1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <sys/types.h> 29 #include <sys/acl.h> 30 #include <sys/stat.h> 31 #if defined(_KERNEL) 32 #include <sys/systm.h> 33 #else 34 #include <errno.h> 35 #include <stdlib.h> 36 #include <strings.h> 37 #include <assert.h> 38 #define ASSERT assert 39 #endif 40 41 42 ace_t trivial_acl[] = { 43 {(uid_t)-1, 0, ACE_OWNER, ACE_ACCESS_DENIED_ACE_TYPE}, 44 {(uid_t)-1, ACE_WRITE_ACL|ACE_WRITE_OWNER|ACE_WRITE_ATTRIBUTES| 45 ACE_WRITE_NAMED_ATTRS, ACE_OWNER, ACE_ACCESS_ALLOWED_ACE_TYPE}, 46 {(uid_t)-1, 0, ACE_GROUP|ACE_IDENTIFIER_GROUP, 47 ACE_ACCESS_DENIED_ACE_TYPE}, 48 {(uid_t)-1, 0, ACE_GROUP|ACE_IDENTIFIER_GROUP, 49 ACE_ACCESS_ALLOWED_ACE_TYPE}, 50 {(uid_t)-1, ACE_WRITE_ACL|ACE_WRITE_OWNER| ACE_WRITE_ATTRIBUTES| 51 ACE_WRITE_NAMED_ATTRS, ACE_EVERYONE, ACE_ACCESS_DENIED_ACE_TYPE}, 52 {(uid_t)-1, ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_READ_NAMED_ATTRS| 53 ACE_SYNCHRONIZE, ACE_EVERYONE, ACE_ACCESS_ALLOWED_ACE_TYPE} 54 }; 55 56 57 void 58 adjust_ace_pair(ace_t *pair, mode_t mode) 59 { 60 if (mode & S_IROTH) 61 pair[1].a_access_mask |= ACE_READ_DATA; 62 else 63 pair[0].a_access_mask |= ACE_READ_DATA; 64 if (mode & S_IWOTH) 65 pair[1].a_access_mask |= 66 ACE_WRITE_DATA|ACE_APPEND_DATA; 67 else 68 pair[0].a_access_mask |= 69 ACE_WRITE_DATA|ACE_APPEND_DATA; 70 if (mode & S_IXOTH) 71 pair[1].a_access_mask |= ACE_EXECUTE; 72 else 73 pair[0].a_access_mask |= ACE_EXECUTE; 74 } 75 76 /* 77 * ace_trivial: 78 * determine whether an ace_t acl is trivial 79 * 80 * Trivialness implys that the acl is composed of only 81 * owner, group, everyone entries. ACL can't 82 * have read_acl denied, and write_owner/write_acl/write_attributes 83 * can only be owner@ entry. 84 */ 85 int 86 ace_trivial(ace_t *acep, int aclcnt) 87 { 88 int i; 89 int owner_seen = 0; 90 int group_seen = 0; 91 int everyone_seen = 0; 92 93 for (i = 0; i != aclcnt; i++) { 94 switch (acep[i].a_flags & 0xf040) { 95 case ACE_OWNER: 96 if (group_seen || everyone_seen) 97 return (1); 98 owner_seen++; 99 break; 100 case ACE_GROUP|ACE_IDENTIFIER_GROUP: 101 if (everyone_seen || owner_seen == 0) 102 return (1); 103 group_seen++; 104 break; 105 106 case ACE_EVERYONE: 107 if (owner_seen == 0 || group_seen == 0) 108 return (1); 109 everyone_seen++; 110 break; 111 default: 112 return (1); 113 114 } 115 116 if (acep[i].a_flags & (ACE_FILE_INHERIT_ACE| 117 ACE_DIRECTORY_INHERIT_ACE|ACE_NO_PROPAGATE_INHERIT_ACE| 118 ACE_INHERIT_ONLY_ACE)) 119 return (1); 120 121 /* 122 * Special check for some special bits 123 * 124 * Don't allow anybody to deny reading basic 125 * attributes or a files ACL. 126 */ 127 if ((acep[i].a_access_mask & 128 (ACE_READ_ACL|ACE_READ_ATTRIBUTES)) && 129 (acep[i].a_type == ACE_ACCESS_DENIED_ACE_TYPE)) 130 return (1); 131 132 /* 133 * Allow on owner@ to allow 134 * write_acl/write_owner/write_attributes 135 */ 136 if (acep[i].a_type == ACE_ACCESS_ALLOWED_ACE_TYPE && 137 (!(acep[i].a_flags & ACE_OWNER) && (acep[i].a_access_mask & 138 (ACE_WRITE_OWNER|ACE_WRITE_ACL|ACE_WRITE_ATTRIBUTES)))) 139 return (1); 140 } 141 142 if ((owner_seen == 0) || (group_seen == 0) || (everyone_seen == 0)) 143 return (1); 144 145 return (0); 146 } 147 148 149 /* 150 * Generic shellsort, from K&R (1st ed, p 58.), somewhat modified. 151 * v = Ptr to array/vector of objs 152 * n = # objs in the array 153 * s = size of each obj (must be multiples of a word size) 154 * f = ptr to function to compare two objs 155 * returns (-1 = less than, 0 = equal, 1 = greater than 156 */ 157 void 158 ksort(caddr_t v, int n, int s, int (*f)()) 159 { 160 int g, i, j, ii; 161 unsigned int *p1, *p2; 162 unsigned int tmp; 163 164 /* No work to do */ 165 if (v == NULL || n <= 1) 166 return; 167 168 /* Sanity check on arguments */ 169 ASSERT(((uintptr_t)v & 0x3) == 0 && (s & 0x3) == 0); 170 ASSERT(s > 0); 171 for (g = n / 2; g > 0; g /= 2) { 172 for (i = g; i < n; i++) { 173 for (j = i - g; j >= 0 && 174 (*f)(v + j * s, v + (j + g) * s) == 1; 175 j -= g) { 176 p1 = (void *)(v + j * s); 177 p2 = (void *)(v + (j + g) * s); 178 for (ii = 0; ii < s / 4; ii++) { 179 tmp = *p1; 180 *p1++ = *p2; 181 *p2++ = tmp; 182 } 183 } 184 } 185 } 186 } 187 188 /* 189 * Compare two acls, all fields. Returns: 190 * -1 (less than) 191 * 0 (equal) 192 * +1 (greater than) 193 */ 194 int 195 cmp2acls(void *a, void *b) 196 { 197 aclent_t *x = (aclent_t *)a; 198 aclent_t *y = (aclent_t *)b; 199 200 /* Compare types */ 201 if (x->a_type < y->a_type) 202 return (-1); 203 if (x->a_type > y->a_type) 204 return (1); 205 /* Equal types; compare id's */ 206 if (x->a_id < y->a_id) 207 return (-1); 208 if (x->a_id > y->a_id) 209 return (1); 210 /* Equal ids; compare perms */ 211 if (x->a_perm < y->a_perm) 212 return (-1); 213 if (x->a_perm > y->a_perm) 214 return (1); 215 /* Totally equal */ 216 return (0); 217 } 218