj); + } -+ send_ida_list(f, &racl->users, 'U'); ++ old_send_ida_entries(f, &racl->names, 'U'); + if (racl->group_obj != NO_ENTRY) { + write_byte(f, 'g'); + write_byte(f, racl->group_obj); + } -+ send_ida_list(f, &racl->groups, 'G'); -+ if (racl->mask != NO_ENTRY) { ++ old_send_ida_entries(f, &racl->names, 'G'); ++ if (racl->mask_obj != NO_ENTRY) { + write_byte(f, 'm'); -+ write_byte(f, racl->mask); ++ write_byte(f, racl->mask_obj); + } -+ if (racl->other != NO_ENTRY) { ++ if (racl->other_obj != NO_ENTRY) { + write_byte(f, 'o'); -+ write_byte(f, racl->other); ++ write_byte(f, racl->other_obj); + } +} + -+static rsync_acl _curr_rsync_acls[2]; -+ -+static const char *str_acl_type(SMB_ACL_TYPE_T type) -+{ -+ return type == SMB_ACL_TYPE_ACCESS ? "SMB_ACL_TYPE_ACCESS" : -+ type == SMB_ACL_TYPE_DEFAULT ? "SMB_ACL_TYPE_DEFAULT" : -+ "unknown SMB_ACL_TYPE_T"; -+} -+ -+/* Generate the ACL(s) for this flist entry; -+ * ACL(s) are either sent or cleaned-up by send_acl() below. */ -+int make_acl(const struct file_struct *file, const char *fname) ++/* Send the ACL from the stat_x structure down the indicated file descriptor. ++ * This also frees the ACL data. */ ++void old_send_acl(stat_x *sxp, int f) +{ + SMB_ACL_TYPE_T type; -+ rsync_acl *curr_racl; -+ -+ if (S_ISLNK(file->mode)) -+ return 1; ++ rsync_acl *racl, *new_racl; ++ item_list *racl_list; ++ int ndx; + -+ curr_racl = &_curr_rsync_acls[0]; + type = SMB_ACL_TYPE_ACCESS; ++ racl = sxp->acc_acl; ++ racl_list = &access_acl_list; + do { -+ SMB_ACL_T sacl; -+ BOOL ok; -+ if ((sacl = sys_acl_get_file(fname, type)) != 0) { -+ ok = unpack_smb_acl(curr_racl, sacl); -+ sys_acl_free_acl(sacl); -+ if (!ok) -+ return -1; -+ /* Strip access ACLs of permission-bit entries. */ -+ if (type == SMB_ACL_TYPE_ACCESS && preserve_acls == 1) -+ rsync_acl_strip_perms(curr_racl); -+ } else if (errno == ENOTSUP) { -+ /* ACLs are not supported. Leave list empty. */ -+ *curr_racl = rsync_acl_initializer; -+ } else { -+ rprintf(FERROR, "send_acl: sys_acl_get_file(%s, %s): %s\n", -+ fname, str_acl_type(type), strerror(errno)); -+ return -1; ++ if (!racl) { ++ racl = new(rsync_acl); ++ if (!racl) ++ out_of_memory("send_acl"); ++ *racl = empty_rsync_acl; ++ if (type == SMB_ACL_TYPE_ACCESS) { ++ rsync_acl_fake_perms(racl, sxp->st.st_mode); ++ sxp->acc_acl = racl; ++ } else ++ sxp->def_acl = racl; + } -+ curr_racl++; -+ } while (BUMP_TYPE(type) && S_ISDIR(file->mode)); -+ -+ return 0; -+} -+ -+/* Send the make_acl()-generated ACLs for this flist entry, -+ * or clean up after an flist entry that's not being sent (f == -1). */ -+void send_acl(const struct file_struct *file, int f) -+{ -+ SMB_ACL_TYPE_T type; -+ rsync_acl *curr_racl; + -+ if (S_ISLNK(file->mode)) -+ return; -+ -+ curr_racl = &_curr_rsync_acls[0]; -+ type = SMB_ACL_TYPE_ACCESS; -+ do { -+ int index; -+ rsync_acl_list *racl_list = rsync_acl_lists(type); -+ if (f == -1) { -+ rsync_acl_free(curr_racl); -+ continue; -+ } -+ if ((index = find_matching_rsync_acl(type, racl_list, curr_racl)) -+ != -1) { ++ if ((ndx = find_matching_rsync_acl(racl, type, racl_list)) != -1) { + write_byte(f, type == SMB_ACL_TYPE_ACCESS ? 'a' : 'd'); -+ write_int(f, index); -+ rsync_acl_free(curr_racl); ++ write_int(f, ndx); + } else { ++ new_racl = EXPAND_ITEM_LIST(racl_list, rsync_acl, 1000); + write_byte(f, type == SMB_ACL_TYPE_ACCESS ? 'A' : 'D'); -+ send_rsync_acl(f, curr_racl); -+ expand_rsync_acl_list(racl_list); -+ racl_list->racls[racl_list->count++] = *curr_racl; -+ } -+ curr_racl++; -+ } while (BUMP_TYPE(type) && S_ISDIR(file->mode)); -+} -+ -+/* The below stuff is only used by the receiver: */ -+ -+/* structure to hold index to rsync_acl_list member corresponding to -+ * flist->files[i] */ -+ -+typedef struct { -+ const struct file_struct *file; -+ int aclidx; -+} file_acl_index; -+ -+typedef struct { -+ size_t count; -+ size_t malloced; -+ file_acl_index *fileaclidxs; -+} file_acl_index_list; -+ -+static file_acl_index_list _file_acl_index_lists[] = { -+ {0, 0, NULL },/* SMB_ACL_TYPE_ACCESS */ -+ {0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */ -+}; -+ -+static inline file_acl_index_list *file_acl_index_lists(SMB_ACL_TYPE_T type) -+{ -+ return type == SMB_ACL_TYPE_ACCESS ? -+ &_file_acl_index_lists[0] : &_file_acl_index_lists[1]; -+} -+ -+static void expand_file_acl_index_list(file_acl_index_list *fileaclidx_list) -+{ -+ /* First time through, 0 <= 0, so list is expanded. */ -+ if (fileaclidx_list->malloced <= fileaclidx_list->count) { -+ file_acl_index *new_ptr; -+ size_t new_size; -+ if (fileaclidx_list->malloced < 1000) -+ new_size = fileaclidx_list->malloced + 1000; -+ else -+ new_size = fileaclidx_list->malloced * 2; -+ new_ptr = realloc_array(fileaclidx_list->fileaclidxs, file_acl_index, new_size); -+ if (verbose >= 3) { -+ rprintf(FINFO, "expand_file_acl_index_list to %.0f bytes, did%s move\n", -+ (double) new_size * sizeof fileaclidx_list->fileaclidxs[0], -+ fileaclidx_list->fileaclidxs ? "" : " not"); -+ } -+ -+ fileaclidx_list->fileaclidxs = new_ptr; -+ fileaclidx_list->malloced = new_size; -+ -+ if (!fileaclidx_list->fileaclidxs) -+ out_of_memory("expand_file_acl_index_list"); -+ } -+} -+ -+/* lists to hold the SMB_ACL_Ts corresponding to the rsync_acl_list entries */ -+ -+typedef struct { -+ size_t count; -+ size_t malloced; -+ SMB_ACL_T *sacls; -+} smb_acl_list; -+ -+static smb_acl_list _smb_acl_lists[] = { -+ { 0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */ -+ { 0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */ -+}; -+ -+static inline smb_acl_list *smb_acl_lists(SMB_ACL_TYPE_T type) -+{ -+ return type == SMB_ACL_TYPE_ACCESS ? &_smb_acl_lists[0] : -+ &_smb_acl_lists[1]; -+} -+ -+static void expand_smb_acl_list(smb_acl_list *sacl_list) -+{ -+ /* First time through, 0 <= 0, so list is expanded. */ -+ if (sacl_list->malloced <= sacl_list->count) { -+ SMB_ACL_T *new_ptr; -+ size_t new_size; -+ if (sacl_list->malloced < 1000) -+ new_size = sacl_list->malloced + 1000; -+ else -+ new_size = sacl_list->malloced * 2; -+ new_ptr = realloc_array(sacl_list->sacls, SMB_ACL_T, new_size); -+ if (verbose >= 3) { -+ rprintf(FINFO, "expand_smb_acl_list to %.0f bytes, did%s move\n", -+ (double) new_size * sizeof sacl_list->sacls[0], -+ sacl_list->sacls ? "" : " not"); ++ old_send_rsync_acl(f, racl); ++ *new_racl = *racl; ++ *racl = empty_rsync_acl; + } ++ racl = sxp->def_acl; ++ racl_list = &default_acl_list; ++ } while (BUMP_TYPE(type) && S_ISDIR(sxp->st.st_mode)); + -+ sacl_list->sacls = new_ptr; -+ sacl_list->malloced = new_size; -+ -+ if (!sacl_list->sacls) -+ out_of_memory("expand_smb_acl_list"); -+ } -+} -+ -+#define CALL_OR_ERROR(func,args,str) \ -+ do { \ -+ if (func args) { \ -+ errfun = str; \ -+ goto error_exit; \ -+ } \ -+ } while (0) -+ -+#define COE(func,args) CALL_OR_ERROR(func,args,#func) -+#define COE2(func,args) CALL_OR_ERROR(func,args,NULL) -+ -+static int store_access_in_entry(uchar access, SMB_ACL_ENTRY_T entry) -+{ -+ const char *errfun = NULL; -+ SMB_ACL_PERMSET_T permset; -+ -+ COE( sys_acl_get_permset,(entry, &permset) ); -+ COE( sys_acl_clear_perms,(permset) ); -+ if (access & 4) -+ COE( sys_acl_add_perm,(permset, SMB_ACL_READ) ); -+ if (access & 2) -+ COE( sys_acl_add_perm,(permset, SMB_ACL_WRITE) ); -+ if (access & 1) -+ COE( sys_acl_add_perm,(permset, SMB_ACL_EXECUTE) ); -+ COE( sys_acl_set_permset,(entry, permset) ); -+ -+ return 0; -+ -+ error_exit: -+ rprintf(FERROR, "store_access_in_entry %s(): %s\n", errfun, -+ strerror(errno)); -+ return -1; -+} -+ -+/* build an SMB_ACL_T corresponding to an rsync_acl */ -+static BOOL pack_smb_acl(SMB_ACL_T *smb_acl, const rsync_acl *racl) -+{ -+ size_t count; -+ id_access *ida; -+ const char *errfun = NULL; -+ SMB_ACL_ENTRY_T entry; -+ -+ if (!(*smb_acl = sys_acl_init(rsync_acl_count_entries(racl)))) { -+ rprintf(FERROR, "pack_smb_acl: sys_acl_init(): %s\n", -+ strerror(errno)); -+ return False; -+ } -+ -+ COE( sys_acl_create_entry,(smb_acl, &entry) ); -+ COE( sys_acl_set_tag_type,(entry, SMB_ACL_USER_OBJ) ); -+ COE2( store_access_in_entry,(racl->user_obj, entry) ); -+ -+ for (ida = racl->users.idas, count = racl->users.count; -+ count--; ida++) { -+ COE( sys_acl_create_entry,(smb_acl, &entry) ); -+ COE( sys_acl_set_tag_type,(entry, SMB_ACL_USER) ); -+ COE( sys_acl_set_qualifier,(entry, (void*)&ida->id) ); -+ COE2( store_access_in_entry,(ida->access, entry) ); -+ } -+ -+ COE( sys_acl_create_entry,(smb_acl, &entry) ); -+ COE( sys_acl_set_tag_type,(entry, SMB_ACL_GROUP_OBJ) ); -+ COE2( store_access_in_entry,(racl->group_obj, entry) ); -+ -+ for (ida = racl->groups.idas, count = racl->groups.count; -+ count--; ida++) { -+ COE( sys_acl_create_entry,(smb_acl, &entry) ); -+ COE( sys_acl_set_tag_type,(entry, SMB_ACL_GROUP) ); -+ COE( sys_acl_set_qualifier,(entry, (void*)&ida->id) ); -+ COE2( store_access_in_entry,(ida->access, entry) ); -+ } -+ if (racl->mask != NO_ENTRY) { -+ COE( sys_acl_create_entry,(smb_acl, &entry) ); -+ COE( sys_acl_set_tag_type,(entry, SMB_ACL_MASK) ); -+ COE2( store_access_in_entry,(racl->mask, entry) ); -+ } -+ -+ COE( sys_acl_create_entry,(smb_acl, &entry) ); -+ COE( sys_acl_set_tag_type,(entry, SMB_ACL_OTHER) ); -+ COE2( store_access_in_entry,(racl->other, entry) ); -+ -+#ifdef DEBUG -+ if (sys_acl_valid(*smb_acl) < 0) -+ rprintf(FINFO, "pack_smb_acl: warning: system says the ACL I packed is invalid\n"); -+#endif -+ -+ return True; -+ -+ error_exit: -+ if (errfun) { -+ rprintf(FERROR, "pack_smb_acl %s(): %s\n", errfun, -+ strerror(errno)); -+ } -+ sys_acl_free_acl(*smb_acl); -+ return False; ++ free_acl(sxp); +} + -+static mode_t change_sacl_perms(SMB_ACL_T sacl, uchar mask, mode_t old_mode, mode_t mode) -+{ -+ SMB_ACL_ENTRY_T entry; -+ int group_id = mask != NO_ENTRY ? SMB_ACL_MASK : SMB_ACL_GROUP_OBJ; -+ const char *errfun; -+ int rc; -+ -+ if (S_ISDIR(mode)) { -+ /* If the sticky bit is going on, it's not safe to allow all -+ * the new ACLs to go into effect before it gets set. */ -+#ifdef SMB_ACL_LOSES_SPECIAL_MODE_BITS -+ if (mode & S_ISVTX) -+ mode &= ~0077; -+#else -+ if (mode & S_ISVTX && !(old_mode & S_ISVTX)) -+ mode &= ~0077; -+ } else { -+ /* If setuid or setgid is going off, it's not safe to allow all -+ * the new ACLs to go into effect before they get cleared. */ -+ if ((old_mode & S_ISUID && !(mode & S_ISUID)) -+ || (old_mode & S_ISGID && !(mode & S_ISGID))) -+ mode &= ~0077; -+#endif -+ } -+ -+ errfun = "sys_acl_get_entry"; -+ for (rc = sys_acl_get_entry(sacl, SMB_ACL_FIRST_ENTRY, &entry); -+ rc == 1; -+ rc = sys_acl_get_entry(sacl, SMB_ACL_NEXT_ENTRY, &entry)) { -+ SMB_ACL_TAG_T tag_type; -+ if ((rc = sys_acl_get_tag_type(entry, &tag_type))) { -+ errfun = "sys_acl_get_tag_type"; -+ break; -+ } -+ if (tag_type == SMB_ACL_USER_OBJ) -+ COE2( store_access_in_entry,((mode >> 6) & 7, entry) ); -+ else if (tag_type == group_id) -+ COE2( store_access_in_entry,((mode >> 3) & 7, entry) ); -+ else if (tag_type == SMB_ACL_OTHER) -+ COE2( store_access_in_entry,(mode & 7, entry) ); -+ } -+ if (rc) { -+ error_exit: -+ if (errfun) { -+ rprintf(FERROR, "change_sacl_perms: %s(): %s\n", -+ errfun, strerror(errno)); -+ } -+ return ~0u; + /* === Send functions === */ + + /* Send the ida list over the file descriptor. */ +@@ -629,6 +732,11 @@ static void send_rsync_acl(rsync_acl *racl, SMB_ACL_TYPE_T type, + * This also frees the ACL data. */ + void send_acl(stat_x *sxp, int f) + { ++ if (protocol_version < 30) { ++ old_send_acl(sxp, f); ++ return; + } + -+#ifdef SMB_ACL_LOSES_SPECIAL_MODE_BITS -+ /* Ensure that chmod() will be called to restore any lost setid bits. */ -+ if (old_mode & (S_ISUID | S_ISGID | S_ISVTX) -+ && (old_mode & CHMOD_BITS) == (mode & CHMOD_BITS)) -+ old_mode &= ~(S_ISUID | S_ISGID | S_ISVTX); -+#endif -+ -+ /* Return the mode of the file on disk, as we will set them. */ -+ return (old_mode & ~ACCESSPERMS) | (mode & ACCESSPERMS); -+} + if (!sxp->acc_acl) { + sxp->acc_acl = create_racl(); + rsync_acl_fake_perms(sxp->acc_acl, sxp->st.st_mode); +@@ -646,6 +754,160 @@ void send_acl(stat_x *sxp, int f) + } + } + ++/* === OLD Receive functions */ + -+static void receive_rsync_acl(rsync_acl *racl, int f) ++static void old_recv_rsync_acl(rsync_acl *racl, int f) +{ ++ static item_list temp_ida_list = EMPTY_ITEM_LIST; ++ SMB_ACL_TAG_T tag_type = 0; + uchar computed_mask_bits = 0; -+ ida_list *idal = NULL; + id_access *ida; + size_t count; + -+ *racl = rsync_acl_initializer; -+ + if (!(count = read_int(f))) + return; + @@ -758,4754 +169,172 @@ This code does not yet itemize changes in ACL information (see --itemize). + char tag = read_byte(f); + uchar access = read_byte(f); + if (access & ~ (4 | 2 | 1)) { -+ rprintf(FERROR, "receive_rsync_acl: bogus permset %o\n", ++ rprintf(FERROR, "old_recv_rsync_acl: bogus permset %o\n", + access); + exit_cleanup(RERR_STREAMIO); + } + switch (tag) { + case 'u': + if (racl->user_obj != NO_ENTRY) { -+ rprintf(FERROR, "receive_rsync_acl: error: duplicate USER_OBJ entry\n"); ++ rprintf(FERROR, "old_recv_rsync_acl: error: duplicate USER_OBJ entry\n"); + exit_cleanup(RERR_STREAMIO); + } + racl->user_obj = access; + continue; + case 'U': -+ idal = &racl->users; ++ tag_type = SMB_ACL_USER; + break; + case 'g': + if (racl->group_obj != NO_ENTRY) { -+ rprintf(FERROR, "receive_rsync_acl: error: duplicate GROUP_OBJ entry\n"); ++ rprintf(FERROR, "old_recv_rsync_acl: error: duplicate GROUP_OBJ entry\n"); + exit_cleanup(RERR_STREAMIO); + } + racl->group_obj = access; + continue; + case 'G': -+ idal = &racl->groups; ++ tag_type = SMB_ACL_GROUP; + break; + case 'm': -+ if (racl->mask != NO_ENTRY) { -+ rprintf(FERROR, "receive_rsync_acl: error: duplicate MASK entry\n"); ++ if (racl->mask_obj != NO_ENTRY) { ++ rprintf(FERROR, "old_recv_rsync_acl: error: duplicate MASK entry\n"); + exit_cleanup(RERR_STREAMIO); + } -+ racl->mask = access; ++ racl->mask_obj = access; + continue; + case 'o': -+ if (racl->other != NO_ENTRY) { -+ rprintf(FERROR, "receive_rsync_acl: error: duplicate OTHER entry\n"); ++ if (racl->other_obj != NO_ENTRY) { ++ rprintf(FERROR, "old_recv_rsync_acl: error: duplicate OTHER entry\n"); + exit_cleanup(RERR_STREAMIO); + } -+ racl->other = access; ++ racl->other_obj = access; + continue; + default: -+ rprintf(FERROR, "receive_rsync_acl: unknown tag %c\n", ++ rprintf(FERROR, "old_recv_rsync_acl: unknown tag %c\n", + tag); + exit_cleanup(RERR_STREAMIO); + } -+ expand_ida_list(idal); -+ ida = &idal->idas[idal->count++]; -+ ida->access = access; ++ ida = EXPAND_ITEM_LIST(&temp_ida_list, id_access, -10); ++ ida->access = access | (tag_type == SMB_ACL_USER ? NAME_IS_USER : 0); + ida->id = read_int(f); + computed_mask_bits |= access; + } + -+ /* Ensure that these are never unset. */ -+ if (racl->user_obj == NO_ENTRY) -+ racl->user_obj = 7; -+ if (racl->group_obj == NO_ENTRY) -+ racl->group_obj = 0; -+ if (racl->other == NO_ENTRY) -+ racl->other = 0; -+#ifndef ACLS_NEED_MASK -+ if (!racl->users.count && !racl->groups.count) { -+ /* If we, a system without ACLS_NEED_MASK, received a -+ * superfluous mask, throw it away. */ -+ if (racl->mask != NO_ENTRY) { -+ /* mask off group perms with it first */ -+ racl->group_obj &= racl->mask; -+ racl->mask = NO_ENTRY; ++ /* Transfer the count id_access items out of the temp_ida_list ++ * into the names ida_entries list in racl. */ ++ if (temp_ida_list.count) { ++#ifdef SMB_ACL_NEED_SORT ++ if (temp_ida_list.count > 1) { ++ qsort(temp_ida_list.items, temp_ida_list.count, ++ sizeof (id_access), id_access_sorter); + } -+ } else +#endif -+ if (racl->mask == NO_ENTRY) -+ racl->mask = computed_mask_bits | racl->group_obj; ++ if (!(racl->names.idas = new_array(id_access, temp_ida_list.count))) ++ out_of_memory("unpack_smb_acl"); ++ memcpy(racl->names.idas, temp_ida_list.items, ++ temp_ida_list.count * sizeof (id_access)); ++ } else ++ racl->names.idas = NULL; ++ ++ racl->names.count = temp_ida_list.count; ++ ++ /* Truncate the temporary list now that its idas have been saved. */ ++ temp_ida_list.count = 0; ++ ++ if (!racl->names.count) { ++ /* If we received a superfluous mask, throw it away. */ ++ if (racl->mask_obj != NO_ENTRY) { ++ /* Mask off the group perms with it first. */ ++ racl->group_obj &= racl->mask_obj | NO_ENTRY; ++ racl->mask_obj = NO_ENTRY; ++ } ++ } else if (racl->mask_obj == NO_ENTRY) /* Must be non-empty with lists. */ ++ racl->mask_obj = (computed_mask_bits | racl->group_obj) & 7; +} + -+/* receive and build the rsync_acl_lists */ -+void receive_acl(struct file_struct *file, int f) ++/* Receive the ACL info the sender has included for this file-list entry. */ ++void old_recv_acl(struct file_struct *file, int f) +{ + SMB_ACL_TYPE_T type; -+ char *fname; ++ item_list *racl_list; + + if (S_ISLNK(file->mode)) + return; + -+ fname = f_name(file, NULL); + type = SMB_ACL_TYPE_ACCESS; ++ racl_list = &access_acl_list; + do { -+ file_acl_index_list *fileaclidx_list = -+ file_acl_index_lists(type); -+ char tag; -+ expand_file_acl_index_list(fileaclidx_list); ++ char tag = read_byte(f); ++ int ndx; + -+ tag = read_byte(f); + if (tag == 'A' || tag == 'a') { + if (type != SMB_ACL_TYPE_ACCESS) { + rprintf(FERROR, "receive_acl %s: duplicate access ACL\n", -+ fname); ++ f_name(file, NULL)); + exit_cleanup(RERR_STREAMIO); + } + } else if (tag == 'D' || tag == 'd') { + if (type == SMB_ACL_TYPE_ACCESS) { + rprintf(FERROR, "receive_acl %s: expecting access ACL; got default\n", -+ fname); ++ f_name(file, NULL)); + exit_cleanup(RERR_STREAMIO); + } + } else { + rprintf(FERROR, "receive_acl %s: unknown ACL type tag: %c\n", -+ fname, tag); ++ f_name(file, NULL), tag); + exit_cleanup(RERR_STREAMIO); + } + if (tag == 'A' || tag == 'D') { -+ rsync_acl racl; -+ rsync_acl_list *racl_list = rsync_acl_lists(type); -+ smb_acl_list *sacl_list = smb_acl_lists(type); -+ fileaclidx_list->fileaclidxs[fileaclidx_list->count]. -+ aclidx = racl_list->count; -+ fileaclidx_list->fileaclidxs[fileaclidx_list->count++]. -+ file = file; -+ receive_rsync_acl(&racl, f); -+ expand_rsync_acl_list(racl_list); -+ racl_list->racls[racl_list->count++] = racl; -+ expand_smb_acl_list(sacl_list); -+ sacl_list->sacls[sacl_list->count++] = NULL; ++ acl_duo *duo_item; ++ ndx = racl_list->count; ++ duo_item = EXPAND_ITEM_LIST(racl_list, acl_duo, 1000); ++ duo_item->racl = empty_rsync_acl; ++ old_recv_rsync_acl(&duo_item->racl, f); ++ duo_item->sacl = NULL; + } else { -+ int index = read_int(f); -+ rsync_acl_list *racl_list = rsync_acl_lists(type); -+ if ((size_t) index >= racl_list->count) { ++ ndx = read_int(f); ++ if (ndx < 0 || (size_t)ndx >= racl_list->count) { + rprintf(FERROR, "receive_acl %s: %s ACL index %d out of range\n", -+ fname, -+ str_acl_type(type), -+ index); ++ f_name(file, NULL), str_acl_type(type), ndx); + exit_cleanup(RERR_STREAMIO); + } -+ fileaclidx_list->fileaclidxs[fileaclidx_list->count]. -+ aclidx = index; -+ fileaclidx_list->fileaclidxs[fileaclidx_list->count++]. -+ file = file; + } ++ if (type == SMB_ACL_TYPE_ACCESS) ++ F_ACL(file) = ndx; ++ else ++ F_DIR_DEFACL(file) = ndx; ++ racl_list = &default_acl_list; + } while (BUMP_TYPE(type) && S_ISDIR(file->mode)); +} + -+static int file_acl_index_list_sorter(const void *f1, const void *f2) -+{ -+ const file_acl_index *fileaclidx1 = (const file_acl_index *)f1; -+ const file_acl_index *fileaclidx2 = (const file_acl_index *)f2; -+ return fileaclidx1->file == fileaclidx2->file ? 0 : -+ fileaclidx1->file < fileaclidx2->file ? -1 : 1; -+} -+ -+void sort_file_acl_index_lists() -+{ -+ SMB_ACL_TYPE_T type; -+ -+ type = SMB_ACL_TYPE_ACCESS; -+ do { -+ file_acl_index_list *fileaclidx_list = -+ file_acl_index_lists(type); -+ if (!fileaclidx_list->count) -+ continue; -+ qsort(fileaclidx_list->fileaclidxs, fileaclidx_list->count, -+ sizeof fileaclidx_list->fileaclidxs[0], -+ &file_acl_index_list_sorter); -+ } while (BUMP_TYPE(type)); -+} -+ -+static int find_file_acl_index(const file_acl_index_list *fileaclidx_list, -+ const struct file_struct *file) { -+ int low = 0, high = fileaclidx_list->count; -+ const struct file_struct *file_mid; -+ if (!high--) -+ return -1; -+ do { -+ int mid = (high + low) / 2; -+ file_mid = fileaclidx_list->fileaclidxs[mid].file; -+ if (file_mid == file) -+ return fileaclidx_list->fileaclidxs[mid].aclidx; -+ if (file_mid > file) -+ high = mid - 1; -+ else -+ low = mid + 1; -+ } while (low < high); -+ if (low == high) { -+ file_mid = fileaclidx_list->fileaclidxs[low].file; -+ if (file_mid == file) -+ return fileaclidx_list->fileaclidxs[low].aclidx; + /* === Receive functions === */ + + static uint32 recv_acl_access(uchar *name_follows_ptr, int f) +@@ -768,6 +1030,11 @@ static int recv_rsync_acl(item_list *racl_list, SMB_ACL_TYPE_T type, int f) + /* Receive the ACL info the sender has included for this file-list entry. */ + void receive_acl(struct file_struct *file, int f) + { ++ if (protocol_version < 30) { ++ old_recv_acl(file, f); ++ return; + } -+ rprintf(FERROR, -+ "find_file_acl_index: can't find entry for file in list\n"); -+ exit_cleanup(RERR_STREAMIO); -+ return -1; -+} -+ -+/* for duplicating ACLs on backups when using backup_dir */ -+int dup_acl(const char *orig, const char *bak, mode_t mode) -+{ -+ SMB_ACL_TYPE_T type; -+ int ret = 0; -+ -+ type = SMB_ACL_TYPE_ACCESS; -+ do { -+ SMB_ACL_T sacl_orig, sacl_bak; -+ rsync_acl racl_orig, racl_bak; -+ if (!(sacl_orig = sys_acl_get_file(orig, type))) { -+ rprintf(FERROR, "dup_acl: sys_acl_get_file(%s, %s): %s\n", -+ orig, str_acl_type(type), strerror(errno)); -+ ret = -1; -+ continue; -+ } -+ if (!(sacl_bak = sys_acl_get_file(orig, type))) { -+ rprintf(FERROR, "dup_acl: sys_acl_get_file(%s, %s): %s. ignoring\n", -+ bak, str_acl_type(type), strerror(errno)); -+ ret = -1; -+ /* try to forge on through */ -+ } -+ if (!unpack_smb_acl(&racl_orig, sacl_orig)) { -+ ret = -1; -+ goto out_with_sacls; -+ } -+ if (sacl_bak) { -+ if (!unpack_smb_acl(&racl_bak, sacl_bak)) { -+ ret = -1; -+ goto out_with_one_racl; -+ } -+ if (rsync_acls_equal(&racl_orig, &racl_bak)) -+ goto out_with_all; -+ } else { -+ ; /* presume they're unequal */ -+ } -+ if (type == SMB_ACL_TYPE_DEFAULT -+ && rsync_acl_count_entries(&racl_orig) == 0) { -+ if (sys_acl_delete_def_file(bak) < 0) { -+ rprintf(FERROR, "dup_acl: sys_acl_delete_def_file(%s): %s\n", -+ bak, strerror(errno)); -+ ret = -1; -+ } -+ } else if (sys_acl_set_file(bak, type, sacl_bak) < 0) { -+ rprintf(FERROR, "dup_acl: sys_acl_set_file(%s, %s): %s\n", -+ bak, str_acl_type(type), strerror(errno)); -+ ret = -1; -+ } -+ out_with_all: -+ if (sacl_bak) -+ rsync_acl_free(&racl_bak); -+ out_with_one_racl: -+ rsync_acl_free(&racl_orig); -+ out_with_sacls: -+ if (sacl_bak) -+ sys_acl_free_acl(sacl_bak); -+ /* out_with_one_sacl: */ -+ if (sacl_orig) -+ sys_acl_free_acl(sacl_orig); -+ } while (BUMP_TYPE(type) && S_ISDIR(mode)); -+ -+ return ret; -+} -+ -+/* Stuff for redirecting calls to set_acl() from set_file_attrs() -+ * for keep_backup(). */ -+static const struct file_struct *backup_orig_file = NULL; -+static const char null_string[] = ""; -+static const char *backup_orig_fname = null_string; -+static const char *backup_dest_fname = null_string; -+static SMB_ACL_T _backup_sacl[] = { NULL, NULL }; -+ -+void push_keep_backup_acl(const struct file_struct *file, -+ const char *orig, const char *dest) -+{ -+ SMB_ACL_TYPE_T type; -+ SMB_ACL_T *sacl; -+ -+ backup_orig_file = file; -+ backup_orig_fname = orig; -+ backup_dest_fname = dest; -+ -+ sacl = &_backup_sacl[0]; -+ type = SMB_ACL_TYPE_ACCESS; -+ do { -+ if (type == SMB_ACL_TYPE_DEFAULT && !S_ISDIR(file->mode)) { -+ *sacl = NULL; -+ break; -+ } -+ if (!(*sacl = sys_acl_get_file(orig, type))) { -+ rprintf(FERROR, -+ "push_keep_backup_acl: sys_acl_get_file(%s, %s): %s\n", -+ orig, str_acl_type(type), -+ strerror(errno)); -+ } -+ } while (BUMP_TYPE(type)); -+} -+ -+static int set_keep_backup_acl() -+{ -+ SMB_ACL_TYPE_T type; -+ SMB_ACL_T *sacl; -+ int ret = 0; -+ -+ sacl = &_backup_sacl[0]; -+ type = SMB_ACL_TYPE_ACCESS; -+ do { -+ if (*sacl -+ && sys_acl_set_file(backup_dest_fname, type, *sacl) < 0) { -+ rprintf(FERROR, -+ "push_keep_backup_acl: sys_acl_get_file(%s, %s): %s\n", -+ backup_dest_fname, -+ str_acl_type(type), -+ strerror(errno)); -+ ret = -1; -+ } -+ } while (BUMP_TYPE(type)); -+ -+ return ret; -+} -+ -+void cleanup_keep_backup_acl() -+{ -+ SMB_ACL_TYPE_T type; -+ SMB_ACL_T *sacl; -+ -+ backup_orig_file = NULL; -+ backup_orig_fname = null_string; -+ backup_dest_fname = null_string; -+ -+ sacl = &_backup_sacl[0]; -+ type = SMB_ACL_TYPE_ACCESS; -+ do { -+ if (*sacl) { -+ sys_acl_free_acl(*sacl); -+ *sacl = NULL; -+ } -+ } while (BUMP_TYPE(type)); -+} -+ -+/* set ACL on rsync-ed or keep_backup-ed file -+ * -+ * This sets extended access ACL entries and default ACLs. If convenient, -+ * it sets permission bits along with the access ACLs and signals having -+ * done so by modifying mode_p, which should point into the stat buffer. -+ * -+ * returns: 1 for unchanged, 0 for changed, -1 for failed -+ * Pass NULL for mode_p to get the return code without changing anything. */ -+int set_acl(const char *fname, const struct file_struct *file, mode_t *mode_p) -+{ -+ int unchanged = 1; -+ SMB_ACL_TYPE_T type; -+ -+ if (S_ISLNK(file->mode)) -+ return 1; -+ -+ if (file == backup_orig_file) { -+ if (!strcmp(fname, backup_dest_fname)) -+ return set_keep_backup_acl(); -+ } -+ type = SMB_ACL_TYPE_ACCESS; -+ do { -+ BOOL ok; -+ SMB_ACL_T sacl_orig, *sacl_new; -+ rsync_acl racl_orig, *racl_new; -+ int aclidx = find_file_acl_index(file_acl_index_lists(type), file); -+ -+ racl_new = &(rsync_acl_lists(type)->racls[aclidx]); -+ sacl_new = &(smb_acl_lists(type)->sacls[aclidx]); -+ sacl_orig = sys_acl_get_file(fname, type); -+ if (!sacl_orig) { -+ rprintf(FERROR, "set_acl: sys_acl_get_file(%s, %s): %s\n", -+ fname, str_acl_type(type), strerror(errno)); -+ unchanged = -1; -+ continue; -+ } -+ ok = unpack_smb_acl(&racl_orig, sacl_orig); -+ sys_acl_free_acl(sacl_orig); -+ if (!ok) { -+ unchanged = -1; -+ continue; -+ } -+ if (type == SMB_ACL_TYPE_ACCESS) -+ ok = rsync_acl_extended_parts_equal(&racl_orig, racl_new); -+ else -+ ok = rsync_acls_equal(&racl_orig, racl_new); -+ rsync_acl_free(&racl_orig); -+ if (ok) -+ continue; -+ if (!dry_run && mode_p) { -+ if (type == SMB_ACL_TYPE_DEFAULT -+ && rsync_acl_count_entries(racl_new) == 0) { -+ if (sys_acl_delete_def_file(fname) < 0) { -+ rprintf(FERROR, "set_acl: sys_acl_delete_def_file(%s): %s\n", -+ fname, strerror(errno)); -+ unchanged = -1; -+ continue; -+ } -+ } else { -+ mode_t cur_mode = *mode_p; -+ if (!*sacl_new -+ && !pack_smb_acl(sacl_new, racl_new)) { -+ unchanged = -1; -+ continue; -+ } -+ if (type == SMB_ACL_TYPE_ACCESS) { -+ cur_mode = change_sacl_perms(*sacl_new, racl_new->mask, -+ cur_mode, file->mode); -+ if (cur_mode == ~0u) -+ continue; -+ } -+ if (sys_acl_set_file(fname, type, *sacl_new) < 0) { -+ rprintf(FERROR, "set_acl: sys_acl_set_file(%s, %s): %s\n", -+ fname, str_acl_type(type), -+ strerror(errno)); -+ unchanged = -1; -+ continue; -+ } -+ if (type == SMB_ACL_TYPE_ACCESS) -+ *mode_p = cur_mode; -+ } -+ } -+ if (unchanged == 1) -+ unchanged = 0; -+ } while (BUMP_TYPE(type) && S_ISDIR(file->mode)); -+ -+ return unchanged; -+} -+ -+/* Enumeration functions for uid mapping: */ -+ -+/* Context -- one and only one. Should be cycled through once on uid -+ * mapping and once on gid mapping. */ -+static rsync_acl_list *_enum_racl_lists[] = { -+ &_rsync_acl_lists[0], &_rsync_acl_lists[1], NULL -+}; -+ -+static rsync_acl_list **enum_racl_list = &_enum_racl_lists[0]; -+static size_t enum_racl_index = 0; -+static size_t enum_ida_index = 0; -+ -+/* This returns the next tag_type id from the given acl for the next entry, -+ * or it returns 0 if there are no more tag_type ids in the acl. */ -+static id_t *next_ace_id(SMB_ACL_TAG_T tag_type, const rsync_acl *racl) -+{ -+ const ida_list *idal = (tag_type == SMB_ACL_USER ? -+ &racl->users : &racl->groups); -+ if (enum_ida_index < idal->count) { -+ id_access *ida = &idal->idas[enum_ida_index++]; -+ return &ida->id; -+ } -+ enum_ida_index = 0; -+ return NULL; -+} -+ -+static id_t *next_acl_id(SMB_ACL_TAG_T tag_type, const rsync_acl_list *racl_list) -+{ -+ for (; enum_racl_index < racl_list->count; enum_racl_index++) { -+ rsync_acl *racl = &racl_list->racls[enum_racl_index]; -+ id_t *id = next_ace_id(tag_type, racl); -+ if (id) -+ return id; -+ } -+ enum_racl_index = 0; -+ return NULL; -+} -+ -+static id_t *next_acl_list_id(SMB_ACL_TAG_T tag_type) -+{ -+ for (; *enum_racl_list; enum_racl_list++) { -+ id_t *id = next_acl_id(tag_type, *enum_racl_list); -+ if (id) -+ return id; -+ } -+ enum_racl_list = &_enum_racl_lists[0]; -+ return NULL; -+} -+ -+id_t *next_acl_uid() -+{ -+ return next_acl_list_id(SMB_ACL_USER); -+} -+ -+id_t *next_acl_gid() -+{ -+ return next_acl_list_id(SMB_ACL_GROUP); -+} -+ -+int default_perms_for_dir(const char *dir) -+{ -+ rsync_acl racl; -+ SMB_ACL_T sacl; -+ BOOL ok; -+ int perms; -+ -+ if (dir == NULL) -+ dir = "."; -+ perms = ACCESSPERMS & ~orig_umask; -+ /* Read the directory's default ACL. If it has none, this will successfully return an empty ACL. */ -+ sacl = sys_acl_get_file(dir, SMB_ACL_TYPE_DEFAULT); -+ if (sacl == NULL) { -+ /* Couldn't get an ACL. Darn. */ -+ switch (errno) { -+ case ENOTSUP: -+ /* ACLs are disabled. We could yell at the user to turn them on, but... */ -+ break; -+ case ENOENT: -+ if (dry_run) { -+ /* We're doing a dry run, so the containing directory -+ * wasn't actually created. Don't worry about it. */ -+ break; -+ } -+ /* Otherwise fall through. */ -+ default: -+ rprintf(FERROR, "default_perms_for_dir: sys_acl_get_file(%s, %s): %s, falling back on umask\n", -+ dir, str_acl_type(SMB_ACL_TYPE_DEFAULT), strerror(errno)); -+ } -+ return perms; -+ } -+ -+ /* Convert it. */ -+ ok = unpack_smb_acl(&racl, sacl); -+ sys_acl_free_acl(sacl); -+ if (!ok) { -+ rprintf(FERROR, "default_perms_for_dir: unpack_smb_acl failed, falling back on umask\n"); -+ return perms; -+ } -+ -+ /* Apply the permission-bit entries of the default ACL, if any. */ -+ if (rsync_acl_count_entries(&racl) > 0) { -+ perms = rsync_acl_get_perms(&racl); -+ if (verbose > 2) -+ rprintf(FINFO, "got ACL-based default perms %o for directory %s\n", perms, dir); -+ } -+ -+ rsync_acl_free(&racl); -+ return perms; -+} -+ -+#endif /* SUPPORT_ACLS */ ---- old/backup.c -+++ new/backup.c -@@ -28,6 +28,7 @@ extern char *backup_suffix; - extern char *backup_dir; - - extern int am_root; -+extern int preserve_acls; - extern int preserve_devices; - extern int preserve_specials; - extern int preserve_links; -@@ -132,6 +133,10 @@ static int make_bak_dir(char *fullpath) - } else { - do_lchown(fullpath, st.st_uid, st.st_gid); - do_chmod(fullpath, st.st_mode); -+#ifdef SUPPORT_ACLS -+ if (preserve_acls) -+ dup_acl(end, fullpath, st.st_mode); -+#endif - } - } - *p = '/'; -@@ -185,6 +190,11 @@ static int keep_backup(char *fname) - if (!(buf = get_backup_name(fname))) - return 0; - -+#ifdef SUPPORT_ACLS -+ if (preserve_acls) -+ push_keep_backup_acl(file, fname, buf); -+#endif -+ - /* Check to see if this is a device file, or link */ - if ((am_root && preserve_devices && IS_DEVICE(file->mode)) - || (preserve_specials && IS_SPECIAL(file->mode))) { -@@ -260,6 +270,10 @@ static int keep_backup(char *fname) - } - } - set_file_attrs(buf, file, NULL, 0); -+#ifdef SUPPORT_ACLS -+ if (preserve_acls) -+ cleanup_keep_backup_acl(); -+#endif - free(file); - - if (verbose > 1) { ---- old/configure.in -+++ new/configure.in -@@ -482,6 +482,11 @@ if test x"$ac_cv_func_strcasecmp" = x"no - AC_CHECK_LIB(resolv, strcasecmp) - fi - -+AC_CHECK_FUNCS(aclsort) -+if test x"$ac_cv_func_aclsort" = x"no"; then -+ AC_CHECK_LIB(sec, aclsort) -+fi -+ - dnl At the moment we don't test for a broken memcmp(), because all we - dnl need to do is test for equality, not comparison, and it seems that - dnl every platform has a memcmp that can do at least that. -@@ -738,6 +743,77 @@ AC_SUBST(OBJ_RESTORE) - AC_SUBST(CC_SHOBJ_FLAG) - AC_SUBST(BUILD_POPT) - -+AC_CHECK_HEADERS(sys/acl.h) -+AC_CHECK_FUNCS(_acl __acl _facl __facl) -+################################################# -+# check for ACL support -+ -+AC_MSG_CHECKING(whether to support ACLs) -+AC_ARG_ENABLE(acl-support, -+AC_HELP_STRING([--enable-acl-support], [Include ACL support (default=no)]), -+[ case "$enableval" in -+ yes) -+ -+ case "$host_os" in -+ *sysv5*) -+ AC_MSG_RESULT(Using UnixWare ACLs) -+ AC_DEFINE(HAVE_UNIXWARE_ACLS, 1, [true if you have UnixWare ACLs]) -+ ;; -+ *solaris*|*cygwin*) -+ AC_MSG_RESULT(Using solaris ACLs) -+ AC_DEFINE(HAVE_SOLARIS_ACLS, 1, [true if you have solaris ACLs]) -+ ;; -+ *hpux*) -+ AC_MSG_RESULT(Using HPUX ACLs) -+ AC_DEFINE(HAVE_HPUX_ACLS, 1, [true if you have HPUX ACLs]) -+ ;; -+ *irix*) -+ AC_MSG_RESULT(Using IRIX ACLs) -+ AC_DEFINE(HAVE_IRIX_ACLS, 1, [true if you have IRIX ACLs]) -+ ;; -+ *aix*) -+ AC_MSG_RESULT(Using AIX ACLs) -+ AC_DEFINE(HAVE_AIX_ACLS, 1, [true if you have AIX ACLs]) -+ ;; -+ *osf*) -+ AC_MSG_RESULT(Using Tru64 ACLs) -+ AC_DEFINE(HAVE_TRU64_ACLS, 1, [true if you have Tru64 ACLs]) -+ LIBS="$LIBS -lpacl" -+ ;; -+ *) -+ AC_MSG_RESULT(ACLs requested -- running tests) -+ AC_CHECK_LIB(acl,acl_get_file) -+ AC_CACHE_CHECK([for ACL support],samba_cv_HAVE_POSIX_ACLS,[ -+ AC_TRY_LINK([#include -+#include ], -+[ acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p);], -+samba_cv_HAVE_POSIX_ACLS=yes,samba_cv_HAVE_POSIX_ACLS=no)]) -+ if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then -+ AC_MSG_RESULT(Using posix ACLs) -+ AC_DEFINE(HAVE_POSIX_ACLS, 1, [true if you have posix ACLs]) -+ AC_CACHE_CHECK([for acl_get_perm_np],samba_cv_HAVE_ACL_GET_PERM_NP,[ -+ AC_TRY_LINK([#include -+#include ], -+[ acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm);], -+samba_cv_HAVE_ACL_GET_PERM_NP=yes,samba_cv_HAVE_ACL_GET_PERM_NP=no)]) -+ if test x"$samba_cv_HAVE_ACL_GET_PERM_NP" = x"yes"; then -+ AC_DEFINE(HAVE_ACL_GET_PERM_NP, 1, [true if you have acl_get_perm_np]) -+ fi -+ else -+ AC_MSG_ERROR(Failed to find ACL support) -+ fi -+ ;; -+ esac -+ ;; -+ *) -+ AC_MSG_RESULT(no) -+ AC_DEFINE(HAVE_NO_ACLS, 1, [true if you don't have ACLs]) -+ ;; -+ esac ], -+ AC_DEFINE(HAVE_NO_ACLS, 1, [true if you don't have ACLs]) -+ AC_MSG_RESULT(no) -+) -+ - AC_CONFIG_FILES([Makefile lib/dummy zlib/dummy popt/dummy shconfig]) - AC_OUTPUT - ---- old/flist.c -+++ new/flist.c -@@ -44,6 +44,7 @@ extern int filesfrom_fd; - extern int one_file_system; - extern int copy_dirlinks; - extern int keep_dirlinks; -+extern int preserve_acls; - extern int preserve_links; - extern int preserve_hard_links; - extern int preserve_devices; -@@ -970,6 +971,11 @@ static struct file_struct *send_file_nam - if (chmod_modes && !S_ISLNK(file->mode)) - file->mode = tweak_mode(file->mode, chmod_modes); - -+#ifdef SUPPORT_ACLS -+ if (preserve_acls && make_acl(file, fname) < 0) -+ return NULL; -+#endif -+ - maybe_emit_filelist_progress(flist->count + flist_count_offset); - - flist_expand(flist); -@@ -977,6 +983,16 @@ static struct file_struct *send_file_nam - if (file->basename[0]) { - flist->files[flist->count++] = file; - send_file_entry(file, f); -+#ifdef SUPPORT_ACLS -+ if (preserve_acls) -+ send_acl(file, f); -+#endif -+ } else { -+#ifdef SUPPORT_ACLS -+ /* Cleanup unsent ACL(s). */ -+ if (preserve_acls) -+ send_acl(file, -1); -+#endif - } - return file; - } -@@ -1365,6 +1381,11 @@ struct file_list *recv_file_list(int f) - flags |= read_byte(f) << 8; - file = receive_file_entry(flist, flags, f); - -+#ifdef SUPPORT_ACLS -+ if (preserve_acls) -+ receive_acl(file, f); -+#endif -+ - if (S_ISREG(file->mode) || S_ISLNK(file->mode)) - stats.total_size += file->length; - -@@ -1387,6 +1408,11 @@ struct file_list *recv_file_list(int f) - - clean_flist(flist, relative_paths, 1); - -+#ifdef SUPPORT_ACLS -+ if (preserve_acls) -+ sort_file_acl_index_lists(); -+#endif -+ - if (f >= 0) { - recv_uid_list(f, flist); - ---- old/generator.c -+++ new/generator.c -@@ -85,6 +85,7 @@ extern long block_size; /* "long" becaus - extern int max_delete; - extern int force_delete; - extern int one_file_system; -+extern mode_t orig_umask; - extern struct stats stats; - extern dev_t filesystem_dev; - extern char *backup_dir; -@@ -321,6 +322,8 @@ static void do_delete_pass(struct file_l - - int unchanged_attrs(struct file_struct *file, STRUCT_STAT *st) - { -+ /* FIXME: Flag ACL changes. */ -+ - if (preserve_perms - && (st->st_mode & CHMOD_BITS) != (file->mode & CHMOD_BITS)) - return 0; -@@ -355,6 +358,7 @@ void itemize(struct file_struct *file, i - if (preserve_gid && file->gid != GID_NONE - && st->st_gid != file->gid) - iflags |= ITEM_REPORT_GROUP; -+ /* FIXME: Itemize ACL changes. ITEM_REPORT_XATTR? */ - } else - iflags |= ITEM_IS_NEW; - -@@ -753,6 +757,7 @@ static int try_dests_non(struct file_str - } - - static int phase = 0; -+static int dflt_perms; - - /* Acts on the_file_list->file's ndx'th item, whose name is fname. If a dir, - * make sure it exists, and has the right permissions/timestamp info. For -@@ -844,6 +849,10 @@ static void recv_generator(char *fname, - } - if (fuzzy_basis) - need_fuzzy_dirlist = 1; -+#ifdef SUPPORT_ACLS -+ if (!preserve_perms) -+ dflt_perms = default_perms_for_dir(dn); -+#endif - } - parent_dirname = dn; - -@@ -871,7 +880,8 @@ static void recv_generator(char *fname, - if (!preserve_perms) { - int exists = statret == 0 - && S_ISDIR(st.st_mode) == S_ISDIR(file->mode); -- file->mode = dest_mode(file->mode, st.st_mode, exists); -+ file->mode = dest_mode(file->mode, st.st_mode, dflt_perms, -+ exists); - } - - if (S_ISDIR(file->mode)) { -@@ -1343,6 +1353,8 @@ void generate_files(int f_out, struct fi - * notice that and let us know via the redo pipe (or its closing). */ - ignore_timeout = 1; - -+ dflt_perms = (ACCESSPERMS & ~orig_umask); -+ - for (i = 0; i < flist->count; i++) { - struct file_struct *file = flist->files[i]; - ---- old/lib/sysacls.c -+++ new/lib/sysacls.c -@@ -0,0 +1,3240 @@ -+/* -+ Unix SMB/CIFS implementation. -+ Samba system utilities for ACL support. -+ Copyright (C) Jeremy Allison 2000. -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 2 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program; if not, write to the Free Software -+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+*/ -+ -+#include "rsync.h" -+#include "sysacls.h" /****** ADDED ******/ -+ -+/****** EXTRAS -- THESE ITEMS ARE NOT FROM THE SAMBA SOURCE ******/ -+void SAFE_FREE(void *mem) -+{ -+ if (mem) -+ free(mem); -+} -+ -+char *uidtoname(uid_t uid) -+{ -+ static char idbuf[12]; -+ struct passwd *pw; -+ -+ if ((pw = getpwuid(uid)) == NULL) { -+ slprintf(idbuf, sizeof(idbuf)-1, "%ld", (long)uid); -+ return idbuf; -+ } -+ return pw->pw_name; -+} -+/****** EXTRAS -- END ******/ -+ -+/* -+ This file wraps all differing system ACL interfaces into a consistent -+ one based on the POSIX interface. It also returns the correct errors -+ for older UNIX systems that don't support ACLs. -+ -+ The interfaces that each ACL implementation must support are as follows : -+ -+ int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p) -+ int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) -+ int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p -+ void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) -+ SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) -+ SMB_ACL_T sys_acl_get_fd(int fd) -+ int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset); -+ int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm); -+ char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen) -+ SMB_ACL_T sys_acl_init( int count) -+ int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) -+ int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) -+ int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual) -+ int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) -+ int sys_acl_valid( SMB_ACL_T theacl ) -+ int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) -+ int sys_acl_set_fd( int fd, SMB_ACL_T theacl) -+ int sys_acl_delete_def_file(const char *path) -+ -+ This next one is not POSIX complient - but we *have* to have it ! -+ More POSIX braindamage. -+ -+ int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) -+ -+ The generic POSIX free is the following call. We split this into -+ several different free functions as we may need to add tag info -+ to structures when emulating the POSIX interface. -+ -+ int sys_acl_free( void *obj_p) -+ -+ The calls we actually use are : -+ -+ int sys_acl_free_text(char *text) - free acl_to_text -+ int sys_acl_free_acl(SMB_ACL_T posix_acl) -+ int sys_acl_free_qualifier(void *qualifier, SMB_ACL_TAG_T tagtype) -+ -+*/ -+ -+#if defined(HAVE_POSIX_ACLS) -+ -+/* Identity mapping - easy. */ -+ -+int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) -+{ -+ return acl_get_entry( the_acl, entry_id, entry_p); -+} -+ -+int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) -+{ -+ return acl_get_tag_type( entry_d, tag_type_p); -+} -+ -+int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) -+{ -+ return acl_get_permset( entry_d, permset_p); -+} -+ -+void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) -+{ -+ return acl_get_qualifier( entry_d); -+} -+ -+SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) -+{ -+ return acl_get_file( path_p, type); -+} -+ -+SMB_ACL_T sys_acl_get_fd(int fd) -+{ -+ return acl_get_fd(fd); -+} -+ -+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) -+{ -+ return acl_clear_perms(permset); -+} -+ -+int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) -+{ -+ return acl_add_perm(permset, perm); -+} -+ -+int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) -+{ -+#if defined(HAVE_ACL_GET_PERM_NP) -+ /* -+ * Required for TrustedBSD-based ACL implementations where -+ * non-POSIX.1e functions are denoted by a _np (non-portable) -+ * suffix. -+ */ -+ return acl_get_perm_np(permset, perm); -+#else -+ return acl_get_perm(permset, perm); -+#endif -+} -+ -+char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen) -+{ -+ return acl_to_text( the_acl, plen); -+} -+ -+SMB_ACL_T sys_acl_init( int count) -+{ -+ return acl_init(count); -+} -+ -+int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) -+{ -+ return acl_create_entry(pacl, pentry); -+} -+ -+int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) -+{ -+ return acl_set_tag_type(entry, tagtype); -+} -+ -+int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual) -+{ -+ return acl_set_qualifier(entry, qual); -+} -+ -+int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) -+{ -+ return acl_set_permset(entry, permset); -+} -+ -+int sys_acl_valid( SMB_ACL_T theacl ) -+{ -+ return acl_valid(theacl); -+} -+ -+int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) -+{ -+ return acl_set_file(name, acltype, theacl); -+} -+ -+int sys_acl_set_fd( int fd, SMB_ACL_T theacl) -+{ -+ return acl_set_fd(fd, theacl); -+} -+ -+int sys_acl_delete_def_file(const char *name) -+{ -+ return acl_delete_def_file(name); -+} -+ -+int sys_acl_free_text(char *text) -+{ -+ return acl_free(text); -+} -+ -+int sys_acl_free_acl(SMB_ACL_T the_acl) -+{ -+ return acl_free(the_acl); -+} -+ -+int sys_acl_free_qualifier(void *qual, UNUSED(SMB_ACL_TAG_T tagtype)) -+{ -+ return acl_free(qual); -+} -+ -+#elif defined(HAVE_TRU64_ACLS) -+/* -+ * The interface to DEC/Compaq Tru64 UNIX ACLs -+ * is based on Draft 13 of the POSIX spec which is -+ * slightly different from the Draft 16 interface. -+ * -+ * Also, some of the permset manipulation functions -+ * such as acl_clear_perm() and acl_add_perm() appear -+ * to be broken on Tru64 so we have to manipulate -+ * the permission bits in the permset directly. -+ */ -+int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) -+{ -+ SMB_ACL_ENTRY_T entry; -+ -+ if (entry_id == SMB_ACL_FIRST_ENTRY && acl_first_entry(the_acl) != 0) { -+ return -1; -+ } -+ -+ errno = 0; -+ if ((entry = acl_get_entry(the_acl)) != NULL) { -+ *entry_p = entry; -+ return 1; -+ } -+ -+ return errno ? -1 : 0; -+} -+ -+int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) -+{ -+ return acl_get_tag_type( entry_d, tag_type_p); -+} -+ -+int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) -+{ -+ return acl_get_permset( entry_d, permset_p); -+} -+ -+void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) -+{ -+ return acl_get_qualifier( entry_d); -+} -+ -+SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) -+{ -+ return acl_get_file((char *)path_p, type); -+} -+ -+SMB_ACL_T sys_acl_get_fd(int fd) -+{ -+ return acl_get_fd(fd, ACL_TYPE_ACCESS); -+} -+ -+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) -+{ -+ *permset = 0; /* acl_clear_perm() is broken on Tru64 */ -+ -+ return 0; -+} -+ -+int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) -+{ -+ if (perm & ~(SMB_ACL_READ | SMB_ACL_WRITE | SMB_ACL_EXECUTE)) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ *permset |= perm; /* acl_add_perm() is broken on Tru64 */ -+ -+ return 0; -+} -+ -+int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) -+{ -+ return *permset & perm; /* Tru64 doesn't have acl_get_perm() */ -+} -+ -+char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen) -+{ -+ return acl_to_text( the_acl, plen); -+} -+ -+SMB_ACL_T sys_acl_init( int count) -+{ -+ return acl_init(count); -+} -+ -+int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) -+{ -+ SMB_ACL_ENTRY_T entry; -+ -+ if ((entry = acl_create_entry(pacl)) == NULL) { -+ return -1; -+ } -+ -+ *pentry = entry; -+ return 0; -+} -+ -+int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) -+{ -+ return acl_set_tag_type(entry, tagtype); -+} -+ -+int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual) -+{ -+ return acl_set_qualifier(entry, qual); -+} -+ -+int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) -+{ -+ return acl_set_permset(entry, permset); -+} -+ -+int sys_acl_valid( SMB_ACL_T theacl ) -+{ -+ acl_entry_t entry; -+ -+ return acl_valid(theacl, &entry); -+} -+ -+int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) -+{ -+ return acl_set_file((char *)name, acltype, theacl); -+} -+ -+int sys_acl_set_fd( int fd, SMB_ACL_T theacl) -+{ -+ return acl_set_fd(fd, ACL_TYPE_ACCESS, theacl); -+} -+ -+int sys_acl_delete_def_file(const char *name) -+{ -+ return acl_delete_def_file((char *)name); -+} -+ -+int sys_acl_free_text(char *text) -+{ -+ /* -+ * (void) cast and explicit return 0 are for DEC UNIX -+ * which just #defines acl_free_text() to be free() -+ */ -+ (void) acl_free_text(text); -+ return 0; -+} -+ -+int sys_acl_free_acl(SMB_ACL_T the_acl) -+{ -+ return acl_free(the_acl); -+} -+ -+int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) -+{ -+ return acl_free_qualifier(qual, tagtype); -+} -+ -+#elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS) -+ -+/* -+ * Donated by Michael Davidson for UnixWare / OpenUNIX. -+ * Modified by Toomas Soome for Solaris. -+ */ -+ -+/* -+ * Note that while this code implements sufficient functionality -+ * to support the sys_acl_* interfaces it does not provide all -+ * of the semantics of the POSIX ACL interfaces. -+ * -+ * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned -+ * from a call to sys_acl_get_entry() should not be assumed to be -+ * valid after calling any of the following functions, which may -+ * reorder the entries in the ACL. -+ * -+ * sys_acl_valid() -+ * sys_acl_set_file() -+ * sys_acl_set_fd() -+ */ -+ -+/* -+ * The only difference between Solaris and UnixWare / OpenUNIX is -+ * that the #defines for the ACL operations have different names -+ */ -+#if defined(HAVE_UNIXWARE_ACLS) -+ -+#define SETACL ACL_SET -+#define GETACL ACL_GET -+#define GETACLCNT ACL_CNT -+ -+#endif -+ -+ -+int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p) -+{ -+ if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if (entry_p == NULL) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if (entry_id == SMB_ACL_FIRST_ENTRY) { -+ acl_d->next = 0; -+ } -+ -+ if (acl_d->next < 0) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if (acl_d->next >= acl_d->count) { -+ return 0; -+ } -+ -+ *entry_p = &acl_d->acl[acl_d->next++]; -+ -+ return 1; -+} -+ -+int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p) -+{ -+ *type_p = entry_d->a_type; -+ -+ return 0; -+} -+ -+int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) -+{ -+ *permset_p = &entry_d->a_perm; -+ -+ return 0; -+} -+ -+void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) -+{ -+ if (entry_d->a_type != SMB_ACL_USER -+ && entry_d->a_type != SMB_ACL_GROUP) { -+ errno = EINVAL; -+ return NULL; -+ } -+ -+ return &entry_d->a_id; -+} -+ -+/* -+ * There is no way of knowing what size the ACL returned by -+ * GETACL will be unless you first call GETACLCNT which means -+ * making an additional system call. -+ * -+ * In the hope of avoiding the cost of the additional system -+ * call in most cases, we initially allocate enough space for -+ * an ACL with INITIAL_ACL_SIZE entries. If this turns out to -+ * be too small then we use GETACLCNT to find out the actual -+ * size, reallocate the ACL buffer, and then call GETACL again. -+ */ -+ -+#define INITIAL_ACL_SIZE 16 -+ -+SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) -+{ -+ SMB_ACL_T acl_d; -+ int count; /* # of ACL entries allocated */ -+ int naccess; /* # of access ACL entries */ -+ int ndefault; /* # of default ACL entries */ -+ -+ if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { -+ errno = EINVAL; -+ return NULL; -+ } -+ -+ count = INITIAL_ACL_SIZE; -+ if ((acl_d = sys_acl_init(count)) == NULL) { -+ return NULL; -+ } -+ -+ /* -+ * If there isn't enough space for the ACL entries we use -+ * GETACLCNT to determine the actual number of ACL entries -+ * reallocate and try again. This is in a loop because it -+ * is possible that someone else could modify the ACL and -+ * increase the number of entries between the call to -+ * GETACLCNT and the call to GETACL. -+ */ -+ while ((count = acl(path_p, GETACL, count, &acl_d->acl[0])) < 0 -+ && errno == ENOSPC) { -+ -+ sys_acl_free_acl(acl_d); -+ -+ if ((count = acl(path_p, GETACLCNT, 0, NULL)) < 0) { -+ return NULL; -+ } -+ -+ if ((acl_d = sys_acl_init(count)) == NULL) { -+ return NULL; -+ } -+ } -+ -+ if (count < 0) { -+ sys_acl_free_acl(acl_d); -+ return NULL; -+ } -+ -+ /* -+ * calculate the number of access and default ACL entries -+ * -+ * Note: we assume that the acl() system call returned a -+ * well formed ACL which is sorted so that all of the -+ * access ACL entries preceed any default ACL entries -+ */ -+ for (naccess = 0; naccess < count; naccess++) { -+ if (acl_d->acl[naccess].a_type & ACL_DEFAULT) -+ break; -+ } -+ ndefault = count - naccess; -+ -+ /* -+ * if the caller wants the default ACL we have to copy -+ * the entries down to the start of the acl[] buffer -+ * and mask out the ACL_DEFAULT flag from the type field -+ */ -+ if (type == SMB_ACL_TYPE_DEFAULT) { -+ int i, j; -+ -+ for (i = 0, j = naccess; i < ndefault; i++, j++) { -+ acl_d->acl[i] = acl_d->acl[j]; -+ acl_d->acl[i].a_type &= ~ACL_DEFAULT; -+ } -+ -+ acl_d->count = ndefault; -+ } else { -+ acl_d->count = naccess; -+ } -+ -+ return acl_d; -+} -+ -+SMB_ACL_T sys_acl_get_fd(int fd) -+{ -+ SMB_ACL_T acl_d; -+ int count; /* # of ACL entries allocated */ -+ int naccess; /* # of access ACL entries */ -+ -+ count = INITIAL_ACL_SIZE; -+ if ((acl_d = sys_acl_init(count)) == NULL) { -+ return NULL; -+ } -+ -+ while ((count = facl(fd, GETACL, count, &acl_d->acl[0])) < 0 -+ && errno == ENOSPC) { -+ -+ sys_acl_free_acl(acl_d); -+ -+ if ((count = facl(fd, GETACLCNT, 0, NULL)) < 0) { -+ return NULL; -+ } -+ -+ if ((acl_d = sys_acl_init(count)) == NULL) { -+ return NULL; -+ } -+ } -+ -+ if (count < 0) { -+ sys_acl_free_acl(acl_d); -+ return NULL; -+ } -+ -+ /* -+ * calculate the number of access ACL entries -+ */ -+ for (naccess = 0; naccess < count; naccess++) { -+ if (acl_d->acl[naccess].a_type & ACL_DEFAULT) -+ break; -+ } -+ -+ acl_d->count = naccess; -+ -+ return acl_d; -+} -+ -+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d) -+{ -+ *permset_d = 0; -+ -+ return 0; -+} -+ -+int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) -+{ -+ if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE -+ && perm != SMB_ACL_EXECUTE) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if (permset_d == NULL) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ *permset_d |= perm; -+ -+ return 0; -+} -+ -+int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) -+{ -+ return *permset_d & perm; -+} -+ -+char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) -+{ -+ int i; -+ int len, maxlen; -+ char *text; -+ -+ /* -+ * use an initial estimate of 20 bytes per ACL entry -+ * when allocating memory for the text representation -+ * of the ACL -+ */ -+ len = 0; -+ maxlen = 20 * acl_d->count; -+ if ((text = SMB_MALLOC(maxlen)) == NULL) { -+ errno = ENOMEM; -+ return NULL; -+ } -+ -+ for (i = 0; i < acl_d->count; i++) { -+ struct acl *ap = &acl_d->acl[i]; -+ struct group *gr; -+ char tagbuf[12]; -+ char idbuf[12]; -+ char *tag; -+ char *id = ""; -+ char perms[4]; -+ int nbytes; -+ -+ switch (ap->a_type) { -+ /* -+ * for debugging purposes it's probably more -+ * useful to dump unknown tag types rather -+ * than just returning an error -+ */ -+ default: -+ slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x", -+ ap->a_type); -+ tag = tagbuf; -+ slprintf(idbuf, sizeof(idbuf)-1, "%ld", -+ (long)ap->a_id); -+ id = idbuf; -+ break; -+ -+ case SMB_ACL_USER: -+ id = uidtoname(ap->a_id); -+ case SMB_ACL_USER_OBJ: -+ tag = "user"; -+ break; -+ -+ case SMB_ACL_GROUP: -+ if ((gr = getgrgid(ap->a_id)) == NULL) { -+ slprintf(idbuf, sizeof(idbuf)-1, "%ld", -+ (long)ap->a_id); -+ id = idbuf; -+ } else { -+ id = gr->gr_name; -+ } -+ case SMB_ACL_GROUP_OBJ: -+ tag = "group"; -+ break; -+ -+ case SMB_ACL_OTHER: -+ tag = "other"; -+ break; -+ -+ case SMB_ACL_MASK: -+ tag = "mask"; -+ break; -+ -+ } -+ -+ perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-'; -+ perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-'; -+ perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-'; -+ perms[3] = '\0'; -+ -+ /* : : rwx \n \0 */ -+ nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1; -+ -+ /* -+ * If this entry would overflow the buffer -+ * allocate enough additional memory for this -+ * entry and an estimate of another 20 bytes -+ * for each entry still to be processed -+ */ -+ if ((len + nbytes) > maxlen) { -+ char *oldtext = text; -+ -+ maxlen += nbytes + 20 * (acl_d->count - i); -+ -+ if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) { -+ SAFE_FREE(oldtext); -+ errno = ENOMEM; -+ return NULL; -+ } -+ } -+ -+ slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms); -+ len += nbytes - 1; -+ } -+ -+ if (len_p) -+ *len_p = len; -+ -+ return text; -+} -+ -+SMB_ACL_T sys_acl_init(int count) -+{ -+ SMB_ACL_T a; -+ -+ if (count < 0) { -+ errno = EINVAL; -+ return NULL; -+ } -+ -+ /* -+ * note that since the definition of the structure pointed -+ * to by the SMB_ACL_T includes the first element of the -+ * acl[] array, this actually allocates an ACL with room -+ * for (count+1) entries -+ */ -+ if ((a = (SMB_ACL_T)SMB_MALLOC(sizeof(struct SMB_ACL_T) + count * sizeof(struct acl))) == NULL) { -+ errno = ENOMEM; -+ return NULL; -+ } -+ -+ a->size = count + 1; -+ a->count = 0; -+ a->next = -1; -+ -+ return a; -+} -+ -+ -+int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) -+{ -+ SMB_ACL_T acl_d; -+ SMB_ACL_ENTRY_T entry_d; -+ -+ if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if (acl_d->count >= acl_d->size) { -+ errno = ENOSPC; -+ return -1; -+ } -+ -+ entry_d = &acl_d->acl[acl_d->count++]; -+ entry_d->a_type = 0; -+ entry_d->a_id = -1; -+ entry_d->a_perm = 0; -+ *entry_p = entry_d; -+ -+ return 0; -+} -+ -+int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) -+{ -+ switch (tag_type) { -+ case SMB_ACL_USER: -+ case SMB_ACL_USER_OBJ: -+ case SMB_ACL_GROUP: -+ case SMB_ACL_GROUP_OBJ: -+ case SMB_ACL_OTHER: -+ case SMB_ACL_MASK: -+ entry_d->a_type = tag_type; -+ break; -+ default: -+ errno = EINVAL; -+ return -1; -+ } -+ -+ return 0; -+} -+ -+int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p) -+{ -+ if (entry_d->a_type != SMB_ACL_GROUP -+ && entry_d->a_type != SMB_ACL_USER) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ entry_d->a_id = *((id_t *)qual_p); -+ -+ return 0; -+} -+ -+int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) -+{ -+ if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { -+ return EINVAL; -+ } -+ -+ entry_d->a_perm = *permset_d; -+ -+ return 0; -+} -+ -+/* -+ * sort the ACL and check it for validity -+ * -+ * if it's a minimal ACL with only 4 entries then we -+ * need to recalculate the mask permissions to make -+ * sure that they are the same as the GROUP_OBJ -+ * permissions as required by the UnixWare acl() system call. -+ * -+ * (note: since POSIX allows minimal ACLs which only contain -+ * 3 entries - ie there is no mask entry - we should, in theory, -+ * check for this and add a mask entry if necessary - however -+ * we "know" that the caller of this interface always specifies -+ * a mask so, in practice "this never happens" (tm) - if it *does* -+ * happen aclsort() will fail and return an error and someone will -+ * have to fix it ...) -+ */ -+ -+static int acl_sort(SMB_ACL_T acl_d) -+{ -+ int fixmask = (acl_d->count <= 4); -+ -+ if (aclsort(acl_d->count, fixmask, acl_d->acl) != 0) { -+ errno = EINVAL; -+ return -1; -+ } -+ return 0; -+} -+ -+int sys_acl_valid(SMB_ACL_T acl_d) -+{ -+ return acl_sort(acl_d); -+} -+ -+int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) -+{ -+ struct stat s; -+ struct acl *acl_p; -+ int acl_count; -+ struct acl *acl_buf = NULL; -+ int ret; -+ -+ if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if (acl_sort(acl_d) != 0) { -+ return -1; -+ } -+ -+ acl_p = &acl_d->acl[0]; -+ acl_count = acl_d->count; -+ -+ /* -+ * if it's a directory there is extra work to do -+ * since the acl() system call will replace both -+ * the access ACLs and the default ACLs (if any) -+ */ -+ if (stat(name, &s) != 0) { -+ return -1; -+ } -+ if (S_ISDIR(s.st_mode)) { -+ SMB_ACL_T acc_acl; -+ SMB_ACL_T def_acl; -+ SMB_ACL_T tmp_acl; -+ int i; -+ -+ if (type == SMB_ACL_TYPE_ACCESS) { -+ acc_acl = acl_d; -+ def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT); -+ -+ } else { -+ def_acl = acl_d; -+ acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS); -+ } -+ -+ if (tmp_acl == NULL) { -+ return -1; -+ } -+ -+ /* -+ * allocate a temporary buffer for the complete ACL -+ */ -+ acl_count = acc_acl->count + def_acl->count; -+ acl_p = acl_buf = SMB_MALLOC_ARRAY(struct acl, acl_count); -+ -+ if (acl_buf == NULL) { -+ sys_acl_free_acl(tmp_acl); -+ errno = ENOMEM; -+ return -1; -+ } -+ -+ /* -+ * copy the access control and default entries into the buffer -+ */ -+ memcpy(&acl_buf[0], &acc_acl->acl[0], -+ acc_acl->count * sizeof(acl_buf[0])); -+ -+ memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0], -+ def_acl->count * sizeof(acl_buf[0])); -+ -+ /* -+ * set the ACL_DEFAULT flag on the default entries -+ */ -+ for (i = acc_acl->count; i < acl_count; i++) { -+ acl_buf[i].a_type |= ACL_DEFAULT; -+ } -+ -+ sys_acl_free_acl(tmp_acl); -+ -+ } else if (type != SMB_ACL_TYPE_ACCESS) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ ret = acl(name, SETACL, acl_count, acl_p); -+ -+ SAFE_FREE(acl_buf); -+ -+ return ret; -+} -+ -+int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) -+{ -+ if (acl_sort(acl_d) != 0) { -+ return -1; -+ } -+ -+ return facl(fd, SETACL, acl_d->count, &acl_d->acl[0]); -+} -+ -+int sys_acl_delete_def_file(const char *path) -+{ -+ SMB_ACL_T acl_d; -+ int ret; -+ -+ /* -+ * fetching the access ACL and rewriting it has -+ * the effect of deleting the default ACL -+ */ -+ if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) { -+ return -1; -+ } -+ -+ ret = acl(path, SETACL, acl_d->count, acl_d->acl); -+ -+ sys_acl_free_acl(acl_d); -+ -+ return ret; -+} -+ -+int sys_acl_free_text(char *text) -+{ -+ SAFE_FREE(text); -+ return 0; -+} -+ -+int sys_acl_free_acl(SMB_ACL_T acl_d) -+{ -+ SAFE_FREE(acl_d); -+ return 0; -+} -+ -+int sys_acl_free_qualifier(UNUSED(void *qual), UNUSED(SMB_ACL_TAG_T tagtype)) -+{ -+ return 0; -+} -+ -+#elif defined(HAVE_HPUX_ACLS) -+#include -+ -+/* -+ * Based on the Solaris/SCO code - with modifications. -+ */ -+ -+/* -+ * Note that while this code implements sufficient functionality -+ * to support the sys_acl_* interfaces it does not provide all -+ * of the semantics of the POSIX ACL interfaces. -+ * -+ * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned -+ * from a call to sys_acl_get_entry() should not be assumed to be -+ * valid after calling any of the following functions, which may -+ * reorder the entries in the ACL. -+ * -+ * sys_acl_valid() -+ * sys_acl_set_file() -+ * sys_acl_set_fd() -+ */ -+ -+/* This checks if the POSIX ACL system call is defined */ -+/* which basically corresponds to whether JFS 3.3 or */ -+/* higher is installed. If acl() was called when it */ -+/* isn't defined, it causes the process to core dump */ -+/* so it is important to check this and avoid acl() */ -+/* calls if it isn't there. */ -+ -+static BOOL hpux_acl_call_presence(void) -+{ -+ -+ shl_t handle = NULL; -+ void *value; -+ int ret_val=0; -+ static BOOL already_checked=0; -+ -+ if(already_checked) -+ return True; -+ -+ -+ ret_val = shl_findsym(&handle, "acl", TYPE_PROCEDURE, &value); -+ -+ if(ret_val != 0) { -+ DEBUG(5, ("hpux_acl_call_presence: shl_findsym() returned %d, errno = %d, error %s\n", -+ ret_val, errno, strerror(errno))); -+ DEBUG(5,("hpux_acl_call_presence: acl() system call is not present. Check if you have JFS 3.3 and above?\n")); -+ return False; -+ } -+ -+ DEBUG(10,("hpux_acl_call_presence: acl() system call is present. We have JFS 3.3 or above \n")); -+ -+ already_checked = True; -+ return True; -+} -+ -+int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p) -+{ -+ if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if (entry_p == NULL) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if (entry_id == SMB_ACL_FIRST_ENTRY) { -+ acl_d->next = 0; -+ } -+ -+ if (acl_d->next < 0) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if (acl_d->next >= acl_d->count) { -+ return 0; -+ } -+ -+ *entry_p = &acl_d->acl[acl_d->next++]; -+ -+ return 1; -+} -+ -+int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p) -+{ -+ *type_p = entry_d->a_type; -+ -+ return 0; -+} -+ -+int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) -+{ -+ *permset_p = &entry_d->a_perm; -+ -+ return 0; -+} -+ -+void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) -+{ -+ if (entry_d->a_type != SMB_ACL_USER -+ && entry_d->a_type != SMB_ACL_GROUP) { -+ errno = EINVAL; -+ return NULL; -+ } -+ -+ return &entry_d->a_id; -+} -+ -+/* -+ * There is no way of knowing what size the ACL returned by -+ * ACL_GET will be unless you first call ACL_CNT which means -+ * making an additional system call. -+ * -+ * In the hope of avoiding the cost of the additional system -+ * call in most cases, we initially allocate enough space for -+ * an ACL with INITIAL_ACL_SIZE entries. If this turns out to -+ * be too small then we use ACL_CNT to find out the actual -+ * size, reallocate the ACL buffer, and then call ACL_GET again. -+ */ -+ -+#define INITIAL_ACL_SIZE 16 -+ -+SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) -+{ -+ SMB_ACL_T acl_d; -+ int count; /* # of ACL entries allocated */ -+ int naccess; /* # of access ACL entries */ -+ int ndefault; /* # of default ACL entries */ -+ -+ if(hpux_acl_call_presence() == False) { -+ /* Looks like we don't have the acl() system call on HPUX. -+ * May be the system doesn't have the latest version of JFS. -+ */ -+ return NULL; -+ } -+ -+ if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { -+ errno = EINVAL; -+ return NULL; -+ } -+ -+ count = INITIAL_ACL_SIZE; -+ if ((acl_d = sys_acl_init(count)) == NULL) { -+ return NULL; -+ } -+ -+ /* -+ * If there isn't enough space for the ACL entries we use -+ * ACL_CNT to determine the actual number of ACL entries -+ * reallocate and try again. This is in a loop because it -+ * is possible that someone else could modify the ACL and -+ * increase the number of entries between the call to -+ * ACL_CNT and the call to ACL_GET. -+ */ -+ while ((count = acl(path_p, ACL_GET, count, &acl_d->acl[0])) < 0 && errno == ENOSPC) { -+ -+ sys_acl_free_acl(acl_d); -+ -+ if ((count = acl(path_p, ACL_CNT, 0, NULL)) < 0) { -+ return NULL; -+ } -+ -+ if ((acl_d = sys_acl_init(count)) == NULL) { -+ return NULL; -+ } -+ } -+ -+ if (count < 0) { -+ sys_acl_free_acl(acl_d); -+ return NULL; -+ } -+ -+ /* -+ * calculate the number of access and default ACL entries -+ * -+ * Note: we assume that the acl() system call returned a -+ * well formed ACL which is sorted so that all of the -+ * access ACL entries preceed any default ACL entries -+ */ -+ for (naccess = 0; naccess < count; naccess++) { -+ if (acl_d->acl[naccess].a_type & ACL_DEFAULT) -+ break; -+ } -+ ndefault = count - naccess; -+ -+ /* -+ * if the caller wants the default ACL we have to copy -+ * the entries down to the start of the acl[] buffer -+ * and mask out the ACL_DEFAULT flag from the type field -+ */ -+ if (type == SMB_ACL_TYPE_DEFAULT) { -+ int i, j; -+ -+ for (i = 0, j = naccess; i < ndefault; i++, j++) { -+ acl_d->acl[i] = acl_d->acl[j]; -+ acl_d->acl[i].a_type &= ~ACL_DEFAULT; -+ } -+ -+ acl_d->count = ndefault; -+ } else { -+ acl_d->count = naccess; -+ } -+ -+ return acl_d; -+} -+ -+SMB_ACL_T sys_acl_get_fd(int fd) -+{ -+ /* -+ * HPUX doesn't have the facl call. Fake it using the path.... JRA. -+ */ -+ -+ files_struct *fsp = file_find_fd(fd); -+ -+ if (fsp == NULL) { -+ errno = EBADF; -+ return NULL; -+ } -+ -+ /* -+ * We know we're in the same conn context. So we -+ * can use the relative path. -+ */ -+ -+ return sys_acl_get_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS); -+} -+ -+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d) -+{ -+ *permset_d = 0; -+ -+ return 0; -+} -+ -+int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) -+{ -+ if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE -+ && perm != SMB_ACL_EXECUTE) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if (permset_d == NULL) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ *permset_d |= perm; -+ -+ return 0; -+} -+ -+int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) -+{ -+ return *permset_d & perm; -+} -+ -+char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) -+{ -+ int i; -+ int len, maxlen; -+ char *text; -+ -+ /* -+ * use an initial estimate of 20 bytes per ACL entry -+ * when allocating memory for the text representation -+ * of the ACL -+ */ -+ len = 0; -+ maxlen = 20 * acl_d->count; -+ if ((text = SMB_MALLOC(maxlen)) == NULL) { -+ errno = ENOMEM; -+ return NULL; -+ } -+ -+ for (i = 0; i < acl_d->count; i++) { -+ struct acl *ap = &acl_d->acl[i]; -+ struct group *gr; -+ char tagbuf[12]; -+ char idbuf[12]; -+ char *tag; -+ char *id = ""; -+ char perms[4]; -+ int nbytes; -+ -+ switch (ap->a_type) { -+ /* -+ * for debugging purposes it's probably more -+ * useful to dump unknown tag types rather -+ * than just returning an error -+ */ -+ default: -+ slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x", -+ ap->a_type); -+ tag = tagbuf; -+ slprintf(idbuf, sizeof(idbuf)-1, "%ld", -+ (long)ap->a_id); -+ id = idbuf; -+ break; -+ -+ case SMB_ACL_USER: -+ id = uidtoname(ap->a_id); -+ case SMB_ACL_USER_OBJ: -+ tag = "user"; -+ break; -+ -+ case SMB_ACL_GROUP: -+ if ((gr = getgrgid(ap->a_id)) == NULL) { -+ slprintf(idbuf, sizeof(idbuf)-1, "%ld", -+ (long)ap->a_id); -+ id = idbuf; -+ } else { -+ id = gr->gr_name; -+ } -+ case SMB_ACL_GROUP_OBJ: -+ tag = "group"; -+ break; -+ -+ case SMB_ACL_OTHER: -+ tag = "other"; -+ break; -+ -+ case SMB_ACL_MASK: -+ tag = "mask"; -+ break; -+ -+ } -+ -+ perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-'; -+ perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-'; -+ perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-'; -+ perms[3] = '\0'; -+ -+ /* : : rwx \n \0 */ -+ nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1; -+ -+ /* -+ * If this entry would overflow the buffer -+ * allocate enough additional memory for this -+ * entry and an estimate of another 20 bytes -+ * for each entry still to be processed -+ */ -+ if ((len + nbytes) > maxlen) { -+ char *oldtext = text; -+ -+ maxlen += nbytes + 20 * (acl_d->count - i); -+ -+ if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) { -+ free(oldtext); -+ errno = ENOMEM; -+ return NULL; -+ } -+ } -+ -+ slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms); -+ len += nbytes - 1; -+ } -+ -+ if (len_p) -+ *len_p = len; -+ -+ return text; -+} -+ -+SMB_ACL_T sys_acl_init(int count) -+{ -+ SMB_ACL_T a; -+ -+ if (count < 0) { -+ errno = EINVAL; -+ return NULL; -+ } -+ -+ /* -+ * note that since the definition of the structure pointed -+ * to by the SMB_ACL_T includes the first element of the -+ * acl[] array, this actually allocates an ACL with room -+ * for (count+1) entries -+ */ -+ if ((a = SMB_MALLOC(sizeof(struct SMB_ACL_T) + count * sizeof(struct acl))) == NULL) { -+ errno = ENOMEM; -+ return NULL; -+ } -+ -+ a->size = count + 1; -+ a->count = 0; -+ a->next = -1; -+ -+ return a; -+} -+ -+ -+int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) -+{ -+ SMB_ACL_T acl_d; -+ SMB_ACL_ENTRY_T entry_d; -+ -+ if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if (acl_d->count >= acl_d->size) { -+ errno = ENOSPC; -+ return -1; -+ } -+ -+ entry_d = &acl_d->acl[acl_d->count++]; -+ entry_d->a_type = 0; -+ entry_d->a_id = -1; -+ entry_d->a_perm = 0; -+ *entry_p = entry_d; -+ -+ return 0; -+} -+ -+int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) -+{ -+ switch (tag_type) { -+ case SMB_ACL_USER: -+ case SMB_ACL_USER_OBJ: -+ case SMB_ACL_GROUP: -+ case SMB_ACL_GROUP_OBJ: -+ case SMB_ACL_OTHER: -+ case SMB_ACL_MASK: -+ entry_d->a_type = tag_type; -+ break; -+ default: -+ errno = EINVAL; -+ return -1; -+ } -+ -+ return 0; -+} -+ -+int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p) -+{ -+ if (entry_d->a_type != SMB_ACL_GROUP -+ && entry_d->a_type != SMB_ACL_USER) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ entry_d->a_id = *((id_t *)qual_p); -+ -+ return 0; -+} -+ -+int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) -+{ -+ if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { -+ return EINVAL; -+ } -+ -+ entry_d->a_perm = *permset_d; -+ -+ return 0; -+} -+ -+/* Structure to capture the count for each type of ACE. */ -+ -+struct hpux_acl_types { -+ int n_user; -+ int n_def_user; -+ int n_user_obj; -+ int n_def_user_obj; -+ -+ int n_group; -+ int n_def_group; -+ int n_group_obj; -+ int n_def_group_obj; -+ -+ int n_other; -+ int n_other_obj; -+ int n_def_other_obj; -+ -+ int n_class_obj; -+ int n_def_class_obj; -+ -+ int n_illegal_obj; -+}; -+ -+/* count_obj: -+ * Counts the different number of objects in a given array of ACL -+ * structures. -+ * Inputs: -+ * -+ * acl_count - Count of ACLs in the array of ACL strucutres. -+ * aclp - Array of ACL structures. -+ * acl_type_count - Pointer to acl_types structure. Should already be -+ * allocated. -+ * Output: -+ * -+ * acl_type_count - This structure is filled up with counts of various -+ * acl types. -+ */ -+ -+static int hpux_count_obj(int acl_count, struct acl *aclp, struct hpux_acl_types *acl_type_count) -+{ -+ int i; -+ -+ memset(acl_type_count, 0, sizeof(struct hpux_acl_types)); -+ -+ for(i=0;in_user++; -+ break; -+ case USER_OBJ: -+ acl_type_count->n_user_obj++; -+ break; -+ case DEF_USER_OBJ: -+ acl_type_count->n_def_user_obj++; -+ break; -+ case GROUP: -+ acl_type_count->n_group++; -+ break; -+ case GROUP_OBJ: -+ acl_type_count->n_group_obj++; -+ break; -+ case DEF_GROUP_OBJ: -+ acl_type_count->n_def_group_obj++; -+ break; -+ case OTHER_OBJ: -+ acl_type_count->n_other_obj++; -+ break; -+ case DEF_OTHER_OBJ: -+ acl_type_count->n_def_other_obj++; -+ break; -+ case CLASS_OBJ: -+ acl_type_count->n_class_obj++; -+ break; -+ case DEF_CLASS_OBJ: -+ acl_type_count->n_def_class_obj++; -+ break; -+ case DEF_USER: -+ acl_type_count->n_def_user++; -+ break; -+ case DEF_GROUP: -+ acl_type_count->n_def_group++; -+ break; -+ default: -+ acl_type_count->n_illegal_obj++; -+ break; -+ } -+ } -+} -+ -+/* swap_acl_entries: Swaps two ACL entries. -+ * -+ * Inputs: aclp0, aclp1 - ACL entries to be swapped. -+ */ -+ -+static void hpux_swap_acl_entries(struct acl *aclp0, struct acl *aclp1) -+{ -+ struct acl temp_acl; -+ -+ temp_acl.a_type = aclp0->a_type; -+ temp_acl.a_id = aclp0->a_id; -+ temp_acl.a_perm = aclp0->a_perm; -+ -+ aclp0->a_type = aclp1->a_type; -+ aclp0->a_id = aclp1->a_id; -+ aclp0->a_perm = aclp1->a_perm; -+ -+ aclp1->a_type = temp_acl.a_type; -+ aclp1->a_id = temp_acl.a_id; -+ aclp1->a_perm = temp_acl.a_perm; -+} -+ -+/* prohibited_duplicate_type -+ * Identifies if given ACL type can have duplicate entries or -+ * not. -+ * -+ * Inputs: acl_type - ACL Type. -+ * -+ * Outputs: -+ * -+ * Return.. -+ * -+ * True - If the ACL type matches any of the prohibited types. -+ * False - If the ACL type doesn't match any of the prohibited types. -+ */ -+ -+static BOOL hpux_prohibited_duplicate_type(int acl_type) -+{ -+ switch(acl_type) { -+ case USER: -+ case GROUP: -+ case DEF_USER: -+ case DEF_GROUP: -+ return True; -+ default: -+ return False; -+ } -+} -+ -+/* get_needed_class_perm -+ * Returns the permissions of a ACL structure only if the ACL -+ * type matches one of the pre-determined types for computing -+ * CLASS_OBJ permissions. -+ * -+ * Inputs: aclp - Pointer to ACL structure. -+ */ -+ -+static int hpux_get_needed_class_perm(struct acl *aclp) -+{ -+ switch(aclp->a_type) { -+ case USER: -+ case GROUP_OBJ: -+ case GROUP: -+ case DEF_USER_OBJ: -+ case DEF_USER: -+ case DEF_GROUP_OBJ: -+ case DEF_GROUP: -+ case DEF_CLASS_OBJ: -+ case DEF_OTHER_OBJ: -+ return aclp->a_perm; -+ default: -+ return 0; -+ } -+} -+ -+/* acl_sort for HPUX. -+ * Sorts the array of ACL structures as per the description in -+ * aclsort man page. Refer to aclsort man page for more details -+ * -+ * Inputs: -+ * -+ * acl_count - Count of ACLs in the array of ACL structures. -+ * calclass - If this is not zero, then we compute the CLASS_OBJ -+ * permissions. -+ * aclp - Array of ACL structures. -+ * -+ * Outputs: -+ * -+ * aclp - Sorted array of ACL structures. -+ * -+ * Outputs: -+ * -+ * Returns 0 for success -1 for failure. Prints a message to the Samba -+ * debug log in case of failure. -+ */ -+ -+static int hpux_acl_sort(int acl_count, int calclass, struct acl *aclp) -+{ -+#if !defined(HAVE_HPUX_ACLSORT) -+ /* -+ * The aclsort() system call is availabe on the latest HPUX General -+ * Patch Bundles. So for HPUX, we developed our version of acl_sort -+ * function. Because, we don't want to update to a new -+ * HPUX GR bundle just for aclsort() call. -+ */ -+ -+ struct hpux_acl_types acl_obj_count; -+ int n_class_obj_perm = 0; -+ int i, j; -+ -+ if(!acl_count) { -+ DEBUG(10,("Zero acl count passed. Returning Success\n")); -+ return 0; -+ } -+ -+ if(aclp == NULL) { -+ DEBUG(0,("Null ACL pointer in hpux_acl_sort. Returning Failure. \n")); -+ return -1; -+ } -+ -+ /* Count different types of ACLs in the ACLs array */ -+ -+ hpux_count_obj(acl_count, aclp, &acl_obj_count); -+ -+ /* There should be only one entry each of type USER_OBJ, GROUP_OBJ, -+ * CLASS_OBJ and OTHER_OBJ -+ */ -+ -+ if( (acl_obj_count.n_user_obj != 1) || -+ (acl_obj_count.n_group_obj != 1) || -+ (acl_obj_count.n_class_obj != 1) || -+ (acl_obj_count.n_other_obj != 1) -+ ) { -+ DEBUG(0,("hpux_acl_sort: More than one entry or no entries for \ -+USER OBJ or GROUP_OBJ or OTHER_OBJ or CLASS_OBJ\n")); -+ return -1; -+ } -+ -+ /* If any of the default objects are present, there should be only -+ * one of them each. -+ */ -+ -+ if( (acl_obj_count.n_def_user_obj > 1) || (acl_obj_count.n_def_group_obj > 1) || -+ (acl_obj_count.n_def_other_obj > 1) || (acl_obj_count.n_def_class_obj > 1) ) { -+ DEBUG(0,("hpux_acl_sort: More than one entry for DEF_CLASS_OBJ \ -+or DEF_USER_OBJ or DEF_GROUP_OBJ or DEF_OTHER_OBJ\n")); -+ return -1; -+ } -+ -+ /* We now have proper number of OBJ and DEF_OBJ entries. Now sort the acl -+ * structures. -+ * -+ * Sorting crieteria - First sort by ACL type. If there are multiple entries of -+ * same ACL type, sort by ACL id. -+ * -+ * I am using the trival kind of sorting method here because, performance isn't -+ * really effected by the ACLs feature. More over there aren't going to be more -+ * than 17 entries on HPUX. -+ */ -+ -+ for(i=0; i aclp[j].a_type ) { -+ /* ACL entries out of order, swap them */ -+ -+ hpux_swap_acl_entries((aclp+i), (aclp+j)); -+ -+ } else if ( aclp[i].a_type == aclp[j].a_type ) { -+ -+ /* ACL entries of same type, sort by id */ -+ -+ if(aclp[i].a_id > aclp[j].a_id) { -+ hpux_swap_acl_entries((aclp+i), (aclp+j)); -+ } else if (aclp[i].a_id == aclp[j].a_id) { -+ /* We have a duplicate entry. */ -+ if(hpux_prohibited_duplicate_type(aclp[i].a_type)) { -+ DEBUG(0, ("hpux_acl_sort: Duplicate entry: Type(hex): %x Id: %d\n", -+ aclp[i].a_type, aclp[i].a_id)); -+ return -1; -+ } -+ } -+ -+ } -+ } -+ } -+ -+ /* set the class obj permissions to the computed one. */ -+ if(calclass) { -+ int n_class_obj_index = -1; -+ -+ for(i=0;icount <= 4); -+ -+ if (hpux_acl_sort(acl_d->count, fixmask, acl_d->acl) != 0) { -+ errno = EINVAL; -+ return -1; -+ } -+ return 0; -+} -+ -+int sys_acl_valid(SMB_ACL_T acl_d) -+{ -+ return acl_sort(acl_d); -+} -+ -+int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) -+{ -+ struct stat s; -+ struct acl *acl_p; -+ int acl_count; -+ struct acl *acl_buf = NULL; -+ int ret; -+ -+ if(hpux_acl_call_presence() == False) { -+ /* Looks like we don't have the acl() system call on HPUX. -+ * May be the system doesn't have the latest version of JFS. -+ */ -+ errno=ENOSYS; -+ return -1; -+ } -+ -+ if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if (acl_sort(acl_d) != 0) { -+ return -1; -+ } -+ -+ acl_p = &acl_d->acl[0]; -+ acl_count = acl_d->count; -+ -+ /* -+ * if it's a directory there is extra work to do -+ * since the acl() system call will replace both -+ * the access ACLs and the default ACLs (if any) -+ */ -+ if (stat(name, &s) != 0) { -+ return -1; -+ } -+ if (S_ISDIR(s.st_mode)) { -+ SMB_ACL_T acc_acl; -+ SMB_ACL_T def_acl; -+ SMB_ACL_T tmp_acl; -+ int i; -+ -+ if (type == SMB_ACL_TYPE_ACCESS) { -+ acc_acl = acl_d; -+ def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT); -+ -+ } else { -+ def_acl = acl_d; -+ acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS); -+ } -+ -+ if (tmp_acl == NULL) { -+ return -1; -+ } -+ -+ /* -+ * allocate a temporary buffer for the complete ACL -+ */ -+ acl_count = acc_acl->count + def_acl->count; -+ acl_p = acl_buf = SMB_MALLOC_ARRAY(struct acl, acl_count); -+ -+ if (acl_buf == NULL) { -+ sys_acl_free_acl(tmp_acl); -+ errno = ENOMEM; -+ return -1; -+ } -+ -+ /* -+ * copy the access control and default entries into the buffer -+ */ -+ memcpy(&acl_buf[0], &acc_acl->acl[0], -+ acc_acl->count * sizeof(acl_buf[0])); -+ -+ memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0], -+ def_acl->count * sizeof(acl_buf[0])); -+ -+ /* -+ * set the ACL_DEFAULT flag on the default entries -+ */ -+ for (i = acc_acl->count; i < acl_count; i++) { -+ acl_buf[i].a_type |= ACL_DEFAULT; -+ } -+ -+ sys_acl_free_acl(tmp_acl); -+ -+ } else if (type != SMB_ACL_TYPE_ACCESS) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ ret = acl(name, ACL_SET, acl_count, acl_p); -+ -+ if (acl_buf) { -+ free(acl_buf); -+ } -+ -+ return ret; -+} -+ -+int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) -+{ -+ /* -+ * HPUX doesn't have the facl call. Fake it using the path.... JRA. -+ */ -+ -+ files_struct *fsp = file_find_fd(fd); -+ -+ if (fsp == NULL) { -+ errno = EBADF; -+ return NULL; -+ } -+ -+ if (acl_sort(acl_d) != 0) { -+ return -1; -+ } -+ -+ /* -+ * We know we're in the same conn context. So we -+ * can use the relative path. -+ */ -+ -+ return sys_acl_set_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS, acl_d); -+} -+ -+int sys_acl_delete_def_file(const char *path) -+{ -+ SMB_ACL_T acl_d; -+ int ret; -+ -+ /* -+ * fetching the access ACL and rewriting it has -+ * the effect of deleting the default ACL -+ */ -+ if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) { -+ return -1; -+ } -+ -+ ret = acl(path, ACL_SET, acl_d->count, acl_d->acl); -+ -+ sys_acl_free_acl(acl_d); -+ -+ return ret; -+} -+ -+int sys_acl_free_text(char *text) -+{ -+ free(text); -+ return 0; -+} -+ -+int sys_acl_free_acl(SMB_ACL_T acl_d) -+{ -+ free(acl_d); -+ return 0; -+} -+ -+int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) -+{ -+ return 0; -+} -+ -+#elif defined(HAVE_IRIX_ACLS) -+ -+int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p) -+{ -+ if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if (entry_p == NULL) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if (entry_id == SMB_ACL_FIRST_ENTRY) { -+ acl_d->next = 0; -+ } -+ -+ if (acl_d->next < 0) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if (acl_d->next >= acl_d->aclp->acl_cnt) { -+ return 0; -+ } -+ -+ *entry_p = &acl_d->aclp->acl_entry[acl_d->next++]; -+ -+ return 1; -+} -+ -+int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p) -+{ -+ *type_p = entry_d->ae_tag; -+ -+ return 0; -+} -+ -+int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) -+{ -+ *permset_p = entry_d; -+ -+ return 0; -+} -+ -+void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) -+{ -+ if (entry_d->ae_tag != SMB_ACL_USER -+ && entry_d->ae_tag != SMB_ACL_GROUP) { -+ errno = EINVAL; -+ return NULL; -+ } -+ -+ return &entry_d->ae_id; -+} -+ -+SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) -+{ -+ SMB_ACL_T a; -+ -+ if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) { -+ errno = ENOMEM; -+ return NULL; -+ } -+ if ((a->aclp = acl_get_file(path_p, type)) == NULL) { -+ SAFE_FREE(a); -+ return NULL; -+ } -+ a->next = -1; -+ a->freeaclp = True; -+ return a; -+} -+ -+SMB_ACL_T sys_acl_get_fd(int fd) -+{ -+ SMB_ACL_T a; -+ -+ if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) { -+ errno = ENOMEM; -+ return NULL; -+ } -+ if ((a->aclp = acl_get_fd(fd)) == NULL) { -+ SAFE_FREE(a); -+ return NULL; -+ } -+ a->next = -1; -+ a->freeaclp = True; -+ return a; -+} -+ -+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d) -+{ -+ permset_d->ae_perm = 0; -+ -+ return 0; -+} -+ -+int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) -+{ -+ if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE -+ && perm != SMB_ACL_EXECUTE) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if (permset_d == NULL) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ permset_d->ae_perm |= perm; -+ -+ return 0; -+} -+ -+int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) -+{ -+ return permset_d->ae_perm & perm; -+} -+ -+char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) -+{ -+ return acl_to_text(acl_d->aclp, len_p); -+} -+ -+SMB_ACL_T sys_acl_init(int count) -+{ -+ SMB_ACL_T a; -+ -+ if (count < 0) { -+ errno = EINVAL; -+ return NULL; -+ } -+ -+ if ((a = SMB_MALLOC(sizeof(struct SMB_ACL_T) + sizeof(struct acl))) == NULL) { -+ errno = ENOMEM; -+ return NULL; -+ } -+ -+ a->next = -1; -+ a->freeaclp = False; -+ a->aclp = (struct acl *)(&a->aclp + sizeof(struct acl *)); -+ a->aclp->acl_cnt = 0; -+ -+ return a; -+} -+ -+ -+int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) -+{ -+ SMB_ACL_T acl_d; -+ SMB_ACL_ENTRY_T entry_d; -+ -+ if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if (acl_d->aclp->acl_cnt >= ACL_MAX_ENTRIES) { -+ errno = ENOSPC; -+ return -1; -+ } -+ -+ entry_d = &acl_d->aclp->acl_entry[acl_d->aclp->acl_cnt++]; -+ entry_d->ae_tag = 0; -+ entry_d->ae_id = 0; -+ entry_d->ae_perm = 0; -+ *entry_p = entry_d; -+ -+ return 0; -+} -+ -+int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) -+{ -+ switch (tag_type) { -+ case SMB_ACL_USER: -+ case SMB_ACL_USER_OBJ: -+ case SMB_ACL_GROUP: -+ case SMB_ACL_GROUP_OBJ: -+ case SMB_ACL_OTHER: -+ case SMB_ACL_MASK: -+ entry_d->ae_tag = tag_type; -+ break; -+ default: -+ errno = EINVAL; -+ return -1; -+ } -+ -+ return 0; -+} -+ -+int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p) -+{ -+ if (entry_d->ae_tag != SMB_ACL_GROUP -+ && entry_d->ae_tag != SMB_ACL_USER) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ entry_d->ae_id = *((id_t *)qual_p); -+ -+ return 0; -+} -+ -+int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) -+{ -+ if (permset_d->ae_perm & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { -+ return EINVAL; -+ } -+ -+ entry_d->ae_perm = permset_d->ae_perm; -+ -+ return 0; -+} -+ -+int sys_acl_valid(SMB_ACL_T acl_d) -+{ -+ return acl_valid(acl_d->aclp); -+} -+ -+int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) -+{ -+ return acl_set_file(name, type, acl_d->aclp); -+} -+ -+int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) -+{ -+ return acl_set_fd(fd, acl_d->aclp); -+} -+ -+int sys_acl_delete_def_file(const char *name) -+{ -+ return acl_delete_def_file(name); -+} -+ -+int sys_acl_free_text(char *text) -+{ -+ return acl_free(text); -+} -+ -+int sys_acl_free_acl(SMB_ACL_T acl_d) -+{ -+ if (acl_d->freeaclp) { -+ acl_free(acl_d->aclp); -+ } -+ acl_free(acl_d); -+ return 0; -+} -+ -+int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) -+{ -+ return 0; -+} -+ -+#elif defined(HAVE_AIX_ACLS) -+ -+/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */ -+ -+int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p) -+{ -+ struct acl_entry_link *link; -+ struct new_acl_entry *entry; -+ int keep_going; -+ -+ DEBUG(10,("This is the count: %d\n",theacl->count)); -+ -+ /* Check if count was previously set to -1. * -+ * If it was, that means we reached the end * -+ * of the acl last time. */ -+ if(theacl->count == -1) -+ return(0); -+ -+ link = theacl; -+ /* To get to the next acl, traverse linked list until index * -+ * of acl matches the count we are keeping. This count is * -+ * incremented each time we return an acl entry. */ -+ -+ for(keep_going = 0; keep_going < theacl->count; keep_going++) -+ link = link->nextp; -+ -+ entry = *entry_p = link->entryp; -+ -+ DEBUG(10,("*entry_p is %d\n",entry_p)); -+ DEBUG(10,("*entry_p->ace_access is %d\n",entry->ace_access)); -+ -+ /* Increment count */ -+ theacl->count++; -+ if(link->nextp == NULL) -+ theacl->count = -1; -+ -+ return(1); -+} -+ -+int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) -+{ -+ /* Initialize tag type */ -+ -+ *tag_type_p = -1; -+ DEBUG(10,("the tagtype is %d\n",entry_d->ace_id->id_type)); -+ -+ /* Depending on what type of entry we have, * -+ * return tag type. */ -+ switch(entry_d->ace_id->id_type) { -+ case ACEID_USER: -+ *tag_type_p = SMB_ACL_USER; -+ break; -+ case ACEID_GROUP: -+ *tag_type_p = SMB_ACL_GROUP; -+ break; -+ -+ case SMB_ACL_USER_OBJ: -+ case SMB_ACL_GROUP_OBJ: -+ case SMB_ACL_OTHER: -+ *tag_type_p = entry_d->ace_id->id_type; -+ break; -+ -+ default: -+ return(-1); -+ } -+ -+ return(0); -+} -+ -+int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) -+{ -+ DEBUG(10,("Starting AIX sys_acl_get_permset\n")); -+ *permset_p = &entry_d->ace_access; -+ DEBUG(10,("**permset_p is %d\n",**permset_p)); -+ if(!(**permset_p & S_IXUSR) && -+ !(**permset_p & S_IWUSR) && -+ !(**permset_p & S_IRUSR) && -+ (**permset_p != 0)) -+ return(-1); -+ -+ DEBUG(10,("Ending AIX sys_acl_get_permset\n")); -+ return(0); -+} -+ -+void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) -+{ -+ return(entry_d->ace_id->id_data); -+} -+ -+SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) -+{ -+ struct acl *file_acl = (struct acl *)NULL; -+ struct acl_entry *acl_entry; -+ struct new_acl_entry *new_acl_entry; -+ struct ace_id *idp; -+ struct acl_entry_link *acl_entry_link; -+ struct acl_entry_link *acl_entry_link_head; -+ int i; -+ int rc = 0; -+ uid_t user_id; -+ -+ /* AIX has no DEFAULT */ -+ if ( type == SMB_ACL_TYPE_DEFAULT ) -+ return NULL; -+ -+ /* Get the acl using statacl */ -+ -+ DEBUG(10,("Entering sys_acl_get_file\n")); -+ DEBUG(10,("path_p is %s\n",path_p)); -+ -+ file_acl = (struct acl *)SMB_MALLOC(BUFSIZ); -+ -+ if(file_acl == NULL) { -+ errno=ENOMEM; -+ DEBUG(0,("Error in AIX sys_acl_get_file: %d\n",errno)); -+ return(NULL); -+ } -+ -+ memset(file_acl,0,BUFSIZ); -+ -+ rc = statacl((char *)path_p,0,file_acl,BUFSIZ); -+ if(rc == -1) { -+ DEBUG(0,("statacl returned %d with errno %d\n",rc,errno)); -+ SAFE_FREE(file_acl); -+ return(NULL); -+ } -+ -+ DEBUG(10,("Got facl and returned it\n")); -+ -+ /* Point to the first acl entry in the acl */ -+ acl_entry = file_acl->acl_ext; -+ -+ /* Begin setting up the head of the linked list * -+ * that will be used for the storing the acl * -+ * in a way that is useful for the posix_acls.c * -+ * code. */ -+ -+ acl_entry_link_head = acl_entry_link = sys_acl_init(0); -+ if(acl_entry_link_head == NULL) -+ return(NULL); -+ -+ acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry); -+ if(acl_entry_link->entryp == NULL) { -+ SAFE_FREE(file_acl); -+ errno = ENOMEM; -+ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); -+ return(NULL); -+ } -+ -+ DEBUG(10,("acl_entry is %d\n",acl_entry)); -+ DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl))); -+ -+ /* Check if the extended acl bit is on. * -+ * If it isn't, do not show the * -+ * contents of the acl since AIX intends * -+ * the extended info to remain unused */ -+ -+ if(file_acl->acl_mode & S_IXACL){ -+ /* while we are not pointing to the very end */ -+ while(acl_entry < acl_last(file_acl)) { -+ /* before we malloc anything, make sure this is */ -+ /* a valid acl entry and one that we want to map */ -+ idp = id_nxt(acl_entry->ace_id); -+ if((acl_entry->ace_type == ACC_SPECIFY || -+ (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) { -+ acl_entry = acl_nxt(acl_entry); -+ continue; -+ } -+ -+ idp = acl_entry->ace_id; -+ -+ /* Check if this is the first entry in the linked list. * -+ * The first entry needs to keep prevp pointing to NULL * -+ * and already has entryp allocated. */ -+ -+ if(acl_entry_link_head->count != 0) { -+ acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link); -+ -+ if(acl_entry_link->nextp == NULL) { -+ SAFE_FREE(file_acl); -+ errno = ENOMEM; -+ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); -+ return(NULL); -+ } -+ -+ acl_entry_link->nextp->prevp = acl_entry_link; -+ acl_entry_link = acl_entry_link->nextp; -+ acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry); -+ if(acl_entry_link->entryp == NULL) { -+ SAFE_FREE(file_acl); -+ errno = ENOMEM; -+ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); -+ return(NULL); -+ } -+ acl_entry_link->nextp = NULL; -+ } -+ -+ acl_entry_link->entryp->ace_len = acl_entry->ace_len; -+ -+ /* Don't really need this since all types are going * -+ * to be specified but, it's better than leaving it 0 */ -+ -+ acl_entry_link->entryp->ace_type = acl_entry->ace_type; -+ -+ acl_entry_link->entryp->ace_access = acl_entry->ace_access; -+ -+ memcpy(acl_entry_link->entryp->ace_id,idp,sizeof(struct ace_id)); -+ -+ /* The access in the acl entries must be left shifted by * -+ * three bites, because they will ultimately be compared * -+ * to S_IRUSR, S_IWUSR, and S_IXUSR. */ -+ -+ switch(acl_entry->ace_type){ -+ case ACC_PERMIT: -+ case ACC_SPECIFY: -+ acl_entry_link->entryp->ace_access = acl_entry->ace_access; -+ acl_entry_link->entryp->ace_access <<= 6; -+ acl_entry_link_head->count++; -+ break; -+ case ACC_DENY: -+ /* Since there is no way to return a DENY acl entry * -+ * change to PERMIT and then shift. */ -+ DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access)); -+ acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7; -+ DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access)); -+ acl_entry_link->entryp->ace_access <<= 6; -+ acl_entry_link_head->count++; -+ break; -+ default: -+ return(0); -+ } -+ -+ DEBUG(10,("acl_entry = %d\n",acl_entry)); -+ DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type)); -+ -+ acl_entry = acl_nxt(acl_entry); -+ } -+ } /* end of if enabled */ -+ -+ /* Since owner, group, other acl entries are not * -+ * part of the acl entries in an acl, they must * -+ * be dummied up to become part of the list. */ -+ -+ for( i = 1; i < 4; i++) { -+ DEBUG(10,("i is %d\n",i)); -+ if(acl_entry_link_head->count != 0) { -+ acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link); -+ if(acl_entry_link->nextp == NULL) { -+ SAFE_FREE(file_acl); -+ errno = ENOMEM; -+ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); -+ return(NULL); -+ } -+ -+ acl_entry_link->nextp->prevp = acl_entry_link; -+ acl_entry_link = acl_entry_link->nextp; -+ acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry); -+ if(acl_entry_link->entryp == NULL) { -+ SAFE_FREE(file_acl); -+ errno = ENOMEM; -+ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); -+ return(NULL); -+ } -+ } -+ -+ acl_entry_link->nextp = NULL; -+ -+ new_acl_entry = acl_entry_link->entryp; -+ idp = new_acl_entry->ace_id; -+ -+ new_acl_entry->ace_len = sizeof(struct acl_entry); -+ new_acl_entry->ace_type = ACC_PERMIT; -+ idp->id_len = sizeof(struct ace_id); -+ DEBUG(10,("idp->id_len = %d\n",idp->id_len)); -+ memset(idp->id_data,0,sizeof(uid_t)); -+ -+ switch(i) { -+ case 2: -+ new_acl_entry->ace_access = file_acl->g_access << 6; -+ idp->id_type = SMB_ACL_GROUP_OBJ; -+ break; -+ -+ case 3: -+ new_acl_entry->ace_access = file_acl->o_access << 6; -+ idp->id_type = SMB_ACL_OTHER; -+ break; -+ -+ case 1: -+ new_acl_entry->ace_access = file_acl->u_access << 6; -+ idp->id_type = SMB_ACL_USER_OBJ; -+ break; -+ -+ default: -+ return(NULL); -+ -+ } -+ -+ acl_entry_link_head->count++; -+ DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access)); -+ } -+ -+ acl_entry_link_head->count = 0; -+ SAFE_FREE(file_acl); -+ -+ return(acl_entry_link_head); -+} -+ -+SMB_ACL_T sys_acl_get_fd(int fd) -+{ -+ struct acl *file_acl = (struct acl *)NULL; -+ struct acl_entry *acl_entry; -+ struct new_acl_entry *new_acl_entry; -+ struct ace_id *idp; -+ struct acl_entry_link *acl_entry_link; -+ struct acl_entry_link *acl_entry_link_head; -+ int i; -+ int rc = 0; -+ uid_t user_id; -+ -+ /* Get the acl using fstatacl */ -+ -+ DEBUG(10,("Entering sys_acl_get_fd\n")); -+ DEBUG(10,("fd is %d\n",fd)); -+ file_acl = (struct acl *)SMB_MALLOC(BUFSIZ); -+ -+ if(file_acl == NULL) { -+ errno=ENOMEM; -+ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); -+ return(NULL); -+ } -+ -+ memset(file_acl,0,BUFSIZ); -+ -+ rc = fstatacl(fd,0,file_acl,BUFSIZ); -+ if(rc == -1) { -+ DEBUG(0,("The fstatacl call returned %d with errno %d\n",rc,errno)); -+ SAFE_FREE(file_acl); -+ return(NULL); -+ } -+ -+ DEBUG(10,("Got facl and returned it\n")); -+ -+ /* Point to the first acl entry in the acl */ -+ -+ acl_entry = file_acl->acl_ext; -+ /* Begin setting up the head of the linked list * -+ * that will be used for the storing the acl * -+ * in a way that is useful for the posix_acls.c * -+ * code. */ -+ -+ acl_entry_link_head = acl_entry_link = sys_acl_init(0); -+ if(acl_entry_link_head == NULL){ -+ SAFE_FREE(file_acl); -+ return(NULL); -+ } -+ -+ acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry); -+ -+ if(acl_entry_link->entryp == NULL) { -+ errno = ENOMEM; -+ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); -+ SAFE_FREE(file_acl); -+ return(NULL); -+ } -+ -+ DEBUG(10,("acl_entry is %d\n",acl_entry)); -+ DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl))); -+ -+ /* Check if the extended acl bit is on. * -+ * If it isn't, do not show the * -+ * contents of the acl since AIX intends * -+ * the extended info to remain unused */ -+ -+ if(file_acl->acl_mode & S_IXACL){ -+ /* while we are not pointing to the very end */ -+ while(acl_entry < acl_last(file_acl)) { -+ /* before we malloc anything, make sure this is */ -+ /* a valid acl entry and one that we want to map */ -+ -+ idp = id_nxt(acl_entry->ace_id); -+ if((acl_entry->ace_type == ACC_SPECIFY || -+ (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) { -+ acl_entry = acl_nxt(acl_entry); -+ continue; -+ } -+ -+ idp = acl_entry->ace_id; -+ -+ /* Check if this is the first entry in the linked list. * -+ * The first entry needs to keep prevp pointing to NULL * -+ * and already has entryp allocated. */ -+ -+ if(acl_entry_link_head->count != 0) { -+ acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link); -+ if(acl_entry_link->nextp == NULL) { -+ errno = ENOMEM; -+ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); -+ SAFE_FREE(file_acl); -+ return(NULL); -+ } -+ acl_entry_link->nextp->prevp = acl_entry_link; -+ acl_entry_link = acl_entry_link->nextp; -+ acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry); -+ if(acl_entry_link->entryp == NULL) { -+ errno = ENOMEM; -+ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); -+ SAFE_FREE(file_acl); -+ return(NULL); -+ } -+ -+ acl_entry_link->nextp = NULL; -+ } -+ -+ acl_entry_link->entryp->ace_len = acl_entry->ace_len; -+ -+ /* Don't really need this since all types are going * -+ * to be specified but, it's better than leaving it 0 */ -+ -+ acl_entry_link->entryp->ace_type = acl_entry->ace_type; -+ acl_entry_link->entryp->ace_access = acl_entry->ace_access; -+ -+ memcpy(acl_entry_link->entryp->ace_id, idp, sizeof(struct ace_id)); -+ -+ /* The access in the acl entries must be left shifted by * -+ * three bites, because they will ultimately be compared * -+ * to S_IRUSR, S_IWUSR, and S_IXUSR. */ -+ -+ switch(acl_entry->ace_type){ -+ case ACC_PERMIT: -+ case ACC_SPECIFY: -+ acl_entry_link->entryp->ace_access = acl_entry->ace_access; -+ acl_entry_link->entryp->ace_access <<= 6; -+ acl_entry_link_head->count++; -+ break; -+ case ACC_DENY: -+ /* Since there is no way to return a DENY acl entry * -+ * change to PERMIT and then shift. */ -+ DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access)); -+ acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7; -+ DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access)); -+ acl_entry_link->entryp->ace_access <<= 6; -+ acl_entry_link_head->count++; -+ break; -+ default: -+ return(0); -+ } -+ -+ DEBUG(10,("acl_entry = %d\n",acl_entry)); -+ DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type)); -+ -+ acl_entry = acl_nxt(acl_entry); -+ } -+ } /* end of if enabled */ -+ -+ /* Since owner, group, other acl entries are not * -+ * part of the acl entries in an acl, they must * -+ * be dummied up to become part of the list. */ -+ -+ for( i = 1; i < 4; i++) { -+ DEBUG(10,("i is %d\n",i)); -+ if(acl_entry_link_head->count != 0){ -+ acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link); -+ if(acl_entry_link->nextp == NULL) { -+ errno = ENOMEM; -+ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); -+ SAFE_FREE(file_acl); -+ return(NULL); -+ } -+ -+ acl_entry_link->nextp->prevp = acl_entry_link; -+ acl_entry_link = acl_entry_link->nextp; -+ acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry); -+ -+ if(acl_entry_link->entryp == NULL) { -+ SAFE_FREE(file_acl); -+ errno = ENOMEM; -+ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); -+ return(NULL); -+ } -+ } -+ -+ acl_entry_link->nextp = NULL; -+ -+ new_acl_entry = acl_entry_link->entryp; -+ idp = new_acl_entry->ace_id; -+ -+ new_acl_entry->ace_len = sizeof(struct acl_entry); -+ new_acl_entry->ace_type = ACC_PERMIT; -+ idp->id_len = sizeof(struct ace_id); -+ DEBUG(10,("idp->id_len = %d\n",idp->id_len)); -+ memset(idp->id_data,0,sizeof(uid_t)); -+ -+ switch(i) { -+ case 2: -+ new_acl_entry->ace_access = file_acl->g_access << 6; -+ idp->id_type = SMB_ACL_GROUP_OBJ; -+ break; -+ -+ case 3: -+ new_acl_entry->ace_access = file_acl->o_access << 6; -+ idp->id_type = SMB_ACL_OTHER; -+ break; -+ -+ case 1: -+ new_acl_entry->ace_access = file_acl->u_access << 6; -+ idp->id_type = SMB_ACL_USER_OBJ; -+ break; -+ -+ default: -+ return(NULL); -+ } -+ -+ acl_entry_link_head->count++; -+ DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access)); -+ } -+ -+ acl_entry_link_head->count = 0; -+ SAFE_FREE(file_acl); -+ -+ return(acl_entry_link_head); -+} -+ -+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) -+{ -+ *permset = *permset & ~0777; -+ return(0); -+} -+ -+int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) -+{ -+ if((perm != 0) && -+ (perm & (S_IXUSR | S_IWUSR | S_IRUSR)) == 0) -+ return(-1); -+ -+ *permset |= perm; -+ DEBUG(10,("This is the permset now: %d\n",*permset)); -+ return(0); -+} -+ -+char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen) -+{ -+ return(NULL); -+} -+ -+SMB_ACL_T sys_acl_init( int count) -+{ -+ struct acl_entry_link *theacl = NULL; -+ -+ DEBUG(10,("Entering sys_acl_init\n")); -+ -+ theacl = SMB_MALLOC_P(struct acl_entry_link); -+ if(theacl == NULL) { -+ errno = ENOMEM; -+ DEBUG(0,("Error in sys_acl_init is %d\n",errno)); -+ return(NULL); -+ } -+ -+ theacl->count = 0; -+ theacl->nextp = NULL; -+ theacl->prevp = NULL; -+ theacl->entryp = NULL; -+ DEBUG(10,("Exiting sys_acl_init\n")); -+ return(theacl); -+} -+ -+int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) -+{ -+ struct acl_entry_link *theacl; -+ struct acl_entry_link *acl_entryp; -+ struct acl_entry_link *temp_entry; -+ int counting; -+ -+ DEBUG(10,("Entering the sys_acl_create_entry\n")); -+ -+ theacl = acl_entryp = *pacl; -+ -+ /* Get to the end of the acl before adding entry */ -+ -+ for(counting=0; counting < theacl->count; counting++){ -+ DEBUG(10,("The acl_entryp is %d\n",acl_entryp)); -+ temp_entry = acl_entryp; -+ acl_entryp = acl_entryp->nextp; -+ } -+ -+ if(theacl->count != 0){ -+ temp_entry->nextp = acl_entryp = SMB_MALLOC_P(struct acl_entry_link); -+ if(acl_entryp == NULL) { -+ errno = ENOMEM; -+ DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno)); -+ return(-1); -+ } -+ -+ DEBUG(10,("The acl_entryp is %d\n",acl_entryp)); -+ acl_entryp->prevp = temp_entry; -+ DEBUG(10,("The acl_entryp->prevp is %d\n",acl_entryp->prevp)); -+ } -+ -+ *pentry = acl_entryp->entryp = SMB_MALLOC_P(struct new_acl_entry); -+ if(*pentry == NULL) { -+ errno = ENOMEM; -+ DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno)); -+ return(-1); -+ } -+ -+ memset(*pentry,0,sizeof(struct new_acl_entry)); -+ acl_entryp->entryp->ace_len = sizeof(struct acl_entry); -+ acl_entryp->entryp->ace_type = ACC_PERMIT; -+ acl_entryp->entryp->ace_id->id_len = sizeof(struct ace_id); -+ acl_entryp->nextp = NULL; -+ theacl->count++; -+ DEBUG(10,("Exiting sys_acl_create_entry\n")); -+ return(0); -+} -+ -+int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) -+{ -+ DEBUG(10,("Starting AIX sys_acl_set_tag_type\n")); -+ entry->ace_id->id_type = tagtype; -+ DEBUG(10,("The tag type is %d\n",entry->ace_id->id_type)); -+ DEBUG(10,("Ending AIX sys_acl_set_tag_type\n")); -+} -+ -+int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual) -+{ -+ DEBUG(10,("Starting AIX sys_acl_set_qualifier\n")); -+ memcpy(entry->ace_id->id_data,qual,sizeof(uid_t)); -+ DEBUG(10,("Ending AIX sys_acl_set_qualifier\n")); -+ return(0); -+} -+ -+int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) -+{ -+ DEBUG(10,("Starting AIX sys_acl_set_permset\n")); -+ if(!(*permset & S_IXUSR) && -+ !(*permset & S_IWUSR) && -+ !(*permset & S_IRUSR) && -+ (*permset != 0)) -+ return(-1); -+ -+ entry->ace_access = *permset; -+ DEBUG(10,("entry->ace_access = %d\n",entry->ace_access)); -+ DEBUG(10,("Ending AIX sys_acl_set_permset\n")); -+ return(0); -+} -+ -+int sys_acl_valid( SMB_ACL_T theacl ) -+{ -+ int user_obj = 0; -+ int group_obj = 0; -+ int other_obj = 0; -+ struct acl_entry_link *acl_entry; -+ -+ for(acl_entry=theacl; acl_entry != NULL; acl_entry = acl_entry->nextp) { -+ user_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_USER_OBJ); -+ group_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_GROUP_OBJ); -+ other_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_OTHER); -+ } -+ -+ DEBUG(10,("user_obj=%d, group_obj=%d, other_obj=%d\n",user_obj,group_obj,other_obj)); -+ -+ if(user_obj != 1 || group_obj != 1 || other_obj != 1) -+ return(-1); -+ -+ return(0); -+} -+ -+int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) -+{ -+ struct acl_entry_link *acl_entry_link = NULL; -+ struct acl *file_acl = NULL; -+ struct acl *file_acl_temp = NULL; -+ struct acl_entry *acl_entry = NULL; -+ struct ace_id *ace_id = NULL; -+ uint id_type; -+ uint ace_access; -+ uint user_id; -+ uint acl_length; -+ uint rc; -+ -+ DEBUG(10,("Entering sys_acl_set_file\n")); -+ DEBUG(10,("File name is %s\n",name)); -+ -+ /* AIX has no default ACL */ -+ if(acltype == SMB_ACL_TYPE_DEFAULT) -+ return(0); -+ -+ acl_length = BUFSIZ; -+ file_acl = (struct acl *)SMB_MALLOC(BUFSIZ); -+ -+ if(file_acl == NULL) { -+ errno = ENOMEM; -+ DEBUG(0,("Error in sys_acl_set_file is %d\n",errno)); -+ return(-1); -+ } -+ -+ memset(file_acl,0,BUFSIZ); -+ -+ file_acl->acl_len = ACL_SIZ; -+ file_acl->acl_mode = S_IXACL; -+ -+ for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) { -+ acl_entry_link->entryp->ace_access >>= 6; -+ id_type = acl_entry_link->entryp->ace_id->id_type; -+ -+ switch(id_type) { -+ case SMB_ACL_USER_OBJ: -+ file_acl->u_access = acl_entry_link->entryp->ace_access; -+ continue; -+ case SMB_ACL_GROUP_OBJ: -+ file_acl->g_access = acl_entry_link->entryp->ace_access; -+ continue; -+ case SMB_ACL_OTHER: -+ file_acl->o_access = acl_entry_link->entryp->ace_access; -+ continue; -+ case SMB_ACL_MASK: -+ continue; -+ } -+ -+ if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) { -+ acl_length += sizeof(struct acl_entry); -+ file_acl_temp = (struct acl *)SMB_MALLOC(acl_length); -+ if(file_acl_temp == NULL) { -+ SAFE_FREE(file_acl); -+ errno = ENOMEM; -+ DEBUG(0,("Error in sys_acl_set_file is %d\n",errno)); -+ return(-1); -+ } -+ -+ memcpy(file_acl_temp,file_acl,file_acl->acl_len); -+ SAFE_FREE(file_acl); -+ file_acl = file_acl_temp; -+ } -+ -+ acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len); -+ file_acl->acl_len += sizeof(struct acl_entry); -+ acl_entry->ace_len = acl_entry_link->entryp->ace_len; -+ acl_entry->ace_access = acl_entry_link->entryp->ace_access; -+ -+ /* In order to use this, we'll need to wait until we can get denies */ -+ /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT) -+ acl_entry->ace_type = ACC_SPECIFY; */ -+ -+ acl_entry->ace_type = ACC_SPECIFY; -+ -+ ace_id = acl_entry->ace_id; -+ -+ ace_id->id_type = acl_entry_link->entryp->ace_id->id_type; -+ DEBUG(10,("The id type is %d\n",ace_id->id_type)); -+ ace_id->id_len = acl_entry_link->entryp->ace_id->id_len; -+ memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t)); -+ memcpy(acl_entry->ace_id->id_data, &user_id, sizeof(uid_t)); -+ } -+ -+ rc = chacl(name,file_acl,file_acl->acl_len); -+ DEBUG(10,("errno is %d\n",errno)); -+ DEBUG(10,("return code is %d\n",rc)); -+ SAFE_FREE(file_acl); -+ DEBUG(10,("Exiting the sys_acl_set_file\n")); -+ return(rc); -+} -+ -+int sys_acl_set_fd( int fd, SMB_ACL_T theacl) -+{ -+ struct acl_entry_link *acl_entry_link = NULL; -+ struct acl *file_acl = NULL; -+ struct acl *file_acl_temp = NULL; -+ struct acl_entry *acl_entry = NULL; -+ struct ace_id *ace_id = NULL; -+ uint id_type; -+ uint user_id; -+ uint acl_length; -+ uint rc; -+ -+ DEBUG(10,("Entering sys_acl_set_fd\n")); -+ acl_length = BUFSIZ; -+ file_acl = (struct acl *)SMB_MALLOC(BUFSIZ); -+ -+ if(file_acl == NULL) { -+ errno = ENOMEM; -+ DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno)); -+ return(-1); -+ } -+ -+ memset(file_acl,0,BUFSIZ); -+ -+ file_acl->acl_len = ACL_SIZ; -+ file_acl->acl_mode = S_IXACL; -+ -+ for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) { -+ acl_entry_link->entryp->ace_access >>= 6; -+ id_type = acl_entry_link->entryp->ace_id->id_type; -+ DEBUG(10,("The id_type is %d\n",id_type)); -+ -+ switch(id_type) { -+ case SMB_ACL_USER_OBJ: -+ file_acl->u_access = acl_entry_link->entryp->ace_access; -+ continue; -+ case SMB_ACL_GROUP_OBJ: -+ file_acl->g_access = acl_entry_link->entryp->ace_access; -+ continue; -+ case SMB_ACL_OTHER: -+ file_acl->o_access = acl_entry_link->entryp->ace_access; -+ continue; -+ case SMB_ACL_MASK: -+ continue; -+ } -+ -+ if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) { -+ acl_length += sizeof(struct acl_entry); -+ file_acl_temp = (struct acl *)SMB_MALLOC(acl_length); -+ if(file_acl_temp == NULL) { -+ SAFE_FREE(file_acl); -+ errno = ENOMEM; -+ DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno)); -+ return(-1); -+ } -+ -+ memcpy(file_acl_temp,file_acl,file_acl->acl_len); -+ SAFE_FREE(file_acl); -+ file_acl = file_acl_temp; -+ } -+ -+ acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len); -+ file_acl->acl_len += sizeof(struct acl_entry); -+ acl_entry->ace_len = acl_entry_link->entryp->ace_len; -+ acl_entry->ace_access = acl_entry_link->entryp->ace_access; -+ -+ /* In order to use this, we'll need to wait until we can get denies */ -+ /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT) -+ acl_entry->ace_type = ACC_SPECIFY; */ -+ -+ acl_entry->ace_type = ACC_SPECIFY; -+ -+ ace_id = acl_entry->ace_id; -+ -+ ace_id->id_type = acl_entry_link->entryp->ace_id->id_type; -+ DEBUG(10,("The id type is %d\n",ace_id->id_type)); -+ ace_id->id_len = acl_entry_link->entryp->ace_id->id_len; -+ memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t)); -+ memcpy(ace_id->id_data, &user_id, sizeof(uid_t)); -+ } -+ -+ rc = fchacl(fd,file_acl,file_acl->acl_len); -+ DEBUG(10,("errno is %d\n",errno)); -+ DEBUG(10,("return code is %d\n",rc)); -+ SAFE_FREE(file_acl); -+ DEBUG(10,("Exiting sys_acl_set_fd\n")); -+ return(rc); -+} -+ -+int sys_acl_delete_def_file(const char *name) -+{ -+ /* AIX has no default ACL */ -+ return 0; -+} -+ -+int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) -+{ -+ return(*permset & perm); -+} -+ -+int sys_acl_free_text(char *text) -+{ -+ return(0); -+} -+ -+int sys_acl_free_acl(SMB_ACL_T posix_acl) -+{ -+ struct acl_entry_link *acl_entry_link; -+ -+ for(acl_entry_link = posix_acl->nextp; acl_entry_link->nextp != NULL; acl_entry_link = acl_entry_link->nextp) { -+ SAFE_FREE(acl_entry_link->prevp->entryp); -+ SAFE_FREE(acl_entry_link->prevp); -+ } -+ -+ SAFE_FREE(acl_entry_link->prevp->entryp); -+ SAFE_FREE(acl_entry_link->prevp); -+ SAFE_FREE(acl_entry_link->entryp); -+ SAFE_FREE(acl_entry_link); -+ -+ return(0); -+} -+ -+int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) -+{ -+ return(0); -+} -+ -+#else /* No ACLs. */ -+ -+int sys_acl_get_entry(UNUSED(SMB_ACL_T the_acl), UNUSED(int entry_id), UNUSED(SMB_ACL_ENTRY_T *entry_p)) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+int sys_acl_get_tag_type(UNUSED(SMB_ACL_ENTRY_T entry_d), UNUSED(SMB_ACL_TAG_T *tag_type_p)) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+int sys_acl_get_permset(UNUSED(SMB_ACL_ENTRY_T entry_d), UNUSED(SMB_ACL_PERMSET_T *permset_p)) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+void *sys_acl_get_qualifier(UNUSED(SMB_ACL_ENTRY_T entry_d)) -+{ -+ errno = ENOSYS; -+ return NULL; -+} -+ -+SMB_ACL_T sys_acl_get_file(UNUSED(const char *path_p), UNUSED(SMB_ACL_TYPE_T type)) -+{ -+ errno = ENOSYS; -+ return (SMB_ACL_T)NULL; -+} -+ -+SMB_ACL_T sys_acl_get_fd(UNUSED(int fd)) -+{ -+ errno = ENOSYS; -+ return (SMB_ACL_T)NULL; -+} -+ -+int sys_acl_clear_perms(UNUSED(SMB_ACL_PERMSET_T permset)) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+int sys_acl_add_perm( UNUSED(SMB_ACL_PERMSET_T permset), UNUSED(SMB_ACL_PERM_T perm)) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) -+{ -+ errno = ENOSYS; -+ return (permset & perm) ? 1 : 0; -+} -+ -+char *sys_acl_to_text(UNUSED(SMB_ACL_T the_acl), UNUSED(ssize_t *plen)) -+{ -+ errno = ENOSYS; -+ return NULL; -+} -+ -+int sys_acl_free_text(UNUSED(char *text)) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+SMB_ACL_T sys_acl_init(UNUSED(int count)) -+{ -+ errno = ENOSYS; -+ return NULL; -+} -+ -+int sys_acl_create_entry(UNUSED(SMB_ACL_T *pacl), UNUSED(SMB_ACL_ENTRY_T *pentry)) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+int sys_acl_set_tag_type(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(SMB_ACL_TAG_T tagtype)) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+int sys_acl_set_qualifier(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(void *qual)) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+int sys_acl_set_permset(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(SMB_ACL_PERMSET_T permset)) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+int sys_acl_valid(UNUSED(SMB_ACL_T theacl)) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+int sys_acl_set_file(UNUSED(const char *name), UNUSED(SMB_ACL_TYPE_T acltype), UNUSED(SMB_ACL_T theacl)) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+int sys_acl_set_fd(UNUSED(int fd), UNUSED(SMB_ACL_T theacl)) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+int sys_acl_delete_def_file(UNUSED(const char *name)) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+int sys_acl_free_acl(UNUSED(SMB_ACL_T the_acl)) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+int sys_acl_free_qualifier(UNUSED(void *qual), UNUSED(SMB_ACL_TAG_T tagtype)) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+#endif /* No ACLs. */ -+ -+/************************************************************************ -+ Deliberately outside the ACL defines. Return 1 if this is a "no acls" -+ errno, 0 if not. -+************************************************************************/ -+ -+int no_acl_syscall_error(int err) -+{ -+#if defined(ENOSYS) -+ if (err == ENOSYS) { -+ return 1; -+ } -+#endif -+#if defined(ENOTSUP) -+ if (err == ENOTSUP) { -+ return 1; -+ } -+#endif -+ return 0; -+} ---- old/lib/sysacls.h -+++ new/lib/sysacls.h -@@ -0,0 +1,28 @@ -+#define SMB_MALLOC(cnt) new_array(char, cnt) -+#define SMB_MALLOC_P(obj) new_array(obj, 1) -+#define SMB_MALLOC_ARRAY(obj, cnt) new_array(obj, cnt) -+#define SMB_REALLOC(mem, cnt) realloc_array(mem, char, cnt) -+#define slprintf snprintf -+ -+int sys_acl_get_entry(SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p); -+int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p); -+int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p); -+void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d); -+SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type); -+SMB_ACL_T sys_acl_get_fd(int fd); -+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset); -+int sys_acl_add_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm); -+int sys_acl_get_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm); -+char *sys_acl_to_text(SMB_ACL_T the_acl, ssize_t *plen); -+SMB_ACL_T sys_acl_init(int count); -+int sys_acl_create_entry(SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry); -+int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype); -+int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry, void *qual); -+int sys_acl_set_permset(SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset); -+int sys_acl_valid(SMB_ACL_T theacl); -+int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl); -+int sys_acl_set_fd(int fd, SMB_ACL_T theacl); -+int sys_acl_delete_def_file(const char *name); -+int sys_acl_free_text(char *text); -+int sys_acl_free_acl(SMB_ACL_T the_acl); -+int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype); ---- old/mkproto.awk -+++ new/mkproto.awk -@@ -58,7 +58,7 @@ BEGIN { - next; - } - --!/^OFF_T|^size_t|^off_t|^pid_t|^unsigned|^mode_t|^DIR|^user|^int|^char|^uint|^uchar|^short|^struct|^BOOL|^void|^time|^const|^RETSIGTYPE/ { -+!/^OFF_T|^size_t|^off_t|^pid_t|^id_t|^unsigned|^mode_t|^DIR|^user|^int|^char|^uint|^uchar|^short|^struct|^BOOL|^void|^time|^const|^RETSIGTYPE/ { - next; - } - ---- old/options.c -+++ new/options.c -@@ -45,6 +45,7 @@ int copy_dirlinks = 0; - int copy_links = 0; - int preserve_links = 0; - int preserve_hard_links = 0; -+int preserve_acls = 0; - int preserve_perms = 0; - int preserve_executability = 0; - int preserve_devices = 0; -@@ -194,6 +195,7 @@ static void print_rsync_version(enum log - char const *got_socketpair = "no "; - char const *have_inplace = "no "; - char const *hardlinks = "no "; -+ char const *acls = "no "; - char const *links = "no "; - char const *ipv6 = "no "; - STRUCT_STAT *dumstat; -@@ -210,6 +212,10 @@ static void print_rsync_version(enum log - hardlinks = ""; - #endif - -+#ifdef SUPPORT_ACLS -+ acls = ""; -+#endif -+ - #ifdef SUPPORT_LINKS - links = ""; - #endif -@@ -223,9 +229,9 @@ static void print_rsync_version(enum log - rprintf(f, "Copyright (C) 1996-2006 by Andrew Tridgell, Wayne Davison, and others.\n"); - rprintf(f, "\n"); - rprintf(f, "Capabilities: %d-bit files, %ssocketpairs, " -- "%shard links, %ssymlinks, batchfiles,\n", -+ "%shard links, %sACLs, %ssymlinks, batchfiles,\n", - (int) (sizeof (OFF_T) * 8), -- got_socketpair, hardlinks, links); -+ got_socketpair, hardlinks, acls, links); - - /* Note that this field may not have type ino_t. It depends - * on the complicated interaction between largefile feature -@@ -295,6 +301,9 @@ void usage(enum logcode F) - rprintf(F," -H, --hard-links preserve hard links\n"); - rprintf(F," -p, --perms preserve permissions\n"); - rprintf(F," -E, --executability preserve the file's executability\n"); -+#ifdef SUPPORT_ACLS -+ rprintf(F," -A, --acls preserve ACLs (implies --perms)\n"); -+#endif - rprintf(F," --chmod=CHMOD change destination permissions\n"); - rprintf(F," -o, --owner preserve owner (super-user only)\n"); - rprintf(F," -g, --group preserve group\n"); -@@ -410,6 +419,9 @@ static struct poptOption long_options[] - {"no-perms", 0, POPT_ARG_VAL, &preserve_perms, 0, 0, 0 }, - {"no-p", 0, POPT_ARG_VAL, &preserve_perms, 0, 0, 0 }, - {"executability", 'E', POPT_ARG_NONE, &preserve_executability, 0, 0, 0 }, -+ {"acls", 'A', POPT_ARG_NONE, 0, 'A', 0, 0 }, -+ {"no-acls", 0, POPT_ARG_VAL, &preserve_acls, 0, 0, 0 }, -+ {"no-A", 0, POPT_ARG_VAL, &preserve_acls, 0, 0, 0 }, - {"times", 't', POPT_ARG_VAL, &preserve_times, 1, 0, 0 }, - {"no-times", 0, POPT_ARG_VAL, &preserve_times, 0, 0, 0 }, - {"no-t", 0, POPT_ARG_VAL, &preserve_times, 0, 0, 0 }, -@@ -1068,6 +1080,24 @@ int parse_arguments(int *argc, const cha - usage(FINFO); - exit_cleanup(0); - -+ case 'A': -+#ifdef SUPPORT_ACLS -+ preserve_acls++; -+ preserve_perms = 1; -+ break; -+#else -+ /* FIXME: this should probably be ignored with a -+ * warning and then countermeasures taken to -+ * restrict group and other access in the presence -+ * of any more restrictive ACLs, but this is safe -+ * for now */ -+ snprintf(err_buf,sizeof(err_buf), -+ "ACLs are not supported on this %s\n", -+ am_server ? "server" : "client"); -+ return 0; -+#endif -+ -+ - default: - /* A large opt value means that set_refuse_options() - * turned this option off. */ -@@ -1511,6 +1541,10 @@ void server_options(char **args,int *arg - - if (preserve_hard_links) - argstr[x++] = 'H'; -+#ifdef SUPPORT_ACLS -+ if (preserve_acls) -+ argstr[x++] = 'A'; -+#endif - if (preserve_uid) - argstr[x++] = 'o'; - if (preserve_gid) ---- old/receiver.c -+++ new/receiver.c -@@ -46,6 +46,7 @@ extern int keep_partial; - extern int checksum_seed; - extern int inplace; - extern int delay_updates; -+extern mode_t orig_umask; - extern struct stats stats; - extern char *log_format; - extern char *tmpdir; -@@ -344,6 +345,10 @@ int recv_files(int f_in, struct file_lis - int itemizing = am_daemon ? daemon_log_format_has_i - : !am_server && log_format_has_i; - int max_phase = protocol_version >= 29 ? 2 : 1; -+ int dflt_perms = (ACCESSPERMS & ~orig_umask); -+#ifdef SUPPORT_ACLS -+ char *parent_dirname = ""; -+#endif - int i, recv_ok; - - if (verbose > 2) -@@ -541,7 +546,16 @@ int recv_files(int f_in, struct file_lis - * mode based on the local permissions and some heuristics. */ - if (!preserve_perms) { - int exists = fd1 != -1; -- file->mode = dest_mode(file->mode, st.st_mode, exists); -+#ifdef SUPPORT_ACLS -+ char *dn = file->dirname ? file->dirname : "."; -+ if (parent_dirname != dn -+ && strcmp(parent_dirname, dn) != 0) { -+ dflt_perms = default_perms_for_dir(dn); -+ parent_dirname = dn; -+ } -+#endif -+ file->mode = dest_mode(file->mode, st.st_mode, -+ dflt_perms, exists); - } - - /* We now check to see if we are writing file "inplace" */ ---- old/rsync.c -+++ new/rsync.c -@@ -33,6 +33,7 @@ - extern int verbose; - extern int dry_run; - extern int daemon_log_format_has_i; -+extern int preserve_acls; - extern int preserve_perms; - extern int preserve_executability; - extern int preserve_times; -@@ -101,7 +102,8 @@ void free_sums(struct sum_struct *s) - - /* This is only called when we aren't preserving permissions. Figure out what - * the permissions should be and return them merged back into the mode. */ --mode_t dest_mode(mode_t flist_mode, mode_t cur_mode, int exists) -+mode_t dest_mode(mode_t flist_mode, mode_t cur_mode, int dflt_perms, -+ int exists) - { - /* If the file already exists, we'll return the local permissions, - * possibly tweaked by the --executability option. */ -@@ -116,7 +118,7 @@ mode_t dest_mode(mode_t flist_mode, mode - cur_mode |= (cur_mode & 0444) >> 2; - } - } else -- cur_mode = flist_mode & ACCESSPERMS & ~orig_umask; -+ cur_mode = flist_mode & ACCESSPERMS & dflt_perms; - if (daemon_chmod_modes && !S_ISLNK(flist_mode)) - cur_mode = tweak_mode(cur_mode, daemon_chmod_modes); - return (flist_mode & ~CHMOD_BITS) | (cur_mode & CHMOD_BITS); -@@ -203,9 +205,21 @@ int set_file_attrs(char *fname, struct f - updated = 1; - } - -+#ifdef SUPPORT_ACLS -+ /* It's OK to call set_acl() now, even for a dir, as the generator -+ * will enable owner-writability using chmod, if necessary. -+ * -+ * If set_acl changes permission bits in the process of setting -+ * an access ACL, it changes st->st_mode so we know whether we -+ * need to chmod. */ -+ if (preserve_acls && set_acl(fname, file, &st->st_mode) == 0) -+ updated = 1; -+#endif -+ - #ifdef HAVE_CHMOD - if ((st->st_mode & CHMOD_BITS) != (file->mode & CHMOD_BITS)) { -- int ret = do_chmod(fname, file->mode); -+ mode_t mode = file->mode; -+ int ret = do_chmod(fname, mode); - if (ret < 0) { - rsyserr(FERROR, errno, - "failed to set permissions on %s", ---- old/rsync.h -+++ new/rsync.h -@@ -658,6 +658,20 @@ struct chmod_mode_struct; - - #define UNUSED(x) x __attribute__((__unused__)) - -+#if HAVE_POSIX_ACLS|HAVE_UNIXWARE_ACLS|HAVE_SOLARIS_ACLS|\ -+ HAVE_HPUX_ACLS|HAVE_IRIX_ACLS|HAVE_AIX_ACLS|HAVE_TRU64_ACLS -+#define SUPPORT_ACLS 1 -+#endif -+ -+#if HAVE_UNIXWARE_ACLS|HAVE_SOLARIS_ACLS|HAVE_HPUX_ACLS -+#define ACLS_NEED_MASK 1 -+#endif -+ -+#if defined SUPPORT_ACLS && defined HAVE_SYS_ACL_H -+#include -+#endif -+#include "smb_acls.h" -+ - #include "proto.h" - - /* We have replacement versions of these if they're missing. */ ---- old/rsync.yo -+++ new/rsync.yo -@@ -321,6 +321,7 @@ to the detailed description below for a - -H, --hard-links preserve hard links - -p, --perms preserve permissions - -E, --executability preserve executability -+ -A, --acls preserve ACLs (implies -p) [non-standard] - --chmod=CHMOD change destination permissions - -o, --owner preserve owner (super-user only) - -g, --group preserve group -@@ -742,7 +743,9 @@ quote(itemize( - permissions, though the bf(--executability) option might change just - the execute permission for the file. - it() New files get their "normal" permission bits set to the source -- file's permissions masked with the receiving end's umask setting, and -+ file's permissions masked with the receiving directory's default -+ permissions (either the receiving process's umask, or the permissions -+ specified via the destination directory's default ACL), and - their special permission bits disabled except in the case where a new - directory inherits a setgid bit from its parent directory. - )) -@@ -773,9 +776,11 @@ The preservation of the destination's se - directories when bf(--perms) is off was added in rsync 2.6.7. Older rsync - versions erroneously preserved the three special permission bits for - newly-created files when bf(--perms) was off, while overriding the --destination's setgid bit setting on a newly-created directory. (Keep in --mind that it is the version of the receiving rsync that affects this --behavior.) -+destination's setgid bit setting on a newly-created directory. Default ACL -+observance was added to the ACL patch for rsync 2.6.7, so older (or -+non-ACL-enabled) rsyncs use the umask even if default ACLs are present. -+(Keep in mind that it is the version of the receiving rsync that affects -+these behaviors.) - - dit(bf(-E, --executability)) This option causes rsync to preserve the - executability (or non-executability) of regular files when bf(--perms) is -@@ -793,6 +798,10 @@ quote(itemize( - - If bf(--perms) is enabled, this option is ignored. - -+dit(bf(-A, --acls)) This option causes rsync to update the destination -+ACLs to be the same as the source ACLs. This nonstandard option only -+works if the remote rsync also supports it. bf(--acls) implies bf(--perms). -+ - dit(bf(--chmod)) This option tells rsync to apply one or more - comma-separated "chmod" strings to the permission of the files in the - transfer. The resulting value is treated as though it was the permissions ---- old/smb_acls.h -+++ new/smb_acls.h -@@ -0,0 +1,281 @@ -+/* -+ Unix SMB/Netbios implementation. -+ Version 2.2.x -+ Portable SMB ACL interface -+ Copyright (C) Jeremy Allison 2000 -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 2 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program; if not, write to the Free Software -+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+*/ -+ -+#ifndef _SMB_ACLS_H -+#define _SMB_ACLS_H -+ -+#if defined HAVE_POSIX_ACLS -+ -+/* This is an identity mapping (just remove the SMB_). */ -+ -+#define SMB_ACL_TAG_T acl_tag_t -+#define SMB_ACL_TYPE_T acl_type_t -+#define SMB_ACL_PERMSET_T acl_permset_t -+#define SMB_ACL_PERM_T acl_perm_t -+#define SMB_ACL_READ ACL_READ -+#define SMB_ACL_WRITE ACL_WRITE -+#define SMB_ACL_EXECUTE ACL_EXECUTE -+ -+/* Types of ACLs. */ -+#define SMB_ACL_USER ACL_USER -+#define SMB_ACL_USER_OBJ ACL_USER_OBJ -+#define SMB_ACL_GROUP ACL_GROUP -+#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ -+#define SMB_ACL_OTHER ACL_OTHER -+#define SMB_ACL_MASK ACL_MASK -+ -+#define SMB_ACL_T acl_t -+ -+#define SMB_ACL_ENTRY_T acl_entry_t -+ -+#define SMB_ACL_FIRST_ENTRY ACL_FIRST_ENTRY -+#define SMB_ACL_NEXT_ENTRY ACL_NEXT_ENTRY -+ -+#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS -+#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT -+ -+#elif defined HAVE_TRU64_ACLS -+ -+/* This is for DEC/Compaq Tru64 UNIX */ -+ -+#define SMB_ACL_TAG_T acl_tag_t -+#define SMB_ACL_TYPE_T acl_type_t -+#define SMB_ACL_PERMSET_T acl_permset_t -+#define SMB_ACL_PERM_T acl_perm_t -+#define SMB_ACL_READ ACL_READ -+#define SMB_ACL_WRITE ACL_WRITE -+#define SMB_ACL_EXECUTE ACL_EXECUTE -+ -+/* Types of ACLs. */ -+#define SMB_ACL_USER ACL_USER -+#define SMB_ACL_USER_OBJ ACL_USER_OBJ -+#define SMB_ACL_GROUP ACL_GROUP -+#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ -+#define SMB_ACL_OTHER ACL_OTHER -+#define SMB_ACL_MASK ACL_MASK -+ -+#define SMB_ACL_T acl_t -+ -+#define SMB_ACL_ENTRY_T acl_entry_t -+ -+#define SMB_ACL_FIRST_ENTRY 0 -+#define SMB_ACL_NEXT_ENTRY 1 -+ -+#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS -+#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT -+ -+#elif defined HAVE_UNIXWARE_ACLS || defined HAVE_SOLARIS_ACLS -+/* -+ * Donated by Michael Davidson for UnixWare / OpenUNIX. -+ * Modified by Toomas Soome for Solaris. -+ */ -+ -+/* SVR4.2 ES/MP ACLs */ -+typedef int SMB_ACL_TAG_T; -+typedef int SMB_ACL_TYPE_T; -+typedef ushort *SMB_ACL_PERMSET_T; -+typedef ushort SMB_ACL_PERM_T; -+#define SMB_ACL_READ 4 -+#define SMB_ACL_WRITE 2 -+#define SMB_ACL_EXECUTE 1 -+ -+/* Types of ACLs. */ -+#define SMB_ACL_USER USER -+#define SMB_ACL_USER_OBJ USER_OBJ -+#define SMB_ACL_GROUP GROUP -+#define SMB_ACL_GROUP_OBJ GROUP_OBJ -+#define SMB_ACL_OTHER OTHER_OBJ -+#define SMB_ACL_MASK CLASS_OBJ -+ -+typedef struct SMB_ACL_T { -+ int size; -+ int count; -+ int next; -+ struct acl acl[1]; -+} *SMB_ACL_T; -+ -+typedef struct acl *SMB_ACL_ENTRY_T; -+ -+#define SMB_ACL_FIRST_ENTRY 0 -+#define SMB_ACL_NEXT_ENTRY 1 -+ -+#define SMB_ACL_TYPE_ACCESS 0 -+#define SMB_ACL_TYPE_DEFAULT 1 -+ -+#ifdef __CYGWIN__ -+#define SMB_ACL_LOSES_SPECIAL_MODE_BITS -+#endif -+ -+#elif defined HAVE_HPUX_ACLS -+ -+/* -+ * Based on the Solaris & UnixWare code. -+ */ -+ -+#undef GROUP -+#include -+ -+/* SVR4.2 ES/MP ACLs */ -+typedef int SMB_ACL_TAG_T; -+typedef int SMB_ACL_TYPE_T; -+typedef ushort *SMB_ACL_PERMSET_T; -+typedef ushort SMB_ACL_PERM_T; -+#define SMB_ACL_READ 4 -+#define SMB_ACL_WRITE 2 -+#define SMB_ACL_EXECUTE 1 -+ -+/* Types of ACLs. */ -+#define SMB_ACL_USER USER -+#define SMB_ACL_USER_OBJ USER_OBJ -+#define SMB_ACL_GROUP GROUP -+#define SMB_ACL_GROUP_OBJ GROUP_OBJ -+#define SMB_ACL_OTHER OTHER_OBJ -+#define SMB_ACL_MASK CLASS_OBJ -+ -+typedef struct SMB_ACL_T { -+ int size; -+ int count; -+ int next; -+ struct acl acl[1]; -+} *SMB_ACL_T; -+ -+typedef struct acl *SMB_ACL_ENTRY_T; -+ -+#define SMB_ACL_FIRST_ENTRY 0 -+#define SMB_ACL_NEXT_ENTRY 1 -+ -+#define SMB_ACL_TYPE_ACCESS 0 -+#define SMB_ACL_TYPE_DEFAULT 1 -+ -+#elif defined HAVE_IRIX_ACLS -+ -+#define SMB_ACL_TAG_T acl_tag_t -+#define SMB_ACL_TYPE_T acl_type_t -+#define SMB_ACL_PERMSET_T acl_permset_t -+#define SMB_ACL_PERM_T acl_perm_t -+#define SMB_ACL_READ ACL_READ -+#define SMB_ACL_WRITE ACL_WRITE -+#define SMB_ACL_EXECUTE ACL_EXECUTE -+ -+/* Types of ACLs. */ -+#define SMB_ACL_USER ACL_USER -+#define SMB_ACL_USER_OBJ ACL_USER_OBJ -+#define SMB_ACL_GROUP ACL_GROUP -+#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ -+#define SMB_ACL_OTHER ACL_OTHER_OBJ -+#define SMB_ACL_MASK ACL_MASK -+ -+typedef struct SMB_ACL_T { -+ int next; -+ BOOL freeaclp; -+ struct acl *aclp; -+} *SMB_ACL_T; -+ -+#define SMB_ACL_ENTRY_T acl_entry_t -+ -+#define SMB_ACL_FIRST_ENTRY 0 -+#define SMB_ACL_NEXT_ENTRY 1 -+ -+#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS -+#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT -+ -+#elif defined HAVE_AIX_ACLS -+ -+/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */ -+ -+#include "/usr/include/acl.h" -+ -+typedef uint *SMB_ACL_PERMSET_T; -+ -+struct acl_entry_link{ -+ struct acl_entry_link *prevp; -+ struct new_acl_entry *entryp; -+ struct acl_entry_link *nextp; -+ int count; -+}; -+ -+struct new_acl_entry{ -+ unsigned short ace_len; -+ unsigned short ace_type; -+ unsigned int ace_access; -+ struct ace_id ace_id[1]; -+}; -+ -+#define SMB_ACL_ENTRY_T struct new_acl_entry* -+#define SMB_ACL_T struct acl_entry_link* -+ -+#define SMB_ACL_TAG_T unsigned short -+#define SMB_ACL_TYPE_T int -+#define SMB_ACL_PERM_T uint -+#define SMB_ACL_READ S_IRUSR -+#define SMB_ACL_WRITE S_IWUSR -+#define SMB_ACL_EXECUTE S_IXUSR -+ -+/* Types of ACLs. */ -+#define SMB_ACL_USER ACEID_USER -+#define SMB_ACL_USER_OBJ 3 -+#define SMB_ACL_GROUP ACEID_GROUP -+#define SMB_ACL_GROUP_OBJ 4 -+#define SMB_ACL_OTHER 5 -+#define SMB_ACL_MASK 6 -+ -+ -+#define SMB_ACL_FIRST_ENTRY 1 -+#define SMB_ACL_NEXT_ENTRY 2 -+ -+#define SMB_ACL_TYPE_ACCESS 0 -+#define SMB_ACL_TYPE_DEFAULT 1 -+ -+#else /* No ACLs. */ -+ -+/* No ACLS - fake it. */ -+#define SMB_ACL_TAG_T int -+#define SMB_ACL_TYPE_T int -+#define SMB_ACL_PERMSET_T mode_t -+#define SMB_ACL_PERM_T mode_t -+#define SMB_ACL_READ S_IRUSR -+#define SMB_ACL_WRITE S_IWUSR -+#define SMB_ACL_EXECUTE S_IXUSR -+ -+/* Types of ACLs. */ -+#define SMB_ACL_USER 0 -+#define SMB_ACL_USER_OBJ 1 -+#define SMB_ACL_GROUP 2 -+#define SMB_ACL_GROUP_OBJ 3 -+#define SMB_ACL_OTHER 4 -+#define SMB_ACL_MASK 5 -+ -+typedef struct SMB_ACL_T { -+ int dummy; -+} *SMB_ACL_T; -+ -+typedef struct SMB_ACL_ENTRY_T { -+ int dummy; -+} *SMB_ACL_ENTRY_T; -+ -+#define SMB_ACL_FIRST_ENTRY 0 -+#define SMB_ACL_NEXT_ENTRY 1 -+ -+#define SMB_ACL_TYPE_ACCESS 0 -+#define SMB_ACL_TYPE_DEFAULT 1 -+ -+#endif /* No ACLs. */ -+#endif /* _SMB_ACLS_H */ ---- old/testsuite/default-acls.test -+++ new/testsuite/default-acls.test -@@ -0,0 +1,64 @@ -+#! /bin/sh -+ -+# This program is distributable under the terms of the GNU GPL see -+# COPYING). -+ -+# Test that rsync obeys default ACLs. -- Matt McCutchen -+ -+. $srcdir/testsuite/rsync.fns -+ -+$RSYNC --version | grep ", ACLs" >/dev/null || test_skipped "Rsync is configured without ACL support" -+case "$setfacl_nodef" in -+*-k*) opts='-dm u::7,g::5,o:5' ;; -+*) opts='-m d:u::7,d:g::5,d:o:5' ;; -+esac -+setfacl $opts "$scratchdir" || test_skipped "Your filesystem has ACLs disabled" -+ -+# Call as: testit -+testit() { -+ todir="$scratchdir/$1" -+ mkdir "$todir" -+ $setfacl_nodef "$todir" -+ if [ "$2" ]; then -+ case "$setfacl_nodef" in -+ *-k*) opts="-dm $2" ;; -+ *) opts="-m `echo $2 | sed 's/\([ugom]:\)/d:\1/g'`" -+ esac -+ setfacl $opts "$todir" -+ fi -+ # Make sure we obey ACLs when creating a directory to hold multiple transferred files, -+ # even though the directory itself is outside the transfer -+ $RSYNC -rvv "$scratchdir/dir" "$scratchdir/file" "$scratchdir/program" "$todir/to/" -+ check_perms "$todir/to" $4 "Target $1" -+ check_perms "$todir/to/dir" $4 "Target $1" -+ check_perms "$todir/to/file" $3 "Target $1" -+ check_perms "$todir/to/program" $4 "Target $1" -+ # Make sure get_local_name doesn't mess us up when transferring only one file -+ $RSYNC -rvv "$scratchdir/file" "$todir/to/anotherfile" -+ check_perms "$todir/to/anotherfile" $3 "Target $1" -+ # Make sure we obey default ACLs when not transferring a regular file -+ $RSYNC -rvv "$scratchdir/dir/" "$todir/to/anotherdir/" -+ check_perms "$todir/to/anotherdir" $4 "Target $1" -+} -+ -+mkdir "$scratchdir/dir" -+echo "File!" >"$scratchdir/file" -+echo "#!/bin/sh" >"$scratchdir/program" -+chmod 777 "$scratchdir/dir" -+chmod 666 "$scratchdir/file" -+chmod 777 "$scratchdir/program" -+ -+# Test some target directories -+umask 0077 -+testit da777 u::7,g::7,o:7 rw-rw-rw- rwxrwxrwx -+testit da775 u::7,g::7,o:5 rw-rw-r-- rwxrwxr-x -+testit da750 u::7,g::5,o:0 rw-r----- rwxr-x--- -+testit da770mask u::7,u:0:7,g::0,m:7,o:0 rw-rw---- rwxrwx--- -+testit noda1 '' rw------- rwx------ -+umask 0000 -+testit noda2 '' rw-rw-rw- rwxrwxrwx -+umask 0022 -+testit noda3 '' rw-r--r-- rwxr-xr-x -+ -+# Hooray -+exit 0 ---- old/uidlist.c -+++ new/uidlist.c -@@ -34,6 +34,7 @@ - extern int verbose; - extern int preserve_uid; - extern int preserve_gid; -+extern int preserve_acls; - extern int numeric_ids; - extern int am_root; - -@@ -274,7 +275,7 @@ void send_uid_list(int f) - if (numeric_ids) - return; - -- if (preserve_uid) { -+ if (preserve_uid || preserve_acls) { - int len; - /* we send sequences of uid/byte-length/name */ - for (list = uidlist; list; list = list->next) { -@@ -291,7 +292,7 @@ void send_uid_list(int f) - write_int(f, 0); - } - -- if (preserve_gid) { -+ if (preserve_gid || preserve_acls) { - int len; - for (list = gidlist; list; list = list->next) { - if (!list->name) -@@ -312,7 +313,7 @@ void recv_uid_list(int f, struct file_li - int id, i; - char *name; - -- if (preserve_uid && !numeric_ids) { -+ if ((preserve_uid || preserve_acls) && !numeric_ids) { - /* read the uid list */ - while ((id = read_int(f)) != 0) { - int len = read_byte(f); -@@ -324,7 +325,7 @@ void recv_uid_list(int f, struct file_li - } - } - -- if (preserve_gid && !numeric_ids) { -+ if ((preserve_gid || preserve_acls) && !numeric_ids) { - /* read the gid list */ - while ((id = read_int(f)) != 0) { - int len = read_byte(f); -@@ -336,6 +337,16 @@ void recv_uid_list(int f, struct file_li - } - } - -+#ifdef SUPPORT_ACLS -+ if (preserve_acls && !numeric_ids) { -+ id_t *id; -+ while ((id = next_acl_uid(flist)) != NULL) -+ *id = match_uid(*id); -+ while ((id = next_acl_gid(flist)) != NULL) -+ *id = match_gid(*id); -+ } -+#endif + - /* Now convert all the uids/gids from sender values to our values. */ - if (am_root && preserve_uid && !numeric_ids) { - for (i = 0; i < flist->count; i++) + F_ACL(file) = recv_rsync_acl(&access_acl_list, SMB_ACL_TYPE_ACCESS, f); + + if (S_ISDIR(file->mode)) +diff --git a/compat.c b/compat.c +--- a/compat.c ++++ b/compat.c +@@ -190,13 +190,6 @@ void setup_protocol(int f_out,int f_in) + if (protocol_version < 30) { + if (append_mode == 1) + append_mode = 2; +- if (preserve_acls && !local_server) { +- rprintf(FERROR, +- "--acls requires protocol 30 or higher" +- " (negotiated %d).\n", +- protocol_version); +- exit_cleanup(RERR_PROTOCOL); +- } + if (preserve_xattrs && !local_server) { + rprintf(FERROR, + "--xattrs requires protocol 30 or higher"