17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5ee519a1fSgjelinek * Common Development and Distribution License (the "License"). 6ee519a1fSgjelinek * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22*bf8b6031Smarks * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 277c478bd9Sstevel@tonic-gate /*LINTLIBRARY*/ 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate #include <grp.h> 307c478bd9Sstevel@tonic-gate #include <pwd.h> 317c478bd9Sstevel@tonic-gate #include <string.h> 327c478bd9Sstevel@tonic-gate #include <limits.h> 337c478bd9Sstevel@tonic-gate #include <stdlib.h> 34fa9e4066Sahrens #include <errno.h> 357c478bd9Sstevel@tonic-gate #include <sys/param.h> 367c478bd9Sstevel@tonic-gate #include <sys/types.h> 375a5eeccaSmarks #include <sys/stat.h> 387c478bd9Sstevel@tonic-gate #include <sys/acl.h> 39fa9e4066Sahrens #include <aclutils.h> 40fa9e4066Sahrens 415a5eeccaSmarks #define ID_STR_MAX 20 /* digits in LONG_MAX */ 425a5eeccaSmarks 435a5eeccaSmarks #define APPENDED_ID_MAX ID_STR_MAX + 1 /* id + colon */ 445a5eeccaSmarks /* 455a5eeccaSmarks * yyinteractive controls whether yyparse should print out 465a5eeccaSmarks * error messages to stderr, and whether or not id's should be 475a5eeccaSmarks * allowed from acl_fromtext(). 485a5eeccaSmarks */ 495a5eeccaSmarks int yyinteractive; 505a5eeccaSmarks acl_t *yyacl; 515a5eeccaSmarks char *yybuf; 52fa9e4066Sahrens 53fa9e4066Sahrens extern acl_t *acl_alloc(enum acl_type); 547c478bd9Sstevel@tonic-gate 5511e32170Shm123892 567c478bd9Sstevel@tonic-gate struct dynaclstr { 577c478bd9Sstevel@tonic-gate size_t bufsize; /* current size of aclexport */ 587c478bd9Sstevel@tonic-gate char *aclexport; 597c478bd9Sstevel@tonic-gate }; 607c478bd9Sstevel@tonic-gate 617c478bd9Sstevel@tonic-gate static char *strappend(char *, char *); 627c478bd9Sstevel@tonic-gate static char *convert_perm(char *, o_mode_t); 637c478bd9Sstevel@tonic-gate static int increase_length(struct dynaclstr *, size_t); 647c478bd9Sstevel@tonic-gate 655a5eeccaSmarks static void 665a5eeccaSmarks aclent_perms(int perm, char *txt_perms) 67fa9e4066Sahrens { 685a5eeccaSmarks if (perm & S_IROTH) 695a5eeccaSmarks txt_perms[0] = 'r'; 705a5eeccaSmarks else 715a5eeccaSmarks txt_perms[0] = '-'; 725a5eeccaSmarks if (perm & S_IWOTH) 735a5eeccaSmarks txt_perms[1] = 'w'; 745a5eeccaSmarks else 755a5eeccaSmarks txt_perms[1] = '-'; 765a5eeccaSmarks if (perm & S_IXOTH) 775a5eeccaSmarks txt_perms[2] = 'x'; 785a5eeccaSmarks else 795a5eeccaSmarks txt_perms[2] = '-'; 805a5eeccaSmarks txt_perms[3] = '\0'; 815a5eeccaSmarks } 82fa9e4066Sahrens 835a5eeccaSmarks static char * 84afe1f701Smarks pruname(uid_t uid, char *uidp, size_t buflen, int noresolve) 855a5eeccaSmarks { 8645a17f45Sgjelinek struct passwd *passwdp = NULL; 87fa9e4066Sahrens 8845a17f45Sgjelinek if (noresolve == 0) 895a5eeccaSmarks passwdp = getpwuid(uid); 905a5eeccaSmarks if (passwdp == (struct passwd *)NULL) { 915a5eeccaSmarks /* could not get passwd information: display uid instead */ 92f48205beScasper (void) snprintf(uidp, buflen, "%u", uid); 93afe1f701Smarks } else { 94afe1f701Smarks (void) strlcpy(uidp, passwdp->pw_name, buflen); 95afe1f701Smarks } 965a5eeccaSmarks return (uidp); 975a5eeccaSmarks } 98fa9e4066Sahrens 995a5eeccaSmarks static char * 100afe1f701Smarks prgname(gid_t gid, char *gidp, size_t buflen, int noresolve) 1015a5eeccaSmarks { 10245a17f45Sgjelinek struct group *groupp = NULL; 103fa9e4066Sahrens 10445a17f45Sgjelinek if (noresolve == 0) 1055a5eeccaSmarks groupp = getgrgid(gid); 1065a5eeccaSmarks if (groupp == (struct group *)NULL) { 1075a5eeccaSmarks /* could not get group information: display gid instead */ 108f48205beScasper (void) snprintf(gidp, buflen, "%u", gid); 109afe1f701Smarks } else { 110afe1f701Smarks (void) strlcpy(gidp, groupp->gr_name, buflen); 111afe1f701Smarks } 1125a5eeccaSmarks return (gidp); 1135a5eeccaSmarks } 1145a5eeccaSmarks static void 1155a5eeccaSmarks aclent_printacl(acl_t *aclp) 1165a5eeccaSmarks { 1175a5eeccaSmarks aclent_t *tp; 1185a5eeccaSmarks int aclcnt; 1195a5eeccaSmarks int mask; 1205a5eeccaSmarks int slot = 0; 1215a5eeccaSmarks char perm[4]; 122afe1f701Smarks char uidp[ID_STR_MAX]; 123afe1f701Smarks char gidp[ID_STR_MAX]; 1245a5eeccaSmarks 1255a5eeccaSmarks /* display ACL: assume it is sorted. */ 1265a5eeccaSmarks aclcnt = aclp->acl_cnt; 1275a5eeccaSmarks for (tp = aclp->acl_aclp; tp && aclcnt--; tp++) { 1285a5eeccaSmarks if (tp->a_type == CLASS_OBJ) 1295a5eeccaSmarks mask = tp->a_perm; 1305a5eeccaSmarks } 1315a5eeccaSmarks aclcnt = aclp->acl_cnt; 1325a5eeccaSmarks for (tp = aclp->acl_aclp; aclcnt--; tp++) { 1335a5eeccaSmarks (void) printf(" %d:", slot++); 1345a5eeccaSmarks switch (tp->a_type) { 1355a5eeccaSmarks case USER: 1365a5eeccaSmarks aclent_perms(tp->a_perm, perm); 1375a5eeccaSmarks (void) printf("user:%s:%s\t\t", 138afe1f701Smarks pruname(tp->a_id, uidp, sizeof (uidp), 0), perm); 1395a5eeccaSmarks aclent_perms((tp->a_perm & mask), perm); 1405a5eeccaSmarks (void) printf("#effective:%s\n", perm); 1415a5eeccaSmarks break; 1425a5eeccaSmarks case USER_OBJ: 1435a5eeccaSmarks /* no need to display uid */ 1445a5eeccaSmarks aclent_perms(tp->a_perm, perm); 1455a5eeccaSmarks (void) printf("user::%s\n", perm); 1465a5eeccaSmarks break; 1475a5eeccaSmarks case GROUP: 1485a5eeccaSmarks aclent_perms(tp->a_perm, perm); 1495a5eeccaSmarks (void) printf("group:%s:%s\t\t", 150afe1f701Smarks prgname(tp->a_id, gidp, sizeof (gidp), 0), perm); 1515a5eeccaSmarks aclent_perms(tp->a_perm & mask, perm); 1525a5eeccaSmarks (void) printf("#effective:%s\n", perm); 1535a5eeccaSmarks break; 1545a5eeccaSmarks case GROUP_OBJ: 1555a5eeccaSmarks aclent_perms(tp->a_perm, perm); 1565a5eeccaSmarks (void) printf("group::%s\t\t", perm); 1575a5eeccaSmarks aclent_perms(tp->a_perm & mask, perm); 1585a5eeccaSmarks (void) printf("#effective:%s\n", perm); 1595a5eeccaSmarks break; 1605a5eeccaSmarks case CLASS_OBJ: 1615a5eeccaSmarks aclent_perms(tp->a_perm, perm); 1625a5eeccaSmarks (void) printf("mask:%s\n", perm); 1635a5eeccaSmarks break; 1645a5eeccaSmarks case OTHER_OBJ: 1655a5eeccaSmarks aclent_perms(tp->a_perm, perm); 1665a5eeccaSmarks (void) printf("other:%s\n", perm); 1675a5eeccaSmarks break; 1685a5eeccaSmarks case DEF_USER: 1695a5eeccaSmarks aclent_perms(tp->a_perm, perm); 1705a5eeccaSmarks (void) printf("default:user:%s:%s\n", 171afe1f701Smarks pruname(tp->a_id, uidp, sizeof (uidp), 0), perm); 1725a5eeccaSmarks break; 1735a5eeccaSmarks case DEF_USER_OBJ: 1745a5eeccaSmarks aclent_perms(tp->a_perm, perm); 1755a5eeccaSmarks (void) printf("default:user::%s\n", perm); 1765a5eeccaSmarks break; 1775a5eeccaSmarks case DEF_GROUP: 1785a5eeccaSmarks aclent_perms(tp->a_perm, perm); 1795a5eeccaSmarks (void) printf("default:group:%s:%s\n", 180afe1f701Smarks prgname(tp->a_id, gidp, sizeof (gidp), 0), perm); 1815a5eeccaSmarks break; 1825a5eeccaSmarks case DEF_GROUP_OBJ: 1835a5eeccaSmarks aclent_perms(tp->a_perm, perm); 1845a5eeccaSmarks (void) printf("default:group::%s\n", perm); 1855a5eeccaSmarks break; 1865a5eeccaSmarks case DEF_CLASS_OBJ: 1875a5eeccaSmarks aclent_perms(tp->a_perm, perm); 1885a5eeccaSmarks (void) printf("default:mask:%s\n", perm); 1895a5eeccaSmarks break; 1905a5eeccaSmarks case DEF_OTHER_OBJ: 1915a5eeccaSmarks aclent_perms(tp->a_perm, perm); 1925a5eeccaSmarks (void) printf("default:other:%s\n", perm); 1935a5eeccaSmarks break; 1945a5eeccaSmarks default: 1955a5eeccaSmarks (void) fprintf(stderr, 1965b233e2dSmarks dgettext(TEXT_DOMAIN, "unrecognized entry\n")); 1975a5eeccaSmarks break; 1985a5eeccaSmarks } 1995a5eeccaSmarks } 2005a5eeccaSmarks } 2015a5eeccaSmarks 2025a5eeccaSmarks static void 2035a5eeccaSmarks split_line(char *str, int cols) 2045a5eeccaSmarks { 2055a5eeccaSmarks char *ptr; 2065a5eeccaSmarks int len; 2075a5eeccaSmarks int i; 2085a5eeccaSmarks int last_split; 2095a5eeccaSmarks char *pad = ""; 2105a5eeccaSmarks int pad_len; 2115a5eeccaSmarks 2125a5eeccaSmarks len = strlen(str); 2135a5eeccaSmarks ptr = str; 2145a5eeccaSmarks pad_len = 0; 2155a5eeccaSmarks 2165a5eeccaSmarks ptr = str; 2175a5eeccaSmarks last_split = 0; 2185a5eeccaSmarks for (i = 0; i != len; i++) { 2195a5eeccaSmarks if ((i + pad_len + 4) >= cols) { 2205a5eeccaSmarks (void) printf("%s%.*s\n", pad, last_split, ptr); 2215a5eeccaSmarks ptr = &ptr[last_split]; 2225a5eeccaSmarks len = strlen(ptr); 2235a5eeccaSmarks i = 0; 2245a5eeccaSmarks pad_len = 4; 2255a5eeccaSmarks pad = " "; 2265a5eeccaSmarks } else { 2275a5eeccaSmarks if (ptr[i] == '/' || ptr[i] == ':') { 2285a5eeccaSmarks last_split = i; 2295a5eeccaSmarks } 2305a5eeccaSmarks } 2315a5eeccaSmarks } 2325a5eeccaSmarks if (i == len) { 2335a5eeccaSmarks (void) printf("%s%s\n", pad, ptr); 2345a5eeccaSmarks } 2355a5eeccaSmarks } 2365a5eeccaSmarks 2375a5eeccaSmarks char * 23845a17f45Sgjelinek ace_type_txt(char *buf, char **endp, ace_t *acep, int flags) 2395a5eeccaSmarks { 2405a5eeccaSmarks 241afe1f701Smarks char idp[ID_STR_MAX]; 2425a5eeccaSmarks 2435a5eeccaSmarks if (buf == NULL) 2445a5eeccaSmarks return (NULL); 2455a5eeccaSmarks 2465a5eeccaSmarks switch (acep->a_flags & ACE_TYPE_FLAGS) { 2475a5eeccaSmarks case ACE_OWNER: 2485a5eeccaSmarks strcpy(buf, OWNERAT_TXT); 2495a5eeccaSmarks *endp = buf + sizeof (OWNERAT_TXT) - 1; 2505a5eeccaSmarks break; 2515a5eeccaSmarks 2525a5eeccaSmarks case ACE_GROUP|ACE_IDENTIFIER_GROUP: 2535a5eeccaSmarks strcpy(buf, GROUPAT_TXT); 2545a5eeccaSmarks *endp = buf + sizeof (GROUPAT_TXT) - 1; 2555a5eeccaSmarks break; 2565a5eeccaSmarks 2575a5eeccaSmarks case ACE_IDENTIFIER_GROUP: 2585a5eeccaSmarks strcpy(buf, GROUP_TXT); 259afe1f701Smarks strcat(buf, prgname(acep->a_who, idp, 260afe1f701Smarks sizeof (idp), flags & ACL_NORESOLVE)); 2615a5eeccaSmarks *endp = buf + strlen(buf); 2625a5eeccaSmarks break; 2635a5eeccaSmarks 2645a5eeccaSmarks case ACE_EVERYONE: 2655a5eeccaSmarks strcpy(buf, EVERYONEAT_TXT); 2665a5eeccaSmarks *endp = buf + sizeof (EVERYONEAT_TXT) - 1; 2675a5eeccaSmarks break; 2685a5eeccaSmarks 2695a5eeccaSmarks case 0: 2705a5eeccaSmarks strcpy(buf, USER_TXT); 271afe1f701Smarks strcat(buf, pruname(acep->a_who, idp, 272afe1f701Smarks sizeof (idp), flags & ACL_NORESOLVE)); 2735a5eeccaSmarks *endp = buf + strlen(buf); 2745a5eeccaSmarks break; 2755a5eeccaSmarks } 2765a5eeccaSmarks 2775a5eeccaSmarks return (buf); 2785a5eeccaSmarks } 2795a5eeccaSmarks 2805a5eeccaSmarks char * 2815a5eeccaSmarks ace_perm_txt(char *buf, char **endp, uint32_t mask, 2825a5eeccaSmarks uint32_t iflags, int isdir, int flags) 2835a5eeccaSmarks { 2845a5eeccaSmarks char *lend = buf; /* local end */ 2855a5eeccaSmarks 2865a5eeccaSmarks if (buf == NULL) 2875a5eeccaSmarks return (NULL); 2885a5eeccaSmarks 2895a5eeccaSmarks if (flags & ACL_COMPACT_FMT) { 2905a5eeccaSmarks 2915a5eeccaSmarks if (mask & ACE_READ_DATA) 2925a5eeccaSmarks buf[0] = 'r'; 2935a5eeccaSmarks else 2945a5eeccaSmarks buf[0] = '-'; 2955a5eeccaSmarks if (mask & ACE_WRITE_DATA) 2965a5eeccaSmarks buf[1] = 'w'; 2975a5eeccaSmarks else 2985a5eeccaSmarks buf[1] = '-'; 2995a5eeccaSmarks if (mask & ACE_EXECUTE) 3005a5eeccaSmarks buf[2] = 'x'; 3015a5eeccaSmarks else 3025a5eeccaSmarks buf[2] = '-'; 3035a5eeccaSmarks if (mask & ACE_APPEND_DATA) 3045a5eeccaSmarks buf[3] = 'p'; 3055a5eeccaSmarks else 3065a5eeccaSmarks buf[3] = '-'; 3075a5eeccaSmarks if (mask & ACE_DELETE) 3085a5eeccaSmarks buf[4] = 'd'; 3095a5eeccaSmarks else 3105a5eeccaSmarks buf[4] = '-'; 3115a5eeccaSmarks if (mask & ACE_DELETE_CHILD) 3125a5eeccaSmarks buf[5] = 'D'; 3135a5eeccaSmarks else 3145a5eeccaSmarks buf[5] = '-'; 3155a5eeccaSmarks if (mask & ACE_READ_ATTRIBUTES) 3165a5eeccaSmarks buf[6] = 'a'; 3175a5eeccaSmarks else 3185a5eeccaSmarks buf[6] = '-'; 3195a5eeccaSmarks if (mask & ACE_WRITE_ATTRIBUTES) 3205a5eeccaSmarks buf[7] = 'A'; 3215a5eeccaSmarks else 3225a5eeccaSmarks buf[7] = '-'; 3235a5eeccaSmarks if (mask & ACE_READ_NAMED_ATTRS) 3245a5eeccaSmarks buf[8] = 'R'; 3255a5eeccaSmarks else 3265a5eeccaSmarks buf[8] = '-'; 3275a5eeccaSmarks if (mask & ACE_WRITE_NAMED_ATTRS) 3285a5eeccaSmarks buf[9] = 'W'; 3295a5eeccaSmarks else 3305a5eeccaSmarks buf[9] = '-'; 3315a5eeccaSmarks if (mask & ACE_READ_ACL) 3325a5eeccaSmarks buf[10] = 'c'; 3335a5eeccaSmarks else 3345a5eeccaSmarks buf[10] = '-'; 3355a5eeccaSmarks if (mask & ACE_WRITE_ACL) 3365a5eeccaSmarks buf[11] = 'C'; 3375a5eeccaSmarks else 3385a5eeccaSmarks buf[11] = '-'; 3395a5eeccaSmarks if (mask & ACE_WRITE_OWNER) 3405a5eeccaSmarks buf[12] = 'o'; 3415a5eeccaSmarks else 3425a5eeccaSmarks buf[12] = '-'; 3435a5eeccaSmarks if (mask & ACE_SYNCHRONIZE) 3445a5eeccaSmarks buf[13] = 's'; 3455a5eeccaSmarks else 3465a5eeccaSmarks buf[13] = '-'; 3475a5eeccaSmarks buf[14] = '\0'; 3485a5eeccaSmarks *endp = buf + 14; 3495a5eeccaSmarks return (buf); 3505a5eeccaSmarks } else { 3515a5eeccaSmarks /* 3525a5eeccaSmarks * If ACE is a directory, but inheritance indicates its 3535a5eeccaSmarks * for a file then print permissions for file rather than 3545a5eeccaSmarks * dir. 3555a5eeccaSmarks */ 3565a5eeccaSmarks if (isdir) { 3575a5eeccaSmarks if (mask & ACE_LIST_DIRECTORY) { 3585a5eeccaSmarks if (iflags == ACE_FILE_INHERIT_ACE) { 3595a5eeccaSmarks strcpy(lend, READ_DATA_TXT); 3605a5eeccaSmarks lend += sizeof (READ_DATA_TXT) - 1; 3615a5eeccaSmarks } else { 3625a5eeccaSmarks strcpy(lend, READ_DIR_TXT); 3635a5eeccaSmarks lend += sizeof (READ_DIR_TXT) - 1; 3645a5eeccaSmarks } 3655a5eeccaSmarks } 3665a5eeccaSmarks if (mask & ACE_ADD_FILE) { 3675a5eeccaSmarks if (iflags == ACE_FILE_INHERIT_ACE) { 3685a5eeccaSmarks strcpy(lend, WRITE_DATA_TXT); 3695a5eeccaSmarks lend += sizeof (WRITE_DATA_TXT) - 1; 3705a5eeccaSmarks } else { 3715a5eeccaSmarks strcpy(lend, ADD_FILE_TXT); 3725a5eeccaSmarks lend += 3735a5eeccaSmarks sizeof (ADD_FILE_TXT) -1; 3745a5eeccaSmarks } 3755a5eeccaSmarks } 3765a5eeccaSmarks if (mask & ACE_ADD_SUBDIRECTORY) { 3775a5eeccaSmarks if (iflags == ACE_FILE_INHERIT_ACE) { 3785a5eeccaSmarks strcpy(lend, APPEND_DATA_TXT); 3795a5eeccaSmarks lend += sizeof (APPEND_DATA_TXT) - 1; 3805a5eeccaSmarks } else { 3815a5eeccaSmarks strcpy(lend, ADD_DIR_TXT); 3825a5eeccaSmarks lend += sizeof (ADD_DIR_TXT) - 1; 3835a5eeccaSmarks } 3845a5eeccaSmarks } 3855a5eeccaSmarks } else { 3865a5eeccaSmarks if (mask & ACE_READ_DATA) { 3875a5eeccaSmarks strcpy(lend, READ_DATA_TXT); 3885a5eeccaSmarks lend += sizeof (READ_DATA_TXT) - 1; 3895a5eeccaSmarks } 3905a5eeccaSmarks if (mask & ACE_WRITE_DATA) { 3915a5eeccaSmarks strcpy(lend, WRITE_DATA_TXT); 3925a5eeccaSmarks lend += sizeof (WRITE_DATA_TXT) - 1; 3935a5eeccaSmarks } 3945a5eeccaSmarks if (mask & ACE_APPEND_DATA) { 3955a5eeccaSmarks strcpy(lend, APPEND_DATA_TXT); 3965a5eeccaSmarks lend += sizeof (APPEND_DATA_TXT) - 1; 3975a5eeccaSmarks } 3985a5eeccaSmarks } 3995a5eeccaSmarks if (mask & ACE_READ_NAMED_ATTRS) { 4005a5eeccaSmarks strcpy(lend, READ_XATTR_TXT); 4015a5eeccaSmarks lend += sizeof (READ_XATTR_TXT) - 1; 4025a5eeccaSmarks } 4035a5eeccaSmarks if (mask & ACE_WRITE_NAMED_ATTRS) { 4045a5eeccaSmarks strcpy(lend, WRITE_XATTR_TXT); 4055a5eeccaSmarks lend += sizeof (WRITE_XATTR_TXT) - 1; 4065a5eeccaSmarks } 4075a5eeccaSmarks if (mask & ACE_EXECUTE) { 4085a5eeccaSmarks strcpy(lend, EXECUTE_TXT); 4095a5eeccaSmarks lend += sizeof (EXECUTE_TXT) - 1; 4105a5eeccaSmarks } 4115a5eeccaSmarks if (mask & ACE_DELETE_CHILD) { 4125a5eeccaSmarks strcpy(lend, DELETE_CHILD_TXT); 4135a5eeccaSmarks lend += sizeof (DELETE_CHILD_TXT) - 1; 4145a5eeccaSmarks } 4155a5eeccaSmarks if (mask & ACE_READ_ATTRIBUTES) { 4165a5eeccaSmarks strcpy(lend, READ_ATTRIBUTES_TXT); 4175a5eeccaSmarks lend += sizeof (READ_ATTRIBUTES_TXT) - 1; 4185a5eeccaSmarks } 4195a5eeccaSmarks if (mask & ACE_WRITE_ATTRIBUTES) { 4205a5eeccaSmarks strcpy(lend, WRITE_ATTRIBUTES_TXT); 4215a5eeccaSmarks lend += sizeof (WRITE_ATTRIBUTES_TXT) - 1; 4225a5eeccaSmarks } 4235a5eeccaSmarks if (mask & ACE_DELETE) { 4245a5eeccaSmarks strcpy(lend, DELETE_TXT); 4255a5eeccaSmarks lend += sizeof (DELETE_TXT) - 1; 4265a5eeccaSmarks } 4275a5eeccaSmarks if (mask & ACE_READ_ACL) { 4285a5eeccaSmarks strcpy(lend, READ_ACL_TXT); 4295a5eeccaSmarks lend += sizeof (READ_ACL_TXT) - 1; 4305a5eeccaSmarks } 4315a5eeccaSmarks if (mask & ACE_WRITE_ACL) { 4325a5eeccaSmarks strcpy(lend, WRITE_ACL_TXT); 4335a5eeccaSmarks lend += sizeof (WRITE_ACL_TXT) - 1; 4345a5eeccaSmarks } 4355a5eeccaSmarks if (mask & ACE_WRITE_OWNER) { 4365a5eeccaSmarks strcpy(lend, WRITE_OWNER_TXT); 4375a5eeccaSmarks lend += sizeof (WRITE_OWNER_TXT) - 1; 4385a5eeccaSmarks } 4395a5eeccaSmarks if (mask & ACE_SYNCHRONIZE) { 4405a5eeccaSmarks strcpy(lend, SYNCHRONIZE_TXT); 4415a5eeccaSmarks lend += sizeof (SYNCHRONIZE_TXT) - 1; 4425a5eeccaSmarks } 4435a5eeccaSmarks 4445a5eeccaSmarks if (*(lend - 1) == '/') 4455a5eeccaSmarks *--lend = '\0'; 4465a5eeccaSmarks } 4475a5eeccaSmarks 4485a5eeccaSmarks *endp = lend; 4495a5eeccaSmarks return (buf); 4505a5eeccaSmarks } 4515a5eeccaSmarks 4525a5eeccaSmarks char * 4535a5eeccaSmarks ace_access_txt(char *buf, char **endp, int type) 4545a5eeccaSmarks { 4555a5eeccaSmarks 4565a5eeccaSmarks if (buf == NULL) 4575a5eeccaSmarks return (NULL); 4585a5eeccaSmarks 4595a5eeccaSmarks if (type == ACE_ACCESS_ALLOWED_ACE_TYPE) { 4605a5eeccaSmarks strcpy(buf, ALLOW_TXT); 4615a5eeccaSmarks *endp += sizeof (ALLOW_TXT) - 1; 4625a5eeccaSmarks } else if (type == ACE_ACCESS_DENIED_ACE_TYPE) { 4635a5eeccaSmarks strcpy(buf, DENY_TXT); 4645a5eeccaSmarks *endp += sizeof (DENY_TXT) - 1; 4655a5eeccaSmarks } else if (type == ACE_SYSTEM_AUDIT_ACE_TYPE) { 4665a5eeccaSmarks strcpy(buf, AUDIT_TXT); 4675a5eeccaSmarks *endp += sizeof (AUDIT_TXT) - 1; 4685a5eeccaSmarks } else if (type == ACE_SYSTEM_ALARM_ACE_TYPE) { 4695a5eeccaSmarks strcpy(buf, ALARM_TXT); 4705a5eeccaSmarks *endp += sizeof (ALARM_TXT) - 1; 4715a5eeccaSmarks } else { 4725a5eeccaSmarks strcpy(buf, UNKNOWN_TXT); 4735a5eeccaSmarks *endp += sizeof (UNKNOWN_TXT) - 1; 4745a5eeccaSmarks } 4755a5eeccaSmarks 4765a5eeccaSmarks return (buf); 4775a5eeccaSmarks } 4785a5eeccaSmarks 4795a5eeccaSmarks static char * 4805a5eeccaSmarks ace_inherit_txt(char *buf, char **endp, uint32_t iflags, int flags) 4815a5eeccaSmarks { 4825a5eeccaSmarks 4835a5eeccaSmarks char *lend = buf; 4845a5eeccaSmarks 4855a5eeccaSmarks if (buf == NULL) { 4865a5eeccaSmarks return (NULL); 4875a5eeccaSmarks } 4885a5eeccaSmarks 4895a5eeccaSmarks if (flags & ACL_COMPACT_FMT) { 4905a5eeccaSmarks if (iflags & ACE_FILE_INHERIT_ACE) 4915a5eeccaSmarks buf[0] = 'f'; 4925a5eeccaSmarks else 4935a5eeccaSmarks buf[0] = '-'; 4945a5eeccaSmarks if (iflags & ACE_DIRECTORY_INHERIT_ACE) 4955a5eeccaSmarks buf[1] = 'd'; 4965a5eeccaSmarks else 4975a5eeccaSmarks buf[1] = '-'; 4985a5eeccaSmarks if (iflags & ACE_INHERIT_ONLY_ACE) 4995a5eeccaSmarks buf[2] = 'i'; 5005a5eeccaSmarks else 5015a5eeccaSmarks buf[2] = '-'; 5025a5eeccaSmarks if (iflags & ACE_NO_PROPAGATE_INHERIT_ACE) 5035a5eeccaSmarks buf[3] = 'n'; 5045a5eeccaSmarks else 5055a5eeccaSmarks buf[3] = '-'; 5065a5eeccaSmarks if (iflags & ACE_SUCCESSFUL_ACCESS_ACE_FLAG) 5075a5eeccaSmarks buf[4] = 'S'; 5085a5eeccaSmarks else 5095a5eeccaSmarks buf[4] = '-'; 5105a5eeccaSmarks if (iflags & ACE_FAILED_ACCESS_ACE_FLAG) 5115a5eeccaSmarks buf[5] = 'F'; 5125a5eeccaSmarks else 5135a5eeccaSmarks buf[5] = '-'; 514da6c28aaSamw if (iflags & ACE_INHERITED_ACE) 515da6c28aaSamw buf[6] = 'I'; 516da6c28aaSamw else 517da6c28aaSamw buf[6] = '-'; 518da6c28aaSamw buf[7] = '\0'; 519da6c28aaSamw *endp = buf + 7; 5205a5eeccaSmarks } else { 5215a5eeccaSmarks if (iflags & ACE_FILE_INHERIT_ACE) { 5225a5eeccaSmarks strcpy(lend, "file_inherit/"); 5235a5eeccaSmarks lend += sizeof ("file_inherit/") - 1; 5245a5eeccaSmarks } 5255a5eeccaSmarks if (iflags & ACE_DIRECTORY_INHERIT_ACE) { 5265a5eeccaSmarks strcpy(lend, "dir_inherit/"); 5275a5eeccaSmarks lend += sizeof ("dir_inherit/") - 1; 5285a5eeccaSmarks } 5295a5eeccaSmarks if (iflags & ACE_NO_PROPAGATE_INHERIT_ACE) { 5305a5eeccaSmarks strcpy(lend, "no_propagate/"); 5315a5eeccaSmarks lend += sizeof ("no_propagate/") - 1; 5325a5eeccaSmarks } 5335a5eeccaSmarks if (iflags & ACE_INHERIT_ONLY_ACE) { 5345a5eeccaSmarks strcpy(lend, "inherit_only/"); 5355a5eeccaSmarks lend += sizeof ("inherit_only/") - 1; 5365a5eeccaSmarks } 537da6c28aaSamw if (iflags & ACE_SUCCESSFUL_ACCESS_ACE_FLAG) { 538da6c28aaSamw strcpy(lend, "successful_access/"); 539da6c28aaSamw lend += sizeof ("successful_access/") - 1; 540da6c28aaSamw } 541da6c28aaSamw if (iflags & ACE_FAILED_ACCESS_ACE_FLAG) { 542da6c28aaSamw strcpy(lend, "failed_access/"); 543da6c28aaSamw lend += sizeof ("failed_access/") - 1; 544da6c28aaSamw } 545da6c28aaSamw if (iflags & ACE_INHERITED_ACE) { 546da6c28aaSamw strcpy(lend, "inherited/"); 547da6c28aaSamw lend += sizeof ("inherited/") - 1; 548da6c28aaSamw } 5495a5eeccaSmarks 5505a5eeccaSmarks if (*(lend - 1) == '/') 5515a5eeccaSmarks *--lend = '\0'; 5525a5eeccaSmarks *endp = lend; 5535a5eeccaSmarks } 5545a5eeccaSmarks 5555a5eeccaSmarks return (buf); 556fa9e4066Sahrens } 5577c478bd9Sstevel@tonic-gate 5587c478bd9Sstevel@tonic-gate /* 5597c478bd9Sstevel@tonic-gate * Convert internal acl representation to external representation. 5607c478bd9Sstevel@tonic-gate * 5617c478bd9Sstevel@tonic-gate * The length of a non-owning user name or non-owning group name ie entries 5627c478bd9Sstevel@tonic-gate * of type DEF_USER, USER, DEF_GROUP or GROUP, can exceed LOGNAME_MAX. We 5637c478bd9Sstevel@tonic-gate * thus check the length of these entries, and if greater than LOGNAME_MAX, 5647c478bd9Sstevel@tonic-gate * we realloc() via increase_length(). 5657c478bd9Sstevel@tonic-gate * 5667c478bd9Sstevel@tonic-gate * The LOGNAME_MAX, ENTRYTYPELEN and PERMS limits are otherwise always 5677c478bd9Sstevel@tonic-gate * adhered to. 5687c478bd9Sstevel@tonic-gate */ 5695a5eeccaSmarks 5705a5eeccaSmarks /* 5715a5eeccaSmarks * acltotext() converts each ACL entry to look like this: 5725a5eeccaSmarks * 5735a5eeccaSmarks * entry_type:uid^gid^name:perms[:id] 5745a5eeccaSmarks * 5755a5eeccaSmarks * The maximum length of entry_type is 14 ("defaultgroup::" and 5765a5eeccaSmarks * "defaultother::") hence ENTRYTYPELEN is set to 14. 5775a5eeccaSmarks * 5785a5eeccaSmarks * The max length of a uid^gid^name entry (in theory) is 8, hence we use, 5795a5eeccaSmarks * however the ID could be a number so we therefore use ID_STR_MAX 5805a5eeccaSmarks * 5815a5eeccaSmarks * The length of a perms entry is 4 to allow for the comma appended to each 5825a5eeccaSmarks * to each acl entry. Hence PERMS is set to 4. 5835a5eeccaSmarks */ 5845a5eeccaSmarks 5855a5eeccaSmarks #define ENTRYTYPELEN 14 5865a5eeccaSmarks #define PERMS 4 5875a5eeccaSmarks #define ACL_ENTRY_SIZE (ENTRYTYPELEN + ID_STR_MAX + PERMS + APPENDED_ID_MAX) 5885a5eeccaSmarks #define UPDATE_WHERE where = dstr->aclexport + strlen(dstr->aclexport) 5895a5eeccaSmarks 5907c478bd9Sstevel@tonic-gate char * 5915a5eeccaSmarks aclent_acltotext(aclent_t *aclp, int aclcnt, int flags) 5927c478bd9Sstevel@tonic-gate { 5937c478bd9Sstevel@tonic-gate char *aclexport; 5947c478bd9Sstevel@tonic-gate char *where; 595ee519a1fSgjelinek struct group *groupp = NULL; 596ee519a1fSgjelinek struct passwd *passwdp = NULL; 5977c478bd9Sstevel@tonic-gate struct dynaclstr *dstr; 5987c478bd9Sstevel@tonic-gate int i, rtn; 5997c478bd9Sstevel@tonic-gate size_t excess = 0; 600afe1f701Smarks char id[ID_STR_MAX], *idstr; 6017c478bd9Sstevel@tonic-gate 6027c478bd9Sstevel@tonic-gate if (aclp == NULL) 6037c478bd9Sstevel@tonic-gate return (NULL); 6047c478bd9Sstevel@tonic-gate if ((dstr = malloc(sizeof (struct dynaclstr))) == NULL) 6057c478bd9Sstevel@tonic-gate return (NULL); 6067c478bd9Sstevel@tonic-gate dstr->bufsize = aclcnt * ACL_ENTRY_SIZE; 6077c478bd9Sstevel@tonic-gate if ((dstr->aclexport = malloc(dstr->bufsize)) == NULL) { 6087c478bd9Sstevel@tonic-gate free(dstr); 6097c478bd9Sstevel@tonic-gate return (NULL); 6107c478bd9Sstevel@tonic-gate } 6117c478bd9Sstevel@tonic-gate *dstr->aclexport = '\0'; 6127c478bd9Sstevel@tonic-gate where = dstr->aclexport; 6137c478bd9Sstevel@tonic-gate 6147c478bd9Sstevel@tonic-gate for (i = 0; i < aclcnt; i++, aclp++) { 6157c478bd9Sstevel@tonic-gate switch (aclp->a_type) { 6167c478bd9Sstevel@tonic-gate case DEF_USER_OBJ: 6177c478bd9Sstevel@tonic-gate case USER_OBJ: 6187c478bd9Sstevel@tonic-gate if (aclp->a_type == USER_OBJ) 6197c478bd9Sstevel@tonic-gate where = strappend(where, "user::"); 6207c478bd9Sstevel@tonic-gate else 6217c478bd9Sstevel@tonic-gate where = strappend(where, "defaultuser::"); 6227c478bd9Sstevel@tonic-gate where = convert_perm(where, aclp->a_perm); 6237c478bd9Sstevel@tonic-gate break; 6247c478bd9Sstevel@tonic-gate case DEF_USER: 6257c478bd9Sstevel@tonic-gate case USER: 6267c478bd9Sstevel@tonic-gate if (aclp->a_type == USER) 6277c478bd9Sstevel@tonic-gate where = strappend(where, "user:"); 6287c478bd9Sstevel@tonic-gate else 6297c478bd9Sstevel@tonic-gate where = strappend(where, "defaultuser:"); 630ee519a1fSgjelinek if ((flags & ACL_NORESOLVE) == 0) 6317c478bd9Sstevel@tonic-gate passwdp = getpwuid(aclp->a_id); 6327c478bd9Sstevel@tonic-gate if (passwdp == (struct passwd *)NULL) { 6337c478bd9Sstevel@tonic-gate /* put in uid instead */ 6347c478bd9Sstevel@tonic-gate (void) sprintf(where, "%d", aclp->a_id); 63511e32170Shm123892 UPDATE_WHERE; 6367c478bd9Sstevel@tonic-gate } else { 6377c478bd9Sstevel@tonic-gate excess = strlen(passwdp->pw_name) - LOGNAME_MAX; 6387c478bd9Sstevel@tonic-gate if (excess > 0) { 6397c478bd9Sstevel@tonic-gate rtn = increase_length(dstr, excess); 6407c478bd9Sstevel@tonic-gate if (rtn == 1) { 64111e32170Shm123892 UPDATE_WHERE; 6427c478bd9Sstevel@tonic-gate } else { 6437c478bd9Sstevel@tonic-gate free(dstr->aclexport); 6447c478bd9Sstevel@tonic-gate free(dstr); 6457c478bd9Sstevel@tonic-gate return (NULL); 6467c478bd9Sstevel@tonic-gate } 6477c478bd9Sstevel@tonic-gate } 6487c478bd9Sstevel@tonic-gate where = strappend(where, passwdp->pw_name); 6497c478bd9Sstevel@tonic-gate } 6507c478bd9Sstevel@tonic-gate where = strappend(where, ":"); 6517c478bd9Sstevel@tonic-gate where = convert_perm(where, aclp->a_perm); 6527c478bd9Sstevel@tonic-gate break; 6537c478bd9Sstevel@tonic-gate case DEF_GROUP_OBJ: 6547c478bd9Sstevel@tonic-gate case GROUP_OBJ: 6557c478bd9Sstevel@tonic-gate if (aclp->a_type == GROUP_OBJ) 6567c478bd9Sstevel@tonic-gate where = strappend(where, "group::"); 6577c478bd9Sstevel@tonic-gate else 6587c478bd9Sstevel@tonic-gate where = strappend(where, "defaultgroup::"); 6597c478bd9Sstevel@tonic-gate where = convert_perm(where, aclp->a_perm); 6607c478bd9Sstevel@tonic-gate break; 6617c478bd9Sstevel@tonic-gate case DEF_GROUP: 6627c478bd9Sstevel@tonic-gate case GROUP: 6637c478bd9Sstevel@tonic-gate if (aclp->a_type == GROUP) 6647c478bd9Sstevel@tonic-gate where = strappend(where, "group:"); 6657c478bd9Sstevel@tonic-gate else 6667c478bd9Sstevel@tonic-gate where = strappend(where, "defaultgroup:"); 667ee519a1fSgjelinek if ((flags & ACL_NORESOLVE) == 0) 6687c478bd9Sstevel@tonic-gate groupp = getgrgid(aclp->a_id); 6697c478bd9Sstevel@tonic-gate if (groupp == (struct group *)NULL) { 6707c478bd9Sstevel@tonic-gate /* put in gid instead */ 6717c478bd9Sstevel@tonic-gate (void) sprintf(where, "%d", aclp->a_id); 67211e32170Shm123892 UPDATE_WHERE; 6737c478bd9Sstevel@tonic-gate } else { 6747c478bd9Sstevel@tonic-gate excess = strlen(groupp->gr_name) - LOGNAME_MAX; 6757c478bd9Sstevel@tonic-gate if (excess > 0) { 6767c478bd9Sstevel@tonic-gate rtn = increase_length(dstr, excess); 6777c478bd9Sstevel@tonic-gate if (rtn == 1) { 67811e32170Shm123892 UPDATE_WHERE; 6797c478bd9Sstevel@tonic-gate } else { 6807c478bd9Sstevel@tonic-gate free(dstr->aclexport); 6817c478bd9Sstevel@tonic-gate free(dstr); 6827c478bd9Sstevel@tonic-gate return (NULL); 6837c478bd9Sstevel@tonic-gate } 6847c478bd9Sstevel@tonic-gate } 6857c478bd9Sstevel@tonic-gate where = strappend(where, groupp->gr_name); 6867c478bd9Sstevel@tonic-gate } 6877c478bd9Sstevel@tonic-gate where = strappend(where, ":"); 6887c478bd9Sstevel@tonic-gate where = convert_perm(where, aclp->a_perm); 6897c478bd9Sstevel@tonic-gate break; 6907c478bd9Sstevel@tonic-gate case DEF_CLASS_OBJ: 6917c478bd9Sstevel@tonic-gate case CLASS_OBJ: 6927c478bd9Sstevel@tonic-gate if (aclp->a_type == CLASS_OBJ) 6937c478bd9Sstevel@tonic-gate where = strappend(where, "mask:"); 6947c478bd9Sstevel@tonic-gate else 6957c478bd9Sstevel@tonic-gate where = strappend(where, "defaultmask:"); 6967c478bd9Sstevel@tonic-gate where = convert_perm(where, aclp->a_perm); 6977c478bd9Sstevel@tonic-gate break; 6987c478bd9Sstevel@tonic-gate case DEF_OTHER_OBJ: 6997c478bd9Sstevel@tonic-gate case OTHER_OBJ: 7007c478bd9Sstevel@tonic-gate if (aclp->a_type == OTHER_OBJ) 7017c478bd9Sstevel@tonic-gate where = strappend(where, "other:"); 7027c478bd9Sstevel@tonic-gate else 7037c478bd9Sstevel@tonic-gate where = strappend(where, "defaultother:"); 7047c478bd9Sstevel@tonic-gate where = convert_perm(where, aclp->a_perm); 7057c478bd9Sstevel@tonic-gate break; 7067c478bd9Sstevel@tonic-gate default: 7077c478bd9Sstevel@tonic-gate free(dstr->aclexport); 7087c478bd9Sstevel@tonic-gate free(dstr); 7097c478bd9Sstevel@tonic-gate return (NULL); 7107c478bd9Sstevel@tonic-gate 7117c478bd9Sstevel@tonic-gate } 7125a5eeccaSmarks 7135a5eeccaSmarks if ((flags & ACL_APPEND_ID) && ((aclp->a_type == USER) || 7145a5eeccaSmarks (aclp->a_type == DEF_USER) || (aclp->a_type == GROUP) || 7155a5eeccaSmarks (aclp->a_type == DEF_GROUP))) { 7165a5eeccaSmarks where = strappend(where, ":"); 7175a5eeccaSmarks id[ID_STR_MAX - 1] = '\0'; /* null terminate buffer */ 7185a5eeccaSmarks idstr = lltostr(aclp->a_id, &id[ID_STR_MAX - 1]); 7195a5eeccaSmarks where = strappend(where, idstr); 7205a5eeccaSmarks } 7217c478bd9Sstevel@tonic-gate if (i < aclcnt - 1) 7227c478bd9Sstevel@tonic-gate where = strappend(where, ","); 7237c478bd9Sstevel@tonic-gate } 7247c478bd9Sstevel@tonic-gate aclexport = dstr->aclexport; 7257c478bd9Sstevel@tonic-gate free(dstr); 7267c478bd9Sstevel@tonic-gate return (aclexport); 7275a5eeccaSmarks 7285a5eeccaSmarks 7295a5eeccaSmarks 7305a5eeccaSmarks 7317c478bd9Sstevel@tonic-gate } 7327c478bd9Sstevel@tonic-gate 7335a5eeccaSmarks char * 7345a5eeccaSmarks acltotext(aclent_t *aclp, int aclcnt) 7357c478bd9Sstevel@tonic-gate { 7365a5eeccaSmarks return (aclent_acltotext(aclp, aclcnt, 0)); 737fa9e4066Sahrens } 738fa9e4066Sahrens 7397c478bd9Sstevel@tonic-gate 740fa9e4066Sahrens aclent_t * 741fa9e4066Sahrens aclfromtext(char *aclstr, int *aclcnt) 742fa9e4066Sahrens { 743fa9e4066Sahrens acl_t *aclp; 744fa9e4066Sahrens aclent_t *aclentp; 745fa9e4066Sahrens int error; 746fa9e4066Sahrens 7475a5eeccaSmarks error = acl_fromtext(aclstr, &aclp); 748fa9e4066Sahrens if (error) 749fa9e4066Sahrens return (NULL); 750fa9e4066Sahrens 751fa9e4066Sahrens aclentp = aclp->acl_aclp; 752fa9e4066Sahrens aclp->acl_aclp = NULL; 753fa9e4066Sahrens *aclcnt = aclp->acl_cnt; 7545a5eeccaSmarks 7555a5eeccaSmarks acl_free(aclp); 756fa9e4066Sahrens return (aclentp); 757fa9e4066Sahrens } 758fa9e4066Sahrens 759fa9e4066Sahrens 7607c478bd9Sstevel@tonic-gate static char * 7617c478bd9Sstevel@tonic-gate strappend(char *where, char *newstr) 7627c478bd9Sstevel@tonic-gate { 7637c478bd9Sstevel@tonic-gate (void) strcat(where, newstr); 7647c478bd9Sstevel@tonic-gate return (where + strlen(newstr)); 7657c478bd9Sstevel@tonic-gate } 7667c478bd9Sstevel@tonic-gate 7677c478bd9Sstevel@tonic-gate static char * 7687c478bd9Sstevel@tonic-gate convert_perm(char *where, o_mode_t perm) 7697c478bd9Sstevel@tonic-gate { 7705a5eeccaSmarks if (perm & S_IROTH) 7717c478bd9Sstevel@tonic-gate where = strappend(where, "r"); 7727c478bd9Sstevel@tonic-gate else 7737c478bd9Sstevel@tonic-gate where = strappend(where, "-"); 7745a5eeccaSmarks if (perm & S_IWOTH) 7757c478bd9Sstevel@tonic-gate where = strappend(where, "w"); 7767c478bd9Sstevel@tonic-gate else 7777c478bd9Sstevel@tonic-gate where = strappend(where, "-"); 7785a5eeccaSmarks if (perm & S_IXOTH) 7797c478bd9Sstevel@tonic-gate where = strappend(where, "x"); 7807c478bd9Sstevel@tonic-gate else 7817c478bd9Sstevel@tonic-gate where = strappend(where, "-"); 7827c478bd9Sstevel@tonic-gate /* perm is the last field */ 7837c478bd9Sstevel@tonic-gate return (where); 7847c478bd9Sstevel@tonic-gate } 7857c478bd9Sstevel@tonic-gate 7867c478bd9Sstevel@tonic-gate /* 7877c478bd9Sstevel@tonic-gate * Callers should check the return code as this routine may change the string 7887c478bd9Sstevel@tonic-gate * pointer in dynaclstr. 7897c478bd9Sstevel@tonic-gate */ 7907c478bd9Sstevel@tonic-gate static int 7917c478bd9Sstevel@tonic-gate increase_length(struct dynaclstr *dacl, size_t increase) 7927c478bd9Sstevel@tonic-gate { 7937c478bd9Sstevel@tonic-gate char *tptr; 7947c478bd9Sstevel@tonic-gate size_t newsize; 7957c478bd9Sstevel@tonic-gate 7967c478bd9Sstevel@tonic-gate newsize = dacl->bufsize + increase; 7977c478bd9Sstevel@tonic-gate tptr = realloc(dacl->aclexport, newsize); 7987c478bd9Sstevel@tonic-gate if (tptr != NULL) { 7997c478bd9Sstevel@tonic-gate dacl->aclexport = tptr; 8007c478bd9Sstevel@tonic-gate dacl->bufsize = newsize; 8017c478bd9Sstevel@tonic-gate return (1); 8027c478bd9Sstevel@tonic-gate } else 8037c478bd9Sstevel@tonic-gate return (0); 8047c478bd9Sstevel@tonic-gate } 805fa9e4066Sahrens 806fa9e4066Sahrens /* 8075a5eeccaSmarks * ace_acltotext() convert each ace formatted acl to look like this: 808fa9e4066Sahrens * 8095a5eeccaSmarks * entry_type:uid^gid^name:perms[:flags]:<allow|deny>[:id][,] 810fa9e4066Sahrens * 811fa9e4066Sahrens * The maximum length of entry_type is 5 ("group") 812fa9e4066Sahrens * 8135a5eeccaSmarks * The max length of a uid^gid^name entry (in theory) is 8, 8145a5eeccaSmarks * however id could be a number so we therefore use ID_STR_MAX 815fa9e4066Sahrens * 816fa9e4066Sahrens * The length of a perms entry is 144 i.e read_data/write_data... 817fa9e4066Sahrens * to each acl entry. 818fa9e4066Sahrens * 819da6c28aaSamw * iflags: file_inherit/dir_inherit/inherit_only/no_propagate/successful_access 820da6c28aaSamw * /failed_access 821fa9e4066Sahrens * 822fa9e4066Sahrens */ 823fa9e4066Sahrens 824fa9e4066Sahrens #define ACE_ENTRYTYPLEN 6 825da6c28aaSamw #define IFLAGS_STR "file_inherit/dir_inherit/inherit_only/no_propagate/" \ 826da6c28aaSamw "successful_access/failed_access/inherited" 827da6c28aaSamw #define IFLAGS_SIZE (sizeof (IFLAGS_STR) - 1) 8285a5eeccaSmarks #define ACCESS_TYPE_SIZE 7 /* if unknown */ 829fa9e4066Sahrens #define COLON_CNT 3 830fa9e4066Sahrens #define PERMS_LEN 216 8315a5eeccaSmarks #define ACE_ENTRY_SIZE (ACE_ENTRYTYPLEN + ID_STR_MAX + PERMS_LEN + \ 8325a5eeccaSmarks ACCESS_TYPE_SIZE + IFLAGS_SIZE + COLON_CNT + APPENDED_ID_MAX) 833fa9e4066Sahrens 834fa9e4066Sahrens static char * 8355a5eeccaSmarks ace_acltotext(acl_t *aceaclp, int flags) 836fa9e4066Sahrens { 837fa9e4066Sahrens ace_t *aclp = aceaclp->acl_aclp; 838fa9e4066Sahrens int aclcnt = aceaclp->acl_cnt; 839fa9e4066Sahrens char *aclexport; 8405a5eeccaSmarks char *endp; 8415a5eeccaSmarks int i; 8425a5eeccaSmarks char id[ID_STR_MAX], *idstr; 843fa9e4066Sahrens int isdir = (aceaclp->acl_flags & ACL_IS_DIR); 844fa9e4066Sahrens 845fa9e4066Sahrens if (aclp == NULL) 846fa9e4066Sahrens return (NULL); 8475a5eeccaSmarks if ((aclexport = malloc(aclcnt * ACE_ENTRY_SIZE)) == NULL) 848fa9e4066Sahrens return (NULL); 849fa9e4066Sahrens 8505a5eeccaSmarks aclexport[0] = '\0'; 8515a5eeccaSmarks endp = aclexport; 852fa9e4066Sahrens for (i = 0; i < aclcnt; i++, aclp++) { 853fa9e4066Sahrens 85445a17f45Sgjelinek (void) ace_type_txt(endp, &endp, aclp, flags); 8555a5eeccaSmarks *endp++ = ':'; 8565a5eeccaSmarks *endp = '\0'; 8575a5eeccaSmarks (void) ace_perm_txt(endp, &endp, aclp->a_access_mask, 8585a5eeccaSmarks aclp->a_flags, isdir, flags); 8595a5eeccaSmarks *endp++ = ':'; 8605a5eeccaSmarks *endp = '\0'; 8615a5eeccaSmarks (void) ace_inherit_txt(endp, &endp, aclp->a_flags, flags); 8625a5eeccaSmarks if (flags & ACL_COMPACT_FMT || aclp->a_flags & 8635a5eeccaSmarks (ACE_FILE_INHERIT_ACE | ACE_DIRECTORY_INHERIT_ACE | 864da6c28aaSamw (ACE_INHERIT_ONLY_ACE | ACE_NO_PROPAGATE_INHERIT_ACE | 865da6c28aaSamw ACE_INHERITED_ACE | ACE_SUCCESSFUL_ACCESS_ACE_FLAG | 866da6c28aaSamw ACE_FAILED_ACCESS_ACE_FLAG))) { 8675a5eeccaSmarks *endp++ = ':'; 8685a5eeccaSmarks *endp = '\0'; 869fa9e4066Sahrens } 8705a5eeccaSmarks (void) ace_access_txt(endp, &endp, aclp->a_type); 871fa9e4066Sahrens 8725a5eeccaSmarks if ((flags & ACL_APPEND_ID) && 8735a5eeccaSmarks (((aclp->a_flags & ACE_TYPE_FLAGS) == 0) || 8745a5eeccaSmarks ((aclp->a_flags & ACE_TYPE_FLAGS) == 8755a5eeccaSmarks ACE_IDENTIFIER_GROUP))) { 8765a5eeccaSmarks *endp++ = ':'; 8775a5eeccaSmarks *endp = '\0'; 8785a5eeccaSmarks id[ID_STR_MAX -1] = '\0'; /* null terminate buffer */ 8795a5eeccaSmarks idstr = lltostr(aclp->a_who, &id[ID_STR_MAX - 1]); 8805a5eeccaSmarks strcpy(endp, idstr); 8815a5eeccaSmarks endp += strlen(idstr); 8825a5eeccaSmarks } 8835a5eeccaSmarks if (i < aclcnt - 1) { 8845a5eeccaSmarks *endp++ = ','; 8855a5eeccaSmarks *(endp + 1) = '\0'; 886fa9e4066Sahrens } 887fa9e4066Sahrens } 888fa9e4066Sahrens return (aclexport); 889fa9e4066Sahrens } 890fa9e4066Sahrens 8915a5eeccaSmarks char * 8925a5eeccaSmarks acl_totext(acl_t *aclp, int flags) 893fa9e4066Sahrens { 894fa9e4066Sahrens 8955a5eeccaSmarks char *txtp; 896fa9e4066Sahrens 897fa9e4066Sahrens if (aclp == NULL) 898fa9e4066Sahrens return (NULL); 899fa9e4066Sahrens 900fa9e4066Sahrens switch (aclp->acl_type) { 901fa9e4066Sahrens case ACE_T: 9025a5eeccaSmarks txtp = ace_acltotext(aclp, flags); 9035a5eeccaSmarks break; 904fa9e4066Sahrens case ACLENT_T: 9055a5eeccaSmarks txtp = aclent_acltotext(aclp->acl_aclp, aclp->acl_cnt, flags); 9065a5eeccaSmarks break; 907fa9e4066Sahrens } 9085a5eeccaSmarks 9095a5eeccaSmarks return (txtp); 910fa9e4066Sahrens } 911fa9e4066Sahrens 912fa9e4066Sahrens int 913fa9e4066Sahrens acl_fromtext(const char *acltextp, acl_t **ret_aclp) 914fa9e4066Sahrens { 9155a5eeccaSmarks int error; 9165a5eeccaSmarks char *buf; 9175a5eeccaSmarks 9185a5eeccaSmarks buf = malloc(strlen(acltextp) + 2); 9195a5eeccaSmarks if (buf == NULL) 9205a5eeccaSmarks return (EACL_MEM_ERROR); 9215a5eeccaSmarks strcpy(buf, acltextp); 9225a5eeccaSmarks strcat(buf, "\n"); 9235a5eeccaSmarks yybuf = buf; 9245a5eeccaSmarks yyreset(); 9255a5eeccaSmarks error = yyparse(); 9265a5eeccaSmarks free(buf); 9275a5eeccaSmarks 9285a5eeccaSmarks if (yyacl) { 9295a5eeccaSmarks if (error == 0) 9305a5eeccaSmarks *ret_aclp = yyacl; 9315a5eeccaSmarks else { 9325a5eeccaSmarks acl_free(yyacl); 9335a5eeccaSmarks } 9345a5eeccaSmarks yyacl = NULL; 9355a5eeccaSmarks } 9365a5eeccaSmarks return (error); 9375a5eeccaSmarks } 9385a5eeccaSmarks 9395a5eeccaSmarks int 9405a5eeccaSmarks acl_parse(const char *acltextp, acl_t **aclp) 9415a5eeccaSmarks { 942fa9e4066Sahrens int error; 943fa9e4066Sahrens 9445a5eeccaSmarks yyinteractive = 1; 9455a5eeccaSmarks error = acl_fromtext(acltextp, aclp); 9465a5eeccaSmarks yyinteractive = 0; 947fa9e4066Sahrens return (error); 948fa9e4066Sahrens } 9495a5eeccaSmarks 9505a5eeccaSmarks static void 9515a5eeccaSmarks ace_compact_printacl(acl_t *aclp) 9525a5eeccaSmarks { 9535a5eeccaSmarks int cnt; 9545a5eeccaSmarks ace_t *acep; 9555a5eeccaSmarks char *endp; 9565a5eeccaSmarks char buf[ACE_ENTRY_SIZE]; 9575a5eeccaSmarks 9585a5eeccaSmarks for (cnt = 0, acep = aclp->acl_aclp; 9595a5eeccaSmarks cnt != aclp->acl_cnt; cnt++, acep++) { 9605a5eeccaSmarks buf[0] = '\0'; 96145a17f45Sgjelinek (void) printf(" %14s:", ace_type_txt(buf, &endp, acep, 0)); 9625a5eeccaSmarks (void) printf("%s:", ace_perm_txt(endp, &endp, 9635a5eeccaSmarks acep->a_access_mask, acep->a_flags, 9645a5eeccaSmarks aclp->acl_flags & ACL_IS_DIR, ACL_COMPACT_FMT)); 9655a5eeccaSmarks (void) printf("%s:", 9665a5eeccaSmarks ace_inherit_txt(endp, &endp, acep->a_flags, 9675a5eeccaSmarks ACL_COMPACT_FMT)); 9685a5eeccaSmarks (void) printf("%s\n", ace_access_txt(endp, &endp, 9695a5eeccaSmarks acep->a_type)); 9705a5eeccaSmarks } 9715a5eeccaSmarks } 9725a5eeccaSmarks 9735a5eeccaSmarks static void 9745a5eeccaSmarks ace_printacl(acl_t *aclp, int cols, int compact) 9755a5eeccaSmarks { 9765a5eeccaSmarks int slot = 0; 9775a5eeccaSmarks char *token; 9785a5eeccaSmarks char *acltext; 9795a5eeccaSmarks 9805a5eeccaSmarks if (compact) { 9815a5eeccaSmarks ace_compact_printacl(aclp); 9825a5eeccaSmarks return; 9835a5eeccaSmarks } 9845a5eeccaSmarks 9855a5eeccaSmarks acltext = acl_totext(aclp, 0); 9865a5eeccaSmarks 9875a5eeccaSmarks if (acltext == NULL) 9885a5eeccaSmarks return; 9895a5eeccaSmarks 9905a5eeccaSmarks token = strtok(acltext, ","); 9915a5eeccaSmarks if (token == NULL) { 9925a5eeccaSmarks free(acltext); 9935a5eeccaSmarks return; 9945a5eeccaSmarks } 9955a5eeccaSmarks 9965a5eeccaSmarks do { 9975a5eeccaSmarks (void) printf(" %d:", slot++); 9985a5eeccaSmarks split_line(token, cols - 5); 9995a5eeccaSmarks } while (token = strtok(NULL, ",")); 10005a5eeccaSmarks free(acltext); 10015a5eeccaSmarks } 10025a5eeccaSmarks 10035a5eeccaSmarks /* 10045a5eeccaSmarks * pretty print an ACL. 10055a5eeccaSmarks * For aclent_t ACL's the format is 10065a5eeccaSmarks * similar to the old format used by getfacl, 10075a5eeccaSmarks * with the addition of adding a "slot" number 10085a5eeccaSmarks * before each entry. 10095a5eeccaSmarks * 10105a5eeccaSmarks * for ace_t ACL's the cols variable will break up 10115a5eeccaSmarks * the long lines into multiple lines and will also 10125a5eeccaSmarks * print a "slot" number. 10135a5eeccaSmarks */ 10145a5eeccaSmarks void 10155a5eeccaSmarks acl_printacl(acl_t *aclp, int cols, int compact) 10165a5eeccaSmarks { 10175a5eeccaSmarks 10185a5eeccaSmarks switch (aclp->acl_type) { 10195a5eeccaSmarks case ACLENT_T: 10205a5eeccaSmarks aclent_printacl(aclp); 10215a5eeccaSmarks break; 10225a5eeccaSmarks case ACE_T: 10235a5eeccaSmarks ace_printacl(aclp, cols, compact); 10245a5eeccaSmarks break; 10255a5eeccaSmarks } 10265a5eeccaSmarks } 10275a5eeccaSmarks 10285a5eeccaSmarks typedef struct value_table { 10295a5eeccaSmarks char p_letter; /* perm letter such as 'r' */ 10305a5eeccaSmarks uint32_t p_value; /* value for perm when pletter found */ 10315a5eeccaSmarks } value_table_t; 10325a5eeccaSmarks 10335a5eeccaSmarks /* 1034da6c28aaSamw * The permission tables are laid out in positional order 10355a5eeccaSmarks * a '-' character will indicate a permission at a given 10365a5eeccaSmarks * position is not specified. The '-' is not part of the 10375a5eeccaSmarks * table, but will be checked for in the permission computation 10385a5eeccaSmarks * routine. 10395a5eeccaSmarks */ 1040da6c28aaSamw value_table_t ace_perm_table[] = { 10415a5eeccaSmarks { 'r', ACE_READ_DATA}, 10425a5eeccaSmarks { 'w', ACE_WRITE_DATA}, 10435a5eeccaSmarks { 'x', ACE_EXECUTE}, 10445a5eeccaSmarks { 'p', ACE_APPEND_DATA}, 10455a5eeccaSmarks { 'd', ACE_DELETE}, 10465a5eeccaSmarks { 'D', ACE_DELETE_CHILD}, 10475a5eeccaSmarks { 'a', ACE_READ_ATTRIBUTES}, 10485a5eeccaSmarks { 'A', ACE_WRITE_ATTRIBUTES}, 10495a5eeccaSmarks { 'R', ACE_READ_NAMED_ATTRS}, 10505a5eeccaSmarks { 'W', ACE_WRITE_NAMED_ATTRS}, 10515a5eeccaSmarks { 'c', ACE_READ_ACL}, 10525a5eeccaSmarks { 'C', ACE_WRITE_ACL}, 10535a5eeccaSmarks { 'o', ACE_WRITE_OWNER}, 10545a5eeccaSmarks { 's', ACE_SYNCHRONIZE} 10555a5eeccaSmarks }; 10565a5eeccaSmarks 1057da6c28aaSamw #define ACE_PERM_COUNT (sizeof (ace_perm_table) / sizeof (value_table_t)) 10585a5eeccaSmarks 1059da6c28aaSamw value_table_t aclent_perm_table[] = { 10605a5eeccaSmarks { 'r', S_IROTH}, 10615a5eeccaSmarks { 'w', S_IWOTH}, 10625a5eeccaSmarks { 'x', S_IXOTH} 10635a5eeccaSmarks }; 10645a5eeccaSmarks 1065da6c28aaSamw #define ACLENT_PERM_COUNT (sizeof (aclent_perm_table) / sizeof (value_table_t)) 1066da6c28aaSamw 1067da6c28aaSamw value_table_t inherit_table[] = { 10685a5eeccaSmarks {'f', ACE_FILE_INHERIT_ACE}, 10695a5eeccaSmarks {'d', ACE_DIRECTORY_INHERIT_ACE}, 10705a5eeccaSmarks {'i', ACE_INHERIT_ONLY_ACE}, 10715a5eeccaSmarks {'n', ACE_NO_PROPAGATE_INHERIT_ACE}, 10725a5eeccaSmarks {'S', ACE_SUCCESSFUL_ACCESS_ACE_FLAG}, 1073da6c28aaSamw {'F', ACE_FAILED_ACCESS_ACE_FLAG}, 1074da6c28aaSamw {'I', ACE_INHERITED_ACE} 10755a5eeccaSmarks }; 10765a5eeccaSmarks 1077da6c28aaSamw #define IFLAG_COUNT (sizeof (inherit_table) / sizeof (value_table_t)) 1078*bf8b6031Smarks #define IFLAG_COUNT_V1 6 /* Older version compatibility */ 1079da6c28aaSamw 10805a5eeccaSmarks /* 10815a5eeccaSmarks * compute value from a permission table or inheritance table 10825a5eeccaSmarks * based on string passed in. If positional is set then 10835a5eeccaSmarks * string must match order in permtab, otherwise any order 10845a5eeccaSmarks * is allowed. 10855a5eeccaSmarks */ 10865a5eeccaSmarks int 10875a5eeccaSmarks compute_values(value_table_t *permtab, int count, 10885a5eeccaSmarks char *permstr, int positional, uint32_t *mask) 10895a5eeccaSmarks { 10905a5eeccaSmarks uint32_t perm_val = 0; 10915a5eeccaSmarks char *pstr; 10925a5eeccaSmarks int i, found; 10935a5eeccaSmarks 10945a5eeccaSmarks if (count < 0) 10955a5eeccaSmarks return (1); 10965a5eeccaSmarks 10975a5eeccaSmarks if (positional) { 10985a5eeccaSmarks for (i = 0, pstr = permstr; i != count && pstr && 10995a5eeccaSmarks *pstr; i++, pstr++) { 11005a5eeccaSmarks if (*pstr == permtab[i].p_letter) { 11015a5eeccaSmarks perm_val |= permtab[i].p_value; 11025a5eeccaSmarks } else if (*pstr != '-') { 11035a5eeccaSmarks return (1); 11045a5eeccaSmarks } 11055a5eeccaSmarks } 11065a5eeccaSmarks } else { /* random order single letters with no '-' */ 11075a5eeccaSmarks for (pstr = permstr; pstr && *pstr; pstr++) { 11085a5eeccaSmarks for (found = 0, i = 0; i != count; i++) { 11095a5eeccaSmarks if (*pstr == permtab[i].p_letter) { 11105a5eeccaSmarks perm_val |= permtab[i].p_value; 11115a5eeccaSmarks found = 1; 11125a5eeccaSmarks break; 11135a5eeccaSmarks } 11145a5eeccaSmarks } 11155a5eeccaSmarks if (found == 0) 11165a5eeccaSmarks return (1); 11175a5eeccaSmarks } 11185a5eeccaSmarks } 11195a5eeccaSmarks 11205a5eeccaSmarks *mask = perm_val; 11215a5eeccaSmarks return (0); 11225a5eeccaSmarks } 11235a5eeccaSmarks 1124*bf8b6031Smarks 1125*bf8b6031Smarks int 1126*bf8b6031Smarks ace_inherit_helper(char *str, uint32_t *imask, int table_length) 1127*bf8b6031Smarks { 1128*bf8b6031Smarks int rc = 0; 1129*bf8b6031Smarks 1130*bf8b6031Smarks if (strlen(str) == table_length) { 1131*bf8b6031Smarks /* 1132*bf8b6031Smarks * If the string == table_length then first check to see it's 1133*bf8b6031Smarks * in positional format. If that fails then see if it's in 1134*bf8b6031Smarks * non-positional format. 1135*bf8b6031Smarks */ 1136*bf8b6031Smarks if (compute_values(inherit_table, table_length, str, 1137*bf8b6031Smarks 1, imask) && compute_values(inherit_table, 1138*bf8b6031Smarks table_length, str, 0, imask)) { 1139*bf8b6031Smarks rc = 1; 1140*bf8b6031Smarks } 1141*bf8b6031Smarks } else { 1142*bf8b6031Smarks rc = compute_values(inherit_table, table_length, str, 0, imask); 1143*bf8b6031Smarks } 1144*bf8b6031Smarks 1145*bf8b6031Smarks return (rc ? EACL_INHERIT_ERROR : 0); 1146*bf8b6031Smarks } 1147*bf8b6031Smarks 11485a5eeccaSmarks /* 11495a5eeccaSmarks * compute value for inheritance flags. 11505a5eeccaSmarks */ 11515a5eeccaSmarks int 11525a5eeccaSmarks compute_ace_inherit(char *str, uint32_t *imask) 11535a5eeccaSmarks { 1154*bf8b6031Smarks int rc = 0; 11555a5eeccaSmarks 1156*bf8b6031Smarks rc = ace_inherit_helper(str, imask, IFLAG_COUNT); 11575a5eeccaSmarks 1158*bf8b6031Smarks if (rc && strlen(str) != IFLAG_COUNT) { 11595a5eeccaSmarks 1160*bf8b6031Smarks /* is it an old formatted inherit string? */ 1161*bf8b6031Smarks rc = ace_inherit_helper(str, imask, IFLAG_COUNT_V1); 1162*bf8b6031Smarks } 11635a5eeccaSmarks 1164*bf8b6031Smarks return (rc); 11655a5eeccaSmarks } 11665a5eeccaSmarks 11675a5eeccaSmarks 11685a5eeccaSmarks /* 11695a5eeccaSmarks * compute value for ACE permissions. 11705a5eeccaSmarks */ 11715a5eeccaSmarks int 11725a5eeccaSmarks compute_ace_perms(char *str, uint32_t *mask) 11735a5eeccaSmarks { 11745a5eeccaSmarks int positional = 0; 11755a5eeccaSmarks int error; 11765a5eeccaSmarks 11775a5eeccaSmarks if (strlen(str) == ACE_PERM_COUNT) 11785a5eeccaSmarks positional = 1; 11795a5eeccaSmarks 11805a5eeccaSmarks error = compute_values(ace_perm_table, ACE_PERM_COUNT, 11815a5eeccaSmarks str, positional, mask); 11825a5eeccaSmarks 11835a5eeccaSmarks if (error && positional) { 11845a5eeccaSmarks /* 11855a5eeccaSmarks * If positional was set, then make sure permissions 11865a5eeccaSmarks * aren't actually valid in non positional case where 11875a5eeccaSmarks * all permissions are specified, just in random order. 11885a5eeccaSmarks */ 11895a5eeccaSmarks error = compute_values(ace_perm_table, 11905a5eeccaSmarks ACE_PERM_COUNT, str, 0, mask); 11915a5eeccaSmarks } 11925a5eeccaSmarks if (error) 11935a5eeccaSmarks error = EACL_PERM_MASK_ERROR; 11945a5eeccaSmarks 11955a5eeccaSmarks return (error); 11965a5eeccaSmarks } 11975a5eeccaSmarks 11985a5eeccaSmarks 11995a5eeccaSmarks 12005a5eeccaSmarks /* 12015a5eeccaSmarks * compute values for aclent permissions. 12025a5eeccaSmarks */ 12035a5eeccaSmarks int 12045a5eeccaSmarks compute_aclent_perms(char *str, o_mode_t *mask) 12055a5eeccaSmarks { 12065a5eeccaSmarks int error; 12075a5eeccaSmarks uint32_t pmask; 12085a5eeccaSmarks 12095a5eeccaSmarks if (strlen(str) != ACLENT_PERM_COUNT) 12105a5eeccaSmarks return (EACL_PERM_MASK_ERROR); 12115a5eeccaSmarks 12125a5eeccaSmarks *mask = 0; 12135a5eeccaSmarks error = compute_values(aclent_perm_table, ACLENT_PERM_COUNT, 12145a5eeccaSmarks str, 1, &pmask); 12155a5eeccaSmarks if (error == 0) { 12165a5eeccaSmarks *mask = (o_mode_t)pmask; 12175a5eeccaSmarks } else 12185a5eeccaSmarks error = EACL_PERM_MASK_ERROR; 12195a5eeccaSmarks return (error); 12205a5eeccaSmarks } 12215a5eeccaSmarks 12225a5eeccaSmarks /* 12235a5eeccaSmarks * determine ACE permissions. 12245a5eeccaSmarks */ 12255a5eeccaSmarks int 12265a5eeccaSmarks ace_perm_mask(struct acl_perm_type *aclperm, uint32_t *mask) 12275a5eeccaSmarks { 12285a5eeccaSmarks int error; 12295a5eeccaSmarks 12305a5eeccaSmarks if (aclperm->perm_style == PERM_TYPE_EMPTY) { 12315a5eeccaSmarks *mask = 0; 12325a5eeccaSmarks return (0); 12335a5eeccaSmarks } 12345a5eeccaSmarks 12355a5eeccaSmarks if (aclperm->perm_style == PERM_TYPE_ACE) { 12365a5eeccaSmarks *mask = aclperm->perm_val; 12375a5eeccaSmarks return (0); 12385a5eeccaSmarks } 12395a5eeccaSmarks 12405a5eeccaSmarks error = compute_ace_perms(aclperm->perm_str, mask); 12415a5eeccaSmarks if (error) { 12425b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 12435b233e2dSmarks "Invalid permission(s) '%s' specified\n"), 12445a5eeccaSmarks aclperm->perm_str); 12455a5eeccaSmarks return (EACL_PERM_MASK_ERROR); 12465a5eeccaSmarks } 12475a5eeccaSmarks 12485a5eeccaSmarks return (0); 12495a5eeccaSmarks } 1250