+
+ /*
+ * Get ACL info: don't bother allocating space if there is only a trivial ACL.
+ */
+ if (acl_get(jcr->last_fname, ACL_NO_TRIVIAL, &aclp) != 0) {
+ Jmsg2(jcr, M_ERROR, 0, _("acl_get error on file \"%s\": ERR=%s\n"),
+ jcr->last_fname, acl_strerror(errno));
+ Dmsg2(100, "acl_get error file=%s ERR=%s\n",
+ jcr->last_fname, acl_strerror(errno));
+
+ return false;
+ }
+
+ if (!aclp) {
+ /*
+ * The ACLs simply reflect the (already known) standard permissions
+ * So we don't send an ACL stream to the SD.
+ */
+ pm_strcpy(jcr->acl_data, "");
+ return true;
+ }
+
+#if defined(ACL_SID_FMT)
+ /*
+ * New format flag added in newer Solaris versions.
+ */
+ flags = ACL_APPEND_ID | ACL_COMPACT_FMT | ACL_SID_FMT;
+#else
+ flags = ACL_APPEND_ID | ACL_COMPACT_FMT;
+#endif /* ACL_SID_FMT */
+
+ if ((acl_text = acl_totext(aclp, flags)) != NULL) {
+ jcr->acl_data_len = pm_strcpy(jcr->acl_data, acl_text);
+ actuallyfree(acl_text);
+
+ switch (acl_type(aclp)) {
+ case ACLENT_T:
+ stream_status = send_acl_stream(jcr, STREAM_ACL_SOLARIS_ACLENT);
+ break;
+ case ACE_T:
+ stream_status = send_acl_stream(jcr, STREAM_ACL_SOLARIS_ACE);
+ break;
+ default:
+ break;
+ }
+
+ acl_free(aclp);
+ }
+
+ return stream_status;
+}
+
+static bool solaris_parse_acl_stream(JCR *jcr, int stream)
+{
+ acl_t *aclp;
+ int acl_enabled, error;
+ berrno be;
+
+ switch (stream) {
+ case STREAM_UNIX_ACCESS_ACL:
+ case STREAM_ACL_SOLARIS_ACLENT:
+ case STREAM_ACL_SOLARIS_ACE:
+ /*
+ * First make sure the filesystem supports acls.
+ */
+ acl_enabled = pathconf(jcr->last_fname, _PC_ACL_ENABLED);
+ switch (acl_enabled) {
+ case 0:
+ Jmsg1(jcr, M_ERROR, 0, _("Trying to restore acl on file \"%s\" on filesystem without acl support\n"),
+ jcr->last_fname);
+
+ return false;
+ case -1:
+ Jmsg2(jcr, M_ERROR, 0, _("pathconf error on file \"%s\": ERR=%s\n"),
+ jcr->last_fname, be.bstrerror());
+ Dmsg3(100, "pathconf error acl=%s file=%s ERR=%s\n",
+ jcr->acl_data, jcr->last_fname, be.bstrerror());
+
+ return false;
+ default:
+ /*
+ * On a filesystem with ACL support make sure this particilar ACL type can be restored.
+ */
+ switch (stream) {
+ case STREAM_ACL_SOLARIS_ACLENT:
+ /*
+ * An aclent can be restored on filesystems with _ACL_ACLENT_ENABLED or _ACL_ACE_ENABLED support.
+ */
+ if ((acl_enabled & (_ACL_ACLENT_ENABLED | _ACL_ACE_ENABLED)) == 0) {
+ Jmsg1(jcr, M_ERROR, 0, _("Trying to restore acl on file \"%s\" on filesystem without aclent acl support\n"),
+ jcr->last_fname);
+ return false;
+ }
+ break;
+ case STREAM_ACL_SOLARIS_ACE:
+ /*
+ * An ace can only be restored on a filesystem with _ACL_ACE_ENABLED support.
+ */
+ if ((acl_enabled & _ACL_ACE_ENABLED) == 0) {
+ Jmsg1(jcr, M_ERROR, 0, _("Trying to restore acl on file \"%s\" on filesystem without ace acl support\n"),
+ jcr->last_fname);
+ return false;
+ }
+ break;
+ default:
+ /*
+ * Stream id which doesn't describe the type of acl which is encoded.
+ */
+ break;
+ }
+ break;
+ }
+
+ if ((error = acl_fromtext(jcr->acl_data, &aclp)) != 0) {
+ Jmsg2(jcr, M_ERROR, 0, _("acl_fromtext error on file \"%s\": ERR=%s\n"),
+ jcr->last_fname, acl_strerror(error));
+ Dmsg3(100, "acl_fromtext error acl=%s file=%s ERR=%s\n",
+ jcr->acl_data, jcr->last_fname, acl_strerror(error));
+ return false;
+ }
+
+ /*
+ * Validate that the conversion gave us the correct acl type.
+ */
+ switch (stream) {
+ case STREAM_ACL_SOLARIS_ACLENT:
+ if (acl_type(aclp) != ACLENT_T) {
+ Jmsg1(jcr, M_ERROR, 0, _("wrong encoding of acl type in acl stream on file \"%s\"\n"),
+ jcr->last_fname);
+ return false;
+ }
+ break;
+ case STREAM_ACL_SOLARIS_ACE:
+ if (acl_type(aclp) != ACE_T) {
+ Jmsg1(jcr, M_ERROR, 0, _("wrong encoding of acl type in acl stream on file \"%s\"\n"),
+ jcr->last_fname);
+ return false;
+ }
+ break;
+ default:
+ /*
+ * Stream id which doesn't describe the type of acl which is encoded.
+ */
+ break;
+ }
+
+ /*
+ * Restore the ACLs, but don't complain about links which really should
+ * not have attributes, and the file it is linked to may not yet be restored.
+ * This is only true for the old acl streams as in the new implementation we
+ * don't save acls of symlinks (which cannot have acls anyhow)
+ */
+ if ((error = acl_set(jcr->last_fname, aclp)) == -1 && jcr->last_type != FT_LNK) {
+ Jmsg2(jcr, M_ERROR, 0, _("acl_set error on file \"%s\": ERR=%s\n"),
+ jcr->last_fname, acl_strerror(error));
+ Dmsg3(100, "acl_set error acl=%s file=%s ERR=%s\n",
+ jcr->acl_data, jcr->last_fname, acl_strerror(error));
+
+ acl_free(aclp);
+ return false;
+ }
+
+ acl_free(aclp);
+ return true;
+ default:
+ return false;
+ } /* end switch (stream) */
+}
+
+#else /* HAVE_EXTENDED_ACL */
+
+/*
+ * See if an acl is a trivial one (e.g. just the stat bits encoded as acl.)
+ * There is no need to store those acls as we already store the stat bits too.
+ */
+static bool acl_is_trivial(int count, aclent_t *entries)
+{
+ int n;
+ aclent_t *ace;
+
+ for (n = 0; n < count; n++) {
+ ace = &entries[n];
+
+ if (!(ace->a_type == USER_OBJ ||
+ ace->a_type == GROUP_OBJ ||
+ ace->a_type == OTHER_OBJ ||
+ ace->a_type == CLASS_OBJ))
+ return false;