1
/*-
2
 * Copyright (c) 2017 Martin Matuska
3
 * All rights reserved.
4
 *
5
 * Redistribution and use in source and binary forms, with or without
6
 * modification, are permitted provided that the following conditions
7
 * are met:
8
 * 1. Redistributions of source code must retain the above copyright
9
 *    notice, this list of conditions and the following disclaimer.
10
 * 2. Redistributions in binary form must reproduce the above copyright
11
 *    notice, this list of conditions and the following disclaimer in the
12
 *    documentation and/or other materials provided with the distribution.
13
 *
14
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17
 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24
 */
25

26
#include "archive_platform.h"
27

28
#if ARCHIVE_ACL_DARWIN
29

30
#ifdef HAVE_FCNTL_H
31
#include <fcntl.h>
32
#endif
33
#if HAVE_ERRNO_H
34
#include <errno.h>
35
#endif
36
#if HAVE_MEMBERSHIP_H
37
#include <membership.h>
38
#endif
39
#ifdef HAVE_SYS_TYPES_H
40
#include <sys/types.h>
41
#endif
42
#ifdef HAVE_SYS_ACL_H
43
#define _ACL_PRIVATE /* For debugging */
44
#include <sys/acl.h>
45
#endif
46

47
#include "archive_entry.h"
48
#include "archive_private.h"
49
#include "archive_read_disk_private.h"
50
#include "archive_write_disk_private.h"
51

52
typedef struct {
53
	const int a_perm;	/* Libarchive permission or flag */
54
	const int p_perm;	/* Platform permission or flag */
55
} acl_perm_map_t;
56

57
static const acl_perm_map_t acl_nfs4_perm_map[] = {
58
	{ARCHIVE_ENTRY_ACL_READ_DATA, ACL_READ_DATA},
59
	{ARCHIVE_ENTRY_ACL_LIST_DIRECTORY, ACL_LIST_DIRECTORY},
60
	{ARCHIVE_ENTRY_ACL_WRITE_DATA, ACL_WRITE_DATA},
61
	{ARCHIVE_ENTRY_ACL_ADD_FILE, ACL_ADD_FILE},
62
	{ARCHIVE_ENTRY_ACL_EXECUTE, ACL_EXECUTE},
63
	{ARCHIVE_ENTRY_ACL_DELETE, ACL_DELETE},
64
	{ARCHIVE_ENTRY_ACL_APPEND_DATA, ACL_APPEND_DATA},
65
	{ARCHIVE_ENTRY_ACL_ADD_SUBDIRECTORY, ACL_ADD_SUBDIRECTORY},
66
	{ARCHIVE_ENTRY_ACL_DELETE_CHILD, ACL_DELETE_CHILD},
67
	{ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES, ACL_READ_ATTRIBUTES},
68
	{ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES, ACL_WRITE_ATTRIBUTES},
69
	{ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS, ACL_READ_EXTATTRIBUTES},
70
	{ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS, ACL_WRITE_EXTATTRIBUTES},
71
	{ARCHIVE_ENTRY_ACL_READ_ACL, ACL_READ_SECURITY},
72
	{ARCHIVE_ENTRY_ACL_WRITE_ACL, ACL_WRITE_SECURITY},
73
	{ARCHIVE_ENTRY_ACL_WRITE_OWNER, ACL_CHANGE_OWNER},
74
#if HAVE_DECL_ACL_SYNCHRONIZE
75
	{ARCHIVE_ENTRY_ACL_SYNCHRONIZE, ACL_SYNCHRONIZE}
76
#endif
77
};
78

79
static const int acl_nfs4_perm_map_size =
80
    (int)(sizeof(acl_nfs4_perm_map)/sizeof(acl_nfs4_perm_map[0]));
81

82
static const acl_perm_map_t acl_nfs4_flag_map[] = {
83
	{ARCHIVE_ENTRY_ACL_ENTRY_INHERITED, ACL_ENTRY_INHERITED},
84
	{ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT, ACL_ENTRY_FILE_INHERIT},
85
	{ARCHIVE_ENTRY_ACL_ENTRY_DIRECTORY_INHERIT, ACL_ENTRY_DIRECTORY_INHERIT},
86
	{ARCHIVE_ENTRY_ACL_ENTRY_NO_PROPAGATE_INHERIT, ACL_ENTRY_LIMIT_INHERIT},
87
	{ARCHIVE_ENTRY_ACL_ENTRY_INHERIT_ONLY, ACL_ENTRY_ONLY_INHERIT}
88
};
89

90
static const int acl_nfs4_flag_map_size =
91
    (int)(sizeof(acl_nfs4_flag_map)/sizeof(acl_nfs4_flag_map[0]));
92

93
static int translate_guid(struct archive *a, acl_entry_t acl_entry,
94
    int *ae_id, int *ae_tag, const char **ae_name)
95
{
96
	void *q;
97
	uid_t ugid;
98
	int r, idtype;
99

100
	q = acl_get_qualifier(acl_entry);
101
	if (q == NULL)
102
		return (1);
103
	r = mbr_uuid_to_id((const unsigned char *)q, &ugid, &idtype);
104
	if (r != 0) {
105
		acl_free(q);
106
		return (1);
107
	}
108
	if (idtype == ID_TYPE_UID) {
109
		*ae_tag = ARCHIVE_ENTRY_ACL_USER;
110
		*ae_id = ugid;
111
		*ae_name = archive_read_disk_uname(a, *ae_id);
112
	} else if (idtype == ID_TYPE_GID) {
113
		*ae_tag = ARCHIVE_ENTRY_ACL_GROUP;
114
		*ae_id = ugid;
115
		*ae_name = archive_read_disk_gname(a, *ae_id);
116
	} else
117
		r = 1;
118

119
	acl_free(q);
120
	return (r);
121
}
122

123
static void
124
add_trivial_nfs4_acl(struct archive_entry *entry)
125
{
126
	mode_t mode;
127
	int i;
128
	const int rperm = ARCHIVE_ENTRY_ACL_READ_DATA;
129
	const int wperm = ARCHIVE_ENTRY_ACL_WRITE_DATA |
130
	    ARCHIVE_ENTRY_ACL_APPEND_DATA;
131
	const int eperm = ARCHIVE_ENTRY_ACL_EXECUTE;
132
	const int pubset = ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
133
	    ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
134
	    ARCHIVE_ENTRY_ACL_READ_ACL |
135
	    ARCHIVE_ENTRY_ACL_SYNCHRONIZE;
136
	const int ownset = pubset | ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES |
137
	    ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS |
138
	    ARCHIVE_ENTRY_ACL_WRITE_ACL |
139
	    ARCHIVE_ENTRY_ACL_WRITE_OWNER;
140

141
	struct {
142
	    const int type;
143
	    const int tag;
144
	    int permset;
145
	} tacl_entry[] = {
146
	    {ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_USER_OBJ, 0},
147
	    {ARCHIVE_ENTRY_ACL_TYPE_DENY, ARCHIVE_ENTRY_ACL_USER_OBJ, 0},
148
	    {ARCHIVE_ENTRY_ACL_TYPE_DENY, ARCHIVE_ENTRY_ACL_GROUP_OBJ, 0},
149
	    {ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_USER_OBJ, ownset},
150
	    {ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_GROUP_OBJ, pubset},
151
	    {ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EVERYONE, pubset}
152
	};
153

154
	mode = archive_entry_mode(entry);
155

156
	/* Permissions for everyone@ */
157
	if (mode & 0004)
158
		tacl_entry[5].permset |= rperm;
159
	if (mode & 0002)
160
		tacl_entry[5].permset |= wperm;
161
	if (mode & 0001)
162
		tacl_entry[5].permset |= eperm;
163

164
	/* Permissions for group@ */
165
	if (mode & 0040)
166
		tacl_entry[4].permset |= rperm;
167
	else if (mode & 0004)
168
		tacl_entry[2].permset |= rperm;
169
	if (mode & 0020)
170
		tacl_entry[4].permset |= wperm;
171
	else if (mode & 0002)
172
		tacl_entry[2].permset |= wperm;
173
	if (mode & 0010)
174
		tacl_entry[4].permset |= eperm;
175
	else if (mode & 0001)
176
		tacl_entry[2].permset |= eperm;
177

178
	/* Permissions for owner@ */
179
	if (mode & 0400) {
180
		tacl_entry[3].permset |= rperm;
181
		if (!(mode & 0040) && (mode & 0004))
182
			tacl_entry[0].permset |= rperm;
183
	} else if ((mode & 0040) || (mode & 0004))
184
		tacl_entry[1].permset |= rperm;
185
	if (mode & 0200) {
186
		tacl_entry[3].permset |= wperm;
187
		if (!(mode & 0020) && (mode & 0002))
188
			tacl_entry[0].permset |= wperm;
189
	} else if ((mode & 0020) || (mode & 0002))
190
		tacl_entry[1].permset |= wperm;
191
	if (mode & 0100) {
192
		tacl_entry[3].permset |= eperm;
193
		if (!(mode & 0010) && (mode & 0001))
194
			tacl_entry[0].permset |= eperm;
195
	} else if ((mode & 0010) || (mode & 0001))
196
		tacl_entry[1].permset |= eperm;
197

198
	for (i = 0; i < 6; i++) {
199
		if (tacl_entry[i].permset != 0) {
200
			archive_entry_acl_add_entry(entry,
201
			    tacl_entry[i].type, tacl_entry[i].permset,
202
			    tacl_entry[i].tag, -1, NULL);
203
		}
204
	}
205

206
	return;
207
}
208

209
static int
210
translate_acl(struct archive_read_disk *a,
211
    struct archive_entry *entry, acl_t acl)
212
{
213
	acl_tag_t	 acl_tag;
214
	acl_flagset_t	 acl_flagset;
215
	acl_entry_t	 acl_entry;
216
	acl_permset_t	 acl_permset;
217
	int		 i, entry_acl_type;
218
	int		 r, s, ae_id, ae_tag, ae_perm;
219
	const char	*ae_name;
220

221
	s = acl_get_entry(acl, ACL_FIRST_ENTRY, &acl_entry);
222
	if (s == -1) {
223
		archive_set_error(&a->archive, errno,
224
		    "Failed to get first ACL entry");
225
		return (ARCHIVE_WARN);
226
	}
227

228
	while (s == 0) {
229
		ae_id = -1;
230
		ae_name = NULL;
231
		ae_perm = 0;
232

233
		if (acl_get_tag_type(acl_entry, &acl_tag) != 0) {
234
			archive_set_error(&a->archive, errno,
235
			    "Failed to get ACL tag type");
236
			return (ARCHIVE_WARN);
237
		}
238
		switch (acl_tag) {
239
		case ACL_EXTENDED_ALLOW:
240
			entry_acl_type = ARCHIVE_ENTRY_ACL_TYPE_ALLOW;
241
			r = translate_guid(&a->archive, acl_entry,
242
			    &ae_id, &ae_tag, &ae_name);
243
			break;
244
		case ACL_EXTENDED_DENY:
245
			entry_acl_type = ARCHIVE_ENTRY_ACL_TYPE_DENY;
246
			r = translate_guid(&a->archive, acl_entry,
247
			    &ae_id, &ae_tag, &ae_name);
248
			break;
249
		default:
250
			/* Skip types that libarchive can't support. */
251
			s = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
252
			continue;
253
		}
254

255
		/* Skip if translate_guid() above failed */
256
		if (r != 0) {
257
			s = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
258
			continue;
259
		}
260

261
		/*
262
		 * Libarchive stores "flag" (NFSv4 inheritance bits)
263
		 * in the ae_perm bitmap.
264
		 *
265
		 * acl_get_flagset_np() fails with non-NFSv4 ACLs
266
		 */
267
		if (acl_get_flagset_np(acl_entry, &acl_flagset) != 0) {
268
			archive_set_error(&a->archive, errno,
269
			    "Failed to get flagset from a NFSv4 ACL entry");
270
			return (ARCHIVE_WARN);
271
		}
272
		for (i = 0; i < acl_nfs4_flag_map_size; ++i) {
273
			r = acl_get_flag_np(acl_flagset,
274
			    acl_nfs4_flag_map[i].p_perm);
275
			if (r == -1) {
276
				archive_set_error(&a->archive, errno,
277
				    "Failed to check flag in a NFSv4 "
278
				    "ACL flagset");
279
				return (ARCHIVE_WARN);
280
			} else if (r)
281
				ae_perm |= acl_nfs4_flag_map[i].a_perm;
282
		}
283

284
		if (acl_get_permset(acl_entry, &acl_permset) != 0) {
285
			archive_set_error(&a->archive, errno,
286
			    "Failed to get ACL permission set");
287
			return (ARCHIVE_WARN);
288
		}
289

290
		for (i = 0; i < acl_nfs4_perm_map_size; ++i) {
291
			/*
292
			 * acl_get_perm() is spelled differently on different
293
			 * platforms; see above.
294
			 */
295
			r = acl_get_perm_np(acl_permset,
296
			    acl_nfs4_perm_map[i].p_perm);
297
			if (r == -1) {
298
				archive_set_error(&a->archive, errno,
299
				    "Failed to check permission in an ACL "
300
				    "permission set");
301
				return (ARCHIVE_WARN);
302
			} else if (r)
303
				ae_perm |= acl_nfs4_perm_map[i].a_perm;
304
		}
305

306
#if !HAVE_DECL_ACL_SYNCHRONIZE
307
		/* On Mac OS X without ACL_SYNCHRONIZE assume it is set */
308
		ae_perm |= ARCHIVE_ENTRY_ACL_SYNCHRONIZE;
309
#endif
310

311
		archive_entry_acl_add_entry(entry, entry_acl_type,
312
					    ae_perm, ae_tag,
313
					    ae_id, ae_name);
314

315
		s = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
316
	}
317
	return (ARCHIVE_OK);
318
}
319

320
static int
321
set_acl(struct archive *a, int fd, const char *name,
322
    struct archive_acl *abstract_acl,
323
    int ae_requested_type, const char *tname)
324
{
325
	acl_t		 acl;
326
	acl_entry_t	 acl_entry;
327
	acl_permset_t	 acl_permset;
328
	acl_flagset_t	 acl_flagset;
329
	int		 ret;
330
	int		 ae_type, ae_permset, ae_tag, ae_id;
331
	uuid_t		 ae_uuid;
332
	uid_t		 ae_uid;
333
	gid_t		 ae_gid;
334
	const char	*ae_name;
335
	int		 entries;
336
	int		 i;
337

338
	ret = ARCHIVE_OK;
339
	entries = archive_acl_reset(abstract_acl, ae_requested_type);
340
	if (entries == 0)
341
		return (ARCHIVE_OK);
342

343
	if (ae_requested_type != ARCHIVE_ENTRY_ACL_TYPE_NFS4) {
344
		errno = ENOENT;
345
		archive_set_error(a, errno, "Unsupported ACL type");
346
		return (ARCHIVE_FAILED);
347
	}
348

349
	acl = acl_init(entries);
350
	if (acl == (acl_t)NULL) {
351
		archive_set_error(a, errno,
352
		    "Failed to initialize ACL working storage");
353
		return (ARCHIVE_FAILED);
354
	}
355

356
	while (archive_acl_next(a, abstract_acl, ae_requested_type, &ae_type,
357
		   &ae_permset, &ae_tag, &ae_id, &ae_name) == ARCHIVE_OK) {
358
		/*
359
		 * Mac OS doesn't support NFSv4 ACLs for
360
		 * owner@, group@ and everyone@.
361
		 * We skip any of these ACLs found.
362
		 */
363
		if (ae_tag == ARCHIVE_ENTRY_ACL_USER_OBJ ||
364
		    ae_tag == ARCHIVE_ENTRY_ACL_GROUP_OBJ ||
365
		    ae_tag == ARCHIVE_ENTRY_ACL_EVERYONE)
366
			continue;
367

368
		if (acl_create_entry(&acl, &acl_entry) != 0) {
369
			archive_set_error(a, errno,
370
			    "Failed to create a new ACL entry");
371
			ret = ARCHIVE_FAILED;
372
			goto exit_free;
373
		}
374

375
		switch (ae_type) {
376
		case ARCHIVE_ENTRY_ACL_TYPE_ALLOW:
377
			acl_set_tag_type(acl_entry, ACL_EXTENDED_ALLOW);
378
			break;
379
		case ARCHIVE_ENTRY_ACL_TYPE_DENY:
380
			acl_set_tag_type(acl_entry, ACL_EXTENDED_DENY);
381
			break;
382
		default:
383
			/* We don't support any other types on MacOS */
384
			continue;
385
		}
386

387
		switch (ae_tag) {
388
		case ARCHIVE_ENTRY_ACL_USER:
389
			ae_uid = archive_write_disk_uid(a, ae_name, ae_id);
390
			if (mbr_uid_to_uuid(ae_uid, ae_uuid) != 0)
391
				continue;
392
			if (acl_set_qualifier(acl_entry, &ae_uuid) != 0)
393
				continue;
394
			break;
395
		case ARCHIVE_ENTRY_ACL_GROUP:
396
			ae_gid = archive_write_disk_gid(a, ae_name, ae_id);
397
			if (mbr_gid_to_uuid(ae_gid, ae_uuid) != 0)
398
				continue;
399
			if (acl_set_qualifier(acl_entry, &ae_uuid) != 0)
400
				continue;
401
			break;
402
		default:
403
			archive_set_error(a, ARCHIVE_ERRNO_MISC,
404
			    "Unsupported ACL tag");
405
			ret = ARCHIVE_FAILED;
406
			goto exit_free;
407
		}
408

409
		if (acl_get_permset(acl_entry, &acl_permset) != 0) {
410
			archive_set_error(a, errno,
411
			    "Failed to get ACL permission set");
412
			ret = ARCHIVE_FAILED;
413
			goto exit_free;
414
		}
415
		if (acl_clear_perms(acl_permset) != 0) {
416
			archive_set_error(a, errno,
417
			    "Failed to clear ACL permissions");
418
			ret = ARCHIVE_FAILED;
419
			goto exit_free;
420
		}
421

422
		for (i = 0; i < acl_nfs4_perm_map_size; ++i) {
423
			if (ae_permset & acl_nfs4_perm_map[i].a_perm) {
424
				if (acl_add_perm(acl_permset,
425
				    acl_nfs4_perm_map[i].p_perm) != 0) {
426
					archive_set_error(a, errno,
427
					    "Failed to add ACL permission");
428
					ret = ARCHIVE_FAILED;
429
					goto exit_free;
430
				}
431
			}
432
		}
433

434
		/*
435
		 * acl_get_flagset_np() fails with non-NFSv4 ACLs
436
		 */
437
		if (acl_get_flagset_np(acl_entry, &acl_flagset) != 0) {
438
			archive_set_error(a, errno,
439
			    "Failed to get flagset from an NFSv4 ACL entry");
440
			ret = ARCHIVE_FAILED;
441
			goto exit_free;
442
		}
443
		if (acl_clear_flags_np(acl_flagset) != 0) {
444
			archive_set_error(a, errno,
445
			    "Failed to clear flags from an NFSv4 ACL flagset");
446
			ret = ARCHIVE_FAILED;
447
			goto exit_free;
448
		}
449

450
		for (i = 0; i < acl_nfs4_flag_map_size; ++i) {
451
			if (ae_permset & acl_nfs4_flag_map[i].a_perm) {
452
				if (acl_add_flag_np(acl_flagset,
453
				    acl_nfs4_flag_map[i].p_perm) != 0) {
454
					archive_set_error(a, errno,
455
					    "Failed to add flag to "
456
					    "NFSv4 ACL flagset");
457
					ret = ARCHIVE_FAILED;
458
					goto exit_free;
459
				}
460
			}
461
		}
462
	}
463

464
	if (fd >= 0) {
465
		if (acl_set_fd_np(fd, acl, ACL_TYPE_EXTENDED) == 0)
466
			ret = ARCHIVE_OK;
467
		else {
468
			if (errno == EOPNOTSUPP) {
469
				/* Filesystem doesn't support ACLs */
470
				ret = ARCHIVE_OK;
471
			} else {
472
				archive_set_error(a, errno,
473
				    "Failed to set acl on fd: %s", tname);
474
				ret = ARCHIVE_WARN;
475
			}
476
		}
477
	} else if (acl_set_link_np(name, ACL_TYPE_EXTENDED, acl) != 0) {
478
		if (errno == EOPNOTSUPP) {
479
			/* Filesystem doesn't support ACLs */
480
			ret = ARCHIVE_OK;
481
		} else {
482
			archive_set_error(a, errno, "Failed to set acl: %s",
483
			    tname);
484
			ret = ARCHIVE_WARN;
485
		}
486
	}
487
exit_free:
488
	acl_free(acl);
489
	return (ret);
490
}
491

492
int
493
archive_read_disk_entry_setup_acls(struct archive_read_disk *a,
494
    struct archive_entry *entry, int *fd)
495
{
496
	const char	*accpath;
497
	acl_t		acl;
498
	int		r;
499

500
	accpath = NULL;
501

502
	if (*fd < 0) {
503
		accpath = archive_read_disk_entry_setup_path(a, entry, fd);
504
		if (accpath == NULL)
505
			return (ARCHIVE_WARN);
506
	}
507

508
	archive_entry_acl_clear(entry);
509

510
	acl = NULL;
511

512
	if (*fd >= 0)
513
		acl = acl_get_fd_np(*fd, ACL_TYPE_EXTENDED);
514
	else if (!a->follow_symlinks)
515
		acl = acl_get_link_np(accpath, ACL_TYPE_EXTENDED);
516
	else
517
		acl = acl_get_file(accpath, ACL_TYPE_EXTENDED);
518

519
	if (acl != NULL) {
520
		r = translate_acl(a, entry, acl);
521
		acl_free(acl);
522
		acl = NULL;
523

524
		if (r != ARCHIVE_OK) {
525
			archive_set_error(&a->archive, errno,
526
			    "Couldn't translate NFSv4 ACLs");
527
		}
528

529
		/*
530
		 * Because Mac OS doesn't support owner@, group@ and everyone@
531
		 * ACLs we need to add NFSv4 ACLs mirroring the file mode to
532
		 * the archive entry. Otherwise extraction on non-Mac platforms
533
		 * would lead to an invalid file mode.
534
		 */
535
		if ((archive_entry_acl_types(entry) &
536
		    ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0)
537
			add_trivial_nfs4_acl(entry);
538

539
		return (r);
540
	}
541
	return (ARCHIVE_OK);
542
}
543

544
int
545
archive_write_disk_set_acls(struct archive *a, int fd, const char *name,
546
    struct archive_acl *abstract_acl, __LA_MODE_T mode)
547
{
548
	int		ret = ARCHIVE_OK;
549

550
	(void)mode;	/* UNUSED */
551

552
	if ((archive_acl_types(abstract_acl) &
553
	    ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) {
554
		ret = set_acl(a, fd, name, abstract_acl,
555
		    ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4");
556
	}
557
	return (ret);
558
}
559
#endif	/* ARCHIVE_ACL_DARWIN */
560

561