17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*b249c65cSmarks * Common Development and Distribution License (the "License"). 6*b249c65cSmarks * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22*b249c65cSmarks * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23fa9e4066Sahrens * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 277c478bd9Sstevel@tonic-gate /*LINTLIBRARY*/ 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate /* 307c478bd9Sstevel@tonic-gate * aclcheck(): check validity of an ACL 317c478bd9Sstevel@tonic-gate * A valid ACL is defined as follows: 327c478bd9Sstevel@tonic-gate * There must be exactly one USER_OBJ, GROUP_OBJ, and OTHER_OBJ entry. 337c478bd9Sstevel@tonic-gate * If there are any USER entries, then the user id must be unique. 347c478bd9Sstevel@tonic-gate * If there are any GROUP entries, then the group id must be unique. 357c478bd9Sstevel@tonic-gate * If there are any GROUP or USER entries, there must be exactly one 367c478bd9Sstevel@tonic-gate * CLASS_OBJ entry. 377c478bd9Sstevel@tonic-gate * The same rules apply to default ACL entries. 387c478bd9Sstevel@tonic-gate */ 397c478bd9Sstevel@tonic-gate 407c478bd9Sstevel@tonic-gate #include <errno.h> 417c478bd9Sstevel@tonic-gate #include <stdlib.h> 427c478bd9Sstevel@tonic-gate #include <string.h> 437c478bd9Sstevel@tonic-gate #include <sys/types.h> 447c478bd9Sstevel@tonic-gate #include <sys/acl.h> 45fa9e4066Sahrens #include <aclutils.h> 467c478bd9Sstevel@tonic-gate 477c478bd9Sstevel@tonic-gate struct entry { 487c478bd9Sstevel@tonic-gate int count; 497c478bd9Sstevel@tonic-gate uid_t *id; 507c478bd9Sstevel@tonic-gate }; 517c478bd9Sstevel@tonic-gate 527c478bd9Sstevel@tonic-gate struct entry_stat { 537c478bd9Sstevel@tonic-gate struct entry user_obj; 547c478bd9Sstevel@tonic-gate struct entry user; 557c478bd9Sstevel@tonic-gate struct entry group_obj; 567c478bd9Sstevel@tonic-gate struct entry group; 577c478bd9Sstevel@tonic-gate struct entry other_obj; 587c478bd9Sstevel@tonic-gate struct entry class_obj; 597c478bd9Sstevel@tonic-gate struct entry def_user_obj; 607c478bd9Sstevel@tonic-gate struct entry def_user; 617c478bd9Sstevel@tonic-gate struct entry def_group_obj; 627c478bd9Sstevel@tonic-gate struct entry def_group; 637c478bd9Sstevel@tonic-gate struct entry def_other_obj; 647c478bd9Sstevel@tonic-gate struct entry def_class_obj; 657c478bd9Sstevel@tonic-gate }; 667c478bd9Sstevel@tonic-gate 677c478bd9Sstevel@tonic-gate static void free_mem(struct entry_stat *); 687c478bd9Sstevel@tonic-gate static int check_dup(int, uid_t *, uid_t, struct entry_stat *); 697c478bd9Sstevel@tonic-gate 70fa9e4066Sahrens static int 71fa9e4066Sahrens aclent_aclcheck(aclent_t *aclbufp, int nentries, int *which, int isdir) 727c478bd9Sstevel@tonic-gate { 737c478bd9Sstevel@tonic-gate struct entry_stat tally; 747c478bd9Sstevel@tonic-gate aclent_t *aclentp; 757c478bd9Sstevel@tonic-gate uid_t **idp; 767c478bd9Sstevel@tonic-gate int cnt; 777c478bd9Sstevel@tonic-gate 787c478bd9Sstevel@tonic-gate *which = -1; 797c478bd9Sstevel@tonic-gate memset(&tally, '\0', sizeof (tally)); 807c478bd9Sstevel@tonic-gate 817c478bd9Sstevel@tonic-gate for (aclentp = aclbufp; nentries > 0; nentries--, aclentp++) { 827c478bd9Sstevel@tonic-gate switch (aclentp->a_type) { 837c478bd9Sstevel@tonic-gate case USER_OBJ: 847c478bd9Sstevel@tonic-gate /* check uniqueness */ 857c478bd9Sstevel@tonic-gate if (tally.user_obj.count > 0) { 867c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 877c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 887c478bd9Sstevel@tonic-gate errno = EINVAL; 89fa9e4066Sahrens return (EACL_USER_ERROR); 907c478bd9Sstevel@tonic-gate } 917c478bd9Sstevel@tonic-gate tally.user_obj.count = 1; 927c478bd9Sstevel@tonic-gate break; 937c478bd9Sstevel@tonic-gate 947c478bd9Sstevel@tonic-gate case GROUP_OBJ: 957c478bd9Sstevel@tonic-gate /* check uniqueness */ 967c478bd9Sstevel@tonic-gate if (tally.group_obj.count > 0) { 977c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 987c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 997c478bd9Sstevel@tonic-gate errno = EINVAL; 100fa9e4066Sahrens return (EACL_GRP_ERROR); 1017c478bd9Sstevel@tonic-gate } 1027c478bd9Sstevel@tonic-gate tally.group_obj.count = 1; 1037c478bd9Sstevel@tonic-gate break; 1047c478bd9Sstevel@tonic-gate 1057c478bd9Sstevel@tonic-gate case OTHER_OBJ: 1067c478bd9Sstevel@tonic-gate /* check uniqueness */ 1077c478bd9Sstevel@tonic-gate if (tally.other_obj.count > 0) { 1087c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 1097c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 1107c478bd9Sstevel@tonic-gate errno = EINVAL; 111fa9e4066Sahrens return (EACL_OTHER_ERROR); 1127c478bd9Sstevel@tonic-gate } 1137c478bd9Sstevel@tonic-gate tally.other_obj.count = 1; 1147c478bd9Sstevel@tonic-gate break; 1157c478bd9Sstevel@tonic-gate 1167c478bd9Sstevel@tonic-gate case CLASS_OBJ: 1177c478bd9Sstevel@tonic-gate /* check uniqueness */ 1187c478bd9Sstevel@tonic-gate if (tally.class_obj.count > 0) { 1197c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 1207c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 1217c478bd9Sstevel@tonic-gate errno = EINVAL; 122fa9e4066Sahrens return (EACL_CLASS_ERROR); 1237c478bd9Sstevel@tonic-gate } 1247c478bd9Sstevel@tonic-gate tally.class_obj.count = 1; 1257c478bd9Sstevel@tonic-gate break; 1267c478bd9Sstevel@tonic-gate 1277c478bd9Sstevel@tonic-gate case USER: 1287c478bd9Sstevel@tonic-gate case GROUP: 1297c478bd9Sstevel@tonic-gate case DEF_USER: 1307c478bd9Sstevel@tonic-gate case DEF_GROUP: 1317c478bd9Sstevel@tonic-gate /* check duplicate */ 1327c478bd9Sstevel@tonic-gate if (aclentp->a_type == DEF_USER) { 1337c478bd9Sstevel@tonic-gate cnt = (tally.def_user.count)++; 1347c478bd9Sstevel@tonic-gate idp = &(tally.def_user.id); 1357c478bd9Sstevel@tonic-gate } else if (aclentp->a_type == DEF_GROUP) { 1367c478bd9Sstevel@tonic-gate cnt = (tally.def_group.count)++; 1377c478bd9Sstevel@tonic-gate idp = &(tally.def_group.id); 1387c478bd9Sstevel@tonic-gate } else if (aclentp->a_type == USER) { 1397c478bd9Sstevel@tonic-gate cnt = (tally.user.count)++; 1407c478bd9Sstevel@tonic-gate idp = &(tally.user.id); 1417c478bd9Sstevel@tonic-gate } else { 1427c478bd9Sstevel@tonic-gate cnt = (tally.group.count)++; 1437c478bd9Sstevel@tonic-gate idp = &(tally.group.id); 1447c478bd9Sstevel@tonic-gate } 1457c478bd9Sstevel@tonic-gate 1467c478bd9Sstevel@tonic-gate if (cnt == 0) { 1477c478bd9Sstevel@tonic-gate *idp = calloc(nentries, sizeof (uid_t)); 1487c478bd9Sstevel@tonic-gate if (*idp == NULL) 149fa9e4066Sahrens return (EACL_MEM_ERROR); 1507c478bd9Sstevel@tonic-gate } else { 1517c478bd9Sstevel@tonic-gate if (check_dup(cnt, *idp, aclentp->a_id, 1527c478bd9Sstevel@tonic-gate &tally) == -1) { 1537c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 154fa9e4066Sahrens return (EACL_DUPLICATE_ERROR); 1557c478bd9Sstevel@tonic-gate } 1567c478bd9Sstevel@tonic-gate } 1577c478bd9Sstevel@tonic-gate (*idp)[cnt] = aclentp->a_id; 1587c478bd9Sstevel@tonic-gate break; 1597c478bd9Sstevel@tonic-gate 1607c478bd9Sstevel@tonic-gate case DEF_USER_OBJ: 1617c478bd9Sstevel@tonic-gate /* check uniqueness */ 1627c478bd9Sstevel@tonic-gate if (tally.def_user_obj.count > 0) { 1637c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 1647c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 1657c478bd9Sstevel@tonic-gate errno = EINVAL; 166fa9e4066Sahrens return (EACL_USER_ERROR); 1677c478bd9Sstevel@tonic-gate } 1687c478bd9Sstevel@tonic-gate tally.def_user_obj.count = 1; 1697c478bd9Sstevel@tonic-gate break; 1707c478bd9Sstevel@tonic-gate 1717c478bd9Sstevel@tonic-gate case DEF_GROUP_OBJ: 1727c478bd9Sstevel@tonic-gate /* check uniqueness */ 1737c478bd9Sstevel@tonic-gate if (tally.def_group_obj.count > 0) { 1747c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 1757c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 1767c478bd9Sstevel@tonic-gate errno = EINVAL; 177fa9e4066Sahrens return (EACL_GRP_ERROR); 1787c478bd9Sstevel@tonic-gate } 1797c478bd9Sstevel@tonic-gate tally.def_group_obj.count = 1; 1807c478bd9Sstevel@tonic-gate break; 1817c478bd9Sstevel@tonic-gate 1827c478bd9Sstevel@tonic-gate case DEF_OTHER_OBJ: 1837c478bd9Sstevel@tonic-gate /* check uniqueness */ 1847c478bd9Sstevel@tonic-gate if (tally.def_other_obj.count > 0) { 1857c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 1867c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 1877c478bd9Sstevel@tonic-gate errno = EINVAL; 188fa9e4066Sahrens return (EACL_OTHER_ERROR); 1897c478bd9Sstevel@tonic-gate } 1907c478bd9Sstevel@tonic-gate tally.def_other_obj.count = 1; 1917c478bd9Sstevel@tonic-gate break; 1927c478bd9Sstevel@tonic-gate 1937c478bd9Sstevel@tonic-gate case DEF_CLASS_OBJ: 1947c478bd9Sstevel@tonic-gate /* check uniqueness */ 1957c478bd9Sstevel@tonic-gate if (tally.def_class_obj.count > 0) { 1967c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 1977c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 1987c478bd9Sstevel@tonic-gate errno = EINVAL; 199fa9e4066Sahrens return (EACL_CLASS_ERROR); 2007c478bd9Sstevel@tonic-gate } 2017c478bd9Sstevel@tonic-gate tally.def_class_obj.count = 1; 2027c478bd9Sstevel@tonic-gate break; 2037c478bd9Sstevel@tonic-gate 2047c478bd9Sstevel@tonic-gate default: 2057c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 2067c478bd9Sstevel@tonic-gate errno = EINVAL; 2077c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 208fa9e4066Sahrens return (EACL_ENTRY_ERROR); 2097c478bd9Sstevel@tonic-gate } 2107c478bd9Sstevel@tonic-gate } 2117c478bd9Sstevel@tonic-gate /* If there are group or user entries, there must be one class entry */ 2127c478bd9Sstevel@tonic-gate if (tally.user.count > 0 || tally.group.count > 0) 2137c478bd9Sstevel@tonic-gate if (tally.class_obj.count != 1) { 2147c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 2157c478bd9Sstevel@tonic-gate errno = EINVAL; 216fa9e4066Sahrens return (EACL_MISS_ERROR); 2177c478bd9Sstevel@tonic-gate } 2187c478bd9Sstevel@tonic-gate /* same is true for default entries */ 2197c478bd9Sstevel@tonic-gate if (tally.def_user.count > 0 || tally.def_group.count > 0) 2207c478bd9Sstevel@tonic-gate if (tally.def_class_obj.count != 1) { 2217c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 2227c478bd9Sstevel@tonic-gate errno = EINVAL; 223fa9e4066Sahrens return (EACL_MISS_ERROR); 2247c478bd9Sstevel@tonic-gate } 2257c478bd9Sstevel@tonic-gate 2267c478bd9Sstevel@tonic-gate /* there must be exactly one user_obj, group_obj, and other_obj entry */ 2277c478bd9Sstevel@tonic-gate if (tally.user_obj.count != 1 || 2287c478bd9Sstevel@tonic-gate tally.group_obj.count != 1 || 2297c478bd9Sstevel@tonic-gate tally.other_obj.count != 1) { 2307c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 2317c478bd9Sstevel@tonic-gate errno = EINVAL; 232fa9e4066Sahrens return (EACL_MISS_ERROR); 2337c478bd9Sstevel@tonic-gate } 2347c478bd9Sstevel@tonic-gate 2357c478bd9Sstevel@tonic-gate /* has default? same rules apply to default entries */ 236fa9e4066Sahrens if (tally.def_user.count > 0 || tally.def_user_obj.count > 0 || 237fa9e4066Sahrens tally.def_group.count > 0 || tally.def_group_obj.count > 0 || 238fa9e4066Sahrens tally.def_class_obj.count > 0 || tally.def_other_obj.count > 0) { 239fa9e4066Sahrens 240fa9e4066Sahrens /* 241fa9e4066Sahrens * Can't have default ACL's on non-directories 242fa9e4066Sahrens */ 243fa9e4066Sahrens if (isdir == 0) { 244fa9e4066Sahrens (void) free_mem(&tally); 245fa9e4066Sahrens errno = EINVAL; 246fa9e4066Sahrens return (EACL_INHERIT_NOTDIR); 247fa9e4066Sahrens } 248fa9e4066Sahrens 2497c478bd9Sstevel@tonic-gate if (tally.def_user_obj.count != 1 || 2507c478bd9Sstevel@tonic-gate tally.def_group_obj.count != 1 || 2517c478bd9Sstevel@tonic-gate tally.def_other_obj.count != 1) { 2527c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 2537c478bd9Sstevel@tonic-gate errno = EINVAL; 254fa9e4066Sahrens return (EACL_MISS_ERROR); 2557c478bd9Sstevel@tonic-gate } 256fa9e4066Sahrens } 257fa9e4066Sahrens 2587c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 2597c478bd9Sstevel@tonic-gate return (0); 2607c478bd9Sstevel@tonic-gate } 2617c478bd9Sstevel@tonic-gate 262fa9e4066Sahrens int 263fa9e4066Sahrens aclcheck(aclent_t *aclbufp, int nentries, int *which) 264fa9e4066Sahrens { 265fa9e4066Sahrens return (aclent_aclcheck(aclbufp, nentries, which, 1)); 266fa9e4066Sahrens } 267fa9e4066Sahrens 268fa9e4066Sahrens 2697c478bd9Sstevel@tonic-gate static void 2707c478bd9Sstevel@tonic-gate free_mem(struct entry_stat *tallyp) 2717c478bd9Sstevel@tonic-gate { 2727c478bd9Sstevel@tonic-gate if ((tallyp->user).count > 0) 2737c478bd9Sstevel@tonic-gate free((tallyp->user).id); 2747c478bd9Sstevel@tonic-gate if ((tallyp->group).count > 0) 2757c478bd9Sstevel@tonic-gate free((tallyp->group).id); 2767c478bd9Sstevel@tonic-gate if ((tallyp->def_user).count > 0) 2777c478bd9Sstevel@tonic-gate free((tallyp->def_user).id); 2787c478bd9Sstevel@tonic-gate if ((tallyp->def_group).count > 0) 2797c478bd9Sstevel@tonic-gate free((tallyp->def_group).id); 2807c478bd9Sstevel@tonic-gate } 2817c478bd9Sstevel@tonic-gate 2827c478bd9Sstevel@tonic-gate static int 2837c478bd9Sstevel@tonic-gate check_dup(int count, uid_t *ids, uid_t newid, struct entry_stat *tallyp) 2847c478bd9Sstevel@tonic-gate { 2857c478bd9Sstevel@tonic-gate int i; 2867c478bd9Sstevel@tonic-gate 2877c478bd9Sstevel@tonic-gate for (i = 0; i < count; i++) { 2887c478bd9Sstevel@tonic-gate if (ids[i] == newid) { 2897c478bd9Sstevel@tonic-gate errno = EINVAL; 2907c478bd9Sstevel@tonic-gate (void) free_mem(tallyp); 2917c478bd9Sstevel@tonic-gate return (-1); 2927c478bd9Sstevel@tonic-gate } 2937c478bd9Sstevel@tonic-gate } 2947c478bd9Sstevel@tonic-gate return (0); 2957c478bd9Sstevel@tonic-gate } 296fa9e4066Sahrens 297fa9e4066Sahrens #define IFLAGS (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE| \ 298fa9e4066Sahrens ACE_NO_PROPAGATE_INHERIT_ACE|ACE_INHERIT_ONLY_ACE) 299fa9e4066Sahrens 300fa9e4066Sahrens static int 301fa9e4066Sahrens ace_aclcheck(acl_t *aclp, int isdir) 302fa9e4066Sahrens { 303fa9e4066Sahrens ace_t *acep; 304fa9e4066Sahrens int i; 305fa9e4066Sahrens int error = 0; 306fa9e4066Sahrens 307fa9e4066Sahrens /* 308fa9e4066Sahrens * step through all valid flags. 309fa9e4066Sahrens */ 310fa9e4066Sahrens 311fa9e4066Sahrens if (aclp->acl_cnt <= 0 || aclp->acl_cnt > MAX_ACL_ENTRIES) 312fa9e4066Sahrens return (EACL_COUNT_ERROR); 313fa9e4066Sahrens 314fa9e4066Sahrens for (i = 0, acep = aclp->acl_aclp; 315fa9e4066Sahrens i != aclp->acl_cnt && error == 0; i++, acep++) { 316fa9e4066Sahrens switch (acep->a_flags & 0xf040) { 317fa9e4066Sahrens case 0: 318fa9e4066Sahrens case ACE_OWNER: 319fa9e4066Sahrens case ACE_EVERYONE: 320fa9e4066Sahrens case ACE_IDENTIFIER_GROUP: 321fa9e4066Sahrens case ACE_GROUP|ACE_IDENTIFIER_GROUP: 322fa9e4066Sahrens break; 323fa9e4066Sahrens default: 324fa9e4066Sahrens errno = EINVAL; 325fa9e4066Sahrens return (EACL_FLAGS_ERROR); 326fa9e4066Sahrens } 327fa9e4066Sahrens 328fa9e4066Sahrens /* 329fa9e4066Sahrens * INHERIT_ONLY/NO_PROPAGATE need a to INHERIT_FILE 330fa9e4066Sahrens * or INHERIT_DIR also 331fa9e4066Sahrens */ 332fa9e4066Sahrens if (acep->a_flags & 333fa9e4066Sahrens (ACE_INHERIT_ONLY_ACE|ACE_NO_PROPAGATE_INHERIT_ACE)) { 334fa9e4066Sahrens if ((acep->a_flags & (ACE_FILE_INHERIT_ACE| 335fa9e4066Sahrens ACE_DIRECTORY_INHERIT_ACE)) == 0) { 336fa9e4066Sahrens errno = EINVAL; 337fa9e4066Sahrens return (EACL_INHERIT_ERROR); 338fa9e4066Sahrens } 339fa9e4066Sahrens break; 340fa9e4066Sahrens } 341fa9e4066Sahrens 342fa9e4066Sahrens switch (acep->a_type) { 343fa9e4066Sahrens case ACE_ACCESS_ALLOWED_ACE_TYPE: 344fa9e4066Sahrens case ACE_ACCESS_DENIED_ACE_TYPE: 345fa9e4066Sahrens case ACE_SYSTEM_AUDIT_ACE_TYPE: 346fa9e4066Sahrens case ACE_SYSTEM_ALARM_ACE_TYPE: 347fa9e4066Sahrens break; 348fa9e4066Sahrens default: 349fa9e4066Sahrens errno = EINVAL; 350fa9e4066Sahrens return (EACL_ENTRY_ERROR); 351fa9e4066Sahrens } 352fa9e4066Sahrens if (acep->a_access_mask > ACE_ALL_PERMS) { 353fa9e4066Sahrens errno = EINVAL; 354fa9e4066Sahrens return (EACL_PERM_MASK_ERROR); 355fa9e4066Sahrens } 356fa9e4066Sahrens } 357fa9e4066Sahrens 358fa9e4066Sahrens return (0); 359fa9e4066Sahrens } 360fa9e4066Sahrens 361fa9e4066Sahrens int 362fa9e4066Sahrens acl_check(acl_t *aclp, int flag) 363fa9e4066Sahrens { 364fa9e4066Sahrens int error; 365fa9e4066Sahrens int where; 366fa9e4066Sahrens 367fa9e4066Sahrens switch (aclp->acl_type) { 368fa9e4066Sahrens case ACLENT_T: 369fa9e4066Sahrens error = aclent_aclcheck(aclp->acl_aclp, aclp->acl_cnt, 370fa9e4066Sahrens &where, flag); 371fa9e4066Sahrens break; 372fa9e4066Sahrens case ACE_T: 373fa9e4066Sahrens error = ace_aclcheck(aclp, flag); 374fa9e4066Sahrens break; 375fa9e4066Sahrens default: 376fa9e4066Sahrens errno = EINVAL; 377fa9e4066Sahrens error = EACL_ENTRY_ERROR; 378fa9e4066Sahrens } 379fa9e4066Sahrens return (error); 380fa9e4066Sahrens } 381