common/acl/acl_common.c

789Sahrens/*
789Sahrens * CDDL HEADER START
789Sahrens *
789Sahrens * The contents of this file are subject to the terms of the
4321Scasper * Common Development and Distribution License (the "License").
4321Scasper * You may not use this file except in compliance with the License.
789Sahrens *
789Sahrens * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
789Sahrens * or http://www.opensolaris.org/os/licensing.
789Sahrens * See the License for the specific language governing permissions
789Sahrens * and limitations under the License.
789Sahrens *
789Sahrens * When distributing Covered Code, include this CDDL HEADER in each
789Sahrens * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
789Sahrens * If applicable, add the following below this CDDL HEADER, with the
789Sahrens * fields enclosed by brackets "[]" replaced with your own identifying
789Sahrens * information: Portions Copyright [yyyy] [name of copyright owner]
789Sahrens *
789Sahrens * CDDL HEADER END
789Sahrens */
789Sahrens/*
*12164SMark.Shellenbaum@Sun.COM * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
789Sahrens */
789Sahrens
789Sahrens#include <sys/types.h>
789Sahrens#include <sys/stat.h>
5331Samw#include <sys/avl.h>
789Sahrens#if defined(_KERNEL)
789Sahrens#include <sys/systm.h>
5331Samw#include <sys/sysmacros.h>
5331Samw#include <acl/acl_common.h>
789Sahrens#else
789Sahrens#include <errno.h>
789Sahrens#include <stdlib.h>
5331Samw#include <stddef.h>
789Sahrens#include <strings.h>
5331Samw#include <unistd.h>
789Sahrens#include <assert.h>
5331Samw#include <grp.h>
5331Samw#include <pwd.h>
5331Samw#include <acl_common.h>
789Sahrens#define	ASSERT	assert
789Sahrens#endif
789Sahrens
5331Samw#define	ACE_POSIX_SUPPORTED_BITS (ACE_READ_DATA | \
5331Samw    ACE_WRITE_DATA | ACE_APPEND_DATA | ACE_EXECUTE | \
5331Samw    ACE_READ_ATTRIBUTES | ACE_READ_ACL | ACE_WRITE_ACL)
5331Samw
5331Samw
5331Samw#define	ACL_SYNCHRONIZE_SET_DENY		0x0000001
5331Samw#define	ACL_SYNCHRONIZE_SET_ALLOW		0x0000002
5331Samw#define	ACL_SYNCHRONIZE_ERR_DENY		0x0000004
5331Samw#define	ACL_SYNCHRONIZE_ERR_ALLOW		0x0000008
5331Samw
5331Samw#define	ACL_WRITE_OWNER_SET_DENY		0x0000010
5331Samw#define	ACL_WRITE_OWNER_SET_ALLOW		0x0000020
5331Samw#define	ACL_WRITE_OWNER_ERR_DENY		0x0000040
5331Samw#define	ACL_WRITE_OWNER_ERR_ALLOW		0x0000080
5331Samw
5331Samw#define	ACL_DELETE_SET_DENY			0x0000100
5331Samw#define	ACL_DELETE_SET_ALLOW			0x0000200
5331Samw#define	ACL_DELETE_ERR_DENY			0x0000400
5331Samw#define	ACL_DELETE_ERR_ALLOW			0x0000800
5331Samw
5331Samw#define	ACL_WRITE_ATTRS_OWNER_SET_DENY		0x0001000
5331Samw#define	ACL_WRITE_ATTRS_OWNER_SET_ALLOW		0x0002000
5331Samw#define	ACL_WRITE_ATTRS_OWNER_ERR_DENY		0x0004000
5331Samw#define	ACL_WRITE_ATTRS_OWNER_ERR_ALLOW		0x0008000
5331Samw
5331Samw#define	ACL_WRITE_ATTRS_WRITER_SET_DENY		0x0010000
5331Samw#define	ACL_WRITE_ATTRS_WRITER_SET_ALLOW	0x0020000
5331Samw#define	ACL_WRITE_ATTRS_WRITER_ERR_DENY		0x0040000
5331Samw#define	ACL_WRITE_ATTRS_WRITER_ERR_ALLOW	0x0080000
5331Samw
5331Samw#define	ACL_WRITE_NAMED_WRITER_SET_DENY		0x0100000
5331Samw#define	ACL_WRITE_NAMED_WRITER_SET_ALLOW	0x0200000
5331Samw#define	ACL_WRITE_NAMED_WRITER_ERR_DENY		0x0400000
5331Samw#define	ACL_WRITE_NAMED_WRITER_ERR_ALLOW	0x0800000
5331Samw
5331Samw#define	ACL_READ_NAMED_READER_SET_DENY		0x1000000
5331Samw#define	ACL_READ_NAMED_READER_SET_ALLOW		0x2000000
5331Samw#define	ACL_READ_NAMED_READER_ERR_DENY		0x4000000
5331Samw#define	ACL_READ_NAMED_READER_ERR_ALLOW		0x8000000
5331Samw
5331Samw
5331Samw#define	ACE_VALID_MASK_BITS (\
5331Samw    ACE_READ_DATA | \
5331Samw    ACE_LIST_DIRECTORY | \
5331Samw    ACE_WRITE_DATA | \
5331Samw    ACE_ADD_FILE | \
5331Samw    ACE_APPEND_DATA | \
5331Samw    ACE_ADD_SUBDIRECTORY | \
5331Samw    ACE_READ_NAMED_ATTRS | \
5331Samw    ACE_WRITE_NAMED_ATTRS | \
5331Samw    ACE_EXECUTE | \
5331Samw    ACE_DELETE_CHILD | \
5331Samw    ACE_READ_ATTRIBUTES | \
5331Samw    ACE_WRITE_ATTRIBUTES | \
5331Samw    ACE_DELETE | \
5331Samw    ACE_READ_ACL | \
5331Samw    ACE_WRITE_ACL | \
5331Samw    ACE_WRITE_OWNER | \
5331Samw    ACE_SYNCHRONIZE)
5331Samw
5331Samw#define	ACE_MASK_UNDEFINED			0x80000000
5331Samw
5331Samw#define	ACE_VALID_FLAG_BITS (ACE_FILE_INHERIT_ACE | \
5331Samw    ACE_DIRECTORY_INHERIT_ACE | \
5331Samw    ACE_NO_PROPAGATE_INHERIT_ACE | ACE_INHERIT_ONLY_ACE | \
5331Samw    ACE_SUCCESSFUL_ACCESS_ACE_FLAG | ACE_FAILED_ACCESS_ACE_FLAG | \
5331Samw    ACE_IDENTIFIER_GROUP | ACE_OWNER | ACE_GROUP | ACE_EVERYONE)
5331Samw
5331Samw/*
5331Samw * ACL conversion helpers
5331Samw */
5331Samw
5331Samwtypedef enum {
5331Samw	ace_unused,
5331Samw	ace_user_obj,
5331Samw	ace_user,
5331Samw	ace_group, /* includes GROUP and GROUP_OBJ */
5331Samw	ace_other_obj
5331Samw} ace_to_aent_state_t;
5331Samw
5331Samwtypedef struct acevals {
5331Samw	uid_t key;
5331Samw	avl_node_t avl;
5331Samw	uint32_t mask;
5331Samw	uint32_t allowed;
5331Samw	uint32_t denied;
5331Samw	int aent_type;
5331Samw} acevals_t;
5331Samw
5331Samwtypedef struct ace_list {
5331Samw	acevals_t user_obj;
5331Samw	avl_tree_t user;
5331Samw	int numusers;
5331Samw	acevals_t group_obj;
5331Samw	avl_tree_t group;
5331Samw	int numgroups;
5331Samw	acevals_t other_obj;
5331Samw	uint32_t acl_mask;
5331Samw	int hasmask;
5331Samw	int dfacl_flag;
5331Samw	ace_to_aent_state_t state;
5331Samw	int seen; /* bitmask of all aclent_t a_type values seen */
5331Samw} ace_list_t;
789Sahrens
789Sahrens/*
789Sahrens * Generic shellsort, from K&R (1st ed, p 58.), somewhat modified.
789Sahrens * v = Ptr to array/vector of objs
789Sahrens * n = # objs in the array
789Sahrens * s = size of each obj (must be multiples of a word size)
789Sahrens * f = ptr to function to compare two objs
789Sahrens *	returns (-1 = less than, 0 = equal, 1 = greater than
789Sahrens */
789Sahrensvoid
789Sahrensksort(caddr_t v, int n, int s, int (*f)())
789Sahrens{
789Sahrens	int g, i, j, ii;
789Sahrens	unsigned int *p1, *p2;
789Sahrens	unsigned int tmp;
789Sahrens
789Sahrens	/* No work to do */
789Sahrens	if (v == NULL || n <= 1)
789Sahrens		return;
789Sahrens
789Sahrens	/* Sanity check on arguments */
789Sahrens	ASSERT(((uintptr_t)v & 0x3) == 0 && (s & 0x3) == 0);
789Sahrens	ASSERT(s > 0);
789Sahrens	for (g = n / 2; g > 0; g /= 2) {
789Sahrens		for (i = g; i < n; i++) {
789Sahrens			for (j = i - g; j >= 0 &&
5331Samw			    (*f)(v + j * s, v + (j + g) * s) == 1;
5331Samw			    j -= g) {
789Sahrens				p1 = (void *)(v + j * s);
789Sahrens				p2 = (void *)(v + (j + g) * s);
789Sahrens				for (ii = 0; ii < s / 4; ii++) {
789Sahrens					tmp = *p1;
789Sahrens					*p1++ = *p2;
789Sahrens					*p2++ = tmp;
789Sahrens				}
789Sahrens			}
789Sahrens		}
789Sahrens	}
789Sahrens}
789Sahrens
789Sahrens/*
789Sahrens * Compare two acls, all fields.  Returns:
789Sahrens * -1 (less than)
789Sahrens *  0 (equal)
789Sahrens * +1 (greater than)
789Sahrens */
789Sahrensint
789Sahrenscmp2acls(void *a, void *b)
789Sahrens{
789Sahrens	aclent_t *x = (aclent_t *)a;
789Sahrens	aclent_t *y = (aclent_t *)b;
789Sahrens
789Sahrens	/* Compare types */
789Sahrens	if (x->a_type < y->a_type)
789Sahrens		return (-1);
789Sahrens	if (x->a_type > y->a_type)
789Sahrens		return (1);
789Sahrens	/* Equal types; compare id's */
789Sahrens	if (x->a_id < y->a_id)
789Sahrens		return (-1);
789Sahrens	if (x->a_id > y->a_id)
789Sahrens		return (1);
789Sahrens	/* Equal ids; compare perms */
789Sahrens	if (x->a_perm < y->a_perm)
789Sahrens		return (-1);
789Sahrens	if (x->a_perm > y->a_perm)
789Sahrens		return (1);
789Sahrens	/* Totally equal */
789Sahrens	return (0);
789Sahrens}
5331Samw
5331Samw/*ARGSUSED*/
5331Samwstatic void *
5331Samwcacl_realloc(void *ptr, size_t size, size_t new_size)
5331Samw{
5331Samw#if defined(_KERNEL)
5331Samw	void *tmp;
5331Samw
5331Samw	tmp = kmem_alloc(new_size, KM_SLEEP);
5331Samw	(void) memcpy(tmp, ptr, (size < new_size) ? size : new_size);
5331Samw	kmem_free(ptr, size);
5331Samw	return (tmp);
5331Samw#else
5331Samw	return (realloc(ptr, new_size));
5331Samw#endif
5331Samw}
5331Samw
5331Samwstatic int
5331Samwcacl_malloc(void **ptr, size_t size)
5331Samw{
5331Samw#if defined(_KERNEL)
5331Samw	*ptr = kmem_zalloc(size, KM_SLEEP);
5331Samw	return (0);
5331Samw#else
5331Samw	*ptr = calloc(1, size);
5331Samw	if (*ptr == NULL)
5331Samw		return (errno);
5331Samw
5331Samw	return (0);
5331Samw#endif
5331Samw}
5331Samw
5331Samw/*ARGSUSED*/
5331Samwstatic void
5331Samwcacl_free(void *ptr, size_t size)
5331Samw{
5331Samw#if defined(_KERNEL)
5331Samw	kmem_free(ptr, size);
5331Samw#else
5331Samw	free(ptr);
5331Samw#endif
5331Samw}
5331Samw
5331Samwacl_t *
5331Samwacl_alloc(enum acl_type type)
5331Samw{
5331Samw	acl_t *aclp;
5331Samw
5331Samw	if (cacl_malloc((void **)&aclp, sizeof (acl_t)) != 0)
5331Samw		return (NULL);
5331Samw
5331Samw	aclp->acl_aclp = NULL;
5331Samw	aclp->acl_cnt = 0;
5331Samw
5331Samw	switch (type) {
5331Samw	case ACE_T:
5331Samw		aclp->acl_type = ACE_T;
5331Samw		aclp->acl_entry_size = sizeof (ace_t);
5331Samw		break;
5331Samw	case ACLENT_T:
5331Samw		aclp->acl_type = ACLENT_T;
5331Samw		aclp->acl_entry_size = sizeof (aclent_t);
5331Samw		break;
5331Samw	default:
5331Samw		acl_free(aclp);
5331Samw		aclp = NULL;
5331Samw	}
5331Samw	return (aclp);
5331Samw}
5331Samw
5331Samw/*
5331Samw * Free acl_t structure
5331Samw */
5331Samwvoid
5331Samwacl_free(acl_t *aclp)
5331Samw{
5331Samw	int acl_size;
5331Samw
5331Samw	if (aclp == NULL)
5331Samw		return;
5331Samw
5331Samw	if (aclp->acl_aclp) {
5331Samw		acl_size = aclp->acl_cnt * aclp->acl_entry_size;
5331Samw		cacl_free(aclp->acl_aclp, acl_size);
5331Samw	}
5331Samw
5331Samw	cacl_free(aclp, sizeof (acl_t));
5331Samw}
5331Samw
5331Samwstatic uint32_t
5331Samwaccess_mask_set(int haswriteperm, int hasreadperm, int isowner, int isallow)
5331Samw{
5331Samw	uint32_t access_mask = 0;
5331Samw	int acl_produce;
5331Samw	int synchronize_set = 0, write_owner_set = 0;
5331Samw	int delete_set = 0, write_attrs_set = 0;
5331Samw	int read_named_set = 0, write_named_set = 0;
5331Samw
5331Samw	acl_produce = (ACL_SYNCHRONIZE_SET_ALLOW |
5331Samw	    ACL_WRITE_ATTRS_OWNER_SET_ALLOW |
5331Samw	    ACL_WRITE_ATTRS_WRITER_SET_DENY);
5331Samw
5331Samw	if (isallow) {
5331Samw		synchronize_set = ACL_SYNCHRONIZE_SET_ALLOW;
5331Samw		write_owner_set = ACL_WRITE_OWNER_SET_ALLOW;
5331Samw		delete_set = ACL_DELETE_SET_ALLOW;
5331Samw		if (hasreadperm)
5331Samw			read_named_set = ACL_READ_NAMED_READER_SET_ALLOW;
5331Samw		if (haswriteperm)
5331Samw			write_named_set = ACL_WRITE_NAMED_WRITER_SET_ALLOW;
5331Samw		if (isowner)
5331Samw			write_attrs_set = ACL_WRITE_ATTRS_OWNER_SET_ALLOW;
5331Samw		else if (haswriteperm)
5331Samw			write_attrs_set = ACL_WRITE_ATTRS_WRITER_SET_ALLOW;
5331Samw	} else {
5331Samw
5331Samw		synchronize_set = ACL_SYNCHRONIZE_SET_DENY;
5331Samw		write_owner_set = ACL_WRITE_OWNER_SET_DENY;
5331Samw		delete_set = ACL_DELETE_SET_DENY;
5331Samw		if (hasreadperm)
5331Samw			read_named_set = ACL_READ_NAMED_READER_SET_DENY;
5331Samw		if (haswriteperm)
5331Samw			write_named_set = ACL_WRITE_NAMED_WRITER_SET_DENY;
5331Samw		if (isowner)
5331Samw			write_attrs_set = ACL_WRITE_ATTRS_OWNER_SET_DENY;
5331Samw		else if (haswriteperm)
5331Samw			write_attrs_set = ACL_WRITE_ATTRS_WRITER_SET_DENY;
5331Samw		else
5331Samw			/*
5331Samw			 * If the entity is not the owner and does not
5331Samw			 * have write permissions ACE_WRITE_ATTRIBUTES will
5331Samw			 * always go in the DENY ACE.
5331Samw			 */
5331Samw			access_mask |= ACE_WRITE_ATTRIBUTES;
5331Samw	}
5331Samw
5331Samw	if (acl_produce & synchronize_set)
5331Samw		access_mask |= ACE_SYNCHRONIZE;
5331Samw	if (acl_produce & write_owner_set)
5331Samw		access_mask |= ACE_WRITE_OWNER;
5331Samw	if (acl_produce & delete_set)
5331Samw		access_mask |= ACE_DELETE;
5331Samw	if (acl_produce & write_attrs_set)
5331Samw		access_mask |= ACE_WRITE_ATTRIBUTES;
5331Samw	if (acl_produce & read_named_set)
5331Samw		access_mask |= ACE_READ_NAMED_ATTRS;
5331Samw	if (acl_produce & write_named_set)
5331Samw		access_mask |= ACE_WRITE_NAMED_ATTRS;
5331Samw
5331Samw	return (access_mask);
5331Samw}
5331Samw
5331Samw/*
5331Samw * Given an mode_t, convert it into an access_mask as used
5331Samw * by nfsace, assuming aclent_t -> nfsace semantics.
5331Samw */
5331Samwstatic uint32_t
5331Samwmode_to_ace_access(mode_t mode, int isdir, int isowner, int isallow)
5331Samw{
5331Samw	uint32_t access = 0;
5331Samw	int haswriteperm = 0;
5331Samw	int hasreadperm = 0;
5331Samw
5331Samw	if (isallow) {
5331Samw		haswriteperm = (mode & S_IWOTH);
5331Samw		hasreadperm = (mode & S_IROTH);
5331Samw	} else {
5331Samw		haswriteperm = !(mode & S_IWOTH);
5331Samw		hasreadperm = !(mode & S_IROTH);
5331Samw	}
5331Samw
5331Samw	/*
5331Samw	 * The following call takes care of correctly setting the following
5331Samw	 * mask bits in the access_mask:
5331Samw	 * ACE_SYNCHRONIZE, ACE_WRITE_OWNER, ACE_DELETE,
5331Samw	 * ACE_WRITE_ATTRIBUTES, ACE_WRITE_NAMED_ATTRS, ACE_READ_NAMED_ATTRS
5331Samw	 */
5331Samw	access = access_mask_set(haswriteperm, hasreadperm, isowner, isallow);
5331Samw
5331Samw	if (isallow) {
5331Samw		access |= ACE_READ_ACL | ACE_READ_ATTRIBUTES;
5331Samw		if (isowner)
5331Samw			access |= ACE_WRITE_ACL;
5331Samw	} else {
5331Samw		if (! isowner)
5331Samw			access |= ACE_WRITE_ACL;
5331Samw	}
5331Samw
5331Samw	/* read */
5331Samw	if (mode & S_IROTH) {
5331Samw		access |= ACE_READ_DATA;
5331Samw	}
5331Samw	/* write */
5331Samw	if (mode & S_IWOTH) {
5331Samw		access |= ACE_WRITE_DATA |
5331Samw		    ACE_APPEND_DATA;
5331Samw		if (isdir)
5331Samw			access |= ACE_DELETE_CHILD;
5331Samw	}
5331Samw	/* exec */
5331Samw	if (mode & 01) {
5331Samw		access |= ACE_EXECUTE;
5331Samw	}
5331Samw
5331Samw	return (access);
5331Samw}
5331Samw
5331Samw/*
5331Samw * Given an nfsace (presumably an ALLOW entry), make a
5331Samw * corresponding DENY entry at the address given.
5331Samw */
5331Samwstatic void
5331Samwace_make_deny(ace_t *allow, ace_t *deny, int isdir, int isowner)
5331Samw{
5331Samw	(void) memcpy(deny, allow, sizeof (ace_t));
5331Samw
5331Samw	deny->a_who = allow->a_who;
5331Samw
5331Samw	deny->a_type = ACE_ACCESS_DENIED_ACE_TYPE;
5331Samw	deny->a_access_mask ^= ACE_POSIX_SUPPORTED_BITS;
5331Samw	if (isdir)
5331Samw		deny->a_access_mask ^= ACE_DELETE_CHILD;
5331Samw
5331Samw	deny->a_access_mask &= ~(ACE_SYNCHRONIZE | ACE_WRITE_OWNER |
5331Samw	    ACE_DELETE | ACE_WRITE_ATTRIBUTES | ACE_READ_NAMED_ATTRS |
5331Samw	    ACE_WRITE_NAMED_ATTRS);
5331Samw	deny->a_access_mask |= access_mask_set((allow->a_access_mask &
5331Samw	    ACE_WRITE_DATA), (allow->a_access_mask & ACE_READ_DATA), isowner,
5331Samw	    B_FALSE);
5331Samw}
5331Samw/*
5331Samw * Make an initial pass over an array of aclent_t's.  Gather
5331Samw * information such as an ACL_MASK (if any), number of users,
5331Samw * number of groups, and whether the array needs to be sorted.
5331Samw */
5331Samwstatic int
5331Samwln_aent_preprocess(aclent_t *aclent, int n,
5331Samw    int *hasmask, mode_t *mask,
5331Samw    int *numuser, int *numgroup, int *needsort)
5331Samw{
5331Samw	int error = 0;
5331Samw	int i;
5331Samw	int curtype = 0;
5331Samw
5331Samw	*hasmask = 0;
5331Samw	*mask = 07;
5331Samw	*needsort = 0;
5331Samw	*numuser = 0;
5331Samw	*numgroup = 0;
5331Samw
5331Samw	for (i = 0; i < n; i++) {
5331Samw		if (aclent[i].a_type < curtype)
5331Samw			*needsort = 1;
5331Samw		else if (aclent[i].a_type > curtype)
5331Samw			curtype = aclent[i].a_type;
5331Samw		if (aclent[i].a_type & USER)
5331Samw			(*numuser)++;
5331Samw		if (aclent[i].a_type & (GROUP | GROUP_OBJ))
5331Samw			(*numgroup)++;
5331Samw		if (aclent[i].a_type & CLASS_OBJ) {
5331Samw			if (*hasmask) {
5331Samw				error = EINVAL;
5331Samw				goto out;
5331Samw			} else {
5331Samw				*hasmask = 1;
5331Samw				*mask = aclent[i].a_perm;
5331Samw			}
5331Samw		}
5331Samw	}
5331Samw
5331Samw	if ((! *hasmask) && (*numuser + *numgroup > 1)) {
5331Samw		error = EINVAL;
5331Samw		goto out;
5331Samw	}
5331Samw
5331Samwout:
5331Samw	return (error);
5331Samw}
5331Samw
5331Samw/*
5331Samw * Convert an array of aclent_t into an array of nfsace entries,
5331Samw * following POSIX draft -> nfsv4 conversion semantics as outlined in
5331Samw * the IETF draft.
5331Samw */
5331Samwstatic int
5331Samwln_aent_to_ace(aclent_t *aclent, int n, ace_t **acepp, int *rescount, int isdir)
5331Samw{
5331Samw	int error = 0;
5331Samw	mode_t mask;
5331Samw	int numuser, numgroup, needsort;
5331Samw	int resultsize = 0;
5331Samw	int i, groupi = 0, skip;
5331Samw	ace_t *acep, *result = NULL;
5331Samw	int hasmask;
5331Samw
5331Samw	error = ln_aent_preprocess(aclent, n, &hasmask, &mask,
5331Samw	    &numuser, &numgroup, &needsort);
5331Samw	if (error != 0)
5331Samw		goto out;
5331Samw
5331Samw	/* allow + deny for each aclent */
5331Samw	resultsize = n * 2;
5331Samw	if (hasmask) {
5331Samw		/*
5331Samw		 * stick extra deny on the group_obj and on each
5331Samw		 * user|group for the mask (the group_obj was added
5331Samw		 * into the count for numgroup)
5331Samw		 */
5331Samw		resultsize += numuser + numgroup;
5331Samw		/* ... and don't count the mask itself */
5331Samw		resultsize -= 2;
5331Samw	}
5331Samw
5331Samw	/* sort the source if necessary */
5331Samw	if (needsort)
5331Samw		ksort((caddr_t)aclent, n, sizeof (aclent_t), cmp2acls);
5331Samw
5331Samw	if (cacl_malloc((void **)&result, resultsize * sizeof (ace_t)) != 0)
5331Samw		goto out;
5331Samw
5331Samw	acep = result;
5331Samw
5331Samw	for (i = 0; i < n; i++) {
5331Samw		/*
5331Samw		 * don't process CLASS_OBJ (mask); mask was grabbed in
5331Samw		 * ln_aent_preprocess()
5331Samw		 */
5331Samw		if (aclent[i].a_type & CLASS_OBJ)
5331Samw			continue;
5331Samw
5331Samw		/* If we need an ACL_MASK emulator, prepend it now */
5331Samw		if ((hasmask) &&
5331Samw		    (aclent[i].a_type & (USER | GROUP | GROUP_OBJ))) {
5331Samw			acep->a_type = ACE_ACCESS_DENIED_ACE_TYPE;
5331Samw			acep->a_flags = 0;
5331Samw			if (aclent[i].a_type & GROUP_OBJ) {
5331Samw				acep->a_who = (uid_t)-1;
5331Samw				acep->a_flags |=
5331Samw				    (ACE_IDENTIFIER_GROUP|ACE_GROUP);
5331Samw			} else if (aclent[i].a_type & USER) {
5331Samw				acep->a_who = aclent[i].a_id;
5331Samw			} else {
5331Samw				acep->a_who = aclent[i].a_id;
5331Samw				acep->a_flags |= ACE_IDENTIFIER_GROUP;
5331Samw			}
5331Samw			if (aclent[i].a_type & ACL_DEFAULT) {
5331Samw				acep->a_flags |= ACE_INHERIT_ONLY_ACE |
5331Samw				    ACE_FILE_INHERIT_ACE |
5331Samw				    ACE_DIRECTORY_INHERIT_ACE;
5331Samw			}
5331Samw			/*
5331Samw			 * Set the access mask for the prepended deny
5331Samw			 * ace.  To do this, we invert the mask (found
5331Samw			 * in ln_aent_preprocess()) then convert it to an
5331Samw			 * DENY ace access_mask.
5331Samw			 */
5331Samw			acep->a_access_mask = mode_to_ace_access((mask ^ 07),
5331Samw			    isdir, 0, 0);
5331Samw			acep += 1;
5331Samw		}
5331Samw
5331Samw		/* handle a_perm -> access_mask */
5331Samw		acep->a_access_mask = mode_to_ace_access(aclent[i].a_perm,
5331Samw		    isdir, aclent[i].a_type & USER_OBJ, 1);
5331Samw
5331Samw		/* emulate a default aclent */
5331Samw		if (aclent[i].a_type & ACL_DEFAULT) {
5331Samw			acep->a_flags |= ACE_INHERIT_ONLY_ACE |
5331Samw			    ACE_FILE_INHERIT_ACE |
5331Samw			    ACE_DIRECTORY_INHERIT_ACE;
5331Samw		}
5331Samw
5331Samw		/*
5331Samw		 * handle a_perm and a_id
5331Samw		 *
5331Samw		 * this must be done last, since it involves the
5331Samw		 * corresponding deny aces, which are handled
5331Samw		 * differently for each different a_type.
5331Samw		 */
5331Samw		if (aclent[i].a_type & USER_OBJ) {
5331Samw			acep->a_who = (uid_t)-1;
5331Samw			acep->a_flags |= ACE_OWNER;
5331Samw			ace_make_deny(acep, acep + 1, isdir, B_TRUE);
5331Samw			acep += 2;
5331Samw		} else if (aclent[i].a_type & USER) {
5331Samw			acep->a_who = aclent[i].a_id;
5331Samw			ace_make_deny(acep, acep + 1, isdir, B_FALSE);
5331Samw			acep += 2;
5331Samw		} else if (aclent[i].a_type & (GROUP_OBJ | GROUP)) {
5331Samw			if (aclent[i].a_type & GROUP_OBJ) {
5331Samw				acep->a_who = (uid_t)-1;
5331Samw				acep->a_flags |= ACE_GROUP;
5331Samw			} else {
5331Samw				acep->a_who = aclent[i].a_id;
5331Samw			}
5331Samw			acep->a_flags |= ACE_IDENTIFIER_GROUP;
5331Samw			/*
5331Samw			 * Set the corresponding deny for the group ace.
5331Samw			 *
5331Samw			 * The deny aces go after all of the groups, unlike
5331Samw			 * everything else, where they immediately follow
5331Samw			 * the allow ace.
5331Samw			 *
5331Samw			 * We calculate "skip", the number of slots to
5331Samw			 * skip ahead for the deny ace, here.
5331Samw			 *
5331Samw			 * The pattern is:
5331Samw			 * MD1 A1 MD2 A2 MD3 A3 D1 D2 D3
5331Samw			 * thus, skip is
5331Samw			 * (2 * numgroup) - 1 - groupi
5331Samw			 * (2 * numgroup) to account for MD + A
5331Samw			 * - 1 to account for the fact that we're on the
5331Samw			 * access (A), not the mask (MD)
5331Samw			 * - groupi to account for the fact that we have
5331Samw			 * passed up groupi number of MD's.
5331Samw			 */
5331Samw			skip = (2 * numgroup) - 1 - groupi;
5331Samw			ace_make_deny(acep, acep + skip, isdir, B_FALSE);
5331Samw			/*
5331Samw			 * If we just did the last group, skip acep past
5331Samw			 * all of the denies; else, just move ahead one.
5331Samw			 */
5331Samw			if (++groupi >= numgroup)
5331Samw				acep += numgroup + 1;
5331Samw			else
5331Samw				acep += 1;
5331Samw		} else if (aclent[i].a_type & OTHER_OBJ) {
5331Samw			acep->a_who = (uid_t)-1;
5331Samw			acep->a_flags |= ACE_EVERYONE;
5331Samw			ace_make_deny(acep, acep + 1, isdir, B_FALSE);
5331Samw			acep += 2;
5331Samw		} else {
5331Samw			error = EINVAL;
5331Samw			goto out;
5331Samw		}
5331Samw	}
5331Samw
5331Samw	*acepp = result;
5331Samw	*rescount = resultsize;
5331Samw
5331Samwout:
5331Samw	if (error != 0) {
5331Samw		if ((result != NULL) && (resultsize > 0)) {
5331Samw			cacl_free(result, resultsize * sizeof (ace_t));
5331Samw		}
5331Samw	}
5331Samw
5331Samw	return (error);
5331Samw}
5331Samw
5331Samwstatic int
5331Samwconvert_aent_to_ace(aclent_t *aclentp, int aclcnt, int isdir,
5331Samw    ace_t **retacep, int *retacecnt)
5331Samw{
5331Samw	ace_t *acep;
5331Samw	ace_t *dfacep;
5331Samw	int acecnt = 0;
5331Samw	int dfacecnt = 0;
5331Samw	int dfaclstart = 0;
5331Samw	int dfaclcnt = 0;
5331Samw	aclent_t *aclp;
5331Samw	int i;
5331Samw	int error;
5331Samw	int acesz, dfacesz;
5331Samw
5331Samw	ksort((caddr_t)aclentp, aclcnt, sizeof (aclent_t), cmp2acls);
5331Samw
5331Samw	for (i = 0, aclp = aclentp; i < aclcnt; aclp++, i++) {
5331Samw		if (aclp->a_type & ACL_DEFAULT)
5331Samw			break;
5331Samw	}
5331Samw
5331Samw	if (i < aclcnt) {
5331Samw		dfaclstart = i;
5331Samw		dfaclcnt = aclcnt - i;
5331Samw	}
5331Samw
5331Samw	if (dfaclcnt && isdir == 0) {
5331Samw		return (EINVAL);
5331Samw	}
5331Samw
5331Samw	error = ln_aent_to_ace(aclentp, i,  &acep, &acecnt, isdir);
5331Samw	if (error)
5331Samw		return (error);
5331Samw
5331Samw	if (dfaclcnt) {
5331Samw		error = ln_aent_to_ace(&aclentp[dfaclstart], dfaclcnt,
5331Samw		    &dfacep, &dfacecnt, isdir);
5331Samw		if (error) {
5331Samw			if (acep) {
5331Samw				cacl_free(acep, acecnt * sizeof (ace_t));
5331Samw			}
5331Samw			return (error);
5331Samw		}
5331Samw	}
5331Samw
5331Samw	if (dfacecnt != 0) {
5331Samw		acesz = sizeof (ace_t) * acecnt;
5331Samw		dfacesz = sizeof (ace_t) * dfacecnt;
5331Samw		acep = cacl_realloc(acep, acesz, acesz + dfacesz);
5331Samw		if (acep == NULL)
5331Samw			return (ENOMEM);
5331Samw		if (dfaclcnt) {
5331Samw			(void) memcpy(acep + acecnt, dfacep, dfacesz);
5331Samw		}
5331Samw	}
5331Samw	if (dfaclcnt)
5331Samw		cacl_free(dfacep, dfacecnt * sizeof (ace_t));
5331Samw
5331Samw	*retacecnt = acecnt + dfacecnt;
5331Samw	*retacep = acep;
5331Samw	return (0);
5331Samw}
5331Samw
5331Samwstatic int
5331Samwace_mask_to_mode(uint32_t  mask, o_mode_t *modep, int isdir)
5331Samw{
5331Samw	int error = 0;
5331Samw	o_mode_t mode = 0;
5331Samw	uint32_t bits, wantbits;
5331Samw
5331Samw	/* read */
5331Samw	if (mask & ACE_READ_DATA)
5331Samw		mode |= S_IROTH;
5331Samw
5331Samw	/* write */
5331Samw	wantbits = (ACE_WRITE_DATA | ACE_APPEND_DATA);
5331Samw	if (isdir)
5331Samw		wantbits |= ACE_DELETE_CHILD;
5331Samw	bits = mask & wantbits;
5331Samw	if (bits != 0) {
5331Samw		if (bits != wantbits) {
5331Samw			error = ENOTSUP;
5331Samw			goto out;
5331Samw		}
5331Samw		mode |= S_IWOTH;
5331Samw	}
5331Samw
5331Samw	/* exec */
5331Samw	if (mask & ACE_EXECUTE) {
5331Samw		mode |= S_IXOTH;
5331Samw	}
5331Samw
5331Samw	*modep = mode;
5331Samw
5331Samwout:
5331Samw	return (error);
5331Samw}
5331Samw
5331Samwstatic void
5331Samwacevals_init(acevals_t *vals, uid_t key)
5331Samw{
5331Samw	bzero(vals, sizeof (*vals));
5331Samw	vals->allowed = ACE_MASK_UNDEFINED;
5331Samw	vals->denied = ACE_MASK_UNDEFINED;
5331Samw	vals->mask = ACE_MASK_UNDEFINED;
5331Samw	vals->key = key;
5331Samw}
5331Samw
5331Samwstatic void
5331Samwace_list_init(ace_list_t *al, int dfacl_flag)
5331Samw{
5331Samw	acevals_init(&al->user_obj, NULL);
5331Samw	acevals_init(&al->group_obj, NULL);
5331Samw	acevals_init(&al->other_obj, NULL);
5331Samw	al->numusers = 0;
5331Samw	al->numgroups = 0;
5331Samw	al->acl_mask = 0;
5331Samw	al->hasmask = 0;
5331Samw	al->state = ace_unused;
5331Samw	al->seen = 0;
5331Samw	al->dfacl_flag = dfacl_flag;
5331Samw}
5331Samw
5331Samw/*
5331Samw * Find or create an acevals holder for a given id and avl tree.
5331Samw *
5331Samw * Note that only one thread will ever touch these avl trees, so
5331Samw * there is no need for locking.
5331Samw */
5331Samwstatic acevals_t *
5331Samwacevals_find(ace_t *ace, avl_tree_t *avl, int *num)
5331Samw{
5331Samw	acevals_t key, *rc;
5331Samw	avl_index_t where;
5331Samw
5331Samw	key.key = ace->a_who;
5331Samw	rc = avl_find(avl, &key, &where);
5331Samw	if (rc != NULL)
5331Samw		return (rc);
5331Samw
5331Samw	/* this memory is freed by ln_ace_to_aent()->ace_list_free() */
5331Samw	if (cacl_malloc((void **)&rc, sizeof (acevals_t)) != 0)
5331Samw		return (NULL);
5331Samw
5331Samw	acevals_init(rc, ace->a_who);
5331Samw	avl_insert(avl, rc, where);
5331Samw	(*num)++;
5331Samw
5331Samw	return (rc);
5331Samw}
5331Samw
5331Samwstatic int
5331Samwaccess_mask_check(ace_t *acep, int mask_bit, int isowner)
5331Samw{
5331Samw	int set_deny, err_deny;
5331Samw	int set_allow, err_allow;
5331Samw	int acl_consume;
5331Samw	int haswriteperm, hasreadperm;
5331Samw
5331Samw	if (acep->a_type == ACE_ACCESS_DENIED_ACE_TYPE) {
5331Samw		haswriteperm = (acep->a_access_mask & ACE_WRITE_DATA) ? 0 : 1;
5331Samw		hasreadperm = (acep->a_access_mask & ACE_READ_DATA) ? 0 : 1;
5331Samw	} else {
5331Samw		haswriteperm = (acep->a_access_mask & ACE_WRITE_DATA) ? 1 : 0;
5331Samw		hasreadperm = (acep->a_access_mask & ACE_READ_DATA) ? 1 : 0;
5331Samw	}
5331Samw
5331Samw	acl_consume = (ACL_SYNCHRONIZE_ERR_DENY |
5331Samw	    ACL_DELETE_ERR_DENY |
5331Samw	    ACL_WRITE_OWNER_ERR_DENY |
5331Samw	    ACL_WRITE_OWNER_ERR_ALLOW |
5331Samw	    ACL_WRITE_ATTRS_OWNER_SET_ALLOW |
5331Samw	    ACL_WRITE_ATTRS_OWNER_ERR_DENY |
5331Samw	    ACL_WRITE_ATTRS_WRITER_SET_DENY |
5331Samw	    ACL_WRITE_ATTRS_WRITER_ERR_ALLOW |
5331Samw	    ACL_WRITE_NAMED_WRITER_ERR_DENY |
5331Samw	    ACL_READ_NAMED_READER_ERR_DENY);
5331Samw
5331Samw	if (mask_bit == ACE_SYNCHRONIZE) {
5331Samw		set_deny = ACL_SYNCHRONIZE_SET_DENY;
5331Samw		err_deny =  ACL_SYNCHRONIZE_ERR_DENY;
5331Samw		set_allow = ACL_SYNCHRONIZE_SET_ALLOW;
5331Samw		err_allow = ACL_SYNCHRONIZE_ERR_ALLOW;
5331Samw	} else if (mask_bit == ACE_WRITE_OWNER) {
5331Samw		set_deny = ACL_WRITE_OWNER_SET_DENY;
5331Samw		err_deny =  ACL_WRITE_OWNER_ERR_DENY;
5331Samw		set_allow = ACL_WRITE_OWNER_SET_ALLOW;
5331Samw		err_allow = ACL_WRITE_OWNER_ERR_ALLOW;
5331Samw	} else if (mask_bit == ACE_DELETE) {
5331Samw		set_deny = ACL_DELETE_SET_DENY;
5331Samw		err_deny =  ACL_DELETE_ERR_DENY;
5331Samw		set_allow = ACL_DELETE_SET_ALLOW;
5331Samw		err_allow = ACL_DELETE_ERR_ALLOW;
5331Samw	} else if (mask_bit == ACE_WRITE_ATTRIBUTES) {
5331Samw		if (isowner) {
5331Samw			set_deny = ACL_WRITE_ATTRS_OWNER_SET_DENY;
5331Samw			err_deny =  ACL_WRITE_ATTRS_OWNER_ERR_DENY;
5331Samw			set_allow = ACL_WRITE_ATTRS_OWNER_SET_ALLOW;
5331Samw			err_allow = ACL_WRITE_ATTRS_OWNER_ERR_ALLOW;
5331Samw		} else if (haswriteperm) {
5331Samw			set_deny = ACL_WRITE_ATTRS_WRITER_SET_DENY;
5331Samw			err_deny =  ACL_WRITE_ATTRS_WRITER_ERR_DENY;
5331Samw			set_allow = ACL_WRITE_ATTRS_WRITER_SET_ALLOW;
5331Samw			err_allow = ACL_WRITE_ATTRS_WRITER_ERR_ALLOW;
5331Samw		} else {
5331Samw			if ((acep->a_access_mask & mask_bit) &&
5331Samw			    (acep->a_type & ACE_ACCESS_ALLOWED_ACE_TYPE)) {
5331Samw				return (ENOTSUP);
5331Samw			}
5331Samw			return (0);
5331Samw		}
5331Samw	} else if (mask_bit == ACE_READ_NAMED_ATTRS) {
5331Samw		if (!hasreadperm)
5331Samw			return (0);
5331Samw
5331Samw		set_deny = ACL_READ_NAMED_READER_SET_DENY;
5331Samw		err_deny = ACL_READ_NAMED_READER_ERR_DENY;
5331Samw		set_allow = ACL_READ_NAMED_READER_SET_ALLOW;
5331Samw		err_allow = ACL_READ_NAMED_READER_ERR_ALLOW;
5331Samw	} else if (mask_bit == ACE_WRITE_NAMED_ATTRS) {
5331Samw		if (!haswriteperm)
5331Samw			return (0);
5331Samw
5331Samw		set_deny = ACL_WRITE_NAMED_WRITER_SET_DENY;
5331Samw		err_deny = ACL_WRITE_NAMED_WRITER_ERR_DENY;
5331Samw		set_allow = ACL_WRITE_NAMED_WRITER_SET_ALLOW;
5331Samw		err_allow = ACL_WRITE_NAMED_WRITER_ERR_ALLOW;
5331Samw	} else {
5331Samw		return (EINVAL);
5331Samw	}
5331Samw
5331Samw	if (acep->a_type == ACE_ACCESS_DENIED_ACE_TYPE) {
5331Samw		if (acl_consume & set_deny) {
5331Samw			if (!(acep->a_access_mask & mask_bit)) {
5331Samw				return (ENOTSUP);
5331Samw			}
5331Samw		} else if (acl_consume & err_deny) {
5331Samw			if (acep->a_access_mask & mask_bit) {
5331Samw				return (ENOTSUP);
5331Samw			}
5331Samw		}
5331Samw	} else {
5331Samw		/* ACE_ACCESS_ALLOWED_ACE_TYPE */
5331Samw		if (acl_consume & set_allow) {
5331Samw			if (!(acep->a_access_mask & mask_bit)) {
5331Samw				return (ENOTSUP);
5331Samw			}
5331Samw		} else if (acl_consume & err_allow) {
5331Samw			if (acep->a_access_mask & mask_bit) {
5331Samw				return (ENOTSUP);
5331Samw			}
5331Samw		}
5331Samw	}
5331Samw	return (0);
5331Samw}
5331Samw
5331Samwstatic int
5331Samwace_to_aent_legal(ace_t *acep)
5331Samw{
5331Samw	int error = 0;
5331Samw	int isowner;
5331Samw
5331Samw	/* only ALLOW or DENY */
5331Samw	if ((acep->a_type != ACE_ACCESS_ALLOWED_ACE_TYPE) &&
5331Samw	    (acep->a_type != ACE_ACCESS_DENIED_ACE_TYPE)) {
5331Samw		error = ENOTSUP;
5331Samw		goto out;
5331Samw	}
5331Samw
5331Samw	/* check for invalid flags */
5331Samw	if (acep->a_flags & ~(ACE_VALID_FLAG_BITS)) {
5331Samw		error = EINVAL;
5331Samw		goto out;
5331Samw	}
5331Samw
5331Samw	/* some flags are illegal */
5331Samw	if (acep->a_flags & (ACE_SUCCESSFUL_ACCESS_ACE_FLAG |
5331Samw	    ACE_FAILED_ACCESS_ACE_FLAG |
5331Samw	    ACE_NO_PROPAGATE_INHERIT_ACE)) {
5331Samw		error = ENOTSUP;
5331Samw		goto out;
5331Samw	}
5331Samw
5331Samw	/* check for invalid masks */
5331Samw	if (acep->a_access_mask & ~(ACE_VALID_MASK_BITS)) {
5331Samw		error = EINVAL;
5331Samw		goto out;
5331Samw	}
5331Samw
5331Samw	if ((acep->a_flags & ACE_OWNER)) {
5331Samw		isowner = 1;
5331Samw	} else {
5331Samw		isowner = 0;
5331Samw	}
5331Samw
5331Samw	error = access_mask_check(acep, ACE_SYNCHRONIZE, isowner);
5331Samw	if (error)
5331Samw		goto out;
5331Samw
5331Samw	error = access_mask_check(acep, ACE_WRITE_OWNER, isowner);
5331Samw	if (error)
5331Samw		goto out;
5331Samw
5331Samw	error = access_mask_check(acep, ACE_DELETE, isowner);
5331Samw	if (error)
5331Samw		goto out;
5331Samw
5331Samw	error = access_mask_check(acep, ACE_WRITE_ATTRIBUTES, isowner);
5331Samw	if (error)
5331Samw		goto out;
5331Samw
5331Samw	error = access_mask_check(acep, ACE_READ_NAMED_ATTRS, isowner);
5331Samw	if (error)
5331Samw		goto out;
5331Samw
5331Samw	error = access_mask_check(acep, ACE_WRITE_NAMED_ATTRS, isowner);
5331Samw	if (error)
5331Samw		goto out;
5331Samw
5331Samw	/* more detailed checking of masks */
5331Samw	if (acep->a_type == ACE_ACCESS_ALLOWED_ACE_TYPE) {
5331Samw		if (! (acep->a_access_mask & ACE_READ_ATTRIBUTES)) {
5331Samw			error = ENOTSUP;
5331Samw			goto out;
5331Samw		}
5331Samw		if ((acep->a_access_mask & ACE_WRITE_DATA) &&
5331Samw		    (! (acep->a_access_mask & ACE_APPEND_DATA))) {
5331Samw			error = ENOTSUP;
5331Samw			goto out;
5331Samw		}
5331Samw		if ((! (acep->a_access_mask & ACE_WRITE_DATA)) &&
5331Samw		    (acep->a_access_mask & ACE_APPEND_DATA)) {
5331Samw			error = ENOTSUP;
5331Samw			goto out;
5331Samw		}
5331Samw	}
5331Samw
5331Samw	/* ACL enforcement */
5331Samw	if ((acep->a_access_mask & ACE_READ_ACL) &&
5331Samw	    (acep->a_type != ACE_ACCESS_ALLOWED_ACE_TYPE)) {
5331Samw		error = ENOTSUP;
5331Samw		goto out;
5331Samw	}
5331Samw	if (acep->a_access_mask & ACE_WRITE_ACL) {
5331Samw		if ((acep->a_type == ACE_ACCESS_DENIED_ACE_TYPE) &&
5331Samw		    (isowner)) {
5331Samw			error = ENOTSUP;
5331Samw			goto out;
5331Samw		}
5331Samw		if ((acep->a_type == ACE_ACCESS_ALLOWED_ACE_TYPE) &&
5331Samw		    (! isowner)) {
5331Samw			error = ENOTSUP;
5331Samw			goto out;
5331Samw		}
5331Samw	}
5331Samw
5331Samwout:
5331Samw	return (error);
5331Samw}
5331Samw
5331Samwstatic int
5331Samwace_allow_to_mode(uint32_t mask, o_mode_t *modep, int isdir)
5331Samw{
5331Samw	/* ACE_READ_ACL and ACE_READ_ATTRIBUTES must both be set */
5331Samw	if ((mask & (ACE_READ_ACL | ACE_READ_ATTRIBUTES)) !=
5331Samw	    (ACE_READ_ACL | ACE_READ_ATTRIBUTES)) {
5331Samw		return (ENOTSUP);
5331Samw	}
5331Samw
5331Samw	return (ace_mask_to_mode(mask, modep, isdir));
5331Samw}
5331Samw
5331Samwstatic int
5331Samwacevals_to_aent(acevals_t *vals, aclent_t *dest, ace_list_t *list,
5331Samw    uid_t owner, gid_t group, int isdir)
5331Samw{
5331Samw	int error;
5331Samw	uint32_t  flips = ACE_POSIX_SUPPORTED_BITS;
5331Samw
5331Samw	if (isdir)
5331Samw		flips |= ACE_DELETE_CHILD;
5331Samw	if (vals->allowed != (vals->denied ^ flips)) {
5331Samw		error = ENOTSUP;
5331Samw		goto out;
5331Samw	}
5331Samw	if ((list->hasmask) && (list->acl_mask != vals->mask) &&
5331Samw	    (vals->aent_type & (USER | GROUP | GROUP_OBJ))) {
5331Samw		error = ENOTSUP;
5331Samw		goto out;
5331Samw	}
5331Samw	error = ace_allow_to_mode(vals->allowed, &dest->a_perm, isdir);
5331Samw	if (error != 0)
5331Samw		goto out;
5331Samw	dest->a_type = vals->aent_type;
5331Samw	if (dest->a_type & (USER | GROUP)) {
5331Samw		dest->a_id = vals->key;
5331Samw	} else if (dest->a_type & USER_OBJ) {
5331Samw		dest->a_id = owner;
5331Samw	} else if (dest->a_type & GROUP_OBJ) {
5331Samw		dest->a_id = group;
5331Samw	} else if (dest->a_type & OTHER_OBJ) {
5331Samw		dest->a_id = 0;
5331Samw	} else {
5331Samw		error = EINVAL;
5331Samw		goto out;
5331Samw	}
5331Samw
5331Samwout:
5331Samw	return (error);
5331Samw}
5331Samw
5331Samw
5331Samwstatic int
5331Samwace_list_to_aent(ace_list_t *list, aclent_t **aclentp, int *aclcnt,
5331Samw    uid_t owner, gid_t group, int isdir)
5331Samw{
5331Samw	int error = 0;
5331Samw	aclent_t *aent, *result = NULL;
5331Samw	acevals_t *vals;
5331Samw	int resultcount;
5331Samw
5331Samw	if ((list->seen & (USER_OBJ | GROUP_OBJ | OTHER_OBJ)) !=
5331Samw	    (USER_OBJ | GROUP_OBJ | OTHER_OBJ)) {
5331Samw		error = ENOTSUP;
5331Samw		goto out;
5331Samw	}
5331Samw	if ((! list->hasmask) && (list->numusers + list->numgroups > 0)) {
5331Samw		error = ENOTSUP;
5331Samw		goto out;
5331Samw	}
5331Samw
5331Samw	resultcount = 3 + list->numusers + list->numgroups;
5331Samw	/*
5331Samw	 * This must be the same condition as below, when we add the CLASS_OBJ
5331Samw	 * (aka ACL mask)
5331Samw	 */
5331Samw	if ((list->hasmask) || (! list->dfacl_flag))
5331Samw		resultcount += 1;
5331Samw
5331Samw	if (cacl_malloc((void **)&result,
5331Samw	    resultcount * sizeof (aclent_t)) != 0) {
5331Samw		error = ENOMEM;
5331Samw		goto out;
5331Samw	}
5331Samw	aent = result;
5331Samw
5331Samw	/* USER_OBJ */
5331Samw	if (!(list->user_obj.aent_type & USER_OBJ)) {
5331Samw		error = EINVAL;
5331Samw		goto out;
5331Samw	}
5331Samw
5331Samw	error = acevals_to_aent(&list->user_obj, aent, list, owner, group,
5331Samw	    isdir);
5331Samw
5331Samw	if (error != 0)
5331Samw		goto out;
5331Samw	++aent;
5331Samw	/* USER */
5331Samw	vals = NULL;
5331Samw	for (vals = avl_first(&list->user); vals != NULL;
5331Samw	    vals = AVL_NEXT(&list->user, vals)) {
5331Samw		if (!(vals->aent_type & USER)) {
5331Samw			error = EINVAL;
5331Samw			goto out;
5331Samw		}
5331Samw		error = acevals_to_aent(vals, aent, list, owner, group,
5331Samw		    isdir);
5331Samw		if (error != 0)
5331Samw			goto out;
5331Samw		++aent;
5331Samw	}
5331Samw	/* GROUP_OBJ */
5331Samw	if (!(list->group_obj.aent_type & GROUP_OBJ)) {
5331Samw		error = EINVAL;
5331Samw		goto out;
5331Samw	}
5331Samw	error = acevals_to_aent(&list->group_obj, aent, list, owner, group,
5331Samw	    isdir);
5331Samw	if (error != 0)
5331Samw		goto out;
5331Samw	++aent;
5331Samw	/* GROUP */
5331Samw	vals = NULL;
5331Samw	for (vals = avl_first(&list->group); vals != NULL;
5331Samw	    vals = AVL_NEXT(&list->group, vals)) {
5331Samw		if (!(vals->aent_type & GROUP)) {
5331Samw			error = EINVAL;
5331Samw			goto out;
5331Samw		}
5331Samw		error = acevals_to_aent(vals, aent, list, owner, group,
5331Samw		    isdir);
5331Samw		if (error != 0)
5331Samw			goto out;
5331Samw		++aent;
5331Samw	}
5331Samw	/*
5331Samw	 * CLASS_OBJ (aka ACL_MASK)
5331Samw	 *
5331Samw	 * An ACL_MASK is not fabricated if the ACL is a default ACL.
5331Samw	 * This is to follow UFS's behavior.
5331Samw	 */
5331Samw	if ((list->hasmask) || (! list->dfacl_flag)) {
5331Samw		if (list->hasmask) {
5331Samw			uint32_t flips = ACE_POSIX_SUPPORTED_BITS;
5331Samw			if (isdir)
5331Samw				flips |= ACE_DELETE_CHILD;
5331Samw			error = ace_mask_to_mode(list->acl_mask ^ flips,
5331Samw			    &aent->a_perm, isdir);
5331Samw			if (error != 0)
5331Samw				goto out;
5331Samw		} else {
5331Samw			/* fabricate the ACL_MASK from the group permissions */
5331Samw			error = ace_mask_to_mode(list->group_obj.allowed,
5331Samw			    &aent->a_perm, isdir);
5331Samw			if (error != 0)
5331Samw				goto out;
5331Samw		}
5331Samw		aent->a_id = 0;
5331Samw		aent->a_type = CLASS_OBJ | list->dfacl_flag;
5331Samw		++aent;
5331Samw	}
5331Samw	/* OTHER_OBJ */
5331Samw	if (!(list->other_obj.aent_type & OTHER_OBJ)) {
5331Samw		error = EINVAL;
5331Samw		goto out;
5331Samw	}
5331Samw	error = acevals_to_aent(&list->other_obj, aent, list, owner, group,
5331Samw	    isdir);
5331Samw	if (error != 0)
5331Samw		goto out;
5331Samw	++aent;
5331Samw
5331Samw	*aclentp = result;
5331Samw	*aclcnt = resultcount;
5331Samw
5331Samwout:
5331Samw	if (error != 0) {
5331Samw		if (result != NULL)
5331Samw			cacl_free(result, resultcount * sizeof (aclent_t));
5331Samw	}
5331Samw
5331Samw	return (error);
5331Samw}
5331Samw
5331Samw
5331Samw/*
5331Samw * free all data associated with an ace_list
5331Samw */
5331Samwstatic void
5331Samwace_list_free(ace_list_t *al)
5331Samw{
5331Samw	acevals_t *node;
5331Samw	void *cookie;
5331Samw
5331Samw	if (al == NULL)
5331Samw		return;
5331Samw
5331Samw	cookie = NULL;
5331Samw	while ((node = avl_destroy_nodes(&al->user, &cookie)) != NULL)
5331Samw		cacl_free(node, sizeof (acevals_t));
5331Samw	cookie = NULL;
5331Samw	while ((node = avl_destroy_nodes(&al->group, &cookie)) != NULL)
5331Samw		cacl_free(node, sizeof (acevals_t));
5331Samw
5331Samw	avl_destroy(&al->user);
5331Samw	avl_destroy(&al->group);
5331Samw
5331Samw	/* free the container itself */
5331Samw	cacl_free(al, sizeof (ace_list_t));
5331Samw}
5331Samw
5331Samwstatic int
5331Samwacevals_compare(const void *va, const void *vb)
5331Samw{
5331Samw	const acevals_t *a = va, *b = vb;
5331Samw
5331Samw	if (a->key == b->key)
5331Samw		return (0);
5331Samw
5331Samw	if (a->key > b->key)
5331Samw		return (1);
5331Samw
5331Samw	else
5331Samw		return (-1);
5331Samw}
5331Samw
5331Samw/*
5331Samw * Convert a list of ace_t entries to equivalent regular and default
5331Samw * aclent_t lists.  Return error (ENOTSUP) when conversion is not possible.
5331Samw */
5331Samwstatic int
5331Samwln_ace_to_aent(ace_t *ace, int n, uid_t owner, gid_t group,
5331Samw    aclent_t **aclentp, int *aclcnt, aclent_t **dfaclentp, int *dfaclcnt,
5331Samw    int isdir)
5331Samw{
5331Samw	int error = 0;
5331Samw	ace_t *acep;
5331Samw	uint32_t bits;
5331Samw	int i;
5331Samw	ace_list_t *normacl = NULL, *dfacl = NULL, *acl;
5331Samw	acevals_t *vals;
5331Samw
5331Samw	*aclentp = NULL;
5331Samw	*aclcnt = 0;
5331Samw	*dfaclentp = NULL;
5331Samw	*dfaclcnt = 0;
5331Samw
5331Samw	/* we need at least user_obj, group_obj, and other_obj */
5331Samw	if (n < 6) {
5331Samw		error = ENOTSUP;
5331Samw		goto out;
5331Samw	}
5331Samw	if (ace == NULL) {
5331Samw		error = EINVAL;
5331Samw		goto out;
5331Samw	}
5331Samw
5331Samw	error = cacl_malloc((void **)&normacl, sizeof (ace_list_t));
5331Samw	if (error != 0)
5331Samw		goto out;
5331Samw
5331Samw	avl_create(&normacl->user, acevals_compare, sizeof (acevals_t),
5331Samw	    offsetof(acevals_t, avl));
5331Samw	avl_create(&normacl->group, acevals_compare, sizeof (acevals_t),
5331Samw	    offsetof(acevals_t, avl));
5331Samw
5331Samw	ace_list_init(normacl, 0);
5331Samw
5331Samw	error = cacl_malloc((void **)&dfacl, sizeof (ace_list_t));
5331Samw	if (error != 0)
5331Samw		goto out;
5331Samw
5331Samw	avl_create(&dfacl->user, acevals_compare, sizeof (acevals_t),
5331Samw	    offsetof(acevals_t, avl));
5331Samw	avl_create(&dfacl->group, acevals_compare, sizeof (acevals_t),
5331Samw	    offsetof(acevals_t, avl));
5331Samw	ace_list_init(dfacl, ACL_DEFAULT);
5331Samw
5331Samw	/* process every ace_t... */
5331Samw	for (i = 0; i < n; i++) {
5331Samw		acep = &ace[i];
5331Samw
5331Samw		/* rule out certain cases quickly */
5331Samw		error = ace_to_aent_legal(acep);
5331Samw		if (error != 0)
5331Samw			goto out;
5331Samw
5331Samw		/*
5331Samw		 * Turn off these bits in order to not have to worry about
5331Samw		 * them when doing the checks for compliments.
5331Samw		 */
5331Samw		acep->a_access_mask &= ~(ACE_WRITE_OWNER | ACE_DELETE |
5331Samw		    ACE_SYNCHRONIZE | ACE_WRITE_ATTRIBUTES |
5331Samw		    ACE_READ_NAMED_ATTRS | ACE_WRITE_NAMED_ATTRS);
5331Samw
5331Samw		/* see if this should be a regular or default acl */
5331Samw		bits = acep->a_flags &
5331Samw		    (ACE_INHERIT_ONLY_ACE |
5331Samw		    ACE_FILE_INHERIT_ACE |
5331Samw		    ACE_DIRECTORY_INHERIT_ACE);
5331Samw		if (bits != 0) {
5331Samw			/* all or nothing on these inherit bits */
5331Samw			if (bits != (ACE_INHERIT_ONLY_ACE |
5331Samw			    ACE_FILE_INHERIT_ACE |
5331Samw			    ACE_DIRECTORY_INHERIT_ACE)) {
5331Samw				error = ENOTSUP;
5331Samw				goto out;
5331Samw			}
5331Samw			acl = dfacl;
5331Samw		} else {
5331Samw			acl = normacl;
5331Samw		}
5331Samw
5331Samw		if ((acep->a_flags & ACE_OWNER)) {
5331Samw			if (acl->state > ace_user_obj) {
5331Samw				error = ENOTSUP;
5331Samw				goto out;
5331Samw			}
5331Samw			acl->state = ace_user_obj;
5331Samw			acl->seen |= USER_OBJ;
5331Samw			vals = &acl->user_obj;
5331Samw			vals->aent_type = USER_OBJ | acl->dfacl_flag;
5331Samw		} else if ((acep->a_flags & ACE_EVERYONE)) {
5331Samw			acl->state = ace_other_obj;
5331Samw			acl->seen |= OTHER_OBJ;
5331Samw			vals = &acl->other_obj;
5331Samw			vals->aent_type = OTHER_OBJ | acl->dfacl_flag;
5331Samw		} else if (acep->a_flags & ACE_IDENTIFIER_GROUP) {
5331Samw			if (acl->state > ace_group) {
5331Samw				error = ENOTSUP;
5331Samw				goto out;
5331Samw			}
5331Samw			if ((acep->a_flags & ACE_GROUP)) {
5331Samw				acl->seen |= GROUP_OBJ;
5331Samw				vals = &acl->group_obj;
5331Samw				vals->aent_type = GROUP_OBJ | acl->dfacl_flag;
5331Samw			} else {
5331Samw				acl->seen |= GROUP;
5331Samw				vals = acevals_find(acep, &acl->group,
5331Samw				    &acl->numgroups);
5331Samw				if (vals == NULL) {
5331Samw					error = ENOMEM;
5331Samw					goto out;
5331Samw				}
5331Samw				vals->aent_type = GROUP | acl->dfacl_flag;
5331Samw			}
5331Samw			acl->state = ace_group;
5331Samw		} else {
5331Samw			if (acl->state > ace_user) {
5331Samw				error = ENOTSUP;
5331Samw				goto out;
5331Samw			}
5331Samw			acl->state = ace_user;
5331Samw			acl->seen |= USER;
5331Samw			vals = acevals_find(acep, &acl->user,
5331Samw			    &acl->numusers);
5331Samw			if (vals == NULL) {
5331Samw				error = ENOMEM;
5331Samw				goto out;
5331Samw			}
5331Samw			vals->aent_type = USER | acl->dfacl_flag;
5331Samw		}
5331Samw
5331Samw		if (!(acl->state > ace_unused)) {
5331Samw			error = EINVAL;
5331Samw			goto out;
5331Samw		}
5331Samw
5331Samw		if (acep->a_type == ACE_ACCESS_ALLOWED_ACE_TYPE) {
5331Samw			/* no more than one allowed per aclent_t */
5331Samw			if (vals->allowed != ACE_MASK_UNDEFINED) {
5331Samw				error = ENOTSUP;
5331Samw				goto out;
5331Samw			}
5331Samw			vals->allowed = acep->a_access_mask;
5331Samw		} else {
5331Samw			/*
5331Samw			 * it's a DENY; if there was a previous DENY, it
5331Samw			 * must have been an ACL_MASK.
5331Samw			 */
5331Samw			if (vals->denied != ACE_MASK_UNDEFINED) {
5331Samw				/* ACL_MASK is for USER and GROUP only */
5331Samw				if ((acl->state != ace_user) &&
5331Samw				    (acl->state != ace_group)) {
5331Samw					error = ENOTSUP;
5331Samw					goto out;
5331Samw				}
5331Samw
5331Samw				if (! acl->hasmask) {
5331Samw					acl->hasmask = 1;
5331Samw					acl->acl_mask = vals->denied;
5331Samw				/* check for mismatched ACL_MASK emulations */
5331Samw				} else if (acl->acl_mask != vals->denied) {
5331Samw					error = ENOTSUP;
5331Samw					goto out;
5331Samw				}
5331Samw				vals->mask = vals->denied;
5331Samw			}
5331Samw			vals->denied = acep->a_access_mask;
5331Samw		}
5331Samw	}
5331Samw
5331Samw	/* done collating; produce the aclent_t lists */
5331Samw	if (normacl->state != ace_unused) {
5331Samw		error = ace_list_to_aent(normacl, aclentp, aclcnt,
5331Samw		    owner, group, isdir);
5331Samw		if (error != 0) {
5331Samw			goto out;
5331Samw		}
5331Samw	}
5331Samw	if (dfacl->state != ace_unused) {
5331Samw		error = ace_list_to_aent(dfacl, dfaclentp, dfaclcnt,
5331Samw		    owner, group, isdir);
5331Samw		if (error != 0) {
5331Samw			goto out;
5331Samw		}
5331Samw	}
5331Samw
5331Samwout:
5331Samw	if (normacl != NULL)
5331Samw		ace_list_free(normacl);
5331Samw	if (dfacl != NULL)
5331Samw		ace_list_free(dfacl);
5331Samw
5331Samw	return (error);
5331Samw}
5331Samw
5331Samwstatic int
5331Samwconvert_ace_to_aent(ace_t *acebufp, int acecnt, int isdir,
5331Samw    uid_t owner, gid_t group, aclent_t **retaclentp, int *retaclcnt)
5331Samw{
5331Samw	int error = 0;
5331Samw	aclent_t *aclentp, *dfaclentp;
5331Samw	int aclcnt, dfaclcnt;
5331Samw	int aclsz, dfaclsz;
5331Samw
5331Samw	error = ln_ace_to_aent(acebufp, acecnt, owner, group,
5331Samw	    &aclentp, &aclcnt, &dfaclentp, &dfaclcnt, isdir);
5331Samw
5331Samw	if (error)
5331Samw		return (error);
5331Samw
5331Samw
5331Samw	if (dfaclcnt != 0) {
5331Samw		/*
5331Samw		 * Slap aclentp and dfaclentp into a single array.
5331Samw		 */
5331Samw		aclsz = sizeof (aclent_t) * aclcnt;
5331Samw		dfaclsz = sizeof (aclent_t) * dfaclcnt;
5331Samw		aclentp = cacl_realloc(aclentp, aclsz, aclsz + dfaclsz);
5331Samw		if (aclentp != NULL) {
5331Samw			(void) memcpy(aclentp + aclcnt, dfaclentp, dfaclsz);
5331Samw		} else {
5331Samw			error = ENOMEM;
5331Samw		}
5331Samw	}
5331Samw
5331Samw	if (aclentp) {
5331Samw		*retaclentp = aclentp;
5331Samw		*retaclcnt = aclcnt + dfaclcnt;
5331Samw	}
5331Samw
5331Samw	if (dfaclentp)
5331Samw		cacl_free(dfaclentp, dfaclsz);
5331Samw
5331Samw	return (error);
5331Samw}
5331Samw
5331Samw
5331Samwint
5331Samwacl_translate(acl_t *aclp, int target_flavor, int isdir, uid_t owner,
5331Samw    gid_t group)
5331Samw{
5331Samw	int aclcnt;
5331Samw	void *acldata;
5331Samw	int error;
5331Samw
5331Samw	/*
5331Samw	 * See if we need to translate
5331Samw	 */
5331Samw	if ((target_flavor == _ACL_ACE_ENABLED && aclp->acl_type == ACE_T) ||
5331Samw	    (target_flavor == _ACL_ACLENT_ENABLED &&
5331Samw	    aclp->acl_type == ACLENT_T))
5331Samw		return (0);
5331Samw
5331Samw	if (target_flavor == -1) {
5331Samw		error = EINVAL;
5331Samw		goto out;
5331Samw	}
5331Samw
5331Samw	if (target_flavor ==  _ACL_ACE_ENABLED &&
5331Samw	    aclp->acl_type == ACLENT_T) {
5331Samw		error = convert_aent_to_ace(aclp->acl_aclp,
5331Samw		    aclp->acl_cnt, isdir, (ace_t **)&acldata, &aclcnt);
5331Samw		if (error)
5331Samw			goto out;
5331Samw
5331Samw	} else if (target_flavor == _ACL_ACLENT_ENABLED &&
5331Samw	    aclp->acl_type == ACE_T) {
5331Samw		error = convert_ace_to_aent(aclp->acl_aclp, aclp->acl_cnt,
5331Samw		    isdir, owner, group, (aclent_t **)&acldata, &aclcnt);
5331Samw		if (error)
5331Samw			goto out;
5331Samw	} else {
5331Samw		error = ENOTSUP;
5331Samw		goto out;
5331Samw	}
5331Samw
5331Samw	/*
5331Samw	 * replace old acl with newly translated acl
5331Samw	 */
5331Samw	cacl_free(aclp->acl_aclp, aclp->acl_cnt * aclp->acl_entry_size);
5331Samw	aclp->acl_aclp = acldata;
5331Samw	aclp->acl_cnt = aclcnt;
5331Samw	if (target_flavor == _ACL_ACE_ENABLED) {
5331Samw		aclp->acl_type = ACE_T;
5331Samw		aclp->acl_entry_size = sizeof (ace_t);
5331Samw	} else {
5331Samw		aclp->acl_type = ACLENT_T;
5331Samw		aclp->acl_entry_size = sizeof (aclent_t);
5331Samw	}
5331Samw	return (0);
5331Samw
5331Samwout:
5331Samw
5331Samw#if !defined(_KERNEL)
5331Samw	errno = error;
5331Samw	return (-1);
5331Samw#else
5331Samw	return (error);
5331Samw#endif
5331Samw}
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM#define	SET_ACE(acl, index, who, mask, type, flags) { \
*12164SMark.Shellenbaum@Sun.COM	acl[0][index].a_who = (uint32_t)who; \
*12164SMark.Shellenbaum@Sun.COM	acl[0][index].a_type = type; \
*12164SMark.Shellenbaum@Sun.COM	acl[0][index].a_flags = flags; \
*12164SMark.Shellenbaum@Sun.COM	acl[0][index++].a_access_mask = mask; \
*12164SMark.Shellenbaum@Sun.COM}
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COMvoid
*12164SMark.Shellenbaum@Sun.COMacl_trivial_access_masks(mode_t mode, uint32_t *allow0, uint32_t *deny1,
*12164SMark.Shellenbaum@Sun.COM    uint32_t *deny2, uint32_t *owner, uint32_t *group, uint32_t *everyone)
*12164SMark.Shellenbaum@Sun.COM{
*12164SMark.Shellenbaum@Sun.COM	*deny1 = *deny2 = *allow0 = *group = 0;
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM	if (!(mode & S_IRUSR) && (mode & (S_IRGRP|S_IROTH)))
*12164SMark.Shellenbaum@Sun.COM		*deny1 |= ACE_READ_DATA;
*12164SMark.Shellenbaum@Sun.COM	if (!(mode & S_IWUSR) && (mode & (S_IWGRP|S_IWOTH)))
*12164SMark.Shellenbaum@Sun.COM		*deny1 |= ACE_WRITE_DATA;
*12164SMark.Shellenbaum@Sun.COM	if (!(mode & S_IXUSR) && (mode & (S_IXGRP|S_IXOTH)))
*12164SMark.Shellenbaum@Sun.COM		*deny1 |= ACE_EXECUTE;
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM	if (!(mode & S_IRGRP) && (mode & S_IROTH))
*12164SMark.Shellenbaum@Sun.COM		*deny2 = ACE_READ_DATA;
*12164SMark.Shellenbaum@Sun.COM	if (!(mode & S_IWGRP) && (mode & S_IWOTH))
*12164SMark.Shellenbaum@Sun.COM		*deny2 |= ACE_WRITE_DATA;
*12164SMark.Shellenbaum@Sun.COM	if (!(mode & S_IXGRP) && (mode & S_IXOTH))
*12164SMark.Shellenbaum@Sun.COM		*deny2 |= ACE_EXECUTE;
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM	if ((mode & S_IRUSR) && (!(mode & S_IRGRP) && (mode & S_IROTH)))
*12164SMark.Shellenbaum@Sun.COM		*allow0 |= ACE_READ_DATA;
*12164SMark.Shellenbaum@Sun.COM	if ((mode & S_IWUSR) && (!(mode & S_IWGRP) && (mode & S_IWOTH)))
*12164SMark.Shellenbaum@Sun.COM		*allow0 |= ACE_WRITE_DATA;
*12164SMark.Shellenbaum@Sun.COM	if ((mode & S_IXUSR) && (!(mode & S_IXGRP) && (mode & S_IXOTH)))
*12164SMark.Shellenbaum@Sun.COM		*allow0 |= ACE_EXECUTE;
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM	*owner = ACE_WRITE_ATTRIBUTES|ACE_WRITE_OWNER|ACE_WRITE_ACL|
*12164SMark.Shellenbaum@Sun.COM	    ACE_WRITE_NAMED_ATTRS|ACE_READ_ACL|ACE_READ_ATTRIBUTES|
*12164SMark.Shellenbaum@Sun.COM	    ACE_READ_NAMED_ATTRS|ACE_SYNCHRONIZE;
*12164SMark.Shellenbaum@Sun.COM	if (mode & S_IRUSR)
*12164SMark.Shellenbaum@Sun.COM		*owner |= ACE_READ_DATA;
*12164SMark.Shellenbaum@Sun.COM	if (mode & S_IWUSR)
*12164SMark.Shellenbaum@Sun.COM		*owner |= ACE_WRITE_DATA|ACE_APPEND_DATA;
*12164SMark.Shellenbaum@Sun.COM	if (mode & S_IXUSR)
*12164SMark.Shellenbaum@Sun.COM		*owner |= ACE_EXECUTE;
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM	*group = ACE_READ_ACL|ACE_READ_ATTRIBUTES| ACE_READ_NAMED_ATTRS|
*12164SMark.Shellenbaum@Sun.COM	    ACE_SYNCHRONIZE;
*12164SMark.Shellenbaum@Sun.COM	if (mode & S_IRGRP)
*12164SMark.Shellenbaum@Sun.COM		*group |= ACE_READ_DATA;
*12164SMark.Shellenbaum@Sun.COM	if (mode & S_IWGRP)
*12164SMark.Shellenbaum@Sun.COM		*group |= ACE_WRITE_DATA|ACE_APPEND_DATA;
*12164SMark.Shellenbaum@Sun.COM	if (mode & S_IXGRP)
*12164SMark.Shellenbaum@Sun.COM		*group |= ACE_EXECUTE;
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM	*everyone = ACE_READ_ACL|ACE_READ_ATTRIBUTES| ACE_READ_NAMED_ATTRS|
*12164SMark.Shellenbaum@Sun.COM	    ACE_SYNCHRONIZE;
*12164SMark.Shellenbaum@Sun.COM	if (mode & S_IROTH)
*12164SMark.Shellenbaum@Sun.COM		*everyone |= ACE_READ_DATA;
*12164SMark.Shellenbaum@Sun.COM	if (mode & S_IWOTH)
*12164SMark.Shellenbaum@Sun.COM		*everyone |= ACE_WRITE_DATA|ACE_APPEND_DATA;
*12164SMark.Shellenbaum@Sun.COM	if (mode & S_IXOTH)
*12164SMark.Shellenbaum@Sun.COM		*everyone |= ACE_EXECUTE;
*12164SMark.Shellenbaum@Sun.COM}
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COMint
*12164SMark.Shellenbaum@Sun.COMacl_trivial_create(mode_t mode, ace_t **acl, int *count)
*12164SMark.Shellenbaum@Sun.COM{
*12164SMark.Shellenbaum@Sun.COM	uint32_t	deny1, deny2;
*12164SMark.Shellenbaum@Sun.COM	uint32_t	allow0;
*12164SMark.Shellenbaum@Sun.COM	uint32_t	owner, group, everyone;
*12164SMark.Shellenbaum@Sun.COM	int 		index = 0;
*12164SMark.Shellenbaum@Sun.COM	int		error;
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM	*count = 3;
*12164SMark.Shellenbaum@Sun.COM	acl_trivial_access_masks(mode, &allow0, &deny1, &deny2, &owner, &group,
*12164SMark.Shellenbaum@Sun.COM	    &everyone);
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM	if (allow0)
*12164SMark.Shellenbaum@Sun.COM		(*count)++;
*12164SMark.Shellenbaum@Sun.COM	if (deny1)
*12164SMark.Shellenbaum@Sun.COM		(*count)++;
*12164SMark.Shellenbaum@Sun.COM	if (deny2)
*12164SMark.Shellenbaum@Sun.COM		(*count)++;
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM	if ((error = cacl_malloc((void **)acl, *count * sizeof (ace_t))) != 0)
*12164SMark.Shellenbaum@Sun.COM		return (error);
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM	if (allow0) {
*12164SMark.Shellenbaum@Sun.COM		SET_ACE(acl, index, -1, allow0, ACE_ACCESS_ALLOWED_ACE_TYPE,
*12164SMark.Shellenbaum@Sun.COM		    ACE_OWNER);
*12164SMark.Shellenbaum@Sun.COM	}
*12164SMark.Shellenbaum@Sun.COM	if (deny1) {
*12164SMark.Shellenbaum@Sun.COM		SET_ACE(acl, index, -1, deny1, ACE_ACCESS_DENIED_ACE_TYPE,
*12164SMark.Shellenbaum@Sun.COM		    ACE_OWNER);
*12164SMark.Shellenbaum@Sun.COM	}
*12164SMark.Shellenbaum@Sun.COM	if (deny2) {
*12164SMark.Shellenbaum@Sun.COM		SET_ACE(acl, index, -1, deny2, ACE_ACCESS_DENIED_ACE_TYPE,
*12164SMark.Shellenbaum@Sun.COM		    ACE_GROUP|ACE_IDENTIFIER_GROUP);
*12164SMark.Shellenbaum@Sun.COM	}
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM	SET_ACE(acl, index, -1, owner, ACE_ACCESS_ALLOWED_ACE_TYPE, ACE_OWNER);
*12164SMark.Shellenbaum@Sun.COM	SET_ACE(acl, index, -1, group, ACE_ACCESS_ALLOWED_ACE_TYPE,
*12164SMark.Shellenbaum@Sun.COM	    ACE_IDENTIFIER_GROUP|ACE_GROUP);
*12164SMark.Shellenbaum@Sun.COM	SET_ACE(acl, index, -1, everyone, ACE_ACCESS_ALLOWED_ACE_TYPE,
*12164SMark.Shellenbaum@Sun.COM	    ACE_EVERYONE);
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM	return (0);
*12164SMark.Shellenbaum@Sun.COM}
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM/*
*12164SMark.Shellenbaum@Sun.COM * ace_trivial:
*12164SMark.Shellenbaum@Sun.COM * determine whether an ace_t acl is trivial
*12164SMark.Shellenbaum@Sun.COM *
*12164SMark.Shellenbaum@Sun.COM * Trivialness implies that the acl is composed of only
*12164SMark.Shellenbaum@Sun.COM * owner, group, everyone entries.  ACL can't
*12164SMark.Shellenbaum@Sun.COM * have read_acl denied, and write_owner/write_acl/write_attributes
*12164SMark.Shellenbaum@Sun.COM * can only be owner@ entry.
*12164SMark.Shellenbaum@Sun.COM */
*12164SMark.Shellenbaum@Sun.COMint
*12164SMark.Shellenbaum@Sun.COMace_trivial_common(void *acep, int aclcnt,
*12164SMark.Shellenbaum@Sun.COM    uint64_t (*walk)(void *, uint64_t, int aclcnt,
*12164SMark.Shellenbaum@Sun.COM    uint16_t *, uint16_t *, uint32_t *))
*12164SMark.Shellenbaum@Sun.COM{
*12164SMark.Shellenbaum@Sun.COM	uint16_t flags;
*12164SMark.Shellenbaum@Sun.COM	uint32_t mask;
*12164SMark.Shellenbaum@Sun.COM	uint16_t type;
*12164SMark.Shellenbaum@Sun.COM	uint64_t cookie = 0;
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM	while (cookie = walk(acep, cookie, aclcnt, &flags, &type, &mask)) {
*12164SMark.Shellenbaum@Sun.COM		switch (flags & ACE_TYPE_FLAGS) {
*12164SMark.Shellenbaum@Sun.COM		case ACE_OWNER:
*12164SMark.Shellenbaum@Sun.COM		case ACE_GROUP|ACE_IDENTIFIER_GROUP:
*12164SMark.Shellenbaum@Sun.COM		case ACE_EVERYONE:
*12164SMark.Shellenbaum@Sun.COM			break;
*12164SMark.Shellenbaum@Sun.COM		default:
*12164SMark.Shellenbaum@Sun.COM			return (1);
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM		}
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM		if (flags & (ACE_FILE_INHERIT_ACE|
*12164SMark.Shellenbaum@Sun.COM		    ACE_DIRECTORY_INHERIT_ACE|ACE_NO_PROPAGATE_INHERIT_ACE|
*12164SMark.Shellenbaum@Sun.COM		    ACE_INHERIT_ONLY_ACE))
*12164SMark.Shellenbaum@Sun.COM			return (1);
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM		/*
*12164SMark.Shellenbaum@Sun.COM		 * Special check for some special bits
*12164SMark.Shellenbaum@Sun.COM		 *
*12164SMark.Shellenbaum@Sun.COM		 * Don't allow anybody to deny reading basic
*12164SMark.Shellenbaum@Sun.COM		 * attributes or a files ACL.
*12164SMark.Shellenbaum@Sun.COM		 */
*12164SMark.Shellenbaum@Sun.COM		if ((mask & (ACE_READ_ACL|ACE_READ_ATTRIBUTES)) &&
*12164SMark.Shellenbaum@Sun.COM		    (type == ACE_ACCESS_DENIED_ACE_TYPE))
*12164SMark.Shellenbaum@Sun.COM			return (1);
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM		/*
*12164SMark.Shellenbaum@Sun.COM		 * Delete permissions are never set by default
*12164SMark.Shellenbaum@Sun.COM		 */
*12164SMark.Shellenbaum@Sun.COM		if (mask & (ACE_DELETE|ACE_DELETE_CHILD))
*12164SMark.Shellenbaum@Sun.COM			return (1);
*12164SMark.Shellenbaum@Sun.COM		/*
*12164SMark.Shellenbaum@Sun.COM		 * only allow owner@ to have
*12164SMark.Shellenbaum@Sun.COM		 * write_acl/write_owner/write_attributes/write_xattr/
*12164SMark.Shellenbaum@Sun.COM		 */
*12164SMark.Shellenbaum@Sun.COM		if (type == ACE_ACCESS_ALLOWED_ACE_TYPE &&
*12164SMark.Shellenbaum@Sun.COM		    (!(flags & ACE_OWNER) && (mask &
*12164SMark.Shellenbaum@Sun.COM		    (ACE_WRITE_OWNER|ACE_WRITE_ACL| ACE_WRITE_ATTRIBUTES|
*12164SMark.Shellenbaum@Sun.COM		    ACE_WRITE_NAMED_ATTRS))))
*12164SMark.Shellenbaum@Sun.COM			return (1);
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM	}
*12164SMark.Shellenbaum@Sun.COM	return (0);
*12164SMark.Shellenbaum@Sun.COM}
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COMuint64_t
*12164SMark.Shellenbaum@Sun.COMace_walk(void *datap, uint64_t cookie, int aclcnt, uint16_t *flags,
*12164SMark.Shellenbaum@Sun.COM    uint16_t *type, uint32_t *mask)
*12164SMark.Shellenbaum@Sun.COM{
*12164SMark.Shellenbaum@Sun.COM	ace_t *acep = datap;
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM	if (cookie >= aclcnt)
*12164SMark.Shellenbaum@Sun.COM		return (0);
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM	*flags = acep[cookie].a_flags;
*12164SMark.Shellenbaum@Sun.COM	*type = acep[cookie].a_type;
*12164SMark.Shellenbaum@Sun.COM	*mask = acep[cookie++].a_access_mask;
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COM	return (cookie);
*12164SMark.Shellenbaum@Sun.COM}
*12164SMark.Shellenbaum@Sun.COM
*12164SMark.Shellenbaum@Sun.COMint
*12164SMark.Shellenbaum@Sun.COMace_trivial(ace_t *acep, int aclcnt)
*12164SMark.Shellenbaum@Sun.COM{
*12164SMark.Shellenbaum@Sun.COM	return (ace_trivial_common(acep, aclcnt, ace_walk));
*12164SMark.Shellenbaum@Sun.COM}