17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 57c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 67c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 77c478bd9Sstevel@tonic-gate * with the License. 87c478bd9Sstevel@tonic-gate * 97c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 107c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 117c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 127c478bd9Sstevel@tonic-gate * and limitations under the License. 137c478bd9Sstevel@tonic-gate * 147c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 157c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 167c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 177c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 187c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 197c478bd9Sstevel@tonic-gate * 207c478bd9Sstevel@tonic-gate * CDDL HEADER END 217c478bd9Sstevel@tonic-gate */ 227c478bd9Sstevel@tonic-gate /* 23*fa9e4066Sahrens * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 247c478bd9Sstevel@tonic-gate * Use is subject to license terms. 257c478bd9Sstevel@tonic-gate */ 267c478bd9Sstevel@tonic-gate 277c478bd9Sstevel@tonic-gate /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ 287c478bd9Sstevel@tonic-gate /* All Rights Reserved */ 297c478bd9Sstevel@tonic-gate 307c478bd9Sstevel@tonic-gate /* 317c478bd9Sstevel@tonic-gate * Portions of this source code were derived from Berkeley 4.3 BSD 327c478bd9Sstevel@tonic-gate * under license from the Regents of the University of California. 337c478bd9Sstevel@tonic-gate */ 347c478bd9Sstevel@tonic-gate 357c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 367c478bd9Sstevel@tonic-gate 377c478bd9Sstevel@tonic-gate #include <sys/param.h> 387c478bd9Sstevel@tonic-gate #include <sys/isa_defs.h> 397c478bd9Sstevel@tonic-gate #include <sys/types.h> 407c478bd9Sstevel@tonic-gate #include <sys/sysmacros.h> 417c478bd9Sstevel@tonic-gate #include <sys/cred.h> 427c478bd9Sstevel@tonic-gate #include <sys/systm.h> 437c478bd9Sstevel@tonic-gate #include <sys/errno.h> 447c478bd9Sstevel@tonic-gate #include <sys/fcntl.h> 457c478bd9Sstevel@tonic-gate #include <sys/pathname.h> 467c478bd9Sstevel@tonic-gate #include <sys/vfs.h> 477c478bd9Sstevel@tonic-gate #include <sys/vnode.h> 487c478bd9Sstevel@tonic-gate #include <sys/file.h> 497c478bd9Sstevel@tonic-gate #include <sys/mode.h> 507c478bd9Sstevel@tonic-gate #include <sys/uio.h> 517c478bd9Sstevel@tonic-gate #include <sys/kmem.h> 527c478bd9Sstevel@tonic-gate #include <sys/filio.h> 537c478bd9Sstevel@tonic-gate #include <sys/acl.h> 547c478bd9Sstevel@tonic-gate #include <sys/cmn_err.h> 55*fa9e4066Sahrens #include <acl/acl_common.h> 567c478bd9Sstevel@tonic-gate 577c478bd9Sstevel@tonic-gate #include <sys/unistd.h> 587c478bd9Sstevel@tonic-gate #include <sys/debug.h> 597c478bd9Sstevel@tonic-gate 607c478bd9Sstevel@tonic-gate static int cacl(int cmd, int nentries, void *aclbufp, 617c478bd9Sstevel@tonic-gate vnode_t *vp, int *rv); 627c478bd9Sstevel@tonic-gate 637c478bd9Sstevel@tonic-gate /* 647c478bd9Sstevel@tonic-gate * Get/Set ACL of a file. 657c478bd9Sstevel@tonic-gate */ 667c478bd9Sstevel@tonic-gate int 677c478bd9Sstevel@tonic-gate acl(const char *fname, int cmd, int nentries, void *aclbufp) 687c478bd9Sstevel@tonic-gate { 697c478bd9Sstevel@tonic-gate struct vnode *vp; 707c478bd9Sstevel@tonic-gate int error; 717c478bd9Sstevel@tonic-gate int rv = 0; 727c478bd9Sstevel@tonic-gate 737c478bd9Sstevel@tonic-gate /* Sanity check arguments */ 747c478bd9Sstevel@tonic-gate if (fname == NULL) 757c478bd9Sstevel@tonic-gate return (set_errno(EINVAL)); 767c478bd9Sstevel@tonic-gate lookup: 777c478bd9Sstevel@tonic-gate error = lookupname((char *)fname, UIO_USERSPACE, FOLLOW, NULLVPP, &vp); 787c478bd9Sstevel@tonic-gate if (error) { 797c478bd9Sstevel@tonic-gate if (error == ESTALE) 807c478bd9Sstevel@tonic-gate goto lookup; 817c478bd9Sstevel@tonic-gate return (set_errno(error)); 827c478bd9Sstevel@tonic-gate } 837c478bd9Sstevel@tonic-gate 847c478bd9Sstevel@tonic-gate error = cacl(cmd, nentries, aclbufp, vp, &rv); 857c478bd9Sstevel@tonic-gate VN_RELE(vp); 867c478bd9Sstevel@tonic-gate if (error) { 877c478bd9Sstevel@tonic-gate if (error == ESTALE) 887c478bd9Sstevel@tonic-gate goto lookup; 897c478bd9Sstevel@tonic-gate return (set_errno(error)); 907c478bd9Sstevel@tonic-gate } 917c478bd9Sstevel@tonic-gate return (rv); 927c478bd9Sstevel@tonic-gate } 937c478bd9Sstevel@tonic-gate 947c478bd9Sstevel@tonic-gate /* 957c478bd9Sstevel@tonic-gate * Get/Set ACL of a file with facl system call. 967c478bd9Sstevel@tonic-gate */ 977c478bd9Sstevel@tonic-gate int 987c478bd9Sstevel@tonic-gate facl(int fdes, int cmd, int nentries, void *aclbufp) 997c478bd9Sstevel@tonic-gate { 1007c478bd9Sstevel@tonic-gate file_t *fp; 1017c478bd9Sstevel@tonic-gate int error; 1027c478bd9Sstevel@tonic-gate int rv = 0; 1037c478bd9Sstevel@tonic-gate 1047c478bd9Sstevel@tonic-gate if ((fp = getf(fdes)) == NULL) 1057c478bd9Sstevel@tonic-gate return (set_errno(EBADF)); 1067c478bd9Sstevel@tonic-gate #ifdef C2_AUDIT 1077c478bd9Sstevel@tonic-gate if (fp->f_flag & FREVOKED) { 1087c478bd9Sstevel@tonic-gate releasef(fdes); 1097c478bd9Sstevel@tonic-gate return (set_errno(EBADF)); 1107c478bd9Sstevel@tonic-gate } 1117c478bd9Sstevel@tonic-gate #endif /* C2_AUDIT */ 1127c478bd9Sstevel@tonic-gate 1137c478bd9Sstevel@tonic-gate error = cacl(cmd, nentries, aclbufp, fp->f_vnode, &rv); 1147c478bd9Sstevel@tonic-gate releasef(fdes); 1157c478bd9Sstevel@tonic-gate 1167c478bd9Sstevel@tonic-gate if (error) 1177c478bd9Sstevel@tonic-gate return (set_errno(error)); 1187c478bd9Sstevel@tonic-gate return (rv); 1197c478bd9Sstevel@tonic-gate } 1207c478bd9Sstevel@tonic-gate 1217c478bd9Sstevel@tonic-gate 1227c478bd9Sstevel@tonic-gate /* 1237c478bd9Sstevel@tonic-gate * Common code for acl() and facl(). 1247c478bd9Sstevel@tonic-gate */ 1257c478bd9Sstevel@tonic-gate static int 1267c478bd9Sstevel@tonic-gate cacl(int cmd, int nentries, void *aclbufp, vnode_t *vp, int *rv) 1277c478bd9Sstevel@tonic-gate { 1287c478bd9Sstevel@tonic-gate int error; 1297c478bd9Sstevel@tonic-gate int aclbsize; /* size of acl list in bytes */ 1307c478bd9Sstevel@tonic-gate int dfaclbsize; /* size of default acl list in bytes */ 1317c478bd9Sstevel@tonic-gate int numacls; 1327c478bd9Sstevel@tonic-gate caddr_t uaddrp; 1337c478bd9Sstevel@tonic-gate aclent_t *aclp, *aaclp; 1347c478bd9Sstevel@tonic-gate vsecattr_t vsecattr; 1357c478bd9Sstevel@tonic-gate 1367c478bd9Sstevel@tonic-gate ASSERT(vp); 1377c478bd9Sstevel@tonic-gate 1387c478bd9Sstevel@tonic-gate bzero(&vsecattr, sizeof (vsecattr_t)); 1397c478bd9Sstevel@tonic-gate 1407c478bd9Sstevel@tonic-gate switch (cmd) { 1417c478bd9Sstevel@tonic-gate 1427c478bd9Sstevel@tonic-gate case ACE_GETACLCNT: 1437c478bd9Sstevel@tonic-gate case GETACLCNT: 1447c478bd9Sstevel@tonic-gate if (cmd == GETACLCNT) 1457c478bd9Sstevel@tonic-gate vsecattr.vsa_mask = VSA_ACLCNT | VSA_DFACLCNT; 1467c478bd9Sstevel@tonic-gate else 1477c478bd9Sstevel@tonic-gate vsecattr.vsa_mask = VSA_ACECNT; 1487c478bd9Sstevel@tonic-gate if (error = VOP_GETSECATTR(vp, &vsecattr, 0, CRED())) 1497c478bd9Sstevel@tonic-gate return (error); 1507c478bd9Sstevel@tonic-gate *rv = vsecattr.vsa_aclcnt + vsecattr.vsa_dfaclcnt; 1517c478bd9Sstevel@tonic-gate if (vsecattr.vsa_aclcnt && vsecattr.vsa_aclentp) { 1527c478bd9Sstevel@tonic-gate kmem_free(vsecattr.vsa_aclentp, 1537c478bd9Sstevel@tonic-gate vsecattr.vsa_aclcnt * sizeof (aclent_t)); 1547c478bd9Sstevel@tonic-gate } 1557c478bd9Sstevel@tonic-gate if (vsecattr.vsa_dfaclcnt && vsecattr.vsa_dfaclentp) { 1567c478bd9Sstevel@tonic-gate kmem_free(vsecattr.vsa_dfaclentp, 1577c478bd9Sstevel@tonic-gate vsecattr.vsa_dfaclcnt * sizeof (aclent_t)); 1587c478bd9Sstevel@tonic-gate } 1597c478bd9Sstevel@tonic-gate break; 1607c478bd9Sstevel@tonic-gate case GETACL: 1617c478bd9Sstevel@tonic-gate /* 1627c478bd9Sstevel@tonic-gate * Minimum ACL size is three entries so might as well 1637c478bd9Sstevel@tonic-gate * bail out here. 1647c478bd9Sstevel@tonic-gate */ 1657c478bd9Sstevel@tonic-gate if (nentries < 3) 1667c478bd9Sstevel@tonic-gate return (EINVAL); 1677c478bd9Sstevel@tonic-gate /* 1687c478bd9Sstevel@tonic-gate * NULL output buffer is also a pretty easy bail out. 1697c478bd9Sstevel@tonic-gate */ 1707c478bd9Sstevel@tonic-gate if (aclbufp == NULL) 1717c478bd9Sstevel@tonic-gate return (EFAULT); 1727c478bd9Sstevel@tonic-gate vsecattr.vsa_mask = VSA_ACL | VSA_ACLCNT | VSA_DFACL | 1737c478bd9Sstevel@tonic-gate VSA_DFACLCNT; 1747c478bd9Sstevel@tonic-gate if (error = VOP_GETSECATTR(vp, &vsecattr, 0, CRED())) 1757c478bd9Sstevel@tonic-gate return (error); 1767c478bd9Sstevel@tonic-gate /* Check user's buffer is big enough */ 1777c478bd9Sstevel@tonic-gate numacls = vsecattr.vsa_aclcnt + vsecattr.vsa_dfaclcnt; 1787c478bd9Sstevel@tonic-gate aclbsize = vsecattr.vsa_aclcnt * sizeof (aclent_t); 1797c478bd9Sstevel@tonic-gate dfaclbsize = vsecattr.vsa_dfaclcnt * sizeof (aclent_t); 1807c478bd9Sstevel@tonic-gate if (numacls > nentries) { 1817c478bd9Sstevel@tonic-gate error = ENOSPC; 1827c478bd9Sstevel@tonic-gate goto errout; 1837c478bd9Sstevel@tonic-gate } 1847c478bd9Sstevel@tonic-gate /* Sort the acl & default acl lists */ 1857c478bd9Sstevel@tonic-gate if (vsecattr.vsa_aclcnt > 1) 1867c478bd9Sstevel@tonic-gate ksort((caddr_t)vsecattr.vsa_aclentp, 1877c478bd9Sstevel@tonic-gate vsecattr.vsa_aclcnt, sizeof (aclent_t), cmp2acls); 1887c478bd9Sstevel@tonic-gate if (vsecattr.vsa_dfaclcnt > 1) 1897c478bd9Sstevel@tonic-gate ksort((caddr_t)vsecattr.vsa_dfaclentp, 1907c478bd9Sstevel@tonic-gate vsecattr.vsa_dfaclcnt, sizeof (aclent_t), cmp2acls); 1917c478bd9Sstevel@tonic-gate /* Copy out acl's */ 1927c478bd9Sstevel@tonic-gate uaddrp = (caddr_t)aclbufp; 1937c478bd9Sstevel@tonic-gate if (aclbsize > 0) { /* bug #1262490 */ 1947c478bd9Sstevel@tonic-gate if (copyout(vsecattr.vsa_aclentp, uaddrp, aclbsize)) { 1957c478bd9Sstevel@tonic-gate error = EFAULT; 1967c478bd9Sstevel@tonic-gate goto errout; 1977c478bd9Sstevel@tonic-gate } 1987c478bd9Sstevel@tonic-gate } 1997c478bd9Sstevel@tonic-gate /* Copy out default acl's */ 2007c478bd9Sstevel@tonic-gate if (dfaclbsize > 0) { 2017c478bd9Sstevel@tonic-gate uaddrp += aclbsize; 2027c478bd9Sstevel@tonic-gate if (copyout(vsecattr.vsa_dfaclentp, 2037c478bd9Sstevel@tonic-gate uaddrp, dfaclbsize)) { 2047c478bd9Sstevel@tonic-gate error = EFAULT; 2057c478bd9Sstevel@tonic-gate goto errout; 2067c478bd9Sstevel@tonic-gate } 2077c478bd9Sstevel@tonic-gate } 2087c478bd9Sstevel@tonic-gate *rv = numacls; 2097c478bd9Sstevel@tonic-gate if (vsecattr.vsa_aclcnt) { 2107c478bd9Sstevel@tonic-gate kmem_free(vsecattr.vsa_aclentp, 2117c478bd9Sstevel@tonic-gate vsecattr.vsa_aclcnt * sizeof (aclent_t)); 2127c478bd9Sstevel@tonic-gate } 2137c478bd9Sstevel@tonic-gate if (vsecattr.vsa_dfaclcnt) { 2147c478bd9Sstevel@tonic-gate kmem_free(vsecattr.vsa_dfaclentp, 2157c478bd9Sstevel@tonic-gate vsecattr.vsa_dfaclcnt * sizeof (aclent_t)); 2167c478bd9Sstevel@tonic-gate } 2177c478bd9Sstevel@tonic-gate break; 2187c478bd9Sstevel@tonic-gate 2197c478bd9Sstevel@tonic-gate case ACE_GETACL: 2207c478bd9Sstevel@tonic-gate if (aclbufp == NULL) 2217c478bd9Sstevel@tonic-gate return (EFAULT); 2227c478bd9Sstevel@tonic-gate 2237c478bd9Sstevel@tonic-gate vsecattr.vsa_mask = VSA_ACE | VSA_ACECNT; 2247c478bd9Sstevel@tonic-gate if (error = VOP_GETSECATTR(vp, &vsecattr, 0, CRED())) 2257c478bd9Sstevel@tonic-gate return (error); 2267c478bd9Sstevel@tonic-gate 2277c478bd9Sstevel@tonic-gate aclbsize = vsecattr.vsa_aclcnt * sizeof (ace_t); 2287c478bd9Sstevel@tonic-gate if (vsecattr.vsa_aclcnt > nentries) { 2297c478bd9Sstevel@tonic-gate error = ENOSPC; 2307c478bd9Sstevel@tonic-gate goto errout; 2317c478bd9Sstevel@tonic-gate } 2327c478bd9Sstevel@tonic-gate 2337c478bd9Sstevel@tonic-gate if (aclbsize > 0) { 2347c478bd9Sstevel@tonic-gate if ((error = copyout(vsecattr.vsa_aclentp, 2357c478bd9Sstevel@tonic-gate aclbufp, aclbsize)) != 0) { 2367c478bd9Sstevel@tonic-gate goto errout; 2377c478bd9Sstevel@tonic-gate } 2387c478bd9Sstevel@tonic-gate } 2397c478bd9Sstevel@tonic-gate 2407c478bd9Sstevel@tonic-gate *rv = vsecattr.vsa_aclcnt; 2417c478bd9Sstevel@tonic-gate if (vsecattr.vsa_aclcnt) { 2427c478bd9Sstevel@tonic-gate kmem_free(vsecattr.vsa_aclentp, 2437c478bd9Sstevel@tonic-gate vsecattr.vsa_aclcnt * sizeof (ace_t)); 2447c478bd9Sstevel@tonic-gate } 2457c478bd9Sstevel@tonic-gate break; 2467c478bd9Sstevel@tonic-gate 2477c478bd9Sstevel@tonic-gate case SETACL: 2487c478bd9Sstevel@tonic-gate /* 2497c478bd9Sstevel@tonic-gate * Minimum ACL size is three entries so might as well 2507c478bd9Sstevel@tonic-gate * bail out here. Also limit request size to prevent user 2517c478bd9Sstevel@tonic-gate * from allocating too much kernel memory. Maximum size 2527c478bd9Sstevel@tonic-gate * is MAX_ACL_ENTRIES for the ACL part and MAX_ACL_ENTRIES 2537c478bd9Sstevel@tonic-gate * for the default ACL part. (bug 4058667) 2547c478bd9Sstevel@tonic-gate */ 2557c478bd9Sstevel@tonic-gate if (nentries < 3 || nentries > (MAX_ACL_ENTRIES * 2)) 2567c478bd9Sstevel@tonic-gate return (EINVAL); 2577c478bd9Sstevel@tonic-gate /* 2587c478bd9Sstevel@tonic-gate * NULL output buffer is also an easy bail out. 2597c478bd9Sstevel@tonic-gate */ 2607c478bd9Sstevel@tonic-gate if (aclbufp == NULL) 2617c478bd9Sstevel@tonic-gate return (EFAULT); 2627c478bd9Sstevel@tonic-gate vsecattr.vsa_mask = VSA_ACL; 2637c478bd9Sstevel@tonic-gate aclbsize = nentries * sizeof (aclent_t); 2647c478bd9Sstevel@tonic-gate vsecattr.vsa_aclentp = kmem_alloc(aclbsize, KM_SLEEP); 2657c478bd9Sstevel@tonic-gate aaclp = vsecattr.vsa_aclentp; 2667c478bd9Sstevel@tonic-gate vsecattr.vsa_aclcnt = nentries; 2677c478bd9Sstevel@tonic-gate uaddrp = (caddr_t)aclbufp; 2687c478bd9Sstevel@tonic-gate if (copyin(uaddrp, vsecattr.vsa_aclentp, aclbsize)) { 2697c478bd9Sstevel@tonic-gate kmem_free(aaclp, aclbsize); 2707c478bd9Sstevel@tonic-gate return (EFAULT); 2717c478bd9Sstevel@tonic-gate } 2727c478bd9Sstevel@tonic-gate /* Sort the acl list */ 2737c478bd9Sstevel@tonic-gate ksort((caddr_t)vsecattr.vsa_aclentp, 2747c478bd9Sstevel@tonic-gate vsecattr.vsa_aclcnt, sizeof (aclent_t), cmp2acls); 2757c478bd9Sstevel@tonic-gate 2767c478bd9Sstevel@tonic-gate /* Break into acl and default acl lists */ 2777c478bd9Sstevel@tonic-gate for (numacls = 0, aclp = vsecattr.vsa_aclentp; 2787c478bd9Sstevel@tonic-gate numacls < vsecattr.vsa_aclcnt; 2797c478bd9Sstevel@tonic-gate aclp++, numacls++) { 2807c478bd9Sstevel@tonic-gate if (aclp->a_type & ACL_DEFAULT) 2817c478bd9Sstevel@tonic-gate break; 2827c478bd9Sstevel@tonic-gate } 2837c478bd9Sstevel@tonic-gate 2847c478bd9Sstevel@tonic-gate /* Find where defaults start (if any) */ 2857c478bd9Sstevel@tonic-gate if (numacls < vsecattr.vsa_aclcnt) { 2867c478bd9Sstevel@tonic-gate vsecattr.vsa_mask |= VSA_DFACL; 2877c478bd9Sstevel@tonic-gate vsecattr.vsa_dfaclcnt = nentries - numacls; 2887c478bd9Sstevel@tonic-gate vsecattr.vsa_dfaclentp = aclp; 2897c478bd9Sstevel@tonic-gate vsecattr.vsa_aclcnt = numacls; 2907c478bd9Sstevel@tonic-gate } 2917c478bd9Sstevel@tonic-gate /* Adjust if they're all defaults */ 2927c478bd9Sstevel@tonic-gate if (vsecattr.vsa_aclcnt == 0) { 2937c478bd9Sstevel@tonic-gate vsecattr.vsa_mask &= ~VSA_ACL; 2947c478bd9Sstevel@tonic-gate vsecattr.vsa_aclentp = NULL; 2957c478bd9Sstevel@tonic-gate } 2967c478bd9Sstevel@tonic-gate /* Only directories can have defaults */ 2977c478bd9Sstevel@tonic-gate if (vsecattr.vsa_dfaclcnt && vp->v_type != VDIR) { 2987c478bd9Sstevel@tonic-gate kmem_free(aaclp, aclbsize); 2997c478bd9Sstevel@tonic-gate return (ENOTDIR); 3007c478bd9Sstevel@tonic-gate } 3017c478bd9Sstevel@tonic-gate (void) VOP_RWLOCK(vp, V_WRITELOCK_TRUE, NULL); 3027c478bd9Sstevel@tonic-gate if (error = VOP_SETSECATTR(vp, &vsecattr, 0, CRED())) { 3037c478bd9Sstevel@tonic-gate kmem_free(aaclp, aclbsize); 3047c478bd9Sstevel@tonic-gate VOP_RWUNLOCK(vp, V_WRITELOCK_TRUE, NULL); 3057c478bd9Sstevel@tonic-gate return (error); 3067c478bd9Sstevel@tonic-gate } 3077c478bd9Sstevel@tonic-gate 3087c478bd9Sstevel@tonic-gate /* 3097c478bd9Sstevel@tonic-gate * Should return 0 upon success according to the man page 3107c478bd9Sstevel@tonic-gate * and SVR4 semantics. (Bug #1214399: SETACL returns wrong rc) 3117c478bd9Sstevel@tonic-gate */ 3127c478bd9Sstevel@tonic-gate *rv = 0; 3137c478bd9Sstevel@tonic-gate kmem_free(aaclp, aclbsize); 3147c478bd9Sstevel@tonic-gate VOP_RWUNLOCK(vp, V_WRITELOCK_TRUE, NULL); 3157c478bd9Sstevel@tonic-gate break; 3167c478bd9Sstevel@tonic-gate 3177c478bd9Sstevel@tonic-gate case ACE_SETACL: 318*fa9e4066Sahrens if (nentries > (MAX_ACL_ENTRIES)) 3197c478bd9Sstevel@tonic-gate return (EINVAL); 3207c478bd9Sstevel@tonic-gate 3217c478bd9Sstevel@tonic-gate if (aclbufp == NULL) 3227c478bd9Sstevel@tonic-gate return (EFAULT); 3237c478bd9Sstevel@tonic-gate 3247c478bd9Sstevel@tonic-gate vsecattr.vsa_mask = VSA_ACE; 3257c478bd9Sstevel@tonic-gate aclbsize = nentries * sizeof (ace_t); 3267c478bd9Sstevel@tonic-gate vsecattr.vsa_aclentp = kmem_alloc(aclbsize, KM_SLEEP); 3277c478bd9Sstevel@tonic-gate aaclp = vsecattr.vsa_aclentp; 3287c478bd9Sstevel@tonic-gate vsecattr.vsa_aclcnt = nentries; 3297c478bd9Sstevel@tonic-gate uaddrp = (caddr_t)aclbufp; 3307c478bd9Sstevel@tonic-gate if (copyin(uaddrp, vsecattr.vsa_aclentp, aclbsize)) { 3317c478bd9Sstevel@tonic-gate kmem_free(aaclp, aclbsize); 3327c478bd9Sstevel@tonic-gate return (EFAULT); 3337c478bd9Sstevel@tonic-gate } 3347c478bd9Sstevel@tonic-gate (void) VOP_RWLOCK(vp, V_WRITELOCK_TRUE, NULL); 3357c478bd9Sstevel@tonic-gate if (error = VOP_SETSECATTR(vp, &vsecattr, 0, CRED())) { 3367c478bd9Sstevel@tonic-gate kmem_free(aaclp, aclbsize); 3377c478bd9Sstevel@tonic-gate VOP_RWUNLOCK(vp, V_WRITELOCK_TRUE, NULL); 3387c478bd9Sstevel@tonic-gate return (error); 3397c478bd9Sstevel@tonic-gate } 3407c478bd9Sstevel@tonic-gate *rv = 0; 3417c478bd9Sstevel@tonic-gate kmem_free(aaclp, aclbsize); 3427c478bd9Sstevel@tonic-gate VOP_RWUNLOCK(vp, V_WRITELOCK_TRUE, NULL); 3437c478bd9Sstevel@tonic-gate break; 3447c478bd9Sstevel@tonic-gate 3457c478bd9Sstevel@tonic-gate default: 3467c478bd9Sstevel@tonic-gate return (EINVAL); 3477c478bd9Sstevel@tonic-gate } 3487c478bd9Sstevel@tonic-gate 3497c478bd9Sstevel@tonic-gate return (0); 3507c478bd9Sstevel@tonic-gate 3517c478bd9Sstevel@tonic-gate errout: 3527c478bd9Sstevel@tonic-gate if (aclbsize && vsecattr.vsa_aclentp) 3537c478bd9Sstevel@tonic-gate kmem_free(vsecattr.vsa_aclentp, aclbsize); 3547c478bd9Sstevel@tonic-gate if (dfaclbsize && vsecattr.vsa_dfaclentp) 3557c478bd9Sstevel@tonic-gate kmem_free(vsecattr.vsa_dfaclentp, dfaclbsize); 3567c478bd9Sstevel@tonic-gate return (error); 3577c478bd9Sstevel@tonic-gate } 358