17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5dd29fa4aSprabahar * Common Development and Distribution License (the "License"). 6dd29fa4aSprabahar * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22*da6c28aaSamw * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ 277c478bd9Sstevel@tonic-gate /* All Rights Reserved */ 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate /* 307c478bd9Sstevel@tonic-gate * Portions of this source code were derived from Berkeley 4.3 BSD 317c478bd9Sstevel@tonic-gate * under license from the Regents of the University of California. 327c478bd9Sstevel@tonic-gate */ 337c478bd9Sstevel@tonic-gate 347c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 357c478bd9Sstevel@tonic-gate 367c478bd9Sstevel@tonic-gate #include <sys/param.h> 377c478bd9Sstevel@tonic-gate #include <sys/isa_defs.h> 387c478bd9Sstevel@tonic-gate #include <sys/types.h> 397c478bd9Sstevel@tonic-gate #include <sys/sysmacros.h> 407c478bd9Sstevel@tonic-gate #include <sys/cred.h> 417c478bd9Sstevel@tonic-gate #include <sys/systm.h> 427c478bd9Sstevel@tonic-gate #include <sys/errno.h> 437c478bd9Sstevel@tonic-gate #include <sys/fcntl.h> 447c478bd9Sstevel@tonic-gate #include <sys/pathname.h> 457c478bd9Sstevel@tonic-gate #include <sys/vfs.h> 467c478bd9Sstevel@tonic-gate #include <sys/vnode.h> 477c478bd9Sstevel@tonic-gate #include <sys/file.h> 487c478bd9Sstevel@tonic-gate #include <sys/mode.h> 497c478bd9Sstevel@tonic-gate #include <sys/uio.h> 507c478bd9Sstevel@tonic-gate #include <sys/kmem.h> 517c478bd9Sstevel@tonic-gate #include <sys/filio.h> 527c478bd9Sstevel@tonic-gate #include <sys/acl.h> 537c478bd9Sstevel@tonic-gate #include <sys/cmn_err.h> 54fa9e4066Sahrens #include <acl/acl_common.h> 557c478bd9Sstevel@tonic-gate 567c478bd9Sstevel@tonic-gate #include <sys/unistd.h> 577c478bd9Sstevel@tonic-gate #include <sys/debug.h> 58dd29fa4aSprabahar #include <fs/fs_subr.h> 597c478bd9Sstevel@tonic-gate 607c478bd9Sstevel@tonic-gate static int cacl(int cmd, int nentries, void *aclbufp, 617c478bd9Sstevel@tonic-gate vnode_t *vp, int *rv); 627c478bd9Sstevel@tonic-gate 637c478bd9Sstevel@tonic-gate /* 647c478bd9Sstevel@tonic-gate * Get/Set ACL of a file. 657c478bd9Sstevel@tonic-gate */ 667c478bd9Sstevel@tonic-gate int 677c478bd9Sstevel@tonic-gate acl(const char *fname, int cmd, int nentries, void *aclbufp) 687c478bd9Sstevel@tonic-gate { 697c478bd9Sstevel@tonic-gate struct vnode *vp; 707c478bd9Sstevel@tonic-gate int error; 717c478bd9Sstevel@tonic-gate int rv = 0; 72dd29fa4aSprabahar int estale_retry = 0; 737c478bd9Sstevel@tonic-gate 747c478bd9Sstevel@tonic-gate /* Sanity check arguments */ 757c478bd9Sstevel@tonic-gate if (fname == NULL) 767c478bd9Sstevel@tonic-gate return (set_errno(EINVAL)); 777c478bd9Sstevel@tonic-gate lookup: 787c478bd9Sstevel@tonic-gate error = lookupname((char *)fname, UIO_USERSPACE, FOLLOW, NULLVPP, &vp); 797c478bd9Sstevel@tonic-gate if (error) { 80dd29fa4aSprabahar if ((error == ESTALE) && fs_need_estale_retry(estale_retry++)) 817c478bd9Sstevel@tonic-gate goto lookup; 827c478bd9Sstevel@tonic-gate return (set_errno(error)); 837c478bd9Sstevel@tonic-gate } 847c478bd9Sstevel@tonic-gate 857c478bd9Sstevel@tonic-gate error = cacl(cmd, nentries, aclbufp, vp, &rv); 867c478bd9Sstevel@tonic-gate VN_RELE(vp); 877c478bd9Sstevel@tonic-gate if (error) { 88dd29fa4aSprabahar if ((error == ESTALE) && fs_need_estale_retry(estale_retry++)) 897c478bd9Sstevel@tonic-gate goto lookup; 907c478bd9Sstevel@tonic-gate return (set_errno(error)); 917c478bd9Sstevel@tonic-gate } 927c478bd9Sstevel@tonic-gate return (rv); 937c478bd9Sstevel@tonic-gate } 947c478bd9Sstevel@tonic-gate 957c478bd9Sstevel@tonic-gate /* 967c478bd9Sstevel@tonic-gate * Get/Set ACL of a file with facl system call. 977c478bd9Sstevel@tonic-gate */ 987c478bd9Sstevel@tonic-gate int 997c478bd9Sstevel@tonic-gate facl(int fdes, int cmd, int nentries, void *aclbufp) 1007c478bd9Sstevel@tonic-gate { 1017c478bd9Sstevel@tonic-gate file_t *fp; 1027c478bd9Sstevel@tonic-gate int error; 1037c478bd9Sstevel@tonic-gate int rv = 0; 1047c478bd9Sstevel@tonic-gate 1057c478bd9Sstevel@tonic-gate if ((fp = getf(fdes)) == NULL) 1067c478bd9Sstevel@tonic-gate return (set_errno(EBADF)); 1077c478bd9Sstevel@tonic-gate if (fp->f_flag & FREVOKED) { 1087c478bd9Sstevel@tonic-gate releasef(fdes); 1097c478bd9Sstevel@tonic-gate return (set_errno(EBADF)); 1107c478bd9Sstevel@tonic-gate } 1117c478bd9Sstevel@tonic-gate 1127c478bd9Sstevel@tonic-gate error = cacl(cmd, nentries, aclbufp, fp->f_vnode, &rv); 1137c478bd9Sstevel@tonic-gate releasef(fdes); 1147c478bd9Sstevel@tonic-gate 1157c478bd9Sstevel@tonic-gate if (error) 1167c478bd9Sstevel@tonic-gate return (set_errno(error)); 1177c478bd9Sstevel@tonic-gate return (rv); 1187c478bd9Sstevel@tonic-gate } 1197c478bd9Sstevel@tonic-gate 1207c478bd9Sstevel@tonic-gate 1217c478bd9Sstevel@tonic-gate /* 1227c478bd9Sstevel@tonic-gate * Common code for acl() and facl(). 1237c478bd9Sstevel@tonic-gate */ 1247c478bd9Sstevel@tonic-gate static int 1257c478bd9Sstevel@tonic-gate cacl(int cmd, int nentries, void *aclbufp, vnode_t *vp, int *rv) 1267c478bd9Sstevel@tonic-gate { 1277c478bd9Sstevel@tonic-gate int error; 1287c478bd9Sstevel@tonic-gate int aclbsize; /* size of acl list in bytes */ 1297c478bd9Sstevel@tonic-gate int dfaclbsize; /* size of default acl list in bytes */ 1307c478bd9Sstevel@tonic-gate int numacls; 1317c478bd9Sstevel@tonic-gate caddr_t uaddrp; 1327c478bd9Sstevel@tonic-gate aclent_t *aclp, *aaclp; 1337c478bd9Sstevel@tonic-gate vsecattr_t vsecattr; 134*da6c28aaSamw size_t entry_size; 1357c478bd9Sstevel@tonic-gate 1367c478bd9Sstevel@tonic-gate ASSERT(vp); 1377c478bd9Sstevel@tonic-gate 1387c478bd9Sstevel@tonic-gate bzero(&vsecattr, sizeof (vsecattr_t)); 1397c478bd9Sstevel@tonic-gate 1407c478bd9Sstevel@tonic-gate switch (cmd) { 1417c478bd9Sstevel@tonic-gate 1427c478bd9Sstevel@tonic-gate case ACE_GETACLCNT: 1437c478bd9Sstevel@tonic-gate case GETACLCNT: 144*da6c28aaSamw if (cmd == GETACLCNT) { 145*da6c28aaSamw entry_size = sizeof (aclent_t); 1467c478bd9Sstevel@tonic-gate vsecattr.vsa_mask = VSA_ACLCNT | VSA_DFACLCNT; 147*da6c28aaSamw } else { 148*da6c28aaSamw entry_size = sizeof (ace_t); 1497c478bd9Sstevel@tonic-gate vsecattr.vsa_mask = VSA_ACECNT; 150*da6c28aaSamw } 151*da6c28aaSamw if (error = VOP_GETSECATTR(vp, &vsecattr, 0, CRED(), NULL)) 1527c478bd9Sstevel@tonic-gate return (error); 1537c478bd9Sstevel@tonic-gate *rv = vsecattr.vsa_aclcnt + vsecattr.vsa_dfaclcnt; 1547c478bd9Sstevel@tonic-gate if (vsecattr.vsa_aclcnt && vsecattr.vsa_aclentp) { 1557c478bd9Sstevel@tonic-gate kmem_free(vsecattr.vsa_aclentp, 156*da6c28aaSamw vsecattr.vsa_aclcnt * entry_size); 1577c478bd9Sstevel@tonic-gate } 1587c478bd9Sstevel@tonic-gate if (vsecattr.vsa_dfaclcnt && vsecattr.vsa_dfaclentp) { 1597c478bd9Sstevel@tonic-gate kmem_free(vsecattr.vsa_dfaclentp, 160*da6c28aaSamw vsecattr.vsa_dfaclcnt * entry_size); 1617c478bd9Sstevel@tonic-gate } 1627c478bd9Sstevel@tonic-gate break; 1637c478bd9Sstevel@tonic-gate case GETACL: 1647c478bd9Sstevel@tonic-gate /* 1657c478bd9Sstevel@tonic-gate * Minimum ACL size is three entries so might as well 1667c478bd9Sstevel@tonic-gate * bail out here. 1677c478bd9Sstevel@tonic-gate */ 1687c478bd9Sstevel@tonic-gate if (nentries < 3) 1697c478bd9Sstevel@tonic-gate return (EINVAL); 1707c478bd9Sstevel@tonic-gate /* 1717c478bd9Sstevel@tonic-gate * NULL output buffer is also a pretty easy bail out. 1727c478bd9Sstevel@tonic-gate */ 1737c478bd9Sstevel@tonic-gate if (aclbufp == NULL) 1747c478bd9Sstevel@tonic-gate return (EFAULT); 1757c478bd9Sstevel@tonic-gate vsecattr.vsa_mask = VSA_ACL | VSA_ACLCNT | VSA_DFACL | 1767c478bd9Sstevel@tonic-gate VSA_DFACLCNT; 177*da6c28aaSamw if (error = VOP_GETSECATTR(vp, &vsecattr, 0, CRED(), NULL)) 1787c478bd9Sstevel@tonic-gate return (error); 1797c478bd9Sstevel@tonic-gate /* Check user's buffer is big enough */ 1807c478bd9Sstevel@tonic-gate numacls = vsecattr.vsa_aclcnt + vsecattr.vsa_dfaclcnt; 1817c478bd9Sstevel@tonic-gate aclbsize = vsecattr.vsa_aclcnt * sizeof (aclent_t); 1827c478bd9Sstevel@tonic-gate dfaclbsize = vsecattr.vsa_dfaclcnt * sizeof (aclent_t); 1837c478bd9Sstevel@tonic-gate if (numacls > nentries) { 1847c478bd9Sstevel@tonic-gate error = ENOSPC; 1857c478bd9Sstevel@tonic-gate goto errout; 1867c478bd9Sstevel@tonic-gate } 1877c478bd9Sstevel@tonic-gate /* Sort the acl & default acl lists */ 1887c478bd9Sstevel@tonic-gate if (vsecattr.vsa_aclcnt > 1) 1897c478bd9Sstevel@tonic-gate ksort((caddr_t)vsecattr.vsa_aclentp, 1907c478bd9Sstevel@tonic-gate vsecattr.vsa_aclcnt, sizeof (aclent_t), cmp2acls); 1917c478bd9Sstevel@tonic-gate if (vsecattr.vsa_dfaclcnt > 1) 1927c478bd9Sstevel@tonic-gate ksort((caddr_t)vsecattr.vsa_dfaclentp, 1937c478bd9Sstevel@tonic-gate vsecattr.vsa_dfaclcnt, sizeof (aclent_t), cmp2acls); 1947c478bd9Sstevel@tonic-gate /* Copy out acl's */ 1957c478bd9Sstevel@tonic-gate uaddrp = (caddr_t)aclbufp; 1967c478bd9Sstevel@tonic-gate if (aclbsize > 0) { /* bug #1262490 */ 1977c478bd9Sstevel@tonic-gate if (copyout(vsecattr.vsa_aclentp, uaddrp, aclbsize)) { 1987c478bd9Sstevel@tonic-gate error = EFAULT; 1997c478bd9Sstevel@tonic-gate goto errout; 2007c478bd9Sstevel@tonic-gate } 2017c478bd9Sstevel@tonic-gate } 2027c478bd9Sstevel@tonic-gate /* Copy out default acl's */ 2037c478bd9Sstevel@tonic-gate if (dfaclbsize > 0) { 2047c478bd9Sstevel@tonic-gate uaddrp += aclbsize; 2057c478bd9Sstevel@tonic-gate if (copyout(vsecattr.vsa_dfaclentp, 2067c478bd9Sstevel@tonic-gate uaddrp, dfaclbsize)) { 2077c478bd9Sstevel@tonic-gate error = EFAULT; 2087c478bd9Sstevel@tonic-gate goto errout; 2097c478bd9Sstevel@tonic-gate } 2107c478bd9Sstevel@tonic-gate } 2117c478bd9Sstevel@tonic-gate *rv = numacls; 2127c478bd9Sstevel@tonic-gate if (vsecattr.vsa_aclcnt) { 2137c478bd9Sstevel@tonic-gate kmem_free(vsecattr.vsa_aclentp, 2147c478bd9Sstevel@tonic-gate vsecattr.vsa_aclcnt * sizeof (aclent_t)); 2157c478bd9Sstevel@tonic-gate } 2167c478bd9Sstevel@tonic-gate if (vsecattr.vsa_dfaclcnt) { 2177c478bd9Sstevel@tonic-gate kmem_free(vsecattr.vsa_dfaclentp, 2187c478bd9Sstevel@tonic-gate vsecattr.vsa_dfaclcnt * sizeof (aclent_t)); 2197c478bd9Sstevel@tonic-gate } 2207c478bd9Sstevel@tonic-gate break; 2217c478bd9Sstevel@tonic-gate 2227c478bd9Sstevel@tonic-gate case ACE_GETACL: 2237c478bd9Sstevel@tonic-gate if (aclbufp == NULL) 2247c478bd9Sstevel@tonic-gate return (EFAULT); 2257c478bd9Sstevel@tonic-gate 2267c478bd9Sstevel@tonic-gate vsecattr.vsa_mask = VSA_ACE | VSA_ACECNT; 227*da6c28aaSamw if (error = VOP_GETSECATTR(vp, &vsecattr, 0, CRED(), NULL)) 2287c478bd9Sstevel@tonic-gate return (error); 2297c478bd9Sstevel@tonic-gate 2307c478bd9Sstevel@tonic-gate aclbsize = vsecattr.vsa_aclcnt * sizeof (ace_t); 2317c478bd9Sstevel@tonic-gate if (vsecattr.vsa_aclcnt > nentries) { 2327c478bd9Sstevel@tonic-gate error = ENOSPC; 2337c478bd9Sstevel@tonic-gate goto errout; 2347c478bd9Sstevel@tonic-gate } 2357c478bd9Sstevel@tonic-gate 2367c478bd9Sstevel@tonic-gate if (aclbsize > 0) { 2377c478bd9Sstevel@tonic-gate if ((error = copyout(vsecattr.vsa_aclentp, 2387c478bd9Sstevel@tonic-gate aclbufp, aclbsize)) != 0) { 2397c478bd9Sstevel@tonic-gate goto errout; 2407c478bd9Sstevel@tonic-gate } 2417c478bd9Sstevel@tonic-gate } 2427c478bd9Sstevel@tonic-gate 2437c478bd9Sstevel@tonic-gate *rv = vsecattr.vsa_aclcnt; 2447c478bd9Sstevel@tonic-gate if (vsecattr.vsa_aclcnt) { 245*da6c28aaSamw kmem_free(vsecattr.vsa_aclentp, vsecattr.vsa_aclentsz); 2467c478bd9Sstevel@tonic-gate } 2477c478bd9Sstevel@tonic-gate break; 2487c478bd9Sstevel@tonic-gate 2497c478bd9Sstevel@tonic-gate case SETACL: 2507c478bd9Sstevel@tonic-gate /* 2517c478bd9Sstevel@tonic-gate * Minimum ACL size is three entries so might as well 2527c478bd9Sstevel@tonic-gate * bail out here. Also limit request size to prevent user 2537c478bd9Sstevel@tonic-gate * from allocating too much kernel memory. Maximum size 2547c478bd9Sstevel@tonic-gate * is MAX_ACL_ENTRIES for the ACL part and MAX_ACL_ENTRIES 2557c478bd9Sstevel@tonic-gate * for the default ACL part. (bug 4058667) 2567c478bd9Sstevel@tonic-gate */ 2577c478bd9Sstevel@tonic-gate if (nentries < 3 || nentries > (MAX_ACL_ENTRIES * 2)) 2587c478bd9Sstevel@tonic-gate return (EINVAL); 2597c478bd9Sstevel@tonic-gate /* 2607c478bd9Sstevel@tonic-gate * NULL output buffer is also an easy bail out. 2617c478bd9Sstevel@tonic-gate */ 2627c478bd9Sstevel@tonic-gate if (aclbufp == NULL) 2637c478bd9Sstevel@tonic-gate return (EFAULT); 2647c478bd9Sstevel@tonic-gate vsecattr.vsa_mask = VSA_ACL; 2657c478bd9Sstevel@tonic-gate aclbsize = nentries * sizeof (aclent_t); 2667c478bd9Sstevel@tonic-gate vsecattr.vsa_aclentp = kmem_alloc(aclbsize, KM_SLEEP); 2677c478bd9Sstevel@tonic-gate aaclp = vsecattr.vsa_aclentp; 2687c478bd9Sstevel@tonic-gate vsecattr.vsa_aclcnt = nentries; 2697c478bd9Sstevel@tonic-gate uaddrp = (caddr_t)aclbufp; 2707c478bd9Sstevel@tonic-gate if (copyin(uaddrp, vsecattr.vsa_aclentp, aclbsize)) { 2717c478bd9Sstevel@tonic-gate kmem_free(aaclp, aclbsize); 2727c478bd9Sstevel@tonic-gate return (EFAULT); 2737c478bd9Sstevel@tonic-gate } 2747c478bd9Sstevel@tonic-gate /* Sort the acl list */ 2757c478bd9Sstevel@tonic-gate ksort((caddr_t)vsecattr.vsa_aclentp, 2767c478bd9Sstevel@tonic-gate vsecattr.vsa_aclcnt, sizeof (aclent_t), cmp2acls); 2777c478bd9Sstevel@tonic-gate 2787c478bd9Sstevel@tonic-gate /* Break into acl and default acl lists */ 2797c478bd9Sstevel@tonic-gate for (numacls = 0, aclp = vsecattr.vsa_aclentp; 2807c478bd9Sstevel@tonic-gate numacls < vsecattr.vsa_aclcnt; 2817c478bd9Sstevel@tonic-gate aclp++, numacls++) { 2827c478bd9Sstevel@tonic-gate if (aclp->a_type & ACL_DEFAULT) 2837c478bd9Sstevel@tonic-gate break; 2847c478bd9Sstevel@tonic-gate } 2857c478bd9Sstevel@tonic-gate 2867c478bd9Sstevel@tonic-gate /* Find where defaults start (if any) */ 2877c478bd9Sstevel@tonic-gate if (numacls < vsecattr.vsa_aclcnt) { 2887c478bd9Sstevel@tonic-gate vsecattr.vsa_mask |= VSA_DFACL; 2897c478bd9Sstevel@tonic-gate vsecattr.vsa_dfaclcnt = nentries - numacls; 2907c478bd9Sstevel@tonic-gate vsecattr.vsa_dfaclentp = aclp; 2917c478bd9Sstevel@tonic-gate vsecattr.vsa_aclcnt = numacls; 2927c478bd9Sstevel@tonic-gate } 2937c478bd9Sstevel@tonic-gate /* Adjust if they're all defaults */ 2947c478bd9Sstevel@tonic-gate if (vsecattr.vsa_aclcnt == 0) { 2957c478bd9Sstevel@tonic-gate vsecattr.vsa_mask &= ~VSA_ACL; 2967c478bd9Sstevel@tonic-gate vsecattr.vsa_aclentp = NULL; 2977c478bd9Sstevel@tonic-gate } 2987c478bd9Sstevel@tonic-gate /* Only directories can have defaults */ 2997c478bd9Sstevel@tonic-gate if (vsecattr.vsa_dfaclcnt && vp->v_type != VDIR) { 3007c478bd9Sstevel@tonic-gate kmem_free(aaclp, aclbsize); 3017c478bd9Sstevel@tonic-gate return (ENOTDIR); 3027c478bd9Sstevel@tonic-gate } 3037c478bd9Sstevel@tonic-gate (void) VOP_RWLOCK(vp, V_WRITELOCK_TRUE, NULL); 304*da6c28aaSamw if (error = VOP_SETSECATTR(vp, &vsecattr, 0, CRED(), NULL)) { 3057c478bd9Sstevel@tonic-gate kmem_free(aaclp, aclbsize); 3067c478bd9Sstevel@tonic-gate VOP_RWUNLOCK(vp, V_WRITELOCK_TRUE, NULL); 3077c478bd9Sstevel@tonic-gate return (error); 3087c478bd9Sstevel@tonic-gate } 3097c478bd9Sstevel@tonic-gate 3107c478bd9Sstevel@tonic-gate /* 3117c478bd9Sstevel@tonic-gate * Should return 0 upon success according to the man page 3127c478bd9Sstevel@tonic-gate * and SVR4 semantics. (Bug #1214399: SETACL returns wrong rc) 3137c478bd9Sstevel@tonic-gate */ 3147c478bd9Sstevel@tonic-gate *rv = 0; 3157c478bd9Sstevel@tonic-gate kmem_free(aaclp, aclbsize); 3167c478bd9Sstevel@tonic-gate VOP_RWUNLOCK(vp, V_WRITELOCK_TRUE, NULL); 3177c478bd9Sstevel@tonic-gate break; 3187c478bd9Sstevel@tonic-gate 3197c478bd9Sstevel@tonic-gate case ACE_SETACL: 32049299f42Smarks if (nentries < 1 || nentries > MAX_ACL_ENTRIES) 3217c478bd9Sstevel@tonic-gate return (EINVAL); 3227c478bd9Sstevel@tonic-gate 3237c478bd9Sstevel@tonic-gate if (aclbufp == NULL) 3247c478bd9Sstevel@tonic-gate return (EFAULT); 3257c478bd9Sstevel@tonic-gate 3267c478bd9Sstevel@tonic-gate vsecattr.vsa_mask = VSA_ACE; 3277c478bd9Sstevel@tonic-gate aclbsize = nentries * sizeof (ace_t); 3287c478bd9Sstevel@tonic-gate vsecattr.vsa_aclentp = kmem_alloc(aclbsize, KM_SLEEP); 3297c478bd9Sstevel@tonic-gate aaclp = vsecattr.vsa_aclentp; 3307c478bd9Sstevel@tonic-gate vsecattr.vsa_aclcnt = nentries; 331*da6c28aaSamw vsecattr.vsa_aclentsz = aclbsize; 3327c478bd9Sstevel@tonic-gate uaddrp = (caddr_t)aclbufp; 3337c478bd9Sstevel@tonic-gate if (copyin(uaddrp, vsecattr.vsa_aclentp, aclbsize)) { 3347c478bd9Sstevel@tonic-gate kmem_free(aaclp, aclbsize); 3357c478bd9Sstevel@tonic-gate return (EFAULT); 3367c478bd9Sstevel@tonic-gate } 3377c478bd9Sstevel@tonic-gate (void) VOP_RWLOCK(vp, V_WRITELOCK_TRUE, NULL); 338*da6c28aaSamw if (error = VOP_SETSECATTR(vp, &vsecattr, 0, CRED(), NULL)) { 3397c478bd9Sstevel@tonic-gate kmem_free(aaclp, aclbsize); 3407c478bd9Sstevel@tonic-gate VOP_RWUNLOCK(vp, V_WRITELOCK_TRUE, NULL); 3417c478bd9Sstevel@tonic-gate return (error); 3427c478bd9Sstevel@tonic-gate } 3437c478bd9Sstevel@tonic-gate *rv = 0; 3447c478bd9Sstevel@tonic-gate kmem_free(aaclp, aclbsize); 3457c478bd9Sstevel@tonic-gate VOP_RWUNLOCK(vp, V_WRITELOCK_TRUE, NULL); 3467c478bd9Sstevel@tonic-gate break; 3477c478bd9Sstevel@tonic-gate 3487c478bd9Sstevel@tonic-gate default: 3497c478bd9Sstevel@tonic-gate return (EINVAL); 3507c478bd9Sstevel@tonic-gate } 3517c478bd9Sstevel@tonic-gate 3527c478bd9Sstevel@tonic-gate return (0); 3537c478bd9Sstevel@tonic-gate 3547c478bd9Sstevel@tonic-gate errout: 3557c478bd9Sstevel@tonic-gate if (aclbsize && vsecattr.vsa_aclentp) 3567c478bd9Sstevel@tonic-gate kmem_free(vsecattr.vsa_aclentp, aclbsize); 3577c478bd9Sstevel@tonic-gate if (dfaclbsize && vsecattr.vsa_dfaclentp) 3587c478bd9Sstevel@tonic-gate kmem_free(vsecattr.vsa_dfaclentp, dfaclbsize); 3597c478bd9Sstevel@tonic-gate return (error); 3607c478bd9Sstevel@tonic-gate } 361