Implement POSIX.1e ACL functions

* Makefile.in (DLL_OFILES): Add sec_posixacl.o.
	(SUBLIBS): Add libacl.a
	(libacl.a): New rule to create libacl.a.
	* common.din: Export POSIX ACL functions as well as most libacl.a
	extensions.
	* fhandler.h (fhander_base::acl_get): New prototype.
	(fhander_base::acl_set): Ditto.
	(fhandler_disk_file::acl_get): Ditto.
	(fhandler_disk_file::acl_set): Ditto.
	* include/acl/libacl.h: New file.
	* include/cygwin/version.h: Bump API minor version.
	* include/sys/acl.h: Drop including cygwin/acl.h.  Accommodate
	throughout Cygwin.  Add POSIX ACL definitions.
	* sec_acl.cc: Include sec_posixacl.h.  Replace ILLEGAL_UID and
	ILLEGAL_GID with ACL_UNDEFINED_ID where sensible.
	(__aclcheck): New internal acl check function to be used for
	Solaris and POSIX ACLs.
	(aclcheck32): Call __aclcheck.
	(__aclcalcmask): New function to compute ACL_MASK value.
	(__aclsort): New internal acl sort function to be used for Solaris
	and POSIX ACLs.
	(aclsort32): Call __aclsort.
	(permtostr): Work directly on provided buffer.
	(__acltotext): New internal acltotext function to be used for
	Solaris and POSIX ACLs.
	(acltotext32): Call __acltotext.
	(__aclfromtext): New internal aclfromtext function to be used for
	Solaris and POSIX ACLs.
	(aclfromtext32): Call __aclfromtext.
	* sec_posixacl.cc: New file implemeting POSIX ACL functions.
	* sec_posixacl.h: New internal header.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

winsup/cygwin/Makefile.in

@@ -267,6 +267,7 @@ DLL_OFILES:= \
 	sec_acl.o \
 	sec_auth.o \
 	sec_helper.o \
+	sec_posixacl.o \
 	security.o \
 	select.o \
 	sem.o \
@@ -443,7 +444,7 @@ endif
 API_VER:=$(srcdir)/include/cygwin/version.h
 
 LIB_NAME:=libcygwin.a
-SUBLIBS:=libpthread.a libutil.a ${CURDIR}/libm.a ${CURDIR}/libc.a libdl.a libresolv.a librt.a
+SUBLIBS:=libpthread.a libutil.a ${CURDIR}/libm.a ${CURDIR}/libc.a libdl.a libresolv.a librt.a libacl.a
 EXTRALIBS:=libautomode.a libbinmode.a libtextmode.a libtextreadmode.a
 INSTOBJS:=automode.o binmode.o textmode.o textreadmode.o
 TARGET_LIBS:=$(LIB_NAME) $(CYGWIN_START) $(GMON_START) $(LIBGMON_A) $(SUBLIBS) $(INSTOBJS) $(EXTRALIBS)
@@ -643,6 +644,9 @@ libresolv.a: ${LIB_NAME} minires.o
 librt.a: ${LIB_NAME} posix_ipc.o
 	${speclib} ${@F}
 
+libacl.a: ${LIB_NAME} sec_posixacl.o
+	${speclib} ${@F}
+
 ${EXTRALIBS}: lib%.a: %.o
 	$(AR) cru $@ $?
 

winsup/cygwin/common.din

@@ -117,6 +117,45 @@ accept = cygwin_accept SIGFE
 accept4 SIGFE
 access SIGFE
 acl SIGFE
+acl_add_perm NOSIGFE
+acl_calc_mask SIGFE
+acl_check NOSIGFE
+acl_clear_perms NOSIGFE
+acl_cmp SIGFE
+acl_copy_entry NOSIGFE
+acl_copy_ext NOSIGFE
+acl_copy_int NOSIGFE
+acl_create_entry SIGFE
+acl_delete_def_file SIGFE
+acl_delete_entry NOSIGFE
+acl_delete_perm NOSIGFE
+acl_dup SIGFE
+acl_entries NOSIGFE
+acl_equiv_mode SIGFE
+acl_error NOSIGFE
+acl_extended_fd SIGFE
+acl_extended_file SIGFE
+acl_extended_file_nofollow SIGFE
+acl_free SIGFE
+acl_from_mode NOSIGFE
+acl_from_text SIGFE
+acl_get_entry NOSIGFE
+acl_get_fd SIGFE
+acl_get_file SIGFE
+acl_get_perm NOSIGFE
+acl_get_permset NOSIGFE
+acl_get_qualifier SIGFE
+acl_get_tag_type NOSIGFE
+acl_init SIGFE
+acl_set_fd SIGFE
+acl_set_file SIGFE
+acl_set_permset NOSIGFE
+acl_set_qualifier NOSIGFE
+acl_set_tag_type NOSIGFE
+acl_size NOSIGFE
+acl_to_any_text SIGFE
+acl_to_text SIGFE
+acl_valid NOSIGFE
 aclcheck NOSIGFE
 aclfrommode SIGFE
 aclfrompbits SIGFE

winsup/cygwin/fhandler.cc

@@ -13,7 +13,7 @@ details. */
 #include <unistd.h>
 #include <stdlib.h>
 #include <sys/uio.h>
-#include <sys/acl.h>
+#include <cygwin/acl.h>
 #include <sys/param.h>
 #include "cygerrno.h"
 #include "perprocess.h"

winsup/cygwin/fhandler.h

@@ -56,6 +56,7 @@ typedef struct __DIR DIR;
 struct dirent;
 struct iovec;
 struct acl;
+struct __acl_t;
 
 enum dirent_states
 {
@@ -355,6 +356,8 @@ public:
   virtual int __reg1 fchmod (mode_t mode);
   virtual int __reg2 fchown (uid_t uid, gid_t gid);
   virtual int __reg3 facl (int, int, struct acl *);
+  virtual struct __acl_t * __reg2 acl_get (uint32_t);
+  virtual int __reg3 acl_set (struct __acl_t *, uint32_t);
   virtual ssize_t __reg3 fgetxattr (const char *, void *, size_t);
   virtual int __reg3 fsetxattr (const char *, const void *, size_t, int);
   virtual int __reg3 fadvise (off_t, off_t, int);
@@ -1011,6 +1014,8 @@ class fhandler_disk_file: public fhandler_base
   int __reg1 fchmod (mode_t mode);
   int __reg2 fchown (uid_t uid, gid_t gid);
   int __reg3 facl (int, int, struct acl *);
+  struct __acl_t * __reg2 acl_get (uint32_t);
+  int __reg3 acl_set (struct __acl_t *, uint32_t);
   ssize_t __reg3 fgetxattr (const char *, void *, size_t);
   int __reg3 fsetxattr (const char *, const void *, size_t, int);
   int __reg3 fadvise (off_t, off_t, int);

winsup/cygwin/fhandler_disk_file.cc

@@ -13,7 +13,7 @@ details. */
 #include <winioctl.h>
 #include <lm.h>
 #include <stdlib.h>
-#include <sys/acl.h>
+#include <cygwin/acl.h>
 #include <sys/statvfs.h>
 #include "cygerrno.h"
 #include "security.h"

winsup/cygwin/fhandler_socket.cc

@@ -41,7 +41,7 @@
 #include "wininfo.h"
 #include <unistd.h>
 #include <sys/param.h>
-#include <sys/acl.h>
+#include <cygwin/acl.h>
 #include "cygtls.h"
 #include <sys/un.h>
 #include "ntdll.h"

winsup/cygwin/fhandler_tty.cc

@@ -12,7 +12,7 @@ details. */
 #include "winsup.h"
 #include <stdlib.h>
 #include <sys/param.h>
-#include <sys/acl.h>
+#include <cygwin/acl.h>
 #include <cygwin/kd.h>
 #include "cygerrno.h"
 #include "security.h"

winsup/cygwin/fhandler_virtual.cc

@@ -10,7 +10,7 @@ Cygwin license.  Please consult the file "CYGWIN_LICENSE" for
 details. */
 
 #include "winsup.h"
-#include <sys/acl.h>
+#include <cygwin/acl.h>
 #include <sys/statvfs.h>
 #include "cygerrno.h"
 #include "path.h"

winsup/cygwin/include/acl/libacl.h

@@ -0,0 +1,55 @@
+/* acl/libacl.h: Non-POSIX extensions of libacl
+
+This file is part of Cygwin.
+
+This software is a copyrighted work licensed under the terms of the
+Cygwin license.  Please consult the file "CYGWIN_LICENSE" for
+details. */
+
+#ifndef _ACL_LIBACL_H
+#define _ACL_LIBACL_H
+
+#include <sys/acl.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Sync'd with cygwin/acl.h values. */
+#define ACL_MULTI_ERROR     (0x4)
+#define ACL_DUPLICATE_ERROR (0x5)
+#define ACL_ENTRY_ERROR     (0x6)
+#define ACL_MISS_ERROR      (0x7)
+
+/* acl_to_any_text options. */
+#define TEXT_ABBREVIATE		(0x01)
+#define TEXT_NUMERIC_IDS	(0x02)
+#define TEXT_SOME_EFFECTIVE	(0x04)
+#define TEXT_ALL_EFFECTIVE	(0x08)
+#define TEXT_SMART_INDENT	(0x10)
+
+extern int acl_check (acl_t __acl, int *__last);
+extern int acl_cmp (acl_t __acl1, acl_t __acl2);
+extern int acl_entries (acl_t __acl);
+extern int acl_equiv_mode (acl_t __acl, mode_t *__mode_p);
+extern const char *acl_error (int __code);
+extern int acl_extended_fd (int __fd);
+extern int acl_extended_file (const char *__path_p);
+extern int acl_extended_file_nofollow (const char *__path_p);
+extern acl_t acl_from_mode (mode_t __mode);
+extern int acl_get_perm (acl_permset_t __permset_d, acl_perm_t __perm);
+extern char *acl_to_any_text (acl_t __acl, const char *__prefix,
+			      char __separator, int __options);
+
+#if 0
+/* TODO */
+struct error_context;
+extern int perm_copy_file (const char *, const char *, struct error_context *);
+extern int perm_copy_fd (const char *, int, const char *, int,
+			 struct error_context *);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* _ACL_LIBACL_H */

winsup/cygwin/include/cygwin/version.h

@@ -476,13 +476,14 @@ details. */
       292: Export rpmatch.
       293: Convert utmpname/utmpxname to int.
       294: Export clog10, clog10f.
+      295: Export POSIX ACL functions.
      */
 
      /* Note that we forgot to bump the api for ualarm, strtoll, strtoull,
 	sigaltstack, sethostname. */
 
 #define CYGWIN_VERSION_API_MAJOR 0
-#define CYGWIN_VERSION_API_MINOR 294
+#define CYGWIN_VERSION_API_MINOR 295
 
      /* There is also a compatibity version number associated with the
 	shared memory regions.  It is incremented when incompatible

winsup/cygwin/include/sys/acl.h

@@ -12,6 +12,89 @@ details. */
 #ifndef _SYS_ACL_H
 #define _SYS_ACL_H
 
-#include <cygwin/acl.h>
+#include <_ansi.h>
 
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* POSIX ACL types and functions.  The implementation is based on the
+   internal original Solaris implementation as defined in cygwin/acl.h.
+   However, we don't include cygwin/acl.h from here to avoid poisoning
+   the namespace. */
+
+/* acl_perm_t constants */
+#define ACL_READ		(0x4)
+#define ACL_WRITE		(0x2)
+#define ACL_EXECUTE		(0x1)
+
+/* acl_tag_t constants, in sync with values from cygwin/acl.h */
+#define ACL_UNDEFINED_TAG	(0x0000)
+#define ACL_USER_OBJ		(0x0001)
+#define ACL_USER		(0x0002)
+#define ACL_GROUP_OBJ		(0x0004)
+#define ACL_GROUP		(0x0008)
+#define ACL_MASK		(0x0010)
+#define ACL_OTHER		(0x0020)
+
+/* acl_type_t constants */
+#define ACL_TYPE_ACCESS         (0x0)
+#define ACL_TYPE_DEFAULT        (0x1)
+
+/* qualifier constant */
+#define ACL_UNDEFINED_ID        ((id_t) -1)
+
+/* entry_id constants */
+#define ACL_FIRST_ENTRY         (0x0)
+#define ACL_NEXT_ENTRY          (0x1)
+
+/* types */
+typedef uint32_t acl_perm_t, acl_type_t, acl_tag_t;
+typedef uint64_t acl_permset_t;
+typedef uint64_t acl_entry_t;
+
+struct __acl_t;
+typedef struct __acl_t *acl_t;
+
+extern int	acl_add_perm (acl_permset_t __permset_d, acl_perm_t __perm);
+extern int	acl_calc_mask (acl_t *__acl_p);
+extern int	acl_clear_perms (acl_permset_t __permset_d);
+extern int	acl_copy_entry (acl_entry_t __dest_d, acl_entry_t __src_d);
+extern ssize_t	acl_copy_ext (void *__buf_p, acl_t __acl, ssize_t __size);
+extern acl_t	acl_copy_int (const void *__buf_p);
+extern int	acl_create_entry (acl_t *__acl_p, acl_entry_t *__entry_p);
+extern int	acl_delete_def_file (const char *__path_p);
+extern int	acl_delete_entry (acl_t __acl, acl_entry_t __entry_d);
+extern int	acl_delete_perm (acl_permset_t __permset_d, acl_perm_t __perm);
+extern acl_t	acl_dup (acl_t __acl);
+extern int	acl_free (void *__obj_p);
+extern acl_t	acl_from_text (const char *__buf_p);
+extern int	acl_get_entry (acl_t __acl, int __entry_id,
+			       acl_entry_t *__entry_p);
+extern acl_t	acl_get_fd (int __fd);
+extern acl_t	acl_get_file (const char *__path_p, acl_type_t __type);
+extern int	acl_get_permset (acl_entry_t __entry_d,
+				 acl_permset_t *__permset_p);
+extern void    *acl_get_qualifier (acl_entry_t __entry_d);
+extern int	acl_get_tag_type (acl_entry_t __entry_d,
+				  acl_tag_t *__tag_type_p);
+extern acl_t	acl_init (int __count);
+extern int	acl_set_fd (int __fd, acl_t __acl);
+extern int	acl_set_file (const char *__path_p, acl_type_t __type,
+			      acl_t __acl);
+extern int	acl_set_permset (acl_entry_t __entry_d,
+				 acl_permset_t __permset_d);
+extern int	acl_set_qualifier (acl_entry_t __entry_d,
+				   const void *__tag_qualifier_p);
+extern int	acl_set_tag_type (acl_entry_t __entry_d, acl_tag_t __tag_type);
+extern ssize_t	acl_size (acl_t __acl);
+extern char    *acl_to_text (acl_t __acl, ssize_t *__len_p);
+extern int	acl_valid (acl_t __acl);
+
+#ifdef __cplusplus
+}
+#endif
 #endif /* _SYS_ACL_H */

winsup/cygwin/sec_helper.cc

@@ -13,7 +13,7 @@ details. */
 
 #include "winsup.h"
 #include <stdlib.h>
-#include <sys/acl.h>
+#include <cygwin/acl.h>
 #include <sys/queue.h>
 #include <authz.h>
 #include <wchar.h>

winsup/cygwin/sec_posixacl.h

@@ -0,0 +1,68 @@
+/* sec_posixacl.h: Internal definitions for POSIX ACLs.
+
+This file is part of Cygwin.
+
+This software is a copyrighted work licensed under the terms of the
+Cygwin license.  Please consult the file "CYGWIN_LICENSE" for
+details. */
+
+#include <cygwin/acl.h>
+#include <sys/acl.h>
+#include <acl/libacl.h>
+
+/* Magic marker for acl_t. */
+#define ACL_MAGIC		(0xacdccdcadcaccacdULL)
+
+/* Only used internally as a_type for deleted entries. */
+#define ACL_DELETED_TAG		(0xffff)
+
+/* Only used internally from acl_to_text/acl_to_any_text. */
+#define TEXT_END_SEPARATOR	(0x1000)
+#define TEXT_IS_POSIX		(0x2000)
+
+/* Internal ACL representation. */
+struct __acl_t
+{
+  uint64_t magic;	/* Must be ACL_MAGIC.				*/
+  uint16_t max_count;	/* Max. number of entries.			*/
+  uint16_t count;	/* Number of used entries.			*/
+  uint16_t deleted;	/* Number of used but deleted entries.		*/
+  uint16_t next;	/* Next entry to be returned by acl_get_entry.	*/
+  aclent_t *entry;	/* Pointer to variable array of ACL entries.	*/
+};
+
+inline acl_entry_t
+__to_entry (acl_t acl, uint16_t idx)
+{
+  return ((uint64_t) idx << 48) | (uint64_t) acl;
+}
+#define __to_permset(a,i)	((acl_permset_t)__to_entry((a),(i)))
+
+inline acl_t
+__from_entry (acl_entry_t entry_d, uint16_t &idx)
+{
+  idx = entry_d >> 48;
+  acl_t acl = (acl_t) (entry_d & ~((uint64_t) 0xffff << 48));
+  if (acl->magic != ACL_MAGIC)
+    return NULL;
+  if (idx >= acl->count)
+    return NULL;
+  if (acl->entry[idx].a_type == ACL_DELETED_TAG)
+    return NULL;
+  return acl;
+}
+#define __from_permset(p,i)	__from_entry((acl_permset_t)(p),(i))
+
+/* External (but opaque) ACL representation. */
+struct __acl_ext_t
+{
+  uint16_t count;	/* Number of used entries.			*/
+  aclent_t entry[0];	/* Variable array of ACL entries.		*/
+};
+
+/* Shared functions defined in sec_acl.cc. */
+mode_t __aclcalcmask (aclent_t *, int);
+int __aclsort (int, aclent_t *);
+int __aclcheck (aclent_t *, int, int *, bool);
+char *__acltotext (aclent_t *, int, const char *, char, int);
+void *__aclfromtext (const char *, int *, bool);

winsup/cygwin/security.cc

@@ -15,7 +15,7 @@ details. */
 #include "winsup.h"
 #include <unistd.h>
 #include <stdlib.h>
-#include <sys/acl.h>
+#include <cygwin/acl.h>
 #include "cygerrno.h"
 #include "security.h"
 #include "path.h"

winsup/utils/getfacl.c

@@ -15,8 +15,7 @@ details. */
 #include <stdio.h>
 #include <unistd.h>
 #include <getopt.h>
-#include <sys/types.h>
-#include <sys/acl.h>
+#include <cygwin/acl.h>
 #include <sys/stat.h>
 #include <cygwin/version.h>
 #include <string.h>

winsup/utils/setfacl.c

@@ -20,8 +20,7 @@ details. */
 #include <getopt.h>
 #include <pwd.h>
 #include <grp.h>
-#include <sys/types.h>
-#include <sys/acl.h>
+#include <cygwin/acl.h>
 #include <cygwin/version.h>
 
 #ifndef BOOL