1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <sys/types.h> 30 #include <sys/acl.h> 31 #include <sys/stat.h> 32 #if defined(_KERNEL) 33 #include <sys/systm.h> 34 #else 35 #include <errno.h> 36 #include <stdlib.h> 37 #include <strings.h> 38 #include <assert.h> 39 #define ASSERT assert 40 #endif 41 42 43 ace_t trivial_acl[] = { 44 {-1, 0, ACE_OWNER, ACE_ACCESS_DENIED_ACE_TYPE}, 45 {-1, ACE_WRITE_ACL|ACE_WRITE_OWNER|ACE_WRITE_ATTRIBUTES| 46 ACE_WRITE_NAMED_ATTRS, ACE_OWNER, ACE_ACCESS_ALLOWED_ACE_TYPE}, 47 {-1, 0, ACE_GROUP|ACE_IDENTIFIER_GROUP, ACE_ACCESS_DENIED_ACE_TYPE}, 48 {-1, 0, ACE_GROUP|ACE_IDENTIFIER_GROUP, ACE_ACCESS_ALLOWED_ACE_TYPE}, 49 {-1, ACE_WRITE_ACL|ACE_WRITE_OWNER| ACE_WRITE_ATTRIBUTES| 50 ACE_WRITE_NAMED_ATTRS, ACE_EVERYONE, ACE_ACCESS_DENIED_ACE_TYPE}, 51 {-1, ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_READ_NAMED_ATTRS| 52 ACE_SYNCHRONIZE, ACE_EVERYONE, ACE_ACCESS_ALLOWED_ACE_TYPE} 53 }; 54 55 56 void 57 adjust_ace_pair(ace_t *pair, mode_t mode) 58 { 59 if (mode & S_IROTH) 60 pair[1].a_access_mask |= ACE_READ_DATA; 61 else 62 pair[0].a_access_mask |= ACE_READ_DATA; 63 if (mode & S_IWOTH) 64 pair[1].a_access_mask |= 65 ACE_WRITE_DATA|ACE_APPEND_DATA; 66 else 67 pair[0].a_access_mask |= 68 ACE_WRITE_DATA|ACE_APPEND_DATA; 69 if (mode & S_IXOTH) 70 pair[1].a_access_mask |= ACE_EXECUTE; 71 else 72 pair[0].a_access_mask |= ACE_EXECUTE; 73 } 74 75 /* 76 * ace_trivial: 77 * determine whether an ace_t acl is trivial 78 * 79 * Trivialness implys that the acl is composed of only 80 * owner, group, everyone entries. ACL can't 81 * have read_acl denied, and write_owner/write_acl/write_attributes 82 * can only be owner@ entry. 83 */ 84 int 85 ace_trivial(ace_t *acep, int aclcnt) 86 { 87 int i; 88 int owner_seen = 0; 89 int group_seen = 0; 90 int everyone_seen = 0; 91 92 for (i = 0; i != aclcnt; i++) { 93 switch (acep[i].a_flags & 0xf040) { 94 case ACE_OWNER: 95 if (group_seen || everyone_seen) 96 return (1); 97 owner_seen++; 98 break; 99 case ACE_GROUP|ACE_IDENTIFIER_GROUP: 100 if (everyone_seen || owner_seen == 0) 101 return (1); 102 group_seen++; 103 break; 104 105 case ACE_EVERYONE: 106 if (owner_seen == 0 || group_seen == 0) 107 return (1); 108 everyone_seen++; 109 break; 110 default: 111 return (1); 112 113 } 114 115 if (acep[i].a_flags & (ACE_FILE_INHERIT_ACE| 116 ACE_DIRECTORY_INHERIT_ACE|ACE_NO_PROPAGATE_INHERIT_ACE| 117 ACE_INHERIT_ONLY_ACE)) 118 return (1); 119 120 /* 121 * Special check for some special bits 122 * 123 * Don't allow anybody to deny reading basic 124 * attributes or a files ACL. 125 */ 126 if ((acep[i].a_access_mask & 127 (ACE_READ_ACL|ACE_READ_ATTRIBUTES)) && 128 (acep[i].a_type == ACE_ACCESS_DENIED_ACE_TYPE)) 129 return (1); 130 131 /* 132 * Allow on owner@ to allow 133 * write_acl/write_owner/write_attributes 134 */ 135 if (acep[i].a_type == ACE_ACCESS_ALLOWED_ACE_TYPE && 136 (!(acep[i].a_flags & ACE_OWNER) && (acep[i].a_access_mask & 137 (ACE_WRITE_OWNER|ACE_WRITE_ACL|ACE_WRITE_ATTRIBUTES)))) 138 return (1); 139 } 140 141 if ((owner_seen == 0) || (group_seen == 0) || (everyone_seen == 0)) 142 return (1); 143 144 return (0); 145 } 146 147 148 /* 149 * Generic shellsort, from K&R (1st ed, p 58.), somewhat modified. 150 * v = Ptr to array/vector of objs 151 * n = # objs in the array 152 * s = size of each obj (must be multiples of a word size) 153 * f = ptr to function to compare two objs 154 * returns (-1 = less than, 0 = equal, 1 = greater than 155 */ 156 void 157 ksort(caddr_t v, int n, int s, int (*f)()) 158 { 159 int g, i, j, ii; 160 unsigned int *p1, *p2; 161 unsigned int tmp; 162 163 /* No work to do */ 164 if (v == NULL || n <= 1) 165 return; 166 167 /* Sanity check on arguments */ 168 ASSERT(((uintptr_t)v & 0x3) == 0 && (s & 0x3) == 0); 169 ASSERT(s > 0); 170 for (g = n / 2; g > 0; g /= 2) { 171 for (i = g; i < n; i++) { 172 for (j = i - g; j >= 0 && 173 (*f)(v + j * s, v + (j + g) * s) == 1; 174 j -= g) { 175 p1 = (void *)(v + j * s); 176 p2 = (void *)(v + (j + g) * s); 177 for (ii = 0; ii < s / 4; ii++) { 178 tmp = *p1; 179 *p1++ = *p2; 180 *p2++ = tmp; 181 } 182 } 183 } 184 } 185 } 186 187 /* 188 * Compare two acls, all fields. Returns: 189 * -1 (less than) 190 * 0 (equal) 191 * +1 (greater than) 192 */ 193 int 194 cmp2acls(void *a, void *b) 195 { 196 aclent_t *x = (aclent_t *)a; 197 aclent_t *y = (aclent_t *)b; 198 199 /* Compare types */ 200 if (x->a_type < y->a_type) 201 return (-1); 202 if (x->a_type > y->a_type) 203 return (1); 204 /* Equal types; compare id's */ 205 if (x->a_id < y->a_id) 206 return (-1); 207 if (x->a_id > y->a_id) 208 return (1); 209 /* Equal ids; compare perms */ 210 if (x->a_perm < y->a_perm) 211 return (-1); 212 if (x->a_perm > y->a_perm) 213 return (1); 214 /* Totally equal */ 215 return (0); 216 } 217