17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
5*b249c65cSmarks * Common Development and Distribution License (the "License").
6*b249c65cSmarks * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
217c478bd9Sstevel@tonic-gate /*
22*b249c65cSmarks * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23fa9e4066Sahrens * Use is subject to license terms.
247c478bd9Sstevel@tonic-gate */
257c478bd9Sstevel@tonic-gate
267c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI"
277c478bd9Sstevel@tonic-gate /*LINTLIBRARY*/
287c478bd9Sstevel@tonic-gate
297c478bd9Sstevel@tonic-gate /*
307c478bd9Sstevel@tonic-gate * aclcheck(): check validity of an ACL
317c478bd9Sstevel@tonic-gate * A valid ACL is defined as follows:
327c478bd9Sstevel@tonic-gate * There must be exactly one USER_OBJ, GROUP_OBJ, and OTHER_OBJ entry.
337c478bd9Sstevel@tonic-gate * If there are any USER entries, then the user id must be unique.
347c478bd9Sstevel@tonic-gate * If there are any GROUP entries, then the group id must be unique.
357c478bd9Sstevel@tonic-gate * If there are any GROUP or USER entries, there must be exactly one
367c478bd9Sstevel@tonic-gate * CLASS_OBJ entry.
377c478bd9Sstevel@tonic-gate * The same rules apply to default ACL entries.
387c478bd9Sstevel@tonic-gate */
397c478bd9Sstevel@tonic-gate
407c478bd9Sstevel@tonic-gate #include <errno.h>
417c478bd9Sstevel@tonic-gate #include <stdlib.h>
427c478bd9Sstevel@tonic-gate #include <string.h>
437c478bd9Sstevel@tonic-gate #include <sys/types.h>
447c478bd9Sstevel@tonic-gate #include <sys/acl.h>
45fa9e4066Sahrens #include <aclutils.h>
467c478bd9Sstevel@tonic-gate
477c478bd9Sstevel@tonic-gate struct entry {
487c478bd9Sstevel@tonic-gate int count;
497c478bd9Sstevel@tonic-gate uid_t *id;
507c478bd9Sstevel@tonic-gate };
517c478bd9Sstevel@tonic-gate
527c478bd9Sstevel@tonic-gate struct entry_stat {
537c478bd9Sstevel@tonic-gate struct entry user_obj;
547c478bd9Sstevel@tonic-gate struct entry user;
557c478bd9Sstevel@tonic-gate struct entry group_obj;
567c478bd9Sstevel@tonic-gate struct entry group;
577c478bd9Sstevel@tonic-gate struct entry other_obj;
587c478bd9Sstevel@tonic-gate struct entry class_obj;
597c478bd9Sstevel@tonic-gate struct entry def_user_obj;
607c478bd9Sstevel@tonic-gate struct entry def_user;
617c478bd9Sstevel@tonic-gate struct entry def_group_obj;
627c478bd9Sstevel@tonic-gate struct entry def_group;
637c478bd9Sstevel@tonic-gate struct entry def_other_obj;
647c478bd9Sstevel@tonic-gate struct entry def_class_obj;
657c478bd9Sstevel@tonic-gate };
667c478bd9Sstevel@tonic-gate
677c478bd9Sstevel@tonic-gate static void free_mem(struct entry_stat *);
687c478bd9Sstevel@tonic-gate static int check_dup(int, uid_t *, uid_t, struct entry_stat *);
697c478bd9Sstevel@tonic-gate
70fa9e4066Sahrens static int
aclent_aclcheck(aclent_t * aclbufp,int nentries,int * which,int isdir)71fa9e4066Sahrens aclent_aclcheck(aclent_t *aclbufp, int nentries, int *which, int isdir)
727c478bd9Sstevel@tonic-gate {
737c478bd9Sstevel@tonic-gate struct entry_stat tally;
747c478bd9Sstevel@tonic-gate aclent_t *aclentp;
757c478bd9Sstevel@tonic-gate uid_t **idp;
767c478bd9Sstevel@tonic-gate int cnt;
777c478bd9Sstevel@tonic-gate
787c478bd9Sstevel@tonic-gate *which = -1;
797c478bd9Sstevel@tonic-gate memset(&tally, '\0', sizeof (tally));
807c478bd9Sstevel@tonic-gate
817c478bd9Sstevel@tonic-gate for (aclentp = aclbufp; nentries > 0; nentries--, aclentp++) {
827c478bd9Sstevel@tonic-gate switch (aclentp->a_type) {
837c478bd9Sstevel@tonic-gate case USER_OBJ:
847c478bd9Sstevel@tonic-gate /* check uniqueness */
857c478bd9Sstevel@tonic-gate if (tally.user_obj.count > 0) {
867c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp);
877c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
887c478bd9Sstevel@tonic-gate errno = EINVAL;
89fa9e4066Sahrens return (EACL_USER_ERROR);
907c478bd9Sstevel@tonic-gate }
917c478bd9Sstevel@tonic-gate tally.user_obj.count = 1;
927c478bd9Sstevel@tonic-gate break;
937c478bd9Sstevel@tonic-gate
947c478bd9Sstevel@tonic-gate case GROUP_OBJ:
957c478bd9Sstevel@tonic-gate /* check uniqueness */
967c478bd9Sstevel@tonic-gate if (tally.group_obj.count > 0) {
977c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp);
987c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
997c478bd9Sstevel@tonic-gate errno = EINVAL;
100fa9e4066Sahrens return (EACL_GRP_ERROR);
1017c478bd9Sstevel@tonic-gate }
1027c478bd9Sstevel@tonic-gate tally.group_obj.count = 1;
1037c478bd9Sstevel@tonic-gate break;
1047c478bd9Sstevel@tonic-gate
1057c478bd9Sstevel@tonic-gate case OTHER_OBJ:
1067c478bd9Sstevel@tonic-gate /* check uniqueness */
1077c478bd9Sstevel@tonic-gate if (tally.other_obj.count > 0) {
1087c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp);
1097c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
1107c478bd9Sstevel@tonic-gate errno = EINVAL;
111fa9e4066Sahrens return (EACL_OTHER_ERROR);
1127c478bd9Sstevel@tonic-gate }
1137c478bd9Sstevel@tonic-gate tally.other_obj.count = 1;
1147c478bd9Sstevel@tonic-gate break;
1157c478bd9Sstevel@tonic-gate
1167c478bd9Sstevel@tonic-gate case CLASS_OBJ:
1177c478bd9Sstevel@tonic-gate /* check uniqueness */
1187c478bd9Sstevel@tonic-gate if (tally.class_obj.count > 0) {
1197c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp);
1207c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
1217c478bd9Sstevel@tonic-gate errno = EINVAL;
122fa9e4066Sahrens return (EACL_CLASS_ERROR);
1237c478bd9Sstevel@tonic-gate }
1247c478bd9Sstevel@tonic-gate tally.class_obj.count = 1;
1257c478bd9Sstevel@tonic-gate break;
1267c478bd9Sstevel@tonic-gate
1277c478bd9Sstevel@tonic-gate case USER:
1287c478bd9Sstevel@tonic-gate case GROUP:
1297c478bd9Sstevel@tonic-gate case DEF_USER:
1307c478bd9Sstevel@tonic-gate case DEF_GROUP:
1317c478bd9Sstevel@tonic-gate /* check duplicate */
1327c478bd9Sstevel@tonic-gate if (aclentp->a_type == DEF_USER) {
1337c478bd9Sstevel@tonic-gate cnt = (tally.def_user.count)++;
1347c478bd9Sstevel@tonic-gate idp = &(tally.def_user.id);
1357c478bd9Sstevel@tonic-gate } else if (aclentp->a_type == DEF_GROUP) {
1367c478bd9Sstevel@tonic-gate cnt = (tally.def_group.count)++;
1377c478bd9Sstevel@tonic-gate idp = &(tally.def_group.id);
1387c478bd9Sstevel@tonic-gate } else if (aclentp->a_type == USER) {
1397c478bd9Sstevel@tonic-gate cnt = (tally.user.count)++;
1407c478bd9Sstevel@tonic-gate idp = &(tally.user.id);
1417c478bd9Sstevel@tonic-gate } else {
1427c478bd9Sstevel@tonic-gate cnt = (tally.group.count)++;
1437c478bd9Sstevel@tonic-gate idp = &(tally.group.id);
1447c478bd9Sstevel@tonic-gate }
1457c478bd9Sstevel@tonic-gate
1467c478bd9Sstevel@tonic-gate if (cnt == 0) {
1477c478bd9Sstevel@tonic-gate *idp = calloc(nentries, sizeof (uid_t));
1487c478bd9Sstevel@tonic-gate if (*idp == NULL)
149fa9e4066Sahrens return (EACL_MEM_ERROR);
1507c478bd9Sstevel@tonic-gate } else {
1517c478bd9Sstevel@tonic-gate if (check_dup(cnt, *idp, aclentp->a_id,
1527c478bd9Sstevel@tonic-gate &tally) == -1) {
1537c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp);
154fa9e4066Sahrens return (EACL_DUPLICATE_ERROR);
1557c478bd9Sstevel@tonic-gate }
1567c478bd9Sstevel@tonic-gate }
1577c478bd9Sstevel@tonic-gate (*idp)[cnt] = aclentp->a_id;
1587c478bd9Sstevel@tonic-gate break;
1597c478bd9Sstevel@tonic-gate
1607c478bd9Sstevel@tonic-gate case DEF_USER_OBJ:
1617c478bd9Sstevel@tonic-gate /* check uniqueness */
1627c478bd9Sstevel@tonic-gate if (tally.def_user_obj.count > 0) {
1637c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp);
1647c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
1657c478bd9Sstevel@tonic-gate errno = EINVAL;
166fa9e4066Sahrens return (EACL_USER_ERROR);
1677c478bd9Sstevel@tonic-gate }
1687c478bd9Sstevel@tonic-gate tally.def_user_obj.count = 1;
1697c478bd9Sstevel@tonic-gate break;
1707c478bd9Sstevel@tonic-gate
1717c478bd9Sstevel@tonic-gate case DEF_GROUP_OBJ:
1727c478bd9Sstevel@tonic-gate /* check uniqueness */
1737c478bd9Sstevel@tonic-gate if (tally.def_group_obj.count > 0) {
1747c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp);
1757c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
1767c478bd9Sstevel@tonic-gate errno = EINVAL;
177fa9e4066Sahrens return (EACL_GRP_ERROR);
1787c478bd9Sstevel@tonic-gate }
1797c478bd9Sstevel@tonic-gate tally.def_group_obj.count = 1;
1807c478bd9Sstevel@tonic-gate break;
1817c478bd9Sstevel@tonic-gate
1827c478bd9Sstevel@tonic-gate case DEF_OTHER_OBJ:
1837c478bd9Sstevel@tonic-gate /* check uniqueness */
1847c478bd9Sstevel@tonic-gate if (tally.def_other_obj.count > 0) {
1857c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp);
1867c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
1877c478bd9Sstevel@tonic-gate errno = EINVAL;
188fa9e4066Sahrens return (EACL_OTHER_ERROR);
1897c478bd9Sstevel@tonic-gate }
1907c478bd9Sstevel@tonic-gate tally.def_other_obj.count = 1;
1917c478bd9Sstevel@tonic-gate break;
1927c478bd9Sstevel@tonic-gate
1937c478bd9Sstevel@tonic-gate case DEF_CLASS_OBJ:
1947c478bd9Sstevel@tonic-gate /* check uniqueness */
1957c478bd9Sstevel@tonic-gate if (tally.def_class_obj.count > 0) {
1967c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp);
1977c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
1987c478bd9Sstevel@tonic-gate errno = EINVAL;
199fa9e4066Sahrens return (EACL_CLASS_ERROR);
2007c478bd9Sstevel@tonic-gate }
2017c478bd9Sstevel@tonic-gate tally.def_class_obj.count = 1;
2027c478bd9Sstevel@tonic-gate break;
2037c478bd9Sstevel@tonic-gate
2047c478bd9Sstevel@tonic-gate default:
2057c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
2067c478bd9Sstevel@tonic-gate errno = EINVAL;
2077c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp);
208fa9e4066Sahrens return (EACL_ENTRY_ERROR);
2097c478bd9Sstevel@tonic-gate }
2107c478bd9Sstevel@tonic-gate }
2117c478bd9Sstevel@tonic-gate /* If there are group or user entries, there must be one class entry */
2127c478bd9Sstevel@tonic-gate if (tally.user.count > 0 || tally.group.count > 0)
2137c478bd9Sstevel@tonic-gate if (tally.class_obj.count != 1) {
2147c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
2157c478bd9Sstevel@tonic-gate errno = EINVAL;
216fa9e4066Sahrens return (EACL_MISS_ERROR);
2177c478bd9Sstevel@tonic-gate }
2187c478bd9Sstevel@tonic-gate /* same is true for default entries */
2197c478bd9Sstevel@tonic-gate if (tally.def_user.count > 0 || tally.def_group.count > 0)
2207c478bd9Sstevel@tonic-gate if (tally.def_class_obj.count != 1) {
2217c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
2227c478bd9Sstevel@tonic-gate errno = EINVAL;
223fa9e4066Sahrens return (EACL_MISS_ERROR);
2247c478bd9Sstevel@tonic-gate }
2257c478bd9Sstevel@tonic-gate
2267c478bd9Sstevel@tonic-gate /* there must be exactly one user_obj, group_obj, and other_obj entry */
2277c478bd9Sstevel@tonic-gate if (tally.user_obj.count != 1 ||
2287c478bd9Sstevel@tonic-gate tally.group_obj.count != 1 ||
2297c478bd9Sstevel@tonic-gate tally.other_obj.count != 1) {
2307c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
2317c478bd9Sstevel@tonic-gate errno = EINVAL;
232fa9e4066Sahrens return (EACL_MISS_ERROR);
2337c478bd9Sstevel@tonic-gate }
2347c478bd9Sstevel@tonic-gate
2357c478bd9Sstevel@tonic-gate /* has default? same rules apply to default entries */
236fa9e4066Sahrens if (tally.def_user.count > 0 || tally.def_user_obj.count > 0 ||
237fa9e4066Sahrens tally.def_group.count > 0 || tally.def_group_obj.count > 0 ||
238fa9e4066Sahrens tally.def_class_obj.count > 0 || tally.def_other_obj.count > 0) {
239fa9e4066Sahrens
240fa9e4066Sahrens /*
241fa9e4066Sahrens * Can't have default ACL's on non-directories
242fa9e4066Sahrens */
243fa9e4066Sahrens if (isdir == 0) {
244fa9e4066Sahrens (void) free_mem(&tally);
245fa9e4066Sahrens errno = EINVAL;
246fa9e4066Sahrens return (EACL_INHERIT_NOTDIR);
247fa9e4066Sahrens }
248fa9e4066Sahrens
2497c478bd9Sstevel@tonic-gate if (tally.def_user_obj.count != 1 ||
2507c478bd9Sstevel@tonic-gate tally.def_group_obj.count != 1 ||
2517c478bd9Sstevel@tonic-gate tally.def_other_obj.count != 1) {
2527c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
2537c478bd9Sstevel@tonic-gate errno = EINVAL;
254fa9e4066Sahrens return (EACL_MISS_ERROR);
2557c478bd9Sstevel@tonic-gate }
256fa9e4066Sahrens }
257fa9e4066Sahrens
2587c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
2597c478bd9Sstevel@tonic-gate return (0);
2607c478bd9Sstevel@tonic-gate }
2617c478bd9Sstevel@tonic-gate
262fa9e4066Sahrens int
aclcheck(aclent_t * aclbufp,int nentries,int * which)263fa9e4066Sahrens aclcheck(aclent_t *aclbufp, int nentries, int *which)
264fa9e4066Sahrens {
265fa9e4066Sahrens return (aclent_aclcheck(aclbufp, nentries, which, 1));
266fa9e4066Sahrens }
267fa9e4066Sahrens
268fa9e4066Sahrens
2697c478bd9Sstevel@tonic-gate static void
free_mem(struct entry_stat * tallyp)2707c478bd9Sstevel@tonic-gate free_mem(struct entry_stat *tallyp)
2717c478bd9Sstevel@tonic-gate {
2727c478bd9Sstevel@tonic-gate if ((tallyp->user).count > 0)
2737c478bd9Sstevel@tonic-gate free((tallyp->user).id);
2747c478bd9Sstevel@tonic-gate if ((tallyp->group).count > 0)
2757c478bd9Sstevel@tonic-gate free((tallyp->group).id);
2767c478bd9Sstevel@tonic-gate if ((tallyp->def_user).count > 0)
2777c478bd9Sstevel@tonic-gate free((tallyp->def_user).id);
2787c478bd9Sstevel@tonic-gate if ((tallyp->def_group).count > 0)
2797c478bd9Sstevel@tonic-gate free((tallyp->def_group).id);
2807c478bd9Sstevel@tonic-gate }
2817c478bd9Sstevel@tonic-gate
2827c478bd9Sstevel@tonic-gate static int
check_dup(int count,uid_t * ids,uid_t newid,struct entry_stat * tallyp)2837c478bd9Sstevel@tonic-gate check_dup(int count, uid_t *ids, uid_t newid, struct entry_stat *tallyp)
2847c478bd9Sstevel@tonic-gate {
2857c478bd9Sstevel@tonic-gate int i;
2867c478bd9Sstevel@tonic-gate
2877c478bd9Sstevel@tonic-gate for (i = 0; i < count; i++) {
2887c478bd9Sstevel@tonic-gate if (ids[i] == newid) {
2897c478bd9Sstevel@tonic-gate errno = EINVAL;
2907c478bd9Sstevel@tonic-gate (void) free_mem(tallyp);
2917c478bd9Sstevel@tonic-gate return (-1);
2927c478bd9Sstevel@tonic-gate }
2937c478bd9Sstevel@tonic-gate }
2947c478bd9Sstevel@tonic-gate return (0);
2957c478bd9Sstevel@tonic-gate }
296fa9e4066Sahrens
297fa9e4066Sahrens #define IFLAGS (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE| \
298fa9e4066Sahrens ACE_NO_PROPAGATE_INHERIT_ACE|ACE_INHERIT_ONLY_ACE)
299fa9e4066Sahrens
300fa9e4066Sahrens static int
ace_aclcheck(acl_t * aclp,int isdir)301fa9e4066Sahrens ace_aclcheck(acl_t *aclp, int isdir)
302fa9e4066Sahrens {
303fa9e4066Sahrens ace_t *acep;
304fa9e4066Sahrens int i;
305fa9e4066Sahrens int error = 0;
306fa9e4066Sahrens
307fa9e4066Sahrens /*
308fa9e4066Sahrens * step through all valid flags.
309fa9e4066Sahrens */
310fa9e4066Sahrens
311fa9e4066Sahrens if (aclp->acl_cnt <= 0 || aclp->acl_cnt > MAX_ACL_ENTRIES)
312fa9e4066Sahrens return (EACL_COUNT_ERROR);
313fa9e4066Sahrens
314fa9e4066Sahrens for (i = 0, acep = aclp->acl_aclp;
315fa9e4066Sahrens i != aclp->acl_cnt && error == 0; i++, acep++) {
316fa9e4066Sahrens switch (acep->a_flags & 0xf040) {
317fa9e4066Sahrens case 0:
318fa9e4066Sahrens case ACE_OWNER:
319fa9e4066Sahrens case ACE_EVERYONE:
320fa9e4066Sahrens case ACE_IDENTIFIER_GROUP:
321fa9e4066Sahrens case ACE_GROUP|ACE_IDENTIFIER_GROUP:
322fa9e4066Sahrens break;
323fa9e4066Sahrens default:
324fa9e4066Sahrens errno = EINVAL;
325fa9e4066Sahrens return (EACL_FLAGS_ERROR);
326fa9e4066Sahrens }
327fa9e4066Sahrens
328fa9e4066Sahrens /*
329fa9e4066Sahrens * INHERIT_ONLY/NO_PROPAGATE need a to INHERIT_FILE
330fa9e4066Sahrens * or INHERIT_DIR also
331fa9e4066Sahrens */
332fa9e4066Sahrens if (acep->a_flags &
333fa9e4066Sahrens (ACE_INHERIT_ONLY_ACE|ACE_NO_PROPAGATE_INHERIT_ACE)) {
334fa9e4066Sahrens if ((acep->a_flags & (ACE_FILE_INHERIT_ACE|
335fa9e4066Sahrens ACE_DIRECTORY_INHERIT_ACE)) == 0) {
336fa9e4066Sahrens errno = EINVAL;
337fa9e4066Sahrens return (EACL_INHERIT_ERROR);
338fa9e4066Sahrens }
339fa9e4066Sahrens break;
340fa9e4066Sahrens }
341fa9e4066Sahrens
342fa9e4066Sahrens switch (acep->a_type) {
343fa9e4066Sahrens case ACE_ACCESS_ALLOWED_ACE_TYPE:
344fa9e4066Sahrens case ACE_ACCESS_DENIED_ACE_TYPE:
345fa9e4066Sahrens case ACE_SYSTEM_AUDIT_ACE_TYPE:
346fa9e4066Sahrens case ACE_SYSTEM_ALARM_ACE_TYPE:
347fa9e4066Sahrens break;
348fa9e4066Sahrens default:
349fa9e4066Sahrens errno = EINVAL;
350fa9e4066Sahrens return (EACL_ENTRY_ERROR);
351fa9e4066Sahrens }
352fa9e4066Sahrens if (acep->a_access_mask > ACE_ALL_PERMS) {
353fa9e4066Sahrens errno = EINVAL;
354fa9e4066Sahrens return (EACL_PERM_MASK_ERROR);
355fa9e4066Sahrens }
356fa9e4066Sahrens }
357fa9e4066Sahrens
358fa9e4066Sahrens return (0);
359fa9e4066Sahrens }
360fa9e4066Sahrens
361fa9e4066Sahrens int
acl_check(acl_t * aclp,int flag)362fa9e4066Sahrens acl_check(acl_t *aclp, int flag)
363fa9e4066Sahrens {
364fa9e4066Sahrens int error;
365fa9e4066Sahrens int where;
366fa9e4066Sahrens
367fa9e4066Sahrens switch (aclp->acl_type) {
368fa9e4066Sahrens case ACLENT_T:
369fa9e4066Sahrens error = aclent_aclcheck(aclp->acl_aclp, aclp->acl_cnt,
370fa9e4066Sahrens &where, flag);
371fa9e4066Sahrens break;
372fa9e4066Sahrens case ACE_T:
373fa9e4066Sahrens error = ace_aclcheck(aclp, flag);
374fa9e4066Sahrens break;
375fa9e4066Sahrens default:
376fa9e4066Sahrens errno = EINVAL;
377fa9e4066Sahrens error = EACL_ENTRY_ERROR;
378fa9e4066Sahrens }
379fa9e4066Sahrens return (error);
380fa9e4066Sahrens }
381