From: Martin Matuska <martin@matuska.org>
Date: Tue, 17 Jan 2017 14:04:43 +0000 (+0100)
Subject: Use HAVE_ACL_TYPE_NFS4 instead of checking against system constant
X-Git-Tag: v3.3.0~48
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=77ab581c3ec641fd7d3a504aeeabeb2aa829646b;p=thirdparty%2Flibarchive.git

Use HAVE_ACL_TYPE_NFS4 instead of checking against system constant
Verify ACL types in test_acl_platform_nfs4.c
Add missing inheritance flag to test_acl_platform_nfs4.c
---

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 14649e997..c687a0ea6 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1605,6 +1605,7 @@ IF(ENABLE_ACL)
   CHECK_FUNCTION_EXISTS(acl_get_link_np HAVE_ACL_GET_LINK_NP)
   CHECK_FUNCTION_EXISTS(acl_is_trivial_np HAVE_ACL_IS_TRIVIAL_NP)
   CHECK_FUNCTION_EXISTS(acl_set_link_np HAVE_ACL_SET_LINK_NP)
+  CHECK_SYMBOL_EXISTS(ACL_TYPE_NFS4 "${INCLUDES}" HAVE_ACL_TYPE_NFS4)
 
   # MacOS has an acl.h that isn't POSIX.  It can be detected by
   # checking for ACL_USER
diff --git a/build/cmake/config.h.in b/build/cmake/config.h.in
index 053d20511..cd87c94ed 100644
--- a/build/cmake/config.h.in
+++ b/build/cmake/config.h.in
@@ -326,6 +326,9 @@ typedef uint64_t uintmax_t;
 /* Define to 1 if you have the `acl_set_file' function. */
 #cmakedefine HAVE_ACL_SET_FILE 1
 
+/* True for FreeBSD with NFSv4 ACL support */
+#cmakedefine HAVE_ACL_TYPE_NFS4 1
+
 /* True for systems with POSIX ACL support */
 #cmakedefine HAVE_ACL_USER 1
 
diff --git a/configure.ac b/configure.ac
index f97ef854d..a2bce2cf9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -724,6 +724,12 @@ if test "x$enable_acl" != "xno"; then
 	#endif
 	])
 
+    # Check for ACL_TYPE_NFS4
+    AC_CHECK_DECL([ACL_TYPE_NFS4],
+		[AC_DEFINE(HAVE_ACL_TYPE_NFS4, 1, [True for FreeBSD with NFSv4 ACL support])],
+		[],
+		[#include <sys/acl.h>])
+
     # MacOS has an acl.h that isn't POSIX.  It can be detected by
     # checking for ACL_USER
     AC_CHECK_DECL([ACL_USER],
diff --git a/libarchive/archive_read_disk_entry_from_file.c b/libarchive/archive_read_disk_entry_from_file.c
index 50e74d988..26f8fad14 100644
--- a/libarchive/archive_read_disk_entry_from_file.c
+++ b/libarchive/archive_read_disk_entry_from_file.c
@@ -454,7 +454,7 @@ setup_acls(struct archive_read_disk *a,
 
 	acl = NULL;
 
-#if defined(ACL_TYPE_NFS4) || HAVE_SUN_ACL
+#if HAVE_ACL_TYPE_NFS4 || HAVE_SUN_ACL
 	/* Try NFSv4 ACL first. */
 	if (*fd >= 0)
 #if HAVE_SUN_ACL
@@ -515,7 +515,7 @@ setup_acls(struct archive_read_disk *a,
 		}
 		return (r);
 	}
-#endif	/* defined(ACL_TYPE_NFS4) || HAVE_SUN_ACL */
+#endif	/* HAVE_ACL_TYPE_NFS4 || HAVE_SUN_ACL */
 
 #if !HAVE_SUN_ACL
 	/* Retrieve access ACL from file. */
@@ -608,7 +608,7 @@ static struct {
 	{ARCHIVE_ENTRY_ACL_EXECUTE, ACL_EXECUTE},
 	{ARCHIVE_ENTRY_ACL_WRITE, ACL_WRITE},
 	{ARCHIVE_ENTRY_ACL_READ, ACL_READ},
-#ifdef ACL_TYPE_NFS4	/* FreeBSD NFSv4 ACL permissions */
+#if HAVE_ACL_TYPE_NFS4	/* FreeBSD NFSv4 ACL permissions */
 	{ARCHIVE_ENTRY_ACL_READ_DATA, ACL_READ_DATA},
 	{ARCHIVE_ENTRY_ACL_LIST_DIRECTORY, ACL_LIST_DIRECTORY},
 	{ARCHIVE_ENTRY_ACL_WRITE_DATA, ACL_WRITE_DATA},
@@ -629,7 +629,7 @@ static struct {
 #endif	/* !HAVE_SUN_ACL */
 };
 
-#if defined(ACL_TYPE_NFS4) || HAVE_SUN_ACL
+#if HAVE_ACL_TYPE_NFS4 || HAVE_SUN_ACL
 /*
  * Translate system NFSv4 inheritance flags into libarchive internal structure
  */
@@ -655,7 +655,7 @@ static struct {
 	{ARCHIVE_ENTRY_ACL_ENTRY_INHERITED, ACL_ENTRY_INHERITED}
 #endif	/* !HAVE_SUN_ACL */
 };
-#endif	/* defined(ACL_TYPE_NFS4) || HAVE_SUN_ACL */
+#endif	/* HAVE_ACL_TYPE_NFS4 || HAVE_SUN_ACL */
 
 #if HAVE_SUN_ACL
 /*
@@ -953,7 +953,7 @@ translate_acl(struct archive_read_disk *a,
     struct archive_entry *entry, acl_t acl, int default_entry_acl_type)
 {
 	acl_tag_t	 acl_tag;
-#ifdef ACL_TYPE_NFS4
+#if HAVE_ACL_TYPE_NFS4
 	acl_entry_type_t acl_type;
 	acl_flagset_t	 acl_flagset;
 	int brand;
@@ -965,7 +965,7 @@ translate_acl(struct archive_read_disk *a,
 	const char	*ae_name;
 
 
-#ifdef ACL_TYPE_NFS4
+#if HAVE_ACL_TYPE_NFS4
 	// FreeBSD "brands" ACLs as POSIX.1e or NFSv4
 	// Make sure the "brand" on this ACL is consistent
 	// with the default_entry_acl_type bits provided.
@@ -1039,7 +1039,7 @@ translate_acl(struct archive_read_disk *a,
 		case ACL_OTHER:
 			ae_tag = ARCHIVE_ENTRY_ACL_OTHER;
 			break;
-#ifdef ACL_TYPE_NFS4
+#if HAVE_ACL_TYPE_NFS4
 		case ACL_EVERYONE:
 			ae_tag = ARCHIVE_ENTRY_ACL_EVERYONE;
 			break;
@@ -1052,7 +1052,7 @@ translate_acl(struct archive_read_disk *a,
 
 		// XXX acl_type maps to allow/deny/audit/YYYY bits
 		entry_acl_type = default_entry_acl_type;
-#ifdef ACL_TYPE_NFS4
+#if HAVE_ACL_TYPE_NFS4
 		if (default_entry_acl_type & ARCHIVE_ENTRY_ACL_TYPE_NFS4) {
 			/*
 			 * acl_get_entry_type_np() fails with non-NFSv4 ACLs
diff --git a/libarchive/archive_write_disk_acl.c b/libarchive/archive_write_disk_acl.c
index 3ae3c0689..fa44da157 100644
--- a/libarchive/archive_write_disk_acl.c
+++ b/libarchive/archive_write_disk_acl.c
@@ -87,7 +87,7 @@ archive_write_disk_set_acls(struct archive *a, int fd, const char *name,
 #endif
 		return (ret);
 	}
-#if defined(ACL_TYPE_NFS4) || HAVE_SUN_ACL
+#if HAVE_ACL_TYPE_NFS4 || HAVE_SUN_ACL
 	else if (archive_acl_count(abstract_acl,
 	    ARCHIVE_ENTRY_ACL_TYPE_NFS4) > 0) {
 #if HAVE_SUN_ACL
@@ -99,7 +99,7 @@ archive_write_disk_set_acls(struct archive *a, int fd, const char *name,
 #endif	/* !HAVE_SUN_ACL */
 		return (ret);
 	}
-#endif	/* defined(ACL_TYPE_NFS4) && HAVE_SUN_ACL */
+#endif	/* HAVE_ACL_TYPE_NFS4 && HAVE_SUN_ACL */
 	else {
 		/* No ACLs found */
 		return ARCHIVE_OK;
@@ -135,7 +135,7 @@ static struct {
 	{ARCHIVE_ENTRY_ACL_EXECUTE, ACL_EXECUTE},
 	{ARCHIVE_ENTRY_ACL_WRITE, ACL_WRITE},
 	{ARCHIVE_ENTRY_ACL_READ, ACL_READ},
-#ifdef ACL_TYPE_NFS4	/* FreeBSD NFSv4 ACL permissions */
+#if HAVE_ACL_TYPE_NFS4	/* FreeBSD NFSv4 ACL permissions */
 	{ARCHIVE_ENTRY_ACL_READ_DATA, ACL_READ_DATA},
 	{ARCHIVE_ENTRY_ACL_LIST_DIRECTORY, ACL_LIST_DIRECTORY},
 	{ARCHIVE_ENTRY_ACL_WRITE_DATA, ACL_WRITE_DATA},
@@ -156,7 +156,7 @@ static struct {
 #endif	/* !HAVE_SUN_ACL */
 };
 
-#if defined(ACL_TYPE_NFS4) || HAVE_SUN_ACL
+#if HAVE_ACL_TYPE_NFS4 || HAVE_SUN_ACL
 /*
  * Translate system NFSv4 inheritance flags into libarchive internal structure
  */
@@ -182,7 +182,7 @@ static struct {
 	{ARCHIVE_ENTRY_ACL_ENTRY_INHERITED, ACL_ENTRY_INHERITED}
 #endif	/* !HAVE_SUN_ACL */
 };
-#endif	/* defined(ACL_TYPE_NFS4) || HAVE_SUN_ACL */
+#endif	/* HAVE_ACL_TYPE_NFS4 || HAVE_SUN_ACL */
 
 static int
 set_acl(struct archive *a, int fd, const char *name,
@@ -199,7 +199,7 @@ set_acl(struct archive *a, int fd, const char *name,
 	acl_entry_t	 acl_entry;
 	acl_permset_t	 acl_permset;
 #endif
-#ifdef ACL_TYPE_NFS4
+#if HAVE_ACL_TYPE_NFS4
 	acl_flagset_t	 acl_flagset;
 	int		 r;
 #endif
@@ -345,7 +345,7 @@ set_acl(struct archive *a, int fd, const char *name,
 		case ARCHIVE_ENTRY_ACL_OTHER:
 			acl_set_tag_type(acl_entry, ACL_OTHER);
 			break;
-#ifdef ACL_TYPE_NFS4
+#if HAVE_ACL_TYPE_NFS4
 		case ARCHIVE_ENTRY_ACL_EVERYONE:
 			acl_set_tag_type(acl_entry, ACL_EVERYONE);
 			break;
@@ -358,7 +358,7 @@ set_acl(struct archive *a, int fd, const char *name,
 			goto exit_free;
 		}
 
-#if defined(ACL_TYPE_NFS4) || HAVE_SUN_ACL
+#if HAVE_ACL_TYPE_NFS4 || HAVE_SUN_ACL
 		r = 0;
 		switch (ae_type) {
 #if HAVE_SUN_ACL
@@ -430,7 +430,7 @@ set_acl(struct archive *a, int fd, const char *name,
 			ret = ARCHIVE_FAILED;
 			goto exit_free;
 		}
-#endif	/* defined(ACL_TYPE_NFS4) || HAVE_SUN_ACL */
+#endif	/* HAVE_ACL_TYPE_NFS4 || HAVE_SUN_ACL */
 
 #if HAVE_SUN_ACL
 		if (acl->acl_type == ACLENT_T) {
@@ -472,7 +472,7 @@ set_acl(struct archive *a, int fd, const char *name,
 			}
 		}
 
-#if defined(ACL_TYPE_NFS4) || HAVE_SUN_ACL
+#if HAVE_ACL_TYPE_NFS4 || HAVE_SUN_ACL
 #if HAVE_SUN_ACL
 		if (acl_type == ACE_T)
 #else
diff --git a/libarchive/test/test_acl_platform_nfs4.c b/libarchive/test/test_acl_platform_nfs4.c
index 728c6fc65..4d865f983 100644
--- a/libarchive/test/test_acl_platform_nfs4.c
+++ b/libarchive/test/test_acl_platform_nfs4.c
@@ -31,7 +31,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/acl.h>
 #endif
 
-#if HAVE_SUN_ACL || (HAVE_POSIX_ACL && defined(ACL_TYPE_NFS4))
+#if HAVE_SUN_ACL || (HAVE_POSIX_ACL && HAVE_ACL_TYPE_NFS4)
 
 struct myacl_t {
 	int type;
@@ -147,6 +147,9 @@ static struct myacl_t acls_dir[] = {
 	{ ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
 	  ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_INHERIT_ONLY,
 	  ARCHIVE_ENTRY_ACL_USER, 304, "user304" },
+	{ ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
+	  ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_INHERITED,
+	  ARCHIVE_ENTRY_ACL_USER, 305, "user305" },
 #endif
 
 #if 0
@@ -198,7 +201,7 @@ acl_permset_to_bitmap(acl_permset_t opaque_ps)
 #endif
 {
 	static struct { int machine; int portable; } perms[] = {
-#ifdef HAVE_SUN_ACL
+#ifdef HAVE_SUN_ACL	/* Solaris NFSv4 ACL permissions */
 		{ACE_EXECUTE, ARCHIVE_ENTRY_ACL_EXECUTE},
 		{ACE_READ_DATA, ARCHIVE_ENTRY_ACL_READ_DATA},
 		{ACE_LIST_DIRECTORY, ARCHIVE_ENTRY_ACL_LIST_DIRECTORY},
@@ -216,7 +219,7 @@ acl_permset_to_bitmap(acl_permset_t opaque_ps)
 		{ACE_WRITE_ACL, ARCHIVE_ENTRY_ACL_WRITE_ACL},
 		{ACE_WRITE_OWNER, ARCHIVE_ENTRY_ACL_WRITE_OWNER},
 		{ACE_SYNCHRONIZE, ARCHIVE_ENTRY_ACL_SYNCHRONIZE}
-#else
+#else	/* FreeBSD NFSv4 ACL permissions */
 		{ACL_EXECUTE, ARCHIVE_ENTRY_ACL_EXECUTE},
 		{ACL_WRITE, ARCHIVE_ENTRY_ACL_WRITE},
 		{ACL_READ, ARCHIVE_ENTRY_ACL_READ},
@@ -258,7 +261,7 @@ acl_flagset_to_bitmap(acl_flagset_t opaque_fs)
 #endif
 {
 	static struct { int machine; int portable; } flags[] = {
-#if HAVE_SUN_ACL
+#if HAVE_SUN_ACL	/* Solaris NFSv4 ACL inheritance flags */
 		{ACE_FILE_INHERIT_ACE, ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT},
 		{ACE_DIRECTORY_INHERIT_ACE, ARCHIVE_ENTRY_ACL_ENTRY_DIRECTORY_INHERIT},
 		{ACE_NO_PROPAGATE_INHERIT_ACE, ARCHIVE_ENTRY_ACL_ENTRY_NO_PROPAGATE_INHERIT},
@@ -266,13 +269,13 @@ acl_flagset_to_bitmap(acl_flagset_t opaque_fs)
 		{ACE_SUCCESSFUL_ACCESS_ACE_FLAG, ARCHIVE_ENTRY_ACL_ENTRY_SUCCESSFUL_ACCESS},
 		{ACE_FAILED_ACCESS_ACE_FLAG, ARCHIVE_ENTRY_ACL_ENTRY_FAILED_ACCESS},
 		{ACE_INHERITED_ACE, ARCHIVE_ENTRY_ACL_ENTRY_INHERITED}
-#else
+#else	/* FreeBSD NFSv4 ACL inheritance flags */
+		{ACL_ENTRY_INHERITED, ARCHIVE_ENTRY_ACL_ENTRY_INHERITED},
 		{ACL_ENTRY_FILE_INHERIT, ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT},
 		{ACL_ENTRY_DIRECTORY_INHERIT, ARCHIVE_ENTRY_ACL_ENTRY_DIRECTORY_INHERIT},
 		{ACL_ENTRY_NO_PROPAGATE_INHERIT, ARCHIVE_ENTRY_ACL_ENTRY_NO_PROPAGATE_INHERIT},
 		{ACL_ENTRY_SUCCESSFUL_ACCESS, ARCHIVE_ENTRY_ACL_ENTRY_SUCCESSFUL_ACCESS},
 		{ACL_ENTRY_NO_PROPAGATE_INHERIT, ARCHIVE_ENTRY_ACL_ENTRY_FAILED_ACCESS},
-
 		{ACL_ENTRY_INHERIT_ONLY, ARCHIVE_ENTRY_ACL_ENTRY_INHERIT_ONLY},
 #endif
 	};
@@ -301,6 +304,7 @@ acl_match(acl_entry_t aclent, struct myacl_t *myacl)
 	acl_tag_t tag_type;
 	acl_permset_t opaque_ps;
 	acl_flagset_t opaque_fs;
+	acl_entry_type_t entry_type;
 #endif
 	int perms;
 
@@ -308,6 +312,7 @@ acl_match(acl_entry_t aclent, struct myacl_t *myacl)
 	perms = acl_permset_to_bitmap(ace->a_access_mask) | acl_flagset_to_bitmap(ace->a_flags);
 #else
 	acl_get_tag_type(aclent, &tag_type);
+	acl_get_entry_type_np(aclent, &entry_type);
 
 	/* translate the silly opaque permset to a bitmap */
 	acl_get_permset(aclent, &opaque_ps);
@@ -318,6 +323,27 @@ acl_match(acl_entry_t aclent, struct myacl_t *myacl)
 		return (0);
 
 #if HAVE_SUN_ACL
+	switch (ace->a_type) {
+	case ACE_ACCESS_ALLOWED_ACE_TYPE:
+		if (myacl->type != ARCHIVE_ENTRY_ACL_TYPE_ALLOW)
+			return (0);
+		break;
+	case ACE_ACCESS_DENIED_ACE_TYPE:
+		if (myacl->type != ARCHIVE_ENTRY_ACL_TYPE_DENY)
+			return (0);
+		break;
+	case ACE_SYSTEM_AUDIT_ACE_TYPE:
+		if (myacl->type != ARCHIVE_ENTRY_ACL_TYPE_AUDIT)
+			return (0);
+		break;
+	case ACE_SYSTEM_ALARM_ACE_TYPE:
+		if (myacl->type != ARCHIVE_ENTRY_ACL_TYPE_ALARM)
+			return (0);
+		break;
+	default:
+		return (0);
+	}
+
 	if (ace->a_flags & ACE_OWNER) {
 		if (myacl->tag != ARCHIVE_ENTRY_ACL_USER_OBJ)
 			return (0);
@@ -339,6 +365,25 @@ acl_match(acl_entry_t aclent, struct myacl_t *myacl)
 			return (0);
 	}
 #else	/* !HAVE_SUN_ACL */
+	switch (entry_type) {
+	case ACL_ENTRY_TYPE_ALLOW:
+		if (myacl->type != ARCHIVE_ENTRY_ACL_TYPE_ALLOW)
+			return (0);
+		break;
+	case ACL_ENTRY_TYPE_DENY:
+		if (myacl->type != ARCHIVE_ENTRY_ACL_TYPE_DENY)
+			return (0);
+		break;
+	case ACL_ENTRY_TYPE_AUDIT:
+		if (myacl->type != ARCHIVE_ENTRY_ACL_TYPE_AUDIT)
+			return (0);
+	case ACL_ENTRY_TYPE_ALARM:
+		if (myacl->type != ARCHIVE_ENTRY_ACL_TYPE_ALARM)
+			return (0);
+	default:
+		return (0);
+	}
+
 	switch (tag_type) {
 	case ACL_USER_OBJ:
 		if (myacl->tag != ARCHIVE_ENTRY_ACL_USER_OBJ) return (0);
@@ -509,7 +554,7 @@ compare_entry_acls(struct archive_entry *ae, struct myacl_t *myacls, const char
 	}
 	free(marker);
 }
-#endif	/* HAVE_SUN_ACL || (HAVE_POSIX_ACL && defined(ACL_TYPE_NFS4)) */
+#endif	/* HAVE_SUN_ACL || (HAVE_POSIX_ACL && HAVE_ACL_TYPE_NFS4) */
 
 /*
  * Verify ACL restore-to-disk.  This test is Platform-specific.
@@ -517,7 +562,7 @@ compare_entry_acls(struct archive_entry *ae, struct myacl_t *myacls, const char
 
 DEFINE_TEST(test_acl_platform_nfs4)
 {
-#if !HAVE_SUN_ACL && (!HAVE_POSIX_ACL || !defined(ACL_TYPE_NFS4))
+#if !HAVE_SUN_ACL && (!HAVE_POSIX_ACL || !HAVE_ACL_TYPE_NFS4)
 	skipping("NFS4 ACLs are not supported on this platform");
 #else
 	char buff[64];
@@ -699,5 +744,5 @@ DEFINE_TEST(test_acl_platform_nfs4)
 	    (int)(sizeof(acls_dir)/sizeof(acls_dir[0])));
 	archive_entry_free(ae);
 	assertEqualInt(ARCHIVE_OK, archive_read_free(a));
-#endif /* HAVE_SUN_ACL || (HAVE_POSIX_ACL && defined(ACL_TYPE_NFS4)) */
+#endif /* HAVE_SUN_ACL || (HAVE_POSIX_ACL && HAVE_ACL_TYPE_NFS4) */
 }