1
/*-
2
 * Copyright (c) 2017 Martin Matuska
3
 * All rights reserved.
4
 *
5
 * Redistribution and use in source and binary forms, with or without
6
 * modification, are permitted provided that the following conditions
7
 * are met:
8
 * 1. Redistributions of source code must retain the above copyright
9
 *    notice, this list of conditions and the following disclaimer.
10
 * 2. Redistributions in binary form must reproduce the above copyright
11
 *    notice, this list of conditions and the following disclaimer in the
12
 *    documentation and/or other materials provided with the distribution.
13
 *
14
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17
 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24
 */
25

26
#include "archive_platform.h"
27

28
#if ARCHIVE_ACL_DARWIN
29

30
#ifdef HAVE_FCNTL_H
31
#include <fcntl.h>
32
#endif
33
#if HAVE_ERRNO_H
34
#include <errno.h>
35
#endif
36
#if HAVE_MEMBERSHIP_H
37
#include <membership.h>
38
#endif
39
#ifdef HAVE_SYS_TYPES_H
40
#include <sys/types.h>
41
#endif
42
#ifdef HAVE_SYS_ACL_H
43
#define _ACL_PRIVATE /* For debugging */
44
#include <sys/acl.h>
45
#endif
46

47
#include "archive_entry.h"
48
#include "archive_private.h"
49
#include "archive_read_disk_private.h"
50
#include "archive_write_disk_private.h"
51

52
typedef struct {
53
	const int a_perm;	/* Libarchive permission or flag */
54
	const int p_perm;	/* Platform permission or flag */
55
} acl_perm_map_t;
56

57
static const acl_perm_map_t acl_nfs4_perm_map[] = {
58
	{ARCHIVE_ENTRY_ACL_READ_DATA, ACL_READ_DATA},
59
	{ARCHIVE_ENTRY_ACL_LIST_DIRECTORY, ACL_LIST_DIRECTORY},
60
	{ARCHIVE_ENTRY_ACL_WRITE_DATA, ACL_WRITE_DATA},
61
	{ARCHIVE_ENTRY_ACL_ADD_FILE, ACL_ADD_FILE},
62
	{ARCHIVE_ENTRY_ACL_EXECUTE, ACL_EXECUTE},
63
	{ARCHIVE_ENTRY_ACL_DELETE, ACL_DELETE},
64
	{ARCHIVE_ENTRY_ACL_APPEND_DATA, ACL_APPEND_DATA},
65
	{ARCHIVE_ENTRY_ACL_ADD_SUBDIRECTORY, ACL_ADD_SUBDIRECTORY},
66
	{ARCHIVE_ENTRY_ACL_DELETE_CHILD, ACL_DELETE_CHILD},
67
	{ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES, ACL_READ_ATTRIBUTES},
68
	{ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES, ACL_WRITE_ATTRIBUTES},
69
	{ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS, ACL_READ_EXTATTRIBUTES},
70
	{ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS, ACL_WRITE_EXTATTRIBUTES},
71
	{ARCHIVE_ENTRY_ACL_READ_ACL, ACL_READ_SECURITY},
72
	{ARCHIVE_ENTRY_ACL_WRITE_ACL, ACL_WRITE_SECURITY},
73
	{ARCHIVE_ENTRY_ACL_WRITE_OWNER, ACL_CHANGE_OWNER},
74
#if HAVE_DECL_ACL_SYNCHRONIZE
75
	{ARCHIVE_ENTRY_ACL_SYNCHRONIZE, ACL_SYNCHRONIZE}
76
#endif
77
};
78

79
static const int acl_nfs4_perm_map_size =
80
    (int)(sizeof(acl_nfs4_perm_map)/sizeof(acl_nfs4_perm_map[0]));
81

82
static const acl_perm_map_t acl_nfs4_flag_map[] = {
83
	{ARCHIVE_ENTRY_ACL_ENTRY_INHERITED, ACL_ENTRY_INHERITED},
84
	{ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT, ACL_ENTRY_FILE_INHERIT},
85
	{ARCHIVE_ENTRY_ACL_ENTRY_DIRECTORY_INHERIT, ACL_ENTRY_DIRECTORY_INHERIT},
86
	{ARCHIVE_ENTRY_ACL_ENTRY_NO_PROPAGATE_INHERIT, ACL_ENTRY_LIMIT_INHERIT},
87
	{ARCHIVE_ENTRY_ACL_ENTRY_INHERIT_ONLY, ACL_ENTRY_ONLY_INHERIT}
88
};
89

90
static const int acl_nfs4_flag_map_size =
91
    (int)(sizeof(acl_nfs4_flag_map)/sizeof(acl_nfs4_flag_map[0]));
92

93
static int translate_guid(struct archive *a, acl_entry_t acl_entry,
94
    int *ae_id, int *ae_tag, const char **ae_name)
95
{
96
	void *q;
97
	uid_t ugid;
98
	int r, idtype;
99

100
	q = acl_get_qualifier(acl_entry);
101
	if (q == NULL)
102
		return (1);
103
	r = mbr_uuid_to_id((const unsigned char *)q, &ugid, &idtype);
104
	if (r != 0) {
105
		acl_free(q);
106
		return (1);
107
	}
108
	if (idtype == ID_TYPE_UID) {
109
		*ae_tag = ARCHIVE_ENTRY_ACL_USER;
110
		*ae_id = ugid;
111
		*ae_name = archive_read_disk_uname(a, *ae_id);
112
	} else if (idtype == ID_TYPE_GID) {
113
		*ae_tag = ARCHIVE_ENTRY_ACL_GROUP;
114
		*ae_id = ugid;
115
		*ae_name = archive_read_disk_gname(a, *ae_id);
116
	} else
117
		r = 1;
118

119
	acl_free(q);
120
	return (r);
121
}
122

123
static void
124
add_trivial_nfs4_acl(struct archive_entry *entry)
125
{
126
	mode_t mode;
127
	const int rperm = ARCHIVE_ENTRY_ACL_READ_DATA;
128
	const int wperm = ARCHIVE_ENTRY_ACL_WRITE_DATA |
129
	    ARCHIVE_ENTRY_ACL_APPEND_DATA;
130
	const int eperm = ARCHIVE_ENTRY_ACL_EXECUTE;
131
	const int pubset = ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
132
	    ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
133
	    ARCHIVE_ENTRY_ACL_READ_ACL |
134
	    ARCHIVE_ENTRY_ACL_SYNCHRONIZE;
135
	const int ownset = pubset | ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES |
136
	    ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS |
137
	    ARCHIVE_ENTRY_ACL_WRITE_ACL |
138
	    ARCHIVE_ENTRY_ACL_WRITE_OWNER;
139

140
	struct {
141
	    const int type;
142
	    const int tag;
143
	    int permset;
144
	} tacl_entry[] = {
145
	    {ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_USER_OBJ, 0},
146
	    {ARCHIVE_ENTRY_ACL_TYPE_DENY, ARCHIVE_ENTRY_ACL_USER_OBJ, 0},
147
	    {ARCHIVE_ENTRY_ACL_TYPE_DENY, ARCHIVE_ENTRY_ACL_GROUP_OBJ, 0},
148
	    {ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_USER_OBJ, ownset},
149
	    {ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_GROUP_OBJ, pubset},
150
	    {ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EVERYONE, pubset}
151
	};
152

153
	mode = archive_entry_mode(entry);
154

155
	/* Permissions for everyone@ */
156
	if (mode & 0004)
157
		tacl_entry[5].permset |= rperm;
158
	if (mode & 0002)
159
		tacl_entry[5].permset |= wperm;
160
	if (mode & 0001)
161
		tacl_entry[5].permset |= eperm;
162

163
	/* Permissions for group@ */
164
	if (mode & 0040)
165
		tacl_entry[4].permset |= rperm;
166
	else if (mode & 0004)
167
		tacl_entry[2].permset |= rperm;
168
	if (mode & 0020)
169
		tacl_entry[4].permset |= wperm;
170
	else if (mode & 0002)
171
		tacl_entry[2].permset |= wperm;
172
	if (mode & 0010)
173
		tacl_entry[4].permset |= eperm;
174
	else if (mode & 0001)
175
		tacl_entry[2].permset |= eperm;
176

177
	/* Permissions for owner@ */
178
	if (mode & 0400) {
179
		tacl_entry[3].permset |= rperm;
180
		if (!(mode & 0040) && (mode & 0004))
181
			tacl_entry[0].permset |= rperm;
182
	} else if ((mode & 0040) || (mode & 0004))
183
		tacl_entry[1].permset |= rperm;
184
	if (mode & 0200) {
185
		tacl_entry[3].permset |= wperm;
186
		if (!(mode & 0020) && (mode & 0002))
187
			tacl_entry[0].permset |= wperm;
188
	} else if ((mode & 0020) || (mode & 0002))
189
		tacl_entry[1].permset |= wperm;
190
	if (mode & 0100) {
191
		tacl_entry[3].permset |= eperm;
192
		if (!(mode & 0010) && (mode & 0001))
193
			tacl_entry[0].permset |= eperm;
194
	} else if ((mode & 0010) || (mode & 0001))
195
		tacl_entry[1].permset |= eperm;
196

197
	for (size_t i = 0; i < sizeof(tacl_entry) / sizeof(tacl_entry[0]); i++) {
198
		if (tacl_entry[i].permset != 0) {
199
			archive_entry_acl_add_entry(entry,
200
			    tacl_entry[i].type, tacl_entry[i].permset,
201
			    tacl_entry[i].tag, -1, NULL);
202
		}
203
	}
204

205
	return;
206
}
207

208
static int
209
translate_acl(struct archive_read_disk *a,
210
    struct archive_entry *entry, acl_t acl)
211
{
212
	acl_tag_t	 acl_tag;
213
	acl_flagset_t	 acl_flagset;
214
	acl_entry_t	 acl_entry;
215
	acl_permset_t	 acl_permset;
216
	int		 i, entry_acl_type;
217
	int		 r, s, ae_id, ae_tag, ae_perm;
218
	const char	*ae_name;
219

220
	s = acl_get_entry(acl, ACL_FIRST_ENTRY, &acl_entry);
221
	if (s == -1) {
222
		archive_set_error(&a->archive, errno,
223
		    "Failed to get first ACL entry");
224
		return (ARCHIVE_WARN);
225
	}
226

227
	while (s == 0) {
228
		ae_id = -1;
229
		ae_name = NULL;
230
		ae_perm = 0;
231

232
		if (acl_get_tag_type(acl_entry, &acl_tag) != 0) {
233
			archive_set_error(&a->archive, errno,
234
			    "Failed to get ACL tag type");
235
			return (ARCHIVE_WARN);
236
		}
237
		switch (acl_tag) {
238
		case ACL_EXTENDED_ALLOW:
239
			entry_acl_type = ARCHIVE_ENTRY_ACL_TYPE_ALLOW;
240
			r = translate_guid(&a->archive, acl_entry,
241
			    &ae_id, &ae_tag, &ae_name);
242
			break;
243
		case ACL_EXTENDED_DENY:
244
			entry_acl_type = ARCHIVE_ENTRY_ACL_TYPE_DENY;
245
			r = translate_guid(&a->archive, acl_entry,
246
			    &ae_id, &ae_tag, &ae_name);
247
			break;
248
		default:
249
			/* Skip types that libarchive can't support. */
250
			s = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
251
			continue;
252
		}
253

254
		/* Skip if translate_guid() above failed */
255
		if (r != 0) {
256
			s = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
257
			continue;
258
		}
259

260
		/*
261
		 * Libarchive stores "flag" (NFSv4 inheritance bits)
262
		 * in the ae_perm bitmap.
263
		 *
264
		 * acl_get_flagset_np() fails with non-NFSv4 ACLs
265
		 */
266
		if (acl_get_flagset_np(acl_entry, &acl_flagset) != 0) {
267
			archive_set_error(&a->archive, errno,
268
			    "Failed to get flagset from a NFSv4 ACL entry");
269
			return (ARCHIVE_WARN);
270
		}
271
		for (i = 0; i < acl_nfs4_flag_map_size; ++i) {
272
			r = acl_get_flag_np(acl_flagset,
273
			    acl_nfs4_flag_map[i].p_perm);
274
			if (r == -1) {
275
				archive_set_error(&a->archive, errno,
276
				    "Failed to check flag in a NFSv4 "
277
				    "ACL flagset");
278
				return (ARCHIVE_WARN);
279
			} else if (r)
280
				ae_perm |= acl_nfs4_flag_map[i].a_perm;
281
		}
282

283
		if (acl_get_permset(acl_entry, &acl_permset) != 0) {
284
			archive_set_error(&a->archive, errno,
285
			    "Failed to get ACL permission set");
286
			return (ARCHIVE_WARN);
287
		}
288

289
		for (i = 0; i < acl_nfs4_perm_map_size; ++i) {
290
			/*
291
			 * acl_get_perm() is spelled differently on different
292
			 * platforms; see above.
293
			 */
294
			r = acl_get_perm_np(acl_permset,
295
			    acl_nfs4_perm_map[i].p_perm);
296
			if (r == -1) {
297
				archive_set_error(&a->archive, errno,
298
				    "Failed to check permission in an ACL "
299
				    "permission set");
300
				return (ARCHIVE_WARN);
301
			} else if (r)
302
				ae_perm |= acl_nfs4_perm_map[i].a_perm;
303
		}
304

305
#if !HAVE_DECL_ACL_SYNCHRONIZE
306
		/* On Mac OS X without ACL_SYNCHRONIZE assume it is set */
307
		ae_perm |= ARCHIVE_ENTRY_ACL_SYNCHRONIZE;
308
#endif
309

310
		archive_entry_acl_add_entry(entry, entry_acl_type,
311
					    ae_perm, ae_tag,
312
					    ae_id, ae_name);
313

314
		s = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
315
	}
316
	return (ARCHIVE_OK);
317
}
318

319
static int
320
set_acl(struct archive *a, int fd, const char *name,
321
    struct archive_acl *abstract_acl,
322
    int ae_requested_type, const char *tname)
323
{
324
	acl_t		 acl;
325
	acl_entry_t	 acl_entry;
326
	acl_permset_t	 acl_permset;
327
	acl_flagset_t	 acl_flagset;
328
	int		 ret;
329
	int		 ae_type, ae_permset, ae_tag, ae_id;
330
	uuid_t		 ae_uuid;
331
	uid_t		 ae_uid;
332
	gid_t		 ae_gid;
333
	const char	*ae_name;
334
	int		 entries;
335
	int		 i;
336

337
	ret = ARCHIVE_OK;
338
	entries = archive_acl_reset(abstract_acl, ae_requested_type);
339
	if (entries == 0)
340
		return (ARCHIVE_OK);
341

342
	if (ae_requested_type != ARCHIVE_ENTRY_ACL_TYPE_NFS4) {
343
		errno = ENOENT;
344
		archive_set_error(a, errno, "Unsupported ACL type");
345
		return (ARCHIVE_FAILED);
346
	}
347

348
	acl = acl_init(entries);
349
	if (acl == (acl_t)NULL) {
350
		archive_set_error(a, errno,
351
		    "Failed to initialize ACL working storage");
352
		return (ARCHIVE_FAILED);
353
	}
354

355
	while (archive_acl_next(a, abstract_acl, ae_requested_type, &ae_type,
356
		   &ae_permset, &ae_tag, &ae_id, &ae_name) == ARCHIVE_OK) {
357
		/*
358
		 * Mac OS doesn't support NFSv4 ACLs for
359
		 * owner@, group@ and everyone@.
360
		 * We skip any of these ACLs found.
361
		 */
362
		if (ae_tag == ARCHIVE_ENTRY_ACL_USER_OBJ ||
363
		    ae_tag == ARCHIVE_ENTRY_ACL_GROUP_OBJ ||
364
		    ae_tag == ARCHIVE_ENTRY_ACL_EVERYONE)
365
			continue;
366

367
		if (acl_create_entry(&acl, &acl_entry) != 0) {
368
			archive_set_error(a, errno,
369
			    "Failed to create a new ACL entry");
370
			ret = ARCHIVE_FAILED;
371
			goto exit_free;
372
		}
373

374
		switch (ae_type) {
375
		case ARCHIVE_ENTRY_ACL_TYPE_ALLOW:
376
			acl_set_tag_type(acl_entry, ACL_EXTENDED_ALLOW);
377
			break;
378
		case ARCHIVE_ENTRY_ACL_TYPE_DENY:
379
			acl_set_tag_type(acl_entry, ACL_EXTENDED_DENY);
380
			break;
381
		default:
382
			/* We don't support any other types on MacOS */
383
			continue;
384
		}
385

386
		switch (ae_tag) {
387
		case ARCHIVE_ENTRY_ACL_USER:
388
			ae_uid = archive_write_disk_uid(a, ae_name, ae_id);
389
			if (mbr_uid_to_uuid(ae_uid, ae_uuid) != 0)
390
				continue;
391
			if (acl_set_qualifier(acl_entry, &ae_uuid) != 0)
392
				continue;
393
			break;
394
		case ARCHIVE_ENTRY_ACL_GROUP:
395
			ae_gid = archive_write_disk_gid(a, ae_name, ae_id);
396
			if (mbr_gid_to_uuid(ae_gid, ae_uuid) != 0)
397
				continue;
398
			if (acl_set_qualifier(acl_entry, &ae_uuid) != 0)
399
				continue;
400
			break;
401
		default:
402
			archive_set_error(a, ARCHIVE_ERRNO_MISC,
403
			    "Unsupported ACL tag");
404
			ret = ARCHIVE_FAILED;
405
			goto exit_free;
406
		}
407

408
		if (acl_get_permset(acl_entry, &acl_permset) != 0) {
409
			archive_set_error(a, errno,
410
			    "Failed to get ACL permission set");
411
			ret = ARCHIVE_FAILED;
412
			goto exit_free;
413
		}
414
		if (acl_clear_perms(acl_permset) != 0) {
415
			archive_set_error(a, errno,
416
			    "Failed to clear ACL permissions");
417
			ret = ARCHIVE_FAILED;
418
			goto exit_free;
419
		}
420

421
		for (i = 0; i < acl_nfs4_perm_map_size; ++i) {
422
			if (ae_permset & acl_nfs4_perm_map[i].a_perm) {
423
				if (acl_add_perm(acl_permset,
424
				    acl_nfs4_perm_map[i].p_perm) != 0) {
425
					archive_set_error(a, errno,
426
					    "Failed to add ACL permission");
427
					ret = ARCHIVE_FAILED;
428
					goto exit_free;
429
				}
430
			}
431
		}
432

433
		/*
434
		 * acl_get_flagset_np() fails with non-NFSv4 ACLs
435
		 */
436
		if (acl_get_flagset_np(acl_entry, &acl_flagset) != 0) {
437
			archive_set_error(a, errno,
438
			    "Failed to get flagset from an NFSv4 ACL entry");
439
			ret = ARCHIVE_FAILED;
440
			goto exit_free;
441
		}
442
		if (acl_clear_flags_np(acl_flagset) != 0) {
443
			archive_set_error(a, errno,
444
			    "Failed to clear flags from an NFSv4 ACL flagset");
445
			ret = ARCHIVE_FAILED;
446
			goto exit_free;
447
		}
448

449
		for (i = 0; i < acl_nfs4_flag_map_size; ++i) {
450
			if (ae_permset & acl_nfs4_flag_map[i].a_perm) {
451
				if (acl_add_flag_np(acl_flagset,
452
				    acl_nfs4_flag_map[i].p_perm) != 0) {
453
					archive_set_error(a, errno,
454
					    "Failed to add flag to "
455
					    "NFSv4 ACL flagset");
456
					ret = ARCHIVE_FAILED;
457
					goto exit_free;
458
				}
459
			}
460
		}
461
	}
462

463
	if (fd >= 0) {
464
		if (acl_set_fd_np(fd, acl, ACL_TYPE_EXTENDED) == 0)
465
			ret = ARCHIVE_OK;
466
		else {
467
			if (errno == EOPNOTSUPP) {
468
				/* Filesystem doesn't support ACLs */
469
				ret = ARCHIVE_OK;
470
			} else {
471
				archive_set_error(a, errno,
472
				    "Failed to set acl on fd: %s", tname);
473
				ret = ARCHIVE_WARN;
474
			}
475
		}
476
	} else if (acl_set_link_np(name, ACL_TYPE_EXTENDED, acl) != 0) {
477
		if (errno == EOPNOTSUPP) {
478
			/* Filesystem doesn't support ACLs */
479
			ret = ARCHIVE_OK;
480
		} else {
481
			archive_set_error(a, errno, "Failed to set acl: %s",
482
			    tname);
483
			ret = ARCHIVE_WARN;
484
		}
485
	}
486
exit_free:
487
	acl_free(acl);
488
	return (ret);
489
}
490

491
int
492
archive_read_disk_entry_setup_acls(struct archive_read_disk *a,
493
    struct archive_entry *entry, int *fd)
494
{
495
	const char	*accpath;
496
	acl_t		acl;
497
	int		r;
498

499
	accpath = NULL;
500

501
	if (*fd < 0) {
502
		accpath = archive_read_disk_entry_setup_path(a, entry, fd);
503
		if (accpath == NULL)
504
			return (ARCHIVE_WARN);
505
	}
506

507
	archive_entry_acl_clear(entry);
508

509
	acl = NULL;
510

511
	if (*fd >= 0)
512
		acl = acl_get_fd_np(*fd, ACL_TYPE_EXTENDED);
513
	else if (!a->follow_symlinks)
514
		acl = acl_get_link_np(accpath, ACL_TYPE_EXTENDED);
515
	else
516
		acl = acl_get_file(accpath, ACL_TYPE_EXTENDED);
517

518
	if (acl != NULL) {
519
		r = translate_acl(a, entry, acl);
520
		acl_free(acl);
521
		acl = NULL;
522

523
		if (r != ARCHIVE_OK) {
524
			archive_set_error(&a->archive, errno,
525
			    "Couldn't translate NFSv4 ACLs");
526
		}
527

528
		/*
529
		 * Because Mac OS doesn't support owner@, group@ and everyone@
530
		 * ACLs we need to add NFSv4 ACLs mirroring the file mode to
531
		 * the archive entry. Otherwise extraction on non-Mac platforms
532
		 * would lead to an invalid file mode.
533
		 */
534
		if ((archive_entry_acl_types(entry) &
535
		    ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0)
536
			add_trivial_nfs4_acl(entry);
537

538
		return (r);
539
	}
540
	return (ARCHIVE_OK);
541
}
542

543
int
544
archive_write_disk_set_acls(struct archive *a, int fd, const char *name,
545
    struct archive_acl *abstract_acl, __LA_MODE_T mode)
546
{
547
	int		ret = ARCHIVE_OK;
548

549
	(void)mode;	/* UNUSED */
550

551
	if ((archive_acl_types(abstract_acl) &
552
	    ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) {
553
		ret = set_acl(a, fd, name, abstract_acl,
554
		    ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4");
555
	}
556
	return (ret);
557
}
558
#endif	/* ARCHIVE_ACL_DARWIN */
559

560