From: Wayne Davison Date: Thu, 13 May 2004 18:06:04 +0000 (+0000) Subject: My slightly modified version of the ACL (access control list) patch X-Git-Url: https://mattmccutchen.net/rsync/rsync-patches.git/commitdiff_plain/fa26e11cdf7b5e8077357a73965101165de5e171 My slightly modified version of the ACL (access control list) patch from Christophe Saout that was originally created by Buck Huppmann. --- diff --git a/acls.diff b/acls.diff new file mode 100644 index 0000000..8f135a8 --- /dev/null +++ b/acls.diff @@ -0,0 +1,4976 @@ +After applying this patch, run these commands for a successful build: + + autoconf + automake + ./configure --with-acl-support + make proto + make + + +--- Makefile.in 2 May 2004 17:04:14 -0000 1.100 ++++ Makefile.in 13 May 2004 17:58:41 -0000 +@@ -25,7 +25,7 @@ VERSION=@VERSION@ + .SUFFIXES: + .SUFFIXES: .c .o + +-HEADERS=byteorder.h config.h errcode.h proto.h rsync.h lib/pool_alloc.h ++HEADERS=byteorder.h config.h errcode.h proto.h rsync.h smb_acls.h lib/pool_alloc.h + LIBOBJ=lib/wildmatch.o lib/compat.o lib/snprintf.o lib/mdfour.o \ + lib/permstring.o lib/pool_alloc.o @LIBOBJS@ + ZLIBOBJ=zlib/deflate.o zlib/infblock.o zlib/infcodes.o zlib/inffast.o \ +@@ -34,7 +34,7 @@ ZLIBOBJ=zlib/deflate.o zlib/infblock.o z + OBJS1=rsync.o generator.o receiver.o cleanup.o sender.o exclude.o util.o \ + main.o checksum.o match.o syscall.o log.o backup.o + OBJS2=options.o flist.o io.o compat.o hlink.o token.o uidlist.o socket.o \ +- fileio.o batch.o clientname.o ++ fileio.o batch.o clientname.o sysacls.o acls.o + OBJS3=progress.o pipe.o + DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o + popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \ +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ acls.c 13 May 2004 17:58:42 -0000 +@@ -0,0 +1,1119 @@ ++/* -*- c-file-style: "linux" -*- ++ Copyright (C) Andrew Tridgell 1996 ++ Copyright (C) Paul Mackerras 1996 ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 2 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++*/ ++ ++/* handle passing ACLs between systems */ ++ ++#include "rsync.h" ++ ++#ifdef SUPPORT_ACLS ++ ++extern int preserve_acls; ++extern int am_root; ++extern int dry_run; ++ ++typedef struct { ++ id_t id; ++ uchar access; ++ SMB_ACL_TAG_T tag_type; ++} rsync_ace; ++ ++typedef struct { ++ size_t count; ++ size_t malloced; ++ rsync_ace *races; ++} rsync_acl; ++ ++static const rsync_acl rsync_acl_initializer = { 0, 0, NULL }; ++ ++static void expand_rsync_acl(rsync_acl *racl) ++{ ++ /* first time through, 0 <= 0, so list is expanded: ++ * diabolical, rsync guys! */ ++ if (racl->malloced <= racl->count) { ++ void *new_ptr; ++ size_t new_size; ++ racl->malloced += 10; ++ new_size = racl->malloced * sizeof racl->races[0]; ++ if (racl->races) ++ new_ptr = realloc(racl->races, new_size); ++ else ++ new_ptr = malloc(new_size); ++ if (verbose >= 4) { ++ rprintf(FINFO, "expand rsync_acl to %.0f bytes, did%s move\n", ++ (double) new_size, ++ racl->races ? "" : " not"); ++ } ++ ++ racl->races = (rsync_ace *) new_ptr; ++ ++ if (!racl->races) ++ out_of_memory("expand_rsync_acl"); ++ } ++} ++ ++static void rsync_acl_free(rsync_acl *racl) ++{ ++ free(racl->races); ++ racl->races = NULL; ++ racl->count = 0; ++ racl->malloced = 0; ++} ++ ++static int rsync_ace_sorter(const void *r1, const void *r2) ++{ ++ rsync_ace *race1 = (rsync_ace *)r1; ++ SMB_ACL_TAG_T rtag1 = race1->tag_type; ++ id_t rid1 = race1->id; ++ rsync_ace *race2 = (rsync_ace *)r2; ++ SMB_ACL_TAG_T rtag2 = race2->tag_type; ++ id_t rid2 = race2->id; ++ /* start at the extrema */ ++ if (rtag1 == SMB_ACL_USER_OBJ || rtag2 == SMB_ACL_MASK) ++ return -1; ++ if (rtag2 == SMB_ACL_USER_OBJ || rtag1 == SMB_ACL_MASK) ++ return 1; ++ /* work inwards */ ++ if (rtag1 == SMB_ACL_OTHER) ++ return 1; ++ if (rtag2 == SMB_ACL_OTHER) ++ return -1; ++ /* only SMB_ACL_USERs and SMB_ACL_GROUP*s left */ ++ if (rtag1 == SMB_ACL_USER) { ++ switch (rtag2) { ++ case SMB_ACL_GROUP: ++ case SMB_ACL_GROUP_OBJ: ++ case SMB_ACL_OTHER: ++ return -1; ++ } ++ /* both USER */ ++ return rid1 == rid2 ? 0 : rid1 < rid2 ? -1 : 1; ++ } ++ if (rtag2 == SMB_ACL_USER) ++ return 1; ++ /* only SMB_ACL_GROUP*s to worry about; kick out GROUP_OBJs first */ ++ if (rtag1 == SMB_ACL_GROUP_OBJ) ++ return -1; ++ if (rtag2 == SMB_ACL_GROUP_OBJ) ++ return 1; ++ /* only SMB_ACL_GROUPs left */ ++ return rid1 == rid2 ? 0 : rid1 < rid2 ? -1 : 1; ++} ++ ++static void sort_rsync_acl(rsync_acl *racl) ++{ ++ if (!racl->count) ++ return; ++ qsort((void **)racl->races, racl->count, sizeof racl->races[0], ++ &rsync_ace_sorter); ++} ++ ++static BOOL unpack_smb_acl(rsync_acl *racl, SMB_ACL_T sacl) ++{ ++ SMB_ACL_ENTRY_T entry; ++ int rc; ++ const char *errfun; ++ *racl = rsync_acl_initializer; ++ errfun = "sys_acl_get_entry"; ++ for (rc = sys_acl_get_entry(sacl, SMB_ACL_FIRST_ENTRY, &entry); ++ rc == 1; ++ rc = sys_acl_get_entry(sacl, SMB_ACL_NEXT_ENTRY, &entry)) { ++ SMB_ACL_PERMSET_T permset; ++ void *qualifier; ++ rsync_ace *race; ++ expand_rsync_acl(racl); ++ race = &racl->races[racl->count++]; ++ if ((rc = sys_acl_get_tag_type(entry, &race->tag_type))) { ++ errfun = "sys_acl_get_tag_type"; ++ break; ++ } ++ if ((rc = sys_acl_get_permset(entry, &permset))) { ++ errfun = "sys_acl_get_tag_type"; ++ break; ++ } ++ race->access = (sys_acl_get_perm(permset, SMB_ACL_READ) ? 4 : 0) ++ | (sys_acl_get_perm(permset, SMB_ACL_WRITE) ? 2 : 0) ++ | (sys_acl_get_perm(permset, SMB_ACL_EXECUTE) ? 1 : 0); ++ switch (race->tag_type) { ++ case SMB_ACL_USER: ++ case SMB_ACL_GROUP: ++ break; ++ default: ++ continue; ++ } ++ if (!(qualifier = sys_acl_get_qualifier(entry))) { ++ errfun = "sys_acl_get_tag_type"; ++ rc = EINVAL; ++ break; ++ } ++ race->id = *((id_t *)qualifier); ++ sys_acl_free_qualifier(qualifier, race->tag_type); ++ } ++ if (rc) { ++ rprintf(FERROR, "unpack_smb_acl: %s(): %s\n", ++ errfun, strerror(errno)); ++ rsync_acl_free(racl); ++ return False; ++ } ++ sort_rsync_acl(racl); ++ return True; ++} ++ ++static BOOL rsync_acls_equal(const rsync_acl *racl1, const rsync_acl *racl2) ++{ ++ rsync_ace *race1, *race2; ++ size_t count = racl1->count; ++ if (count != racl2->count) ++ return False; ++ race1 = racl1->races; ++ race2 = racl2->races; ++ for (; count--; race1++, race2++) { ++ if (race1->tag_type != race2->tag_type ++ || race1->access != race2->access ++ || ((race1->tag_type == SMB_ACL_USER ++ || race1->tag_type == SMB_ACL_GROUP) ++ && race1->id != race2->id)) ++ return False; ++ } ++ return True; ++} ++ ++typedef struct { ++ size_t count; ++ size_t malloced; ++ rsync_acl *racls; ++} rsync_acl_list; ++ ++static rsync_acl_list _rsync_acl_lists[] = { ++ { 0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */ ++ { 0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */ ++}; ++ ++static inline rsync_acl_list *rsync_acl_lists(SMB_ACL_TYPE_T type) ++{ ++ return type == SMB_ACL_TYPE_ACCESS ? &_rsync_acl_lists[0] ++ : &_rsync_acl_lists[1]; ++} ++ ++static void expand_rsync_acl_list(rsync_acl_list *racl_list) ++{ ++ /* first time through, 0 <= 0, so list is expanded: ++ * diabolical, rsync guys! */ ++ if (racl_list->malloced <= racl_list->count) { ++ void *new_ptr; ++ size_t new_size; ++ if (racl_list->malloced < 1000) ++ racl_list->malloced += 1000; ++ else ++ racl_list->malloced *= 2; ++ new_size = racl_list->malloced * sizeof racl_list->racls[0]; ++ if (racl_list->racls) ++ new_ptr = realloc(racl_list->racls, new_size); ++ else ++ new_ptr = malloc(new_size); ++ if (verbose >= 3) { ++ rprintf(FINFO, "expand_rsync_acl_list to %.0f bytes, did%s move\n", ++ (double) new_size, ++ racl_list->racls ? "" : " not"); ++ } ++ ++ racl_list->racls = (rsync_acl *) new_ptr; ++ ++ if (!racl_list->racls) ++ out_of_memory("expand_rsync_acl_list"); ++ } ++} ++ ++#if 0 ++static void free_rsync_acl_list(rsync_acl_list *racl_list) ++{ ++ /* run this in reverse, so references are freed before referents, */ ++ /* although not currently necessary */ ++ while (racl_list->count--) { ++ rsync_acl *racl = &racl_list->racls[racl_list->count]; ++ if (racl) ++ rsync_acl_free(racl); ++ } ++ free(racl_list->racls); ++ racl_list->racls = NULL; ++ racl_list->malloced = 0; ++} ++#endif ++ ++static int find_matching_rsync_acl(SMB_ACL_TYPE_T type, ++ const rsync_acl_list *racl_list, ++ const rsync_acl *racl) ++{ ++ static int access_match = -1, default_match = -1; ++ int *match = (type == SMB_ACL_TYPE_ACCESS) ? ++ &access_match : &default_match; ++ size_t count = racl_list->count; ++ /* if this is the first time through or we didn't match the last ++ * time, then start at the end of the list, which should be the ++ * best place to start hunting */ ++ if (*match == -1) ++ *match = racl_list->count - 1; ++ while (count--) { ++ if (rsync_acls_equal(&racl_list->racls[*match], racl)) ++ return *match; ++ if (!(*match)--) ++ *match = racl_list->count - 1; ++ } ++ *match = -1; ++ return *match; ++} ++ ++/* the general strategy with the tag_type <-> character mapping is that ++ * lowercase implies that no qualifier follows, where uppercase does. ++ * same sorta thing for the acl type (access or default) itself, but ++ * lowercase in this instance means there's no ACL following, so the ++ * ACL is a repeat, so the receiver should reuse the last of the same ++ * type ACL */ ++ ++static void send_rsync_acl(int f, const rsync_acl *racl) ++{ ++ rsync_ace *race; ++ size_t count = racl->count; ++ write_int(f, count); ++ for (race = racl->races; count--; race++) { ++ char ch; ++ switch (race->tag_type) { ++ case SMB_ACL_USER_OBJ: ++ ch = 'u'; ++ break; ++ case SMB_ACL_USER: ++ ch = 'U'; ++ break; ++ case SMB_ACL_GROUP_OBJ: ++ ch = 'g'; ++ break; ++ case SMB_ACL_GROUP: ++ ch = 'G'; ++ break; ++ case SMB_ACL_OTHER: ++ ch = 'o'; ++ break; ++ case SMB_ACL_MASK: ++ ch = 'm'; ++ break; ++ default: ++ rprintf(FERROR, ++ "send_rsync_acl: unknown tag_type (%0x) on ACE; disregarding\n", ++ race->tag_type); ++ continue; ++ } ++ write_byte(f, ch); ++ write_byte(f, race->access); ++ if (isupper((int)ch)) { ++ write_int(f, race->id); ++ /* FIXME: sorta wasteful. we should maybe buffer as ++ * many ids as max(ACL_USER + ACL_GROUP) objects to ++ * keep from making so many calls */ ++ if (ch == 'U') ++ add_uid(race->id); ++ else ++ add_gid(race->id); ++ } ++ } ++} ++ ++static rsync_acl _curr_rsync_acls[2]; ++ ++ ++static const char *str_acl_type(SMB_ACL_TYPE_T type) ++{ ++ return type == SMB_ACL_TYPE_ACCESS ? "SMB_ACL_TYPE_ACCESS" : ++ type == SMB_ACL_TYPE_DEFAULT ? "SMB_ACL_TYPE_DEFAULT" : ++ "unknown SMB_ACL_TYPE_T"; ++} ++ ++/* generate the ACL(s) for this flist entry; ++ * ACL(s) are either sent or cleaned-up by send_acl() below */ ++ ++BOOL make_acl(const struct file_struct *file, const char *fname) ++{ ++ SMB_ACL_TYPE_T *type, ++ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT}; ++ rsync_acl *curr_racl; ++ if (!preserve_acls || S_ISLNK(file->mode)) ++ return True; ++ for (type = &types[0], curr_racl = &_curr_rsync_acls[0]; ++ type < &types[0] + sizeof types / sizeof types[0] ++ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode)); ++ type++, curr_racl++) { ++ SMB_ACL_T sacl; ++ BOOL ok; ++ *curr_racl = rsync_acl_initializer; ++ if (!(sacl = sys_acl_get_file(fname, *type))) { ++ rprintf(FERROR, "send_acl : sys_acl_get_file(%s, %s): %s\n", ++ fname, str_acl_type(*type), strerror(errno)); ++ return False; ++ } ++ ok = unpack_smb_acl(curr_racl, sacl); ++ sys_acl_free_acl(sacl); ++ if (!ok) ++ return False; ++ } ++ return True; ++} ++ ++/* send the make_acl()-generated ACLs for this flist entry, ++ * or clean up after an flist entry that's not being sent (f == -1) */ ++ ++void send_acl(const struct file_struct *file, int f) ++{ ++ SMB_ACL_TYPE_T *type, ++ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT}; ++ rsync_acl *curr_racl; ++ if (!preserve_acls || S_ISLNK(file->mode)) ++ return; ++ for (type = &types[0], curr_racl = &_curr_rsync_acls[0]; ++ type < &types[0] + sizeof types / sizeof types[0] ++ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode)); ++ type++, curr_racl++) { ++ int index; ++ rsync_acl_list *racl_list = rsync_acl_lists(*type); ++ if (f == -1) { ++ rsync_acl_free(curr_racl); ++ continue; ++ } ++ if ((index = find_matching_rsync_acl(*type, racl_list, curr_racl)) ++ != -1) { ++ write_byte(f, *type == SMB_ACL_TYPE_ACCESS ? 'a' : 'd'); ++ write_int(f, index); ++ rsync_acl_free(curr_racl); ++ } else { ++ write_byte(f, *type == SMB_ACL_TYPE_ACCESS ? 'A' : 'D'); ++ send_rsync_acl(f, curr_racl); ++ expand_rsync_acl_list(racl_list); ++ racl_list->racls[racl_list->count++] = *curr_racl; ++ } ++ } ++} ++ ++/* the below stuff is only used by the receiver */ ++ ++/* structure to hold index to rsync_acl_list member corresponding to ++ * flist->files[i] */ ++ ++typedef struct { ++ const struct file_struct *file; ++ int aclidx; ++} file_acl_index; ++ ++typedef struct { ++ size_t count; ++ size_t malloced; ++ file_acl_index *fileaclidxs; ++} file_acl_index_list; ++ ++static file_acl_index_list _file_acl_index_lists[] = { ++ {0, 0, NULL },/* SMB_ACL_TYPE_ACCESS */ ++ {0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */ ++}; ++ ++static inline file_acl_index_list *file_acl_index_lists(SMB_ACL_TYPE_T type) ++{ ++ return type == SMB_ACL_TYPE_ACCESS ? ++ &_file_acl_index_lists[0] : &_file_acl_index_lists[1]; ++} ++ ++static void expand_file_acl_index_list(file_acl_index_list *fileaclidx_list) ++{ ++ /* first time through, 0 <= 0, so list is expanded: ++ * diabolical, rsync guys! */ ++ if (fileaclidx_list->malloced <= fileaclidx_list->count) { ++ void *new_ptr; ++ size_t new_size; ++ if (fileaclidx_list->malloced < 1000) ++ fileaclidx_list->malloced += 1000; ++ else ++ fileaclidx_list->malloced *= 2; ++ new_size = fileaclidx_list->malloced ++ * sizeof fileaclidx_list->fileaclidxs[0]; ++ if (fileaclidx_list->fileaclidxs) ++ new_ptr = realloc(fileaclidx_list->fileaclidxs, new_size); ++ else ++ new_ptr = malloc(new_size); ++ if (verbose >= 3) { ++ rprintf(FINFO, "expand_file_acl_index_list to %.0f bytes, did%s move\n", ++ (double) new_size, ++ fileaclidx_list->fileaclidxs ? "" : " not"); ++ } ++ ++ fileaclidx_list->fileaclidxs = (file_acl_index *) new_ptr; ++ ++ if (!fileaclidx_list->fileaclidxs) ++ out_of_memory("expand_file_acl_index_list"); ++ } ++} ++ ++#if 0 ++static void free_file_acl_index_list(file_acl_index_list *fileaclidx_list) ++{ ++ free(fileaclidx_list->fileaclidxs); ++ fileaclidx_list->fileaclidxs = NULL; ++ fileaclidx_list->malloced = 0; ++} ++#endif ++ ++/* lists to hold the SMB_ACL_Ts corresponding to the rsync_acl_list entries */ ++ ++typedef struct { ++ size_t count; ++ size_t malloced; ++ SMB_ACL_T *sacls; ++} smb_acl_list; ++ ++static smb_acl_list _smb_acl_lists[] = { ++ { 0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */ ++ { 0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */ ++}; ++ ++static inline smb_acl_list *smb_acl_lists(SMB_ACL_TYPE_T type) ++{ ++ return type == SMB_ACL_TYPE_ACCESS ? &_smb_acl_lists[0] : ++ &_smb_acl_lists[1]; ++} ++ ++static void expand_smb_acl_list(smb_acl_list *sacl_list) ++{ ++ /* first time through, 0 <= 0, so list is expanded: ++ * diabolical, rsync guys! */ ++ if (sacl_list->malloced <= sacl_list->count) { ++ void *new_ptr; ++ size_t new_size; ++ if (sacl_list->malloced < 1000) ++ sacl_list->malloced += 1000; ++ else ++ sacl_list->malloced *= 2; ++ new_size = sacl_list->malloced ++ * sizeof sacl_list->sacls[0]; ++ if (sacl_list->sacls) ++ new_ptr = realloc(sacl_list->sacls, new_size); ++ else ++ new_ptr = malloc(new_size); ++ if (verbose >= 3) { ++ rprintf(FINFO, "expand_smb_acl_list to %.0f bytes, did%s move\n", ++ (double) new_size, ++ sacl_list->sacls ? "" : " not"); ++ } ++ ++ sacl_list->sacls = (SMB_ACL_T *) new_ptr; ++ ++ if (!sacl_list->sacls) ++ out_of_memory("expand_smb_acl_list"); ++ } ++} ++ ++#if 0 ++static void free_smb_acl_list(SMB_ACL_TYPE_T type) ++{ ++ smb_acl_list *sacl_list = smb_acl_lists(type); ++ SMB_ACL_T *sacl = sacl_list->sacls; ++ while (sacl_list->count--) { ++ if (*sacl) ++ sys_acl_free_acl(*sacl++); ++ } ++ free(sacl_list->sacls); ++ sacl_list->sacls = NULL; ++ sacl_list->malloced = 0; ++} ++#endif ++ ++/* build an SMB_ACL_T corresponding to an rsync_acl */ ++static BOOL pack_smb_acl(SMB_ACL_T *smb_acl, const rsync_acl *racl) ++{ ++ size_t count = racl->count; ++ rsync_ace *race = racl->races; ++ const char *errfun = NULL; ++ *smb_acl = sys_acl_init(count); ++ if (!*smb_acl) { ++ rprintf(FERROR, "pack_smb_acl: sys_acl_int(): %s\n", ++ strerror(errno)); ++ return False; ++ } ++ for (; count--; race++) { ++ SMB_ACL_ENTRY_T entry; ++ SMB_ACL_PERMSET_T permset; ++ if (sys_acl_create_entry(smb_acl, &entry)) { ++ errfun = "sys_acl_create)"; ++ break; ++ } ++ if (sys_acl_set_tag_type(entry, race->tag_type)) { ++ errfun = "sys_acl_set_tag"; ++ break; ++ } ++ if (race->tag_type == SMB_ACL_USER || ++ race->tag_type == SMB_ACL_GROUP) ++ if (sys_acl_set_qualifier(entry, (void*)&race->id)) { ++ errfun = "sys_acl_set_qualfier"; ++ break; ++ } ++ if (sys_acl_get_permset(entry, &permset)) { ++ errfun = "sys_acl_get_permset"; ++ break; ++ } ++ if (sys_acl_clear_perms(permset)) { ++ errfun = "sys_acl_clear_perms"; ++ break; ++ } ++ if (race->access & 4) ++ if (sys_acl_add_perm(permset, SMB_ACL_READ)) { ++ errfun = "sys_acl_add_perm"; ++ break; ++ } ++ if (race->access & 2) ++ if (sys_acl_add_perm(permset, SMB_ACL_WRITE)) { ++ errfun = "sys_acl_add_perm"; ++ break; ++ } ++ if (race->access & 1) ++ if (sys_acl_add_perm(permset, SMB_ACL_EXECUTE)) { ++ errfun = "sys_acl_add_perm"; ++ break; ++ } ++ if (sys_acl_set_permset(entry, permset)) { ++ errfun = "sys_acl_set_permset"; ++ break; ++ } ++ } ++ if (errfun) { ++ sys_acl_free_acl(*smb_acl); ++ rprintf(FERROR, "pack_smb_acl %s(): %s\n", errfun, ++ strerror(errno)); ++ return False; ++ } ++ return True; ++} ++ ++static void receive_rsync_acl(rsync_acl *racl, int f) ++{ ++#if ACLS_NEED_MASK ++ uchar required_mask_perm = 0; ++ BOOL saw_mask = False; ++#endif ++ BOOL saw_user_obj = False, saw_group_obj = False, ++ saw_other = False; ++ size_t count = read_int(f); ++ rsync_ace *race; ++ if (!count) ++ return; ++ while (count--) { ++ uchar tag = read_byte(f); ++ expand_rsync_acl(racl); ++ race = &racl->races[racl->count++]; ++ switch (tag) { ++ case 'u': ++ race->tag_type = SMB_ACL_USER_OBJ; ++ saw_user_obj = True; ++ break; ++ case 'U': ++ race->tag_type = SMB_ACL_USER; ++ break; ++ case 'g': ++ race->tag_type = SMB_ACL_GROUP_OBJ; ++ saw_group_obj = True; ++ break; ++ case 'G': ++ race->tag_type = SMB_ACL_GROUP; ++ break; ++ case 'o': ++ race->tag_type = SMB_ACL_OTHER; ++ saw_other = True; ++ break; ++ case 'm': ++ race->tag_type = SMB_ACL_MASK; ++#if ACLS_NEED_MASK ++ saw_mask = True; ++#endif ++ break; ++ default: ++ rprintf(FERROR, "receive_rsync_acl: unknown tag %c\n", ++ tag); ++ exit_cleanup(RERR_STREAMIO); ++ } ++ race->access = read_byte(f); ++ if (race->access & ~ (4 | 2 | 1)) { ++ rprintf(FERROR, "receive_rsync_acl: bogus permset %o\n", ++ race->access); ++ exit_cleanup(RERR_STREAMIO); ++ } ++ if (race->tag_type == SMB_ACL_USER || ++ race->tag_type == SMB_ACL_GROUP) { ++ race->id = read_int(f); ++#if ACLS_NEED_MASK ++ required_mask_perm |= race->access; ++#endif ++ } ++#if ACLS_NEED_MASK ++ else if (race->tag_type == SMB_ACL_GROUP_OBJ) ++ required_mask_perm |= race->access; ++#endif ++ ++ } ++ if (!saw_user_obj) { ++ expand_rsync_acl(racl); ++ race = &racl->races[racl->count++]; ++ race->tag_type = SMB_ACL_USER_OBJ; ++ race->access = 7; ++ } ++ if (!saw_group_obj) { ++ expand_rsync_acl(racl); ++ race = &racl->races[racl->count++]; ++ race->tag_type = SMB_ACL_GROUP_OBJ; ++ race->access = 0; ++ } ++ if (!saw_other) { ++ expand_rsync_acl(racl); ++ race = &racl->races[racl->count++]; ++ race->tag_type = SMB_ACL_OTHER; ++ race->access = 0; ++ } ++#if ACLS_NEED_MASK ++ if (!saw_mask) { ++ expand_rsync_acl(racl); ++ race = &racl->races[racl->count++]; ++ race->tag_type = SMB_ACL_MASK; ++ race->access = required_mask_perm; ++ } ++#endif ++#if ACLS_NEED_MASK ++ if (!(saw_user_obj && saw_group_obj && saw_other && saw_mask)) ++#else ++ if (!(saw_user_obj && saw_group_obj && saw_other)) ++#endif ++ sort_rsync_acl(racl); ++} ++ ++/* receive and build the rsync_acl_lists */ ++ ++void receive_acl(struct file_struct *file, int f) ++{ ++ SMB_ACL_TYPE_T *type, ++ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT}; ++ char *fname; ++ if (!preserve_acls || S_ISLNK(file->mode)) ++ return; ++ fname = f_name(file); ++ for (type = &types[0]; ++ type < &types[0] + sizeof types / sizeof types[0] ++ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode)); ++ type++) { ++ file_acl_index_list *fileaclidx_list = ++ file_acl_index_lists(*type); ++ uchar tag; ++ expand_file_acl_index_list(fileaclidx_list); ++ ++ tag = read_byte(f); ++ if (tag == 'A' || tag == 'a') { ++ if (*type != SMB_ACL_TYPE_ACCESS) { ++ rprintf(FERROR, "receive_acl %s: duplicate access ACL\n", ++ fname); ++ exit_cleanup(RERR_STREAMIO); ++ } ++ } else if (tag == 'D' || tag == 'd') { ++ if (*type == SMB_ACL_TYPE_ACCESS) { ++ rprintf(FERROR, "receive_acl %s: expecting access ACL; got default\n", ++ fname); ++ exit_cleanup(RERR_STREAMIO); ++ } ++ } else { ++ rprintf(FERROR, "receive_acl %s: unknown ACL type tag: %c\n", ++ fname, tag); ++ exit_cleanup(RERR_STREAMIO); ++ } ++ if (tag == 'A' || tag == 'D') { ++ rsync_acl racl = rsync_acl_initializer; ++ rsync_acl_list *racl_list = rsync_acl_lists(*type); ++ smb_acl_list *sacl_list = smb_acl_lists(*type); ++ fileaclidx_list->fileaclidxs[fileaclidx_list->count]. ++ aclidx = racl_list->count; ++ fileaclidx_list->fileaclidxs[fileaclidx_list->count++]. ++ file = file; ++ receive_rsync_acl(&racl, f); ++ expand_rsync_acl_list(racl_list); ++ racl_list->racls[racl_list->count++] = racl; ++ expand_smb_acl_list(sacl_list); ++ sacl_list->sacls[sacl_list->count++] = NULL; ++ } else { ++ int index = read_int(f); ++ rsync_acl_list *racl_list = rsync_acl_lists(*type); ++ if ((size_t) index >= racl_list->count) { ++ rprintf(FERROR, "receive_acl %s: %s ACL index %d out of range\n", ++ fname, ++ str_acl_type(*type), ++ index); ++ exit_cleanup(RERR_STREAMIO); ++ } ++ fileaclidx_list->fileaclidxs[fileaclidx_list->count]. ++ aclidx = index; ++ fileaclidx_list->fileaclidxs[fileaclidx_list->count++]. ++ file = file; ++ } ++ } ++} ++ ++static int file_acl_index_list_sorter(const void *f1, const void *f2) ++{ ++ const file_acl_index *fileaclidx1 = (const file_acl_index *)f1; ++ const file_acl_index *fileaclidx2 = (const file_acl_index *)f2; ++ return fileaclidx1->file == fileaclidx2->file ? 0 : ++ fileaclidx1->file < fileaclidx2->file ? -1 : 1; ++} ++ ++void sort_file_acl_index_lists() ++{ ++ SMB_ACL_TYPE_T *type, ++ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT}; ++ if (!preserve_acls) ++ return; ++ for (type = &types[0]; ++ type < &types[0] + sizeof types / sizeof types[0]; ++ type++) ++ { ++ file_acl_index_list *fileaclidx_list = ++ file_acl_index_lists(*type); ++ if (!fileaclidx_list->count) ++ continue; ++ qsort(fileaclidx_list->fileaclidxs, fileaclidx_list->count, ++ sizeof fileaclidx_list->fileaclidxs[0], ++ &file_acl_index_list_sorter); ++ } ++} ++ ++static int find_file_acl_index(const file_acl_index_list *fileaclidx_list, ++ const struct file_struct *file) { ++ int low = 0, high = fileaclidx_list->count; ++ const struct file_struct *file_mid; ++ if (!high--) ++ return -1; ++ do { ++ int mid = (high + low) / 2; ++ file_mid = fileaclidx_list->fileaclidxs[mid].file; ++ if (file_mid == file) ++ return fileaclidx_list->fileaclidxs[mid].aclidx; ++ if (file_mid > file) ++ high = mid - 1; ++ else ++ low = mid + 1; ++ } while (low < high); ++ if (low == high) { ++ file_mid = fileaclidx_list->fileaclidxs[low].file; ++ if (file_mid == file) ++ return fileaclidx_list->fileaclidxs[low].aclidx; ++ } ++ rprintf(FERROR, ++ "find_file_acl_index: can't find entry for file in list\n"); ++ exit_cleanup(RERR_STREAMIO); ++ return -1; ++} ++ ++/* for duplicating ACLs on backups when using backup_dir */ ++ ++int dup_acl(const char *orig, const char *bak, mode_t mode) ++{ ++ SMB_ACL_TYPE_T *type, ++ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT}; ++ int ret = 0; ++ if (!preserve_acls) ++ return 0; ++ for (type = &types[0]; ++ type < &types[0] + sizeof types / sizeof types[0] ++ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(mode)); ++ type++) { ++ SMB_ACL_T sacl_orig, sacl_bak; ++ rsync_acl racl_orig, racl_bak; ++ if (!(sacl_orig = sys_acl_get_file(orig, *type))) { ++ rprintf(FERROR, "dup_acl : sys_acl_get_file(%s, %s): %s\n", ++ orig, str_acl_type(*type), strerror(errno)); ++ ret = -1; ++ continue; ++ } ++ if (!(sacl_bak = sys_acl_get_file(orig, *type))) { ++ rprintf(FERROR, "dup_acl : sys_acl_get_file(%s, %s): %s. ignoring\n", ++ bak, str_acl_type(*type), strerror(errno)); ++ ret = -1; ++ /* try to forge on through */ ++ } ++ if (!unpack_smb_acl(&racl_orig, sacl_orig)) { ++ ret = -1; ++ goto out_with_sacls; ++ } ++ if (sacl_bak) { ++ if (!unpack_smb_acl(&racl_bak, sacl_bak)) { ++ ret = -1; ++ goto out_with_one_racl; ++ } ++ if (rsync_acls_equal(&racl_orig, &racl_bak)) ++ goto out_with_all; ++ } else { ++ ; /* presume they're unequal */ ++ } ++ if (*type == SMB_ACL_TYPE_DEFAULT && !racl_orig.count) { ++ if (-1 == sys_acl_delete_def_file(bak)) { ++ rprintf(FERROR, "dup_acl: sys_acl_delete_def_file(%s): %s\n", ++ bak, strerror(errno)); ++ ret = -1; ++ } ++ } else if (-1 == sys_acl_set_file(bak, *type, sacl_bak)) { ++ rprintf(FERROR, "dup_acl : sys_acl_set_file(%s, %s): %s\n", ++ bak, str_acl_type(*type), strerror(errno)); ++ ret = -1; ++ } ++ out_with_all: ++ if (sacl_bak) ++ rsync_acl_free(&racl_bak); ++ out_with_one_racl: ++ rsync_acl_free(&racl_orig); ++ out_with_sacls: ++ if (sacl_bak) ++ sys_acl_free_acl(sacl_bak); ++ /* out_with_one_sacl: */ ++ if (sacl_orig) ++ sys_acl_free_acl(sacl_orig); ++ } ++ return ret; ++} ++ ++/* stuff for redirecting calls to set_acl() from set_perms() ++ * for keep_backup() */ ++static const struct file_struct *backup_orig_file = NULL; ++static const char null_string[] = ""; ++static const char *backup_orig_fname = null_string; ++static const char *backup_dest_fname = null_string; ++static SMB_ACL_T _backup_sacl[] = { NULL, NULL }; ++ ++void push_keep_backup_acl(const struct file_struct *file, ++ const char *orig, const char *dest) ++{ ++ if (preserve_acls) { ++ SMB_ACL_TYPE_T *type, ++ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT}; ++ SMB_ACL_T *sacl; ++ backup_orig_file = file; ++ backup_orig_fname = orig; ++ backup_dest_fname = dest; ++ for (type = &types[0], sacl = &_backup_sacl[0]; ++ type < &types[0] + sizeof types / sizeof types[0]; ++ type++) { ++ if (*type == SMB_ACL_TYPE_DEFAULT && !S_ISDIR(file->mode)) ++ *sacl = NULL; ++ else { ++ if (!(*sacl = sys_acl_get_file(orig, *type))) { ++ rprintf(FERROR, "push_keep_backup_acl : sys_acl_get_file(%s, %s): %s\n", ++ orig, str_acl_type(*type), ++ strerror(errno)); ++ } ++ } ++ } ++ } ++} ++ ++static int set_keep_backup_acl() ++{ ++ if (preserve_acls) { ++ SMB_ACL_TYPE_T *type, ++ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT}; ++ SMB_ACL_T *sacl; ++ int ret = 0; ++ for (type = &types[0], sacl = &_backup_sacl[0]; ++ type < &types[0] + sizeof types / sizeof types[0]; ++ type++) { ++ if (*sacl) { ++ if (-1 == sys_acl_set_file(backup_dest_fname, ++ *type, *sacl)) ++ { ++ rprintf(FERROR, "push_keep_backup_acl : sys_acl_get_file(%s, %s): %s\n", ++ backup_dest_fname, ++ str_acl_type(*type), ++ strerror(errno)); ++ ret = -1; ++ } ++ } ++ } ++ return ret; ++ } ++ return 0; ++} ++ ++void cleanup_keep_backup_acl() ++{ ++ if (preserve_acls) { ++ SMB_ACL_TYPE_T *type, ++ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT}; ++ SMB_ACL_T *sacl; ++ backup_orig_file = NULL; ++ backup_orig_fname = null_string; ++ backup_dest_fname = null_string; ++ for (type = &types[0], sacl = &_backup_sacl[0]; ++ type < &types[0] + sizeof types / sizeof types[0]; ++ type++) { ++ if (*sacl) ++ sys_acl_free_acl(*sacl); ++ *sacl = NULL; ++ } ++ } ++} ++ ++/* set ACL on rsync-ed or keep_backup-ed file */ ++ ++int set_acl(const char *fname, const struct file_struct *file) ++{ ++ int updated = 0; ++ SMB_ACL_TYPE_T *type, ++ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT}; ++ if (dry_run || !preserve_acls || S_ISLNK(file->mode)) ++ return 0; ++ if (file == backup_orig_file) { ++ if (!strcmp(fname, backup_dest_fname)) ++ return set_keep_backup_acl(); ++ } ++ for (type = &types[0]; ++ type < &types[0] + sizeof types / sizeof types[0] ++ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode)); ++ type++) { ++ SMB_ACL_T sacl_orig, *sacl_new; ++ rsync_acl racl_orig, *racl_new; ++ int aclidx = find_file_acl_index(file_acl_index_lists(*type), ++ file); ++ BOOL ok; ++ racl_new = &(rsync_acl_lists(*type)->racls[aclidx]); ++ sacl_new = &(smb_acl_lists(*type)->sacls[aclidx]); ++ sacl_orig = sys_acl_get_file(fname, *type); ++ if (!sacl_orig) { ++ rprintf(FERROR, "set_acl: sys_acl_get_file(%s, %s): %s\n", ++ fname, str_acl_type(*type), strerror(errno)); ++ updated = -1; ++ continue; ++ } ++ ok = unpack_smb_acl(&racl_orig, sacl_orig); ++ sys_acl_free_acl(sacl_orig); ++ if (!ok) { ++ updated = -1; ++ continue; ++ } ++ ok = rsync_acls_equal(&racl_orig, racl_new); ++ rsync_acl_free(&racl_orig); ++ if (ok) ++ continue; ++ if (*type == SMB_ACL_TYPE_DEFAULT && !racl_new->count) { ++ if (-1 == sys_acl_delete_def_file(fname)) { ++ rprintf(FERROR, "set_acl: sys_acl_delete_def_file(%s): %s\n", ++ fname, strerror(errno)); ++ updated = -1; ++ continue; ++ } ++ } else { ++ if (!*sacl_new) ++ if (!pack_smb_acl(sacl_new, racl_new)) { ++ updated = -1; ++ continue; ++ } ++ if (-1 == sys_acl_set_file(fname, *type, *sacl_new)) { ++ rprintf(FERROR, "set_acl: sys_acl_set_file(%s, %s): %s\n", ++ fname, str_acl_type(*type), ++ strerror(errno)); ++ updated = -1; ++ continue; ++ } ++ } ++ if (!updated) ++ updated = 1; ++ } ++ return updated; ++} ++ ++/* enumeration functions for uid mapping */ ++ ++/* context -- one and only one. should be cycled through once on uid mapping ++ * and once on gid mapping */ ++static rsync_acl_list *_enum_racl_lists[] = { ++ &_rsync_acl_lists[0], &_rsync_acl_lists[1], NULL ++}; ++ ++static rsync_acl_list **enum_racl_list = &_enum_racl_lists[0]; ++static size_t enum_racl_index = 0; ++static size_t enum_race_index = 0; ++ ++/* this returns the next tag_type id from the given acl for the next entry, ++ * or it returns 0 if there are no more tag_type ids in the acl */ ++ ++static id_t next_ace_id(SMB_ACL_TAG_T tag_type, const rsync_acl *racl) ++{ ++ for (; enum_race_index < racl->count; enum_race_index++) { ++ rsync_ace *race = &racl->races[enum_race_index]; ++ if (race->tag_type == tag_type) ++ return race->id; ++ } ++ enum_race_index = 0; ++ return 0; ++} ++ ++static id_t next_acl_id(SMB_ACL_TAG_T tag_type, const rsync_acl_list *racl_list) ++{ ++ for (; enum_racl_index < racl_list->count; enum_racl_index++) { ++ rsync_acl *racl = &racl_list->racls[enum_racl_index]; ++ id_t id = next_ace_id(tag_type, racl); ++ if (id) ++ return id; ++ } ++ enum_racl_index = 0; ++ return 0; ++} ++ ++static id_t next_acl_list_id(SMB_ACL_TAG_T tag_type) ++{ ++ for (; *enum_racl_list; enum_racl_list++) { ++ id_t id = next_acl_id(tag_type, *enum_racl_list); ++ if (id) ++ return id; ++ } ++ enum_racl_list = &_enum_racl_lists[0]; ++ return 0; ++} ++ ++id_t next_acl_uid() ++{ ++ return next_acl_list_id(SMB_ACL_USER); ++} ++ ++id_t next_acl_gid() ++{ ++ return next_acl_list_id(SMB_ACL_GROUP); ++} ++ ++/* referring to the global context enum_entry, sets the entry's id */ ++static void set_acl_id(id_t id) ++{ ++ (*enum_racl_list)->racls[enum_racl_index].races[enum_race_index++].id = id; ++} ++ ++void acl_uid_map(id_t uid) ++{ ++ set_acl_id(uid); ++} ++ ++void acl_gid_map(id_t gid) ++{ ++ set_acl_id(gid); ++} ++ ++ ++ ++#endif /* SUPPORT_ACLS */ +--- backup.c 13 May 2004 06:34:03 -0000 1.30 ++++ backup.c 13 May 2004 17:58:42 -0000 +@@ -104,6 +104,7 @@ static int make_bak_dir(char *fullpath) + } else { + do_lchown(fullpath, st.st_uid, st.st_gid); + do_chmod(fullpath, st.st_mode); ++ (void)DUP_ACL(end, fullpath, st.st_mode); + } + } + *p = '/'; +@@ -165,6 +166,8 @@ static int keep_backup(char *fname) + return 0; + } + ++ PUSH_KEEP_BACKUP_ACL(file, fname, backup_dir_buf); ++ + #ifdef HAVE_MKNOD + /* Check to see if this is a device file, or link */ + if (IS_DEVICE(file->mode)) { +@@ -235,6 +238,7 @@ static int keep_backup(char *fname) + } + } + set_perms(backup_dir_buf, file, NULL, 0); ++ CLEANUP_KEEP_BACKUP_ACL(); + free(file); + + if (verbose > 1) +--- configure.in 30 Apr 2004 18:03:33 -0000 1.196 ++++ configure.in 13 May 2004 17:58:44 -0000 +@@ -434,6 +434,11 @@ if test x"$ac_cv_func_strcasecmp" = x"no + AC_CHECK_LIB(resolv, strcasecmp) + fi + ++AC_CHECK_FUNCS(aclsort) ++if test x"$ac_cv_func_aclsort" = x"no"; then ++ AC_CHECK_LIB(sec, aclsort) ++fi ++ + dnl At the moment we don't test for a broken memcmp(), because all we + dnl need to do is test for equality, not comparison, and it seems that + dnl every platform has a memcmp that can do at least that. +@@ -654,6 +659,74 @@ AC_SUBST(OBJ_SAVE) + AC_SUBST(OBJ_RESTORE) + AC_SUBST(CC_SHOBJ_FLAG) + AC_SUBST(BUILD_POPT) ++ ++AC_CHECK_HEADERS(sys/acl.h) ++AC_CHECK_FUNCS(_acl __acl _facl __facl) ++################################################# ++# check for ACL support ++ ++AC_MSG_CHECKING(whether to support ACLs) ++AC_ARG_WITH(acl-support, ++[ --with-acl-support Include ACL support (default=no)], ++[ case "$withval" in ++ yes) ++ ++ case "$host_os" in ++ *sysv5*) ++ AC_MSG_RESULT(Using UnixWare ACLs) ++ AC_DEFINE(HAVE_UNIXWARE_ACLS, 1, [true if you have UnixWare ACLs]) ++ ;; ++ *solaris*) ++ AC_MSG_RESULT(Using solaris ACLs) ++ AC_DEFINE(HAVE_SOLARIS_ACLS, 1, [true if you have solaris ACLs]) ++ ;; ++ *hpux*) ++ AC_MSG_RESULT(Using HPUX ACLs) ++ AC_DEFINE(HAVE_HPUX_ACLS, 1, [true if you have HPUX ACLs]) ++ ;; ++ *irix*) ++ AC_MSG_RESULT(Using IRIX ACLs) ++ AC_DEFINE(HAVE_IRIX_ACLS, 1, [true if you have IRIX ACLs]) ++ ;; ++ *aix*) ++ AC_MSG_RESULT(Using AIX ACLs) ++ AC_DEFINE(HAVE_AIX_ACLS, 1, [true if you have AIX ACLs]) ++ ;; ++ *osf*) ++ AC_MSG_RESULT(Using Tru64 ACLs) ++ AC_DEFINE(HAVE_TRU64_ACLS, 1, [true if you have Tru64 ACLs]) ++ LIBS="$LIBS -lpacl" ++ ;; ++ *) ++ AC_CHECK_LIB(acl,acl_get_file) ++ AC_CACHE_CHECK([for ACL support],samba_cv_HAVE_POSIX_ACLS,[ ++ AC_TRY_LINK([#include ++#include ], ++[ acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p);], ++samba_cv_HAVE_POSIX_ACLS=yes,samba_cv_HAVE_POSIX_ACLS=no)]) ++ if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then ++ AC_MSG_RESULT(Using posix ACLs) ++ AC_DEFINE(HAVE_POSIX_ACLS, 1, [true if you have posix ACLs]) ++ AC_CACHE_CHECK([for acl_get_perm_np],samba_cv_HAVE_ACL_GET_PERM_NP,[ ++ AC_TRY_LINK([#include ++#include ], ++[ acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm);], ++samba_cv_HAVE_ACL_GET_PERM_NP=yes,samba_cv_HAVE_ACL_GET_PERM_NP=no)]) ++ if test x"$samba_cv_HAVE_ACL_GET_PERM_NP" = x"yes"; then ++ AC_DEFINE(HAVE_ACL_GET_PERM_NP, 1, [true if you have acl_get_perm_np]) ++ fi ++ fi ++ ;; ++ esac ++ ;; ++ *) ++ AC_MSG_RESULT(no) ++ AC_DEFINE(HAVE_NO_ACLS, 1, [true if you don't have ACLs]) ++ ;; ++ esac ], ++ AC_DEFINE(HAVE_NO_ACLS, 1, [true if you don't have ACLs]) ++ AC_MSG_RESULT(no) ++) + + AC_CONFIG_FILES([Makefile lib/dummy zlib/dummy popt/dummy shconfig]) + AC_OUTPUT +--- flist.c 11 May 2004 17:25:16 -0000 1.221 ++++ flist.c 13 May 2004 17:58:44 -0000 +@@ -931,6 +931,8 @@ void send_file_name(int f, struct file_l + + if (!file) + return; ++ if (!MAKE_ACL(file, fname)) ++ return; + + maybe_emit_filelist_progress(flist); + +@@ -942,6 +944,10 @@ void send_file_name(int f, struct file_l + if (file->basename[0]) { + flist->files[flist->count++] = file; + send_file_entry(file, f, base_flags); ++ SEND_ACL(file, f); ++ } else { ++ /* Cleanup unsent ACL(s). */ ++ SEND_ACL(file, -1); + } + + if (recursive && S_ISDIR(file->mode) +@@ -1257,6 +1263,8 @@ struct file_list *recv_file_list(int f) + flags |= read_byte(f) << 8; + receive_file_entry(&flist->files[i], flags, flist, f); + ++ RECEIVE_ACL(flist->files[i], f); ++ + if (S_ISREG(flist->files[i]->mode)) + stats.total_size += flist->files[i]->length; + +@@ -1278,6 +1286,8 @@ struct file_list *recv_file_list(int f) + finish_filelist_progress(flist); + + clean_flist(flist, relative_paths, 1); ++ ++ SORT_FILE_ACL_INDEX_LISTS(); + + if (f != -1) { + /* Now send the uid/gid list. This was introduced in +--- generator.c 13 May 2004 06:55:01 -0000 1.82 ++++ generator.c 13 May 2004 17:58:45 -0000 +@@ -328,6 +328,10 @@ void recv_generator(char *fname, struct + permission and modification time repair */ + if (set_perms(fname,file,NULL,0) && verbose && (f_out != -1)) + rprintf(FINFO,"%s/\n",fname); ++#if SUPPORT_ACLS ++ if (f_out == -1) ++ SET_ACL(fname, file); ++#endif + return; + } + +--- mkproto.awk 1 Jan 2004 21:10:50 -0000 1.6 ++++ mkproto.awk 13 May 2004 17:58:45 -0000 +@@ -58,7 +58,7 @@ BEGIN { + next; + } + +-!/^OFF_T|^size_t|^off_t|^pid_t|^unsigned|^mode_t|^DIR|^user|^int|^char|^uint|^struct|^BOOL|^void|^time|^const/ { ++!/^OFF_T|^size_t|^off_t|^pid_t|^unsigned|^mode_t|^DIR|^user|^int|^char|^uint|^struct|^BOOL|^void|^time|^const|^SMB_ACL_T|^id_t/ { + next; + } + +--- options.c 6 May 2004 21:08:01 -0000 1.148 ++++ options.c 13 May 2004 17:58:45 -0000 +@@ -41,6 +41,7 @@ int archive_mode = 0; + int copy_links = 0; + int preserve_links = 0; + int preserve_hard_links = 0; ++int preserve_acls = 0; + int preserve_perms = 0; + int preserve_devices = 0; + int preserve_uid = 0; +@@ -147,6 +148,7 @@ static void print_rsync_version(enum log + { + char const *got_socketpair = "no "; + char const *hardlinks = "no "; ++ char const *acls = "no "; + char const *links = "no "; + char const *ipv6 = "no "; + STRUCT_STAT *dumstat; +@@ -159,6 +161,10 @@ static void print_rsync_version(enum log + hardlinks = ""; + #endif + ++#if SUPPORT_ACLS ++ acls = ""; ++#endif ++ + #if SUPPORT_LINKS + links = ""; + #endif +@@ -173,9 +179,9 @@ static void print_rsync_version(enum log + "Copyright (C) 1996-2004 by Andrew Tridgell and others\n"); + rprintf(f, "\n"); + rprintf(f, "Capabilities: %d-bit files, %ssocketpairs, " +- "%shard links, %ssymlinks, batchfiles, \n", ++ "%shard links, %sacls, %ssymlinks, batchfiles, \n", + (int) (sizeof (OFF_T) * 8), +- got_socketpair, hardlinks, links); ++ got_socketpair, hardlinks, acls, links); + + /* Note that this field may not have type ino_t. It depends + * on the complicated interaction between largefile feature +@@ -237,6 +243,7 @@ void usage(enum logcode F) + rprintf(F," --safe-links ignore \"unsafe\" symlinks\n"); + rprintf(F," -H, --hard-links preserve hard links\n"); + rprintf(F," -p, --perms preserve permissions\n"); ++ rprintf(F," -A, --acls preserve ACLs (implies --perms)\n"); + rprintf(F," -o, --owner preserve owner (root only)\n"); + rprintf(F," -g, --group preserve group\n"); + rprintf(F," -D, --devices preserve devices (root only)\n"); +@@ -380,6 +387,7 @@ static struct poptOption long_options[] + {"address", 0, POPT_ARG_STRING, &bind_address, 0, 0, 0 }, + {"backup-dir", 0, POPT_ARG_STRING, &backup_dir, 0, 0, 0 }, + {"hard-links", 'H', POPT_ARG_NONE, &preserve_hard_links, 0, 0, 0 }, ++ {"acls", 'A', POPT_ARG_NONE, &preserve_acls, 0, 0, 0 }, + {"read-batch", 0, POPT_ARG_STRING, &batch_prefix, OPT_READ_BATCH, 0, 0 }, + {"write-batch", 0, POPT_ARG_STRING, &batch_prefix, OPT_WRITE_BATCH, 0, 0 }, + {"files-from", 0, POPT_ARG_STRING, &files_from, 0, 0, 0 }, +@@ -584,6 +592,31 @@ int parse_arguments(int *argc, const cha + return 0; + #endif + ++ case 'A': ++#if SUPPORT_ACLS ++ preserve_acls = 1; ++ preserve_perms = 1; ++#else ++ /* FIXME: this should probably be ignored with a ++ * warning and then countermeasures taken to ++ * restrict group and other access in the presence ++ * of any more restrictive ACLs, but this is safe ++ * for now */ ++ /* FIXME: Don't say "server" if this is ++ * happening on the client. */ ++ /* FIXME: Why do we have the duplicated ++ * rprintf? Everybody who gets this message ++ * ought to send it to the client and also to ++ * the logs. */ ++ snprintf(err_buf,sizeof(err_buf), ++ "ACLs are not supported on this %s\n", ++ am_server ? "server" : "client"); ++ rprintf(FERROR,"ERROR: ACLs not supported on this platform\n"); ++ return 0; ++#endif /* SUPPORT_ACLS */ ++ break; ++ ++ + default: + /* A large opt value means that set_refuse_options() + * turned this option off (opt-BASE is its index). */ +@@ -815,6 +848,8 @@ void server_options(char **args,int *arg + + if (preserve_hard_links) + argstr[x++] = 'H'; ++ if (preserve_acls) ++ argstr[x++] = 'A'; + if (preserve_uid) + argstr[x++] = 'o'; + if (preserve_gid) +--- rsync.c 13 May 2004 07:08:25 -0000 1.136 ++++ rsync.c 13 May 2004 17:58:45 -0000 +@@ -204,6 +204,14 @@ int set_perms(char *fname,struct file_st + } + #endif + ++ /* If this is a directory, SET_ACL() will be called on the cleanup ++ * receive_generator() pass--if we called it here, we might clobber ++ * writability on the directory. everything else is OK to do now. */ ++ if (!S_ISDIR(st->st_mode)) { ++ if (SET_ACL(fname, file) == 0) ++ updated = 1; ++ } ++ + if (verbose > 1 && flags & PERMS_REPORT) { + if (updated) + rprintf(FINFO,"%s\n",fname); +--- rsync.h 13 May 2004 06:53:23 -0000 1.202 ++++ rsync.h 13 May 2004 17:58:45 -0000 +@@ -537,6 +537,40 @@ static inline int flist_up(struct file_l + #include "lib/permstring.h" + #include "lib/addrinfo.h" + ++#define SUPPORT_ACLS HAVE_POSIX_ACLS|HAVE_UNIXWARE_ACLS|HAVE_SOLARIS_ACLS|\ ++ HAVE_HPUX_ACLS|HAVE_IRIX_ACLS|HAVE_AIX_ACLS|HAVE_TRU64_ACLS ++ ++#define ACLS_NEED_MASK HAVE_UNIXWARE_ACLS|HAVE_SOLARIS_ACLS|HAVE_HPUX_ACLS ++ ++#if SUPPORT_ACLS ++#ifdef HAVE_SYS_ACL_H ++#include ++#endif ++#define MAKE_ACL(file, fname) make_acl(file, fname) ++#define SEND_ACL(file, f) send_acl(file, f) ++#define RECEIVE_ACL(file, f) receive_acl(file, f) ++#define SORT_FILE_ACL_INDEX_LISTS() sort_file_acl_index_lists() ++#define SET_ACL(fname, file) set_acl(fname, file) ++#define NEXT_ACL_UID() next_acl_uid() ++#define ACL_UID_MAP(uid) acl_uid_map(uid) ++#define PUSH_KEEP_BACKUP_ACL(file, orig, dest) \ ++ push_keep_backup_acl(file, orig, dest) ++#define CLEANUP_KEEP_BACKUP_ACL() cleanup_keep_backup_acl() ++#define DUP_ACL(orig, dest, mode) dup_acl(orig, dest, mode) ++#else /* SUPPORT_ACLS */ ++#define MAKE_ACL(file, fname) 1 /* checked return value */ ++#define SEND_ACL(file, f) ++#define RECEIVE_ACL(file, f) ++#define SORT_FILE_ACL_INDEX_LISTS() ++#define SET_ACL(fname, file) 0 /* checked return value */ ++#define NEXT_ACL_UID() ++#define ACL_UID_MAP(uid) ++#define PUSH_KEEP_BACKUP_ACL(file, orig, dest) ++#define CLEANUP_KEEP_BACKUP_ACL() ++#define DUP_ACL(src, orig, mode) 0 /* checked return value */ ++#endif /* SUPPORT_ACLS */ ++#include "smb_acls.h" ++ + #include "proto.h" + + /* We have replacement versions of these if they're missing. */ +--- rsync.yo 7 May 2004 00:18:37 -0000 1.169 ++++ rsync.yo 13 May 2004 17:58:46 -0000 +@@ -295,6 +295,7 @@ verb( + --safe-links ignore "unsafe" symlinks + -H, --hard-links preserve hard links + -p, --perms preserve permissions ++ -A, --acls preserve ACLs (implies -p) [local option] + -o, --owner preserve owner (root only) + -g, --group preserve group + -D, --devices preserve devices (root only) +@@ -520,6 +521,11 @@ Without this option, each new file gets + source file's permissions and the umask at the receiving end, while all + other files (including updated files) retain their existing permissions + (which is the same behavior as other file-copy utilities, such as cp). ++ ++dit(bf(-A, --acls)) This option causes rsync to update the remote ++ACLs to be the same as the local ACLs. This will work only if the ++remote machine's rsync supports this option also. This is a non-standard ++option. + + dit(bf(-o, --owner)) This option causes rsync to set the owner of the + destination file to be the same as the source file. On most systems, +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ smb_acls.h 13 May 2004 17:58:46 -0000 +@@ -0,0 +1,277 @@ ++/* ++ Unix SMB/Netbios implementation. ++ Version 2.2.x ++ Portable SMB ACL interface ++ Copyright (C) Jeremy Allison 2000 ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 2 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++*/ ++ ++#ifndef _SMB_ACLS_H ++#define _SMB_ACLS_H ++ ++#if defined(HAVE_POSIX_ACLS) ++ ++/* This is an identity mapping (just remove the SMB_). */ ++ ++#define SMB_ACL_TAG_T acl_tag_t ++#define SMB_ACL_TYPE_T acl_type_t ++#define SMB_ACL_PERMSET_T acl_permset_t ++#define SMB_ACL_PERM_T acl_perm_t ++#define SMB_ACL_READ ACL_READ ++#define SMB_ACL_WRITE ACL_WRITE ++#define SMB_ACL_EXECUTE ACL_EXECUTE ++ ++/* Types of ACLs. */ ++#define SMB_ACL_USER ACL_USER ++#define SMB_ACL_USER_OBJ ACL_USER_OBJ ++#define SMB_ACL_GROUP ACL_GROUP ++#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ ++#define SMB_ACL_OTHER ACL_OTHER ++#define SMB_ACL_MASK ACL_MASK ++ ++#define SMB_ACL_T acl_t ++ ++#define SMB_ACL_ENTRY_T acl_entry_t ++ ++#define SMB_ACL_FIRST_ENTRY ACL_FIRST_ENTRY ++#define SMB_ACL_NEXT_ENTRY ACL_NEXT_ENTRY ++ ++#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS ++#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT ++ ++#elif defined(HAVE_TRU64_ACLS) ++ ++/* This is for DEC/Compaq Tru64 UNIX */ ++ ++#define SMB_ACL_TAG_T acl_tag_t ++#define SMB_ACL_TYPE_T acl_type_t ++#define SMB_ACL_PERMSET_T acl_permset_t ++#define SMB_ACL_PERM_T acl_perm_t ++#define SMB_ACL_READ ACL_READ ++#define SMB_ACL_WRITE ACL_WRITE ++#define SMB_ACL_EXECUTE ACL_EXECUTE ++ ++/* Types of ACLs. */ ++#define SMB_ACL_USER ACL_USER ++#define SMB_ACL_USER_OBJ ACL_USER_OBJ ++#define SMB_ACL_GROUP ACL_GROUP ++#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ ++#define SMB_ACL_OTHER ACL_OTHER ++#define SMB_ACL_MASK ACL_MASK ++ ++#define SMB_ACL_T acl_t ++ ++#define SMB_ACL_ENTRY_T acl_entry_t ++ ++#define SMB_ACL_FIRST_ENTRY 0 ++#define SMB_ACL_NEXT_ENTRY 1 ++ ++#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS ++#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT ++ ++#elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS) ++/* ++ * Donated by Michael Davidson for UnixWare / OpenUNIX. ++ * Modified by Toomas Soome for Solaris. ++ */ ++ ++/* SVR4.2 ES/MP ACLs */ ++typedef int SMB_ACL_TAG_T; ++typedef int SMB_ACL_TYPE_T; ++typedef ushort *SMB_ACL_PERMSET_T; ++typedef ushort SMB_ACL_PERM_T; ++#define SMB_ACL_READ 4 ++#define SMB_ACL_WRITE 2 ++#define SMB_ACL_EXECUTE 1 ++ ++/* Types of ACLs. */ ++#define SMB_ACL_USER USER ++#define SMB_ACL_USER_OBJ USER_OBJ ++#define SMB_ACL_GROUP GROUP ++#define SMB_ACL_GROUP_OBJ GROUP_OBJ ++#define SMB_ACL_OTHER OTHER_OBJ ++#define SMB_ACL_MASK CLASS_OBJ ++ ++typedef struct SMB_ACL_T { ++ int size; ++ int count; ++ int next; ++ struct acl acl[1]; ++} *SMB_ACL_T; ++ ++typedef struct acl *SMB_ACL_ENTRY_T; ++ ++#define SMB_ACL_FIRST_ENTRY 0 ++#define SMB_ACL_NEXT_ENTRY 1 ++ ++#define SMB_ACL_TYPE_ACCESS 0 ++#define SMB_ACL_TYPE_DEFAULT 1 ++ ++#elif defined(HAVE_HPUX_ACLS) ++ ++/* ++ * Based on the Solaris & UnixWare code. ++ */ ++ ++#undef GROUP ++#include ++ ++/* SVR4.2 ES/MP ACLs */ ++typedef int SMB_ACL_TAG_T; ++typedef int SMB_ACL_TYPE_T; ++typedef ushort *SMB_ACL_PERMSET_T; ++typedef ushort SMB_ACL_PERM_T; ++#define SMB_ACL_READ 4 ++#define SMB_ACL_WRITE 2 ++#define SMB_ACL_EXECUTE 1 ++ ++/* Types of ACLs. */ ++#define SMB_ACL_USER USER ++#define SMB_ACL_USER_OBJ USER_OBJ ++#define SMB_ACL_GROUP GROUP ++#define SMB_ACL_GROUP_OBJ GROUP_OBJ ++#define SMB_ACL_OTHER OTHER_OBJ ++#define SMB_ACL_MASK CLASS_OBJ ++ ++typedef struct SMB_ACL_T { ++ int size; ++ int count; ++ int next; ++ struct acl acl[1]; ++} *SMB_ACL_T; ++ ++typedef struct acl *SMB_ACL_ENTRY_T; ++ ++#define SMB_ACL_FIRST_ENTRY 0 ++#define SMB_ACL_NEXT_ENTRY 1 ++ ++#define SMB_ACL_TYPE_ACCESS 0 ++#define SMB_ACL_TYPE_DEFAULT 1 ++ ++#elif defined(HAVE_IRIX_ACLS) ++ ++#define SMB_ACL_TAG_T acl_tag_t ++#define SMB_ACL_TYPE_T acl_type_t ++#define SMB_ACL_PERMSET_T acl_permset_t ++#define SMB_ACL_PERM_T acl_perm_t ++#define SMB_ACL_READ ACL_READ ++#define SMB_ACL_WRITE ACL_WRITE ++#define SMB_ACL_EXECUTE ACL_EXECUTE ++ ++/* Types of ACLs. */ ++#define SMB_ACL_USER ACL_USER ++#define SMB_ACL_USER_OBJ ACL_USER_OBJ ++#define SMB_ACL_GROUP ACL_GROUP ++#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ ++#define SMB_ACL_OTHER ACL_OTHER_OBJ ++#define SMB_ACL_MASK ACL_MASK ++ ++typedef struct SMB_ACL_T { ++ int next; ++ BOOL freeaclp; ++ struct acl *aclp; ++} *SMB_ACL_T; ++ ++#define SMB_ACL_ENTRY_T acl_entry_t ++ ++#define SMB_ACL_FIRST_ENTRY 0 ++#define SMB_ACL_NEXT_ENTRY 1 ++ ++#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS ++#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT ++ ++#elif defined(HAVE_AIX_ACLS) ++ ++/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */ ++ ++#include "/usr/include/acl.h" ++ ++typedef uint *SMB_ACL_PERMSET_T; ++ ++struct acl_entry_link{ ++ struct acl_entry_link *prevp; ++ struct new_acl_entry *entryp; ++ struct acl_entry_link *nextp; ++ int count; ++}; ++ ++struct new_acl_entry{ ++ unsigned short ace_len; ++ unsigned short ace_type; ++ unsigned int ace_access; ++ struct ace_id ace_id[1]; ++}; ++ ++#define SMB_ACL_ENTRY_T struct new_acl_entry* ++#define SMB_ACL_T struct acl_entry_link* ++ ++#define SMB_ACL_TAG_T unsigned short ++#define SMB_ACL_TYPE_T int ++#define SMB_ACL_PERM_T uint ++#define SMB_ACL_READ S_IRUSR ++#define SMB_ACL_WRITE S_IWUSR ++#define SMB_ACL_EXECUTE S_IXUSR ++ ++/* Types of ACLs. */ ++#define SMB_ACL_USER ACEID_USER ++#define SMB_ACL_USER_OBJ 3 ++#define SMB_ACL_GROUP ACEID_GROUP ++#define SMB_ACL_GROUP_OBJ 4 ++#define SMB_ACL_OTHER 5 ++#define SMB_ACL_MASK 6 ++ ++ ++#define SMB_ACL_FIRST_ENTRY 1 ++#define SMB_ACL_NEXT_ENTRY 2 ++ ++#define SMB_ACL_TYPE_ACCESS 0 ++#define SMB_ACL_TYPE_DEFAULT 1 ++ ++#else /* No ACLs. */ ++ ++/* No ACLS - fake it. */ ++#define SMB_ACL_TAG_T int ++#define SMB_ACL_TYPE_T int ++#define SMB_ACL_PERMSET_T mode_t ++#define SMB_ACL_PERM_T mode_t ++#define SMB_ACL_READ S_IRUSR ++#define SMB_ACL_WRITE S_IWUSR ++#define SMB_ACL_EXECUTE S_IXUSR ++ ++/* Types of ACLs. */ ++#define SMB_ACL_USER 0 ++#define SMB_ACL_USER_OBJ 1 ++#define SMB_ACL_GROUP 2 ++#define SMB_ACL_GROUP_OBJ 3 ++#define SMB_ACL_OTHER 4 ++#define SMB_ACL_MASK 5 ++ ++typedef struct SMB_ACL_T { ++ int dummy; ++} *SMB_ACL_T; ++ ++typedef struct SMB_ACL_ENTRY_T { ++ int dummy; ++} *SMB_ACL_ENTRY_T; ++ ++#define SMB_ACL_FIRST_ENTRY 0 ++#define SMB_ACL_NEXT_ENTRY 1 ++ ++#define SMB_ACL_TYPE_ACCESS 0 ++#define SMB_ACL_TYPE_DEFAULT 1 ++ ++#endif /* No ACLs. */ ++#endif /* _SMB_ACLS_H */ +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ sysacls.c 13 May 2004 17:58:47 -0000 +@@ -0,0 +1,3117 @@ ++/* ++ Unix SMB/Netbios implementation. ++ Version 2.2. ++ Samba system utilities for ACL support. ++ Copyright (C) Jeremy Allison 2000. ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 2 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++*/ ++ ++#include "rsync.h" ++ ++/* ++ This file wraps all differing system ACL interfaces into a consistent ++ one based on the POSIX interface. It also returns the correct errors ++ for older UNIX systems that don't support ACLs. ++ ++ The interfaces that each ACL implementation must support are as follows: ++ ++ int sys_acl_get_entry(SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p) ++ int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) ++ int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p ++ void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) ++ SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) ++ SMB_ACL_T sys_acl_get_fd(int fd) ++ int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset); ++ int sys_acl_add_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm); ++ char *sys_acl_to_text(SMB_ACL_T theacl, ssize_t *plen) ++ SMB_ACL_T sys_acl_init(int count) ++ int sys_acl_create_entry(SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) ++ int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) ++ int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry, void *qual) ++ int sys_acl_set_permset(SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) ++ int sys_acl_valid(SMB_ACL_T theacl) ++ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) ++ int sys_acl_set_fd(int fd, SMB_ACL_T theacl) ++ int sys_acl_delete_def_file(const char *path) ++ ++ This next one is not POSIX complient - but we *have* to have it ! ++ More POSIX braindamage. ++ ++ int sys_acl_get_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) ++ ++ The generic POSIX free is the following call. We split this into ++ several different free functions as we may need to add tag info ++ to structures when emulating the POSIX interface. ++ ++ int sys_acl_free(void *obj_p) ++ ++ The calls we actually use are: ++ ++ int sys_acl_free_text(char *text) - free acl_to_text ++ int sys_acl_free_acl(SMB_ACL_T posix_acl) ++ int sys_acl_free_qualifier(void *qualifier, SMB_ACL_TAG_T tagtype) ++ ++*/ ++ ++#if defined(HAVE_POSIX_ACLS) ++ ++/* Identity mapping - easy. */ ++ ++int sys_acl_get_entry(SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) ++{ ++ return acl_get_entry(the_acl, entry_id, entry_p); ++} ++ ++int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) ++{ ++ return acl_get_tag_type(entry_d, tag_type_p); ++} ++ ++int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) ++{ ++ return acl_get_permset(entry_d, permset_p); ++} ++ ++void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) ++{ ++ return acl_get_qualifier(entry_d); ++} ++ ++SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) ++{ ++ return acl_get_file(path_p, type); ++} ++ ++SMB_ACL_T sys_acl_get_fd(int fd) ++{ ++ return acl_get_fd(fd); ++} ++ ++int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) ++{ ++ return acl_clear_perms(permset); ++} ++ ++int sys_acl_add_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) ++{ ++ return acl_add_perm(permset, perm); ++} ++ ++int sys_acl_get_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) ++{ ++#if defined(HAVE_ACL_GET_PERM_NP) ++ /* Required for TrustedBSD-based ACL implementations where ++ * non-POSIX.1e functions are denoted by a _np (non-portable) ++ * suffix. */ ++ return acl_get_perm_np(permset, perm); ++#else ++ return acl_get_perm(permset, perm); ++#endif ++} ++ ++char *sys_acl_to_text(SMB_ACL_T the_acl, ssize_t *plen) ++{ ++ return acl_to_text(the_acl, plen); ++} ++ ++SMB_ACL_T sys_acl_init(int count) ++{ ++ return acl_init(count); ++} ++ ++int sys_acl_create_entry(SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) ++{ ++ return acl_create_entry(pacl, pentry); ++} ++ ++int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) ++{ ++ return acl_set_tag_type(entry, tagtype); ++} ++ ++int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry, void *qual) ++{ ++ return acl_set_qualifier(entry, qual); ++} ++ ++int sys_acl_set_permset(SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) ++{ ++ return acl_set_permset(entry, permset); ++} ++ ++int sys_acl_valid(SMB_ACL_T theacl) ++{ ++ return acl_valid(theacl); ++} ++ ++int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) ++{ ++ return acl_set_file(name, acltype, theacl); ++} ++ ++int sys_acl_set_fd(int fd, SMB_ACL_T theacl) ++{ ++ return acl_set_fd(fd, theacl); ++} ++ ++int sys_acl_delete_def_file(const char *name) ++{ ++ return acl_delete_def_file(name); ++} ++ ++int sys_acl_free_text(char *text) ++{ ++ return acl_free(text); ++} ++ ++int sys_acl_free_acl(SMB_ACL_T the_acl) ++{ ++ return acl_free(the_acl); ++} ++ ++int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) ++{ ++ return acl_free(qual); ++} ++ ++#elif defined(HAVE_TRU64_ACLS) ++/* The interface to DEC/Compaq Tru64 UNIX ACLs ++ * is based on Draft 13 of the POSIX spec which is ++ * slightly different from the Draft 16 interface. ++ * ++ * Also, some of the permset manipulation functions ++ * such as acl_clear_perm() and acl_add_perm() appear ++ * to be broken on Tru64 so we have to manipulate ++ * the permission bits in the permset directly. */ ++ int sys_acl_get_entry(SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) ++{ ++ SMB_ACL_ENTRY_T entry; ++ ++ if (entry_id == SMB_ACL_FIRST_ENTRY && acl_first_entry(the_acl) != 0) { ++ return -1; ++ } ++ ++ errno = 0; ++ if ((entry = acl_get_entry(the_acl)) != NULL) { ++ *entry_p = entry; ++ return 1; ++ } ++ ++ return errno ? -1 : 0; ++} ++ ++ int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) ++{ ++ return acl_get_tag_type(entry_d, tag_type_p); ++} ++ ++ int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) ++{ ++ return acl_get_permset(entry_d, permset_p); ++} ++ ++ void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) ++{ ++ return acl_get_qualifier(entry_d); ++} ++ ++ SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) ++{ ++ return acl_get_file((char *)path_p, type); ++} ++ ++ SMB_ACL_T sys_acl_get_fd(int fd) ++{ ++ return acl_get_fd(fd, ACL_TYPE_ACCESS); ++} ++ ++ int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) ++{ ++ *permset = 0; /* acl_clear_perm() is broken on Tru64 */ ++ ++ return 0; ++} ++ ++ int sys_acl_add_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) ++{ ++ if (perm & ~(SMB_ACL_READ | SMB_ACL_WRITE | SMB_ACL_EXECUTE)) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ *permset |= perm; /* acl_add_perm() is broken on Tru64 */ ++ ++ return 0; ++} ++ ++ int sys_acl_get_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) ++{ ++ return *permset & perm; /* Tru64 doesn't have acl_get_perm() */ ++} ++ ++ char *sys_acl_to_text(SMB_ACL_T the_acl, ssize_t *plen) ++{ ++ return acl_to_text(the_acl, plen); ++} ++ ++ SMB_ACL_T sys_acl_init(int count) ++{ ++ return acl_init(count); ++} ++ ++ int sys_acl_create_entry(SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) ++{ ++ SMB_ACL_ENTRY_T entry; ++ ++ if ((entry = acl_create_entry(pacl)) == NULL) { ++ return -1; ++ } ++ ++ *pentry = entry; ++ return 0; ++} ++ ++ int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) ++{ ++ return acl_set_tag_type(entry, tagtype); ++} ++ ++ int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry, void *qual) ++{ ++ return acl_set_qualifier(entry, qual); ++} ++ ++ int sys_acl_set_permset(SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) ++{ ++ return acl_set_permset(entry, permset); ++} ++ ++ int sys_acl_valid(SMB_ACL_T theacl) ++{ ++ acl_entry_t entry; ++ ++ return acl_valid(theacl, &entry); ++} ++ ++ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) ++{ ++ return acl_set_file((char *)name, acltype, theacl); ++} ++ ++ int sys_acl_set_fd(int fd, SMB_ACL_T theacl) ++{ ++ return acl_set_fd(fd, ACL_TYPE_ACCESS, theacl); ++} ++ ++ int sys_acl_delete_def_file(const char *name) ++{ ++ return acl_delete_def_file((char *)name); ++} ++ ++ int sys_acl_free_text(char *text) ++{ ++ /* (void) cast and explicit return 0 are for DEC UNIX ++ * which just #defines acl_free_text() to be free(). */ ++ (void) acl_free_text(text); ++ return 0; ++} ++ ++ int sys_acl_free_acl(SMB_ACL_T the_acl) ++{ ++ return acl_free(the_acl); ++} ++ ++ int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) ++{ ++ return acl_free_qualifier(qual, tagtype); ++} ++ ++#elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS) ++ ++/* Donated by Michael Davidson for UnixWare / OpenUNIX. ++ * Modified by Toomas Soome for Solaris. */ ++ ++/* Note that while this code implements sufficient functionality ++ * to support the sys_acl_* interfaces it does not provide all ++ * of the semantics of the POSIX ACL interfaces. ++ * ++ * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned ++ * from a call to sys_acl_get_entry() should not be assumed to be ++ * valid after calling any of the following functions, which may ++ * reorder the entries in the ACL. ++ * ++ * sys_acl_valid() ++ * sys_acl_set_file() ++ * sys_acl_set_fd() ++ */ ++ ++/* The only difference between Solaris and UnixWare / OpenUNIX is ++ * that the #defines for the ACL operations have different names. */ ++#if defined(HAVE_UNIXWARE_ACLS) ++ ++#define SETACL ACL_SET ++#define GETACL ACL_GET ++#define GETACLCNT ACL_CNT ++ ++#endif ++ ++ ++ int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p) ++{ ++ if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ if (entry_p == NULL) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ if (entry_id == SMB_ACL_FIRST_ENTRY) { ++ acl_d->next = 0; ++ } ++ ++ if (acl_d->next < 0) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ if (acl_d->next >= acl_d->count) { ++ return 0; ++ } ++ ++ *entry_p = &acl_d->acl[acl_d->next++]; ++ ++ return 1; ++} ++ ++ int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p) ++{ ++ *type_p = entry_d->a_type; ++ ++ return 0; ++} ++ ++ int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) ++{ ++ *permset_p = &entry_d->a_perm; ++ ++ return 0; ++} ++ ++ void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) ++{ ++ if (entry_d->a_type != SMB_ACL_USER ++ && entry_d->a_type != SMB_ACL_GROUP) { ++ errno = EINVAL; ++ return NULL; ++ } ++ ++ return &entry_d->a_id; ++} ++ ++/* There is no way of knowing what size the ACL returned by ++ * GETACL will be unless you first call GETACLCNT which means ++ * making an additional system call. ++ * ++ * In the hope of avoiding the cost of the additional system ++ * call in most cases, we initially allocate enough space for ++ * an ACL with INITIAL_ACL_SIZE entries. If this turns out to ++ * be too small then we use GETACLCNT to find out the actual ++ * size, reallocate the ACL buffer, and then call GETACL again. */ ++ ++#define INITIAL_ACL_SIZE 16 ++ ++ SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) ++{ ++ SMB_ACL_T acl_d; ++ int count; /* # of ACL entries allocated */ ++ int naccess; /* # of access ACL entries */ ++ int ndefault; /* # of default ACL entries */ ++ ++ if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { ++ errno = EINVAL; ++ return NULL; ++ } ++ ++ count = INITIAL_ACL_SIZE; ++ if ((acl_d = sys_acl_init(count)) == NULL) { ++ return NULL; ++ } ++ ++ /* If there isn't enough space for the ACL entries we use ++ * GETACLCNT to determine the actual number of ACL entries ++ * reallocate and try again. This is in a loop because it ++ * is possible that someone else could modify the ACL and ++ * increase the number of entries between the call to ++ * GETACLCNT and the call to GETACL. */ ++ while ((count = acl(path_p, GETACL, count, &acl_d->acl[0])) < 0 ++ && errno == ENOSPC) { ++ ++ sys_acl_free_acl(acl_d); ++ ++ if ((count = acl(path_p, GETACLCNT, 0, NULL)) < 0) { ++ return NULL; ++ } ++ ++ if ((acl_d = sys_acl_init(count)) == NULL) { ++ return NULL; ++ } ++ } ++ ++ if (count < 0) { ++ sys_acl_free_acl(acl_d); ++ return NULL; ++ } ++ ++ /* Calculate the number of access and default ACL entries. ++ * ++ * Note: we assume that the acl() system call returned a ++ * well formed ACL which is sorted so that all of the ++ * access ACL entries preceed any default ACL entries. */ ++ for (naccess = 0; naccess < count; naccess++) { ++ if (acl_d->acl[naccess].a_type & ACL_DEFAULT) ++ break; ++ } ++ ndefault = count - naccess; ++ ++ /* If the caller wants the default ACL we have to copy ++ * the entries down to the start of the acl[] buffer ++ * and mask out the ACL_DEFAULT flag from the type field. */ ++ if (type == SMB_ACL_TYPE_DEFAULT) { ++ int i, j; ++ ++ for (i = 0, j = naccess; i < ndefault; i++, j++) { ++ acl_d->acl[i] = acl_d->acl[j]; ++ acl_d->acl[i].a_type &= ~ACL_DEFAULT; ++ } ++ ++ acl_d->count = ndefault; ++ } else { ++ acl_d->count = naccess; ++ } ++ ++ return acl_d; ++} ++ ++ SMB_ACL_T sys_acl_get_fd(int fd) ++{ ++ SMB_ACL_T acl_d; ++ int count; /* # of ACL entries allocated */ ++ int naccess; /* # of access ACL entries */ ++ ++ count = INITIAL_ACL_SIZE; ++ if ((acl_d = sys_acl_init(count)) == NULL) { ++ return NULL; ++ } ++ ++ while ((count = facl(fd, GETACL, count, &acl_d->acl[0])) < 0 ++ && errno == ENOSPC) { ++ ++ sys_acl_free_acl(acl_d); ++ ++ if ((count = facl(fd, GETACLCNT, 0, NULL)) < 0) { ++ return NULL; ++ } ++ ++ if ((acl_d = sys_acl_init(count)) == NULL) { ++ return NULL; ++ } ++ } ++ ++ if (count < 0) { ++ sys_acl_free_acl(acl_d); ++ return NULL; ++ } ++ ++ /* Calculate the number of access ACL entries. */ ++ for (naccess = 0; naccess < count; naccess++) { ++ if (acl_d->acl[naccess].a_type & ACL_DEFAULT) ++ break; ++ } ++ ++ acl_d->count = naccess; ++ ++ return acl_d; ++} ++ ++ int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d) ++{ ++ *permset_d = 0; ++ ++ return 0; ++} ++ ++ int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) ++{ ++ if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE ++ && perm != SMB_ACL_EXECUTE) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ if (permset_d == NULL) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ *permset_d |= perm; ++ ++ return 0; ++} ++ ++ int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) ++{ ++ return *permset_d & perm; ++} ++ ++ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) ++{ ++ int i; ++ int len, maxlen; ++ char *text; ++ ++ /* Use an initial estimate of 20 bytes per ACL entry ++ * when allocating memory for the text representation ++ * of the ACL. */ ++ len = 0; ++ maxlen = 20 * acl_d->count; ++ if ((text = malloc(maxlen)) == NULL) { ++ errno = ENOMEM; ++ return NULL; ++ } ++ ++ for (i = 0; i < acl_d->count; i++) { ++ struct acl *ap = &acl_d->acl[i]; ++ struct passwd *pw; ++ struct group *gr; ++ char tagbuf[12]; ++ char idbuf[12]; ++ char *tag; ++ char *id = ""; ++ char perms[4]; ++ int nbytes; ++ ++ switch (ap->a_type) { ++ /* For debugging purposes it's probably more ++ * useful to dump unknown tag types rather ++ * than just returning an error. */ ++ default: ++ snprintf(tagbuf, sizeof tagbuf - 1, "0x%x", ++ ap->a_type); ++ tag = tagbuf; ++ snprintf(idbuf, sizeof idbuf - 1, "%ld", ++ (long)ap->a_id); ++ id = idbuf; ++ break; ++ ++ case SMB_ACL_USER: ++ if ((pw = getpwuid(ap->a_id)) == NULL) { ++ snprintf(idbuf, sizeof idbuf - 1, "%ld", ++ (long)ap->a_id); ++ id = idbuf; ++ } else { ++ id = pw->pw_name; ++ } ++ case SMB_ACL_USER_OBJ: ++ tag = "user"; ++ break; ++ ++ case SMB_ACL_GROUP: ++ if ((gr = getgrgid(ap->a_id)) == NULL) { ++ snprintf(idbuf, sizeof idbuf - 1, "%ld", ++ (long)ap->a_id); ++ id = idbuf; ++ } else { ++ id = gr->gr_name; ++ } ++ case SMB_ACL_GROUP_OBJ: ++ tag = "group"; ++ break; ++ ++ case SMB_ACL_OTHER: ++ tag = "other"; ++ break; ++ ++ case SMB_ACL_MASK: ++ tag = "mask"; ++ break; ++ ++ } ++ ++ perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-'; ++ perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-'; ++ perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-'; ++ perms[3] = '\0'; ++ ++ /* : : rwx \n \0 */ ++ nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1; ++ ++ /* If this entry would overflow the buffer ++ * allocate enough additional memory for this ++ * entry and an estimate of another 20 bytes ++ * for each entry still to be processed. */ ++ if ((len + nbytes) > maxlen) { ++ char *oldtext = text; ++ ++ maxlen += nbytes + 20 * (acl_d->count - i); ++ ++ if ((text = Realloc(oldtext, maxlen)) == NULL) { ++ free(oldtext); ++ errno = ENOMEM; ++ return NULL; ++ } ++ } ++ ++ snprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms); ++ len += nbytes - 1; ++ } ++ ++ if (len_p) ++ *len_p = len; ++ ++ return text; ++} ++ ++ SMB_ACL_T sys_acl_init(int count) ++{ ++ SMB_ACL_T a; ++ ++ if (count < 0) { ++ errno = EINVAL; ++ return NULL; ++ } ++ ++ /* Note that since the definition of the structure pointed ++ * to by the SMB_ACL_T includes the first element of the ++ * acl[] array, this actually allocates an ACL with room ++ * for (count+1) entries. */ ++ if ((a = malloc(sizeof a[0] + count * sizeof (struct acl))) == NULL) { ++ errno = ENOMEM; ++ return NULL; ++ } ++ ++ a->size = count + 1; ++ a->count = 0; ++ a->next = -1; ++ ++ return a; ++} ++ ++ ++ int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) ++{ ++ SMB_ACL_T acl_d; ++ SMB_ACL_ENTRY_T entry_d; ++ ++ if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ if (acl_d->count >= acl_d->size) { ++ errno = ENOSPC; ++ return -1; ++ } ++ ++ entry_d = &acl_d->acl[acl_d->count++]; ++ entry_d->a_type = 0; ++ entry_d->a_id = -1; ++ entry_d->a_perm = 0; ++ *entry_p = entry_d; ++ ++ return 0; ++} ++ ++ int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) ++{ ++ switch (tag_type) { ++ case SMB_ACL_USER: ++ case SMB_ACL_USER_OBJ: ++ case SMB_ACL_GROUP: ++ case SMB_ACL_GROUP_OBJ: ++ case SMB_ACL_OTHER: ++ case SMB_ACL_MASK: ++ entry_d->a_type = tag_type; ++ break; ++ default: ++ errno = EINVAL; ++ return -1; ++ } ++ ++ return 0; ++} ++ ++ int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p) ++{ ++ if (entry_d->a_type != SMB_ACL_GROUP ++ && entry_d->a_type != SMB_ACL_USER) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ entry_d->a_id = *((id_t *)qual_p); ++ ++ return 0; ++} ++ ++ int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) ++{ ++ if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { ++ return EINVAL; ++ } ++ ++ entry_d->a_perm = *permset_d; ++ ++ return 0; ++} ++ ++/* Sort the ACL and check it for validity. ++ * ++ * If it's a minimal ACL with only 4 entries then we ++ * need to recalculate the mask permissions to make ++ * sure that they are the same as the GROUP_OBJ ++ * permissions as required by the UnixWare acl() system call. ++ * ++ * (Note: since POSIX allows minimal ACLs which only contain ++ * 3 entries - ie there is no mask entry - we should, in theory, ++ * check for this and add a mask entry if necessary - however ++ * we "know" that the caller of this interface always specifies ++ * a mask so, in practice "this never happens" (tm) - if it *does* ++ * happen aclsort() will fail and return an error and someone will ++ * have to fix it ...) */ ++ ++static int acl_sort(SMB_ACL_T acl_d) ++{ ++ int fixmask = (acl_d->count <= 4); ++ ++ if (aclsort(acl_d->count, fixmask, acl_d->acl) != 0) { ++ errno = EINVAL; ++ return -1; ++ } ++ return 0; ++} ++ ++ int sys_acl_valid(SMB_ACL_T acl_d) ++{ ++ return acl_sort(acl_d); ++} ++ ++ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) ++{ ++ struct stat s; ++ struct acl *acl_p; ++ int acl_count; ++ struct acl *acl_buf = NULL; ++ int ret; ++ ++ if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ if (acl_sort(acl_d) != 0) { ++ return -1; ++ } ++ ++ acl_p = &acl_d->acl[0]; ++ acl_count = acl_d->count; ++ ++ /* If it's a directory there is extra work to do since the acl() ++ * system call will replace both the access ACLs and the default ++ * ACLs (if any). */ ++ if (stat(name, &s) != 0) { ++ return -1; ++ } ++ if (S_ISDIR(s.st_mode)) { ++ SMB_ACL_T acc_acl; ++ SMB_ACL_T def_acl; ++ SMB_ACL_T tmp_acl; ++ int i; ++ ++ if (type == SMB_ACL_TYPE_ACCESS) { ++ acc_acl = acl_d; ++ def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT); ++ ++ } else { ++ def_acl = acl_d; ++ acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS); ++ } ++ ++ if (tmp_acl == NULL) { ++ return -1; ++ } ++ ++ /* Allocate a temporary buffer for the complete ACL. */ ++ acl_count = acc_acl->count + def_acl->count; ++ acl_p = acl_buf = malloc(acl_count * sizeof acl_buf[0]); ++ ++ if (acl_buf == NULL) { ++ sys_acl_free_acl(tmp_acl); ++ errno = ENOMEM; ++ return -1; ++ } ++ ++ /* Copy the access control and default entries into the buffer. */ ++ memcpy(&acl_buf[0], &acc_acl->acl[0], ++ acc_acl->count * sizeof acl_buf[0]); ++ ++ memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0], ++ def_acl->count * sizeof acl_buf[0]); ++ ++ /* Set the ACL_DEFAULT flag on the default entries. */ ++ for (i = acc_acl->count; i < acl_count; i++) { ++ acl_buf[i].a_type |= ACL_DEFAULT; ++ } ++ ++ sys_acl_free_acl(tmp_acl); ++ ++ } else if (type != SMB_ACL_TYPE_ACCESS) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ ret = acl(name, SETACL, acl_count, acl_p); ++ ++ free(acl_buf); ++ ++ return ret; ++} ++ ++ int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) ++{ ++ if (acl_sort(acl_d) != 0) { ++ return -1; ++ } ++ ++ return facl(fd, SETACL, acl_d->count, &acl_d->acl[0]); ++} ++ ++ int sys_acl_delete_def_file(const char *path) ++{ ++ SMB_ACL_T acl_d; ++ int ret; ++ ++ /* Fetching the access ACL and rewriting it has the effect of ++ * deleting the default ACL. */ ++ if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) { ++ return -1; ++ } ++ ++ ret = acl(path, SETACL, acl_d->count, acl_d->acl); ++ ++ sys_acl_free_acl(acl_d); ++ ++ return ret; ++} ++ ++ int sys_acl_free_text(char *text) ++{ ++ free(text); ++ return 0; ++} ++ ++ int sys_acl_free_acl(SMB_ACL_T acl_d) ++{ ++ free(acl_d); ++ return 0; ++} ++ ++ int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) ++{ ++ return 0; ++} ++ ++#elif defined(HAVE_HPUX_ACLS) ++#include ++ ++/* Based on the Solaris/SCO code - with modifications. */ ++ ++/* Note that while this code implements sufficient functionality ++ * to support the sys_acl_* interfaces it does not provide all ++ * of the semantics of the POSIX ACL interfaces. ++ * ++ * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned ++ * from a call to sys_acl_get_entry() should not be assumed to be ++ * valid after calling any of the following functions, which may ++ * reorder the entries in the ACL. ++ * ++ * sys_acl_valid() ++ * sys_acl_set_file() ++ * sys_acl_set_fd() ++ */ ++ ++/* This checks if the POSIX ACL system call is defined which basically ++ * corresponds to whether JFS 3.3 or higher is installed. If acl() was ++ * called when it isn't defined, it causes the process to core dump so ++ * it is important to check this and avoid acl() calls if it isn't ++ * there. */ ++ ++static BOOL hpux_acl_call_presence(void) ++{ ++ ++ shl_t handle = NULL; ++ void *value; ++ int ret_val=0; ++ static BOOL already_checked=0; ++ ++ if (already_checked) ++ return True; ++ ++ ++ ret_val = shl_findsym(&handle, "acl", TYPE_PROCEDURE, &value); ++ ++ if (ret_val != 0) { ++ DEBUG(5, ("hpux_acl_call_presence: shl_findsym() returned %d, errno = %d, error %s\n", ++ ret_val, errno, strerror(errno))); ++ DEBUG(5,("hpux_acl_call_presence: acl() system call is not present. Check if you have JFS 3.3 and above?\n")); ++ return False; ++ } ++ ++ DEBUG(10,("hpux_acl_call_presence: acl() system call is present. We have JFS 3.3 or above \n")); ++ ++ already_checked = True; ++ return True; ++} ++ ++ int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p) ++{ ++ if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ if (entry_p == NULL) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ if (entry_id == SMB_ACL_FIRST_ENTRY) { ++ acl_d->next = 0; ++ } ++ ++ if (acl_d->next < 0) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ if (acl_d->next >= acl_d->count) { ++ return 0; ++ } ++ ++ *entry_p = &acl_d->acl[acl_d->next++]; ++ ++ return 1; ++} ++ ++ int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p) ++{ ++ *type_p = entry_d->a_type; ++ ++ return 0; ++} ++ ++ int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) ++{ ++ *permset_p = &entry_d->a_perm; ++ ++ return 0; ++} ++ ++ void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) ++{ ++ if (entry_d->a_type != SMB_ACL_USER ++ && entry_d->a_type != SMB_ACL_GROUP) { ++ errno = EINVAL; ++ return NULL; ++ } ++ ++ return &entry_d->a_id; ++} ++ ++/* There is no way of knowing what size the ACL returned by ++ * ACL_GET will be unless you first call ACL_CNT which means ++ * making an additional system call. ++ * ++ * In the hope of avoiding the cost of the additional system ++ * call in most cases, we initially allocate enough space for ++ * an ACL with INITIAL_ACL_SIZE entries. If this turns out to ++ * be too small then we use ACL_CNT to find out the actual ++ * size, reallocate the ACL buffer, and then call ACL_GET again. ++ */ ++ ++#define INITIAL_ACL_SIZE 16 ++ ++ SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) ++{ ++ SMB_ACL_T acl_d; ++ int count; /* # of ACL entries allocated */ ++ int naccess; /* # of access ACL entries */ ++ int ndefault; /* # of default ACL entries */ ++ ++ if (hpux_acl_call_presence() == False) { ++ /* Looks like we don't have the acl() system call on HPUX. ++ * May be the system doesn't have the latest version of JFS. */ ++ return NULL; ++ } ++ ++ if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { ++ errno = EINVAL; ++ return NULL; ++ } ++ ++ count = INITIAL_ACL_SIZE; ++ if ((acl_d = sys_acl_init(count)) == NULL) { ++ return NULL; ++ } ++ ++ /* If there isn't enough space for the ACL entries we use ++ * ACL_CNT to determine the actual number of ACL entries ++ * reallocate and try again. This is in a loop because it ++ * is possible that someone else could modify the ACL and ++ * increase the number of entries between the call to ++ * ACL_CNT and the call to ACL_GET. */ ++ while ((count = acl(path_p, ACL_GET, count, &acl_d->acl[0])) < 0 && errno == ENOSPC) { ++ ++ sys_acl_free_acl(acl_d); ++ ++ if ((count = acl(path_p, ACL_CNT, 0, NULL)) < 0) { ++ return NULL; ++ } ++ ++ if ((acl_d = sys_acl_init(count)) == NULL) { ++ return NULL; ++ } ++ } ++ ++ if (count < 0) { ++ sys_acl_free_acl(acl_d); ++ return NULL; ++ } ++ ++ /* Calculate the number of access and default ACL entries. ++ * ++ * Note: we assume that the acl() system call returned a ++ * well formed ACL which is sorted so that all of the ++ * access ACL entries preceed any default ACL entries. */ ++ for (naccess = 0; naccess < count; naccess++) { ++ if (acl_d->acl[naccess].a_type & ACL_DEFAULT) ++ break; ++ } ++ ndefault = count - naccess; ++ ++ /* If the caller wants the default ACL we have to copy ++ * the entries down to the start of the acl[] buffer ++ * and mask out the ACL_DEFAULT flag from the type field. */ ++ if (type == SMB_ACL_TYPE_DEFAULT) { ++ int i, j; ++ ++ for (i = 0, j = naccess; i < ndefault; i++, j++) { ++ acl_d->acl[i] = acl_d->acl[j]; ++ acl_d->acl[i].a_type &= ~ACL_DEFAULT; ++ } ++ ++ acl_d->count = ndefault; ++ } else { ++ acl_d->count = naccess; ++ } ++ ++ return acl_d; ++} ++ ++ SMB_ACL_T sys_acl_get_fd(int fd) ++{ ++ /* HPUX doesn't have the facl call. Fake it using the path.... JRA. */ ++ ++ files_struct *fsp = file_find_fd(fd); ++ ++ if (fsp == NULL) { ++ errno = EBADF; ++ return NULL; ++ } ++ ++ /* We know we're in the same conn context. So we can use the ++ * relative path. */ ++ ++ return sys_acl_get_file(dos_to_unix_static(fsp->fsp_name), SMB_ACL_TYPE_ACCESS); ++} ++ ++ int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d) ++{ ++ *permset_d = 0; ++ ++ return 0; ++} ++ ++ int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) ++{ ++ if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE ++ && perm != SMB_ACL_EXECUTE) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ if (permset_d == NULL) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ *permset_d |= perm; ++ ++ return 0; ++} ++ ++ int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) ++{ ++ return *permset_d & perm; ++} ++ ++ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) ++{ ++ int i; ++ int len, maxlen; ++ char *text; ++ ++ /* Use an initial estimate of 20 bytes per ACL entry when ++ * allocating memory for the text representation of the ACL. */ ++ len = 0; ++ maxlen = 20 * acl_d->count; ++ if ((text = malloc(maxlen)) == NULL) { ++ errno = ENOMEM; ++ return NULL; ++ } ++ ++ for (i = 0; i < acl_d->count; i++) { ++ struct acl *ap = &acl_d->acl[i]; ++ struct passwd *pw; ++ struct group *gr; ++ char tagbuf[12]; ++ char idbuf[12]; ++ char *tag; ++ char *id = ""; ++ char perms[4]; ++ int nbytes; ++ ++ switch (ap->a_type) { ++ /* For debugging purposes it's probably more ++ * useful to dump unknown tag types rather ++ * than just returning an error. */ ++ default: ++ snprintf(tagbuf, sizeof tagbuf - 1, "0x%x", ++ ap->a_type); ++ tag = tagbuf; ++ snprintf(idbuf, sizeof idbuf - 1, "%ld", ++ (long)ap->a_id); ++ id = idbuf; ++ break; ++ ++ case SMB_ACL_USER: ++ if ((pw = getpwuid(ap->a_id)) == NULL) { ++ snprintf(idbuf, sizeof idbuf - 1, "%ld", ++ (long)ap->a_id); ++ id = idbuf; ++ } else { ++ id = pw->pw_name; ++ } ++ case SMB_ACL_USER_OBJ: ++ tag = "user"; ++ break; ++ ++ case SMB_ACL_GROUP: ++ if ((gr = getgrgid(ap->a_id)) == NULL) { ++ snprintf(idbuf, sizeof idbuf - 1, "%ld", ++ (long)ap->a_id); ++ id = idbuf; ++ } else { ++ id = gr->gr_name; ++ } ++ case SMB_ACL_GROUP_OBJ: ++ tag = "group"; ++ break; ++ ++ case SMB_ACL_OTHER: ++ tag = "other"; ++ break; ++ ++ case SMB_ACL_MASK: ++ tag = "mask"; ++ break; ++ ++ } ++ ++ perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-'; ++ perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-'; ++ perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-'; ++ perms[3] = '\0'; ++ ++ /* : : rwx \n \0 */ ++ nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1; ++ ++ /* If this entry would overflow the buffer ++ * allocate enough additional memory for this ++ * entry and an estimate of another 20 bytes ++ * for each entry still to be processed. */ ++ if ((len + nbytes) > maxlen) { ++ char *oldtext = text; ++ ++ maxlen += nbytes + 20 * (acl_d->count - i); ++ ++ if ((text = Realloc(oldtext, maxlen)) == NULL) { ++ free(oldtext); ++ errno = ENOMEM; ++ return NULL; ++ } ++ } ++ ++ snprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms); ++ len += nbytes - 1; ++ } ++ ++ if (len_p) ++ *len_p = len; ++ ++ return text; ++} ++ ++ SMB_ACL_T sys_acl_init(int count) ++{ ++ SMB_ACL_T a; ++ ++ if (count < 0) { ++ errno = EINVAL; ++ return NULL; ++ } ++ ++ /* Note that since the definition of the structure pointed ++ * to by the SMB_ACL_T includes the first element of the ++ * acl[] array, this actually allocates an ACL with room ++ * for (count+1) entries. */ ++ if ((a = malloc(sizeof a[0] + count * sizeof (struct acl))) == NULL) { ++ errno = ENOMEM; ++ return NULL; ++ } ++ ++ a->size = count + 1; ++ a->count = 0; ++ a->next = -1; ++ ++ return a; ++} ++ ++ ++ int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) ++{ ++ SMB_ACL_T acl_d; ++ SMB_ACL_ENTRY_T entry_d; ++ ++ if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ if (acl_d->count >= acl_d->size) { ++ errno = ENOSPC; ++ return -1; ++ } ++ ++ entry_d = &acl_d->acl[acl_d->count++]; ++ entry_d->a_type = 0; ++ entry_d->a_id = -1; ++ entry_d->a_perm = 0; ++ *entry_p = entry_d; ++ ++ return 0; ++} ++ ++ int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) ++{ ++ switch (tag_type) { ++ case SMB_ACL_USER: ++ case SMB_ACL_USER_OBJ: ++ case SMB_ACL_GROUP: ++ case SMB_ACL_GROUP_OBJ: ++ case SMB_ACL_OTHER: ++ case SMB_ACL_MASK: ++ entry_d->a_type = tag_type; ++ break; ++ default: ++ errno = EINVAL; ++ return -1; ++ } ++ ++ return 0; ++} ++ ++ int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p) ++{ ++ if (entry_d->a_type != SMB_ACL_GROUP ++ && entry_d->a_type != SMB_ACL_USER) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ entry_d->a_id = *((id_t *)qual_p); ++ ++ return 0; ++} ++ ++ int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) ++{ ++ if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { ++ return EINVAL; ++ } ++ ++ entry_d->a_perm = *permset_d; ++ ++ return 0; ++} ++ ++/* Structure to capture the count for each type of ACE. */ ++ ++struct hpux_acl_types { ++ int n_user; ++ int n_def_user; ++ int n_user_obj; ++ int n_def_user_obj; ++ ++ int n_group; ++ int n_def_group; ++ int n_group_obj; ++ int n_def_group_obj; ++ ++ int n_other; ++ int n_other_obj; ++ int n_def_other_obj; ++ ++ int n_class_obj; ++ int n_def_class_obj; ++ ++ int n_illegal_obj; ++}; ++ ++/* count_obj: ++ * Counts the different number of objects in a given array of ACL ++ * structures. ++ * Inputs: ++ * ++ * acl_count - Count of ACLs in the array of ACL strucutres. ++ * aclp - Array of ACL structures. ++ * acl_type_count - Pointer to acl_types structure. Should already be ++ * allocated. ++ * Output: ++ * ++ * acl_type_count - This structure is filled up with counts of various ++ * acl types. ++ */ ++ ++static int hpux_count_obj(int acl_count, struct acl *aclp, struct hpux_acl_types *acl_type_count) ++{ ++ int i; ++ ++ memset(acl_type_count, 0, sizeof (struct hpux_acl_types)); ++ ++ for (i=0;in_user++; ++ break; ++ case USER_OBJ: ++ acl_type_count->n_user_obj++; ++ break; ++ case DEF_USER_OBJ: ++ acl_type_count->n_def_user_obj++; ++ break; ++ case GROUP: ++ acl_type_count->n_group++; ++ break; ++ case GROUP_OBJ: ++ acl_type_count->n_group_obj++; ++ break; ++ case DEF_GROUP_OBJ: ++ acl_type_count->n_def_group_obj++; ++ break; ++ case OTHER_OBJ: ++ acl_type_count->n_other_obj++; ++ break; ++ case DEF_OTHER_OBJ: ++ acl_type_count->n_def_other_obj++; ++ break; ++ case CLASS_OBJ: ++ acl_type_count->n_class_obj++; ++ break; ++ case DEF_CLASS_OBJ: ++ acl_type_count->n_def_class_obj++; ++ break; ++ case DEF_USER: ++ acl_type_count->n_def_user++; ++ break; ++ case DEF_GROUP: ++ acl_type_count->n_def_group++; ++ break; ++ default: ++ acl_type_count->n_illegal_obj++; ++ break; ++ } ++ } ++} ++ ++/* swap_acl_entries: Swaps two ACL entries. ++ * ++ * Inputs: aclp0, aclp1 - ACL entries to be swapped. ++ */ ++ ++static void hpux_swap_acl_entries(struct acl *aclp0, struct acl *aclp1) ++{ ++ struct acl temp_acl; ++ ++ temp_acl.a_type = aclp0->a_type; ++ temp_acl.a_id = aclp0->a_id; ++ temp_acl.a_perm = aclp0->a_perm; ++ ++ aclp0->a_type = aclp1->a_type; ++ aclp0->a_id = aclp1->a_id; ++ aclp0->a_perm = aclp1->a_perm; ++ ++ aclp1->a_type = temp_acl.a_type; ++ aclp1->a_id = temp_acl.a_id; ++ aclp1->a_perm = temp_acl.a_perm; ++} ++ ++/* prohibited_duplicate_type ++ * Identifies if given ACL type can have duplicate entries or ++ * not. ++ * ++ * Inputs: acl_type - ACL Type. ++ * ++ * Outputs: ++ * ++ * Return.. ++ * ++ * True - If the ACL type matches any of the prohibited types. ++ * False - If the ACL type doesn't match any of the prohibited types. ++ */ ++ ++static BOOL hpux_prohibited_duplicate_type(int acl_type) ++{ ++ switch (acl_type) { ++ case USER: ++ case GROUP: ++ case DEF_USER: ++ case DEF_GROUP: ++ return True; ++ } ++ return False; ++} ++ ++/* get_needed_class_perm ++ * Returns the permissions of a ACL structure only if the ACL ++ * type matches one of the pre-determined types for computing ++ * CLASS_OBJ permissions. ++ * ++ * Inputs: aclp - Pointer to ACL structure. ++ */ ++ ++static int hpux_get_needed_class_perm(struct acl *aclp) ++{ ++ switch (aclp->a_type) { ++ case USER: ++ case GROUP_OBJ: ++ case GROUP: ++ case DEF_USER_OBJ: ++ case DEF_USER: ++ case DEF_GROUP_OBJ: ++ case DEF_GROUP: ++ case DEF_CLASS_OBJ: ++ case DEF_OTHER_OBJ: ++ return aclp->a_perm; ++ default: ++ return 0; ++ } ++} ++ ++/* acl_sort for HPUX. ++ * Sorts the array of ACL structures as per the description in ++ * aclsort man page. Refer to aclsort man page for more details ++ * ++ * Inputs: ++ * ++ * acl_count - Count of ACLs in the array of ACL structures. ++ * calclass - If this is not zero, then we compute the CLASS_OBJ ++ * permissions. ++ * aclp - Array of ACL structures. ++ * ++ * Outputs: ++ * ++ * aclp - Sorted array of ACL structures. ++ * ++ * Outputs: ++ * ++ * Returns 0 for success -1 for failure. Prints a message to the Samba ++ * debug log in case of failure. ++ */ ++ ++static int hpux_acl_sort(int acl_count, int calclass, struct acl *aclp) ++{ ++#if !defined(HAVE_HPUX_ACLSORT) ++ /* The aclsort() system call is availabe on the latest HPUX General ++ * Patch Bundles. So for HPUX, we developed our version of acl_sort ++ * function. Because, we don't want to update to a new ++ * HPUX GR bundle just for aclsort() call. */ ++ ++ struct hpux_acl_types acl_obj_count; ++ int n_class_obj_perm = 0; ++ int i, j; ++ ++ if (!acl_count) { ++ DEBUG(10,("Zero acl count passed. Returning Success\n")); ++ return 0; ++ } ++ ++ if (aclp == NULL) { ++ DEBUG(0,("Null ACL pointer in hpux_acl_sort. Returning Failure. \n")); ++ return -1; ++ } ++ ++ /* Count different types of ACLs in the ACLs array */ ++ ++ hpux_count_obj(acl_count, aclp, &acl_obj_count); ++ ++ /* There should be only one entry each of type USER_OBJ, GROUP_OBJ, ++ * CLASS_OBJ and OTHER_OBJ ++ */ ++ ++ if (acl_obj_count.n_user_obj != 1 ++ || acl_obj_count.n_group_obj != 1 ++ || acl_obj_count.n_class_obj != 1 ++ || acl_obj_count.n_other_obj != 1) { ++ DEBUG(0,("hpux_acl_sort: More than one entry or no entries for \ ++USER OBJ or GROUP_OBJ or OTHER_OBJ or CLASS_OBJ\n")); ++ return -1; ++ } ++ ++ /* If any of the default objects are present, there should be only ++ * one of them each. ++ */ ++ ++ if (acl_obj_count.n_def_user_obj > 1 || acl_obj_count.n_def_group_obj > 1 || ++ acl_obj_count.n_def_other_obj > 1 || acl_obj_count.n_def_class_obj > 1) { ++ DEBUG(0,("hpux_acl_sort: More than one entry for DEF_CLASS_OBJ \ ++or DEF_USER_OBJ or DEF_GROUP_OBJ or DEF_OTHER_OBJ\n")); ++ return -1; ++ } ++ ++ /* We now have proper number of OBJ and DEF_OBJ entries. Now sort the acl ++ * structures. ++ * ++ * Sorting crieteria - First sort by ACL type. If there are multiple entries of ++ * same ACL type, sort by ACL id. ++ * ++ * I am using the trival kind of sorting method here because, performance isn't ++ * really effected by the ACLs feature. More over there aren't going to be more ++ * than 17 entries on HPUX. ++ */ ++ ++ for (i=0; i aclp[j].a_type) { ++ /* ACL entries out of order, swap them */ ++ ++ hpux_swap_acl_entries((aclp+i), (aclp+j)); ++ ++ } else if (aclp[i].a_type == aclp[j].a_type) { ++ ++ /* ACL entries of same type, sort by id */ ++ ++ if (aclp[i].a_id > aclp[j].a_id) { ++ hpux_swap_acl_entries((aclp+i), (aclp+j)); ++ } else if (aclp[i].a_id == aclp[j].a_id) { ++ /* We have a duplicate entry. */ ++ if (hpux_prohibited_duplicate_type(aclp[i].a_type)) { ++ DEBUG(0, ("hpux_acl_sort: Duplicate entry: Type(hex): %x Id: %d\n", ++ aclp[i].a_type, aclp[i].a_id)); ++ return -1; ++ } ++ } ++ ++ } ++ } ++ } ++ ++ /* set the class obj permissions to the computed one. */ ++ if (calclass) { ++ int n_class_obj_index = -1; ++ ++ for (i=0;icount <= 4); ++ ++ if (hpux_acl_sort(acl_d->count, fixmask, acl_d->acl) != 0) { ++ errno = EINVAL; ++ return -1; ++ } ++ return 0; ++} ++ ++ int sys_acl_valid(SMB_ACL_T acl_d) ++{ ++ return acl_sort(acl_d); ++} ++ ++ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) ++{ ++ struct stat s; ++ struct acl *acl_p; ++ int acl_count; ++ struct acl *acl_buf = NULL; ++ int ret; ++ ++ if (hpux_acl_call_presence() == False) { ++ /* Looks like we don't have the acl() system call on HPUX. ++ * May be the system doesn't have the latest version of JFS. */ ++ errno = ENOSYS; ++ return -1; ++ } ++ ++ if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ if (acl_sort(acl_d) != 0) { ++ return -1; ++ } ++ ++ acl_p = &acl_d->acl[0]; ++ acl_count = acl_d->count; ++ ++ /* If it's a directory there is extra work to do since the acl() ++ * system call will replace both the access ACLs and the default ++ * ACLs (if any). */ ++ if (stat(name, &s) != 0) { ++ return -1; ++ } ++ if (S_ISDIR(s.st_mode)) { ++ SMB_ACL_T acc_acl; ++ SMB_ACL_T def_acl; ++ SMB_ACL_T tmp_acl; ++ int i; ++ ++ if (type == SMB_ACL_TYPE_ACCESS) { ++ acc_acl = acl_d; ++ def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT); ++ ++ } else { ++ def_acl = acl_d; ++ acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS); ++ } ++ ++ if (tmp_acl == NULL) { ++ return -1; ++ } ++ ++ /* Allocate a temporary buffer for the complete ACL. */ ++ acl_count = acc_acl->count + def_acl->count; ++ acl_p = acl_buf = malloc(acl_count * sizeof acl_buf[0]); ++ ++ if (acl_buf == NULL) { ++ sys_acl_free_acl(tmp_acl); ++ errno = ENOMEM; ++ return -1; ++ } ++ ++ /* Copy the access control and default entries into the buffer. */ ++ memcpy(&acl_buf[0], &acc_acl->acl[0], ++ acc_acl->count * sizeof acl_buf[0]); ++ ++ memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0], ++ def_acl->count * sizeof acl_buf[0]); ++ ++ /* Set the ACL_DEFAULT flag on the default entries. */ ++ for (i = acc_acl->count; i < acl_count; i++) { ++ acl_buf[i].a_type |= ACL_DEFAULT; ++ } ++ ++ sys_acl_free_acl(tmp_acl); ++ ++ } else if (type != SMB_ACL_TYPE_ACCESS) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ ret = acl(name, ACL_SET, acl_count, acl_p); ++ ++ free(acl_buf); ++ ++ return ret; ++} ++ ++ int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) ++{ ++ /* HPUX doesn't have the facl call. Fake it using the path.... JRA. */ ++ ++ files_struct *fsp = file_find_fd(fd); ++ ++ if (fsp == NULL) { ++ errno = EBADF; ++ return NULL; ++ } ++ ++ if (acl_sort(acl_d) != 0) { ++ return -1; ++ } ++ ++ /* We know we're in the same conn context. So we can use the ++ * relative path. */ ++ ++ return sys_acl_set_file(dos_to_unix_static(fsp->fsp_name), SMB_ACL_TYPE_ACCESS, acl_d); ++} ++ ++ int sys_acl_delete_def_file(const char *path) ++{ ++ SMB_ACL_T acl_d; ++ int ret; ++ ++ /* Fetching the access ACL and rewriting it has the effect of ++ * deleting the default ACL. */ ++ if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) { ++ return -1; ++ } ++ ++ ret = acl(path, ACL_SET, acl_d->count, acl_d->acl); ++ ++ sys_acl_free_acl(acl_d); ++ ++ return ret; ++} ++ ++ int sys_acl_free_text(char *text) ++{ ++ free(text); ++ return 0; ++} ++ ++ int sys_acl_free_acl(SMB_ACL_T acl_d) ++{ ++ free(acl_d); ++ return 0; ++} ++ ++ int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) ++{ ++ return 0; ++} ++ ++#elif defined(HAVE_IRIX_ACLS) ++ ++ int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p) ++{ ++ if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ if (entry_p == NULL) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ if (entry_id == SMB_ACL_FIRST_ENTRY) { ++ acl_d->next = 0; ++ } ++ ++ if (acl_d->next < 0) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ if (acl_d->next >= acl_d->aclp->acl_cnt) { ++ return 0; ++ } ++ ++ *entry_p = &acl_d->aclp->acl_entry[acl_d->next++]; ++ ++ return 1; ++} ++ ++ int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p) ++{ ++ *type_p = entry_d->ae_tag; ++ ++ return 0; ++} ++ ++ int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) ++{ ++ *permset_p = entry_d; ++ ++ return 0; ++} ++ ++ void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) ++{ ++ if (entry_d->ae_tag != SMB_ACL_USER ++ && entry_d->ae_tag != SMB_ACL_GROUP) { ++ errno = EINVAL; ++ return NULL; ++ } ++ ++ return &entry_d->ae_id; ++} ++ ++ SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) ++{ ++ SMB_ACL_T a; ++ ++ if ((a = malloc(sizeof a[0])) == NULL) { ++ errno = ENOMEM; ++ return NULL; ++ } ++ if ((a->aclp = acl_get_file(path_p, type)) == NULL) { ++ free(a); ++ return NULL; ++ } ++ a->next = -1; ++ a->freeaclp = True; ++ return a; ++} ++ ++ SMB_ACL_T sys_acl_get_fd(int fd) ++{ ++ SMB_ACL_T a; ++ ++ if ((a = malloc(sizeof a[0])) == NULL) { ++ errno = ENOMEM; ++ return NULL; ++ } ++ if ((a->aclp = acl_get_fd(fd)) == NULL) { ++ free(a); ++ return NULL; ++ } ++ a->next = -1; ++ a->freeaclp = True; ++ return a; ++} ++ ++ int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d) ++{ ++ permset_d->ae_perm = 0; ++ ++ return 0; ++} ++ ++ int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) ++{ ++ if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE ++ && perm != SMB_ACL_EXECUTE) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ if (permset_d == NULL) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ permset_d->ae_perm |= perm; ++ ++ return 0; ++} ++ ++ int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) ++{ ++ return permset_d->ae_perm & perm; ++} ++ ++ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) ++{ ++ return acl_to_text(acl_d->aclp, len_p); ++} ++ ++ SMB_ACL_T sys_acl_init(int count) ++{ ++ SMB_ACL_T a; ++ ++ if (count < 0) { ++ errno = EINVAL; ++ return NULL; ++ } ++ ++ if ((a = malloc(sizeof a[0] + sizeof (struct acl))) == NULL) { ++ errno = ENOMEM; ++ return NULL; ++ } ++ ++ a->next = -1; ++ a->freeaclp = False; ++ a->aclp = (struct acl *)(&a->aclp + sizeof (struct acl *)); ++ a->aclp->acl_cnt = 0; ++ ++ return a; ++} ++ ++ ++ int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) ++{ ++ SMB_ACL_T acl_d; ++ SMB_ACL_ENTRY_T entry_d; ++ ++ if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ if (acl_d->aclp->acl_cnt >= ACL_MAX_ENTRIES) { ++ errno = ENOSPC; ++ return -1; ++ } ++ ++ entry_d = &acl_d->aclp->acl_entry[acl_d->aclp->acl_cnt++]; ++ entry_d->ae_tag = 0; ++ entry_d->ae_id = 0; ++ entry_d->ae_perm = 0; ++ *entry_p = entry_d; ++ ++ return 0; ++} ++ ++ int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) ++{ ++ switch (tag_type) { ++ case SMB_ACL_USER: ++ case SMB_ACL_USER_OBJ: ++ case SMB_ACL_GROUP: ++ case SMB_ACL_GROUP_OBJ: ++ case SMB_ACL_OTHER: ++ case SMB_ACL_MASK: ++ entry_d->ae_tag = tag_type; ++ break; ++ default: ++ errno = EINVAL; ++ return -1; ++ } ++ ++ return 0; ++} ++ ++ int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p) ++{ ++ if (entry_d->ae_tag != SMB_ACL_GROUP ++ && entry_d->ae_tag != SMB_ACL_USER) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ entry_d->ae_id = *((id_t *)qual_p); ++ ++ return 0; ++} ++ ++ int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) ++{ ++ if (permset_d->ae_perm & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { ++ return EINVAL; ++ } ++ ++ entry_d->ae_perm = permset_d->ae_perm; ++ ++ return 0; ++} ++ ++ int sys_acl_valid(SMB_ACL_T acl_d) ++{ ++ return acl_valid(acl_d->aclp); ++} ++ ++ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) ++{ ++ return acl_set_file(name, type, acl_d->aclp); ++} ++ ++ int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) ++{ ++ return acl_set_fd(fd, acl_d->aclp); ++} ++ ++ int sys_acl_delete_def_file(const char *name) ++{ ++ return acl_delete_def_file(name); ++} ++ ++ int sys_acl_free_text(char *text) ++{ ++ return acl_free(text); ++} ++ ++ int sys_acl_free_acl(SMB_ACL_T acl_d) ++{ ++ if (acl_d->freeaclp) { ++ acl_free(acl_d->aclp); ++ } ++ acl_free(acl_d); ++ return 0; ++} ++ ++ int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) ++{ ++ return 0; ++} ++ ++#elif defined(HAVE_AIX_ACLS) ++ ++/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */ ++ ++ int sys_acl_get_entry(SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p) ++{ ++ struct acl_entry_link *link; ++ struct new_acl_entry *entry; ++ int keep_going; ++ ++ DEBUG(10,("This is the count: %d\n",theacl->count)); ++ ++ /* Check if count was previously set to -1. If it was, that ++ * means we reached the end of the acl last time. */ ++ if (theacl->count == -1) ++ return 0; ++ ++ link = theacl; ++ /* To get to the next acl, traverse linked list until index of ++ * acl matches the count we are keeping. This count is ++ * incremented each time we return an acl entry. */ ++ ++ for (keep_going = 0; keep_going < theacl->count; keep_going++) ++ link = link->nextp; ++ ++ entry = *entry_p = link->entryp; ++ ++ DEBUG(10,("*entry_p is %d\n",entry_p)); ++ DEBUG(10,("*entry_p->ace_access is %d\n",entry->ace_access)); ++ ++ /* Increment count */ ++ theacl->count++; ++ if (link->nextp == NULL) ++ theacl->count = -1; ++ ++ return 1; ++} ++ ++ int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) ++{ ++ /* Initialize tag type */ ++ ++ *tag_type_p = -1; ++ DEBUG(10,("the tagtype is %d\n",entry_d->ace_id->id_type)); ++ ++ /* Depending on what type of entry we have, return tag type. */ ++ switch (entry_d->ace_id->id_type) { ++ case ACEID_USER: ++ *tag_type_p = SMB_ACL_USER; ++ break; ++ case ACEID_GROUP: ++ *tag_type_p = SMB_ACL_GROUP; ++ break; ++ ++ case SMB_ACL_USER_OBJ: ++ case SMB_ACL_GROUP_OBJ: ++ case SMB_ACL_OTHER: ++ *tag_type_p = entry_d->ace_id->id_type; ++ break; ++ ++ default: ++ return -1; ++ } ++ ++ return 0; ++} ++ ++ int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) ++{ ++ DEBUG(10,("Starting AIX sys_acl_get_permset\n")); ++ *permset_p = &entry_d->ace_access; ++ DEBUG(10,("**permset_p is %d\n",**permset_p)); ++ if (!(**permset_p & S_IXUSR) ++ && !(**permset_p & S_IWUSR) ++ && !(**permset_p & S_IRUSR) ++ && **permset_p != 0) ++ return -1; ++ ++ DEBUG(10,("Ending AIX sys_acl_get_permset\n")); ++ return 0; ++} ++ ++ void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) ++{ ++ return entry_d->ace_id->id_data; ++} ++ ++ SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) ++{ ++ struct acl *file_acl = (struct acl *)NULL; ++ struct acl_entry *acl_entry; ++ struct new_acl_entry *new_acl_entry; ++ struct ace_id *idp; ++ struct acl_entry_link *acl_entry_link; ++ struct acl_entry_link *acl_entry_link_head; ++ int i; ++ int rc = 0; ++ uid_t user_id; ++ ++ /* Get the acl using statacl */ ++ ++ DEBUG(10,("Entering sys_acl_get_file\n")); ++ DEBUG(10,("path_p is %s\n",path_p)); ++ ++ file_acl = (struct acl *)malloc(BUFSIZ); ++ ++ if (file_acl == NULL) { ++ errno=ENOMEM; ++ DEBUG(0,("Error in AIX sys_acl_get_file: %d\n",errno)); ++ return NULL; ++ } ++ ++ memset(file_acl,0,BUFSIZ); ++ ++ rc = statacl((char *)path_p,0,file_acl,BUFSIZ); ++ if (rc == -1) { ++ DEBUG(0,("statacl returned %d with errno %d\n",rc,errno)); ++ free(file_acl); ++ return NULL; ++ } ++ ++ DEBUG(10,("Got facl and returned it\n")); ++ ++ /* Point to the first acl entry in the acl */ ++ acl_entry = file_acl->acl_ext; ++ ++ /* Begin setting up the head of the linked list that will be ++ * used for the storing the acl in a way that is useful for the ++ * posix_acls.c code. */ ++ ++ acl_entry_link_head = acl_entry_link = sys_acl_init(0); ++ if (acl_entry_link_head == NULL) ++ return NULL; ++ ++ acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry)); ++ if (acl_entry_link->entryp == NULL) { ++ free(file_acl); ++ errno = ENOMEM; ++ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); ++ return NULL; ++ } ++ ++ DEBUG(10,("acl_entry is %d\n",acl_entry)); ++ DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl))); ++ ++ /* Check if the extended acl bit is on. If it isn't, do not ++ * show the contents of the acl since AIX intends the extended ++ * info to remain unused. */ ++ ++ if (file_acl->acl_mode & S_IXACL){ ++ /* while we are not pointing to the very end */ ++ while (acl_entry < acl_last(file_acl)) { ++ /* before we malloc anything, make sure this is */ ++ /* a valid acl entry and one that we want to map */ ++ idp = id_nxt(acl_entry->ace_id); ++ if ((acl_entry->ace_type == ACC_SPECIFY ++ || acl_entry->ace_type == ACC_PERMIT) ++ && idp != id_last(acl_entry)) { ++ acl_entry = acl_nxt(acl_entry); ++ continue; ++ } ++ ++ idp = acl_entry->ace_id; ++ ++ /* Check if this is the first entry in the linked list. ++ * The first entry needs to keep prevp pointing to NULL ++ * and already has entryp allocated. */ ++ ++ if (acl_entry_link_head->count != 0) { ++ acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof (struct acl_entry_link)); ++ ++ if (acl_entry_link->nextp == NULL) { ++ free(file_acl); ++ errno = ENOMEM; ++ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); ++ return NULL; ++ } ++ ++ acl_entry_link->nextp->prevp = acl_entry_link; ++ acl_entry_link = acl_entry_link->nextp; ++ acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry)); ++ if (acl_entry_link->entryp == NULL) { ++ free(file_acl); ++ errno = ENOMEM; ++ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); ++ return NULL; ++ } ++ acl_entry_link->nextp = NULL; ++ } ++ ++ acl_entry_link->entryp->ace_len = acl_entry->ace_len; ++ ++ /* Don't really need this since all types are going ++ * to be specified but, it's better than leaving it 0. */ ++ ++ acl_entry_link->entryp->ace_type = acl_entry->ace_type; ++ ++ acl_entry_link->entryp->ace_access = acl_entry->ace_access; ++ ++ memcpy(acl_entry_link->entryp->ace_id,idp,sizeof (struct ace_id)); ++ ++ /* The access in the acl entries must be left shifted by ++ * three bites, because they will ultimately be compared ++ * to S_IRUSR, S_IWUSR, and S_IXUSR. */ ++ ++ switch (acl_entry->ace_type){ ++ case ACC_PERMIT: ++ case ACC_SPECIFY: ++ acl_entry_link->entryp->ace_access = acl_entry->ace_access; ++ acl_entry_link->entryp->ace_access <<= 6; ++ acl_entry_link_head->count++; ++ break; ++ case ACC_DENY: ++ /* Since there is no way to return a DENY acl entry ++ * change to PERMIT and then shift. */ ++ DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access)); ++ acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7; ++ DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access)); ++ acl_entry_link->entryp->ace_access <<= 6; ++ acl_entry_link_head->count++; ++ break; ++ default: ++ return 0; ++ } ++ ++ DEBUG(10,("acl_entry = %d\n",acl_entry)); ++ DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type)); ++ ++ acl_entry = acl_nxt(acl_entry); ++ } ++ } /* end of if enabled */ ++ ++ /* Since owner, group, other acl entries are not part of the acl ++ * entries in an acl, they must be dummied up to become part of ++ * the list. */ ++ ++ for (i = 1; i < 4; i++) { ++ DEBUG(10,("i is %d\n",i)); ++ if (acl_entry_link_head->count != 0) { ++ acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof (struct acl_entry_link)); ++ if (acl_entry_link->nextp == NULL) { ++ free(file_acl); ++ errno = ENOMEM; ++ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); ++ return NULL; ++ } ++ ++ acl_entry_link->nextp->prevp = acl_entry_link; ++ acl_entry_link = acl_entry_link->nextp; ++ acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry)); ++ if (acl_entry_link->entryp == NULL) { ++ free(file_acl); ++ errno = ENOMEM; ++ DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); ++ return NULL; ++ } ++ } ++ ++ acl_entry_link->nextp = NULL; ++ ++ new_acl_entry = acl_entry_link->entryp; ++ idp = new_acl_entry->ace_id; ++ ++ new_acl_entry->ace_len = sizeof (struct acl_entry); ++ new_acl_entry->ace_type = ACC_PERMIT; ++ idp->id_len = sizeof (struct ace_id); ++ DEBUG(10,("idp->id_len = %d\n",idp->id_len)); ++ memset(idp->id_data,0,sizeof (uid_t)); ++ ++ switch (i) { ++ case 2: ++ new_acl_entry->ace_access = file_acl->g_access << 6; ++ idp->id_type = SMB_ACL_GROUP_OBJ; ++ break; ++ ++ case 3: ++ new_acl_entry->ace_access = file_acl->o_access << 6; ++ idp->id_type = SMB_ACL_OTHER; ++ break; ++ ++ case 1: ++ new_acl_entry->ace_access = file_acl->u_access << 6; ++ idp->id_type = SMB_ACL_USER_OBJ; ++ break; ++ ++ default: ++ return NULL; ++ ++ } ++ ++ acl_entry_link_head->count++; ++ DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access)); ++ } ++ ++ acl_entry_link_head->count = 0; ++ free(file_acl); ++ ++ return acl_entry_link_head; ++} ++ ++ SMB_ACL_T sys_acl_get_fd(int fd) ++{ ++ struct acl *file_acl = (struct acl *)NULL; ++ struct acl_entry *acl_entry; ++ struct new_acl_entry *new_acl_entry; ++ struct ace_id *idp; ++ struct acl_entry_link *acl_entry_link; ++ struct acl_entry_link *acl_entry_link_head; ++ int i; ++ int rc = 0; ++ uid_t user_id; ++ ++ /* Get the acl using fstatacl */ ++ ++ DEBUG(10,("Entering sys_acl_get_fd\n")); ++ DEBUG(10,("fd is %d\n",fd)); ++ file_acl = (struct acl *)malloc(BUFSIZ); ++ ++ if (file_acl == NULL) { ++ errno=ENOMEM; ++ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); ++ return NULL; ++ } ++ ++ memset(file_acl,0,BUFSIZ); ++ ++ rc = fstatacl(fd,0,file_acl,BUFSIZ); ++ if (rc == -1) { ++ DEBUG(0,("The fstatacl call returned %d with errno %d\n",rc,errno)); ++ free(file_acl); ++ return NULL; ++ } ++ ++ DEBUG(10,("Got facl and returned it\n")); ++ ++ /* Point to the first acl entry in the acl */ ++ ++ acl_entry = file_acl->acl_ext; ++ ++ /* Begin setting up the head of the linked list that will be ++ * used for the storing the acl in a way that is useful for the ++ * posix_acls.c code. */ ++ ++ acl_entry_link_head = acl_entry_link = sys_acl_init(0); ++ if (acl_entry_link_head == NULL){ ++ free(file_acl); ++ return NULL; ++ } ++ ++ acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry)); ++ ++ if (acl_entry_link->entryp == NULL) { ++ errno = ENOMEM; ++ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); ++ free(file_acl); ++ return NULL; ++ } ++ ++ DEBUG(10,("acl_entry is %d\n",acl_entry)); ++ DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl))); ++ ++ /* Check if the extended acl bit is on. If it isn't, do not ++ * show the contents of the acl since AIX intends the extended ++ * info to remain unused. */ ++ ++ if (file_acl->acl_mode & S_IXACL){ ++ /* while we are not pointing to the very end */ ++ while (acl_entry < acl_last(file_acl)) { ++ /* before we malloc anything, make sure this is */ ++ /* a valid acl entry and one that we want to map */ ++ ++ idp = id_nxt(acl_entry->ace_id); ++ if ((acl_entry->ace_type == ACC_SPECIFY ++ || acl_entry->ace_type == ACC_PERMIT) ++ && (idp != id_last(acl_entry))) { ++ acl_entry = acl_nxt(acl_entry); ++ continue; ++ } ++ ++ idp = acl_entry->ace_id; ++ ++ /* Check if this is the first entry in the linked list. ++ * The first entry needs to keep prevp pointing to NULL ++ * and already has entryp allocated. */ ++ ++ if (acl_entry_link_head->count != 0) { ++ acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof (struct acl_entry_link)); ++ if (acl_entry_link->nextp == NULL) { ++ errno = ENOMEM; ++ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); ++ free(file_acl); ++ return NULL; ++ } ++ acl_entry_link->nextp->prevp = acl_entry_link; ++ acl_entry_link = acl_entry_link->nextp; ++ acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry)); ++ if (acl_entry_link->entryp == NULL) { ++ errno = ENOMEM; ++ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); ++ free(file_acl); ++ return NULL; ++ } ++ ++ acl_entry_link->nextp = NULL; ++ } ++ ++ acl_entry_link->entryp->ace_len = acl_entry->ace_len; ++ ++ /* Don't really need this since all types are going ++ * to be specified but, it's better than leaving it 0. */ ++ ++ acl_entry_link->entryp->ace_type = acl_entry->ace_type; ++ acl_entry_link->entryp->ace_access = acl_entry->ace_access; ++ ++ memcpy(acl_entry_link->entryp->ace_id, idp, sizeof (struct ace_id)); ++ ++ /* The access in the acl entries must be left shifted by ++ * three bites, because they will ultimately be compared ++ * to S_IRUSR, S_IWUSR, and S_IXUSR. */ ++ ++ switch (acl_entry->ace_type){ ++ case ACC_PERMIT: ++ case ACC_SPECIFY: ++ acl_entry_link->entryp->ace_access = acl_entry->ace_access; ++ acl_entry_link->entryp->ace_access <<= 6; ++ acl_entry_link_head->count++; ++ break; ++ case ACC_DENY: ++ /* Since there is no way to return a DENY acl entry ++ * change to PERMIT and then shift. */ ++ DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access)); ++ acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7; ++ DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access)); ++ acl_entry_link->entryp->ace_access <<= 6; ++ acl_entry_link_head->count++; ++ break; ++ default: ++ return 0; ++ } ++ ++ DEBUG(10,("acl_entry = %d\n",acl_entry)); ++ DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type)); ++ ++ acl_entry = acl_nxt(acl_entry); ++ } ++ } /* end of if enabled */ ++ ++ /* Since owner, group, other acl entries are not ++ * part of the acl entries in an acl, they must ++ * be dummied up to become part of the list. */ ++ ++ for (i = 1; i < 4; i++) { ++ DEBUG(10,("i is %d\n",i)); ++ if (acl_entry_link_head->count != 0){ ++ acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof (struct acl_entry_link)); ++ if (acl_entry_link->nextp == NULL) { ++ errno = ENOMEM; ++ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); ++ free(file_acl); ++ return NULL; ++ } ++ ++ acl_entry_link->nextp->prevp = acl_entry_link; ++ acl_entry_link = acl_entry_link->nextp; ++ acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry)); ++ ++ if (acl_entry_link->entryp == NULL) { ++ free(file_acl); ++ errno = ENOMEM; ++ DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); ++ return NULL; ++ } ++ } ++ ++ acl_entry_link->nextp = NULL; ++ ++ new_acl_entry = acl_entry_link->entryp; ++ idp = new_acl_entry->ace_id; ++ ++ new_acl_entry->ace_len = sizeof (struct acl_entry); ++ new_acl_entry->ace_type = ACC_PERMIT; ++ idp->id_len = sizeof (struct ace_id); ++ DEBUG(10,("idp->id_len = %d\n",idp->id_len)); ++ memset(idp->id_data,0,sizeof (uid_t)); ++ ++ switch (i) { ++ case 2: ++ new_acl_entry->ace_access = file_acl->g_access << 6; ++ idp->id_type = SMB_ACL_GROUP_OBJ; ++ break; ++ ++ case 3: ++ new_acl_entry->ace_access = file_acl->o_access << 6; ++ idp->id_type = SMB_ACL_OTHER; ++ break; ++ ++ case 1: ++ new_acl_entry->ace_access = file_acl->u_access << 6; ++ idp->id_type = SMB_ACL_USER_OBJ; ++ break; ++ ++ default: ++ return NULL; ++ } ++ ++ acl_entry_link_head->count++; ++ DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access)); ++ } ++ ++ acl_entry_link_head->count = 0; ++ free(file_acl); ++ ++ return acl_entry_link_head; ++} ++ ++ int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) ++{ ++ *permset = *permset & ~0777; ++ return 0; ++} ++ ++ int sys_acl_add_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) ++{ ++ if (perm != 0 && (perm & (S_IXUSR | S_IWUSR | S_IRUSR)) == 0) ++ return -1; ++ ++ *permset |= perm; ++ DEBUG(10,("This is the permset now: %d\n",*permset)); ++ return 0; ++} ++ ++ char *sys_acl_to_text(SMB_ACL_T theacl, ssize_t *plen) ++{ ++ return NULL; ++} ++ ++ SMB_ACL_T sys_acl_init(int count) ++{ ++ struct acl_entry_link *theacl = NULL; ++ ++ DEBUG(10,("Entering sys_acl_init\n")); ++ ++ theacl = (struct acl_entry_link *)malloc(sizeof (struct acl_entry_link)); ++ if (theacl == NULL) { ++ errno = ENOMEM; ++ DEBUG(0,("Error in sys_acl_init is %d\n",errno)); ++ return NULL; ++ } ++ ++ theacl->count = 0; ++ theacl->nextp = NULL; ++ theacl->prevp = NULL; ++ theacl->entryp = NULL; ++ DEBUG(10,("Exiting sys_acl_init\n")); ++ return theacl; ++} ++ ++ int sys_acl_create_entry(SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) ++{ ++ struct acl_entry_link *theacl; ++ struct acl_entry_link *acl_entryp; ++ struct acl_entry_link *temp_entry; ++ int counting; ++ ++ DEBUG(10,("Entering the sys_acl_create_entry\n")); ++ ++ theacl = acl_entryp = *pacl; ++ ++ /* Get to the end of the acl before adding entry */ ++ ++ for (counting=0; counting < theacl->count; counting++){ ++ DEBUG(10,("The acl_entryp is %d\n",acl_entryp)); ++ temp_entry = acl_entryp; ++ acl_entryp = acl_entryp->nextp; ++ } ++ ++ if (theacl->count != 0){ ++ temp_entry->nextp = acl_entryp = (struct acl_entry_link *)malloc(sizeof (struct acl_entry_link)); ++ if (acl_entryp == NULL) { ++ errno = ENOMEM; ++ DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno)); ++ return -1; ++ } ++ ++ DEBUG(10,("The acl_entryp is %d\n",acl_entryp)); ++ acl_entryp->prevp = temp_entry; ++ DEBUG(10,("The acl_entryp->prevp is %d\n",acl_entryp->prevp)); ++ } ++ ++ *pentry = acl_entryp->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry)); ++ if (*pentry == NULL) { ++ errno = ENOMEM; ++ DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno)); ++ return -1; ++ } ++ ++ memset(*pentry,0,sizeof (struct new_acl_entry)); ++ acl_entryp->entryp->ace_len = sizeof (struct acl_entry); ++ acl_entryp->entryp->ace_type = ACC_PERMIT; ++ acl_entryp->entryp->ace_id->id_len = sizeof (struct ace_id); ++ acl_entryp->nextp = NULL; ++ theacl->count++; ++ DEBUG(10,("Exiting sys_acl_create_entry\n")); ++ return 0; ++} ++ ++ int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) ++{ ++ DEBUG(10,("Starting AIX sys_acl_set_tag_type\n")); ++ entry->ace_id->id_type = tagtype; ++ DEBUG(10,("The tag type is %d\n",entry->ace_id->id_type)); ++ DEBUG(10,("Ending AIX sys_acl_set_tag_type\n")); ++} ++ ++ int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry, void *qual) ++{ ++ DEBUG(10,("Starting AIX sys_acl_set_qualifier\n")); ++ memcpy(entry->ace_id->id_data,qual,sizeof (uid_t)); ++ DEBUG(10,("Ending AIX sys_acl_set_qualifier\n")); ++ return 0; ++} ++ ++ int sys_acl_set_permset(SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) ++{ ++ DEBUG(10,("Starting AIX sys_acl_set_permset\n")); ++ if (!(*permset & S_IXUSR) ++ && !(*permset & S_IWUSR) ++ && !(*permset & S_IRUSR) ++ && *permset != 0) ++ return -1; ++ ++ entry->ace_access = *permset; ++ DEBUG(10,("entry->ace_access = %d\n",entry->ace_access)); ++ DEBUG(10,("Ending AIX sys_acl_set_permset\n")); ++ return 0; ++} ++ ++ int sys_acl_valid(SMB_ACL_T theacl) ++{ ++ int user_obj = 0; ++ int group_obj = 0; ++ int other_obj = 0; ++ struct acl_entry_link *acl_entry; ++ ++ for (acl_entry=theacl; acl_entry != NULL; acl_entry = acl_entry->nextp) { ++ user_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_USER_OBJ); ++ group_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_GROUP_OBJ); ++ other_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_OTHER); ++ } ++ ++ DEBUG(10,("user_obj=%d, group_obj=%d, other_obj=%d\n",user_obj,group_obj,other_obj)); ++ ++ if (user_obj != 1 || group_obj != 1 || other_obj != 1) ++ return -1; ++ ++ return 0; ++} ++ ++ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) ++{ ++ struct acl_entry_link *acl_entry_link = NULL; ++ struct acl *file_acl = NULL; ++ struct acl *file_acl_temp = NULL; ++ struct acl_entry *acl_entry = NULL; ++ struct ace_id *ace_id = NULL; ++ uint id_type; ++ uint ace_access; ++ uint user_id; ++ uint acl_length; ++ uint rc; ++ ++ DEBUG(10,("Entering sys_acl_set_file\n")); ++ DEBUG(10,("File name is %s\n",name)); ++ ++ /* AIX has no default ACL */ ++ if (acltype == SMB_ACL_TYPE_DEFAULT) ++ return 0; ++ ++ acl_length = BUFSIZ; ++ file_acl = (struct acl *)malloc(BUFSIZ); ++ ++ if (file_acl == NULL) { ++ errno = ENOMEM; ++ DEBUG(0,("Error in sys_acl_set_file is %d\n",errno)); ++ return -1; ++ } ++ ++ memset(file_acl,0,BUFSIZ); ++ ++ file_acl->acl_len = ACL_SIZ; ++ file_acl->acl_mode = S_IXACL; ++ ++ for (acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) { ++ acl_entry_link->entryp->ace_access >>= 6; ++ id_type = acl_entry_link->entryp->ace_id->id_type; ++ ++ switch (id_type) { ++ case SMB_ACL_USER_OBJ: ++ file_acl->u_access = acl_entry_link->entryp->ace_access; ++ continue; ++ case SMB_ACL_GROUP_OBJ: ++ file_acl->g_access = acl_entry_link->entryp->ace_access; ++ continue; ++ case SMB_ACL_OTHER: ++ file_acl->o_access = acl_entry_link->entryp->ace_access; ++ continue; ++ case SMB_ACL_MASK: ++ continue; ++ } ++ ++ if ((file_acl->acl_len + sizeof (struct acl_entry)) > acl_length) { ++ acl_length += sizeof (struct acl_entry); ++ file_acl_temp = (struct acl *)malloc(acl_length); ++ if (file_acl_temp == NULL) { ++ free(file_acl); ++ errno = ENOMEM; ++ DEBUG(0,("Error in sys_acl_set_file is %d\n",errno)); ++ return -1; ++ } ++ ++ memcpy(file_acl_temp,file_acl,file_acl->acl_len); ++ free(file_acl); ++ file_acl = file_acl_temp; ++ } ++ ++ acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len); ++ file_acl->acl_len += sizeof (struct acl_entry); ++ acl_entry->ace_len = acl_entry_link->entryp->ace_len; ++ acl_entry->ace_access = acl_entry_link->entryp->ace_access; ++ ++ /* In order to use this, we'll need to wait until we can get denies */ ++ /* if (!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT) ++ acl_entry->ace_type = ACC_SPECIFY; */ ++ ++ acl_entry->ace_type = ACC_SPECIFY; ++ ++ ace_id = acl_entry->ace_id; ++ ++ ace_id->id_type = acl_entry_link->entryp->ace_id->id_type; ++ DEBUG(10,("The id type is %d\n",ace_id->id_type)); ++ ace_id->id_len = acl_entry_link->entryp->ace_id->id_len; ++ memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof (uid_t)); ++ memcpy(acl_entry->ace_id->id_data, &user_id, sizeof (uid_t)); ++ } ++ ++ rc = chacl((char *)name,file_acl,file_acl->acl_len); ++ DEBUG(10,("errno is %d\n",errno)); ++ DEBUG(10,("return code is %d\n",rc)); ++ free(file_acl); ++ DEBUG(10,("Exiting the sys_acl_set_file\n")); ++ return rc; ++} ++ ++ int sys_acl_set_fd(int fd, SMB_ACL_T theacl) ++{ ++ struct acl_entry_link *acl_entry_link = NULL; ++ struct acl *file_acl = NULL; ++ struct acl *file_acl_temp = NULL; ++ struct acl_entry *acl_entry = NULL; ++ struct ace_id *ace_id = NULL; ++ uint id_type; ++ uint user_id; ++ uint acl_length; ++ uint rc; ++ ++ DEBUG(10,("Entering sys_acl_set_fd\n")); ++ acl_length = BUFSIZ; ++ file_acl = (struct acl *)malloc(BUFSIZ); ++ ++ if (file_acl == NULL) { ++ errno = ENOMEM; ++ DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno)); ++ return -1; ++ } ++ ++ memset(file_acl,0,BUFSIZ); ++ ++ file_acl->acl_len = ACL_SIZ; ++ file_acl->acl_mode = S_IXACL; ++ ++ for (acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) { ++ acl_entry_link->entryp->ace_access >>= 6; ++ id_type = acl_entry_link->entryp->ace_id->id_type; ++ DEBUG(10,("The id_type is %d\n",id_type)); ++ ++ switch (id_type) { ++ case SMB_ACL_USER_OBJ: ++ file_acl->u_access = acl_entry_link->entryp->ace_access; ++ continue; ++ case SMB_ACL_GROUP_OBJ: ++ file_acl->g_access = acl_entry_link->entryp->ace_access; ++ continue; ++ case SMB_ACL_OTHER: ++ file_acl->o_access = acl_entry_link->entryp->ace_access; ++ continue; ++ case SMB_ACL_MASK: ++ continue; ++ } ++ ++ if ((file_acl->acl_len + sizeof (struct acl_entry)) > acl_length) { ++ acl_length += sizeof (struct acl_entry); ++ file_acl_temp = (struct acl *)malloc(acl_length); ++ if (file_acl_temp == NULL) { ++ free(file_acl); ++ errno = ENOMEM; ++ DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno)); ++ return -1; ++ } ++ ++ memcpy(file_acl_temp,file_acl,file_acl->acl_len); ++ free(file_acl); ++ file_acl = file_acl_temp; ++ } ++ ++ acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len); ++ file_acl->acl_len += sizeof (struct acl_entry); ++ acl_entry->ace_len = acl_entry_link->entryp->ace_len; ++ acl_entry->ace_access = acl_entry_link->entryp->ace_access; ++ ++ /* In order to use this, we'll need to wait until we can get denies */ ++ /* if (!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT) ++ acl_entry->ace_type = ACC_SPECIFY; */ ++ ++ acl_entry->ace_type = ACC_SPECIFY; ++ ++ ace_id = acl_entry->ace_id; ++ ++ ace_id->id_type = acl_entry_link->entryp->ace_id->id_type; ++ DEBUG(10,("The id type is %d\n",ace_id->id_type)); ++ ace_id->id_len = acl_entry_link->entryp->ace_id->id_len; ++ memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof (uid_t)); ++ memcpy(ace_id->id_data, &user_id, sizeof (uid_t)); ++ } ++ ++ rc = fchacl(fd,file_acl,file_acl->acl_len); ++ DEBUG(10,("errno is %d\n",errno)); ++ DEBUG(10,("return code is %d\n",rc)); ++ free(file_acl); ++ DEBUG(10,("Exiting sys_acl_set_fd\n")); ++ return rc; ++} ++ ++ int sys_acl_delete_def_file(const char *name) ++{ ++ /* AIX has no default ACL */ ++ return 0; ++} ++ ++ int sys_acl_get_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) ++{ ++ return *permset & perm; ++} ++ ++ int sys_acl_free_text(char *text) ++{ ++ return 0; ++} ++ ++ int sys_acl_free_acl(SMB_ACL_T posix_acl) ++{ ++ struct acl_entry_link *acl_entry_link; ++ ++ for (acl_entry_link = posix_acl->nextp; acl_entry_link->nextp != NULL; acl_entry_link = acl_entry_link->nextp) { ++ free(acl_entry_link->prevp->entryp); ++ free(acl_entry_link->prevp); ++ } ++ ++ free(acl_entry_link->prevp->entryp); ++ free(acl_entry_link->prevp); ++ free(acl_entry_link->entryp); ++ free(acl_entry_link); ++ ++ return 0; ++} ++ ++ int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) ++{ ++ return 0; ++} ++ ++#else /* No ACLs. */ ++ ++ int sys_acl_get_entry(UNUSED(SMB_ACL_T the_acl), UNUSED(int entry_id), UNUSED(SMB_ACL_ENTRY_T *entry_p)) ++{ ++ errno = ENOSYS; ++ return -1; ++} ++ ++ int sys_acl_get_tag_type(UNUSED(SMB_ACL_ENTRY_T entry_d), UNUSED(SMB_ACL_TAG_T *tag_type_p)) ++{ ++ errno = ENOSYS; ++ return -1; ++} ++ ++ int sys_acl_get_permset(UNUSED(SMB_ACL_ENTRY_T entry_d), UNUSED(SMB_ACL_PERMSET_T *permset_p)) ++{ ++ errno = ENOSYS; ++ return -1; ++} ++ ++ void *sys_acl_get_qualifier(UNUSED(SMB_ACL_ENTRY_T entry_d)) ++{ ++ errno = ENOSYS; ++ return NULL; ++} ++ ++ SMB_ACL_T sys_acl_get_file(UNUSED(const char *path_p), UNUSED(SMB_ACL_TYPE_T type)) ++{ ++ errno = ENOSYS; ++ return 0; ++} ++ ++ SMB_ACL_T sys_acl_get_fd(UNUSED(int fd)) ++{ ++ errno = ENOSYS; ++ return 0; ++} ++ ++ int sys_acl_clear_perms(UNUSED(SMB_ACL_PERMSET_T permset)) ++{ ++ errno = ENOSYS; ++ return -1; ++} ++ ++ int sys_acl_add_perm(UNUSED(SMB_ACL_PERMSET_T permset), UNUSED(SMB_ACL_PERM_T perm)) ++{ ++ errno = ENOSYS; ++ return -1; ++} ++ ++ int sys_acl_get_perm(UNUSED(SMB_ACL_PERMSET_T permset), UNUSED(SMB_ACL_PERM_T perm)) ++{ ++ errno = ENOSYS; ++ return permset & perm ? 1 : 0; ++} ++ ++ char *sys_acl_to_text(UNUSED(SMB_ACL_T the_acl), UNUSED(ssize_t *plen)) ++{ ++ errno = ENOSYS; ++ return NULL; ++} ++ ++ int sys_acl_free_text(UNUSED(char *text)) ++{ ++ errno = ENOSYS; ++ return -1; ++} ++ ++ SMB_ACL_T sys_acl_init(UNUSED(int count)) ++{ ++ errno = ENOSYS; ++ return NULL; ++} ++ ++ int sys_acl_create_entry(UNUSED(SMB_ACL_T *pacl), UNUSED(SMB_ACL_ENTRY_T *pentry)) ++{ ++ errno = ENOSYS; ++ return -1; ++} ++ ++ int sys_acl_set_tag_type(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(SMB_ACL_TAG_T tagtype)) ++{ ++ errno = ENOSYS; ++ return -1; ++} ++ ++ int sys_acl_set_qualifier(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(void *qual)) ++{ ++ errno = ENOSYS; ++ return -1; ++} ++ ++ int sys_acl_set_permset(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(SMB_ACL_PERMSET_T permset)) ++{ ++ errno = ENOSYS; ++ return -1; ++} ++ ++ int sys_acl_valid(UNUSED(SMB_ACL_T theacl)) ++{ ++ errno = ENOSYS; ++ return -1; ++} ++ ++ int sys_acl_set_file(UNUSED(const char *name), UNUSED(SMB_ACL_TYPE_T acltype), UNUSED(SMB_ACL_T theacl)) ++{ ++ errno = ENOSYS; ++ return -1; ++} ++ ++ int sys_acl_set_fd(UNUSED(int fd), UNUSED(SMB_ACL_T theacl)) ++{ ++ errno = ENOSYS; ++ return -1; ++} ++ ++ int sys_acl_delete_def_file(UNUSED(const char *name)) ++{ ++ errno = ENOSYS; ++ return -1; ++} ++ ++ int sys_acl_free_acl(UNUSED(SMB_ACL_T the_acl)) ++{ ++ errno = ENOSYS; ++ return -1; ++} ++ ++ int sys_acl_free_qualifier(UNUSED(void *qual), UNUSED(SMB_ACL_TAG_T tagtype)) ++{ ++ errno = ENOSYS; ++ return -1; ++} ++ ++#endif /* No ACLs. */ +--- uidlist.c 28 Apr 2004 17:31:31 -0000 1.24 ++++ uidlist.c 13 May 2004 17:58:47 -0000 +@@ -34,6 +34,7 @@ + extern int verbose; + extern int preserve_uid; + extern int preserve_gid; ++extern int preserve_acls; + extern int numeric_ids; + extern int am_root; + +@@ -274,7 +275,7 @@ void send_uid_list(int f) + if (numeric_ids) + return; + +- if (preserve_uid) { ++ if (preserve_uid || preserve_acls) { + int len; + /* we send sequences of uid/byte-length/name */ + for (list = uidlist; list; list = list->next) { +@@ -291,7 +292,7 @@ void send_uid_list(int f) + write_int(f, 0); + } + +- if (preserve_gid) { ++ if (preserve_gid || preserve_acls) { + int len; + for (list = gidlist; list; list = list->next) { + if (!list->name) +@@ -312,7 +313,7 @@ void recv_uid_list(int f, struct file_li + int id, i; + char *name; + +- if (preserve_uid && !numeric_ids) { ++ if ((preserve_uid || preserve_acls) && !numeric_ids) { + /* read the uid list */ + while ((id = read_int(f)) != 0) { + int len = read_byte(f); +@@ -325,7 +326,7 @@ void recv_uid_list(int f, struct file_li + } + + +- if (preserve_gid && !numeric_ids) { ++ if ((preserve_gid || preserve_acls) && !numeric_ids) { + /* read the gid list */ + while ((id = read_int(f)) != 0) { + int len = read_byte(f); +@@ -336,6 +337,18 @@ void recv_uid_list(int f, struct file_li + recv_add_gid(id, name); /* node keeps name's memory */ + } + } ++ ++#if SUPPORT_ACLS ++ if (preserve_acls && !numeric_ids) { ++ id_t id; ++ /* the enumerations don't return 0 except to flag the last ++ * entry, since uidlist doesn't munge 0 anyway */ ++ while ((id = next_acl_uid(flist))) ++ acl_uid_map(match_uid(id)); ++ while ((id = next_acl_gid(flist))) ++ acl_gid_map(match_gid(id)); ++ } ++#endif /* SUPPORT_ACLS */ + + /* now convert the uid/gid of all files in the list to the mapped + * uid/gid */