17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 57c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 67c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 77c478bd9Sstevel@tonic-gate * with the License. 87c478bd9Sstevel@tonic-gate * 97c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 107c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 117c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 127c478bd9Sstevel@tonic-gate * and limitations under the License. 137c478bd9Sstevel@tonic-gate * 147c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 157c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 167c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 177c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 187c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 197c478bd9Sstevel@tonic-gate * 207c478bd9Sstevel@tonic-gate * CDDL HEADER END 217c478bd9Sstevel@tonic-gate */ 227c478bd9Sstevel@tonic-gate /* 23*fa9e4066Sahrens * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24*fa9e4066Sahrens * Use is subject to license terms. 257c478bd9Sstevel@tonic-gate */ 267c478bd9Sstevel@tonic-gate 277c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 287c478bd9Sstevel@tonic-gate /*LINTLIBRARY*/ 297c478bd9Sstevel@tonic-gate 307c478bd9Sstevel@tonic-gate /* 317c478bd9Sstevel@tonic-gate * aclcheck(): check validity of an ACL 327c478bd9Sstevel@tonic-gate * A valid ACL is defined as follows: 337c478bd9Sstevel@tonic-gate * There must be exactly one USER_OBJ, GROUP_OBJ, and OTHER_OBJ entry. 347c478bd9Sstevel@tonic-gate * If there are any USER entries, then the user id must be unique. 357c478bd9Sstevel@tonic-gate * If there are any GROUP entries, then the group id must be unique. 367c478bd9Sstevel@tonic-gate * If there are any GROUP or USER entries, there must be exactly one 377c478bd9Sstevel@tonic-gate * CLASS_OBJ entry. 387c478bd9Sstevel@tonic-gate * The same rules apply to default ACL entries. 397c478bd9Sstevel@tonic-gate */ 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gate #include <errno.h> 427c478bd9Sstevel@tonic-gate #include <stdlib.h> 437c478bd9Sstevel@tonic-gate #include <string.h> 447c478bd9Sstevel@tonic-gate #include <sys/types.h> 457c478bd9Sstevel@tonic-gate #include <sys/acl.h> 46*fa9e4066Sahrens #include <aclutils.h> 477c478bd9Sstevel@tonic-gate 487c478bd9Sstevel@tonic-gate struct entry { 497c478bd9Sstevel@tonic-gate int count; 507c478bd9Sstevel@tonic-gate uid_t *id; 517c478bd9Sstevel@tonic-gate }; 527c478bd9Sstevel@tonic-gate 537c478bd9Sstevel@tonic-gate struct entry_stat { 547c478bd9Sstevel@tonic-gate struct entry user_obj; 557c478bd9Sstevel@tonic-gate struct entry user; 567c478bd9Sstevel@tonic-gate struct entry group_obj; 577c478bd9Sstevel@tonic-gate struct entry group; 587c478bd9Sstevel@tonic-gate struct entry other_obj; 597c478bd9Sstevel@tonic-gate struct entry class_obj; 607c478bd9Sstevel@tonic-gate struct entry def_user_obj; 617c478bd9Sstevel@tonic-gate struct entry def_user; 627c478bd9Sstevel@tonic-gate struct entry def_group_obj; 637c478bd9Sstevel@tonic-gate struct entry def_group; 647c478bd9Sstevel@tonic-gate struct entry def_other_obj; 657c478bd9Sstevel@tonic-gate struct entry def_class_obj; 667c478bd9Sstevel@tonic-gate }; 677c478bd9Sstevel@tonic-gate 687c478bd9Sstevel@tonic-gate static void free_mem(struct entry_stat *); 697c478bd9Sstevel@tonic-gate static int check_dup(int, uid_t *, uid_t, struct entry_stat *); 707c478bd9Sstevel@tonic-gate 71*fa9e4066Sahrens static int 72*fa9e4066Sahrens aclent_aclcheck(aclent_t *aclbufp, int nentries, int *which, int isdir) 737c478bd9Sstevel@tonic-gate { 747c478bd9Sstevel@tonic-gate struct entry_stat tally; 757c478bd9Sstevel@tonic-gate aclent_t *aclentp; 767c478bd9Sstevel@tonic-gate uid_t **idp; 777c478bd9Sstevel@tonic-gate int cnt; 787c478bd9Sstevel@tonic-gate 797c478bd9Sstevel@tonic-gate *which = -1; 807c478bd9Sstevel@tonic-gate memset(&tally, '\0', sizeof (tally)); 817c478bd9Sstevel@tonic-gate 827c478bd9Sstevel@tonic-gate for (aclentp = aclbufp; nentries > 0; nentries--, aclentp++) { 837c478bd9Sstevel@tonic-gate switch (aclentp->a_type) { 847c478bd9Sstevel@tonic-gate case USER_OBJ: 857c478bd9Sstevel@tonic-gate /* check uniqueness */ 867c478bd9Sstevel@tonic-gate if (tally.user_obj.count > 0) { 877c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 887c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 897c478bd9Sstevel@tonic-gate errno = EINVAL; 90*fa9e4066Sahrens return (EACL_USER_ERROR); 917c478bd9Sstevel@tonic-gate } 927c478bd9Sstevel@tonic-gate tally.user_obj.count = 1; 937c478bd9Sstevel@tonic-gate break; 947c478bd9Sstevel@tonic-gate 957c478bd9Sstevel@tonic-gate case GROUP_OBJ: 967c478bd9Sstevel@tonic-gate /* check uniqueness */ 977c478bd9Sstevel@tonic-gate if (tally.group_obj.count > 0) { 987c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 997c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 1007c478bd9Sstevel@tonic-gate errno = EINVAL; 101*fa9e4066Sahrens return (EACL_GRP_ERROR); 1027c478bd9Sstevel@tonic-gate } 1037c478bd9Sstevel@tonic-gate tally.group_obj.count = 1; 1047c478bd9Sstevel@tonic-gate break; 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate case OTHER_OBJ: 1077c478bd9Sstevel@tonic-gate /* check uniqueness */ 1087c478bd9Sstevel@tonic-gate if (tally.other_obj.count > 0) { 1097c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 1107c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 1117c478bd9Sstevel@tonic-gate errno = EINVAL; 112*fa9e4066Sahrens return (EACL_OTHER_ERROR); 1137c478bd9Sstevel@tonic-gate } 1147c478bd9Sstevel@tonic-gate tally.other_obj.count = 1; 1157c478bd9Sstevel@tonic-gate break; 1167c478bd9Sstevel@tonic-gate 1177c478bd9Sstevel@tonic-gate case CLASS_OBJ: 1187c478bd9Sstevel@tonic-gate /* check uniqueness */ 1197c478bd9Sstevel@tonic-gate if (tally.class_obj.count > 0) { 1207c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 1217c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 1227c478bd9Sstevel@tonic-gate errno = EINVAL; 123*fa9e4066Sahrens return (EACL_CLASS_ERROR); 1247c478bd9Sstevel@tonic-gate } 1257c478bd9Sstevel@tonic-gate tally.class_obj.count = 1; 1267c478bd9Sstevel@tonic-gate break; 1277c478bd9Sstevel@tonic-gate 1287c478bd9Sstevel@tonic-gate case USER: 1297c478bd9Sstevel@tonic-gate case GROUP: 1307c478bd9Sstevel@tonic-gate case DEF_USER: 1317c478bd9Sstevel@tonic-gate case DEF_GROUP: 1327c478bd9Sstevel@tonic-gate /* check duplicate */ 1337c478bd9Sstevel@tonic-gate if (aclentp->a_type == DEF_USER) { 1347c478bd9Sstevel@tonic-gate cnt = (tally.def_user.count)++; 1357c478bd9Sstevel@tonic-gate idp = &(tally.def_user.id); 1367c478bd9Sstevel@tonic-gate } else if (aclentp->a_type == DEF_GROUP) { 1377c478bd9Sstevel@tonic-gate cnt = (tally.def_group.count)++; 1387c478bd9Sstevel@tonic-gate idp = &(tally.def_group.id); 1397c478bd9Sstevel@tonic-gate } else if (aclentp->a_type == USER) { 1407c478bd9Sstevel@tonic-gate cnt = (tally.user.count)++; 1417c478bd9Sstevel@tonic-gate idp = &(tally.user.id); 1427c478bd9Sstevel@tonic-gate } else { 1437c478bd9Sstevel@tonic-gate cnt = (tally.group.count)++; 1447c478bd9Sstevel@tonic-gate idp = &(tally.group.id); 1457c478bd9Sstevel@tonic-gate } 1467c478bd9Sstevel@tonic-gate 1477c478bd9Sstevel@tonic-gate if (cnt == 0) { 1487c478bd9Sstevel@tonic-gate *idp = calloc(nentries, sizeof (uid_t)); 1497c478bd9Sstevel@tonic-gate if (*idp == NULL) 150*fa9e4066Sahrens return (EACL_MEM_ERROR); 1517c478bd9Sstevel@tonic-gate } else { 1527c478bd9Sstevel@tonic-gate if (check_dup(cnt, *idp, aclentp->a_id, 1537c478bd9Sstevel@tonic-gate &tally) == -1) { 1547c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 155*fa9e4066Sahrens return (EACL_DUPLICATE_ERROR); 1567c478bd9Sstevel@tonic-gate } 1577c478bd9Sstevel@tonic-gate } 1587c478bd9Sstevel@tonic-gate (*idp)[cnt] = aclentp->a_id; 1597c478bd9Sstevel@tonic-gate break; 1607c478bd9Sstevel@tonic-gate 1617c478bd9Sstevel@tonic-gate case DEF_USER_OBJ: 1627c478bd9Sstevel@tonic-gate /* check uniqueness */ 1637c478bd9Sstevel@tonic-gate if (tally.def_user_obj.count > 0) { 1647c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 1657c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 1667c478bd9Sstevel@tonic-gate errno = EINVAL; 167*fa9e4066Sahrens return (EACL_USER_ERROR); 1687c478bd9Sstevel@tonic-gate } 1697c478bd9Sstevel@tonic-gate tally.def_user_obj.count = 1; 1707c478bd9Sstevel@tonic-gate break; 1717c478bd9Sstevel@tonic-gate 1727c478bd9Sstevel@tonic-gate case DEF_GROUP_OBJ: 1737c478bd9Sstevel@tonic-gate /* check uniqueness */ 1747c478bd9Sstevel@tonic-gate if (tally.def_group_obj.count > 0) { 1757c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 1767c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 1777c478bd9Sstevel@tonic-gate errno = EINVAL; 178*fa9e4066Sahrens return (EACL_GRP_ERROR); 1797c478bd9Sstevel@tonic-gate } 1807c478bd9Sstevel@tonic-gate tally.def_group_obj.count = 1; 1817c478bd9Sstevel@tonic-gate break; 1827c478bd9Sstevel@tonic-gate 1837c478bd9Sstevel@tonic-gate case DEF_OTHER_OBJ: 1847c478bd9Sstevel@tonic-gate /* check uniqueness */ 1857c478bd9Sstevel@tonic-gate if (tally.def_other_obj.count > 0) { 1867c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 1877c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 1887c478bd9Sstevel@tonic-gate errno = EINVAL; 189*fa9e4066Sahrens return (EACL_OTHER_ERROR); 1907c478bd9Sstevel@tonic-gate } 1917c478bd9Sstevel@tonic-gate tally.def_other_obj.count = 1; 1927c478bd9Sstevel@tonic-gate break; 1937c478bd9Sstevel@tonic-gate 1947c478bd9Sstevel@tonic-gate case DEF_CLASS_OBJ: 1957c478bd9Sstevel@tonic-gate /* check uniqueness */ 1967c478bd9Sstevel@tonic-gate if (tally.def_class_obj.count > 0) { 1977c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 1987c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 1997c478bd9Sstevel@tonic-gate errno = EINVAL; 200*fa9e4066Sahrens return (EACL_CLASS_ERROR); 2017c478bd9Sstevel@tonic-gate } 2027c478bd9Sstevel@tonic-gate tally.def_class_obj.count = 1; 2037c478bd9Sstevel@tonic-gate break; 2047c478bd9Sstevel@tonic-gate 2057c478bd9Sstevel@tonic-gate default: 2067c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 2077c478bd9Sstevel@tonic-gate errno = EINVAL; 2087c478bd9Sstevel@tonic-gate *which = (int)(aclentp - aclbufp); 209*fa9e4066Sahrens return (EACL_ENTRY_ERROR); 2107c478bd9Sstevel@tonic-gate } 2117c478bd9Sstevel@tonic-gate } 2127c478bd9Sstevel@tonic-gate /* If there are group or user entries, there must be one class entry */ 2137c478bd9Sstevel@tonic-gate if (tally.user.count > 0 || tally.group.count > 0) 2147c478bd9Sstevel@tonic-gate if (tally.class_obj.count != 1) { 2157c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 2167c478bd9Sstevel@tonic-gate errno = EINVAL; 217*fa9e4066Sahrens return (EACL_MISS_ERROR); 2187c478bd9Sstevel@tonic-gate } 2197c478bd9Sstevel@tonic-gate /* same is true for default entries */ 2207c478bd9Sstevel@tonic-gate if (tally.def_user.count > 0 || tally.def_group.count > 0) 2217c478bd9Sstevel@tonic-gate if (tally.def_class_obj.count != 1) { 2227c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 2237c478bd9Sstevel@tonic-gate errno = EINVAL; 224*fa9e4066Sahrens return (EACL_MISS_ERROR); 2257c478bd9Sstevel@tonic-gate } 2267c478bd9Sstevel@tonic-gate 2277c478bd9Sstevel@tonic-gate /* there must be exactly one user_obj, group_obj, and other_obj entry */ 2287c478bd9Sstevel@tonic-gate if (tally.user_obj.count != 1 || 2297c478bd9Sstevel@tonic-gate tally.group_obj.count != 1 || 2307c478bd9Sstevel@tonic-gate tally.other_obj.count != 1) { 2317c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 2327c478bd9Sstevel@tonic-gate errno = EINVAL; 233*fa9e4066Sahrens return (EACL_MISS_ERROR); 2347c478bd9Sstevel@tonic-gate } 2357c478bd9Sstevel@tonic-gate 2367c478bd9Sstevel@tonic-gate /* has default? same rules apply to default entries */ 237*fa9e4066Sahrens if (tally.def_user.count > 0 || tally.def_user_obj.count > 0 || 238*fa9e4066Sahrens tally.def_group.count > 0 || tally.def_group_obj.count > 0 || 239*fa9e4066Sahrens tally.def_class_obj.count > 0 || tally.def_other_obj.count > 0) { 240*fa9e4066Sahrens 241*fa9e4066Sahrens /* 242*fa9e4066Sahrens * Can't have default ACL's on non-directories 243*fa9e4066Sahrens */ 244*fa9e4066Sahrens if (isdir == 0) { 245*fa9e4066Sahrens (void) free_mem(&tally); 246*fa9e4066Sahrens errno = EINVAL; 247*fa9e4066Sahrens return (EACL_INHERIT_NOTDIR); 248*fa9e4066Sahrens } 249*fa9e4066Sahrens 2507c478bd9Sstevel@tonic-gate if (tally.def_user_obj.count != 1 || 2517c478bd9Sstevel@tonic-gate tally.def_group_obj.count != 1 || 2527c478bd9Sstevel@tonic-gate tally.def_other_obj.count != 1) { 2537c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 2547c478bd9Sstevel@tonic-gate errno = EINVAL; 255*fa9e4066Sahrens return (EACL_MISS_ERROR); 2567c478bd9Sstevel@tonic-gate } 257*fa9e4066Sahrens } 258*fa9e4066Sahrens 2597c478bd9Sstevel@tonic-gate (void) free_mem(&tally); 2607c478bd9Sstevel@tonic-gate return (0); 2617c478bd9Sstevel@tonic-gate } 2627c478bd9Sstevel@tonic-gate 263*fa9e4066Sahrens int 264*fa9e4066Sahrens aclcheck(aclent_t *aclbufp, int nentries, int *which) 265*fa9e4066Sahrens { 266*fa9e4066Sahrens return (aclent_aclcheck(aclbufp, nentries, which, 1)); 267*fa9e4066Sahrens } 268*fa9e4066Sahrens 269*fa9e4066Sahrens 2707c478bd9Sstevel@tonic-gate static void 2717c478bd9Sstevel@tonic-gate free_mem(struct entry_stat *tallyp) 2727c478bd9Sstevel@tonic-gate { 2737c478bd9Sstevel@tonic-gate if ((tallyp->user).count > 0) 2747c478bd9Sstevel@tonic-gate free((tallyp->user).id); 2757c478bd9Sstevel@tonic-gate if ((tallyp->group).count > 0) 2767c478bd9Sstevel@tonic-gate free((tallyp->group).id); 2777c478bd9Sstevel@tonic-gate if ((tallyp->def_user).count > 0) 2787c478bd9Sstevel@tonic-gate free((tallyp->def_user).id); 2797c478bd9Sstevel@tonic-gate if ((tallyp->def_group).count > 0) 2807c478bd9Sstevel@tonic-gate free((tallyp->def_group).id); 2817c478bd9Sstevel@tonic-gate } 2827c478bd9Sstevel@tonic-gate 2837c478bd9Sstevel@tonic-gate static int 2847c478bd9Sstevel@tonic-gate check_dup(int count, uid_t *ids, uid_t newid, struct entry_stat *tallyp) 2857c478bd9Sstevel@tonic-gate { 2867c478bd9Sstevel@tonic-gate int i; 2877c478bd9Sstevel@tonic-gate 2887c478bd9Sstevel@tonic-gate for (i = 0; i < count; i++) { 2897c478bd9Sstevel@tonic-gate if (ids[i] == newid) { 2907c478bd9Sstevel@tonic-gate errno = EINVAL; 2917c478bd9Sstevel@tonic-gate (void) free_mem(tallyp); 2927c478bd9Sstevel@tonic-gate return (-1); 2937c478bd9Sstevel@tonic-gate } 2947c478bd9Sstevel@tonic-gate } 2957c478bd9Sstevel@tonic-gate return (0); 2967c478bd9Sstevel@tonic-gate } 297*fa9e4066Sahrens 298*fa9e4066Sahrens #define IFLAGS (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE| \ 299*fa9e4066Sahrens ACE_NO_PROPAGATE_INHERIT_ACE|ACE_INHERIT_ONLY_ACE) 300*fa9e4066Sahrens 301*fa9e4066Sahrens static int 302*fa9e4066Sahrens ace_aclcheck(acl_t *aclp, int isdir) 303*fa9e4066Sahrens { 304*fa9e4066Sahrens ace_t *acep; 305*fa9e4066Sahrens int i; 306*fa9e4066Sahrens int error = 0; 307*fa9e4066Sahrens 308*fa9e4066Sahrens /* 309*fa9e4066Sahrens * step through all valid flags. 310*fa9e4066Sahrens */ 311*fa9e4066Sahrens 312*fa9e4066Sahrens if (aclp->acl_cnt <= 0 || aclp->acl_cnt > MAX_ACL_ENTRIES) 313*fa9e4066Sahrens return (EACL_COUNT_ERROR); 314*fa9e4066Sahrens 315*fa9e4066Sahrens for (i = 0, acep = aclp->acl_aclp; 316*fa9e4066Sahrens i != aclp->acl_cnt && error == 0; i++, acep++) { 317*fa9e4066Sahrens switch (acep->a_flags & 0xf040) { 318*fa9e4066Sahrens case 0: 319*fa9e4066Sahrens case ACE_OWNER: 320*fa9e4066Sahrens case ACE_EVERYONE: 321*fa9e4066Sahrens case ACE_IDENTIFIER_GROUP: 322*fa9e4066Sahrens case ACE_GROUP|ACE_IDENTIFIER_GROUP: 323*fa9e4066Sahrens break; 324*fa9e4066Sahrens default: 325*fa9e4066Sahrens errno = EINVAL; 326*fa9e4066Sahrens return (EACL_FLAGS_ERROR); 327*fa9e4066Sahrens } 328*fa9e4066Sahrens 329*fa9e4066Sahrens /* 330*fa9e4066Sahrens * Can't have inheritance on files. 331*fa9e4066Sahrens */ 332*fa9e4066Sahrens if ((acep->a_flags & 333*fa9e4066Sahrens (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE| 334*fa9e4066Sahrens ACE_INHERIT_ONLY_ACE|ACE_NO_PROPAGATE_INHERIT_ACE)) && 335*fa9e4066Sahrens isdir == 0) { 336*fa9e4066Sahrens errno = EINVAL; 337*fa9e4066Sahrens return (EACL_INHERIT_NOTDIR); 338*fa9e4066Sahrens } 339*fa9e4066Sahrens 340*fa9e4066Sahrens /* 341*fa9e4066Sahrens * INHERIT_ONLY/NO_PROPAGATE need a to INHERIT_FILE 342*fa9e4066Sahrens * or INHERIT_DIR also 343*fa9e4066Sahrens */ 344*fa9e4066Sahrens if (acep->a_flags & 345*fa9e4066Sahrens (ACE_INHERIT_ONLY_ACE|ACE_NO_PROPAGATE_INHERIT_ACE)) { 346*fa9e4066Sahrens if ((acep->a_flags & (ACE_FILE_INHERIT_ACE| 347*fa9e4066Sahrens ACE_DIRECTORY_INHERIT_ACE)) == 0) { 348*fa9e4066Sahrens errno = EINVAL; 349*fa9e4066Sahrens return (EACL_INHERIT_ERROR); 350*fa9e4066Sahrens } 351*fa9e4066Sahrens break; 352*fa9e4066Sahrens } 353*fa9e4066Sahrens 354*fa9e4066Sahrens switch (acep->a_type) { 355*fa9e4066Sahrens case ACE_ACCESS_ALLOWED_ACE_TYPE: 356*fa9e4066Sahrens case ACE_ACCESS_DENIED_ACE_TYPE: 357*fa9e4066Sahrens case ACE_SYSTEM_AUDIT_ACE_TYPE: 358*fa9e4066Sahrens case ACE_SYSTEM_ALARM_ACE_TYPE: 359*fa9e4066Sahrens break; 360*fa9e4066Sahrens default: 361*fa9e4066Sahrens errno = EINVAL; 362*fa9e4066Sahrens return (EACL_ENTRY_ERROR); 363*fa9e4066Sahrens } 364*fa9e4066Sahrens if (acep->a_access_mask > ACE_ALL_PERMS) { 365*fa9e4066Sahrens errno = EINVAL; 366*fa9e4066Sahrens return (EACL_PERM_MASK_ERROR); 367*fa9e4066Sahrens } 368*fa9e4066Sahrens } 369*fa9e4066Sahrens 370*fa9e4066Sahrens return (0); 371*fa9e4066Sahrens } 372*fa9e4066Sahrens 373*fa9e4066Sahrens int 374*fa9e4066Sahrens acl_check(acl_t *aclp, int flag) 375*fa9e4066Sahrens { 376*fa9e4066Sahrens int error; 377*fa9e4066Sahrens int where; 378*fa9e4066Sahrens 379*fa9e4066Sahrens switch (aclp->acl_type) { 380*fa9e4066Sahrens case ACLENT_T: 381*fa9e4066Sahrens error = aclent_aclcheck(aclp->acl_aclp, aclp->acl_cnt, 382*fa9e4066Sahrens &where, flag); 383*fa9e4066Sahrens break; 384*fa9e4066Sahrens case ACE_T: 385*fa9e4066Sahrens error = ace_aclcheck(aclp, flag); 386*fa9e4066Sahrens break; 387*fa9e4066Sahrens default: 388*fa9e4066Sahrens errno = EINVAL; 389*fa9e4066Sahrens error = EACL_ENTRY_ERROR; 390*fa9e4066Sahrens } 391*fa9e4066Sahrens return (error); 392*fa9e4066Sahrens } 393