From 608ac86387a6f97fea303b18432551d9ea9fe67b Mon Sep 17 00:00:00 2001
From: Ben Kibbey <bjk@luxsci.net>
Date: Mon, 5 Nov 2012 19:14:19 -0500
Subject: [PATCH] Fix ACL's.

---
 src/agent.c | 38 +++++++++++++++++++++-----------------
 1 file changed, 21 insertions(+), 17 deletions(-)

diff --git a/src/agent.c b/src/agent.c
index a3fab932..c0d7d859 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -989,6 +989,16 @@ static gpg_error_t sign(gcry_sexp_t *rsexp, const char *sign_hexgrip,
     return rc;
 }
 
+#ifdef WITH_LIBACL
+static void cleanup_acl(void *arg)
+{
+    acl_t acl = *(acl_t *)arg;
+
+    if (acl)
+	acl_free(acl);
+}
+#endif
+
 static gpg_error_t write_file(struct crypto_s *crypto, const char *filename,
 	void * data, size_t data_len, void * sexp, size_t sexp_len,
 	gcry_sexp_t pubkey, gcry_sexp_t sigpkey)
@@ -1055,33 +1065,27 @@ static gpg_error_t write_file(struct crypto_s *crypto, const char *filename,
 	rc = gpg_error_from_syserror();
 
 #ifdef WITH_LIBACL
-    pthread_cleanup_push(acl_free, acl);
+    pthread_cleanup_push(cleanup_acl, &acl);
 #endif
     if (!rc) {
 	if (fsync(fd) != -1) {
 	    if (filename && close(fd) != -1) {
+#ifdef WITH_LIBACL
+		acl = acl_get_file(filename, ACL_TYPE_ACCESS);
+		if (!acl && errno == ENOENT)
+		    acl = acl_get_file(".", ACL_TYPE_DEFAULT);
+		if (!acl)
+		    log_write("ACL: %s: %s", filename,
+			      pwmd_strerror(gpg_error_from_syserror()));
+#endif
+
 		if (mode && config_get_boolean(filename, "backup")) {
 		    char tmp2[FILENAME_MAX];
 
 		    snprintf(tmp2, sizeof(tmp2), "%s.backup", filename);
-#ifdef WITH_LIBACL
-		    acl = acl_get_file(filename, ACL_TYPE_ACCESS);
-		    if (!acl)
-			log_write("ACL: %s: %s", filename,
-				pwmd_strerror(gpg_error_from_syserror()));
-#endif
-
 		    if (rename(filename, tmp2) == -1)
 			rc = gpg_error_from_syserror();
 		}
-		else if (filename) {
-#ifdef WITH_LIBACL
-		    acl = acl_get_file(".", ACL_TYPE_DEFAULT);
-		    if (!acl)
-			log_write("ACL: %s: %s", filename,
-				pwmd_strerror(gpg_error_from_syserror()));
-#endif
-		}
 	    }
 	    else if (filename)
 		rc = gpg_error_from_syserror();
@@ -1097,7 +1101,7 @@ static gpg_error_t write_file(struct crypto_s *crypto, const char *filename,
 		chmod(filename, mode);
 
 #ifdef WITH_LIBACL
-	    if (filename && acl && acl_set_file(filename, ACL_TYPE_ACCESS, acl))
+	    if (acl && acl_set_file(filename, ACL_TYPE_ACCESS, acl))
 		log_write("ACL: %s: %s", filename,
 			pwmd_strerror(gpg_error_from_syserror()));
 #endif
-- 
2.11.4.GIT