+/* disable posix acls when problem found in gnulib script m4/acl.m4 */
+#if ! USE_ACL
+# undef HAVE_POSIX_ACLS
+#endif
+
+#ifdef HAVE_POSIX_ACLS
+# include "acl.h"
+# include <sys/acl.h>
+#endif
+
+#ifdef HAVE_POSIX_ACLS
+
+/* acl-at wrappers, TODO: move to gnulib in future? */
+static acl_t acl_get_file_at (int, const char *, acl_type_t);
+static int acl_set_file_at (int, const char *, acl_type_t, acl_t);
+static int file_has_acl_at (int, char const *, struct stat const *);
+static int acl_delete_def_file_at (int, char const *);
+
+/* acl_get_file_at */
+#define AT_FUNC_NAME acl_get_file_at
+#define AT_FUNC_RESULT acl_t
+#define AT_FUNC_FAIL (acl_t)NULL
+#define AT_FUNC_F1 acl_get_file
+#define AT_FUNC_POST_FILE_PARAM_DECLS , acl_type_t type
+#define AT_FUNC_POST_FILE_ARGS , type
+#include "at-func.c"
+#undef AT_FUNC_NAME
+#undef AT_FUNC_F1
+#undef AT_FUNC_RESULT
+#undef AT_FUNC_FAIL
+#undef AT_FUNC_POST_FILE_PARAM_DECLS
+#undef AT_FUNC_POST_FILE_ARGS
+
+/* acl_set_file_at */
+#define AT_FUNC_NAME acl_set_file_at
+#define AT_FUNC_F1 acl_set_file
+#define AT_FUNC_POST_FILE_PARAM_DECLS , acl_type_t type, acl_t acl
+#define AT_FUNC_POST_FILE_ARGS , type, acl
+#include "at-func.c"
+#undef AT_FUNC_NAME
+#undef AT_FUNC_F1
+#undef AT_FUNC_POST_FILE_PARAM_DECLS
+#undef AT_FUNC_POST_FILE_ARGS
+
+/* acl_delete_def_file_at */
+#define AT_FUNC_NAME acl_delete_def_file_at
+#define AT_FUNC_F1 acl_delete_def_file
+#define AT_FUNC_POST_FILE_PARAM_DECLS
+#define AT_FUNC_POST_FILE_ARGS
+#include "at-func.c"
+#undef AT_FUNC_NAME
+#undef AT_FUNC_F1
+#undef AT_FUNC_POST_FILE_PARAM_DECLS
+#undef AT_FUNC_POST_FILE_ARGS
+
+/* gnulib file_has_acl_at */
+#define AT_FUNC_NAME file_has_acl_at
+#define AT_FUNC_F1 file_has_acl
+#define AT_FUNC_POST_FILE_PARAM_DECLS , struct stat const *st
+#define AT_FUNC_POST_FILE_ARGS , st
+#include "at-func.c"
+#undef AT_FUNC_NAME
+#undef AT_FUNC_F1
+#undef AT_FUNC_POST_FILE_PARAM_DECLS
+#undef AT_FUNC_POST_FILE_ARGS
+
+/* convert unix permissions into an ACL ... needed due to "default" ACLs */
+static acl_t
+perms2acl (int perms)
+{
+ char val[] = "user::---,group::---,other::---";
+ /* 0123456789 123456789 123456789 123456789 */
+
+ /* user */
+ if (perms & 0400)
+ val[6] = 'r';
+ if (perms & 0200)
+ val[7] = 'w';
+ if (perms & 0100)
+ val[8] = 'x';
+
+ /* group */
+ if (perms & 0040)
+ val[17] = 'r';
+ if (perms & 0020)
+ val[18] = 'w';
+ if (perms & 0010)
+ val[19] = 'x';
+
+ /* other */
+ if (perms & 0004)
+ val[28] = 'r';
+ if (perms & 0002)
+ val[29] = 'w';
+ if (perms & 0001)
+ val[30] = 'x';
+
+ return acl_from_text (val);
+}
+
+static char *
+skip_to_ext_fields (char *ptr)
+{
+ /* skip tag name (user/group/default/mask) */
+ ptr += strcspn (ptr, ":,\n");
+
+ if (*ptr != ':')
+ return ptr;
+ ++ptr;
+
+ ptr += strcspn (ptr, ":,\n"); /* skip user/group name */
+
+ if (*ptr != ':')
+ return ptr;
+ ++ptr;
+
+ ptr += strcspn (ptr, ":,\n"); /* skip perms */
+
+ return ptr;
+}
+
+/* The POSIX draft allows extra fields after the three main ones. Star
+ uses this to add a fourth field for user/group which is the numeric ID.
+ This function removes such extra fields by overwriting them with the
+ characters that follow. */
+static char *
+fixup_extra_acl_fields (char *ptr)
+{
+ char *src = ptr;
+ char *dst = ptr;
+
+ while (*src)
+ {
+ const char *old = src;
+ size_t len = 0;
+
+ src = skip_to_ext_fields (src);
+ len = src - old;
+ if (old != dst)
+ memmove (dst, old, len);
+ dst += len;
+
+ if (*src == ':') /* We have extra fields, skip them all */
+ src += strcspn (src, "\n,");
+
+ if ((*src == '\n') || (*src == ','))
+ *dst++ = *src++; /* also done when dst == src, but that's ok */
+ }
+ if (src != dst)
+ *dst = 0;
+
+ return ptr;
+}
+
+/* Set the "system.posix_acl_access/system.posix_acl_default" extended
+ attribute. Called only when acls_option > 0. */
+static void
+xattrs__acls_set (struct tar_stat_info const *st,
+ char const *file_name, int type,
+ char *ptr, size_t len, bool def)
+{
+ acl_t acl;
+
+ if (ptr)
+ {
+ /* assert (strlen (ptr) == len); */
+ ptr = fixup_extra_acl_fields (ptr);
+ acl = acl_from_text (ptr);
+ }
+ else if (def)
+ {
+ /* No "default" IEEE 1003.1e ACL set for directory. At this moment,
+ FILE_NAME may already have inherited default acls from parent
+ directory; clean them up. */
+ if (acl_delete_def_file_at (chdir_fd, file_name))
+ WARNOPT (WARN_XATTR_WRITE,
+ (0, errno,
+ _("acl_delete_def_file_at: Cannot drop default POSIX ACLs "
+ "for file '%s'"),
+ file_name));
+ return;
+ }
+ else
+ acl = perms2acl (st->stat.st_mode);
+
+ if (!acl)
+ {
+ call_arg_warn ("acl_from_text", file_name);
+ return;
+ }
+
+ if (acl_set_file_at (chdir_fd, file_name, type, acl) == -1)
+ /* warn even if filesystem does not support acls */
+ WARNOPT (WARN_XATTR_WRITE,
+ (0, errno,
+ _ ("acl_set_file_at: Cannot set POSIX ACLs for file '%s'"),
+ file_name));
+
+ acl_free (acl);
+}
+
+static void
+xattrs__acls_get_a (int parentfd, const char *file_name,
+ struct tar_stat_info *st,
+ char **ret_ptr, size_t * ret_len)