--- /dev/null
+After applying this patch, run these commands for a successful build:
+
+ autoconf
+ automake
+ ./configure --with-acl-support
+ make proto
+ make
+
+
+--- Makefile.in 2 May 2004 17:04:14 -0000 1.100
++++ Makefile.in 13 May 2004 17:58:41 -0000
+@@ -25,7 +25,7 @@ VERSION=@VERSION@
+ .SUFFIXES:
+ .SUFFIXES: .c .o
+
+-HEADERS=byteorder.h config.h errcode.h proto.h rsync.h lib/pool_alloc.h
++HEADERS=byteorder.h config.h errcode.h proto.h rsync.h smb_acls.h lib/pool_alloc.h
+ LIBOBJ=lib/wildmatch.o lib/compat.o lib/snprintf.o lib/mdfour.o \
+ lib/permstring.o lib/pool_alloc.o @LIBOBJS@
+ ZLIBOBJ=zlib/deflate.o zlib/infblock.o zlib/infcodes.o zlib/inffast.o \
+@@ -34,7 +34,7 @@ ZLIBOBJ=zlib/deflate.o zlib/infblock.o z
+ OBJS1=rsync.o generator.o receiver.o cleanup.o sender.o exclude.o util.o \
+ main.o checksum.o match.o syscall.o log.o backup.o
+ OBJS2=options.o flist.o io.o compat.o hlink.o token.o uidlist.o socket.o \
+- fileio.o batch.o clientname.o
++ fileio.o batch.o clientname.o sysacls.o acls.o
+ OBJS3=progress.o pipe.o
+ DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o
+ popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \
+--- /dev/null 1 Jan 1970 00:00:00 -0000
++++ acls.c 13 May 2004 17:58:42 -0000
+@@ -0,0 +1,1119 @@
++/* -*- c-file-style: "linux" -*-
++ Copyright (C) Andrew Tridgell 1996
++ Copyright (C) Paul Mackerras 1996
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; either version 2 of the License, or
++ (at your option) any later version.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program; if not, write to the Free Software
++ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
++*/
++
++/* handle passing ACLs between systems */
++
++#include "rsync.h"
++
++#ifdef SUPPORT_ACLS
++
++extern int preserve_acls;
++extern int am_root;
++extern int dry_run;
++
++typedef struct {
++ id_t id;
++ uchar access;
++ SMB_ACL_TAG_T tag_type;
++} rsync_ace;
++
++typedef struct {
++ size_t count;
++ size_t malloced;
++ rsync_ace *races;
++} rsync_acl;
++
++static const rsync_acl rsync_acl_initializer = { 0, 0, NULL };
++
++static void expand_rsync_acl(rsync_acl *racl)
++{
++ /* first time through, 0 <= 0, so list is expanded:
++ * diabolical, rsync guys! */
++ if (racl->malloced <= racl->count) {
++ void *new_ptr;
++ size_t new_size;
++ racl->malloced += 10;
++ new_size = racl->malloced * sizeof racl->races[0];
++ if (racl->races)
++ new_ptr = realloc(racl->races, new_size);
++ else
++ new_ptr = malloc(new_size);
++ if (verbose >= 4) {
++ rprintf(FINFO, "expand rsync_acl to %.0f bytes, did%s move\n",
++ (double) new_size,
++ racl->races ? "" : " not");
++ }
++
++ racl->races = (rsync_ace *) new_ptr;
++
++ if (!racl->races)
++ out_of_memory("expand_rsync_acl");
++ }
++}
++
++static void rsync_acl_free(rsync_acl *racl)
++{
++ free(racl->races);
++ racl->races = NULL;
++ racl->count = 0;
++ racl->malloced = 0;
++}
++
++static int rsync_ace_sorter(const void *r1, const void *r2)
++{
++ rsync_ace *race1 = (rsync_ace *)r1;
++ SMB_ACL_TAG_T rtag1 = race1->tag_type;
++ id_t rid1 = race1->id;
++ rsync_ace *race2 = (rsync_ace *)r2;
++ SMB_ACL_TAG_T rtag2 = race2->tag_type;
++ id_t rid2 = race2->id;
++ /* start at the extrema */
++ if (rtag1 == SMB_ACL_USER_OBJ || rtag2 == SMB_ACL_MASK)
++ return -1;
++ if (rtag2 == SMB_ACL_USER_OBJ || rtag1 == SMB_ACL_MASK)
++ return 1;
++ /* work inwards */
++ if (rtag1 == SMB_ACL_OTHER)
++ return 1;
++ if (rtag2 == SMB_ACL_OTHER)
++ return -1;
++ /* only SMB_ACL_USERs and SMB_ACL_GROUP*s left */
++ if (rtag1 == SMB_ACL_USER) {
++ switch (rtag2) {
++ case SMB_ACL_GROUP:
++ case SMB_ACL_GROUP_OBJ:
++ case SMB_ACL_OTHER:
++ return -1;
++ }
++ /* both USER */
++ return rid1 == rid2 ? 0 : rid1 < rid2 ? -1 : 1;
++ }
++ if (rtag2 == SMB_ACL_USER)
++ return 1;
++ /* only SMB_ACL_GROUP*s to worry about; kick out GROUP_OBJs first */
++ if (rtag1 == SMB_ACL_GROUP_OBJ)
++ return -1;
++ if (rtag2 == SMB_ACL_GROUP_OBJ)
++ return 1;
++ /* only SMB_ACL_GROUPs left */
++ return rid1 == rid2 ? 0 : rid1 < rid2 ? -1 : 1;
++}
++
++static void sort_rsync_acl(rsync_acl *racl)
++{
++ if (!racl->count)
++ return;
++ qsort((void **)racl->races, racl->count, sizeof racl->races[0],
++ &rsync_ace_sorter);
++}
++
++static BOOL unpack_smb_acl(rsync_acl *racl, SMB_ACL_T sacl)
++{
++ SMB_ACL_ENTRY_T entry;
++ int rc;
++ const char *errfun;
++ *racl = rsync_acl_initializer;
++ errfun = "sys_acl_get_entry";
++ for (rc = sys_acl_get_entry(sacl, SMB_ACL_FIRST_ENTRY, &entry);
++ rc == 1;
++ rc = sys_acl_get_entry(sacl, SMB_ACL_NEXT_ENTRY, &entry)) {
++ SMB_ACL_PERMSET_T permset;
++ void *qualifier;
++ rsync_ace *race;
++ expand_rsync_acl(racl);
++ race = &racl->races[racl->count++];
++ if ((rc = sys_acl_get_tag_type(entry, &race->tag_type))) {
++ errfun = "sys_acl_get_tag_type";
++ break;
++ }
++ if ((rc = sys_acl_get_permset(entry, &permset))) {
++ errfun = "sys_acl_get_tag_type";
++ break;
++ }
++ race->access = (sys_acl_get_perm(permset, SMB_ACL_READ) ? 4 : 0)
++ | (sys_acl_get_perm(permset, SMB_ACL_WRITE) ? 2 : 0)
++ | (sys_acl_get_perm(permset, SMB_ACL_EXECUTE) ? 1 : 0);
++ switch (race->tag_type) {
++ case SMB_ACL_USER:
++ case SMB_ACL_GROUP:
++ break;
++ default:
++ continue;
++ }
++ if (!(qualifier = sys_acl_get_qualifier(entry))) {
++ errfun = "sys_acl_get_tag_type";
++ rc = EINVAL;
++ break;
++ }
++ race->id = *((id_t *)qualifier);
++ sys_acl_free_qualifier(qualifier, race->tag_type);
++ }
++ if (rc) {
++ rprintf(FERROR, "unpack_smb_acl: %s(): %s\n",
++ errfun, strerror(errno));
++ rsync_acl_free(racl);
++ return False;
++ }
++ sort_rsync_acl(racl);
++ return True;
++}
++
++static BOOL rsync_acls_equal(const rsync_acl *racl1, const rsync_acl *racl2)
++{
++ rsync_ace *race1, *race2;
++ size_t count = racl1->count;
++ if (count != racl2->count)
++ return False;
++ race1 = racl1->races;
++ race2 = racl2->races;
++ for (; count--; race1++, race2++) {
++ if (race1->tag_type != race2->tag_type
++ || race1->access != race2->access
++ || ((race1->tag_type == SMB_ACL_USER
++ || race1->tag_type == SMB_ACL_GROUP)
++ && race1->id != race2->id))
++ return False;
++ }
++ return True;
++}
++
++typedef struct {
++ size_t count;
++ size_t malloced;
++ rsync_acl *racls;
++} rsync_acl_list;
++
++static rsync_acl_list _rsync_acl_lists[] = {
++ { 0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */
++ { 0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */
++};
++
++static inline rsync_acl_list *rsync_acl_lists(SMB_ACL_TYPE_T type)
++{
++ return type == SMB_ACL_TYPE_ACCESS ? &_rsync_acl_lists[0]
++ : &_rsync_acl_lists[1];
++}
++
++static void expand_rsync_acl_list(rsync_acl_list *racl_list)
++{
++ /* first time through, 0 <= 0, so list is expanded:
++ * diabolical, rsync guys! */
++ if (racl_list->malloced <= racl_list->count) {
++ void *new_ptr;
++ size_t new_size;
++ if (racl_list->malloced < 1000)
++ racl_list->malloced += 1000;
++ else
++ racl_list->malloced *= 2;
++ new_size = racl_list->malloced * sizeof racl_list->racls[0];
++ if (racl_list->racls)
++ new_ptr = realloc(racl_list->racls, new_size);
++ else
++ new_ptr = malloc(new_size);
++ if (verbose >= 3) {
++ rprintf(FINFO, "expand_rsync_acl_list to %.0f bytes, did%s move\n",
++ (double) new_size,
++ racl_list->racls ? "" : " not");
++ }
++
++ racl_list->racls = (rsync_acl *) new_ptr;
++
++ if (!racl_list->racls)
++ out_of_memory("expand_rsync_acl_list");
++ }
++}
++
++#if 0
++static void free_rsync_acl_list(rsync_acl_list *racl_list)
++{
++ /* run this in reverse, so references are freed before referents, */
++ /* although not currently necessary */
++ while (racl_list->count--) {
++ rsync_acl *racl = &racl_list->racls[racl_list->count];
++ if (racl)
++ rsync_acl_free(racl);
++ }
++ free(racl_list->racls);
++ racl_list->racls = NULL;
++ racl_list->malloced = 0;
++}
++#endif
++
++static int find_matching_rsync_acl(SMB_ACL_TYPE_T type,
++ const rsync_acl_list *racl_list,
++ const rsync_acl *racl)
++{
++ static int access_match = -1, default_match = -1;
++ int *match = (type == SMB_ACL_TYPE_ACCESS) ?
++ &access_match : &default_match;
++ size_t count = racl_list->count;
++ /* if this is the first time through or we didn't match the last
++ * time, then start at the end of the list, which should be the
++ * best place to start hunting */
++ if (*match == -1)
++ *match = racl_list->count - 1;
++ while (count--) {
++ if (rsync_acls_equal(&racl_list->racls[*match], racl))
++ return *match;
++ if (!(*match)--)
++ *match = racl_list->count - 1;
++ }
++ *match = -1;
++ return *match;
++}
++
++/* the general strategy with the tag_type <-> character mapping is that
++ * lowercase implies that no qualifier follows, where uppercase does.
++ * same sorta thing for the acl type (access or default) itself, but
++ * lowercase in this instance means there's no ACL following, so the
++ * ACL is a repeat, so the receiver should reuse the last of the same
++ * type ACL */
++
++static void send_rsync_acl(int f, const rsync_acl *racl)
++{
++ rsync_ace *race;
++ size_t count = racl->count;
++ write_int(f, count);
++ for (race = racl->races; count--; race++) {
++ char ch;
++ switch (race->tag_type) {
++ case SMB_ACL_USER_OBJ:
++ ch = 'u';
++ break;
++ case SMB_ACL_USER:
++ ch = 'U';
++ break;
++ case SMB_ACL_GROUP_OBJ:
++ ch = 'g';
++ break;
++ case SMB_ACL_GROUP:
++ ch = 'G';
++ break;
++ case SMB_ACL_OTHER:
++ ch = 'o';
++ break;
++ case SMB_ACL_MASK:
++ ch = 'm';
++ break;
++ default:
++ rprintf(FERROR,
++ "send_rsync_acl: unknown tag_type (%0x) on ACE; disregarding\n",
++ race->tag_type);
++ continue;
++ }
++ write_byte(f, ch);
++ write_byte(f, race->access);
++ if (isupper((int)ch)) {
++ write_int(f, race->id);
++ /* FIXME: sorta wasteful. we should maybe buffer as
++ * many ids as max(ACL_USER + ACL_GROUP) objects to
++ * keep from making so many calls */
++ if (ch == 'U')
++ add_uid(race->id);
++ else
++ add_gid(race->id);
++ }
++ }
++}
++
++static rsync_acl _curr_rsync_acls[2];
++
++
++static const char *str_acl_type(SMB_ACL_TYPE_T type)
++{
++ return type == SMB_ACL_TYPE_ACCESS ? "SMB_ACL_TYPE_ACCESS" :
++ type == SMB_ACL_TYPE_DEFAULT ? "SMB_ACL_TYPE_DEFAULT" :
++ "unknown SMB_ACL_TYPE_T";
++}
++
++/* generate the ACL(s) for this flist entry;
++ * ACL(s) are either sent or cleaned-up by send_acl() below */
++
++BOOL make_acl(const struct file_struct *file, const char *fname)
++{
++ SMB_ACL_TYPE_T *type,
++ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
++ rsync_acl *curr_racl;
++ if (!preserve_acls || S_ISLNK(file->mode))
++ return True;
++ for (type = &types[0], curr_racl = &_curr_rsync_acls[0];
++ type < &types[0] + sizeof types / sizeof types[0]
++ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode));
++ type++, curr_racl++) {
++ SMB_ACL_T sacl;
++ BOOL ok;
++ *curr_racl = rsync_acl_initializer;
++ if (!(sacl = sys_acl_get_file(fname, *type))) {
++ rprintf(FERROR, "send_acl : sys_acl_get_file(%s, %s): %s\n",
++ fname, str_acl_type(*type), strerror(errno));
++ return False;
++ }
++ ok = unpack_smb_acl(curr_racl, sacl);
++ sys_acl_free_acl(sacl);
++ if (!ok)
++ return False;
++ }
++ return True;
++}
++
++/* send the make_acl()-generated ACLs for this flist entry,
++ * or clean up after an flist entry that's not being sent (f == -1) */
++
++void send_acl(const struct file_struct *file, int f)
++{
++ SMB_ACL_TYPE_T *type,
++ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
++ rsync_acl *curr_racl;
++ if (!preserve_acls || S_ISLNK(file->mode))
++ return;
++ for (type = &types[0], curr_racl = &_curr_rsync_acls[0];
++ type < &types[0] + sizeof types / sizeof types[0]
++ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode));
++ type++, curr_racl++) {
++ int index;
++ rsync_acl_list *racl_list = rsync_acl_lists(*type);
++ if (f == -1) {
++ rsync_acl_free(curr_racl);
++ continue;
++ }
++ if ((index = find_matching_rsync_acl(*type, racl_list, curr_racl))
++ != -1) {
++ write_byte(f, *type == SMB_ACL_TYPE_ACCESS ? 'a' : 'd');
++ write_int(f, index);
++ rsync_acl_free(curr_racl);
++ } else {
++ write_byte(f, *type == SMB_ACL_TYPE_ACCESS ? 'A' : 'D');
++ send_rsync_acl(f, curr_racl);
++ expand_rsync_acl_list(racl_list);
++ racl_list->racls[racl_list->count++] = *curr_racl;
++ }
++ }
++}
++
++/* the below stuff is only used by the receiver */
++
++/* structure to hold index to rsync_acl_list member corresponding to
++ * flist->files[i] */
++
++typedef struct {
++ const struct file_struct *file;
++ int aclidx;
++} file_acl_index;
++
++typedef struct {
++ size_t count;
++ size_t malloced;
++ file_acl_index *fileaclidxs;
++} file_acl_index_list;
++
++static file_acl_index_list _file_acl_index_lists[] = {
++ {0, 0, NULL },/* SMB_ACL_TYPE_ACCESS */
++ {0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */
++};
++
++static inline file_acl_index_list *file_acl_index_lists(SMB_ACL_TYPE_T type)
++{
++ return type == SMB_ACL_TYPE_ACCESS ?
++ &_file_acl_index_lists[0] : &_file_acl_index_lists[1];
++}
++
++static void expand_file_acl_index_list(file_acl_index_list *fileaclidx_list)
++{
++ /* first time through, 0 <= 0, so list is expanded:
++ * diabolical, rsync guys! */
++ if (fileaclidx_list->malloced <= fileaclidx_list->count) {
++ void *new_ptr;
++ size_t new_size;
++ if (fileaclidx_list->malloced < 1000)
++ fileaclidx_list->malloced += 1000;
++ else
++ fileaclidx_list->malloced *= 2;
++ new_size = fileaclidx_list->malloced
++ * sizeof fileaclidx_list->fileaclidxs[0];
++ if (fileaclidx_list->fileaclidxs)
++ new_ptr = realloc(fileaclidx_list->fileaclidxs, new_size);
++ else
++ new_ptr = malloc(new_size);
++ if (verbose >= 3) {
++ rprintf(FINFO, "expand_file_acl_index_list to %.0f bytes, did%s move\n",
++ (double) new_size,
++ fileaclidx_list->fileaclidxs ? "" : " not");
++ }
++
++ fileaclidx_list->fileaclidxs = (file_acl_index *) new_ptr;
++
++ if (!fileaclidx_list->fileaclidxs)
++ out_of_memory("expand_file_acl_index_list");
++ }
++}
++
++#if 0
++static void free_file_acl_index_list(file_acl_index_list *fileaclidx_list)
++{
++ free(fileaclidx_list->fileaclidxs);
++ fileaclidx_list->fileaclidxs = NULL;
++ fileaclidx_list->malloced = 0;
++}
++#endif
++
++/* lists to hold the SMB_ACL_Ts corresponding to the rsync_acl_list entries */
++
++typedef struct {
++ size_t count;
++ size_t malloced;
++ SMB_ACL_T *sacls;
++} smb_acl_list;
++
++static smb_acl_list _smb_acl_lists[] = {
++ { 0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */
++ { 0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */
++};
++
++static inline smb_acl_list *smb_acl_lists(SMB_ACL_TYPE_T type)
++{
++ return type == SMB_ACL_TYPE_ACCESS ? &_smb_acl_lists[0] :
++ &_smb_acl_lists[1];
++}
++
++static void expand_smb_acl_list(smb_acl_list *sacl_list)
++{
++ /* first time through, 0 <= 0, so list is expanded:
++ * diabolical, rsync guys! */
++ if (sacl_list->malloced <= sacl_list->count) {
++ void *new_ptr;
++ size_t new_size;
++ if (sacl_list->malloced < 1000)
++ sacl_list->malloced += 1000;
++ else
++ sacl_list->malloced *= 2;
++ new_size = sacl_list->malloced
++ * sizeof sacl_list->sacls[0];
++ if (sacl_list->sacls)
++ new_ptr = realloc(sacl_list->sacls, new_size);
++ else
++ new_ptr = malloc(new_size);
++ if (verbose >= 3) {
++ rprintf(FINFO, "expand_smb_acl_list to %.0f bytes, did%s move\n",
++ (double) new_size,
++ sacl_list->sacls ? "" : " not");
++ }
++
++ sacl_list->sacls = (SMB_ACL_T *) new_ptr;
++
++ if (!sacl_list->sacls)
++ out_of_memory("expand_smb_acl_list");
++ }
++}
++
++#if 0
++static void free_smb_acl_list(SMB_ACL_TYPE_T type)
++{
++ smb_acl_list *sacl_list = smb_acl_lists(type);
++ SMB_ACL_T *sacl = sacl_list->sacls;
++ while (sacl_list->count--) {
++ if (*sacl)
++ sys_acl_free_acl(*sacl++);
++ }
++ free(sacl_list->sacls);
++ sacl_list->sacls = NULL;
++ sacl_list->malloced = 0;
++}
++#endif
++
++/* build an SMB_ACL_T corresponding to an rsync_acl */
++static BOOL pack_smb_acl(SMB_ACL_T *smb_acl, const rsync_acl *racl)
++{
++ size_t count = racl->count;
++ rsync_ace *race = racl->races;
++ const char *errfun = NULL;
++ *smb_acl = sys_acl_init(count);
++ if (!*smb_acl) {
++ rprintf(FERROR, "pack_smb_acl: sys_acl_int(): %s\n",
++ strerror(errno));
++ return False;
++ }
++ for (; count--; race++) {
++ SMB_ACL_ENTRY_T entry;
++ SMB_ACL_PERMSET_T permset;
++ if (sys_acl_create_entry(smb_acl, &entry)) {
++ errfun = "sys_acl_create)";
++ break;
++ }
++ if (sys_acl_set_tag_type(entry, race->tag_type)) {
++ errfun = "sys_acl_set_tag";
++ break;
++ }
++ if (race->tag_type == SMB_ACL_USER ||
++ race->tag_type == SMB_ACL_GROUP)
++ if (sys_acl_set_qualifier(entry, (void*)&race->id)) {
++ errfun = "sys_acl_set_qualfier";
++ break;
++ }
++ if (sys_acl_get_permset(entry, &permset)) {
++ errfun = "sys_acl_get_permset";
++ break;
++ }
++ if (sys_acl_clear_perms(permset)) {
++ errfun = "sys_acl_clear_perms";
++ break;
++ }
++ if (race->access & 4)
++ if (sys_acl_add_perm(permset, SMB_ACL_READ)) {
++ errfun = "sys_acl_add_perm";
++ break;
++ }
++ if (race->access & 2)
++ if (sys_acl_add_perm(permset, SMB_ACL_WRITE)) {
++ errfun = "sys_acl_add_perm";
++ break;
++ }
++ if (race->access & 1)
++ if (sys_acl_add_perm(permset, SMB_ACL_EXECUTE)) {
++ errfun = "sys_acl_add_perm";
++ break;
++ }
++ if (sys_acl_set_permset(entry, permset)) {
++ errfun = "sys_acl_set_permset";
++ break;
++ }
++ }
++ if (errfun) {
++ sys_acl_free_acl(*smb_acl);
++ rprintf(FERROR, "pack_smb_acl %s(): %s\n", errfun,
++ strerror(errno));
++ return False;
++ }
++ return True;
++}
++
++static void receive_rsync_acl(rsync_acl *racl, int f)
++{
++#if ACLS_NEED_MASK
++ uchar required_mask_perm = 0;
++ BOOL saw_mask = False;
++#endif
++ BOOL saw_user_obj = False, saw_group_obj = False,
++ saw_other = False;
++ size_t count = read_int(f);
++ rsync_ace *race;
++ if (!count)
++ return;
++ while (count--) {
++ uchar tag = read_byte(f);
++ expand_rsync_acl(racl);
++ race = &racl->races[racl->count++];
++ switch (tag) {
++ case 'u':
++ race->tag_type = SMB_ACL_USER_OBJ;
++ saw_user_obj = True;
++ break;
++ case 'U':
++ race->tag_type = SMB_ACL_USER;
++ break;
++ case 'g':
++ race->tag_type = SMB_ACL_GROUP_OBJ;
++ saw_group_obj = True;
++ break;
++ case 'G':
++ race->tag_type = SMB_ACL_GROUP;
++ break;
++ case 'o':
++ race->tag_type = SMB_ACL_OTHER;
++ saw_other = True;
++ break;
++ case 'm':
++ race->tag_type = SMB_ACL_MASK;
++#if ACLS_NEED_MASK
++ saw_mask = True;
++#endif
++ break;
++ default:
++ rprintf(FERROR, "receive_rsync_acl: unknown tag %c\n",
++ tag);
++ exit_cleanup(RERR_STREAMIO);
++ }
++ race->access = read_byte(f);
++ if (race->access & ~ (4 | 2 | 1)) {
++ rprintf(FERROR, "receive_rsync_acl: bogus permset %o\n",
++ race->access);
++ exit_cleanup(RERR_STREAMIO);
++ }
++ if (race->tag_type == SMB_ACL_USER ||
++ race->tag_type == SMB_ACL_GROUP) {
++ race->id = read_int(f);
++#if ACLS_NEED_MASK
++ required_mask_perm |= race->access;
++#endif
++ }
++#if ACLS_NEED_MASK
++ else if (race->tag_type == SMB_ACL_GROUP_OBJ)
++ required_mask_perm |= race->access;
++#endif
++
++ }
++ if (!saw_user_obj) {
++ expand_rsync_acl(racl);
++ race = &racl->races[racl->count++];
++ race->tag_type = SMB_ACL_USER_OBJ;
++ race->access = 7;
++ }
++ if (!saw_group_obj) {
++ expand_rsync_acl(racl);
++ race = &racl->races[racl->count++];
++ race->tag_type = SMB_ACL_GROUP_OBJ;
++ race->access = 0;
++ }
++ if (!saw_other) {
++ expand_rsync_acl(racl);
++ race = &racl->races[racl->count++];
++ race->tag_type = SMB_ACL_OTHER;
++ race->access = 0;
++ }
++#if ACLS_NEED_MASK
++ if (!saw_mask) {
++ expand_rsync_acl(racl);
++ race = &racl->races[racl->count++];
++ race->tag_type = SMB_ACL_MASK;
++ race->access = required_mask_perm;
++ }
++#endif
++#if ACLS_NEED_MASK
++ if (!(saw_user_obj && saw_group_obj && saw_other && saw_mask))
++#else
++ if (!(saw_user_obj && saw_group_obj && saw_other))
++#endif
++ sort_rsync_acl(racl);
++}
++
++/* receive and build the rsync_acl_lists */
++
++void receive_acl(struct file_struct *file, int f)
++{
++ SMB_ACL_TYPE_T *type,
++ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
++ char *fname;
++ if (!preserve_acls || S_ISLNK(file->mode))
++ return;
++ fname = f_name(file);
++ for (type = &types[0];
++ type < &types[0] + sizeof types / sizeof types[0]
++ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode));
++ type++) {
++ file_acl_index_list *fileaclidx_list =
++ file_acl_index_lists(*type);
++ uchar tag;
++ expand_file_acl_index_list(fileaclidx_list);
++
++ tag = read_byte(f);
++ if (tag == 'A' || tag == 'a') {
++ if (*type != SMB_ACL_TYPE_ACCESS) {
++ rprintf(FERROR, "receive_acl %s: duplicate access ACL\n",
++ fname);
++ exit_cleanup(RERR_STREAMIO);
++ }
++ } else if (tag == 'D' || tag == 'd') {
++ if (*type == SMB_ACL_TYPE_ACCESS) {
++ rprintf(FERROR, "receive_acl %s: expecting access ACL; got default\n",
++ fname);
++ exit_cleanup(RERR_STREAMIO);
++ }
++ } else {
++ rprintf(FERROR, "receive_acl %s: unknown ACL type tag: %c\n",
++ fname, tag);
++ exit_cleanup(RERR_STREAMIO);
++ }
++ if (tag == 'A' || tag == 'D') {
++ rsync_acl racl = rsync_acl_initializer;
++ rsync_acl_list *racl_list = rsync_acl_lists(*type);
++ smb_acl_list *sacl_list = smb_acl_lists(*type);
++ fileaclidx_list->fileaclidxs[fileaclidx_list->count].
++ aclidx = racl_list->count;
++ fileaclidx_list->fileaclidxs[fileaclidx_list->count++].
++ file = file;
++ receive_rsync_acl(&racl, f);
++ expand_rsync_acl_list(racl_list);
++ racl_list->racls[racl_list->count++] = racl;
++ expand_smb_acl_list(sacl_list);
++ sacl_list->sacls[sacl_list->count++] = NULL;
++ } else {
++ int index = read_int(f);
++ rsync_acl_list *racl_list = rsync_acl_lists(*type);
++ if ((size_t) index >= racl_list->count) {
++ rprintf(FERROR, "receive_acl %s: %s ACL index %d out of range\n",
++ fname,
++ str_acl_type(*type),
++ index);
++ exit_cleanup(RERR_STREAMIO);
++ }
++ fileaclidx_list->fileaclidxs[fileaclidx_list->count].
++ aclidx = index;
++ fileaclidx_list->fileaclidxs[fileaclidx_list->count++].
++ file = file;
++ }
++ }
++}
++
++static int file_acl_index_list_sorter(const void *f1, const void *f2)
++{
++ const file_acl_index *fileaclidx1 = (const file_acl_index *)f1;
++ const file_acl_index *fileaclidx2 = (const file_acl_index *)f2;
++ return fileaclidx1->file == fileaclidx2->file ? 0 :
++ fileaclidx1->file < fileaclidx2->file ? -1 : 1;
++}
++
++void sort_file_acl_index_lists()
++{
++ SMB_ACL_TYPE_T *type,
++ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
++ if (!preserve_acls)
++ return;
++ for (type = &types[0];
++ type < &types[0] + sizeof types / sizeof types[0];
++ type++)
++ {
++ file_acl_index_list *fileaclidx_list =
++ file_acl_index_lists(*type);
++ if (!fileaclidx_list->count)
++ continue;
++ qsort(fileaclidx_list->fileaclidxs, fileaclidx_list->count,
++ sizeof fileaclidx_list->fileaclidxs[0],
++ &file_acl_index_list_sorter);
++ }
++}
++
++static int find_file_acl_index(const file_acl_index_list *fileaclidx_list,
++ const struct file_struct *file) {
++ int low = 0, high = fileaclidx_list->count;
++ const struct file_struct *file_mid;
++ if (!high--)
++ return -1;
++ do {
++ int mid = (high + low) / 2;
++ file_mid = fileaclidx_list->fileaclidxs[mid].file;
++ if (file_mid == file)
++ return fileaclidx_list->fileaclidxs[mid].aclidx;
++ if (file_mid > file)
++ high = mid - 1;
++ else
++ low = mid + 1;
++ } while (low < high);
++ if (low == high) {
++ file_mid = fileaclidx_list->fileaclidxs[low].file;
++ if (file_mid == file)
++ return fileaclidx_list->fileaclidxs[low].aclidx;
++ }
++ rprintf(FERROR,
++ "find_file_acl_index: can't find entry for file in list\n");
++ exit_cleanup(RERR_STREAMIO);
++ return -1;
++}
++
++/* for duplicating ACLs on backups when using backup_dir */
++
++int dup_acl(const char *orig, const char *bak, mode_t mode)
++{
++ SMB_ACL_TYPE_T *type,
++ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
++ int ret = 0;
++ if (!preserve_acls)
++ return 0;
++ for (type = &types[0];
++ type < &types[0] + sizeof types / sizeof types[0]
++ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(mode));
++ type++) {
++ SMB_ACL_T sacl_orig, sacl_bak;
++ rsync_acl racl_orig, racl_bak;
++ if (!(sacl_orig = sys_acl_get_file(orig, *type))) {
++ rprintf(FERROR, "dup_acl : sys_acl_get_file(%s, %s): %s\n",
++ orig, str_acl_type(*type), strerror(errno));
++ ret = -1;
++ continue;
++ }
++ if (!(sacl_bak = sys_acl_get_file(orig, *type))) {
++ rprintf(FERROR, "dup_acl : sys_acl_get_file(%s, %s): %s. ignoring\n",
++ bak, str_acl_type(*type), strerror(errno));
++ ret = -1;
++ /* try to forge on through */
++ }
++ if (!unpack_smb_acl(&racl_orig, sacl_orig)) {
++ ret = -1;
++ goto out_with_sacls;
++ }
++ if (sacl_bak) {
++ if (!unpack_smb_acl(&racl_bak, sacl_bak)) {
++ ret = -1;
++ goto out_with_one_racl;
++ }
++ if (rsync_acls_equal(&racl_orig, &racl_bak))
++ goto out_with_all;
++ } else {
++ ; /* presume they're unequal */
++ }
++ if (*type == SMB_ACL_TYPE_DEFAULT && !racl_orig.count) {
++ if (-1 == sys_acl_delete_def_file(bak)) {
++ rprintf(FERROR, "dup_acl: sys_acl_delete_def_file(%s): %s\n",
++ bak, strerror(errno));
++ ret = -1;
++ }
++ } else if (-1 == sys_acl_set_file(bak, *type, sacl_bak)) {
++ rprintf(FERROR, "dup_acl : sys_acl_set_file(%s, %s): %s\n",
++ bak, str_acl_type(*type), strerror(errno));
++ ret = -1;
++ }
++ out_with_all:
++ if (sacl_bak)
++ rsync_acl_free(&racl_bak);
++ out_with_one_racl:
++ rsync_acl_free(&racl_orig);
++ out_with_sacls:
++ if (sacl_bak)
++ sys_acl_free_acl(sacl_bak);
++ /* out_with_one_sacl: */
++ if (sacl_orig)
++ sys_acl_free_acl(sacl_orig);
++ }
++ return ret;
++}
++
++/* stuff for redirecting calls to set_acl() from set_perms()
++ * for keep_backup() */
++static const struct file_struct *backup_orig_file = NULL;
++static const char null_string[] = "";
++static const char *backup_orig_fname = null_string;
++static const char *backup_dest_fname = null_string;
++static SMB_ACL_T _backup_sacl[] = { NULL, NULL };
++
++void push_keep_backup_acl(const struct file_struct *file,
++ const char *orig, const char *dest)
++{
++ if (preserve_acls) {
++ SMB_ACL_TYPE_T *type,
++ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
++ SMB_ACL_T *sacl;
++ backup_orig_file = file;
++ backup_orig_fname = orig;
++ backup_dest_fname = dest;
++ for (type = &types[0], sacl = &_backup_sacl[0];
++ type < &types[0] + sizeof types / sizeof types[0];
++ type++) {
++ if (*type == SMB_ACL_TYPE_DEFAULT && !S_ISDIR(file->mode))
++ *sacl = NULL;
++ else {
++ if (!(*sacl = sys_acl_get_file(orig, *type))) {
++ rprintf(FERROR, "push_keep_backup_acl : sys_acl_get_file(%s, %s): %s\n",
++ orig, str_acl_type(*type),
++ strerror(errno));
++ }
++ }
++ }
++ }
++}
++
++static int set_keep_backup_acl()
++{
++ if (preserve_acls) {
++ SMB_ACL_TYPE_T *type,
++ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
++ SMB_ACL_T *sacl;
++ int ret = 0;
++ for (type = &types[0], sacl = &_backup_sacl[0];
++ type < &types[0] + sizeof types / sizeof types[0];
++ type++) {
++ if (*sacl) {
++ if (-1 == sys_acl_set_file(backup_dest_fname,
++ *type, *sacl))
++ {
++ rprintf(FERROR, "push_keep_backup_acl : sys_acl_get_file(%s, %s): %s\n",
++ backup_dest_fname,
++ str_acl_type(*type),
++ strerror(errno));
++ ret = -1;
++ }
++ }
++ }
++ return ret;
++ }
++ return 0;
++}
++
++void cleanup_keep_backup_acl()
++{
++ if (preserve_acls) {
++ SMB_ACL_TYPE_T *type,
++ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
++ SMB_ACL_T *sacl;
++ backup_orig_file = NULL;
++ backup_orig_fname = null_string;
++ backup_dest_fname = null_string;
++ for (type = &types[0], sacl = &_backup_sacl[0];
++ type < &types[0] + sizeof types / sizeof types[0];
++ type++) {
++ if (*sacl)
++ sys_acl_free_acl(*sacl);
++ *sacl = NULL;
++ }
++ }
++}
++
++/* set ACL on rsync-ed or keep_backup-ed file */
++
++int set_acl(const char *fname, const struct file_struct *file)
++{
++ int updated = 0;
++ SMB_ACL_TYPE_T *type,
++ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
++ if (dry_run || !preserve_acls || S_ISLNK(file->mode))
++ return 0;
++ if (file == backup_orig_file) {
++ if (!strcmp(fname, backup_dest_fname))
++ return set_keep_backup_acl();
++ }
++ for (type = &types[0];
++ type < &types[0] + sizeof types / sizeof types[0]
++ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode));
++ type++) {
++ SMB_ACL_T sacl_orig, *sacl_new;
++ rsync_acl racl_orig, *racl_new;
++ int aclidx = find_file_acl_index(file_acl_index_lists(*type),
++ file);
++ BOOL ok;
++ racl_new = &(rsync_acl_lists(*type)->racls[aclidx]);
++ sacl_new = &(smb_acl_lists(*type)->sacls[aclidx]);
++ sacl_orig = sys_acl_get_file(fname, *type);
++ if (!sacl_orig) {
++ rprintf(FERROR, "set_acl: sys_acl_get_file(%s, %s): %s\n",
++ fname, str_acl_type(*type), strerror(errno));
++ updated = -1;
++ continue;
++ }
++ ok = unpack_smb_acl(&racl_orig, sacl_orig);
++ sys_acl_free_acl(sacl_orig);
++ if (!ok) {
++ updated = -1;
++ continue;
++ }
++ ok = rsync_acls_equal(&racl_orig, racl_new);
++ rsync_acl_free(&racl_orig);
++ if (ok)
++ continue;
++ if (*type == SMB_ACL_TYPE_DEFAULT && !racl_new->count) {
++ if (-1 == sys_acl_delete_def_file(fname)) {
++ rprintf(FERROR, "set_acl: sys_acl_delete_def_file(%s): %s\n",
++ fname, strerror(errno));
++ updated = -1;
++ continue;
++ }
++ } else {
++ if (!*sacl_new)
++ if (!pack_smb_acl(sacl_new, racl_new)) {
++ updated = -1;
++ continue;
++ }
++ if (-1 == sys_acl_set_file(fname, *type, *sacl_new)) {
++ rprintf(FERROR, "set_acl: sys_acl_set_file(%s, %s): %s\n",
++ fname, str_acl_type(*type),
++ strerror(errno));
++ updated = -1;
++ continue;
++ }
++ }
++ if (!updated)
++ updated = 1;
++ }
++ return updated;
++}
++
++/* enumeration functions for uid mapping */
++
++/* context -- one and only one. should be cycled through once on uid mapping
++ * and once on gid mapping */
++static rsync_acl_list *_enum_racl_lists[] = {
++ &_rsync_acl_lists[0], &_rsync_acl_lists[1], NULL
++};
++
++static rsync_acl_list **enum_racl_list = &_enum_racl_lists[0];
++static size_t enum_racl_index = 0;
++static size_t enum_race_index = 0;
++
++/* this returns the next tag_type id from the given acl for the next entry,
++ * or it returns 0 if there are no more tag_type ids in the acl */
++
++static id_t next_ace_id(SMB_ACL_TAG_T tag_type, const rsync_acl *racl)
++{
++ for (; enum_race_index < racl->count; enum_race_index++) {
++ rsync_ace *race = &racl->races[enum_race_index];
++ if (race->tag_type == tag_type)
++ return race->id;
++ }
++ enum_race_index = 0;
++ return 0;
++}
++
++static id_t next_acl_id(SMB_ACL_TAG_T tag_type, const rsync_acl_list *racl_list)
++{
++ for (; enum_racl_index < racl_list->count; enum_racl_index++) {
++ rsync_acl *racl = &racl_list->racls[enum_racl_index];
++ id_t id = next_ace_id(tag_type, racl);
++ if (id)
++ return id;
++ }
++ enum_racl_index = 0;
++ return 0;
++}
++
++static id_t next_acl_list_id(SMB_ACL_TAG_T tag_type)
++{
++ for (; *enum_racl_list; enum_racl_list++) {
++ id_t id = next_acl_id(tag_type, *enum_racl_list);
++ if (id)
++ return id;
++ }
++ enum_racl_list = &_enum_racl_lists[0];
++ return 0;
++}
++
++id_t next_acl_uid()
++{
++ return next_acl_list_id(SMB_ACL_USER);
++}
++
++id_t next_acl_gid()
++{
++ return next_acl_list_id(SMB_ACL_GROUP);
++}
++
++/* referring to the global context enum_entry, sets the entry's id */
++static void set_acl_id(id_t id)
++{
++ (*enum_racl_list)->racls[enum_racl_index].races[enum_race_index++].id = id;
++}
++
++void acl_uid_map(id_t uid)
++{
++ set_acl_id(uid);
++}
++
++void acl_gid_map(id_t gid)
++{
++ set_acl_id(gid);
++}
++
++
++
++#endif /* SUPPORT_ACLS */
+--- backup.c 13 May 2004 06:34:03 -0000 1.30
++++ backup.c 13 May 2004 17:58:42 -0000
+@@ -104,6 +104,7 @@ static int make_bak_dir(char *fullpath)
+ } else {
+ do_lchown(fullpath, st.st_uid, st.st_gid);
+ do_chmod(fullpath, st.st_mode);
++ (void)DUP_ACL(end, fullpath, st.st_mode);
+ }
+ }
+ *p = '/';
+@@ -165,6 +166,8 @@ static int keep_backup(char *fname)
+ return 0;
+ }
+
++ PUSH_KEEP_BACKUP_ACL(file, fname, backup_dir_buf);
++
+ #ifdef HAVE_MKNOD
+ /* Check to see if this is a device file, or link */
+ if (IS_DEVICE(file->mode)) {
+@@ -235,6 +238,7 @@ static int keep_backup(char *fname)
+ }
+ }
+ set_perms(backup_dir_buf, file, NULL, 0);
++ CLEANUP_KEEP_BACKUP_ACL();
+ free(file);
+
+ if (verbose > 1)
+--- configure.in 30 Apr 2004 18:03:33 -0000 1.196
++++ configure.in 13 May 2004 17:58:44 -0000
+@@ -434,6 +434,11 @@ if test x"$ac_cv_func_strcasecmp" = x"no
+ AC_CHECK_LIB(resolv, strcasecmp)
+ fi
+
++AC_CHECK_FUNCS(aclsort)
++if test x"$ac_cv_func_aclsort" = x"no"; then
++ AC_CHECK_LIB(sec, aclsort)
++fi
++
+ dnl At the moment we don't test for a broken memcmp(), because all we
+ dnl need to do is test for equality, not comparison, and it seems that
+ dnl every platform has a memcmp that can do at least that.
+@@ -654,6 +659,74 @@ AC_SUBST(OBJ_SAVE)
+ AC_SUBST(OBJ_RESTORE)
+ AC_SUBST(CC_SHOBJ_FLAG)
+ AC_SUBST(BUILD_POPT)
++
++AC_CHECK_HEADERS(sys/acl.h)
++AC_CHECK_FUNCS(_acl __acl _facl __facl)
++#################################################
++# check for ACL support
++
++AC_MSG_CHECKING(whether to support ACLs)
++AC_ARG_WITH(acl-support,
++[ --with-acl-support Include ACL support (default=no)],
++[ case "$withval" in
++ yes)
++
++ case "$host_os" in
++ *sysv5*)
++ AC_MSG_RESULT(Using UnixWare ACLs)
++ AC_DEFINE(HAVE_UNIXWARE_ACLS, 1, [true if you have UnixWare ACLs])
++ ;;
++ *solaris*)
++ AC_MSG_RESULT(Using solaris ACLs)
++ AC_DEFINE(HAVE_SOLARIS_ACLS, 1, [true if you have solaris ACLs])
++ ;;
++ *hpux*)
++ AC_MSG_RESULT(Using HPUX ACLs)
++ AC_DEFINE(HAVE_HPUX_ACLS, 1, [true if you have HPUX ACLs])
++ ;;
++ *irix*)
++ AC_MSG_RESULT(Using IRIX ACLs)
++ AC_DEFINE(HAVE_IRIX_ACLS, 1, [true if you have IRIX ACLs])
++ ;;
++ *aix*)
++ AC_MSG_RESULT(Using AIX ACLs)
++ AC_DEFINE(HAVE_AIX_ACLS, 1, [true if you have AIX ACLs])
++ ;;
++ *osf*)
++ AC_MSG_RESULT(Using Tru64 ACLs)
++ AC_DEFINE(HAVE_TRU64_ACLS, 1, [true if you have Tru64 ACLs])
++ LIBS="$LIBS -lpacl"
++ ;;
++ *)
++ AC_CHECK_LIB(acl,acl_get_file)
++ AC_CACHE_CHECK([for ACL support],samba_cv_HAVE_POSIX_ACLS,[
++ AC_TRY_LINK([#include <sys/types.h>
++#include <sys/acl.h>],
++[ acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p);],
++samba_cv_HAVE_POSIX_ACLS=yes,samba_cv_HAVE_POSIX_ACLS=no)])
++ if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then
++ AC_MSG_RESULT(Using posix ACLs)
++ AC_DEFINE(HAVE_POSIX_ACLS, 1, [true if you have posix ACLs])
++ AC_CACHE_CHECK([for acl_get_perm_np],samba_cv_HAVE_ACL_GET_PERM_NP,[
++ AC_TRY_LINK([#include <sys/types.h>
++#include <sys/acl.h>],
++[ acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm);],
++samba_cv_HAVE_ACL_GET_PERM_NP=yes,samba_cv_HAVE_ACL_GET_PERM_NP=no)])
++ if test x"$samba_cv_HAVE_ACL_GET_PERM_NP" = x"yes"; then
++ AC_DEFINE(HAVE_ACL_GET_PERM_NP, 1, [true if you have acl_get_perm_np])
++ fi
++ fi
++ ;;
++ esac
++ ;;
++ *)
++ AC_MSG_RESULT(no)
++ AC_DEFINE(HAVE_NO_ACLS, 1, [true if you don't have ACLs])
++ ;;
++ esac ],
++ AC_DEFINE(HAVE_NO_ACLS, 1, [true if you don't have ACLs])
++ AC_MSG_RESULT(no)
++)
+
+ AC_CONFIG_FILES([Makefile lib/dummy zlib/dummy popt/dummy shconfig])
+ AC_OUTPUT
+--- flist.c 11 May 2004 17:25:16 -0000 1.221
++++ flist.c 13 May 2004 17:58:44 -0000
+@@ -931,6 +931,8 @@ void send_file_name(int f, struct file_l
+
+ if (!file)
+ return;
++ if (!MAKE_ACL(file, fname))
++ return;
+
+ maybe_emit_filelist_progress(flist);
+
+@@ -942,6 +944,10 @@ void send_file_name(int f, struct file_l
+ if (file->basename[0]) {
+ flist->files[flist->count++] = file;
+ send_file_entry(file, f, base_flags);
++ SEND_ACL(file, f);
++ } else {
++ /* Cleanup unsent ACL(s). */
++ SEND_ACL(file, -1);
+ }
+
+ if (recursive && S_ISDIR(file->mode)
+@@ -1257,6 +1263,8 @@ struct file_list *recv_file_list(int f)
+ flags |= read_byte(f) << 8;
+ receive_file_entry(&flist->files[i], flags, flist, f);
+
++ RECEIVE_ACL(flist->files[i], f);
++
+ if (S_ISREG(flist->files[i]->mode))
+ stats.total_size += flist->files[i]->length;
+
+@@ -1278,6 +1286,8 @@ struct file_list *recv_file_list(int f)
+ finish_filelist_progress(flist);
+
+ clean_flist(flist, relative_paths, 1);
++
++ SORT_FILE_ACL_INDEX_LISTS();
+
+ if (f != -1) {
+ /* Now send the uid/gid list. This was introduced in
+--- generator.c 13 May 2004 06:55:01 -0000 1.82
++++ generator.c 13 May 2004 17:58:45 -0000
+@@ -328,6 +328,10 @@ void recv_generator(char *fname, struct
+ permission and modification time repair */
+ if (set_perms(fname,file,NULL,0) && verbose && (f_out != -1))
+ rprintf(FINFO,"%s/\n",fname);
++#if SUPPORT_ACLS
++ if (f_out == -1)
++ SET_ACL(fname, file);
++#endif
+ return;
+ }
+
+--- mkproto.awk 1 Jan 2004 21:10:50 -0000 1.6
++++ mkproto.awk 13 May 2004 17:58:45 -0000
+@@ -58,7 +58,7 @@ BEGIN {
+ next;
+ }
+
+-!/^OFF_T|^size_t|^off_t|^pid_t|^unsigned|^mode_t|^DIR|^user|^int|^char|^uint|^struct|^BOOL|^void|^time|^const/ {
++!/^OFF_T|^size_t|^off_t|^pid_t|^unsigned|^mode_t|^DIR|^user|^int|^char|^uint|^struct|^BOOL|^void|^time|^const|^SMB_ACL_T|^id_t/ {
+ next;
+ }
+
+--- options.c 6 May 2004 21:08:01 -0000 1.148
++++ options.c 13 May 2004 17:58:45 -0000
+@@ -41,6 +41,7 @@ int archive_mode = 0;
+ int copy_links = 0;
+ int preserve_links = 0;
+ int preserve_hard_links = 0;
++int preserve_acls = 0;
+ int preserve_perms = 0;
+ int preserve_devices = 0;
+ int preserve_uid = 0;
+@@ -147,6 +148,7 @@ static void print_rsync_version(enum log
+ {
+ char const *got_socketpair = "no ";
+ char const *hardlinks = "no ";
++ char const *acls = "no ";
+ char const *links = "no ";
+ char const *ipv6 = "no ";
+ STRUCT_STAT *dumstat;
+@@ -159,6 +161,10 @@ static void print_rsync_version(enum log
+ hardlinks = "";
+ #endif
+
++#if SUPPORT_ACLS
++ acls = "";
++#endif
++
+ #if SUPPORT_LINKS
+ links = "";
+ #endif
+@@ -173,9 +179,9 @@ static void print_rsync_version(enum log
+ "Copyright (C) 1996-2004 by Andrew Tridgell and others\n");
+ rprintf(f, "<http://rsync.samba.org/>\n");
+ rprintf(f, "Capabilities: %d-bit files, %ssocketpairs, "
+- "%shard links, %ssymlinks, batchfiles, \n",
++ "%shard links, %sacls, %ssymlinks, batchfiles, \n",
+ (int) (sizeof (OFF_T) * 8),
+- got_socketpair, hardlinks, links);
++ got_socketpair, hardlinks, acls, links);
+
+ /* Note that this field may not have type ino_t. It depends
+ * on the complicated interaction between largefile feature
+@@ -237,6 +243,7 @@ void usage(enum logcode F)
+ rprintf(F," --safe-links ignore \"unsafe\" symlinks\n");
+ rprintf(F," -H, --hard-links preserve hard links\n");
+ rprintf(F," -p, --perms preserve permissions\n");
++ rprintf(F," -A, --acls preserve ACLs (implies --perms)\n");
+ rprintf(F," -o, --owner preserve owner (root only)\n");
+ rprintf(F," -g, --group preserve group\n");
+ rprintf(F," -D, --devices preserve devices (root only)\n");
+@@ -380,6 +387,7 @@ static struct poptOption long_options[]
+ {"address", 0, POPT_ARG_STRING, &bind_address, 0, 0, 0 },
+ {"backup-dir", 0, POPT_ARG_STRING, &backup_dir, 0, 0, 0 },
+ {"hard-links", 'H', POPT_ARG_NONE, &preserve_hard_links, 0, 0, 0 },
++ {"acls", 'A', POPT_ARG_NONE, &preserve_acls, 0, 0, 0 },
+ {"read-batch", 0, POPT_ARG_STRING, &batch_prefix, OPT_READ_BATCH, 0, 0 },
+ {"write-batch", 0, POPT_ARG_STRING, &batch_prefix, OPT_WRITE_BATCH, 0, 0 },
+ {"files-from", 0, POPT_ARG_STRING, &files_from, 0, 0, 0 },
+@@ -584,6 +592,31 @@ int parse_arguments(int *argc, const cha
+ return 0;
+ #endif
+
++ case 'A':
++#if SUPPORT_ACLS
++ preserve_acls = 1;
++ preserve_perms = 1;
++#else
++ /* FIXME: this should probably be ignored with a
++ * warning and then countermeasures taken to
++ * restrict group and other access in the presence
++ * of any more restrictive ACLs, but this is safe
++ * for now */
++ /* FIXME: Don't say "server" if this is
++ * happening on the client. */
++ /* FIXME: Why do we have the duplicated
++ * rprintf? Everybody who gets this message
++ * ought to send it to the client and also to
++ * the logs. */
++ snprintf(err_buf,sizeof(err_buf),
++ "ACLs are not supported on this %s\n",
++ am_server ? "server" : "client");
++ rprintf(FERROR,"ERROR: ACLs not supported on this platform\n");
++ return 0;
++#endif /* SUPPORT_ACLS */
++ break;
++
++
+ default:
+ /* A large opt value means that set_refuse_options()
+ * turned this option off (opt-BASE is its index). */
+@@ -815,6 +848,8 @@ void server_options(char **args,int *arg
+
+ if (preserve_hard_links)
+ argstr[x++] = 'H';
++ if (preserve_acls)
++ argstr[x++] = 'A';
+ if (preserve_uid)
+ argstr[x++] = 'o';
+ if (preserve_gid)
+--- rsync.c 13 May 2004 07:08:25 -0000 1.136
++++ rsync.c 13 May 2004 17:58:45 -0000
+@@ -204,6 +204,14 @@ int set_perms(char *fname,struct file_st
+ }
+ #endif
+
++ /* If this is a directory, SET_ACL() will be called on the cleanup
++ * receive_generator() pass--if we called it here, we might clobber
++ * writability on the directory. everything else is OK to do now. */
++ if (!S_ISDIR(st->st_mode)) {
++ if (SET_ACL(fname, file) == 0)
++ updated = 1;
++ }
++
+ if (verbose > 1 && flags & PERMS_REPORT) {
+ if (updated)
+ rprintf(FINFO,"%s\n",fname);
+--- rsync.h 13 May 2004 06:53:23 -0000 1.202
++++ rsync.h 13 May 2004 17:58:45 -0000
+@@ -537,6 +537,40 @@ static inline int flist_up(struct file_l
+ #include "lib/permstring.h"
+ #include "lib/addrinfo.h"
+
++#define SUPPORT_ACLS HAVE_POSIX_ACLS|HAVE_UNIXWARE_ACLS|HAVE_SOLARIS_ACLS|\
++ HAVE_HPUX_ACLS|HAVE_IRIX_ACLS|HAVE_AIX_ACLS|HAVE_TRU64_ACLS
++
++#define ACLS_NEED_MASK HAVE_UNIXWARE_ACLS|HAVE_SOLARIS_ACLS|HAVE_HPUX_ACLS
++
++#if SUPPORT_ACLS
++#ifdef HAVE_SYS_ACL_H
++#include <sys/acl.h>
++#endif
++#define MAKE_ACL(file, fname) make_acl(file, fname)
++#define SEND_ACL(file, f) send_acl(file, f)
++#define RECEIVE_ACL(file, f) receive_acl(file, f)
++#define SORT_FILE_ACL_INDEX_LISTS() sort_file_acl_index_lists()
++#define SET_ACL(fname, file) set_acl(fname, file)
++#define NEXT_ACL_UID() next_acl_uid()
++#define ACL_UID_MAP(uid) acl_uid_map(uid)
++#define PUSH_KEEP_BACKUP_ACL(file, orig, dest) \
++ push_keep_backup_acl(file, orig, dest)
++#define CLEANUP_KEEP_BACKUP_ACL() cleanup_keep_backup_acl()
++#define DUP_ACL(orig, dest, mode) dup_acl(orig, dest, mode)
++#else /* SUPPORT_ACLS */
++#define MAKE_ACL(file, fname) 1 /* checked return value */
++#define SEND_ACL(file, f)
++#define RECEIVE_ACL(file, f)
++#define SORT_FILE_ACL_INDEX_LISTS()
++#define SET_ACL(fname, file) 0 /* checked return value */
++#define NEXT_ACL_UID()
++#define ACL_UID_MAP(uid)
++#define PUSH_KEEP_BACKUP_ACL(file, orig, dest)
++#define CLEANUP_KEEP_BACKUP_ACL()
++#define DUP_ACL(src, orig, mode) 0 /* checked return value */
++#endif /* SUPPORT_ACLS */
++#include "smb_acls.h"
++
+ #include "proto.h"
+
+ /* We have replacement versions of these if they're missing. */
+--- rsync.yo 7 May 2004 00:18:37 -0000 1.169
++++ rsync.yo 13 May 2004 17:58:46 -0000
+@@ -295,6 +295,7 @@ verb(
+ --safe-links ignore "unsafe" symlinks
+ -H, --hard-links preserve hard links
+ -p, --perms preserve permissions
++ -A, --acls preserve ACLs (implies -p) [local option]
+ -o, --owner preserve owner (root only)
+ -g, --group preserve group
+ -D, --devices preserve devices (root only)
+@@ -520,6 +521,11 @@ Without this option, each new file gets
+ source file's permissions and the umask at the receiving end, while all
+ other files (including updated files) retain their existing permissions
+ (which is the same behavior as other file-copy utilities, such as cp).
++
++dit(bf(-A, --acls)) This option causes rsync to update the remote
++ACLs to be the same as the local ACLs. This will work only if the
++remote machine's rsync supports this option also. This is a non-standard
++option.
+
+ dit(bf(-o, --owner)) This option causes rsync to set the owner of the
+ destination file to be the same as the source file. On most systems,
+--- /dev/null 1 Jan 1970 00:00:00 -0000
++++ smb_acls.h 13 May 2004 17:58:46 -0000
+@@ -0,0 +1,277 @@
++/*
++ Unix SMB/Netbios implementation.
++ Version 2.2.x
++ Portable SMB ACL interface
++ Copyright (C) Jeremy Allison 2000
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; either version 2 of the License, or
++ (at your option) any later version.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program; if not, write to the Free Software
++ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
++*/
++
++#ifndef _SMB_ACLS_H
++#define _SMB_ACLS_H
++
++#if defined(HAVE_POSIX_ACLS)
++
++/* This is an identity mapping (just remove the SMB_). */
++
++#define SMB_ACL_TAG_T acl_tag_t
++#define SMB_ACL_TYPE_T acl_type_t
++#define SMB_ACL_PERMSET_T acl_permset_t
++#define SMB_ACL_PERM_T acl_perm_t
++#define SMB_ACL_READ ACL_READ
++#define SMB_ACL_WRITE ACL_WRITE
++#define SMB_ACL_EXECUTE ACL_EXECUTE
++
++/* Types of ACLs. */
++#define SMB_ACL_USER ACL_USER
++#define SMB_ACL_USER_OBJ ACL_USER_OBJ
++#define SMB_ACL_GROUP ACL_GROUP
++#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ
++#define SMB_ACL_OTHER ACL_OTHER
++#define SMB_ACL_MASK ACL_MASK
++
++#define SMB_ACL_T acl_t
++
++#define SMB_ACL_ENTRY_T acl_entry_t
++
++#define SMB_ACL_FIRST_ENTRY ACL_FIRST_ENTRY
++#define SMB_ACL_NEXT_ENTRY ACL_NEXT_ENTRY
++
++#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS
++#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT
++
++#elif defined(HAVE_TRU64_ACLS)
++
++/* This is for DEC/Compaq Tru64 UNIX */
++
++#define SMB_ACL_TAG_T acl_tag_t
++#define SMB_ACL_TYPE_T acl_type_t
++#define SMB_ACL_PERMSET_T acl_permset_t
++#define SMB_ACL_PERM_T acl_perm_t
++#define SMB_ACL_READ ACL_READ
++#define SMB_ACL_WRITE ACL_WRITE
++#define SMB_ACL_EXECUTE ACL_EXECUTE
++
++/* Types of ACLs. */
++#define SMB_ACL_USER ACL_USER
++#define SMB_ACL_USER_OBJ ACL_USER_OBJ
++#define SMB_ACL_GROUP ACL_GROUP
++#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ
++#define SMB_ACL_OTHER ACL_OTHER
++#define SMB_ACL_MASK ACL_MASK
++
++#define SMB_ACL_T acl_t
++
++#define SMB_ACL_ENTRY_T acl_entry_t
++
++#define SMB_ACL_FIRST_ENTRY 0
++#define SMB_ACL_NEXT_ENTRY 1
++
++#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS
++#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT
++
++#elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS)
++/*
++ * Donated by Michael Davidson <md@sco.COM> for UnixWare / OpenUNIX.
++ * Modified by Toomas Soome <tsoome@ut.ee> for Solaris.
++ */
++
++/* SVR4.2 ES/MP ACLs */
++typedef int SMB_ACL_TAG_T;
++typedef int SMB_ACL_TYPE_T;
++typedef ushort *SMB_ACL_PERMSET_T;
++typedef ushort SMB_ACL_PERM_T;
++#define SMB_ACL_READ 4
++#define SMB_ACL_WRITE 2
++#define SMB_ACL_EXECUTE 1
++
++/* Types of ACLs. */
++#define SMB_ACL_USER USER
++#define SMB_ACL_USER_OBJ USER_OBJ
++#define SMB_ACL_GROUP GROUP
++#define SMB_ACL_GROUP_OBJ GROUP_OBJ
++#define SMB_ACL_OTHER OTHER_OBJ
++#define SMB_ACL_MASK CLASS_OBJ
++
++typedef struct SMB_ACL_T {
++ int size;
++ int count;
++ int next;
++ struct acl acl[1];
++} *SMB_ACL_T;
++
++typedef struct acl *SMB_ACL_ENTRY_T;
++
++#define SMB_ACL_FIRST_ENTRY 0
++#define SMB_ACL_NEXT_ENTRY 1
++
++#define SMB_ACL_TYPE_ACCESS 0
++#define SMB_ACL_TYPE_DEFAULT 1
++
++#elif defined(HAVE_HPUX_ACLS)
++
++/*
++ * Based on the Solaris & UnixWare code.
++ */
++
++#undef GROUP
++#include <sys/aclv.h>
++
++/* SVR4.2 ES/MP ACLs */
++typedef int SMB_ACL_TAG_T;
++typedef int SMB_ACL_TYPE_T;
++typedef ushort *SMB_ACL_PERMSET_T;
++typedef ushort SMB_ACL_PERM_T;
++#define SMB_ACL_READ 4
++#define SMB_ACL_WRITE 2
++#define SMB_ACL_EXECUTE 1
++
++/* Types of ACLs. */
++#define SMB_ACL_USER USER
++#define SMB_ACL_USER_OBJ USER_OBJ
++#define SMB_ACL_GROUP GROUP
++#define SMB_ACL_GROUP_OBJ GROUP_OBJ
++#define SMB_ACL_OTHER OTHER_OBJ
++#define SMB_ACL_MASK CLASS_OBJ
++
++typedef struct SMB_ACL_T {
++ int size;
++ int count;
++ int next;
++ struct acl acl[1];
++} *SMB_ACL_T;
++
++typedef struct acl *SMB_ACL_ENTRY_T;
++
++#define SMB_ACL_FIRST_ENTRY 0
++#define SMB_ACL_NEXT_ENTRY 1
++
++#define SMB_ACL_TYPE_ACCESS 0
++#define SMB_ACL_TYPE_DEFAULT 1
++
++#elif defined(HAVE_IRIX_ACLS)
++
++#define SMB_ACL_TAG_T acl_tag_t
++#define SMB_ACL_TYPE_T acl_type_t
++#define SMB_ACL_PERMSET_T acl_permset_t
++#define SMB_ACL_PERM_T acl_perm_t
++#define SMB_ACL_READ ACL_READ
++#define SMB_ACL_WRITE ACL_WRITE
++#define SMB_ACL_EXECUTE ACL_EXECUTE
++
++/* Types of ACLs. */
++#define SMB_ACL_USER ACL_USER
++#define SMB_ACL_USER_OBJ ACL_USER_OBJ
++#define SMB_ACL_GROUP ACL_GROUP
++#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ
++#define SMB_ACL_OTHER ACL_OTHER_OBJ
++#define SMB_ACL_MASK ACL_MASK
++
++typedef struct SMB_ACL_T {
++ int next;
++ BOOL freeaclp;
++ struct acl *aclp;
++} *SMB_ACL_T;
++
++#define SMB_ACL_ENTRY_T acl_entry_t
++
++#define SMB_ACL_FIRST_ENTRY 0
++#define SMB_ACL_NEXT_ENTRY 1
++
++#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS
++#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT
++
++#elif defined(HAVE_AIX_ACLS)
++
++/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
++
++#include "/usr/include/acl.h"
++
++typedef uint *SMB_ACL_PERMSET_T;
++
++struct acl_entry_link{
++ struct acl_entry_link *prevp;
++ struct new_acl_entry *entryp;
++ struct acl_entry_link *nextp;
++ int count;
++};
++
++struct new_acl_entry{
++ unsigned short ace_len;
++ unsigned short ace_type;
++ unsigned int ace_access;
++ struct ace_id ace_id[1];
++};
++
++#define SMB_ACL_ENTRY_T struct new_acl_entry*
++#define SMB_ACL_T struct acl_entry_link*
++
++#define SMB_ACL_TAG_T unsigned short
++#define SMB_ACL_TYPE_T int
++#define SMB_ACL_PERM_T uint
++#define SMB_ACL_READ S_IRUSR
++#define SMB_ACL_WRITE S_IWUSR
++#define SMB_ACL_EXECUTE S_IXUSR
++
++/* Types of ACLs. */
++#define SMB_ACL_USER ACEID_USER
++#define SMB_ACL_USER_OBJ 3
++#define SMB_ACL_GROUP ACEID_GROUP
++#define SMB_ACL_GROUP_OBJ 4
++#define SMB_ACL_OTHER 5
++#define SMB_ACL_MASK 6
++
++
++#define SMB_ACL_FIRST_ENTRY 1
++#define SMB_ACL_NEXT_ENTRY 2
++
++#define SMB_ACL_TYPE_ACCESS 0
++#define SMB_ACL_TYPE_DEFAULT 1
++
++#else /* No ACLs. */
++
++/* No ACLS - fake it. */
++#define SMB_ACL_TAG_T int
++#define SMB_ACL_TYPE_T int
++#define SMB_ACL_PERMSET_T mode_t
++#define SMB_ACL_PERM_T mode_t
++#define SMB_ACL_READ S_IRUSR
++#define SMB_ACL_WRITE S_IWUSR
++#define SMB_ACL_EXECUTE S_IXUSR
++
++/* Types of ACLs. */
++#define SMB_ACL_USER 0
++#define SMB_ACL_USER_OBJ 1
++#define SMB_ACL_GROUP 2
++#define SMB_ACL_GROUP_OBJ 3
++#define SMB_ACL_OTHER 4
++#define SMB_ACL_MASK 5
++
++typedef struct SMB_ACL_T {
++ int dummy;
++} *SMB_ACL_T;
++
++typedef struct SMB_ACL_ENTRY_T {
++ int dummy;
++} *SMB_ACL_ENTRY_T;
++
++#define SMB_ACL_FIRST_ENTRY 0
++#define SMB_ACL_NEXT_ENTRY 1
++
++#define SMB_ACL_TYPE_ACCESS 0
++#define SMB_ACL_TYPE_DEFAULT 1
++
++#endif /* No ACLs. */
++#endif /* _SMB_ACLS_H */
+--- /dev/null 1 Jan 1970 00:00:00 -0000
++++ sysacls.c 13 May 2004 17:58:47 -0000
+@@ -0,0 +1,3117 @@
++/*
++ Unix SMB/Netbios implementation.
++ Version 2.2.
++ Samba system utilities for ACL support.
++ Copyright (C) Jeremy Allison 2000.
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; either version 2 of the License, or
++ (at your option) any later version.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program; if not, write to the Free Software
++ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
++*/
++
++#include "rsync.h"
++
++/*
++ This file wraps all differing system ACL interfaces into a consistent
++ one based on the POSIX interface. It also returns the correct errors
++ for older UNIX systems that don't support ACLs.
++
++ The interfaces that each ACL implementation must support are as follows:
++
++ int sys_acl_get_entry(SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
++ int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
++ int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p
++ void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
++ SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
++ SMB_ACL_T sys_acl_get_fd(int fd)
++ int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset);
++ int sys_acl_add_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
++ char *sys_acl_to_text(SMB_ACL_T theacl, ssize_t *plen)
++ SMB_ACL_T sys_acl_init(int count)
++ int sys_acl_create_entry(SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
++ int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
++ int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry, void *qual)
++ int sys_acl_set_permset(SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
++ int sys_acl_valid(SMB_ACL_T theacl)
++ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
++ int sys_acl_set_fd(int fd, SMB_ACL_T theacl)
++ int sys_acl_delete_def_file(const char *path)
++
++ This next one is not POSIX complient - but we *have* to have it !
++ More POSIX braindamage.
++
++ int sys_acl_get_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
++
++ The generic POSIX free is the following call. We split this into
++ several different free functions as we may need to add tag info
++ to structures when emulating the POSIX interface.
++
++ int sys_acl_free(void *obj_p)
++
++ The calls we actually use are:
++
++ int sys_acl_free_text(char *text) - free acl_to_text
++ int sys_acl_free_acl(SMB_ACL_T posix_acl)
++ int sys_acl_free_qualifier(void *qualifier, SMB_ACL_TAG_T tagtype)
++
++*/
++
++#if defined(HAVE_POSIX_ACLS)
++
++/* Identity mapping - easy. */
++
++int sys_acl_get_entry(SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
++{
++ return acl_get_entry(the_acl, entry_id, entry_p);
++}
++
++int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
++{
++ return acl_get_tag_type(entry_d, tag_type_p);
++}
++
++int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
++{
++ return acl_get_permset(entry_d, permset_p);
++}
++
++void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
++{
++ return acl_get_qualifier(entry_d);
++}
++
++SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
++{
++ return acl_get_file(path_p, type);
++}
++
++SMB_ACL_T sys_acl_get_fd(int fd)
++{
++ return acl_get_fd(fd);
++}
++
++int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
++{
++ return acl_clear_perms(permset);
++}
++
++int sys_acl_add_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
++{
++ return acl_add_perm(permset, perm);
++}
++
++int sys_acl_get_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
++{
++#if defined(HAVE_ACL_GET_PERM_NP)
++ /* Required for TrustedBSD-based ACL implementations where
++ * non-POSIX.1e functions are denoted by a _np (non-portable)
++ * suffix. */
++ return acl_get_perm_np(permset, perm);
++#else
++ return acl_get_perm(permset, perm);
++#endif
++}
++
++char *sys_acl_to_text(SMB_ACL_T the_acl, ssize_t *plen)
++{
++ return acl_to_text(the_acl, plen);
++}
++
++SMB_ACL_T sys_acl_init(int count)
++{
++ return acl_init(count);
++}
++
++int sys_acl_create_entry(SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
++{
++ return acl_create_entry(pacl, pentry);
++}
++
++int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
++{
++ return acl_set_tag_type(entry, tagtype);
++}
++
++int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry, void *qual)
++{
++ return acl_set_qualifier(entry, qual);
++}
++
++int sys_acl_set_permset(SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
++{
++ return acl_set_permset(entry, permset);
++}
++
++int sys_acl_valid(SMB_ACL_T theacl)
++{
++ return acl_valid(theacl);
++}
++
++int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
++{
++ return acl_set_file(name, acltype, theacl);
++}
++
++int sys_acl_set_fd(int fd, SMB_ACL_T theacl)
++{
++ return acl_set_fd(fd, theacl);
++}
++
++int sys_acl_delete_def_file(const char *name)
++{
++ return acl_delete_def_file(name);
++}
++
++int sys_acl_free_text(char *text)
++{
++ return acl_free(text);
++}
++
++int sys_acl_free_acl(SMB_ACL_T the_acl)
++{
++ return acl_free(the_acl);
++}
++
++int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
++{
++ return acl_free(qual);
++}
++
++#elif defined(HAVE_TRU64_ACLS)
++/* The interface to DEC/Compaq Tru64 UNIX ACLs
++ * is based on Draft 13 of the POSIX spec which is
++ * slightly different from the Draft 16 interface.
++ *
++ * Also, some of the permset manipulation functions
++ * such as acl_clear_perm() and acl_add_perm() appear
++ * to be broken on Tru64 so we have to manipulate
++ * the permission bits in the permset directly. */
++ int sys_acl_get_entry(SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
++{
++ SMB_ACL_ENTRY_T entry;
++
++ if (entry_id == SMB_ACL_FIRST_ENTRY && acl_first_entry(the_acl) != 0) {
++ return -1;
++ }
++
++ errno = 0;
++ if ((entry = acl_get_entry(the_acl)) != NULL) {
++ *entry_p = entry;
++ return 1;
++ }
++
++ return errno ? -1 : 0;
++}
++
++ int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
++{
++ return acl_get_tag_type(entry_d, tag_type_p);
++}
++
++ int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
++{
++ return acl_get_permset(entry_d, permset_p);
++}
++
++ void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
++{
++ return acl_get_qualifier(entry_d);
++}
++
++ SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
++{
++ return acl_get_file((char *)path_p, type);
++}
++
++ SMB_ACL_T sys_acl_get_fd(int fd)
++{
++ return acl_get_fd(fd, ACL_TYPE_ACCESS);
++}
++
++ int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
++{
++ *permset = 0; /* acl_clear_perm() is broken on Tru64 */
++
++ return 0;
++}
++
++ int sys_acl_add_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
++{
++ if (perm & ~(SMB_ACL_READ | SMB_ACL_WRITE | SMB_ACL_EXECUTE)) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ *permset |= perm; /* acl_add_perm() is broken on Tru64 */
++
++ return 0;
++}
++
++ int sys_acl_get_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
++{
++ return *permset & perm; /* Tru64 doesn't have acl_get_perm() */
++}
++
++ char *sys_acl_to_text(SMB_ACL_T the_acl, ssize_t *plen)
++{
++ return acl_to_text(the_acl, plen);
++}
++
++ SMB_ACL_T sys_acl_init(int count)
++{
++ return acl_init(count);
++}
++
++ int sys_acl_create_entry(SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
++{
++ SMB_ACL_ENTRY_T entry;
++
++ if ((entry = acl_create_entry(pacl)) == NULL) {
++ return -1;
++ }
++
++ *pentry = entry;
++ return 0;
++}
++
++ int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
++{
++ return acl_set_tag_type(entry, tagtype);
++}
++
++ int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry, void *qual)
++{
++ return acl_set_qualifier(entry, qual);
++}
++
++ int sys_acl_set_permset(SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
++{
++ return acl_set_permset(entry, permset);
++}
++
++ int sys_acl_valid(SMB_ACL_T theacl)
++{
++ acl_entry_t entry;
++
++ return acl_valid(theacl, &entry);
++}
++
++ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
++{
++ return acl_set_file((char *)name, acltype, theacl);
++}
++
++ int sys_acl_set_fd(int fd, SMB_ACL_T theacl)
++{
++ return acl_set_fd(fd, ACL_TYPE_ACCESS, theacl);
++}
++
++ int sys_acl_delete_def_file(const char *name)
++{
++ return acl_delete_def_file((char *)name);
++}
++
++ int sys_acl_free_text(char *text)
++{
++ /* (void) cast and explicit return 0 are for DEC UNIX
++ * which just #defines acl_free_text() to be free(). */
++ (void) acl_free_text(text);
++ return 0;
++}
++
++ int sys_acl_free_acl(SMB_ACL_T the_acl)
++{
++ return acl_free(the_acl);
++}
++
++ int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
++{
++ return acl_free_qualifier(qual, tagtype);
++}
++
++#elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS)
++
++/* Donated by Michael Davidson <md@sco.COM> for UnixWare / OpenUNIX.
++ * Modified by Toomas Soome <tsoome@ut.ee> for Solaris. */
++
++/* Note that while this code implements sufficient functionality
++ * to support the sys_acl_* interfaces it does not provide all
++ * of the semantics of the POSIX ACL interfaces.
++ *
++ * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
++ * from a call to sys_acl_get_entry() should not be assumed to be
++ * valid after calling any of the following functions, which may
++ * reorder the entries in the ACL.
++ *
++ * sys_acl_valid()
++ * sys_acl_set_file()
++ * sys_acl_set_fd()
++ */
++
++/* The only difference between Solaris and UnixWare / OpenUNIX is
++ * that the #defines for the ACL operations have different names. */
++#if defined(HAVE_UNIXWARE_ACLS)
++
++#define SETACL ACL_SET
++#define GETACL ACL_GET
++#define GETACLCNT ACL_CNT
++
++#endif
++
++
++ int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
++{
++ if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ if (entry_p == NULL) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ if (entry_id == SMB_ACL_FIRST_ENTRY) {
++ acl_d->next = 0;
++ }
++
++ if (acl_d->next < 0) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ if (acl_d->next >= acl_d->count) {
++ return 0;
++ }
++
++ *entry_p = &acl_d->acl[acl_d->next++];
++
++ return 1;
++}
++
++ int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
++{
++ *type_p = entry_d->a_type;
++
++ return 0;
++}
++
++ int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
++{
++ *permset_p = &entry_d->a_perm;
++
++ return 0;
++}
++
++ void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
++{
++ if (entry_d->a_type != SMB_ACL_USER
++ && entry_d->a_type != SMB_ACL_GROUP) {
++ errno = EINVAL;
++ return NULL;
++ }
++
++ return &entry_d->a_id;
++}
++
++/* There is no way of knowing what size the ACL returned by
++ * GETACL will be unless you first call GETACLCNT which means
++ * making an additional system call.
++ *
++ * In the hope of avoiding the cost of the additional system
++ * call in most cases, we initially allocate enough space for
++ * an ACL with INITIAL_ACL_SIZE entries. If this turns out to
++ * be too small then we use GETACLCNT to find out the actual
++ * size, reallocate the ACL buffer, and then call GETACL again. */
++
++#define INITIAL_ACL_SIZE 16
++
++ SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
++{
++ SMB_ACL_T acl_d;
++ int count; /* # of ACL entries allocated */
++ int naccess; /* # of access ACL entries */
++ int ndefault; /* # of default ACL entries */
++
++ if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
++ errno = EINVAL;
++ return NULL;
++ }
++
++ count = INITIAL_ACL_SIZE;
++ if ((acl_d = sys_acl_init(count)) == NULL) {
++ return NULL;
++ }
++
++ /* If there isn't enough space for the ACL entries we use
++ * GETACLCNT to determine the actual number of ACL entries
++ * reallocate and try again. This is in a loop because it
++ * is possible that someone else could modify the ACL and
++ * increase the number of entries between the call to
++ * GETACLCNT and the call to GETACL. */
++ while ((count = acl(path_p, GETACL, count, &acl_d->acl[0])) < 0
++ && errno == ENOSPC) {
++
++ sys_acl_free_acl(acl_d);
++
++ if ((count = acl(path_p, GETACLCNT, 0, NULL)) < 0) {
++ return NULL;
++ }
++
++ if ((acl_d = sys_acl_init(count)) == NULL) {
++ return NULL;
++ }
++ }
++
++ if (count < 0) {
++ sys_acl_free_acl(acl_d);
++ return NULL;
++ }
++
++ /* Calculate the number of access and default ACL entries.
++ *
++ * Note: we assume that the acl() system call returned a
++ * well formed ACL which is sorted so that all of the
++ * access ACL entries preceed any default ACL entries. */
++ for (naccess = 0; naccess < count; naccess++) {
++ if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
++ break;
++ }
++ ndefault = count - naccess;
++
++ /* If the caller wants the default ACL we have to copy
++ * the entries down to the start of the acl[] buffer
++ * and mask out the ACL_DEFAULT flag from the type field. */
++ if (type == SMB_ACL_TYPE_DEFAULT) {
++ int i, j;
++
++ for (i = 0, j = naccess; i < ndefault; i++, j++) {
++ acl_d->acl[i] = acl_d->acl[j];
++ acl_d->acl[i].a_type &= ~ACL_DEFAULT;
++ }
++
++ acl_d->count = ndefault;
++ } else {
++ acl_d->count = naccess;
++ }
++
++ return acl_d;
++}
++
++ SMB_ACL_T sys_acl_get_fd(int fd)
++{
++ SMB_ACL_T acl_d;
++ int count; /* # of ACL entries allocated */
++ int naccess; /* # of access ACL entries */
++
++ count = INITIAL_ACL_SIZE;
++ if ((acl_d = sys_acl_init(count)) == NULL) {
++ return NULL;
++ }
++
++ while ((count = facl(fd, GETACL, count, &acl_d->acl[0])) < 0
++ && errno == ENOSPC) {
++
++ sys_acl_free_acl(acl_d);
++
++ if ((count = facl(fd, GETACLCNT, 0, NULL)) < 0) {
++ return NULL;
++ }
++
++ if ((acl_d = sys_acl_init(count)) == NULL) {
++ return NULL;
++ }
++ }
++
++ if (count < 0) {
++ sys_acl_free_acl(acl_d);
++ return NULL;
++ }
++
++ /* Calculate the number of access ACL entries. */
++ for (naccess = 0; naccess < count; naccess++) {
++ if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
++ break;
++ }
++
++ acl_d->count = naccess;
++
++ return acl_d;
++}
++
++ int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
++{
++ *permset_d = 0;
++
++ return 0;
++}
++
++ int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
++{
++ if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
++ && perm != SMB_ACL_EXECUTE) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ if (permset_d == NULL) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ *permset_d |= perm;
++
++ return 0;
++}
++
++ int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
++{
++ return *permset_d & perm;
++}
++
++ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
++{
++ int i;
++ int len, maxlen;
++ char *text;
++
++ /* Use an initial estimate of 20 bytes per ACL entry
++ * when allocating memory for the text representation
++ * of the ACL. */
++ len = 0;
++ maxlen = 20 * acl_d->count;
++ if ((text = malloc(maxlen)) == NULL) {
++ errno = ENOMEM;
++ return NULL;
++ }
++
++ for (i = 0; i < acl_d->count; i++) {
++ struct acl *ap = &acl_d->acl[i];
++ struct passwd *pw;
++ struct group *gr;
++ char tagbuf[12];
++ char idbuf[12];
++ char *tag;
++ char *id = "";
++ char perms[4];
++ int nbytes;
++
++ switch (ap->a_type) {
++ /* For debugging purposes it's probably more
++ * useful to dump unknown tag types rather
++ * than just returning an error. */
++ default:
++ snprintf(tagbuf, sizeof tagbuf - 1, "0x%x",
++ ap->a_type);
++ tag = tagbuf;
++ snprintf(idbuf, sizeof idbuf - 1, "%ld",
++ (long)ap->a_id);
++ id = idbuf;
++ break;
++
++ case SMB_ACL_USER:
++ if ((pw = getpwuid(ap->a_id)) == NULL) {
++ snprintf(idbuf, sizeof idbuf - 1, "%ld",
++ (long)ap->a_id);
++ id = idbuf;
++ } else {
++ id = pw->pw_name;
++ }
++ case SMB_ACL_USER_OBJ:
++ tag = "user";
++ break;
++
++ case SMB_ACL_GROUP:
++ if ((gr = getgrgid(ap->a_id)) == NULL) {
++ snprintf(idbuf, sizeof idbuf - 1, "%ld",
++ (long)ap->a_id);
++ id = idbuf;
++ } else {
++ id = gr->gr_name;
++ }
++ case SMB_ACL_GROUP_OBJ:
++ tag = "group";
++ break;
++
++ case SMB_ACL_OTHER:
++ tag = "other";
++ break;
++
++ case SMB_ACL_MASK:
++ tag = "mask";
++ break;
++
++ }
++
++ perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-';
++ perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-';
++ perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-';
++ perms[3] = '\0';
++
++ /* <tag> : <qualifier> : rwx \n \0 */
++ nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1;
++
++ /* If this entry would overflow the buffer
++ * allocate enough additional memory for this
++ * entry and an estimate of another 20 bytes
++ * for each entry still to be processed. */
++ if ((len + nbytes) > maxlen) {
++ char *oldtext = text;
++
++ maxlen += nbytes + 20 * (acl_d->count - i);
++
++ if ((text = Realloc(oldtext, maxlen)) == NULL) {
++ free(oldtext);
++ errno = ENOMEM;
++ return NULL;
++ }
++ }
++
++ snprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms);
++ len += nbytes - 1;
++ }
++
++ if (len_p)
++ *len_p = len;
++
++ return text;
++}
++
++ SMB_ACL_T sys_acl_init(int count)
++{
++ SMB_ACL_T a;
++
++ if (count < 0) {
++ errno = EINVAL;
++ return NULL;
++ }
++
++ /* Note that since the definition of the structure pointed
++ * to by the SMB_ACL_T includes the first element of the
++ * acl[] array, this actually allocates an ACL with room
++ * for (count+1) entries. */
++ if ((a = malloc(sizeof a[0] + count * sizeof (struct acl))) == NULL) {
++ errno = ENOMEM;
++ return NULL;
++ }
++
++ a->size = count + 1;
++ a->count = 0;
++ a->next = -1;
++
++ return a;
++}
++
++
++ int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
++{
++ SMB_ACL_T acl_d;
++ SMB_ACL_ENTRY_T entry_d;
++
++ if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ if (acl_d->count >= acl_d->size) {
++ errno = ENOSPC;
++ return -1;
++ }
++
++ entry_d = &acl_d->acl[acl_d->count++];
++ entry_d->a_type = 0;
++ entry_d->a_id = -1;
++ entry_d->a_perm = 0;
++ *entry_p = entry_d;
++
++ return 0;
++}
++
++ int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
++{
++ switch (tag_type) {
++ case SMB_ACL_USER:
++ case SMB_ACL_USER_OBJ:
++ case SMB_ACL_GROUP:
++ case SMB_ACL_GROUP_OBJ:
++ case SMB_ACL_OTHER:
++ case SMB_ACL_MASK:
++ entry_d->a_type = tag_type;
++ break;
++ default:
++ errno = EINVAL;
++ return -1;
++ }
++
++ return 0;
++}
++
++ int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
++{
++ if (entry_d->a_type != SMB_ACL_GROUP
++ && entry_d->a_type != SMB_ACL_USER) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ entry_d->a_id = *((id_t *)qual_p);
++
++ return 0;
++}
++
++ int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
++{
++ if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
++ return EINVAL;
++ }
++
++ entry_d->a_perm = *permset_d;
++
++ return 0;
++}
++
++/* Sort the ACL and check it for validity.
++ *
++ * If it's a minimal ACL with only 4 entries then we
++ * need to recalculate the mask permissions to make
++ * sure that they are the same as the GROUP_OBJ
++ * permissions as required by the UnixWare acl() system call.
++ *
++ * (Note: since POSIX allows minimal ACLs which only contain
++ * 3 entries - ie there is no mask entry - we should, in theory,
++ * check for this and add a mask entry if necessary - however
++ * we "know" that the caller of this interface always specifies
++ * a mask so, in practice "this never happens" (tm) - if it *does*
++ * happen aclsort() will fail and return an error and someone will
++ * have to fix it ...) */
++
++static int acl_sort(SMB_ACL_T acl_d)
++{
++ int fixmask = (acl_d->count <= 4);
++
++ if (aclsort(acl_d->count, fixmask, acl_d->acl) != 0) {
++ errno = EINVAL;
++ return -1;
++ }
++ return 0;
++}
++
++ int sys_acl_valid(SMB_ACL_T acl_d)
++{
++ return acl_sort(acl_d);
++}
++
++ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
++{
++ struct stat s;
++ struct acl *acl_p;
++ int acl_count;
++ struct acl *acl_buf = NULL;
++ int ret;
++
++ if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ if (acl_sort(acl_d) != 0) {
++ return -1;
++ }
++
++ acl_p = &acl_d->acl[0];
++ acl_count = acl_d->count;
++
++ /* If it's a directory there is extra work to do since the acl()
++ * system call will replace both the access ACLs and the default
++ * ACLs (if any). */
++ if (stat(name, &s) != 0) {
++ return -1;
++ }
++ if (S_ISDIR(s.st_mode)) {
++ SMB_ACL_T acc_acl;
++ SMB_ACL_T def_acl;
++ SMB_ACL_T tmp_acl;
++ int i;
++
++ if (type == SMB_ACL_TYPE_ACCESS) {
++ acc_acl = acl_d;
++ def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
++
++ } else {
++ def_acl = acl_d;
++ acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
++ }
++
++ if (tmp_acl == NULL) {
++ return -1;
++ }
++
++ /* Allocate a temporary buffer for the complete ACL. */
++ acl_count = acc_acl->count + def_acl->count;
++ acl_p = acl_buf = malloc(acl_count * sizeof acl_buf[0]);
++
++ if (acl_buf == NULL) {
++ sys_acl_free_acl(tmp_acl);
++ errno = ENOMEM;
++ return -1;
++ }
++
++ /* Copy the access control and default entries into the buffer. */
++ memcpy(&acl_buf[0], &acc_acl->acl[0],
++ acc_acl->count * sizeof acl_buf[0]);
++
++ memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0],
++ def_acl->count * sizeof acl_buf[0]);
++
++ /* Set the ACL_DEFAULT flag on the default entries. */
++ for (i = acc_acl->count; i < acl_count; i++) {
++ acl_buf[i].a_type |= ACL_DEFAULT;
++ }
++
++ sys_acl_free_acl(tmp_acl);
++
++ } else if (type != SMB_ACL_TYPE_ACCESS) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ ret = acl(name, SETACL, acl_count, acl_p);
++
++ free(acl_buf);
++
++ return ret;
++}
++
++ int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
++{
++ if (acl_sort(acl_d) != 0) {
++ return -1;
++ }
++
++ return facl(fd, SETACL, acl_d->count, &acl_d->acl[0]);
++}
++
++ int sys_acl_delete_def_file(const char *path)
++{
++ SMB_ACL_T acl_d;
++ int ret;
++
++ /* Fetching the access ACL and rewriting it has the effect of
++ * deleting the default ACL. */
++ if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) {
++ return -1;
++ }
++
++ ret = acl(path, SETACL, acl_d->count, acl_d->acl);
++
++ sys_acl_free_acl(acl_d);
++
++ return ret;
++}
++
++ int sys_acl_free_text(char *text)
++{
++ free(text);
++ return 0;
++}
++
++ int sys_acl_free_acl(SMB_ACL_T acl_d)
++{
++ free(acl_d);
++ return 0;
++}
++
++ int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
++{
++ return 0;
++}
++
++#elif defined(HAVE_HPUX_ACLS)
++#include <dl.h>
++
++/* Based on the Solaris/SCO code - with modifications. */
++
++/* Note that while this code implements sufficient functionality
++ * to support the sys_acl_* interfaces it does not provide all
++ * of the semantics of the POSIX ACL interfaces.
++ *
++ * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
++ * from a call to sys_acl_get_entry() should not be assumed to be
++ * valid after calling any of the following functions, which may
++ * reorder the entries in the ACL.
++ *
++ * sys_acl_valid()
++ * sys_acl_set_file()
++ * sys_acl_set_fd()
++ */
++
++/* This checks if the POSIX ACL system call is defined which basically
++ * corresponds to whether JFS 3.3 or higher is installed. If acl() was
++ * called when it isn't defined, it causes the process to core dump so
++ * it is important to check this and avoid acl() calls if it isn't
++ * there. */
++
++static BOOL hpux_acl_call_presence(void)
++{
++
++ shl_t handle = NULL;
++ void *value;
++ int ret_val=0;
++ static BOOL already_checked=0;
++
++ if (already_checked)
++ return True;
++
++
++ ret_val = shl_findsym(&handle, "acl", TYPE_PROCEDURE, &value);
++
++ if (ret_val != 0) {
++ DEBUG(5, ("hpux_acl_call_presence: shl_findsym() returned %d, errno = %d, error %s\n",
++ ret_val, errno, strerror(errno)));
++ DEBUG(5,("hpux_acl_call_presence: acl() system call is not present. Check if you have JFS 3.3 and above?\n"));
++ return False;
++ }
++
++ DEBUG(10,("hpux_acl_call_presence: acl() system call is present. We have JFS 3.3 or above \n"));
++
++ already_checked = True;
++ return True;
++}
++
++ int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
++{
++ if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ if (entry_p == NULL) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ if (entry_id == SMB_ACL_FIRST_ENTRY) {
++ acl_d->next = 0;
++ }
++
++ if (acl_d->next < 0) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ if (acl_d->next >= acl_d->count) {
++ return 0;
++ }
++
++ *entry_p = &acl_d->acl[acl_d->next++];
++
++ return 1;
++}
++
++ int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
++{
++ *type_p = entry_d->a_type;
++
++ return 0;
++}
++
++ int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
++{
++ *permset_p = &entry_d->a_perm;
++
++ return 0;
++}
++
++ void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
++{
++ if (entry_d->a_type != SMB_ACL_USER
++ && entry_d->a_type != SMB_ACL_GROUP) {
++ errno = EINVAL;
++ return NULL;
++ }
++
++ return &entry_d->a_id;
++}
++
++/* There is no way of knowing what size the ACL returned by
++ * ACL_GET will be unless you first call ACL_CNT which means
++ * making an additional system call.
++ *
++ * In the hope of avoiding the cost of the additional system
++ * call in most cases, we initially allocate enough space for
++ * an ACL with INITIAL_ACL_SIZE entries. If this turns out to
++ * be too small then we use ACL_CNT to find out the actual
++ * size, reallocate the ACL buffer, and then call ACL_GET again.
++ */
++
++#define INITIAL_ACL_SIZE 16
++
++ SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
++{
++ SMB_ACL_T acl_d;
++ int count; /* # of ACL entries allocated */
++ int naccess; /* # of access ACL entries */
++ int ndefault; /* # of default ACL entries */
++
++ if (hpux_acl_call_presence() == False) {
++ /* Looks like we don't have the acl() system call on HPUX.
++ * May be the system doesn't have the latest version of JFS. */
++ return NULL;
++ }
++
++ if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
++ errno = EINVAL;
++ return NULL;
++ }
++
++ count = INITIAL_ACL_SIZE;
++ if ((acl_d = sys_acl_init(count)) == NULL) {
++ return NULL;
++ }
++
++ /* If there isn't enough space for the ACL entries we use
++ * ACL_CNT to determine the actual number of ACL entries
++ * reallocate and try again. This is in a loop because it
++ * is possible that someone else could modify the ACL and
++ * increase the number of entries between the call to
++ * ACL_CNT and the call to ACL_GET. */
++ while ((count = acl(path_p, ACL_GET, count, &acl_d->acl[0])) < 0 && errno == ENOSPC) {
++
++ sys_acl_free_acl(acl_d);
++
++ if ((count = acl(path_p, ACL_CNT, 0, NULL)) < 0) {
++ return NULL;
++ }
++
++ if ((acl_d = sys_acl_init(count)) == NULL) {
++ return NULL;
++ }
++ }
++
++ if (count < 0) {
++ sys_acl_free_acl(acl_d);
++ return NULL;
++ }
++
++ /* Calculate the number of access and default ACL entries.
++ *
++ * Note: we assume that the acl() system call returned a
++ * well formed ACL which is sorted so that all of the
++ * access ACL entries preceed any default ACL entries. */
++ for (naccess = 0; naccess < count; naccess++) {
++ if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
++ break;
++ }
++ ndefault = count - naccess;
++
++ /* If the caller wants the default ACL we have to copy
++ * the entries down to the start of the acl[] buffer
++ * and mask out the ACL_DEFAULT flag from the type field. */
++ if (type == SMB_ACL_TYPE_DEFAULT) {
++ int i, j;
++
++ for (i = 0, j = naccess; i < ndefault; i++, j++) {
++ acl_d->acl[i] = acl_d->acl[j];
++ acl_d->acl[i].a_type &= ~ACL_DEFAULT;
++ }
++
++ acl_d->count = ndefault;
++ } else {
++ acl_d->count = naccess;
++ }
++
++ return acl_d;
++}
++
++ SMB_ACL_T sys_acl_get_fd(int fd)
++{
++ /* HPUX doesn't have the facl call. Fake it using the path.... JRA. */
++
++ files_struct *fsp = file_find_fd(fd);
++
++ if (fsp == NULL) {
++ errno = EBADF;
++ return NULL;
++ }
++
++ /* We know we're in the same conn context. So we can use the
++ * relative path. */
++
++ return sys_acl_get_file(dos_to_unix_static(fsp->fsp_name), SMB_ACL_TYPE_ACCESS);
++}
++
++ int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
++{
++ *permset_d = 0;
++
++ return 0;
++}
++
++ int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
++{
++ if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
++ && perm != SMB_ACL_EXECUTE) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ if (permset_d == NULL) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ *permset_d |= perm;
++
++ return 0;
++}
++
++ int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
++{
++ return *permset_d & perm;
++}
++
++ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
++{
++ int i;
++ int len, maxlen;
++ char *text;
++
++ /* Use an initial estimate of 20 bytes per ACL entry when
++ * allocating memory for the text representation of the ACL. */
++ len = 0;
++ maxlen = 20 * acl_d->count;
++ if ((text = malloc(maxlen)) == NULL) {
++ errno = ENOMEM;
++ return NULL;
++ }
++
++ for (i = 0; i < acl_d->count; i++) {
++ struct acl *ap = &acl_d->acl[i];
++ struct passwd *pw;
++ struct group *gr;
++ char tagbuf[12];
++ char idbuf[12];
++ char *tag;
++ char *id = "";
++ char perms[4];
++ int nbytes;
++
++ switch (ap->a_type) {
++ /* For debugging purposes it's probably more
++ * useful to dump unknown tag types rather
++ * than just returning an error. */
++ default:
++ snprintf(tagbuf, sizeof tagbuf - 1, "0x%x",
++ ap->a_type);
++ tag = tagbuf;
++ snprintf(idbuf, sizeof idbuf - 1, "%ld",
++ (long)ap->a_id);
++ id = idbuf;
++ break;
++
++ case SMB_ACL_USER:
++ if ((pw = getpwuid(ap->a_id)) == NULL) {
++ snprintf(idbuf, sizeof idbuf - 1, "%ld",
++ (long)ap->a_id);
++ id = idbuf;
++ } else {
++ id = pw->pw_name;
++ }
++ case SMB_ACL_USER_OBJ:
++ tag = "user";
++ break;
++
++ case SMB_ACL_GROUP:
++ if ((gr = getgrgid(ap->a_id)) == NULL) {
++ snprintf(idbuf, sizeof idbuf - 1, "%ld",
++ (long)ap->a_id);
++ id = idbuf;
++ } else {
++ id = gr->gr_name;
++ }
++ case SMB_ACL_GROUP_OBJ:
++ tag = "group";
++ break;
++
++ case SMB_ACL_OTHER:
++ tag = "other";
++ break;
++
++ case SMB_ACL_MASK:
++ tag = "mask";
++ break;
++
++ }
++
++ perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-';
++ perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-';
++ perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-';
++ perms[3] = '\0';
++
++ /* <tag> : <qualifier> : rwx \n \0 */
++ nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1;
++
++ /* If this entry would overflow the buffer
++ * allocate enough additional memory for this
++ * entry and an estimate of another 20 bytes
++ * for each entry still to be processed. */
++ if ((len + nbytes) > maxlen) {
++ char *oldtext = text;
++
++ maxlen += nbytes + 20 * (acl_d->count - i);
++
++ if ((text = Realloc(oldtext, maxlen)) == NULL) {
++ free(oldtext);
++ errno = ENOMEM;
++ return NULL;
++ }
++ }
++
++ snprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms);
++ len += nbytes - 1;
++ }
++
++ if (len_p)
++ *len_p = len;
++
++ return text;
++}
++
++ SMB_ACL_T sys_acl_init(int count)
++{
++ SMB_ACL_T a;
++
++ if (count < 0) {
++ errno = EINVAL;
++ return NULL;
++ }
++
++ /* Note that since the definition of the structure pointed
++ * to by the SMB_ACL_T includes the first element of the
++ * acl[] array, this actually allocates an ACL with room
++ * for (count+1) entries. */
++ if ((a = malloc(sizeof a[0] + count * sizeof (struct acl))) == NULL) {
++ errno = ENOMEM;
++ return NULL;
++ }
++
++ a->size = count + 1;
++ a->count = 0;
++ a->next = -1;
++
++ return a;
++}
++
++
++ int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
++{
++ SMB_ACL_T acl_d;
++ SMB_ACL_ENTRY_T entry_d;
++
++ if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ if (acl_d->count >= acl_d->size) {
++ errno = ENOSPC;
++ return -1;
++ }
++
++ entry_d = &acl_d->acl[acl_d->count++];
++ entry_d->a_type = 0;
++ entry_d->a_id = -1;
++ entry_d->a_perm = 0;
++ *entry_p = entry_d;
++
++ return 0;
++}
++
++ int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
++{
++ switch (tag_type) {
++ case SMB_ACL_USER:
++ case SMB_ACL_USER_OBJ:
++ case SMB_ACL_GROUP:
++ case SMB_ACL_GROUP_OBJ:
++ case SMB_ACL_OTHER:
++ case SMB_ACL_MASK:
++ entry_d->a_type = tag_type;
++ break;
++ default:
++ errno = EINVAL;
++ return -1;
++ }
++
++ return 0;
++}
++
++ int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
++{
++ if (entry_d->a_type != SMB_ACL_GROUP
++ && entry_d->a_type != SMB_ACL_USER) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ entry_d->a_id = *((id_t *)qual_p);
++
++ return 0;
++}
++
++ int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
++{
++ if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
++ return EINVAL;
++ }
++
++ entry_d->a_perm = *permset_d;
++
++ return 0;
++}
++
++/* Structure to capture the count for each type of ACE. */
++
++struct hpux_acl_types {
++ int n_user;
++ int n_def_user;
++ int n_user_obj;
++ int n_def_user_obj;
++
++ int n_group;
++ int n_def_group;
++ int n_group_obj;
++ int n_def_group_obj;
++
++ int n_other;
++ int n_other_obj;
++ int n_def_other_obj;
++
++ int n_class_obj;
++ int n_def_class_obj;
++
++ int n_illegal_obj;
++};
++
++/* count_obj:
++ * Counts the different number of objects in a given array of ACL
++ * structures.
++ * Inputs:
++ *
++ * acl_count - Count of ACLs in the array of ACL strucutres.
++ * aclp - Array of ACL structures.
++ * acl_type_count - Pointer to acl_types structure. Should already be
++ * allocated.
++ * Output:
++ *
++ * acl_type_count - This structure is filled up with counts of various
++ * acl types.
++ */
++
++static int hpux_count_obj(int acl_count, struct acl *aclp, struct hpux_acl_types *acl_type_count)
++{
++ int i;
++
++ memset(acl_type_count, 0, sizeof (struct hpux_acl_types));
++
++ for (i=0;i<acl_count;i++) {
++ switch (aclp[i].a_type) {
++ case USER:
++ acl_type_count->n_user++;
++ break;
++ case USER_OBJ:
++ acl_type_count->n_user_obj++;
++ break;
++ case DEF_USER_OBJ:
++ acl_type_count->n_def_user_obj++;
++ break;
++ case GROUP:
++ acl_type_count->n_group++;
++ break;
++ case GROUP_OBJ:
++ acl_type_count->n_group_obj++;
++ break;
++ case DEF_GROUP_OBJ:
++ acl_type_count->n_def_group_obj++;
++ break;
++ case OTHER_OBJ:
++ acl_type_count->n_other_obj++;
++ break;
++ case DEF_OTHER_OBJ:
++ acl_type_count->n_def_other_obj++;
++ break;
++ case CLASS_OBJ:
++ acl_type_count->n_class_obj++;
++ break;
++ case DEF_CLASS_OBJ:
++ acl_type_count->n_def_class_obj++;
++ break;
++ case DEF_USER:
++ acl_type_count->n_def_user++;
++ break;
++ case DEF_GROUP:
++ acl_type_count->n_def_group++;
++ break;
++ default:
++ acl_type_count->n_illegal_obj++;
++ break;
++ }
++ }
++}
++
++/* swap_acl_entries: Swaps two ACL entries.
++ *
++ * Inputs: aclp0, aclp1 - ACL entries to be swapped.
++ */
++
++static void hpux_swap_acl_entries(struct acl *aclp0, struct acl *aclp1)
++{
++ struct acl temp_acl;
++
++ temp_acl.a_type = aclp0->a_type;
++ temp_acl.a_id = aclp0->a_id;
++ temp_acl.a_perm = aclp0->a_perm;
++
++ aclp0->a_type = aclp1->a_type;
++ aclp0->a_id = aclp1->a_id;
++ aclp0->a_perm = aclp1->a_perm;
++
++ aclp1->a_type = temp_acl.a_type;
++ aclp1->a_id = temp_acl.a_id;
++ aclp1->a_perm = temp_acl.a_perm;
++}
++
++/* prohibited_duplicate_type
++ * Identifies if given ACL type can have duplicate entries or
++ * not.
++ *
++ * Inputs: acl_type - ACL Type.
++ *
++ * Outputs:
++ *
++ * Return..
++ *
++ * True - If the ACL type matches any of the prohibited types.
++ * False - If the ACL type doesn't match any of the prohibited types.
++ */
++
++static BOOL hpux_prohibited_duplicate_type(int acl_type)
++{
++ switch (acl_type) {
++ case USER:
++ case GROUP:
++ case DEF_USER:
++ case DEF_GROUP:
++ return True;
++ }
++ return False;
++}
++
++/* get_needed_class_perm
++ * Returns the permissions of a ACL structure only if the ACL
++ * type matches one of the pre-determined types for computing
++ * CLASS_OBJ permissions.
++ *
++ * Inputs: aclp - Pointer to ACL structure.
++ */
++
++static int hpux_get_needed_class_perm(struct acl *aclp)
++{
++ switch (aclp->a_type) {
++ case USER:
++ case GROUP_OBJ:
++ case GROUP:
++ case DEF_USER_OBJ:
++ case DEF_USER:
++ case DEF_GROUP_OBJ:
++ case DEF_GROUP:
++ case DEF_CLASS_OBJ:
++ case DEF_OTHER_OBJ:
++ return aclp->a_perm;
++ default:
++ return 0;
++ }
++}
++
++/* acl_sort for HPUX.
++ * Sorts the array of ACL structures as per the description in
++ * aclsort man page. Refer to aclsort man page for more details
++ *
++ * Inputs:
++ *
++ * acl_count - Count of ACLs in the array of ACL structures.
++ * calclass - If this is not zero, then we compute the CLASS_OBJ
++ * permissions.
++ * aclp - Array of ACL structures.
++ *
++ * Outputs:
++ *
++ * aclp - Sorted array of ACL structures.
++ *
++ * Outputs:
++ *
++ * Returns 0 for success -1 for failure. Prints a message to the Samba
++ * debug log in case of failure.
++ */
++
++static int hpux_acl_sort(int acl_count, int calclass, struct acl *aclp)
++{
++#if !defined(HAVE_HPUX_ACLSORT)
++ /* The aclsort() system call is availabe on the latest HPUX General
++ * Patch Bundles. So for HPUX, we developed our version of acl_sort
++ * function. Because, we don't want to update to a new
++ * HPUX GR bundle just for aclsort() call. */
++
++ struct hpux_acl_types acl_obj_count;
++ int n_class_obj_perm = 0;
++ int i, j;
++
++ if (!acl_count) {
++ DEBUG(10,("Zero acl count passed. Returning Success\n"));
++ return 0;
++ }
++
++ if (aclp == NULL) {
++ DEBUG(0,("Null ACL pointer in hpux_acl_sort. Returning Failure. \n"));
++ return -1;
++ }
++
++ /* Count different types of ACLs in the ACLs array */
++
++ hpux_count_obj(acl_count, aclp, &acl_obj_count);
++
++ /* There should be only one entry each of type USER_OBJ, GROUP_OBJ,
++ * CLASS_OBJ and OTHER_OBJ
++ */
++
++ if (acl_obj_count.n_user_obj != 1
++ || acl_obj_count.n_group_obj != 1
++ || acl_obj_count.n_class_obj != 1
++ || acl_obj_count.n_other_obj != 1) {
++ DEBUG(0,("hpux_acl_sort: More than one entry or no entries for \
++USER OBJ or GROUP_OBJ or OTHER_OBJ or CLASS_OBJ\n"));
++ return -1;
++ }
++
++ /* If any of the default objects are present, there should be only
++ * one of them each.
++ */
++
++ if (acl_obj_count.n_def_user_obj > 1 || acl_obj_count.n_def_group_obj > 1 ||
++ acl_obj_count.n_def_other_obj > 1 || acl_obj_count.n_def_class_obj > 1) {
++ DEBUG(0,("hpux_acl_sort: More than one entry for DEF_CLASS_OBJ \
++or DEF_USER_OBJ or DEF_GROUP_OBJ or DEF_OTHER_OBJ\n"));
++ return -1;
++ }
++
++ /* We now have proper number of OBJ and DEF_OBJ entries. Now sort the acl
++ * structures.
++ *
++ * Sorting crieteria - First sort by ACL type. If there are multiple entries of
++ * same ACL type, sort by ACL id.
++ *
++ * I am using the trival kind of sorting method here because, performance isn't
++ * really effected by the ACLs feature. More over there aren't going to be more
++ * than 17 entries on HPUX.
++ */
++
++ for (i=0; i<acl_count;i++) {
++ for (j=i+1; j<acl_count; j++) {
++ if (aclp[i].a_type > aclp[j].a_type) {
++ /* ACL entries out of order, swap them */
++
++ hpux_swap_acl_entries((aclp+i), (aclp+j));
++
++ } else if (aclp[i].a_type == aclp[j].a_type) {
++
++ /* ACL entries of same type, sort by id */
++
++ if (aclp[i].a_id > aclp[j].a_id) {
++ hpux_swap_acl_entries((aclp+i), (aclp+j));
++ } else if (aclp[i].a_id == aclp[j].a_id) {
++ /* We have a duplicate entry. */
++ if (hpux_prohibited_duplicate_type(aclp[i].a_type)) {
++ DEBUG(0, ("hpux_acl_sort: Duplicate entry: Type(hex): %x Id: %d\n",
++ aclp[i].a_type, aclp[i].a_id));
++ return -1;
++ }
++ }
++
++ }
++ }
++ }
++
++ /* set the class obj permissions to the computed one. */
++ if (calclass) {
++ int n_class_obj_index = -1;
++
++ for (i=0;i<acl_count;i++) {
++ n_class_obj_perm |= hpux_get_needed_class_perm((aclp+i));
++
++ if (aclp[i].a_type == CLASS_OBJ)
++ n_class_obj_index = i;
++ }
++ aclp[n_class_obj_index].a_perm = n_class_obj_perm;
++ }
++
++ return 0;
++#else
++ return aclsort(acl_count, calclass, aclp);
++#endif
++}
++
++/* Sort the ACL and check it for validity.
++ *
++ * If it's a minimal ACL with only 4 entries then we
++ * need to recalculate the mask permissions to make
++ * sure that they are the same as the GROUP_OBJ
++ * permissions as required by the UnixWare acl() system call.
++ *
++ * (Note: since POSIX allows minimal ACLs which only contain
++ * 3 entries - ie there is no mask entry - we should, in theory,
++ * check for this and add a mask entry if necessary - however
++ * we "know" that the caller of this interface always specifies
++ * a mask so, in practice "this never happens" (tm) - if it *does*
++ * happen aclsort() will fail and return an error and someone will
++ * have to fix it ...) */
++
++static int acl_sort(SMB_ACL_T acl_d)
++{
++ int fixmask = (acl_d->count <= 4);
++
++ if (hpux_acl_sort(acl_d->count, fixmask, acl_d->acl) != 0) {
++ errno = EINVAL;
++ return -1;
++ }
++ return 0;
++}
++
++ int sys_acl_valid(SMB_ACL_T acl_d)
++{
++ return acl_sort(acl_d);
++}
++
++ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
++{
++ struct stat s;
++ struct acl *acl_p;
++ int acl_count;
++ struct acl *acl_buf = NULL;
++ int ret;
++
++ if (hpux_acl_call_presence() == False) {
++ /* Looks like we don't have the acl() system call on HPUX.
++ * May be the system doesn't have the latest version of JFS. */
++ errno = ENOSYS;
++ return -1;
++ }
++
++ if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ if (acl_sort(acl_d) != 0) {
++ return -1;
++ }
++
++ acl_p = &acl_d->acl[0];
++ acl_count = acl_d->count;
++
++ /* If it's a directory there is extra work to do since the acl()
++ * system call will replace both the access ACLs and the default
++ * ACLs (if any). */
++ if (stat(name, &s) != 0) {
++ return -1;
++ }
++ if (S_ISDIR(s.st_mode)) {
++ SMB_ACL_T acc_acl;
++ SMB_ACL_T def_acl;
++ SMB_ACL_T tmp_acl;
++ int i;
++
++ if (type == SMB_ACL_TYPE_ACCESS) {
++ acc_acl = acl_d;
++ def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
++
++ } else {
++ def_acl = acl_d;
++ acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
++ }
++
++ if (tmp_acl == NULL) {
++ return -1;
++ }
++
++ /* Allocate a temporary buffer for the complete ACL. */
++ acl_count = acc_acl->count + def_acl->count;
++ acl_p = acl_buf = malloc(acl_count * sizeof acl_buf[0]);
++
++ if (acl_buf == NULL) {
++ sys_acl_free_acl(tmp_acl);
++ errno = ENOMEM;
++ return -1;
++ }
++
++ /* Copy the access control and default entries into the buffer. */
++ memcpy(&acl_buf[0], &acc_acl->acl[0],
++ acc_acl->count * sizeof acl_buf[0]);
++
++ memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0],
++ def_acl->count * sizeof acl_buf[0]);
++
++ /* Set the ACL_DEFAULT flag on the default entries. */
++ for (i = acc_acl->count; i < acl_count; i++) {
++ acl_buf[i].a_type |= ACL_DEFAULT;
++ }
++
++ sys_acl_free_acl(tmp_acl);
++
++ } else if (type != SMB_ACL_TYPE_ACCESS) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ ret = acl(name, ACL_SET, acl_count, acl_p);
++
++ free(acl_buf);
++
++ return ret;
++}
++
++ int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
++{
++ /* HPUX doesn't have the facl call. Fake it using the path.... JRA. */
++
++ files_struct *fsp = file_find_fd(fd);
++
++ if (fsp == NULL) {
++ errno = EBADF;
++ return NULL;
++ }
++
++ if (acl_sort(acl_d) != 0) {
++ return -1;
++ }
++
++ /* We know we're in the same conn context. So we can use the
++ * relative path. */
++
++ return sys_acl_set_file(dos_to_unix_static(fsp->fsp_name), SMB_ACL_TYPE_ACCESS, acl_d);
++}
++
++ int sys_acl_delete_def_file(const char *path)
++{
++ SMB_ACL_T acl_d;
++ int ret;
++
++ /* Fetching the access ACL and rewriting it has the effect of
++ * deleting the default ACL. */
++ if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) {
++ return -1;
++ }
++
++ ret = acl(path, ACL_SET, acl_d->count, acl_d->acl);
++
++ sys_acl_free_acl(acl_d);
++
++ return ret;
++}
++
++ int sys_acl_free_text(char *text)
++{
++ free(text);
++ return 0;
++}
++
++ int sys_acl_free_acl(SMB_ACL_T acl_d)
++{
++ free(acl_d);
++ return 0;
++}
++
++ int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
++{
++ return 0;
++}
++
++#elif defined(HAVE_IRIX_ACLS)
++
++ int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
++{
++ if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ if (entry_p == NULL) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ if (entry_id == SMB_ACL_FIRST_ENTRY) {
++ acl_d->next = 0;
++ }
++
++ if (acl_d->next < 0) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ if (acl_d->next >= acl_d->aclp->acl_cnt) {
++ return 0;
++ }
++
++ *entry_p = &acl_d->aclp->acl_entry[acl_d->next++];
++
++ return 1;
++}
++
++ int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
++{
++ *type_p = entry_d->ae_tag;
++
++ return 0;
++}
++
++ int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
++{
++ *permset_p = entry_d;
++
++ return 0;
++}
++
++ void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
++{
++ if (entry_d->ae_tag != SMB_ACL_USER
++ && entry_d->ae_tag != SMB_ACL_GROUP) {
++ errno = EINVAL;
++ return NULL;
++ }
++
++ return &entry_d->ae_id;
++}
++
++ SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
++{
++ SMB_ACL_T a;
++
++ if ((a = malloc(sizeof a[0])) == NULL) {
++ errno = ENOMEM;
++ return NULL;
++ }
++ if ((a->aclp = acl_get_file(path_p, type)) == NULL) {
++ free(a);
++ return NULL;
++ }
++ a->next = -1;
++ a->freeaclp = True;
++ return a;
++}
++
++ SMB_ACL_T sys_acl_get_fd(int fd)
++{
++ SMB_ACL_T a;
++
++ if ((a = malloc(sizeof a[0])) == NULL) {
++ errno = ENOMEM;
++ return NULL;
++ }
++ if ((a->aclp = acl_get_fd(fd)) == NULL) {
++ free(a);
++ return NULL;
++ }
++ a->next = -1;
++ a->freeaclp = True;
++ return a;
++}
++
++ int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
++{
++ permset_d->ae_perm = 0;
++
++ return 0;
++}
++
++ int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
++{
++ if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
++ && perm != SMB_ACL_EXECUTE) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ if (permset_d == NULL) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ permset_d->ae_perm |= perm;
++
++ return 0;
++}
++
++ int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
++{
++ return permset_d->ae_perm & perm;
++}
++
++ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
++{
++ return acl_to_text(acl_d->aclp, len_p);
++}
++
++ SMB_ACL_T sys_acl_init(int count)
++{
++ SMB_ACL_T a;
++
++ if (count < 0) {
++ errno = EINVAL;
++ return NULL;
++ }
++
++ if ((a = malloc(sizeof a[0] + sizeof (struct acl))) == NULL) {
++ errno = ENOMEM;
++ return NULL;
++ }
++
++ a->next = -1;
++ a->freeaclp = False;
++ a->aclp = (struct acl *)(&a->aclp + sizeof (struct acl *));
++ a->aclp->acl_cnt = 0;
++
++ return a;
++}
++
++
++ int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
++{
++ SMB_ACL_T acl_d;
++ SMB_ACL_ENTRY_T entry_d;
++
++ if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ if (acl_d->aclp->acl_cnt >= ACL_MAX_ENTRIES) {
++ errno = ENOSPC;
++ return -1;
++ }
++
++ entry_d = &acl_d->aclp->acl_entry[acl_d->aclp->acl_cnt++];
++ entry_d->ae_tag = 0;
++ entry_d->ae_id = 0;
++ entry_d->ae_perm = 0;
++ *entry_p = entry_d;
++
++ return 0;
++}
++
++ int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
++{
++ switch (tag_type) {
++ case SMB_ACL_USER:
++ case SMB_ACL_USER_OBJ:
++ case SMB_ACL_GROUP:
++ case SMB_ACL_GROUP_OBJ:
++ case SMB_ACL_OTHER:
++ case SMB_ACL_MASK:
++ entry_d->ae_tag = tag_type;
++ break;
++ default:
++ errno = EINVAL;
++ return -1;
++ }
++
++ return 0;
++}
++
++ int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
++{
++ if (entry_d->ae_tag != SMB_ACL_GROUP
++ && entry_d->ae_tag != SMB_ACL_USER) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ entry_d->ae_id = *((id_t *)qual_p);
++
++ return 0;
++}
++
++ int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
++{
++ if (permset_d->ae_perm & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
++ return EINVAL;
++ }
++
++ entry_d->ae_perm = permset_d->ae_perm;
++
++ return 0;
++}
++
++ int sys_acl_valid(SMB_ACL_T acl_d)
++{
++ return acl_valid(acl_d->aclp);
++}
++
++ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
++{
++ return acl_set_file(name, type, acl_d->aclp);
++}
++
++ int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
++{
++ return acl_set_fd(fd, acl_d->aclp);
++}
++
++ int sys_acl_delete_def_file(const char *name)
++{
++ return acl_delete_def_file(name);
++}
++
++ int sys_acl_free_text(char *text)
++{
++ return acl_free(text);
++}
++
++ int sys_acl_free_acl(SMB_ACL_T acl_d)
++{
++ if (acl_d->freeaclp) {
++ acl_free(acl_d->aclp);
++ }
++ acl_free(acl_d);
++ return 0;
++}
++
++ int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
++{
++ return 0;
++}
++
++#elif defined(HAVE_AIX_ACLS)
++
++/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
++
++ int sys_acl_get_entry(SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
++{
++ struct acl_entry_link *link;
++ struct new_acl_entry *entry;
++ int keep_going;
++
++ DEBUG(10,("This is the count: %d\n",theacl->count));
++
++ /* Check if count was previously set to -1. If it was, that
++ * means we reached the end of the acl last time. */
++ if (theacl->count == -1)
++ return 0;
++
++ link = theacl;
++ /* To get to the next acl, traverse linked list until index of
++ * acl matches the count we are keeping. This count is
++ * incremented each time we return an acl entry. */
++
++ for (keep_going = 0; keep_going < theacl->count; keep_going++)
++ link = link->nextp;
++
++ entry = *entry_p = link->entryp;
++
++ DEBUG(10,("*entry_p is %d\n",entry_p));
++ DEBUG(10,("*entry_p->ace_access is %d\n",entry->ace_access));
++
++ /* Increment count */
++ theacl->count++;
++ if (link->nextp == NULL)
++ theacl->count = -1;
++
++ return 1;
++}
++
++ int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
++{
++ /* Initialize tag type */
++
++ *tag_type_p = -1;
++ DEBUG(10,("the tagtype is %d\n",entry_d->ace_id->id_type));
++
++ /* Depending on what type of entry we have, return tag type. */
++ switch (entry_d->ace_id->id_type) {
++ case ACEID_USER:
++ *tag_type_p = SMB_ACL_USER;
++ break;
++ case ACEID_GROUP:
++ *tag_type_p = SMB_ACL_GROUP;
++ break;
++
++ case SMB_ACL_USER_OBJ:
++ case SMB_ACL_GROUP_OBJ:
++ case SMB_ACL_OTHER:
++ *tag_type_p = entry_d->ace_id->id_type;
++ break;
++
++ default:
++ return -1;
++ }
++
++ return 0;
++}
++
++ int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
++{
++ DEBUG(10,("Starting AIX sys_acl_get_permset\n"));
++ *permset_p = &entry_d->ace_access;
++ DEBUG(10,("**permset_p is %d\n",**permset_p));
++ if (!(**permset_p & S_IXUSR)
++ && !(**permset_p & S_IWUSR)
++ && !(**permset_p & S_IRUSR)
++ && **permset_p != 0)
++ return -1;
++
++ DEBUG(10,("Ending AIX sys_acl_get_permset\n"));
++ return 0;
++}
++
++ void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
++{
++ return entry_d->ace_id->id_data;
++}
++
++ SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
++{
++ struct acl *file_acl = (struct acl *)NULL;
++ struct acl_entry *acl_entry;
++ struct new_acl_entry *new_acl_entry;
++ struct ace_id *idp;
++ struct acl_entry_link *acl_entry_link;
++ struct acl_entry_link *acl_entry_link_head;
++ int i;
++ int rc = 0;
++ uid_t user_id;
++
++ /* Get the acl using statacl */
++
++ DEBUG(10,("Entering sys_acl_get_file\n"));
++ DEBUG(10,("path_p is %s\n",path_p));
++
++ file_acl = (struct acl *)malloc(BUFSIZ);
++
++ if (file_acl == NULL) {
++ errno=ENOMEM;
++ DEBUG(0,("Error in AIX sys_acl_get_file: %d\n",errno));
++ return NULL;
++ }
++
++ memset(file_acl,0,BUFSIZ);
++
++ rc = statacl((char *)path_p,0,file_acl,BUFSIZ);
++ if (rc == -1) {
++ DEBUG(0,("statacl returned %d with errno %d\n",rc,errno));
++ free(file_acl);
++ return NULL;
++ }
++
++ DEBUG(10,("Got facl and returned it\n"));
++
++ /* Point to the first acl entry in the acl */
++ acl_entry = file_acl->acl_ext;
++
++ /* Begin setting up the head of the linked list that will be
++ * used for the storing the acl in a way that is useful for the
++ * posix_acls.c code. */
++
++ acl_entry_link_head = acl_entry_link = sys_acl_init(0);
++ if (acl_entry_link_head == NULL)
++ return NULL;
++
++ acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry));
++ if (acl_entry_link->entryp == NULL) {
++ free(file_acl);
++ errno = ENOMEM;
++ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
++ return NULL;
++ }
++
++ DEBUG(10,("acl_entry is %d\n",acl_entry));
++ DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl)));
++
++ /* Check if the extended acl bit is on. If it isn't, do not
++ * show the contents of the acl since AIX intends the extended
++ * info to remain unused. */
++
++ if (file_acl->acl_mode & S_IXACL){
++ /* while we are not pointing to the very end */
++ while (acl_entry < acl_last(file_acl)) {
++ /* before we malloc anything, make sure this is */
++ /* a valid acl entry and one that we want to map */
++ idp = id_nxt(acl_entry->ace_id);
++ if ((acl_entry->ace_type == ACC_SPECIFY
++ || acl_entry->ace_type == ACC_PERMIT)
++ && idp != id_last(acl_entry)) {
++ acl_entry = acl_nxt(acl_entry);
++ continue;
++ }
++
++ idp = acl_entry->ace_id;
++
++ /* Check if this is the first entry in the linked list.
++ * The first entry needs to keep prevp pointing to NULL
++ * and already has entryp allocated. */
++
++ if (acl_entry_link_head->count != 0) {
++ acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof (struct acl_entry_link));
++
++ if (acl_entry_link->nextp == NULL) {
++ free(file_acl);
++ errno = ENOMEM;
++ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
++ return NULL;
++ }
++
++ acl_entry_link->nextp->prevp = acl_entry_link;
++ acl_entry_link = acl_entry_link->nextp;
++ acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry));
++ if (acl_entry_link->entryp == NULL) {
++ free(file_acl);
++ errno = ENOMEM;
++ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
++ return NULL;
++ }
++ acl_entry_link->nextp = NULL;
++ }
++
++ acl_entry_link->entryp->ace_len = acl_entry->ace_len;
++
++ /* Don't really need this since all types are going
++ * to be specified but, it's better than leaving it 0. */
++
++ acl_entry_link->entryp->ace_type = acl_entry->ace_type;
++
++ acl_entry_link->entryp->ace_access = acl_entry->ace_access;
++
++ memcpy(acl_entry_link->entryp->ace_id,idp,sizeof (struct ace_id));
++
++ /* The access in the acl entries must be left shifted by
++ * three bites, because they will ultimately be compared
++ * to S_IRUSR, S_IWUSR, and S_IXUSR. */
++
++ switch (acl_entry->ace_type){
++ case ACC_PERMIT:
++ case ACC_SPECIFY:
++ acl_entry_link->entryp->ace_access = acl_entry->ace_access;
++ acl_entry_link->entryp->ace_access <<= 6;
++ acl_entry_link_head->count++;
++ break;
++ case ACC_DENY:
++ /* Since there is no way to return a DENY acl entry
++ * change to PERMIT and then shift. */
++ DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access));
++ acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7;
++ DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access));
++ acl_entry_link->entryp->ace_access <<= 6;
++ acl_entry_link_head->count++;
++ break;
++ default:
++ return 0;
++ }
++
++ DEBUG(10,("acl_entry = %d\n",acl_entry));
++ DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type));
++
++ acl_entry = acl_nxt(acl_entry);
++ }
++ } /* end of if enabled */
++
++ /* Since owner, group, other acl entries are not part of the acl
++ * entries in an acl, they must be dummied up to become part of
++ * the list. */
++
++ for (i = 1; i < 4; i++) {
++ DEBUG(10,("i is %d\n",i));
++ if (acl_entry_link_head->count != 0) {
++ acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof (struct acl_entry_link));
++ if (acl_entry_link->nextp == NULL) {
++ free(file_acl);
++ errno = ENOMEM;
++ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
++ return NULL;
++ }
++
++ acl_entry_link->nextp->prevp = acl_entry_link;
++ acl_entry_link = acl_entry_link->nextp;
++ acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry));
++ if (acl_entry_link->entryp == NULL) {
++ free(file_acl);
++ errno = ENOMEM;
++ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
++ return NULL;
++ }
++ }
++
++ acl_entry_link->nextp = NULL;
++
++ new_acl_entry = acl_entry_link->entryp;
++ idp = new_acl_entry->ace_id;
++
++ new_acl_entry->ace_len = sizeof (struct acl_entry);
++ new_acl_entry->ace_type = ACC_PERMIT;
++ idp->id_len = sizeof (struct ace_id);
++ DEBUG(10,("idp->id_len = %d\n",idp->id_len));
++ memset(idp->id_data,0,sizeof (uid_t));
++
++ switch (i) {
++ case 2:
++ new_acl_entry->ace_access = file_acl->g_access << 6;
++ idp->id_type = SMB_ACL_GROUP_OBJ;
++ break;
++
++ case 3:
++ new_acl_entry->ace_access = file_acl->o_access << 6;
++ idp->id_type = SMB_ACL_OTHER;
++ break;
++
++ case 1:
++ new_acl_entry->ace_access = file_acl->u_access << 6;
++ idp->id_type = SMB_ACL_USER_OBJ;
++ break;
++
++ default:
++ return NULL;
++
++ }
++
++ acl_entry_link_head->count++;
++ DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access));
++ }
++
++ acl_entry_link_head->count = 0;
++ free(file_acl);
++
++ return acl_entry_link_head;
++}
++
++ SMB_ACL_T sys_acl_get_fd(int fd)
++{
++ struct acl *file_acl = (struct acl *)NULL;
++ struct acl_entry *acl_entry;
++ struct new_acl_entry *new_acl_entry;
++ struct ace_id *idp;
++ struct acl_entry_link *acl_entry_link;
++ struct acl_entry_link *acl_entry_link_head;
++ int i;
++ int rc = 0;
++ uid_t user_id;
++
++ /* Get the acl using fstatacl */
++
++ DEBUG(10,("Entering sys_acl_get_fd\n"));
++ DEBUG(10,("fd is %d\n",fd));
++ file_acl = (struct acl *)malloc(BUFSIZ);
++
++ if (file_acl == NULL) {
++ errno=ENOMEM;
++ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
++ return NULL;
++ }
++
++ memset(file_acl,0,BUFSIZ);
++
++ rc = fstatacl(fd,0,file_acl,BUFSIZ);
++ if (rc == -1) {
++ DEBUG(0,("The fstatacl call returned %d with errno %d\n",rc,errno));
++ free(file_acl);
++ return NULL;
++ }
++
++ DEBUG(10,("Got facl and returned it\n"));
++
++ /* Point to the first acl entry in the acl */
++
++ acl_entry = file_acl->acl_ext;
++
++ /* Begin setting up the head of the linked list that will be
++ * used for the storing the acl in a way that is useful for the
++ * posix_acls.c code. */
++
++ acl_entry_link_head = acl_entry_link = sys_acl_init(0);
++ if (acl_entry_link_head == NULL){
++ free(file_acl);
++ return NULL;
++ }
++
++ acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry));
++
++ if (acl_entry_link->entryp == NULL) {
++ errno = ENOMEM;
++ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
++ free(file_acl);
++ return NULL;
++ }
++
++ DEBUG(10,("acl_entry is %d\n",acl_entry));
++ DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl)));
++
++ /* Check if the extended acl bit is on. If it isn't, do not
++ * show the contents of the acl since AIX intends the extended
++ * info to remain unused. */
++
++ if (file_acl->acl_mode & S_IXACL){
++ /* while we are not pointing to the very end */
++ while (acl_entry < acl_last(file_acl)) {
++ /* before we malloc anything, make sure this is */
++ /* a valid acl entry and one that we want to map */
++
++ idp = id_nxt(acl_entry->ace_id);
++ if ((acl_entry->ace_type == ACC_SPECIFY
++ || acl_entry->ace_type == ACC_PERMIT)
++ && (idp != id_last(acl_entry))) {
++ acl_entry = acl_nxt(acl_entry);
++ continue;
++ }
++
++ idp = acl_entry->ace_id;
++
++ /* Check if this is the first entry in the linked list.
++ * The first entry needs to keep prevp pointing to NULL
++ * and already has entryp allocated. */
++
++ if (acl_entry_link_head->count != 0) {
++ acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof (struct acl_entry_link));
++ if (acl_entry_link->nextp == NULL) {
++ errno = ENOMEM;
++ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
++ free(file_acl);
++ return NULL;
++ }
++ acl_entry_link->nextp->prevp = acl_entry_link;
++ acl_entry_link = acl_entry_link->nextp;
++ acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry));
++ if (acl_entry_link->entryp == NULL) {
++ errno = ENOMEM;
++ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
++ free(file_acl);
++ return NULL;
++ }
++
++ acl_entry_link->nextp = NULL;
++ }
++
++ acl_entry_link->entryp->ace_len = acl_entry->ace_len;
++
++ /* Don't really need this since all types are going
++ * to be specified but, it's better than leaving it 0. */
++
++ acl_entry_link->entryp->ace_type = acl_entry->ace_type;
++ acl_entry_link->entryp->ace_access = acl_entry->ace_access;
++
++ memcpy(acl_entry_link->entryp->ace_id, idp, sizeof (struct ace_id));
++
++ /* The access in the acl entries must be left shifted by
++ * three bites, because they will ultimately be compared
++ * to S_IRUSR, S_IWUSR, and S_IXUSR. */
++
++ switch (acl_entry->ace_type){
++ case ACC_PERMIT:
++ case ACC_SPECIFY:
++ acl_entry_link->entryp->ace_access = acl_entry->ace_access;
++ acl_entry_link->entryp->ace_access <<= 6;
++ acl_entry_link_head->count++;
++ break;
++ case ACC_DENY:
++ /* Since there is no way to return a DENY acl entry
++ * change to PERMIT and then shift. */
++ DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access));
++ acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7;
++ DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access));
++ acl_entry_link->entryp->ace_access <<= 6;
++ acl_entry_link_head->count++;
++ break;
++ default:
++ return 0;
++ }
++
++ DEBUG(10,("acl_entry = %d\n",acl_entry));
++ DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type));
++
++ acl_entry = acl_nxt(acl_entry);
++ }
++ } /* end of if enabled */
++
++ /* Since owner, group, other acl entries are not
++ * part of the acl entries in an acl, they must
++ * be dummied up to become part of the list. */
++
++ for (i = 1; i < 4; i++) {
++ DEBUG(10,("i is %d\n",i));
++ if (acl_entry_link_head->count != 0){
++ acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof (struct acl_entry_link));
++ if (acl_entry_link->nextp == NULL) {
++ errno = ENOMEM;
++ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
++ free(file_acl);
++ return NULL;
++ }
++
++ acl_entry_link->nextp->prevp = acl_entry_link;
++ acl_entry_link = acl_entry_link->nextp;
++ acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry));
++
++ if (acl_entry_link->entryp == NULL) {
++ free(file_acl);
++ errno = ENOMEM;
++ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
++ return NULL;
++ }
++ }
++
++ acl_entry_link->nextp = NULL;
++
++ new_acl_entry = acl_entry_link->entryp;
++ idp = new_acl_entry->ace_id;
++
++ new_acl_entry->ace_len = sizeof (struct acl_entry);
++ new_acl_entry->ace_type = ACC_PERMIT;
++ idp->id_len = sizeof (struct ace_id);
++ DEBUG(10,("idp->id_len = %d\n",idp->id_len));
++ memset(idp->id_data,0,sizeof (uid_t));
++
++ switch (i) {
++ case 2:
++ new_acl_entry->ace_access = file_acl->g_access << 6;
++ idp->id_type = SMB_ACL_GROUP_OBJ;
++ break;
++
++ case 3:
++ new_acl_entry->ace_access = file_acl->o_access << 6;
++ idp->id_type = SMB_ACL_OTHER;
++ break;
++
++ case 1:
++ new_acl_entry->ace_access = file_acl->u_access << 6;
++ idp->id_type = SMB_ACL_USER_OBJ;
++ break;
++
++ default:
++ return NULL;
++ }
++
++ acl_entry_link_head->count++;
++ DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access));
++ }
++
++ acl_entry_link_head->count = 0;
++ free(file_acl);
++
++ return acl_entry_link_head;
++}
++
++ int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
++{
++ *permset = *permset & ~0777;
++ return 0;
++}
++
++ int sys_acl_add_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
++{
++ if (perm != 0 && (perm & (S_IXUSR | S_IWUSR | S_IRUSR)) == 0)
++ return -1;
++
++ *permset |= perm;
++ DEBUG(10,("This is the permset now: %d\n",*permset));
++ return 0;
++}
++
++ char *sys_acl_to_text(SMB_ACL_T theacl, ssize_t *plen)
++{
++ return NULL;
++}
++
++ SMB_ACL_T sys_acl_init(int count)
++{
++ struct acl_entry_link *theacl = NULL;
++
++ DEBUG(10,("Entering sys_acl_init\n"));
++
++ theacl = (struct acl_entry_link *)malloc(sizeof (struct acl_entry_link));
++ if (theacl == NULL) {
++ errno = ENOMEM;
++ DEBUG(0,("Error in sys_acl_init is %d\n",errno));
++ return NULL;
++ }
++
++ theacl->count = 0;
++ theacl->nextp = NULL;
++ theacl->prevp = NULL;
++ theacl->entryp = NULL;
++ DEBUG(10,("Exiting sys_acl_init\n"));
++ return theacl;
++}
++
++ int sys_acl_create_entry(SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
++{
++ struct acl_entry_link *theacl;
++ struct acl_entry_link *acl_entryp;
++ struct acl_entry_link *temp_entry;
++ int counting;
++
++ DEBUG(10,("Entering the sys_acl_create_entry\n"));
++
++ theacl = acl_entryp = *pacl;
++
++ /* Get to the end of the acl before adding entry */
++
++ for (counting=0; counting < theacl->count; counting++){
++ DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
++ temp_entry = acl_entryp;
++ acl_entryp = acl_entryp->nextp;
++ }
++
++ if (theacl->count != 0){
++ temp_entry->nextp = acl_entryp = (struct acl_entry_link *)malloc(sizeof (struct acl_entry_link));
++ if (acl_entryp == NULL) {
++ errno = ENOMEM;
++ DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
++ return -1;
++ }
++
++ DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
++ acl_entryp->prevp = temp_entry;
++ DEBUG(10,("The acl_entryp->prevp is %d\n",acl_entryp->prevp));
++ }
++
++ *pentry = acl_entryp->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry));
++ if (*pentry == NULL) {
++ errno = ENOMEM;
++ DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
++ return -1;
++ }
++
++ memset(*pentry,0,sizeof (struct new_acl_entry));
++ acl_entryp->entryp->ace_len = sizeof (struct acl_entry);
++ acl_entryp->entryp->ace_type = ACC_PERMIT;
++ acl_entryp->entryp->ace_id->id_len = sizeof (struct ace_id);
++ acl_entryp->nextp = NULL;
++ theacl->count++;
++ DEBUG(10,("Exiting sys_acl_create_entry\n"));
++ return 0;
++}
++
++ int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
++{
++ DEBUG(10,("Starting AIX sys_acl_set_tag_type\n"));
++ entry->ace_id->id_type = tagtype;
++ DEBUG(10,("The tag type is %d\n",entry->ace_id->id_type));
++ DEBUG(10,("Ending AIX sys_acl_set_tag_type\n"));
++}
++
++ int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry, void *qual)
++{
++ DEBUG(10,("Starting AIX sys_acl_set_qualifier\n"));
++ memcpy(entry->ace_id->id_data,qual,sizeof (uid_t));
++ DEBUG(10,("Ending AIX sys_acl_set_qualifier\n"));
++ return 0;
++}
++
++ int sys_acl_set_permset(SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
++{
++ DEBUG(10,("Starting AIX sys_acl_set_permset\n"));
++ if (!(*permset & S_IXUSR)
++ && !(*permset & S_IWUSR)
++ && !(*permset & S_IRUSR)
++ && *permset != 0)
++ return -1;
++
++ entry->ace_access = *permset;
++ DEBUG(10,("entry->ace_access = %d\n",entry->ace_access));
++ DEBUG(10,("Ending AIX sys_acl_set_permset\n"));
++ return 0;
++}
++
++ int sys_acl_valid(SMB_ACL_T theacl)
++{
++ int user_obj = 0;
++ int group_obj = 0;
++ int other_obj = 0;
++ struct acl_entry_link *acl_entry;
++
++ for (acl_entry=theacl; acl_entry != NULL; acl_entry = acl_entry->nextp) {
++ user_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_USER_OBJ);
++ group_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_GROUP_OBJ);
++ other_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_OTHER);
++ }
++
++ DEBUG(10,("user_obj=%d, group_obj=%d, other_obj=%d\n",user_obj,group_obj,other_obj));
++
++ if (user_obj != 1 || group_obj != 1 || other_obj != 1)
++ return -1;
++
++ return 0;
++}
++
++ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
++{
++ struct acl_entry_link *acl_entry_link = NULL;
++ struct acl *file_acl = NULL;
++ struct acl *file_acl_temp = NULL;
++ struct acl_entry *acl_entry = NULL;
++ struct ace_id *ace_id = NULL;
++ uint id_type;
++ uint ace_access;
++ uint user_id;
++ uint acl_length;
++ uint rc;
++
++ DEBUG(10,("Entering sys_acl_set_file\n"));
++ DEBUG(10,("File name is %s\n",name));
++
++ /* AIX has no default ACL */
++ if (acltype == SMB_ACL_TYPE_DEFAULT)
++ return 0;
++
++ acl_length = BUFSIZ;
++ file_acl = (struct acl *)malloc(BUFSIZ);
++
++ if (file_acl == NULL) {
++ errno = ENOMEM;
++ DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
++ return -1;
++ }
++
++ memset(file_acl,0,BUFSIZ);
++
++ file_acl->acl_len = ACL_SIZ;
++ file_acl->acl_mode = S_IXACL;
++
++ for (acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
++ acl_entry_link->entryp->ace_access >>= 6;
++ id_type = acl_entry_link->entryp->ace_id->id_type;
++
++ switch (id_type) {
++ case SMB_ACL_USER_OBJ:
++ file_acl->u_access = acl_entry_link->entryp->ace_access;
++ continue;
++ case SMB_ACL_GROUP_OBJ:
++ file_acl->g_access = acl_entry_link->entryp->ace_access;
++ continue;
++ case SMB_ACL_OTHER:
++ file_acl->o_access = acl_entry_link->entryp->ace_access;
++ continue;
++ case SMB_ACL_MASK:
++ continue;
++ }
++
++ if ((file_acl->acl_len + sizeof (struct acl_entry)) > acl_length) {
++ acl_length += sizeof (struct acl_entry);
++ file_acl_temp = (struct acl *)malloc(acl_length);
++ if (file_acl_temp == NULL) {
++ free(file_acl);
++ errno = ENOMEM;
++ DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
++ return -1;
++ }
++
++ memcpy(file_acl_temp,file_acl,file_acl->acl_len);
++ free(file_acl);
++ file_acl = file_acl_temp;
++ }
++
++ acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
++ file_acl->acl_len += sizeof (struct acl_entry);
++ acl_entry->ace_len = acl_entry_link->entryp->ace_len;
++ acl_entry->ace_access = acl_entry_link->entryp->ace_access;
++
++ /* In order to use this, we'll need to wait until we can get denies */
++ /* if (!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
++ acl_entry->ace_type = ACC_SPECIFY; */
++
++ acl_entry->ace_type = ACC_SPECIFY;
++
++ ace_id = acl_entry->ace_id;
++
++ ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
++ DEBUG(10,("The id type is %d\n",ace_id->id_type));
++ ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
++ memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof (uid_t));
++ memcpy(acl_entry->ace_id->id_data, &user_id, sizeof (uid_t));
++ }
++
++ rc = chacl((char *)name,file_acl,file_acl->acl_len);
++ DEBUG(10,("errno is %d\n",errno));
++ DEBUG(10,("return code is %d\n",rc));
++ free(file_acl);
++ DEBUG(10,("Exiting the sys_acl_set_file\n"));
++ return rc;
++}
++
++ int sys_acl_set_fd(int fd, SMB_ACL_T theacl)
++{
++ struct acl_entry_link *acl_entry_link = NULL;
++ struct acl *file_acl = NULL;
++ struct acl *file_acl_temp = NULL;
++ struct acl_entry *acl_entry = NULL;
++ struct ace_id *ace_id = NULL;
++ uint id_type;
++ uint user_id;
++ uint acl_length;
++ uint rc;
++
++ DEBUG(10,("Entering sys_acl_set_fd\n"));
++ acl_length = BUFSIZ;
++ file_acl = (struct acl *)malloc(BUFSIZ);
++
++ if (file_acl == NULL) {
++ errno = ENOMEM;
++ DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
++ return -1;
++ }
++
++ memset(file_acl,0,BUFSIZ);
++
++ file_acl->acl_len = ACL_SIZ;
++ file_acl->acl_mode = S_IXACL;
++
++ for (acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
++ acl_entry_link->entryp->ace_access >>= 6;
++ id_type = acl_entry_link->entryp->ace_id->id_type;
++ DEBUG(10,("The id_type is %d\n",id_type));
++
++ switch (id_type) {
++ case SMB_ACL_USER_OBJ:
++ file_acl->u_access = acl_entry_link->entryp->ace_access;
++ continue;
++ case SMB_ACL_GROUP_OBJ:
++ file_acl->g_access = acl_entry_link->entryp->ace_access;
++ continue;
++ case SMB_ACL_OTHER:
++ file_acl->o_access = acl_entry_link->entryp->ace_access;
++ continue;
++ case SMB_ACL_MASK:
++ continue;
++ }
++
++ if ((file_acl->acl_len + sizeof (struct acl_entry)) > acl_length) {
++ acl_length += sizeof (struct acl_entry);
++ file_acl_temp = (struct acl *)malloc(acl_length);
++ if (file_acl_temp == NULL) {
++ free(file_acl);
++ errno = ENOMEM;
++ DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
++ return -1;
++ }
++
++ memcpy(file_acl_temp,file_acl,file_acl->acl_len);
++ free(file_acl);
++ file_acl = file_acl_temp;
++ }
++
++ acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
++ file_acl->acl_len += sizeof (struct acl_entry);
++ acl_entry->ace_len = acl_entry_link->entryp->ace_len;
++ acl_entry->ace_access = acl_entry_link->entryp->ace_access;
++
++ /* In order to use this, we'll need to wait until we can get denies */
++ /* if (!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
++ acl_entry->ace_type = ACC_SPECIFY; */
++
++ acl_entry->ace_type = ACC_SPECIFY;
++
++ ace_id = acl_entry->ace_id;
++
++ ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
++ DEBUG(10,("The id type is %d\n",ace_id->id_type));
++ ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
++ memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof (uid_t));
++ memcpy(ace_id->id_data, &user_id, sizeof (uid_t));
++ }
++
++ rc = fchacl(fd,file_acl,file_acl->acl_len);
++ DEBUG(10,("errno is %d\n",errno));
++ DEBUG(10,("return code is %d\n",rc));
++ free(file_acl);
++ DEBUG(10,("Exiting sys_acl_set_fd\n"));
++ return rc;
++}
++
++ int sys_acl_delete_def_file(const char *name)
++{
++ /* AIX has no default ACL */
++ return 0;
++}
++
++ int sys_acl_get_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
++{
++ return *permset & perm;
++}
++
++ int sys_acl_free_text(char *text)
++{
++ return 0;
++}
++
++ int sys_acl_free_acl(SMB_ACL_T posix_acl)
++{
++ struct acl_entry_link *acl_entry_link;
++
++ for (acl_entry_link = posix_acl->nextp; acl_entry_link->nextp != NULL; acl_entry_link = acl_entry_link->nextp) {
++ free(acl_entry_link->prevp->entryp);
++ free(acl_entry_link->prevp);
++ }
++
++ free(acl_entry_link->prevp->entryp);
++ free(acl_entry_link->prevp);
++ free(acl_entry_link->entryp);
++ free(acl_entry_link);
++
++ return 0;
++}
++
++ int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
++{
++ return 0;
++}
++
++#else /* No ACLs. */
++
++ int sys_acl_get_entry(UNUSED(SMB_ACL_T the_acl), UNUSED(int entry_id), UNUSED(SMB_ACL_ENTRY_T *entry_p))
++{
++ errno = ENOSYS;
++ return -1;
++}
++
++ int sys_acl_get_tag_type(UNUSED(SMB_ACL_ENTRY_T entry_d), UNUSED(SMB_ACL_TAG_T *tag_type_p))
++{
++ errno = ENOSYS;
++ return -1;
++}
++
++ int sys_acl_get_permset(UNUSED(SMB_ACL_ENTRY_T entry_d), UNUSED(SMB_ACL_PERMSET_T *permset_p))
++{
++ errno = ENOSYS;
++ return -1;
++}
++
++ void *sys_acl_get_qualifier(UNUSED(SMB_ACL_ENTRY_T entry_d))
++{
++ errno = ENOSYS;
++ return NULL;
++}
++
++ SMB_ACL_T sys_acl_get_file(UNUSED(const char *path_p), UNUSED(SMB_ACL_TYPE_T type))
++{
++ errno = ENOSYS;
++ return 0;
++}
++
++ SMB_ACL_T sys_acl_get_fd(UNUSED(int fd))
++{
++ errno = ENOSYS;
++ return 0;
++}
++
++ int sys_acl_clear_perms(UNUSED(SMB_ACL_PERMSET_T permset))
++{
++ errno = ENOSYS;
++ return -1;
++}
++
++ int sys_acl_add_perm(UNUSED(SMB_ACL_PERMSET_T permset), UNUSED(SMB_ACL_PERM_T perm))
++{
++ errno = ENOSYS;
++ return -1;
++}
++
++ int sys_acl_get_perm(UNUSED(SMB_ACL_PERMSET_T permset), UNUSED(SMB_ACL_PERM_T perm))
++{
++ errno = ENOSYS;
++ return permset & perm ? 1 : 0;
++}
++
++ char *sys_acl_to_text(UNUSED(SMB_ACL_T the_acl), UNUSED(ssize_t *plen))
++{
++ errno = ENOSYS;
++ return NULL;
++}
++
++ int sys_acl_free_text(UNUSED(char *text))
++{
++ errno = ENOSYS;
++ return -1;
++}
++
++ SMB_ACL_T sys_acl_init(UNUSED(int count))
++{
++ errno = ENOSYS;
++ return NULL;
++}
++
++ int sys_acl_create_entry(UNUSED(SMB_ACL_T *pacl), UNUSED(SMB_ACL_ENTRY_T *pentry))
++{
++ errno = ENOSYS;
++ return -1;
++}
++
++ int sys_acl_set_tag_type(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(SMB_ACL_TAG_T tagtype))
++{
++ errno = ENOSYS;
++ return -1;
++}
++
++ int sys_acl_set_qualifier(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(void *qual))
++{
++ errno = ENOSYS;
++ return -1;
++}
++
++ int sys_acl_set_permset(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(SMB_ACL_PERMSET_T permset))
++{
++ errno = ENOSYS;
++ return -1;
++}
++
++ int sys_acl_valid(UNUSED(SMB_ACL_T theacl))
++{
++ errno = ENOSYS;
++ return -1;
++}
++
++ int sys_acl_set_file(UNUSED(const char *name), UNUSED(SMB_ACL_TYPE_T acltype), UNUSED(SMB_ACL_T theacl))
++{
++ errno = ENOSYS;
++ return -1;
++}
++
++ int sys_acl_set_fd(UNUSED(int fd), UNUSED(SMB_ACL_T theacl))
++{
++ errno = ENOSYS;
++ return -1;
++}
++
++ int sys_acl_delete_def_file(UNUSED(const char *name))
++{
++ errno = ENOSYS;
++ return -1;
++}
++
++ int sys_acl_free_acl(UNUSED(SMB_ACL_T the_acl))
++{
++ errno = ENOSYS;
++ return -1;
++}
++
++ int sys_acl_free_qualifier(UNUSED(void *qual), UNUSED(SMB_ACL_TAG_T tagtype))
++{
++ errno = ENOSYS;
++ return -1;
++}
++
++#endif /* No ACLs. */
+--- uidlist.c 28 Apr 2004 17:31:31 -0000 1.24
++++ uidlist.c 13 May 2004 17:58:47 -0000
+@@ -34,6 +34,7 @@
+ extern int verbose;
+ extern int preserve_uid;
+ extern int preserve_gid;
++extern int preserve_acls;
+ extern int numeric_ids;
+ extern int am_root;
+
+@@ -274,7 +275,7 @@ void send_uid_list(int f)
+ if (numeric_ids)
+ return;
+
+- if (preserve_uid) {
++ if (preserve_uid || preserve_acls) {
+ int len;
+ /* we send sequences of uid/byte-length/name */
+ for (list = uidlist; list; list = list->next) {
+@@ -291,7 +292,7 @@ void send_uid_list(int f)
+ write_int(f, 0);
+ }
+
+- if (preserve_gid) {
++ if (preserve_gid || preserve_acls) {
+ int len;
+ for (list = gidlist; list; list = list->next) {
+ if (!list->name)
+@@ -312,7 +313,7 @@ void recv_uid_list(int f, struct file_li
+ int id, i;
+ char *name;
+
+- if (preserve_uid && !numeric_ids) {
++ if ((preserve_uid || preserve_acls) && !numeric_ids) {
+ /* read the uid list */
+ while ((id = read_int(f)) != 0) {
+ int len = read_byte(f);
+@@ -325,7 +326,7 @@ void recv_uid_list(int f, struct file_li
+ }
+
+
+- if (preserve_gid && !numeric_ids) {
++ if ((preserve_gid || preserve_acls) && !numeric_ids) {
+ /* read the gid list */
+ while ((id = read_int(f)) != 0) {
+ int len = read_byte(f);
+@@ -336,6 +337,18 @@ void recv_uid_list(int f, struct file_li
+ recv_add_gid(id, name); /* node keeps name's memory */
+ }
+ }
++
++#if SUPPORT_ACLS
++ if (preserve_acls && !numeric_ids) {
++ id_t id;
++ /* the enumerations don't return 0 except to flag the last
++ * entry, since uidlist doesn't munge 0 anyway */
++ while ((id = next_acl_uid(flist)))
++ acl_uid_map(match_uid(id));
++ while ((id = next_acl_gid(flist)))
++ acl_gid_map(match_gid(id));
++ }
++#endif /* SUPPORT_ACLS */
+
+ /* now convert the uid/gid of all files in the list to the mapped
+ * uid/gid */