From 8051fddedce28fe287ab40642a1ba6b70cc7fd95 Mon Sep 17 00:00:00 2001
From: Robert Watson <rwatson@FreeBSD.org>
Date: Mon, 30 Dec 2002 15:36:29 +0000
Subject: [PATCH] Add "-h" arguments to getfacl and setfacl, which behave in a
 manner similar to "-h" on chown, chmod, etc, causing the operation to occur
 on a final symlink in the provided path, rather than its target.

Obtained from:	TrustedBSD Project
---
 bin/getfacl/getfacl.1 |  9 ++++++---
 bin/getfacl/getfacl.c | 33 ++++++++++++++++++++++-----------
 bin/setfacl/setfacl.1 |  5 ++++-
 bin/setfacl/setfacl.c | 21 ++++++++++++++++-----
 bin/setfacl/setfacl.h |  1 +
 5 files changed, 49 insertions(+), 20 deletions(-)

diff --git a/bin/getfacl/getfacl.1 b/bin/getfacl/getfacl.1
index 291999a9bcc6..16faf7743b7f 100644
--- a/bin/getfacl/getfacl.1
+++ b/bin/getfacl/getfacl.1
@@ -1,5 +1,5 @@
 .\"-
-.\" Copyright (c) 2000-2001 Robert N. M. Watson
+.\" Copyright (c) 2000, 2001, 2002 Robert N. M. Watson
 .\" All rights reserved.
 .\"
 .\" This software was developed by Robert Watson for the TrustedBSD Project.
@@ -30,7 +30,7 @@
 .\" Developed by the TrustedBSD Project.
 .\" Support for POSIX.1e access control lists.
 .\"
-.Dd March 30, 2000
+.Dd Decemer 30, 2002
 .Dt GETFACL 1
 .Os
 .Sh NAME
@@ -38,7 +38,7 @@
 .Nd get ACL information
 .Sh SYNOPSIS
 .Nm
-.Op Fl d
+.Op Fl dh
 .Op Ar
 .Sh DESCRIPTION
 The
@@ -61,6 +61,9 @@ The operation applies to the default ACL of a directory instead of the
 access ACL.
 An error is generated if a default ACL cannot be associated with
 .Ar file .
+.It Fl h
+If the target of the operation is a symbolic link, return the ACL from
+the symbol link itself rather than following the link.
 .El
 .Pp
 The following operand is available:
diff --git a/bin/getfacl/getfacl.c b/bin/getfacl/getfacl.c
index 22406d570695..75ad1dad4e43 100644
--- a/bin/getfacl/getfacl.c
+++ b/bin/getfacl/getfacl.c
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 1999-2001 Robert N M Watson
+ * Copyright (c) 1999, 2001, 2002 Robert N M Watson
  * All rights reserved.
  *
  * This software was developed by Robert Watson for the TrustedBSD Project.
@@ -52,7 +52,7 @@ static void
 usage(void)
 {
 
-	fprintf(stderr, "getfacl [-d] [files ...]\n");
+	fprintf(stderr, "getfacl [-dh] [files ...]\n");
 }
 
 /*
@@ -147,14 +147,17 @@ acl_from_stat(struct stat sb)
 }
 
 static int
-print_acl(char *path, acl_type_t type)
+print_acl(char *path, acl_type_t type, int hflag)
 {
 	struct stat	sb;
 	acl_t	acl;
 	char	*acl_text;
 	int	error;
 
-	error = stat(path, &sb);
+	if (hflag)
+		error = lstat(path, &sb);
+	else
+		error = stat(path, &sb);
 	if (error == -1) {
 		warn("%s", path);
 		return(-1);
@@ -167,7 +170,10 @@ print_acl(char *path, acl_type_t type)
 
 	printf("#file:%s\n#owner:%d\n#group:%d\n", path, sb.st_uid, sb.st_gid);
 
-	acl = acl_get_file(path, type);
+	if (hflag)
+		acl = acl_get_link_np(path, type);
+	else
+		acl = acl_get_file(path, type);
 	if (!acl) {
 		if (errno != EOPNOTSUPP) {
 			warn("%s", path);
@@ -198,7 +204,7 @@ print_acl(char *path, acl_type_t type)
 }
 
 static int
-print_acl_from_stdin(acl_type_t type)
+print_acl_from_stdin(acl_type_t type, int hflag)
 {
 	char	*p, pathname[PATH_MAX];
 	int	carried_error = 0;
@@ -206,7 +212,7 @@ print_acl_from_stdin(acl_type_t type)
 	while (fgets(pathname, (int)sizeof(pathname), stdin)) {
 		if ((p = strchr(pathname, '\n')) != NULL)
 			*p = '\0';
-		if (print_acl(pathname, type) == -1) {
+		if (print_acl(pathname, type, hflag) == -1) {
 			carried_error = -1;
 		}
 	}
@@ -220,12 +226,17 @@ main(int argc, char *argv[])
 	acl_type_t	type = ACL_TYPE_ACCESS;
 	int	carried_error = 0;
 	int	ch, error, i;
+	int	hflag;
 
-	while ((ch = getopt(argc, argv, "d")) != -1)
+	hflag = 0;
+	while ((ch = getopt(argc, argv, "dh")) != -1)
 		switch(ch) {
 		case 'd':
 			type = ACL_TYPE_DEFAULT;
 			break;
+		case 'h':
+			hflag = 1;
+			break;
 		default:
 			usage();
 			return(-1);
@@ -234,17 +245,17 @@ main(int argc, char *argv[])
 	argv += optind;
 
 	if (argc == 0) {
-		error = print_acl_from_stdin(type);
+		error = print_acl_from_stdin(type, hflag);
 		return(error ? 1 : 0);
 	}
 
 	for (i = 0; i < argc; i++) {
 		if (!strcmp(argv[i], "-")) {
-			error = print_acl_from_stdin(type);
+			error = print_acl_from_stdin(type, hflag);
 			if (error == -1)
 				carried_error = -1;
 		} else {
-			error = print_acl(argv[i], type);
+			error = print_acl(argv[i], type, hflag);
 			if (error == -1)
 				carried_error = -1;
 		}
diff --git a/bin/setfacl/setfacl.1 b/bin/setfacl/setfacl.1
index ce27f58887f2..43eba960d1e0 100644
--- a/bin/setfacl/setfacl.1
+++ b/bin/setfacl/setfacl.1
@@ -33,7 +33,7 @@
 .Nd set ACL information
 .Sh SYNOPSIS
 .Nm
-.Op Fl bdkn
+.Op Fl bdhkn
 .Op Fl m Ar entries
 .Op Fl M Ar file1
 .Op Fl x Ar entries
@@ -63,6 +63,9 @@ entries of the current ACL.
 The operations apply to the default ACL entries instead of
 access ACL entries.  Currently only directories may have
 default ACL's.
+.It Fl h
+If the target of the operation is a symbolic link, perform the operation
+on the symbolic link itself, rather than following the link.
 .It Fl k
 Delete any default ACL entries on the specified files.  It
 is not considered an error if the specified files do not have
diff --git a/bin/setfacl/setfacl.c b/bin/setfacl/setfacl.c
index 367909b2c0e7..d27285cee743 100644
--- a/bin/setfacl/setfacl.c
+++ b/bin/setfacl/setfacl.c
@@ -71,11 +71,19 @@ get_file_acls(const char *filename)
 	}
 
 	acl = zmalloc(sizeof(acl_t) * 2);
-	acl[ACCESS_ACL] = acl_get_file(filename, ACL_TYPE_ACCESS);
+	if (h_flag)
+		acl[ACCESS_ACL] = acl_get_link_np(filename, ACL_TYPE_ACCESS);
+	else
+		acl[ACCESS_ACL] = acl_get_file(filename, ACL_TYPE_ACCESS);
 	if (acl[ACCESS_ACL] == NULL)
 		err(1, "acl_get_file() failed");
 	if (S_ISDIR(sb.st_mode)) {
-		acl[DEFAULT_ACL] = acl_get_file(filename, ACL_TYPE_DEFAULT);
+		if (h_flag)
+			acl[DEFAULT_ACL] = acl_get_link_np(filename,
+			    ACL_TYPE_DEFAULT);
+		else
+			acl[DEFAULT_ACL] = acl_get_file(filename,
+			    ACL_TYPE_DEFAULT);
 		if (acl[DEFAULT_ACL] == NULL)
 			err(1, "acl_get_file() failed");
 	} else
@@ -88,7 +96,7 @@ static void
 usage(void)
 {
 
-	fprintf(stderr, "usage: setfacl [-bdknv] [-m entries] [-M file1] "
+	fprintf(stderr, "usage: setfacl [-bdhknv] [-m entries] [-M file1] "
 	    "[-x entries] [-X file2] [file ...]\n");
 	exit(1);
 }
@@ -104,12 +112,12 @@ main(int argc, char *argv[])
 
 	acl_type = ACL_TYPE_ACCESS;
 	carried_error = local_error = 0;
-	have_mask = have_stdin = n_flag = need_mask = 0;
+	h_flag = have_mask = have_stdin = n_flag = need_mask = 0;
 
 	TAILQ_INIT(&entrylist);
 	TAILQ_INIT(&filelist);
 
-	while ((ch = getopt(argc, argv, "M:X:bdkm:nx:")) != -1)
+	while ((ch = getopt(argc, argv, "M:X:bdhkm:nx:")) != -1)
 		switch(ch) {
 		case 'M':
 			entry = zmalloc(sizeof(struct sf_entry));
@@ -133,6 +141,9 @@ main(int argc, char *argv[])
 		case 'd':
 			acl_type = ACL_TYPE_DEFAULT;
 			break;
+		case 'h':
+			h_flag = 1;
+			break;
 		case 'k':
 			entry = zmalloc(sizeof(struct sf_entry));
 			entry->op = OP_REMOVE_DEF;
diff --git a/bin/setfacl/setfacl.h b/bin/setfacl/setfacl.h
index 022a4a34ef46..91b4f0033041 100644
--- a/bin/setfacl/setfacl.h
+++ b/bin/setfacl/setfacl.h
@@ -75,6 +75,7 @@ acl_type_t acl_type;
 uint       have_mask;
 uint       need_mask;
 uint       have_stdin;
+uint       h_flag;
 uint       n_flag;
 
 #endif /* _SETFACL_H */