./configure --enable-acl-support
make
-The program currently complains when the --acls (-A) option is used to copy
-from a disk that doesn't support ACLs. This should be changed to silently
-notice that no ACLs are available to copy. Of course, trying to write out
-ACLs to a non-ACL-supporting disk should complain.
+See the --acls (-A) option in the revised man page for a note on using this
+latest ACL-enabling patch to send files to an older ACL-enabled rsync.
+
+TODO items:
+
+- The -i option does not yet itemize changes in ACL information.
+
+- The --link-dest option might link together two files that differ just
+ in their ACL info, and if that happens the file in the --link-dest dir
+ would get its ACLs updated.
--- old/Makefile.in
+++ new/Makefile.in
popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \
--- old/acls.c
+++ new/acls.c
-@@ -0,0 +1,1202 @@
-+/* -*- c-file-style: "linux" -*-
-+ Copyright (C) Andrew Tridgell 1996
-+ Copyright (C) Paul Mackerras 1996
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 2 of the License, or
-+ (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program; if not, write to the Free Software
-+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+*/
-+
-+/* handle passing ACLs between systems */
+@@ -0,0 +1,1308 @@
++/*
++ * Handle passing Access Control Lists between systems.
++ *
++ * Copyright (C) 1996 Andrew Tridgell
++ * Copyright (C) 1996 Paul Mackerras
++ * Copyright (C) 2006 Wayne Davison
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or
++ * (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License along
++ * with this program; if not, write to the Free Software Foundation, Inc.,
++ * 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
++ */
+
+#include "rsync.h"
+#include "lib/sysacls.h"
+
+#ifdef SUPPORT_ACLS
+
-+extern int preserve_acls;
+extern int am_root;
+extern int dry_run;
+extern int orig_umask;
++extern int preserve_acls;
+
+typedef struct {
+ id_t id;
+ uchar access;
-+ SMB_ACL_TAG_T tag_type;
-+} rsync_ace;
++} id_access;
+
+typedef struct {
+ size_t count;
+ size_t malloced;
-+ rsync_ace *races;
++ id_access *idas;
++} ida_list;
++
++#define ACL_NO_ENTRY ((uchar)0x80)
++typedef struct {
++ ida_list users;
++ ida_list groups;
++ /* These will be ACL_NO_ENTRY if there's no such entry. */
++ uchar user_obj;
++ uchar group_obj;
++ uchar mask;
++ uchar other;
+} rsync_acl;
+
-+static const rsync_acl rsync_acl_initializer = { 0, 0, NULL };
++static const rsync_acl empty_rsync_acl = {
++ {0, 0, NULL}, {0, 0, NULL},
++ ACL_NO_ENTRY, ACL_NO_ENTRY, ACL_NO_ENTRY, ACL_NO_ENTRY
++};
++
++#define OTHER_TYPE(t) (SMB_ACL_TYPE_ACCESS+SMB_ACL_TYPE_DEFAULT-(t))
++#define BUMP_TYPE(t) ((t = OTHER_TYPE(t)) == SMB_ACL_TYPE_DEFAULT)
++
++/* a few useful calculations */
++
++static int count_racl_entries(const rsync_acl *racl)
++{
++ return racl->users.count + racl->groups.count
++ + (racl->user_obj != ACL_NO_ENTRY)
++ + (racl->group_obj != ACL_NO_ENTRY)
++ + (racl->mask != ACL_NO_ENTRY)
++ + (racl->other != ACL_NO_ENTRY);
++}
++
++static int calc_sacl_entries(const rsync_acl *racl)
++{
++ return racl->users.count + racl->groups.count
++#ifdef ACLS_NEED_MASK
++ + 4;
++#else
++ + (racl->mask != ACL_NO_ENTRY) + 3;
++#endif
++}
++
++/* This cannot be called on an rsync_acl that has ACL_NO_ENTRY in any
++ * spot but the mask. */
++static int rsync_acl_get_perms(const rsync_acl *racl)
++{
++ return (racl->user_obj << 6)
++ + ((racl->mask != ACL_NO_ENTRY ? racl->mask : racl->group_obj) << 3)
++ + racl->other;
++}
++
++static void rsync_acl_strip_perms(rsync_acl *racl)
++{
++ racl->user_obj = ACL_NO_ENTRY;
++ if (racl->mask == ACL_NO_ENTRY)
++ racl->group_obj = ACL_NO_ENTRY;
++ else
++ racl->mask = ACL_NO_ENTRY;
++ racl->other = ACL_NO_ENTRY;
++}
+
-+static void expand_rsync_acl(rsync_acl *racl)
++static void expand_ida_list(ida_list *idal)
+{
-+ /* First time through, 0 <= 0, so list is expanded.
-+ * (Diabolical, rsync guys!) */
-+ if (racl->malloced <= racl->count) {
-+ rsync_ace *new_ptr;
-+ size_t new_size = racl->malloced + 10;
-+ new_ptr = realloc_array(racl->races, rsync_ace, new_size);
++ /* First time through, 0 <= 0, so list is expanded. */
++ if (idal->malloced <= idal->count) {
++ id_access *new_ptr;
++ size_t new_size = idal->malloced + 10;
++ new_ptr = realloc_array(idal->idas, id_access, new_size);
+ if (verbose >= 4) {
+ rprintf(FINFO, "expand rsync_acl to %.0f bytes, did%s move\n",
-+ (double) new_size * sizeof racl->races[0],
-+ racl->races ? "" : " not");
++ (double) new_size * sizeof idal->idas[0],
++ idal->idas ? "" : " not");
+ }
+
-+ racl->races = new_ptr;
-+ racl->malloced = new_size;
++ idal->idas = new_ptr;
++ idal->malloced = new_size;
+
-+ if (!racl->races)
-+ out_of_memory("expand_rsync_acl");
++ if (!idal->idas)
++ out_of_memory("expand_ida_list");
+ }
+}
+
+static void rsync_acl_free(rsync_acl *racl)
+{
-+ free(racl->races);
-+ racl->races = NULL;
-+ racl->count = 0;
-+ racl->malloced = 0;
++ if (racl->users.idas)
++ free(racl->users.idas);
++ if (racl->groups.idas)
++ free(racl->groups.idas);
++ *racl = empty_rsync_acl;
+}
+
-+static int rsync_ace_sorter(const void *r1, const void *r2)
++static int id_access_sorter(const void *r1, const void *r2)
+{
-+ rsync_ace *race1 = (rsync_ace *)r1;
-+ SMB_ACL_TAG_T rtag1 = race1->tag_type;
-+ id_t rid1 = race1->id;
-+ rsync_ace *race2 = (rsync_ace *)r2;
-+ SMB_ACL_TAG_T rtag2 = race2->tag_type;
-+ id_t rid2 = race2->id;
-+ /* start at the extrema */
-+ if (rtag1 == SMB_ACL_USER_OBJ || rtag2 == SMB_ACL_MASK)
-+ return -1;
-+ if (rtag2 == SMB_ACL_USER_OBJ || rtag1 == SMB_ACL_MASK)
-+ return 1;
-+ /* work inwards */
-+ if (rtag1 == SMB_ACL_OTHER)
-+ return 1;
-+ if (rtag2 == SMB_ACL_OTHER)
-+ return -1;
-+ /* only SMB_ACL_USERs and SMB_ACL_GROUP*s left */
-+ if (rtag1 == SMB_ACL_USER) {
-+ switch (rtag2) {
-+ case SMB_ACL_GROUP:
-+ case SMB_ACL_GROUP_OBJ:
-+ case SMB_ACL_OTHER:
-+ return -1;
-+ }
-+ /* both USER */
-+ return rid1 == rid2 ? 0 : rid1 < rid2 ? -1 : 1;
-+ }
-+ if (rtag2 == SMB_ACL_USER)
-+ return 1;
-+ /* only SMB_ACL_GROUP*s to worry about; kick out GROUP_OBJs first */
-+ if (rtag1 == SMB_ACL_GROUP_OBJ)
-+ return -1;
-+ if (rtag2 == SMB_ACL_GROUP_OBJ)
-+ return 1;
-+ /* only SMB_ACL_GROUPs left */
++ id_access *ida1 = (id_access *)r1;
++ id_access *ida2 = (id_access *)r2;
++ id_t rid1 = ida1->id, rid2 = ida2->id;
+ return rid1 == rid2 ? 0 : rid1 < rid2 ? -1 : 1;
+}
+
-+static void sort_rsync_acl(rsync_acl *racl)
++static void sort_ida_list(ida_list *idal)
+{
-+ if (!racl->count)
++ if (!idal->count)
+ return;
-+ qsort((void **)racl->races, racl->count, sizeof racl->races[0],
-+ &rsync_ace_sorter);
++ qsort((void **)idal->idas, idal->count, sizeof idal->idas[0],
++ &id_access_sorter);
+}
+
+static BOOL unpack_smb_acl(rsync_acl *racl, SMB_ACL_T sacl)
+{
+ SMB_ACL_ENTRY_T entry;
-+ int rc;
+ const char *errfun;
-+ *racl = rsync_acl_initializer;
++ int rc;
++
++ *racl = empty_rsync_acl;
+ errfun = "sys_acl_get_entry";
+ for (rc = sys_acl_get_entry(sacl, SMB_ACL_FIRST_ENTRY, &entry);
+ rc == 1;
+ rc = sys_acl_get_entry(sacl, SMB_ACL_NEXT_ENTRY, &entry)) {
++ SMB_ACL_TAG_T tag_type;
+ SMB_ACL_PERMSET_T permset;
++ uchar access;
+ void *qualifier;
-+ rsync_ace *race;
-+ expand_rsync_acl(racl);
-+ race = &racl->races[racl->count++];
-+ if ((rc = sys_acl_get_tag_type(entry, &race->tag_type))) {
++ id_access *ida;
++ ida_list *idal;
++ if ((rc = sys_acl_get_tag_type(entry, &tag_type))) {
+ errfun = "sys_acl_get_tag_type";
+ break;
+ }
+ errfun = "sys_acl_get_tag_type";
+ break;
+ }
-+ race->access = (sys_acl_get_perm(permset, SMB_ACL_READ) ? 4 : 0)
-+ | (sys_acl_get_perm(permset, SMB_ACL_WRITE) ? 2 : 0)
-+ | (sys_acl_get_perm(permset, SMB_ACL_EXECUTE) ? 1 : 0);
-+ switch (race->tag_type) {
++ access = (sys_acl_get_perm(permset, SMB_ACL_READ) ? 4 : 0)
++ | (sys_acl_get_perm(permset, SMB_ACL_WRITE) ? 2 : 0)
++ | (sys_acl_get_perm(permset, SMB_ACL_EXECUTE) ? 1 : 0);
++ /* continue == done with entry; break == store in given idal */
++ switch (tag_type) {
++ case SMB_ACL_USER_OBJ:
++ if (racl->user_obj == ACL_NO_ENTRY)
++ racl->user_obj = access;
++ else
++ rprintf(FINFO, "unpack_smb_acl: warning: duplicate USER_OBJ entry ignored\n");
++ continue;
+ case SMB_ACL_USER:
++ idal = &racl->users;
++ break;
++ case SMB_ACL_GROUP_OBJ:
++ if (racl->group_obj == ACL_NO_ENTRY)
++ racl->group_obj = access;
++ else
++ rprintf(FINFO, "unpack_smb_acl: warning: duplicate GROUP_OBJ entry ignored\n");
++ continue;
+ case SMB_ACL_GROUP:
++ idal = &racl->groups;
+ break;
++ case SMB_ACL_MASK:
++ if (racl->mask == ACL_NO_ENTRY)
++ racl->mask = access;
++ else
++ rprintf(FINFO, "unpack_smb_acl: warning: duplicate MASK entry ignored\n");
++ continue;
++ case SMB_ACL_OTHER:
++ if (racl->other == ACL_NO_ENTRY)
++ racl->other = access;
++ else
++ rprintf(FINFO, "unpack_smb_acl: warning: duplicate OTHER entry ignored\n");
++ continue;
+ default:
++ rprintf(FINFO, "unpack_smb_acl: warning: entry with unrecognized tag type ignored\n");
+ continue;
+ }
+ if (!(qualifier = sys_acl_get_qualifier(entry))) {
+ rc = EINVAL;
+ break;
+ }
-+ race->id = *((id_t *)qualifier);
-+ sys_acl_free_qualifier(qualifier, race->tag_type);
++ expand_ida_list(idal);
++ ida = &idal->idas[idal->count++];
++ ida->id = *((id_t *)qualifier);
++ ida->access = access;
++ sys_acl_free_qualifier(qualifier, tag_type);
+ }
+ if (rc) {
+ rprintf(FERROR, "unpack_smb_acl: %s(): %s\n",
+ rsync_acl_free(racl);
+ return False;
+ }
-+ sort_rsync_acl(racl);
++
++ sort_ida_list(&racl->users);
++ sort_ida_list(&racl->groups);
++
++#ifdef ACLS_NEED_MASK
++ if (!racl->users.count && !racl->groups.count) {
++ /* Throw away a superfluous mask, but mask off the
++ * group perms with it first. */
++ racl->group_obj &= racl->mask;
++ racl->mask = ACL_NO_ENTRY;
++ }
++#endif
++
+ return True;
+}
+
-+static BOOL rsync_acls_equal(const rsync_acl *racl1, const rsync_acl *racl2)
++static BOOL ida_lists_equal(const ida_list *ial1, const ida_list *ial2)
+{
-+ rsync_ace *race1, *race2;
-+ size_t count = racl1->count;
-+ if (count != racl2->count)
++ id_access *ida1, *ida2;
++ size_t count = ial1->count;
++ if (count != ial2->count)
+ return False;
-+ race1 = racl1->races;
-+ race2 = racl2->races;
-+ for (; count--; race1++, race2++) {
-+ if (race1->tag_type != race2->tag_type
-+ || race1->access != race2->access
-+ || ((race1->tag_type == SMB_ACL_USER
-+ || race1->tag_type == SMB_ACL_GROUP)
-+ && race1->id != race2->id))
++ ida1 = ial1->idas;
++ ida2 = ial2->idas;
++ for (; count--; ida1++, ida2++) {
++ if (ida1->access != ida2->access || ida1->id != ida2->id)
+ return False;
+ }
+ return True;
+}
+
++static BOOL rsync_acls_equal(const rsync_acl *racl1, const rsync_acl *racl2)
++{
++ return (racl1->user_obj == racl2->user_obj
++ && racl1->group_obj == racl2->group_obj
++ && racl1->mask == racl2->mask
++ && racl1->other == racl2->other
++ && ida_lists_equal(&racl1->users, &racl2->users)
++ && ida_lists_equal(&racl1->groups, &racl2->groups));
++}
++
++/* The first parameter will always be a fully-populated rsync_acl.
++ * The second parameter will usually be a condensed rsync_acl, which means
++ * that it might have several of its access objects set to ACL_NO_ENTRY. */
++static BOOL rsync_acl_extended_parts_equal(const rsync_acl *racl1,
++ const rsync_acl *racl2, mode_t m)
++{
++ /* We ignore any differences that chmod() can take care of. */
++ if ((racl1->mask ^ racl2->mask) & ACL_NO_ENTRY)
++ return False;
++ if (racl1->mask != ACL_NO_ENTRY) {
++ /* A condensed rsync_acl with a mask can only have no
++ * group_obj when it was identical to the mask. This
++ * means that it was also identical to the group attrs
++ * from the mode. */
++ if (racl2->group_obj == ACL_NO_ENTRY) {
++ if (racl1->group_obj != ((m >> 3) & 7))
++ return False;
++ } else if (racl1->group_obj != racl2->group_obj)
++ return False;
++ }
++ return ida_lists_equal(&racl1->users, &racl2->users)
++ && ida_lists_equal(&racl1->groups, &racl2->groups);
++}
++
+typedef struct {
+ size_t count;
+ size_t malloced;
+
+static inline rsync_acl_list *rsync_acl_lists(SMB_ACL_TYPE_T type)
+{
-+ return type == SMB_ACL_TYPE_ACCESS ? &_rsync_acl_lists[0]
-+ : &_rsync_acl_lists[1];
++ return &_rsync_acl_lists[type != SMB_ACL_TYPE_ACCESS];
+}
+
+static void expand_rsync_acl_list(rsync_acl_list *racl_list)
+{
-+ /* First time through, 0 <= 0, so list is expanded.
-+ * (Diabolical, rsync guys!) */
++ /* First time through, 0 <= 0, so list is expanded. */
+ if (racl_list->malloced <= racl_list->count) {
+ rsync_acl *new_ptr;
+ size_t new_size;
+ }
+}
+
-+#if 0
-+static void free_rsync_acl_list(rsync_acl_list *racl_list)
-+{
-+ /* Run this in reverse, so references are freed before referents,
-+ * although not currently necessary. */
-+ while (racl_list->count--) {
-+ rsync_acl *racl = &racl_list->racls[racl_list->count];
-+ if (racl)
-+ rsync_acl_free(racl);
-+ }
-+ free(racl_list->racls);
-+ racl_list->racls = NULL;
-+ racl_list->malloced = 0;
-+}
-+#endif
-+
+static int find_matching_rsync_acl(SMB_ACL_TYPE_T type,
+ const rsync_acl_list *racl_list,
+ const rsync_acl *racl)
+{
+ static int access_match = -1, default_match = -1;
-+ int *match = (type == SMB_ACL_TYPE_ACCESS) ?
-+ &access_match : &default_match;
++ int *match = type == SMB_ACL_TYPE_ACCESS ? &access_match : &default_match;
+ size_t count = racl_list->count;
++
+ /* If this is the first time through or we didn't match the last
+ * time, then start at the end of the list, which should be the
+ * best place to start hunting. */
+ if (!(*match)--)
+ *match = racl_list->count - 1;
+ }
++
+ *match = -1;
+ return *match;
+}
+ * lowercase in this instance means there's no ACL following, so the
+ * ACL is a repeat, so the receiver should reuse the last of the same
+ * type ACL. */
++static void send_ida_list(int f, const ida_list *idal, char tag_char)
++{
++ id_access *ida;
++ size_t count = idal->count;
++ for (ida = idal->idas; count--; ida++) {
++ write_byte(f, tag_char);
++ write_byte(f, ida->access);
++ write_int(f, ida->id);
++ /* FIXME: sorta wasteful: we should maybe buffer as
++ * many ids as max(ACL_USER + ACL_GROUP) objects to
++ * keep from making so many calls. */
++ if (tag_char == 'U')
++ add_uid(ida->id);
++ else
++ add_gid(ida->id);
++ }
++}
+
+static void send_rsync_acl(int f, const rsync_acl *racl)
+{
-+ rsync_ace *race;
-+ size_t count = racl->count;
++ size_t count = count_racl_entries(racl);
+ write_int(f, count);
-+ for (race = racl->races; count--; race++) {
-+ char ch;
-+ switch (race->tag_type) {
-+ case SMB_ACL_USER_OBJ:
-+ ch = 'u';
-+ break;
-+ case SMB_ACL_USER:
-+ ch = 'U';
-+ break;
-+ case SMB_ACL_GROUP_OBJ:
-+ ch = 'g';
-+ break;
-+ case SMB_ACL_GROUP:
-+ ch = 'G';
-+ break;
-+ case SMB_ACL_OTHER:
-+ ch = 'o';
-+ break;
-+ case SMB_ACL_MASK:
-+ ch = 'm';
-+ break;
-+ default:
-+ rprintf(FERROR,
-+ "send_rsync_acl: unknown tag_type (%0x) on ACE; disregarding\n",
-+ race->tag_type);
-+ continue;
-+ }
-+ write_byte(f, ch);
-+ write_byte(f, race->access);
-+ if (isupper((int)ch)) {
-+ write_int(f, race->id);
-+ /* FIXME: sorta wasteful: we should maybe buffer as
-+ * many ids as max(ACL_USER + ACL_GROUP) objects to
-+ * keep from making so many calls. */
-+ if (ch == 'U')
-+ add_uid(race->id);
-+ else
-+ add_gid(race->id);
-+ }
++ if (racl->user_obj != ACL_NO_ENTRY) {
++ write_byte(f, 'u');
++ write_byte(f, racl->user_obj);
++ }
++ send_ida_list(f, &racl->users, 'U');
++ if (racl->group_obj != ACL_NO_ENTRY) {
++ write_byte(f, 'g');
++ write_byte(f, racl->group_obj);
++ }
++ send_ida_list(f, &racl->groups, 'G');
++ if (racl->mask != ACL_NO_ENTRY) {
++ write_byte(f, 'm');
++ write_byte(f, racl->mask);
++ }
++ if (racl->other != ACL_NO_ENTRY) {
++ write_byte(f, 'o');
++ write_byte(f, racl->other);
+ }
+}
+
+static rsync_acl _curr_rsync_acls[2];
+
-+
+static const char *str_acl_type(SMB_ACL_TYPE_T type)
+{
-+ return type == SMB_ACL_TYPE_ACCESS ? "SMB_ACL_TYPE_ACCESS" :
-+ type == SMB_ACL_TYPE_DEFAULT ? "SMB_ACL_TYPE_DEFAULT" :
-+ "unknown SMB_ACL_TYPE_T";
++ return type == SMB_ACL_TYPE_ACCESS ? "SMB_ACL_TYPE_ACCESS"
++ : type == SMB_ACL_TYPE_DEFAULT ? "SMB_ACL_TYPE_DEFAULT"
++ : "unknown SMB_ACL_TYPE_T";
+}
+
+/* Generate the ACL(s) for this flist entry;
+ * ACL(s) are either sent or cleaned-up by send_acl() below. */
-+
+int make_acl(const struct file_struct *file, const char *fname)
+{
-+ SMB_ACL_TYPE_T *type,
-+ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
++ SMB_ACL_TYPE_T type;
+ rsync_acl *curr_racl;
-+ if (!preserve_acls || S_ISLNK(file->mode))
++
++ if (S_ISLNK(file->mode))
+ return 1;
-+ for (type = &types[0], curr_racl = &_curr_rsync_acls[0];
-+ type < &types[0] + sizeof types / sizeof types[0]
-+ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode));
-+ type++, curr_racl++) {
++
++ curr_racl = &_curr_rsync_acls[0];
++ type = SMB_ACL_TYPE_ACCESS;
++ do {
+ SMB_ACL_T sacl;
+ BOOL ok;
-+ *curr_racl = rsync_acl_initializer;
-+ if (!(sacl = sys_acl_get_file(fname, *type))) {
++ if ((sacl = sys_acl_get_file(fname, type)) != 0) {
++ ok = unpack_smb_acl(curr_racl, sacl);
++ sys_acl_free_acl(sacl);
++ if (!ok)
++ return -1;
++ /* Avoid sending a redundant group/mask value. */
++ if (curr_racl->group_obj == curr_racl->mask
++ && (preserve_acls == 1
++ || (!curr_racl->users.count
++ && !curr_racl->groups.count)))
++ curr_racl->mask = ACL_NO_ENTRY;
++ /* Strip access ACLs of permission-bit entries. */
++ if (type == SMB_ACL_TYPE_ACCESS && preserve_acls == 1)
++ rsync_acl_strip_perms(curr_racl);
++ } else if (errno == ENOTSUP) {
++ /* ACLs are not supported. Leave list empty. */
++ *curr_racl = empty_rsync_acl;
++ } else {
+ rprintf(FERROR, "send_acl: sys_acl_get_file(%s, %s): %s\n",
-+ fname, str_acl_type(*type), strerror(errno));
++ fname, str_acl_type(type), strerror(errno));
+ return -1;
+ }
-+ ok = unpack_smb_acl(curr_racl, sacl);
-+ sys_acl_free_acl(sacl);
-+ if (!ok)
-+ return -1;
-+ }
++ curr_racl++;
++ } while (BUMP_TYPE(type) && S_ISDIR(file->mode));
++
+ return 0;
+}
+
+/* Send the make_acl()-generated ACLs for this flist entry,
+ * or clean up after an flist entry that's not being sent (f == -1). */
-+
+void send_acl(const struct file_struct *file, int f)
+{
-+ SMB_ACL_TYPE_T *type,
-+ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
++ SMB_ACL_TYPE_T type;
+ rsync_acl *curr_racl;
-+ if (!preserve_acls || S_ISLNK(file->mode))
++
++ if (S_ISLNK(file->mode))
+ return;
-+ for (type = &types[0], curr_racl = &_curr_rsync_acls[0];
-+ type < &types[0] + sizeof types / sizeof types[0]
-+ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode));
-+ type++, curr_racl++) {
++
++ curr_racl = &_curr_rsync_acls[0];
++ type = SMB_ACL_TYPE_ACCESS;
++ do {
+ int index;
-+ rsync_acl_list *racl_list = rsync_acl_lists(*type);
++ rsync_acl_list *racl_list = rsync_acl_lists(type);
+ if (f == -1) {
-+ rsync_acl_free(curr_racl);
++ rsync_acl_free(curr_racl++);
+ continue;
+ }
-+ if ((index = find_matching_rsync_acl(*type, racl_list, curr_racl))
++ if ((index = find_matching_rsync_acl(type, racl_list, curr_racl))
+ != -1) {
-+ write_byte(f, *type == SMB_ACL_TYPE_ACCESS ? 'a' : 'd');
++ write_byte(f, type == SMB_ACL_TYPE_ACCESS ? 'a' : 'd');
+ write_int(f, index);
+ rsync_acl_free(curr_racl);
+ } else {
-+ write_byte(f, *type == SMB_ACL_TYPE_ACCESS ? 'A' : 'D');
++ write_byte(f, type == SMB_ACL_TYPE_ACCESS ? 'A' : 'D');
+ send_rsync_acl(f, curr_racl);
+ expand_rsync_acl_list(racl_list);
+ racl_list->racls[racl_list->count++] = *curr_racl;
+ }
-+ }
++ curr_racl++;
++ } while (BUMP_TYPE(type) && S_ISDIR(file->mode));
+}
+
+/* The below stuff is only used by the receiver: */
+typedef struct {
+ size_t count;
+ size_t malloced;
-+ file_acl_index *fileaclidxs;
++ file_acl_index *fais;
+} file_acl_index_list;
+
+static file_acl_index_list _file_acl_index_lists[] = {
-+ {0, 0, NULL },/* SMB_ACL_TYPE_ACCESS */
-+ {0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */
++ {0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */
++ {0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */
+};
+
+static inline file_acl_index_list *file_acl_index_lists(SMB_ACL_TYPE_T type)
+{
-+ return type == SMB_ACL_TYPE_ACCESS ?
-+ &_file_acl_index_lists[0] : &_file_acl_index_lists[1];
++ return &_file_acl_index_lists[type != SMB_ACL_TYPE_ACCESS];
+}
+
-+static void expand_file_acl_index_list(file_acl_index_list *fileaclidx_list)
++static void expand_file_acl_index_list(file_acl_index_list *flst)
+{
-+ /* First time through, 0 <= 0, so list is expanded.
-+ * (Diabolical, rsync guys!) */
-+ if (fileaclidx_list->malloced <= fileaclidx_list->count) {
++ /* First time through, 0 <= 0, so list is expanded. */
++ if (flst->malloced <= flst->count) {
+ file_acl_index *new_ptr;
+ size_t new_size;
-+ if (fileaclidx_list->malloced < 1000)
-+ new_size = fileaclidx_list->malloced + 1000;
++
++ if (flst->malloced < 1000)
++ new_size = flst->malloced + 1000;
+ else
-+ new_size = fileaclidx_list->malloced * 2;
-+ new_ptr = realloc_array(fileaclidx_list->fileaclidxs, file_acl_index, new_size);
++ new_size = flst->malloced * 2;
++ new_ptr = realloc_array(flst->fais, file_acl_index, new_size);
+ if (verbose >= 3) {
+ rprintf(FINFO, "expand_file_acl_index_list to %.0f bytes, did%s move\n",
-+ (double) new_size * sizeof fileaclidx_list->fileaclidxs[0],
-+ fileaclidx_list->fileaclidxs ? "" : " not");
++ (double) new_size * sizeof flst->fais[0],
++ flst->fais ? "" : " not");
+ }
+
-+ fileaclidx_list->fileaclidxs = new_ptr;
-+ fileaclidx_list->malloced = new_size;
++ flst->fais = new_ptr;
++ flst->malloced = new_size;
+
-+ if (!fileaclidx_list->fileaclidxs)
++ if (!flst->fais)
+ out_of_memory("expand_file_acl_index_list");
+ }
+}
+
-+#if 0
-+static void free_file_acl_index_list(file_acl_index_list *fileaclidx_list)
-+{
-+ free(fileaclidx_list->fileaclidxs);
-+ fileaclidx_list->fileaclidxs = NULL;
-+ fileaclidx_list->malloced = 0;
-+}
-+#endif
-+
+/* lists to hold the SMB_ACL_Ts corresponding to the rsync_acl_list entries */
+
+typedef struct {
+
+static inline smb_acl_list *smb_acl_lists(SMB_ACL_TYPE_T type)
+{
-+ return type == SMB_ACL_TYPE_ACCESS ? &_smb_acl_lists[0] :
-+ &_smb_acl_lists[1];
++ return &_smb_acl_lists[type != SMB_ACL_TYPE_ACCESS];
+}
+
+static void expand_smb_acl_list(smb_acl_list *sacl_list)
+{
-+ /* First time through, 0 <= 0, so list is expanded.
-+ * (Diabolical, rsync guys!) */
++ /* First time through, 0 <= 0, so list is expanded. */
+ if (sacl_list->malloced <= sacl_list->count) {
+ SMB_ACL_T *new_ptr;
+ size_t new_size;
+ }
+}
+
-+#if 0
-+static void free_smb_acl_list(SMB_ACL_TYPE_T type)
++#define CALL_OR_ERROR(func,args,str) \
++ do { \
++ if (func args) { \
++ errfun = str; \
++ goto error_exit; \
++ } \
++ } while (0)
++
++#define COE(func,args) CALL_OR_ERROR(func,args,#func)
++#define COE2(func,args) CALL_OR_ERROR(func,args,NULL)
++
++static int store_access_in_entry(uchar access, SMB_ACL_ENTRY_T entry)
+{
-+ smb_acl_list *sacl_list = smb_acl_lists(type);
-+ SMB_ACL_T *sacl = sacl_list->sacls;
-+ while (sacl_list->count--) {
-+ if (*sacl)
-+ sys_acl_free_acl(*sacl++);
-+ }
-+ free(sacl_list->sacls);
-+ sacl_list->sacls = NULL;
-+ sacl_list->malloced = 0;
++ const char *errfun = NULL;
++ SMB_ACL_PERMSET_T permset;
++
++ COE( sys_acl_get_permset,(entry, &permset) );
++ COE( sys_acl_clear_perms,(permset) );
++ if (access & 4)
++ COE( sys_acl_add_perm,(permset, SMB_ACL_READ) );
++ if (access & 2)
++ COE( sys_acl_add_perm,(permset, SMB_ACL_WRITE) );
++ if (access & 1)
++ COE( sys_acl_add_perm,(permset, SMB_ACL_EXECUTE) );
++ COE( sys_acl_set_permset,(entry, permset) );
++
++ return 0;
++
++ error_exit:
++ rprintf(FERROR, "store_access_in_entry %s(): %s\n", errfun,
++ strerror(errno));
++ return -1;
+}
-+#endif
+
+/* build an SMB_ACL_T corresponding to an rsync_acl */
+static BOOL pack_smb_acl(SMB_ACL_T *smb_acl, const rsync_acl *racl)
+{
-+ size_t count = racl->count;
-+ rsync_ace *race = racl->races;
++#ifdef ACLS_NEED_MASK
++ uchar mask_bits;
++#endif
++ size_t count;
++ id_access *ida;
+ const char *errfun = NULL;
-+ *smb_acl = sys_acl_init(count);
-+ if (!*smb_acl) {
-+ rprintf(FERROR, "pack_smb_acl: sys_acl_int(): %s\n",
++ SMB_ACL_ENTRY_T entry;
++
++ if (!(*smb_acl = sys_acl_init(calc_sacl_entries(racl)))) {
++ rprintf(FERROR, "pack_smb_acl: sys_acl_init(): %s\n",
+ strerror(errno));
+ return False;
+ }
-+ for (; count--; race++) {
-+ SMB_ACL_ENTRY_T entry;
-+ SMB_ACL_PERMSET_T permset;
-+ if (sys_acl_create_entry(smb_acl, &entry)) {
-+ errfun = "sys_acl_create)";
++
++ COE( sys_acl_create_entry,(smb_acl, &entry) );
++ COE( sys_acl_set_tag_type,(entry, SMB_ACL_USER_OBJ) );
++ COE2( store_access_in_entry,(racl->user_obj & 7, entry) );
++
++ for (ida = racl->users.idas, count = racl->users.count; count--; ida++) {
++ COE( sys_acl_create_entry,(smb_acl, &entry) );
++ COE( sys_acl_set_tag_type,(entry, SMB_ACL_USER) );
++ COE( sys_acl_set_qualifier,(entry, (void*)&ida->id) );
++ COE2( store_access_in_entry,(ida->access, entry) );
++ }
++
++ COE( sys_acl_create_entry,(smb_acl, &entry) );
++ COE( sys_acl_set_tag_type,(entry, SMB_ACL_GROUP_OBJ) );
++ COE2( store_access_in_entry,(racl->group_obj & 7, entry) );
++
++ for (ida = racl->groups.idas, count = racl->groups.count; count--; ida++) {
++ COE( sys_acl_create_entry,(smb_acl, &entry) );
++ COE( sys_acl_set_tag_type,(entry, SMB_ACL_GROUP) );
++ COE( sys_acl_set_qualifier,(entry, (void*)&ida->id) );
++ COE2( store_access_in_entry,(ida->access, entry) );
++ }
++
++#ifdef ACLS_NEED_MASK
++ mask_bits = racl->mask == ACL_NO_ENTRY ? racl->group_obj & 7 : racl->mask;
++ COE( sys_acl_create_entry,(smb_acl, &entry) );
++ COE( sys_acl_set_tag_type,(entry, SMB_ACL_MASK) );
++ COE2( store_access_in_entry,(mask_bits, entry) );
++#else
++ if (racl->mask != ACL_NO_ENTRY) {
++ COE( sys_acl_create_entry,(smb_acl, &entry) );
++ COE( sys_acl_set_tag_type,(entry, SMB_ACL_MASK) );
++ COE2( store_access_in_entry,(racl->mask, entry) );
++ }
++#endif
++
++ COE( sys_acl_create_entry,(smb_acl, &entry) );
++ COE( sys_acl_set_tag_type,(entry, SMB_ACL_OTHER) );
++ COE2( store_access_in_entry,(racl->other & 7, entry) );
++
++#ifdef DEBUG
++ if (sys_acl_valid(*smb_acl) < 0)
++ rprintf(FINFO, "pack_smb_acl: warning: system says the ACL I packed is invalid\n");
++#endif
++
++ return True;
++
++ error_exit:
++ if (errfun) {
++ rprintf(FERROR, "pack_smb_acl %s(): %s\n", errfun,
++ strerror(errno));
++ }
++ sys_acl_free_acl(*smb_acl);
++ return False;
++}
++
++static mode_t change_sacl_perms(SMB_ACL_T sacl, rsync_acl *racl, mode_t old_mode, mode_t mode)
++{
++ SMB_ACL_ENTRY_T entry;
++ const char *errfun;
++ int rc;
++
++ if (S_ISDIR(mode)) {
++ /* If the sticky bit is going on, it's not safe to allow all
++ * the new ACLs to go into effect before it gets set. */
++#ifdef SMB_ACL_LOSES_SPECIAL_MODE_BITS
++ if (mode & S_ISVTX)
++ mode &= ~0077;
++#else
++ if (mode & S_ISVTX && !(old_mode & S_ISVTX))
++ mode &= ~0077;
++ } else {
++ /* If setuid or setgid is going off, it's not safe to allow all
++ * the new ACLs to go into effect before they get cleared. */
++ if ((old_mode & S_ISUID && !(mode & S_ISUID))
++ || (old_mode & S_ISGID && !(mode & S_ISGID)))
++ mode &= ~0077;
++#endif
++ }
++
++ errfun = "sys_acl_get_entry";
++ for (rc = sys_acl_get_entry(sacl, SMB_ACL_FIRST_ENTRY, &entry);
++ rc == 1;
++ rc = sys_acl_get_entry(sacl, SMB_ACL_NEXT_ENTRY, &entry)) {
++ SMB_ACL_TAG_T tag_type;
++ if ((rc = sys_acl_get_tag_type(entry, &tag_type))) {
++ errfun = "sys_acl_get_tag_type";
+ break;
+ }
-+ if (sys_acl_set_tag_type(entry, race->tag_type)) {
-+ errfun = "sys_acl_set_tag";
++ switch (tag_type) {
++ case SMB_ACL_USER_OBJ:
++ COE2( store_access_in_entry,((mode >> 6) & 7, entry) );
+ break;
-+ }
-+ if (race->tag_type == SMB_ACL_USER ||
-+ race->tag_type == SMB_ACL_GROUP)
-+ if (sys_acl_set_qualifier(entry, (void*)&race->id)) {
-+ errfun = "sys_acl_set_qualfier";
++ case SMB_ACL_GROUP_OBJ:
++ /* group is only empty when identical to group perms. */
++ if (racl->group_obj != ACL_NO_ENTRY)
+ break;
-+ }
-+ if (sys_acl_get_permset(entry, &permset)) {
-+ errfun = "sys_acl_get_permset";
-+ break;
-+ }
-+ if (sys_acl_clear_perms(permset)) {
-+ errfun = "sys_acl_clear_perms";
++ COE2( store_access_in_entry,((mode >> 3) & 7, entry) );
+ break;
-+ }
-+ if (race->access & 4)
-+ if (sys_acl_add_perm(permset, SMB_ACL_READ)) {
-+ errfun = "sys_acl_add_perm";
-+ break;
-+ }
-+ if (race->access & 2)
-+ if (sys_acl_add_perm(permset, SMB_ACL_WRITE)) {
-+ errfun = "sys_acl_add_perm";
-+ break;
-+ }
-+ if (race->access & 1)
-+ if (sys_acl_add_perm(permset, SMB_ACL_EXECUTE)) {
-+ errfun = "sys_acl_add_perm";
++ case SMB_ACL_MASK:
++#ifndef ACLS_NEED_MASK
++ /* mask is only empty when we don't need it. */
++ if (racl->mask == ACL_NO_ENTRY)
+ break;
-+ }
-+ if (sys_acl_set_permset(entry, permset)) {
-+ errfun = "sys_acl_set_permset";
++#endif
++ COE2( store_access_in_entry,((mode >> 3) & 7, entry) );
++ break;
++ case SMB_ACL_OTHER:
++ COE2( store_access_in_entry,(mode & 7, entry) );
+ break;
+ }
+ }
-+ if (errfun) {
-+ sys_acl_free_acl(*smb_acl);
-+ rprintf(FERROR, "pack_smb_acl %s(): %s\n", errfun,
-+ strerror(errno));
-+ return False;
++ if (rc) {
++ error_exit:
++ if (errfun) {
++ rprintf(FERROR, "change_sacl_perms: %s(): %s\n",
++ errfun, strerror(errno));
++ }
++ return ~0u;
+ }
-+ return True;
++
++#ifdef SMB_ACL_LOSES_SPECIAL_MODE_BITS
++ /* Ensure that chmod() will be called to restore any lost setid bits. */
++ if (old_mode & (S_ISUID | S_ISGID | S_ISVTX)
++ && (old_mode & CHMOD_BITS) == (mode & CHMOD_BITS))
++ old_mode &= ~(S_ISUID | S_ISGID | S_ISVTX);
++#endif
++
++ /* Return the mode of the file on disk, as we will set them. */
++ return (old_mode & ~ACCESSPERMS) | (mode & ACCESSPERMS);
+}
+
-+static void receive_rsync_acl(rsync_acl *racl, int f)
++static void receive_rsync_acl(rsync_acl *racl, int f, SMB_ACL_TYPE_T type)
+{
-+#if ACLS_NEED_MASK
-+ uchar required_mask_perm = 0;
-+#endif
-+ BOOL saw_mask = False;
-+ BOOL saw_user_obj = False, saw_group_obj = False,
-+ saw_other = False;
-+ size_t count = read_int(f);
-+ rsync_ace *race;
-+ if (!count)
++ uchar computed_mask_bits = 0;
++ ida_list *idal = NULL;
++ id_access *ida;
++ size_t count;
++
++ *racl = empty_rsync_acl;
++
++ if (!(count = read_int(f)))
+ return;
++
+ while (count--) {
-+ uchar tag = read_byte(f);
-+ expand_rsync_acl(racl);
-+ race = &racl->races[racl->count++];
++ char tag = read_byte(f);
++ uchar access = read_byte(f);
++ if (access & ~ (4 | 2 | 1)) {
++ rprintf(FERROR, "receive_rsync_acl: bogus permset %o\n",
++ access);
++ exit_cleanup(RERR_STREAMIO);
++ }
+ switch (tag) {
+ case 'u':
-+ race->tag_type = SMB_ACL_USER_OBJ;
-+ saw_user_obj = True;
-+ break;
++ if (racl->user_obj != ACL_NO_ENTRY) {
++ rprintf(FERROR, "receive_rsync_acl: error: duplicate USER_OBJ entry\n");
++ exit_cleanup(RERR_STREAMIO);
++ }
++ racl->user_obj = access;
++ continue;
+ case 'U':
-+ race->tag_type = SMB_ACL_USER;
++ idal = &racl->users;
+ break;
+ case 'g':
-+ race->tag_type = SMB_ACL_GROUP_OBJ;
-+ saw_group_obj = True;
-+ break;
++ if (racl->group_obj != ACL_NO_ENTRY) {
++ rprintf(FERROR, "receive_rsync_acl: error: duplicate GROUP_OBJ entry\n");
++ exit_cleanup(RERR_STREAMIO);
++ }
++ racl->group_obj = access;
++ continue;
+ case 'G':
-+ race->tag_type = SMB_ACL_GROUP;
-+ break;
-+ case 'o':
-+ race->tag_type = SMB_ACL_OTHER;
-+ saw_other = True;
++ idal = &racl->groups;
+ break;
+ case 'm':
-+ race->tag_type = SMB_ACL_MASK;
-+ saw_mask = True;
-+ break;
++ if (racl->mask != ACL_NO_ENTRY) {
++ rprintf(FERROR, "receive_rsync_acl: error: duplicate MASK entry\n");
++ exit_cleanup(RERR_STREAMIO);
++ }
++ racl->mask = access;
++ continue;
++ case 'o':
++ if (racl->other != ACL_NO_ENTRY) {
++ rprintf(FERROR, "receive_rsync_acl: error: duplicate OTHER entry\n");
++ exit_cleanup(RERR_STREAMIO);
++ }
++ racl->other = access;
++ continue;
+ default:
+ rprintf(FERROR, "receive_rsync_acl: unknown tag %c\n",
+ tag);
+ exit_cleanup(RERR_STREAMIO);
+ }
-+ race->access = read_byte(f);
-+ if (race->access & ~ (4 | 2 | 1)) {
-+ rprintf(FERROR, "receive_rsync_acl: bogus permset %o\n",
-+ race->access);
-+ exit_cleanup(RERR_STREAMIO);
-+ }
-+ if (race->tag_type == SMB_ACL_USER ||
-+ race->tag_type == SMB_ACL_GROUP) {
-+ race->id = read_int(f);
-+#if ACLS_NEED_MASK
-+ required_mask_perm |= race->access;
-+#endif
-+ }
-+#if ACLS_NEED_MASK
-+ else if (race->tag_type == SMB_ACL_GROUP_OBJ)
-+ required_mask_perm |= race->access;
-+#endif
-+
++ expand_ida_list(idal);
++ ida = &idal->idas[idal->count++];
++ ida->access = access;
++ ida->id = read_int(f);
++ computed_mask_bits |= access;
+ }
-+ if (!saw_user_obj) {
-+ expand_rsync_acl(racl);
-+ race = &racl->races[racl->count++];
-+ race->tag_type = SMB_ACL_USER_OBJ;
-+ race->access = 7;
-+ }
-+ if (!saw_group_obj) {
-+ expand_rsync_acl(racl);
-+ race = &racl->races[racl->count++];
-+ race->tag_type = SMB_ACL_GROUP_OBJ;
-+ race->access = 0;
-+ }
-+ if (!saw_other) {
-+ expand_rsync_acl(racl);
-+ race = &racl->races[racl->count++];
-+ race->tag_type = SMB_ACL_OTHER;
-+ race->access = 0;
-+ }
-+#if ACLS_NEED_MASK
-+ if (!saw_mask) {
-+ expand_rsync_acl(racl);
-+ race = &racl->races[racl->count++];
-+ race->tag_type = SMB_ACL_MASK;
-+ race->access = required_mask_perm;
-+ }
-+#else
-+ /* If we, a system without ACLS_NEED_MASK, received data from a
-+ * system that has masks, throw away the extraneous CLASS_OBJs. */
-+ if (saw_mask && racl->count == 4) {
-+ rsync_ace *group_obj_race = NULL, *mask_race = NULL;
-+ rsync_ace *p;
-+ size_t i;
-+ for (i = 0, p = racl->races; i < racl->count; i++, p++) {
-+ if (p->tag_type == SMB_ACL_MASK)
-+ mask_race = p;
-+ else if (p->tag_type == SMB_ACL_GROUP_OBJ)
-+ group_obj_race = p;
-+ }
-+ if (mask_race == NULL || group_obj_race == NULL) {
-+ rprintf(FERROR, "receive_rsync_acl: have four ACES "
-+ "and one's ACL_MASK but missing "
-+ "either it or ACL_GROUP_OBJ, "
-+ "when pruning ACL\n");
-+ } else {
-+ /* mask off group perms with it first */
-+ group_obj_race->access &= mask_race->access;
-+ /* dump mask_race; re-slot any followers-on */
-+ racl->count--;
-+ if (mask_race != &racl->races[racl->count]) {
-+ *mask_race = racl->races[racl->count];
-+ saw_user_obj = False; /* force re-sort */
-+ }
++
++ if (type == SMB_ACL_TYPE_DEFAULT) {
++ /* Ensure that these are never unset. */
++ if (racl->user_obj == ACL_NO_ENTRY)
++ racl->user_obj = 7;
++ if (racl->group_obj == ACL_NO_ENTRY)
++ racl->group_obj = 0;
++ if (racl->other == ACL_NO_ENTRY)
++ racl->other = 0;
++ }
++
++ if (!racl->users.count && !racl->groups.count) {
++ /* If we received a superfluous mask, throw it away. */
++ if (racl->mask != ACL_NO_ENTRY) {
++ /* Mask off the group perms with it first. */
++ racl->group_obj &= racl->mask | ACL_NO_ENTRY;
++ racl->mask = ACL_NO_ENTRY;
+ }
-+ }
-+#endif
-+#if ACLS_NEED_MASK
-+ if (!(saw_user_obj && saw_group_obj && saw_other && saw_mask))
-+#else
-+ if (!(saw_user_obj && saw_group_obj && saw_other))
-+#endif
-+ sort_rsync_acl(racl);
++ } else if (racl->mask == ACL_NO_ENTRY) /* Must be non-empty with lists. */
++ racl->mask = computed_mask_bits | (racl->group_obj & 7);
+}
+
-+/* receive and build the rsync_acl_lists */
-+
++/* Receive and build the rsync_acl_lists. */
+void receive_acl(struct file_struct *file, int f)
+{
-+ SMB_ACL_TYPE_T *type,
-+ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
-+ char *fname;
-+ if (!preserve_acls || S_ISLNK(file->mode))
++ SMB_ACL_TYPE_T type;
++
++ if (S_ISLNK(file->mode))
+ return;
-+ fname = f_name(file, NULL);
-+ for (type = &types[0];
-+ type < &types[0] + sizeof types / sizeof types[0]
-+ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode));
-+ type++) {
-+ file_acl_index_list *fileaclidx_list =
-+ file_acl_index_lists(*type);
-+ uchar tag;
-+ expand_file_acl_index_list(fileaclidx_list);
++
++ type = SMB_ACL_TYPE_ACCESS;
++ do {
++ char tag;
++ file_acl_index_list *flst = file_acl_index_lists(type);
++
++ expand_file_acl_index_list(flst);
+
+ tag = read_byte(f);
+ if (tag == 'A' || tag == 'a') {
-+ if (*type != SMB_ACL_TYPE_ACCESS) {
++ if (type != SMB_ACL_TYPE_ACCESS) {
+ rprintf(FERROR, "receive_acl %s: duplicate access ACL\n",
-+ fname);
++ f_name(file, NULL));
+ exit_cleanup(RERR_STREAMIO);
+ }
+ } else if (tag == 'D' || tag == 'd') {
-+ if (*type == SMB_ACL_TYPE_ACCESS) {
++ if (type == SMB_ACL_TYPE_ACCESS) {
+ rprintf(FERROR, "receive_acl %s: expecting access ACL; got default\n",
-+ fname);
++ f_name(file, NULL));
+ exit_cleanup(RERR_STREAMIO);
+ }
+ } else {
+ rprintf(FERROR, "receive_acl %s: unknown ACL type tag: %c\n",
-+ fname, tag);
++ f_name(file, NULL), tag);
+ exit_cleanup(RERR_STREAMIO);
+ }
+ if (tag == 'A' || tag == 'D') {
-+ rsync_acl racl = rsync_acl_initializer;
-+ rsync_acl_list *racl_list = rsync_acl_lists(*type);
-+ smb_acl_list *sacl_list = smb_acl_lists(*type);
-+ fileaclidx_list->fileaclidxs[fileaclidx_list->count].
-+ aclidx = racl_list->count;
-+ fileaclidx_list->fileaclidxs[fileaclidx_list->count++].
-+ file = file;
-+ receive_rsync_acl(&racl, f);
++ rsync_acl racl;
++ rsync_acl_list *racl_list = rsync_acl_lists(type);
++ smb_acl_list *sacl_list = smb_acl_lists(type);
++ flst->fais[flst->count].aclidx = racl_list->count;
++ flst->fais[flst->count++].file = file;
++ receive_rsync_acl(&racl, f, type);
+ expand_rsync_acl_list(racl_list);
+ racl_list->racls[racl_list->count++] = racl;
+ expand_smb_acl_list(sacl_list);
+ sacl_list->sacls[sacl_list->count++] = NULL;
+ } else {
+ int index = read_int(f);
-+ rsync_acl_list *racl_list = rsync_acl_lists(*type);
++ rsync_acl_list *racl_list = rsync_acl_lists(type);
+ if ((size_t) index >= racl_list->count) {
+ rprintf(FERROR, "receive_acl %s: %s ACL index %d out of range\n",
-+ fname,
-+ str_acl_type(*type),
++ f_name(file, NULL),
++ str_acl_type(type),
+ index);
+ exit_cleanup(RERR_STREAMIO);
+ }
-+ fileaclidx_list->fileaclidxs[fileaclidx_list->count].
-+ aclidx = index;
-+ fileaclidx_list->fileaclidxs[fileaclidx_list->count++].
-+ file = file;
++ flst->fais[flst->count].aclidx = index;
++ flst->fais[flst->count++].file = file;
+ }
-+ }
++ } while (BUMP_TYPE(type) && S_ISDIR(file->mode));
+}
+
+static int file_acl_index_list_sorter(const void *f1, const void *f2)
+{
-+ const file_acl_index *fileaclidx1 = (const file_acl_index *)f1;
-+ const file_acl_index *fileaclidx2 = (const file_acl_index *)f2;
-+ return fileaclidx1->file == fileaclidx2->file ? 0 :
-+ fileaclidx1->file < fileaclidx2->file ? -1 : 1;
++ const file_acl_index *fx1 = (const file_acl_index *)f1;
++ const file_acl_index *fx2 = (const file_acl_index *)f2;
++ return fx1->file == fx2->file ? 0 : fx1->file < fx2->file ? -1 : 1;
+}
+
+void sort_file_acl_index_lists()
+{
-+ SMB_ACL_TYPE_T *type,
-+ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
-+ if (!preserve_acls)
-+ return;
-+ for (type = &types[0];
-+ type < &types[0] + sizeof types / sizeof types[0];
-+ type++)
-+ {
-+ file_acl_index_list *fileaclidx_list =
-+ file_acl_index_lists(*type);
-+ if (!fileaclidx_list->count)
++ SMB_ACL_TYPE_T type;
++
++ type = SMB_ACL_TYPE_ACCESS;
++ do {
++ file_acl_index_list *flst = file_acl_index_lists(type);
++
++ if (!flst->count)
+ continue;
-+ qsort(fileaclidx_list->fileaclidxs, fileaclidx_list->count,
-+ sizeof fileaclidx_list->fileaclidxs[0],
++
++ qsort(flst->fais, flst->count, sizeof flst->fais[0],
+ &file_acl_index_list_sorter);
-+ }
++ } while (BUMP_TYPE(type));
+}
+
-+static int find_file_acl_index(const file_acl_index_list *fileaclidx_list,
-+ const struct file_struct *file) {
-+ int low = 0, high = fileaclidx_list->count;
++static int find_file_acl_index(const file_acl_index_list *flst,
++ const struct file_struct *file)
++{
++ int low = 0, high = flst->count;
+ const struct file_struct *file_mid;
++
+ if (!high--)
+ return -1;
+ do {
+ int mid = (high + low) / 2;
-+ file_mid = fileaclidx_list->fileaclidxs[mid].file;
++ file_mid = flst->fais[mid].file;
+ if (file_mid == file)
-+ return fileaclidx_list->fileaclidxs[mid].aclidx;
++ return flst->fais[mid].aclidx;
+ if (file_mid > file)
+ high = mid - 1;
+ else
+ low = mid + 1;
+ } while (low < high);
+ if (low == high) {
-+ file_mid = fileaclidx_list->fileaclidxs[low].file;
++ file_mid = flst->fais[low].file;
+ if (file_mid == file)
-+ return fileaclidx_list->fileaclidxs[low].aclidx;
++ return flst->fais[low].aclidx;
+ }
+ rprintf(FERROR,
+ "find_file_acl_index: can't find entry for file in list\n");
+}
+
+/* for duplicating ACLs on backups when using backup_dir */
-+
+int dup_acl(const char *orig, const char *bak, mode_t mode)
+{
-+ SMB_ACL_TYPE_T *type,
-+ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
++ SMB_ACL_TYPE_T type;
+ int ret = 0;
-+ if (!preserve_acls)
-+ return 1;
-+ for (type = &types[0];
-+ type < &types[0] + sizeof types / sizeof types[0]
-+ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(mode));
-+ type++) {
++
++ type = SMB_ACL_TYPE_ACCESS;
++ do {
+ SMB_ACL_T sacl_orig, sacl_bak;
+ rsync_acl racl_orig, racl_bak;
-+ if (!(sacl_orig = sys_acl_get_file(orig, *type))) {
++ if (!(sacl_orig = sys_acl_get_file(orig, type))) {
+ rprintf(FERROR, "dup_acl: sys_acl_get_file(%s, %s): %s\n",
-+ orig, str_acl_type(*type), strerror(errno));
++ orig, str_acl_type(type), strerror(errno));
+ ret = -1;
+ continue;
+ }
-+ if (!(sacl_bak = sys_acl_get_file(orig, *type))) {
++ if (!(sacl_bak = sys_acl_get_file(orig, type))) {
+ rprintf(FERROR, "dup_acl: sys_acl_get_file(%s, %s): %s. ignoring\n",
-+ bak, str_acl_type(*type), strerror(errno));
++ bak, str_acl_type(type), strerror(errno));
+ ret = -1;
+ /* try to forge on through */
+ }
+ } else {
+ ; /* presume they're unequal */
+ }
-+ if (*type == SMB_ACL_TYPE_DEFAULT && !racl_orig.count) {
-+ if (-1 == sys_acl_delete_def_file(bak)) {
++ if (type == SMB_ACL_TYPE_DEFAULT
++ && racl_orig.user_obj == ACL_NO_ENTRY) {
++ if (sys_acl_delete_def_file(bak) < 0) {
+ rprintf(FERROR, "dup_acl: sys_acl_delete_def_file(%s): %s\n",
+ bak, strerror(errno));
+ ret = -1;
+ }
-+ } else if (-1 == sys_acl_set_file(bak, *type, sacl_bak)) {
++ } else if (sys_acl_set_file(bak, type, sacl_bak) < 0) {
+ rprintf(FERROR, "dup_acl: sys_acl_set_file(%s, %s): %s\n",
-+ bak, str_acl_type(*type), strerror(errno));
++ bak, str_acl_type(type), strerror(errno));
+ ret = -1;
+ }
-+ out_with_all:
-+ if (sacl_bak)
-+ rsync_acl_free(&racl_bak);
-+ out_with_one_racl:
-+ rsync_acl_free(&racl_orig);
-+ out_with_sacls:
-+ if (sacl_bak)
-+ sys_acl_free_acl(sacl_bak);
-+ /* out_with_one_sacl: */
-+ if (sacl_orig)
-+ sys_acl_free_acl(sacl_orig);
-+ }
++ out_with_all:
++ if (sacl_bak)
++ rsync_acl_free(&racl_bak);
++ out_with_one_racl:
++ rsync_acl_free(&racl_orig);
++ out_with_sacls:
++ if (sacl_bak)
++ sys_acl_free_acl(sacl_bak);
++ if (sacl_orig)
++ sys_acl_free_acl(sacl_orig);
++ } while (BUMP_TYPE(type) && S_ISDIR(mode));
++
+ return ret;
+}
+
+void push_keep_backup_acl(const struct file_struct *file,
+ const char *orig, const char *dest)
+{
-+ if (preserve_acls) {
-+ SMB_ACL_TYPE_T *type,
-+ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
-+ SMB_ACL_T *sacl;
-+ backup_orig_file = file;
-+ backup_orig_fname = orig;
-+ backup_dest_fname = dest;
-+ for (type = &types[0], sacl = &_backup_sacl[0];
-+ type < &types[0] + sizeof types / sizeof types[0];
-+ type++) {
-+ if (*type == SMB_ACL_TYPE_DEFAULT && !S_ISDIR(file->mode))
-+ *sacl = NULL;
-+ else {
-+ if (!(*sacl = sys_acl_get_file(orig, *type))) {
-+ rprintf(FERROR, "push_keep_backup_acl: sys_acl_get_file(%s, %s): %s\n",
-+ orig, str_acl_type(*type),
-+ strerror(errno));
-+ }
-+ }
++ SMB_ACL_TYPE_T type;
++ SMB_ACL_T *sacl;
++
++ backup_orig_file = file;
++ backup_orig_fname = orig;
++ backup_dest_fname = dest;
++
++ sacl = &_backup_sacl[0];
++ type = SMB_ACL_TYPE_ACCESS;
++ do {
++ if (type == SMB_ACL_TYPE_DEFAULT && !S_ISDIR(file->mode)) {
++ *sacl = NULL;
++ break;
+ }
-+ }
++ if (!(*sacl = sys_acl_get_file(orig, type))) {
++ rprintf(FERROR,
++ "push_keep_backup_acl: sys_acl_get_file(%s, %s): %s\n",
++ orig, str_acl_type(type),
++ strerror(errno));
++ }
++ } while (BUMP_TYPE(type));
+}
+
+static int set_keep_backup_acl()
+{
-+ if (preserve_acls) {
-+ SMB_ACL_TYPE_T *type,
-+ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
-+ SMB_ACL_T *sacl;
-+ int ret = 0;
-+ for (type = &types[0], sacl = &_backup_sacl[0];
-+ type < &types[0] + sizeof types / sizeof types[0];
-+ type++) {
-+ if (*sacl) {
-+ if (-1 == sys_acl_set_file(backup_dest_fname,
-+ *type, *sacl))
-+ {
-+ rprintf(FERROR, "push_keep_backup_acl: sys_acl_get_file(%s, %s): %s\n",
-+ backup_dest_fname,
-+ str_acl_type(*type),
-+ strerror(errno));
-+ ret = -1;
-+ }
-+ }
++ SMB_ACL_TYPE_T type;
++ SMB_ACL_T *sacl;
++ int ret = 0;
++
++ sacl = &_backup_sacl[0];
++ type = SMB_ACL_TYPE_ACCESS;
++ do {
++ if (*sacl
++ && sys_acl_set_file(backup_dest_fname, type, *sacl) < 0) {
++ rprintf(FERROR,
++ "push_keep_backup_acl: sys_acl_get_file(%s, %s): %s\n",
++ backup_dest_fname,
++ str_acl_type(type),
++ strerror(errno));
++ ret = -1;
+ }
-+ return ret;
-+ }
-+ return 1;
++ } while (BUMP_TYPE(type));
++
++ return ret;
+}
+
+void cleanup_keep_backup_acl()
+{
-+ if (preserve_acls) {
-+ SMB_ACL_TYPE_T *type,
-+ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
-+ SMB_ACL_T *sacl;
-+ backup_orig_file = NULL;
-+ backup_orig_fname = null_string;
-+ backup_dest_fname = null_string;
-+ for (type = &types[0], sacl = &_backup_sacl[0];
-+ type < &types[0] + sizeof types / sizeof types[0];
-+ type++) {
-+ if (*sacl)
-+ sys_acl_free_acl(*sacl);
++ SMB_ACL_TYPE_T type;
++ SMB_ACL_T *sacl;
++
++ backup_orig_file = NULL;
++ backup_orig_fname = null_string;
++ backup_dest_fname = null_string;
++
++ sacl = &_backup_sacl[0];
++ type = SMB_ACL_TYPE_ACCESS;
++ do {
++ if (*sacl) {
++ sys_acl_free_acl(*sacl);
+ *sacl = NULL;
+ }
-+ }
++ } while (BUMP_TYPE(type));
+}
+
-+/* set ACL on rsync-ed or keep_backup-ed file */
-+
-+int set_acl(const char *fname, const struct file_struct *file)
++/* set ACL on rsync-ed or keep_backup-ed file
++ *
++ * This sets extended access ACL entries and default ACLs. If convenient,
++ * it sets permission bits along with the access ACLs and signals having
++ * done so by modifying mode_p, which should point into the stat buffer.
++ *
++ * returns: 1 for unchanged, 0 for changed, -1 for failed
++ * Pass NULL for mode_p to get the return code without changing anything. */
++int set_acl(const char *fname, const struct file_struct *file, mode_t *mode_p)
+{
-+ int updated = 0;
-+ SMB_ACL_TYPE_T *type,
-+ types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT};
-+ if (dry_run || !preserve_acls || S_ISLNK(file->mode))
++ int unchanged = 1;
++ SMB_ACL_TYPE_T type;
++
++ if (S_ISLNK(file->mode))
+ return 1;
++
+ if (file == backup_orig_file) {
+ if (!strcmp(fname, backup_dest_fname))
+ return set_keep_backup_acl();
+ }
-+ for (type = &types[0];
-+ type < &types[0] + sizeof types / sizeof types[0]
-+ && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode));
-+ type++) {
++ type = SMB_ACL_TYPE_ACCESS;
++ do {
++ BOOL ok;
+ SMB_ACL_T sacl_orig, *sacl_new;
+ rsync_acl racl_orig, *racl_new;
-+ int aclidx = find_file_acl_index(file_acl_index_lists(*type),
-+ file);
-+ BOOL ok;
-+ racl_new = &(rsync_acl_lists(*type)->racls[aclidx]);
-+ sacl_new = &(smb_acl_lists(*type)->sacls[aclidx]);
-+ sacl_orig = sys_acl_get_file(fname, *type);
++ int aclidx = find_file_acl_index(file_acl_index_lists(type), file);
++
++ racl_new = &(rsync_acl_lists(type)->racls[aclidx]);
++ sacl_new = &(smb_acl_lists(type)->sacls[aclidx]);
++ sacl_orig = sys_acl_get_file(fname, type);
+ if (!sacl_orig) {
+ rprintf(FERROR, "set_acl: sys_acl_get_file(%s, %s): %s\n",
-+ fname, str_acl_type(*type), strerror(errno));
-+ updated = -1;
++ fname, str_acl_type(type), strerror(errno));
++ unchanged = -1;
+ continue;
+ }
+ ok = unpack_smb_acl(&racl_orig, sacl_orig);
+ sys_acl_free_acl(sacl_orig);
+ if (!ok) {
-+ updated = -1;
++ unchanged = -1;
+ continue;
+ }
-+ ok = rsync_acls_equal(&racl_orig, racl_new);
++ if (type == SMB_ACL_TYPE_ACCESS)
++ ok = rsync_acl_extended_parts_equal(&racl_orig, racl_new, file->mode);
++ else
++ ok = rsync_acls_equal(&racl_orig, racl_new);
+ rsync_acl_free(&racl_orig);
+ if (ok)
+ continue;
-+ if (*type == SMB_ACL_TYPE_DEFAULT && !racl_new->count) {
-+ if (-1 == sys_acl_delete_def_file(fname)) {
-+ rprintf(FERROR, "set_acl: sys_acl_delete_def_file(%s): %s\n",
-+ fname, strerror(errno));
-+ updated = -1;
-+ continue;
-+ }
-+ } else {
-+ if (!*sacl_new)
-+ if (!pack_smb_acl(sacl_new, racl_new)) {
-+ updated = -1;
++ if (!dry_run && mode_p) {
++ if (type == SMB_ACL_TYPE_DEFAULT
++ && racl_new->user_obj == ACL_NO_ENTRY) {
++ if (sys_acl_delete_def_file(fname) < 0) {
++ rprintf(FERROR, "set_acl: sys_acl_delete_def_file(%s): %s\n",
++ fname, strerror(errno));
++ unchanged = -1;
++ continue;
++ }
++ } else {
++ mode_t cur_mode = *mode_p;
++ if (!*sacl_new
++ && !pack_smb_acl(sacl_new, racl_new)) {
++ unchanged = -1;
+ continue;
+ }
-+ if (-1 == sys_acl_set_file(fname, *type, *sacl_new)) {
-+ rprintf(FERROR, "set_acl: sys_acl_set_file(%s, %s): %s\n",
-+ fname, str_acl_type(*type),
-+ strerror(errno));
-+ updated = -1;
-+ continue;
++ if (type == SMB_ACL_TYPE_ACCESS) {
++ cur_mode = change_sacl_perms(*sacl_new, racl_new,
++ cur_mode, file->mode);
++ if (cur_mode == ~0u)
++ continue;
++ }
++ if (sys_acl_set_file(fname, type, *sacl_new) < 0) {
++ rprintf(FERROR, "set_acl: sys_acl_set_file(%s, %s): %s\n",
++ fname, str_acl_type(type),
++ strerror(errno));
++ unchanged = -1;
++ continue;
++ }
++ if (type == SMB_ACL_TYPE_ACCESS)
++ *mode_p = cur_mode;
+ }
+ }
-+ if (!updated)
-+ updated = 1;
-+ }
-+ return updated;
++ if (unchanged == 1)
++ unchanged = 0;
++ } while (BUMP_TYPE(type) && S_ISDIR(file->mode));
++
++ return unchanged;
+}
+
+/* Enumeration functions for uid mapping: */
+
+static rsync_acl_list **enum_racl_list = &_enum_racl_lists[0];
+static size_t enum_racl_index = 0;
-+static size_t enum_race_index = 0;
++static size_t enum_ida_index = 0;
+
+/* This returns the next tag_type id from the given acl for the next entry,
+ * or it returns 0 if there are no more tag_type ids in the acl. */
-+
-+static id_t next_ace_id(SMB_ACL_TAG_T tag_type, const rsync_acl *racl)
++static id_t *next_ace_id(SMB_ACL_TAG_T tag_type, const rsync_acl *racl)
+{
-+ for (; enum_race_index < racl->count; enum_race_index++) {
-+ rsync_ace *race = &racl->races[enum_race_index];
-+ if (race->tag_type == tag_type)
-+ return race->id;
++ const ida_list *idal = tag_type == SMB_ACL_USER ? &racl->users : &racl->groups;
++ if (enum_ida_index < idal->count) {
++ id_access *ida = &idal->idas[enum_ida_index++];
++ return &ida->id;
+ }
-+ enum_race_index = 0;
-+ return 0;
++ enum_ida_index = 0;
++ return NULL;
+}
+
-+static id_t next_acl_id(SMB_ACL_TAG_T tag_type, const rsync_acl_list *racl_list)
++static id_t *next_acl_id(SMB_ACL_TAG_T tag_type, const rsync_acl_list *racl_list)
+{
+ for (; enum_racl_index < racl_list->count; enum_racl_index++) {
+ rsync_acl *racl = &racl_list->racls[enum_racl_index];
-+ id_t id = next_ace_id(tag_type, racl);
++ id_t *id = next_ace_id(tag_type, racl);
+ if (id)
+ return id;
+ }
+ enum_racl_index = 0;
-+ return 0;
++ return NULL;
+}
+
-+static id_t next_acl_list_id(SMB_ACL_TAG_T tag_type)
++static id_t *next_acl_list_id(SMB_ACL_TAG_T tag_type)
+{
+ for (; *enum_racl_list; enum_racl_list++) {
-+ id_t id = next_acl_id(tag_type, *enum_racl_list);
++ id_t *id = next_acl_id(tag_type, *enum_racl_list);
+ if (id)
+ return id;
+ }
+ enum_racl_list = &_enum_racl_lists[0];
-+ return 0;
++ return NULL;
+}
+
-+id_t next_acl_uid()
++id_t *next_acl_uid()
+{
+ return next_acl_list_id(SMB_ACL_USER);
+}
+
-+id_t next_acl_gid()
++id_t *next_acl_gid()
+{
+ return next_acl_list_id(SMB_ACL_GROUP);
+}
+
-+/* referring to the global context enum_entry, sets the entry's id */
-+static void set_acl_id(id_t id)
-+{
-+ (*enum_racl_list)->racls[enum_racl_index].races[enum_race_index++].id = id;
-+}
-+
-+void acl_uid_map(id_t uid)
-+{
-+ set_acl_id(uid);
-+}
-+
-+void acl_gid_map(id_t gid)
-+{
-+ set_acl_id(gid);
-+}
-+
-+#define PERMS_SPLICE(perms,newbits,where) (((perms) & ~(7 << (where))) | ((newbits) << (where)))
-+
+int default_perms_for_dir(const char *dir)
+{
+ rsync_acl racl;
+ SMB_ACL_T sacl;
-+ BOOL ok, saw_mask = False;
-+ size_t i;
++ BOOL ok;
+ int perms;
+
+ if (dir == NULL)
+ return perms;
+ }
+
-+ /* Look at each default ACL entry and possibly modify three bits of `perms' accordingly.
-+ * If there's "no" default ACL, there will be zero entries and the umask-based perms is unchanged. */
-+ for (i = 0; i < racl.count; i++) {
-+ switch (racl.races[i].tag_type) {
-+ case SMB_ACL_USER_OBJ:
-+ perms = PERMS_SPLICE(perms, racl.races[i].access, 6);
-+ break;
-+ case SMB_ACL_GROUP_OBJ:
-+ if (!saw_mask)
-+ perms = PERMS_SPLICE(perms, racl.races[i].access, 3);
-+ break;
-+ case SMB_ACL_MASK:
-+ saw_mask = True;
-+ perms = PERMS_SPLICE(perms, racl.races[i].access, 3);
-+ break;
-+ case SMB_ACL_OTHER:
-+ perms = PERMS_SPLICE(perms, racl.races[i].access, 0);
-+ break;
-+ default:
-+ break;
-+ }
++ /* Apply the permission-bit entries of the default ACL, if any. */
++ if (racl.user_obj != ACL_NO_ENTRY) {
++ perms = rsync_acl_get_perms(&racl);
++ if (verbose > 2)
++ rprintf(FINFO, "got ACL-based default perms %o for directory %s\n", perms, dir);
+ }
++
+ rsync_acl_free(&racl);
-+ if (verbose > 2)
-+ rprintf(FINFO, "got ACL-based default perms %o for directory %s\n", perms, dir);
+ return perms;
+}
+
+#endif /* SUPPORT_ACLS */
--- old/backup.c
+++ new/backup.c
-@@ -135,6 +135,7 @@ static int make_bak_dir(char *fullpath)
+@@ -29,6 +29,7 @@ extern char *backup_suffix;
+ extern char *backup_dir;
+
+ extern int am_root;
++extern int preserve_acls;
+ extern int preserve_devices;
+ extern int preserve_specials;
+ extern int preserve_links;
+@@ -133,6 +134,10 @@ static int make_bak_dir(char *fullpath)
} else {
do_lchown(fullpath, st.st_uid, st.st_gid);
do_chmod(fullpath, st.st_mode);
-+ (void)DUP_ACL(end, fullpath, st.st_mode);
++#ifdef SUPPORT_ACLS
++ if (preserve_acls)
++ dup_acl(end, fullpath, st.st_mode);
++#endif
}
}
*p = '/';
-@@ -188,6 +189,8 @@ static int keep_backup(char *fname)
+@@ -186,6 +191,11 @@ static int keep_backup(char *fname)
if (!(buf = get_backup_name(fname)))
return 0;
-+ PUSH_KEEP_BACKUP_ACL(file, fname, buf);
++#ifdef SUPPORT_ACLS
++ if (preserve_acls)
++ push_keep_backup_acl(file, fname, buf);
++#endif
+
/* Check to see if this is a device file, or link */
if ((am_root && preserve_devices && IS_DEVICE(file->mode))
|| (preserve_specials && IS_SPECIAL(file->mode))) {
-@@ -263,6 +266,7 @@ static int keep_backup(char *fname)
+@@ -261,6 +271,10 @@ static int keep_backup(char *fname)
}
}
set_file_attrs(buf, file, NULL, 0);
-+ CLEANUP_KEEP_BACKUP_ACL();
++#ifdef SUPPORT_ACLS
++ if (preserve_acls)
++ cleanup_keep_backup_acl();
++#endif
free(file);
if (verbose > 1) {
dnl At the moment we don't test for a broken memcmp(), because all we
dnl need to do is test for equality, not comparison, and it seems that
dnl every platform has a memcmp that can do at least that.
-@@ -738,6 +743,77 @@ AC_SUBST(OBJ_RESTORE)
+@@ -746,6 +751,78 @@ AC_SUBST(OBJ_RESTORE)
AC_SUBST(CC_SHOBJ_FLAG)
AC_SUBST(BUILD_POPT)
+ AC_MSG_RESULT(Using UnixWare ACLs)
+ AC_DEFINE(HAVE_UNIXWARE_ACLS, 1, [true if you have UnixWare ACLs])
+ ;;
-+ *solaris*)
++ *solaris*|*cygwin*)
+ AC_MSG_RESULT(Using solaris ACLs)
+ AC_DEFINE(HAVE_SOLARIS_ACLS, 1, [true if you have solaris ACLs])
+ ;;
+#include <sys/acl.h>],
+[ acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p);],
+samba_cv_HAVE_POSIX_ACLS=yes,samba_cv_HAVE_POSIX_ACLS=no)])
++ AC_MSG_CHECKING(ACL test results)
+ if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then
+ AC_MSG_RESULT(Using posix ACLs)
+ AC_DEFINE(HAVE_POSIX_ACLS, 1, [true if you have posix ACLs])
--- old/flist.c
+++ new/flist.c
-@@ -967,6 +967,8 @@ static struct file_struct *send_file_nam
- f == -2 ? SERVER_FILTERS : ALL_FILTERS);
- if (!file)
- return NULL;
-+ if (MAKE_ACL(file, fname) < 0)
-+ return NULL;
-
+@@ -40,6 +40,7 @@ extern int filesfrom_fd;
+ extern int one_file_system;
+ extern int copy_dirlinks;
+ extern int keep_dirlinks;
++extern int preserve_acls;
+ extern int preserve_links;
+ extern int preserve_hard_links;
+ extern int preserve_devices;
+@@ -961,6 +962,11 @@ static struct file_struct *send_file_nam
if (chmod_modes && !S_ISLNK(file->mode))
file->mode = tweak_mode(file->mode, chmod_modes);
-@@ -978,6 +980,10 @@ static struct file_struct *send_file_nam
+
++#ifdef SUPPORT_ACLS
++ if (preserve_acls && make_acl(file, fname) < 0)
++ return NULL;
++#endif
++
+ maybe_emit_filelist_progress(flist->count + flist_count_offset);
+
+ flist_expand(flist);
+@@ -968,6 +974,16 @@ static struct file_struct *send_file_nam
if (file->basename[0]) {
flist->files[flist->count++] = file;
send_file_entry(file, f);
-+ SEND_ACL(file, f);
++#ifdef SUPPORT_ACLS
++ if (preserve_acls)
++ send_acl(file, f);
++#endif
+ } else {
++#ifdef SUPPORT_ACLS
+ /* Cleanup unsent ACL(s). */
-+ SEND_ACL(file, -1);
++ if (preserve_acls)
++ send_acl(file, -1);
++#endif
}
return file;
}
-@@ -1366,6 +1372,8 @@ struct file_list *recv_file_list(int f)
+@@ -1356,6 +1372,11 @@ struct file_list *recv_file_list(int f)
flags |= read_byte(f) << 8;
file = receive_file_entry(flist, flags, f);
-+ RECEIVE_ACL(file, f);
++#ifdef SUPPORT_ACLS
++ if (preserve_acls)
++ receive_acl(file, f);
++#endif
+
- if (S_ISREG(file->mode))
+ if (S_ISREG(file->mode) || S_ISLNK(file->mode))
stats.total_size += file->length;
-@@ -1388,6 +1396,8 @@ struct file_list *recv_file_list(int f)
+@@ -1378,6 +1399,11 @@ struct file_list *recv_file_list(int f)
clean_flist(flist, relative_paths, 1);
-+ SORT_FILE_ACL_INDEX_LISTS();
++#ifdef SUPPORT_ACLS
++ if (preserve_acls)
++ sort_file_acl_index_lists();
++#endif
+
if (f >= 0) {
recv_uid_list(f, flist);
--- old/generator.c
+++ new/generator.c
-@@ -754,6 +754,7 @@ static int try_dests_non(struct file_str
+@@ -85,6 +85,7 @@ extern long block_size; /* "long" becaus
+ extern int max_delete;
+ extern int force_delete;
+ extern int one_file_system;
++extern mode_t orig_umask;
+ extern struct stats stats;
+ extern dev_t filesystem_dev;
+ extern char *backup_dir;
+@@ -319,6 +320,8 @@ static void do_delete_pass(struct file_l
+
+ int unchanged_attrs(struct file_struct *file, STRUCT_STAT *st)
+ {
++ /* FIXME: Flag ACL changes. */
++
+ if (preserve_perms
+ && (st->st_mode & CHMOD_BITS) != (file->mode & CHMOD_BITS))
+ return 0;
+@@ -353,6 +356,7 @@ void itemize(struct file_struct *file, i
+ if (preserve_gid && file->gid != GID_NONE
+ && st->st_gid != file->gid)
+ iflags |= ITEM_REPORT_GROUP;
++ /* FIXME: Itemize ACL changes. ITEM_REPORT_XATTR? */
+ } else
+ iflags |= ITEM_IS_NEW;
+
+@@ -769,6 +773,7 @@ static int try_dests_non(struct file_str
}
static int phase = 0;
/* Acts on the_file_list->file's ndx'th item, whose name is fname. If a dir,
* make sure it exists, and has the right permissions/timestamp info. For
-@@ -770,7 +771,7 @@ static void recv_generator(char *fname,
- enum logcode code, int f_out)
- {
- static int missing_below = -1, excluded_below = -1;
-- static char *fuzzy_dirname = "";
-+ static char *parent_dirname = "";
- static struct file_list *fuzzy_dirlist = NULL;
- struct file_struct *fuzzy_file = NULL;
- int fd = -1, f_copy = -1;
-@@ -789,12 +790,12 @@ static void recv_generator(char *fname,
- if (fuzzy_dirlist) {
- flist_free(fuzzy_dirlist);
- fuzzy_dirlist = NULL;
-- fuzzy_dirname = "";
- }
- if (missing_below >= 0) {
- dry_run--;
- missing_below = -1;
- }
-+ parent_dirname = "";
- return;
- }
-
-@@ -829,15 +830,24 @@ static void recv_generator(char *fname,
- statret = -1;
- stat_errno = ENOENT;
- } else {
-- if (fuzzy_basis && S_ISREG(file->mode)) {
-+ if ((fuzzy_basis && S_ISREG(file->mode))
-+#ifdef SUPPORT_ACLS
-+ || !preserve_perms
-+#endif
-+ ) {
- char *dn = file->dirname ? file->dirname : ".";
-- if (fuzzy_dirname != dn
-- && strcmp(fuzzy_dirname, dn) != 0) {
-+ if (parent_dirname != dn
-+ && strcmp(parent_dirname, dn) != 0) {
- if (fuzzy_dirlist)
- flist_free(fuzzy_dirlist);
-- fuzzy_dirlist = get_dirlist(dn, -1, 1);
-+ if (fuzzy_basis && S_ISREG(file->mode))
-+ fuzzy_dirlist = get_dirlist(dn, -1, 1);
+@@ -860,6 +865,10 @@ static void recv_generator(char *fname,
+ }
+ if (fuzzy_basis)
+ need_fuzzy_dirlist = 1;
+#ifdef SUPPORT_ACLS
-+ if (!preserve_perms)
-+ dflt_perms = default_perms_for_dir(dn);
++ if (!preserve_perms)
++ dflt_perms = default_perms_for_dir(dn);
+#endif
- }
-- fuzzy_dirname = dn;
-+ parent_dirname = dn;
}
+ parent_dirname = dn;
- statret = link_stat(fname, &st,
-@@ -859,7 +869,8 @@ static void recv_generator(char *fname,
+@@ -887,7 +896,8 @@ static void recv_generator(char *fname,
if (!preserve_perms) {
int exists = statret == 0
&& S_ISDIR(st.st_mode) == S_ISDIR(file->mode);
}
if (S_ISDIR(file->mode)) {
-@@ -893,6 +904,10 @@ static void recv_generator(char *fname,
- if (set_file_attrs(fname, file, statret ? NULL : &st, 0)
- && verbose && code && f_out != -1)
- rprintf(code, "%s/\n", fname);
-+#ifdef SUPPORT_ACLS
-+ if (f_out == -1)
-+ SET_ACL(fname, file);
-+#endif
- if (delete_during && f_out != -1 && !phase && dry_run < 2
- && (file->flags & FLAG_DEL_HERE))
- delete_in_dir(the_file_list, fname, file, &st);
-@@ -1328,6 +1343,8 @@ void generate_files(int f_out, struct fi
+@@ -1366,6 +1376,8 @@ void generate_files(int f_out, struct fi
* notice that and let us know via the redo pipe (or its closing). */
ignore_timeout = 1;
--- old/lib/sysacls.c
+++ new/lib/sysacls.c
-@@ -0,0 +1,3242 @@
-+/*
-+ Unix SMB/CIFS implementation.
-+ Samba system utilities for ACL support.
-+ Copyright (C) Jeremy Allison 2000.
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 2 of the License, or
-+ (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program; if not, write to the Free Software
-+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+*/
+@@ -0,0 +1,3241 @@
++/*
++ * Unix SMB/CIFS implementation.
++ * Samba system utilities for ACL support.
++ *
++ * Copyright (C) Jeremy Allison 2000.
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or
++ * (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License along
++ * with this program; if not, write to the Free Software Foundation, Inc.,
++ * 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
++ */
+
+#include "rsync.h"
+#include "sysacls.h" /****** ADDED ******/
+
+ for (i = 0; i < acl_d->count; i++) {
+ struct acl *ap = &acl_d->acl[i];
-+ struct passwd *pw;
+ struct group *gr;
+ char tagbuf[12];
+ char idbuf[12];
+ * acl[] array, this actually allocates an ACL with room
+ * for (count+1) entries
+ */
-+ if ((a = SMB_MALLOC(sizeof(struct SMB_ACL_T) + count * sizeof(struct acl))) == NULL) {
++ if ((a = (SMB_ACL_T)SMB_MALLOC(sizeof(struct SMB_ACL_T) + count * sizeof(struct acl))) == NULL) {
+ errno = ENOMEM;
+ return NULL;
+ }
+ return 0;
+}
+
-+int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
++int sys_acl_free_qualifier(UNUSED(void *qual), UNUSED(SMB_ACL_TAG_T tagtype))
+{
+ return 0;
+}
+
+ for (i = 0; i < acl_d->count; i++) {
+ struct acl *ap = &acl_d->acl[i];
-+ struct passwd *pw;
+ struct group *gr;
+ char tagbuf[12];
+ char idbuf[12];
--- old/options.c
+++ new/options.c
-@@ -44,6 +44,7 @@ int keep_dirlinks = 0;
+@@ -47,6 +47,7 @@ int copy_dirlinks = 0;
int copy_links = 0;
int preserve_links = 0;
int preserve_hard_links = 0;
/* Note that this field may not have type ino_t. It depends
* on the complicated interaction between largefile feature
-@@ -294,6 +300,9 @@ void usage(enum logcode F)
- rprintf(F," -K, --keep-dirlinks treat symlinked dir on receiver as dir\n");
+@@ -295,6 +301,9 @@ void usage(enum logcode F)
+ rprintf(F," -H, --hard-links preserve hard links\n");
rprintf(F," -p, --perms preserve permissions\n");
rprintf(F," -E, --executability preserve the file's executability\n");
+#ifdef SUPPORT_ACLS
rprintf(F," --chmod=CHMOD change destination permissions\n");
rprintf(F," -o, --owner preserve owner (super-user only)\n");
rprintf(F," -g, --group preserve group\n");
-@@ -409,6 +418,9 @@ static struct poptOption long_options[]
+@@ -410,6 +419,9 @@ static struct poptOption long_options[]
{"no-perms", 0, POPT_ARG_VAL, &preserve_perms, 0, 0, 0 },
{"no-p", 0, POPT_ARG_VAL, &preserve_perms, 0, 0, 0 },
{"executability", 'E', POPT_ARG_NONE, &preserve_executability, 0, 0, 0 },
{"times", 't', POPT_ARG_VAL, &preserve_times, 1, 0, 0 },
{"no-times", 0, POPT_ARG_VAL, &preserve_times, 0, 0, 0 },
{"no-t", 0, POPT_ARG_VAL, &preserve_times, 0, 0, 0 },
-@@ -1062,6 +1074,23 @@ int parse_arguments(int *argc, const cha
+@@ -1070,6 +1082,24 @@ int parse_arguments(int *argc, const cha
usage(FINFO);
exit_cleanup(0);
+ case 'A':
+#ifdef SUPPORT_ACLS
-+ preserve_acls = preserve_perms = 1;
++ preserve_acls++;
++ preserve_perms = 1;
+ break;
+#else
+ /* FIXME: this should probably be ignored with a
default:
/* A large opt value means that set_refuse_options()
* turned this option off. */
-@@ -1502,6 +1531,10 @@ void server_options(char **args,int *arg
+@@ -1504,6 +1534,10 @@ void server_options(char **args,int *arg
if (preserve_hard_links)
argstr[x++] = 'H';
if (preserve_gid)
--- old/receiver.c
+++ new/receiver.c
-@@ -349,6 +349,10 @@ int recv_files(int f_in, struct file_lis
+@@ -48,6 +48,7 @@ extern int keep_partial;
+ extern int checksum_seed;
+ extern int inplace;
+ extern int delay_updates;
++extern mode_t orig_umask;
+ extern struct stats stats;
+ extern char *log_format;
+ extern char *tmpdir;
+@@ -346,6 +347,10 @@ int recv_files(int f_in, struct file_lis
int itemizing = am_daemon ? daemon_log_format_has_i
: !am_server && log_format_has_i;
int max_phase = protocol_version >= 29 ? 2 : 1;
int i, recv_ok;
if (verbose > 2)
-@@ -546,7 +550,16 @@ int recv_files(int f_in, struct file_lis
+@@ -543,7 +548,16 @@ int recv_files(int f_in, struct file_lis
* mode based on the local permissions and some heuristics. */
if (!preserve_perms) {
int exists = fd1 != -1;
/* We now check to see if we are writing file "inplace" */
--- old/rsync.c
+++ new/rsync.c
-@@ -100,7 +100,8 @@ void free_sums(struct sum_struct *s)
+@@ -33,6 +33,7 @@
+ extern int verbose;
+ extern int dry_run;
+ extern int daemon_log_format_has_i;
++extern int preserve_acls;
+ extern int preserve_perms;
+ extern int preserve_executability;
+ extern int preserve_times;
+@@ -101,7 +102,8 @@ void free_sums(struct sum_struct *s)
/* This is only called when we aren't preserving permissions. Figure out what
* the permissions should be and return them merged back into the mode. */
{
/* If the file already exists, we'll return the local permissions,
* possibly tweaked by the --executability option. */
-@@ -115,7 +116,7 @@ mode_t dest_mode(mode_t flist_mode, mode
+@@ -116,7 +118,7 @@ mode_t dest_mode(mode_t flist_mode, mode
cur_mode |= (cur_mode & 0444) >> 2;
}
} else
- cur_mode = flist_mode & ACCESSPERMS & ~orig_umask;
-+ cur_mode = (flist_mode & ACCESSPERMS & dflt_perms) | S_IWUSR;
++ cur_mode = flist_mode & ACCESSPERMS & dflt_perms;
+ if (daemon_chmod_modes && !S_ISLNK(flist_mode))
+ cur_mode = tweak_mode(cur_mode, daemon_chmod_modes);
return (flist_mode & ~CHMOD_BITS) | (cur_mode & CHMOD_BITS);
- }
-
-@@ -214,6 +215,14 @@ int set_file_attrs(char *fname, struct f
+@@ -203,6 +205,17 @@ int set_file_attrs(char *fname, struct f
+ updated = 1;
}
- #endif
-+ /* If this is a directory, SET_ACL() will be called on the cleanup
-+ * receive_generator() pass (if we called it here, we might clobber
-+ * writability on the directory). Everything else is OK to do now. */
-+ if (!S_ISDIR(st->st_mode)) {
-+ if (SET_ACL(fname, file) == 0)
-+ updated = 1;
-+ }
++#ifdef SUPPORT_ACLS
++ /* It's OK to call set_acl() now, even for a dir, as the generator
++ * will enable owner-writability using chmod, if necessary.
++ *
++ * If set_acl changes permission bits in the process of setting
++ * an access ACL, it changes st->st_mode so we know whether we
++ * need to chmod. */
++ if (preserve_acls && set_acl(fname, file, &st->st_mode) == 0)
++ updated = 1;
++#endif
+
- if (verbose > 1 && flags & ATTRS_REPORT) {
- enum logcode code = daemon_log_format_has_i || dry_run
- ? FCLIENT : FINFO;
+ #ifdef HAVE_CHMOD
+ if ((st->st_mode & CHMOD_BITS) != (file->mode & CHMOD_BITS)) {
+ int ret = do_chmod(fname, file->mode);
--- old/rsync.h
+++ new/rsync.h
-@@ -657,6 +657,44 @@ struct chmod_mode_struct;
+@@ -660,6 +660,20 @@ struct chmod_mode_struct;
#define UNUSED(x) x __attribute__((__unused__))
+#define ACLS_NEED_MASK 1
+#endif
+
-+#ifdef SUPPORT_ACLS
-+#ifdef HAVE_SYS_ACL_H
++#if defined SUPPORT_ACLS && defined HAVE_SYS_ACL_H
+#include <sys/acl.h>
+#endif
-+#define MAKE_ACL(file, fname) make_acl(file, fname)
-+#define SEND_ACL(file, f) send_acl(file, f)
-+#define RECEIVE_ACL(file, f) receive_acl(file, f)
-+#define SORT_FILE_ACL_INDEX_LISTS() sort_file_acl_index_lists()
-+#define SET_ACL(fname, file) set_acl(fname, file)
-+#define NEXT_ACL_UID() next_acl_uid()
-+#define ACL_UID_MAP(uid) acl_uid_map(uid)
-+#define PUSH_KEEP_BACKUP_ACL(file, orig, dest) \
-+ push_keep_backup_acl(file, orig, dest)
-+#define CLEANUP_KEEP_BACKUP_ACL() cleanup_keep_backup_acl()
-+#define DUP_ACL(orig, dest, mode) dup_acl(orig, dest, mode)
-+#else /* SUPPORT_ACLS */
-+#define MAKE_ACL(file, fname) 1 /* checked return value */
-+#define SEND_ACL(file, f)
-+#define RECEIVE_ACL(file, f)
-+#define SORT_FILE_ACL_INDEX_LISTS()
-+#define SET_ACL(fname, file) 1 /* checked return value */
-+#define NEXT_ACL_UID()
-+#define ACL_UID_MAP(uid)
-+#define PUSH_KEEP_BACKUP_ACL(file, orig, dest)
-+#define CLEANUP_KEEP_BACKUP_ACL()
-+#define DUP_ACL(src, orig, mode) 1 /* checked return value */
-+#endif /* SUPPORT_ACLS */
+#include "smb_acls.h"
+
#include "proto.h"
/* We have replacement versions of these if they're missing. */
--- old/rsync.yo
+++ new/rsync.yo
-@@ -317,6 +317,7 @@ to the detailed description below for a
- -K, --keep-dirlinks treat symlinked dir on receiver as dir
+@@ -321,6 +321,7 @@ to the detailed description below for a
+ -H, --hard-links preserve hard links
-p, --perms preserve permissions
-E, --executability preserve executability
+ -A, --acls preserve ACLs (implies -p) [non-standard]
--chmod=CHMOD change destination permissions
-o, --owner preserve owner (super-user only)
-g, --group preserve group
-@@ -691,7 +692,9 @@ quote(itemize(
+@@ -742,7 +743,9 @@ quote(itemize(
permissions, though the bf(--executability) option might change just
the execute permission for the file.
it() New files get their "normal" permission bits set to the source
their special permission bits disabled except in the case where a new
directory inherits a setgid bit from its parent directory.
))
-@@ -722,9 +725,11 @@ The preservation of the destination's se
+@@ -773,9 +776,11 @@ The preservation of the destination's se
directories when bf(--perms) is off was added in rsync 2.6.7. Older rsync
versions erroneously preserved the three special permission bits for
newly-created files when bf(--perms) was off, while overriding the
dit(bf(-E, --executability)) This option causes rsync to preserve the
executability (or non-executability) of regular files when bf(--perms) is
-@@ -742,6 +747,10 @@ quote(itemize(
+@@ -793,6 +798,15 @@ quote(itemize(
If bf(--perms) is enabled, this option is ignored.
+dit(bf(-A, --acls)) This option causes rsync to update the destination
+ACLs to be the same as the source ACLs. This nonstandard option only
+works if the remote rsync also supports it. bf(--acls) implies bf(--perms).
++
++Note also that an optimization of the ACL-sending protocol used by this
++version makes it incompatible with sending files to an older ACL-enabled
++rsync unless you double the bf(--acls) option (e.g. bf(-AA)). This
++doubling is not needed when pulling files from an older rsync.
+
dit(bf(--chmod)) This option tells rsync to apply one or more
comma-separated "chmod" strings to the permission of the files in the
transfer. The resulting value is treated as though it was the permissions
--- old/smb_acls.h
+++ new/smb_acls.h
-@@ -0,0 +1,277 @@
-+/*
-+ Unix SMB/Netbios implementation.
-+ Version 2.2.x
-+ Portable SMB ACL interface
-+ Copyright (C) Jeremy Allison 2000
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 2 of the License, or
-+ (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program; if not, write to the Free Software
-+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+*/
+@@ -0,0 +1,282 @@
++/*
++ * Unix SMB/Netbios implementation.
++ * Version 2.2.x
++ * Portable SMB ACL interface
++ *
++ * Copyright (C) 2000 Jeremy Allison
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or
++ * (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License along
++ * with this program; if not, write to the Free Software Foundation, Inc.,
++ * 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
++ */
+
+#ifndef _SMB_ACLS_H
+#define _SMB_ACLS_H
+
-+#if defined(HAVE_POSIX_ACLS)
++#if defined HAVE_POSIX_ACLS
+
+/* This is an identity mapping (just remove the SMB_). */
+
+#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS
+#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT
+
-+#elif defined(HAVE_TRU64_ACLS)
++#elif defined HAVE_TRU64_ACLS
+
+/* This is for DEC/Compaq Tru64 UNIX */
+
+#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS
+#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT
+
-+#elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS)
++#elif defined HAVE_UNIXWARE_ACLS || defined HAVE_SOLARIS_ACLS
+/*
+ * Donated by Michael Davidson <md@sco.COM> for UnixWare / OpenUNIX.
+ * Modified by Toomas Soome <tsoome@ut.ee> for Solaris.
+#define SMB_ACL_TYPE_ACCESS 0
+#define SMB_ACL_TYPE_DEFAULT 1
+
-+#elif defined(HAVE_HPUX_ACLS)
++#ifdef __CYGWIN__
++#define SMB_ACL_LOSES_SPECIAL_MODE_BITS
++#endif
++
++#elif defined HAVE_HPUX_ACLS
+
+/*
+ * Based on the Solaris & UnixWare code.
+#define SMB_ACL_TYPE_ACCESS 0
+#define SMB_ACL_TYPE_DEFAULT 1
+
-+#elif defined(HAVE_IRIX_ACLS)
++#elif defined HAVE_IRIX_ACLS
+
+#define SMB_ACL_TAG_T acl_tag_t
+#define SMB_ACL_TYPE_T acl_type_t
+#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS
+#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT
+
-+#elif defined(HAVE_AIX_ACLS)
++#elif defined HAVE_AIX_ACLS
+
+/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
+
+
+#endif /* No ACLs. */
+#endif /* _SMB_ACLS_H */
+--- old/testsuite/acls.test
++++ new/testsuite/acls.test
+@@ -0,0 +1,34 @@
++#! /bin/sh
++
++# This program is distributable under the terms of the GNU GPL (see
++# COPYING).
++
++# Test that rsync handles basic ACL preservation.
++
++. $srcdir/testsuite/rsync.fns
++
++$RSYNC --version | grep ", ACLs" >/dev/null || test_skipped "Rsync is configured without ACL support"
++case "$setfacl_nodef" in
++true) test_skipped "I don't know how to use your setfacl command" ;;
++esac
++
++makepath "$fromdir/foo"
++echo something >"$fromdir/file1"
++echo else >"$fromdir/file2"
++
++files='foo file1 file2'
++
++setfacl -m u:0:7 "$fromdir/foo" || test_skipped "Your filesystem has ACLs disabled"
++setfacl -m u:0:5 "$fromdir/file1"
++setfacl -m u:0:5 "$fromdir/file2"
++
++$RSYNC -avvA "$fromdir/" "$todir/"
++
++cd "$fromdir"
++getfacl $files >"$scratchdir/acls.txt"
++
++cd "$todir"
++getfacl $files | diff $diffopt "$scratchdir/acls.txt" -
++
++# The script would have aborted on error, so getting here means we've won.
++exit 0
--- old/testsuite/default-acls.test
+++ new/testsuite/default-acls.test
-@@ -0,0 +1,55 @@
+@@ -0,0 +1,65 @@
+#! /bin/sh
+
-+# This program is distributable under the terms of the GNU GPL see
++# This program is distributable under the terms of the GNU GPL (see
+# COPYING).
+
+# Test that rsync obeys default ACLs. -- Matt McCutchen
+. $srcdir/testsuite/rsync.fns
+
+$RSYNC --version | grep ", ACLs" >/dev/null || test_skipped "Rsync is configured without ACL support"
-+setfacl -dm u::rwx,g::---,o::--- "$scratchdir" || test_skipped "Your filesystem has ACLs disabled"
++case "$setfacl_nodef" in
++true) test_skipped "I don't know how to use your setfacl command" ;;
++*-k*) opts='-dm u::7,g::5,o:5' ;;
++*) opts='-m d:u::7,d:g::5,d:o:5' ;;
++esac
++setfacl $opts "$scratchdir" || test_skipped "Your filesystem has ACLs disabled"
+
+# Call as: testit <dirname> <default-acl> <file-expected> <program-expected>
+testit() {
+ todir="$scratchdir/$1"
+ mkdir "$todir"
-+ # FIXME This doesn't work on solaris...
-+ setfacl -k "$todir"
-+ [ "$2" ] && setfacl -dm "$2" "$todir"
++ $setfacl_nodef "$todir"
++ if [ "$2" ]; then
++ case "$setfacl_nodef" in
++ *-k*) opts="-dm $2" ;;
++ *) opts="-m `echo $2 | sed 's/\([ugom]:\)/d:\1/g'`"
++ esac
++ setfacl $opts "$todir"
++ fi
+ # Make sure we obey ACLs when creating a directory to hold multiple transferred files,
+ # even though the directory itself is outside the transfer
+ $RSYNC -rvv "$scratchdir/dir" "$scratchdir/file" "$scratchdir/program" "$todir/to/"
+ $RSYNC -rvv "$scratchdir/file" "$todir/to/anotherfile"
+ check_perms "$todir/to/anotherfile" $3 "Target $1"
+ # Make sure we obey default ACLs when not transferring a regular file
-+ $RSYNC -rvv "$scratchdir/dir" "$todir/to/anotherdir"
++ $RSYNC -rvv "$scratchdir/dir/" "$todir/to/anotherdir/"
+ check_perms "$todir/to/anotherdir" $4 "Target $1"
+}
+
+
+# Test some target directories
+umask 0077
-+testit da777 u::rwx,g::rwx,o::rwx rw-rw-rw- rwxrwxrwx
-+testit da775 u::rwx,g::rwx,o::r-x rw-rw-r-- rwxrwxr-x
-+testit da750 u::rwx,g::r-x,o::--- rw-r----- rwxr-x---
-+testit da770mask u::rwx,g::---,m::rwx,o::--- rw-rw---- rwxrwx---
++testit da777 u::7,g::7,o:7 rw-rw-rw- rwxrwxrwx
++testit da775 u::7,g::7,o:5 rw-rw-r-- rwxrwxr-x
++testit da750 u::7,g::5,o:0 rw-r----- rwxr-x---
++testit da770mask u::7,u:0:7,g::0,m:7,o:0 rw-rw---- rwxrwx---
+testit noda1 '' rw------- rwx------
+umask 0000
+testit noda2 '' rw-rw-rw- rwxrwxrwx
+exit 0
--- old/uidlist.c
+++ new/uidlist.c
-@@ -34,6 +34,7 @@
+@@ -35,6 +35,7 @@
extern int verbose;
extern int preserve_uid;
extern int preserve_gid;
extern int numeric_ids;
extern int am_root;
-@@ -274,7 +275,7 @@ void send_uid_list(int f)
+@@ -275,7 +276,7 @@ void send_uid_list(int f)
if (numeric_ids)
return;
int len;
/* we send sequences of uid/byte-length/name */
for (list = uidlist; list; list = list->next) {
-@@ -291,7 +292,7 @@ void send_uid_list(int f)
+@@ -292,7 +293,7 @@ void send_uid_list(int f)
write_int(f, 0);
}
int len;
for (list = gidlist; list; list = list->next) {
if (!list->name)
-@@ -312,7 +313,7 @@ void recv_uid_list(int f, struct file_li
+@@ -313,7 +314,7 @@ void recv_uid_list(int f, struct file_li
int id, i;
char *name;
/* read the uid list */
while ((id = read_int(f)) != 0) {
int len = read_byte(f);
-@@ -324,7 +325,7 @@ void recv_uid_list(int f, struct file_li
+@@ -325,7 +326,7 @@ void recv_uid_list(int f, struct file_li
}
}
/* read the gid list */
while ((id = read_int(f)) != 0) {
int len = read_byte(f);
-@@ -336,6 +337,18 @@ void recv_uid_list(int f, struct file_li
+@@ -337,6 +338,16 @@ void recv_uid_list(int f, struct file_li
}
}
+#ifdef SUPPORT_ACLS
+ if (preserve_acls && !numeric_ids) {
-+ id_t id;
-+ /* The enumerations don't return 0 except to flag the last
-+ * entry, since uidlist doesn't munge 0 anyway. */
-+ while ((id = next_acl_uid(flist)) != 0)
-+ acl_uid_map(match_uid(id));
-+ while ((id = next_acl_gid(flist)) != 0)
-+ acl_gid_map(match_gid(id));
++ id_t *id;
++ while ((id = next_acl_uid(flist)) != NULL)
++ *id = match_uid(*id);
++ while ((id = next_acl_gid(flist)) != NULL)
++ *id = match_gid(*id);
+ }
-+#endif /* SUPPORT_ACLS */
++#endif
+
/* Now convert all the uids/gids from sender values to our values. */
if (am_root && preserve_uid && !numeric_ids) {