1*789Sahrens /* 2*789Sahrens * CDDL HEADER START 3*789Sahrens * 4*789Sahrens * The contents of this file are subject to the terms of the 5*789Sahrens * Common Development and Distribution License, Version 1.0 only 6*789Sahrens * (the "License"). You may not use this file except in compliance 7*789Sahrens * with the License. 8*789Sahrens * 9*789Sahrens * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*789Sahrens * or http://www.opensolaris.org/os/licensing. 11*789Sahrens * See the License for the specific language governing permissions 12*789Sahrens * and limitations under the License. 13*789Sahrens * 14*789Sahrens * When distributing Covered Code, include this CDDL HEADER in each 15*789Sahrens * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*789Sahrens * If applicable, add the following below this CDDL HEADER, with the 17*789Sahrens * fields enclosed by brackets "[]" replaced with your own identifying 18*789Sahrens * information: Portions Copyright [yyyy] [name of copyright owner] 19*789Sahrens * 20*789Sahrens * CDDL HEADER END 21*789Sahrens */ 22*789Sahrens /* 23*789Sahrens * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24*789Sahrens * Use is subject to license terms. 25*789Sahrens */ 26*789Sahrens 27*789Sahrens #pragma ident "%Z%%M% %I% %E% SMI" 28*789Sahrens 29*789Sahrens #include <sys/types.h> 30*789Sahrens #include <sys/acl.h> 31*789Sahrens #include <sys/stat.h> 32*789Sahrens #if defined(_KERNEL) 33*789Sahrens #include <sys/systm.h> 34*789Sahrens #else 35*789Sahrens #include <errno.h> 36*789Sahrens #include <stdlib.h> 37*789Sahrens #include <strings.h> 38*789Sahrens #include <assert.h> 39*789Sahrens #define ASSERT assert 40*789Sahrens #endif 41*789Sahrens 42*789Sahrens 43*789Sahrens ace_t trivial_acl[] = { 44*789Sahrens {-1, 0, ACE_OWNER, ACE_ACCESS_DENIED_ACE_TYPE}, 45*789Sahrens {-1, ACE_WRITE_ACL|ACE_WRITE_OWNER|ACE_WRITE_ATTRIBUTES| 46*789Sahrens ACE_WRITE_NAMED_ATTRS, ACE_OWNER, ACE_ACCESS_ALLOWED_ACE_TYPE}, 47*789Sahrens {-1, 0, ACE_GROUP|ACE_IDENTIFIER_GROUP, ACE_ACCESS_DENIED_ACE_TYPE}, 48*789Sahrens {-1, 0, ACE_GROUP|ACE_IDENTIFIER_GROUP, ACE_ACCESS_ALLOWED_ACE_TYPE}, 49*789Sahrens {-1, ACE_WRITE_ACL|ACE_WRITE_OWNER| ACE_WRITE_ATTRIBUTES| 50*789Sahrens ACE_WRITE_NAMED_ATTRS, ACE_EVERYONE, ACE_ACCESS_DENIED_ACE_TYPE}, 51*789Sahrens {-1, ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_READ_NAMED_ATTRS| 52*789Sahrens ACE_SYNCHRONIZE, ACE_EVERYONE, ACE_ACCESS_ALLOWED_ACE_TYPE} 53*789Sahrens }; 54*789Sahrens 55*789Sahrens 56*789Sahrens void 57*789Sahrens adjust_ace_pair(ace_t *pair, mode_t mode) 58*789Sahrens { 59*789Sahrens if (mode & S_IROTH) 60*789Sahrens pair[1].a_access_mask |= ACE_READ_DATA; 61*789Sahrens else 62*789Sahrens pair[0].a_access_mask |= ACE_READ_DATA; 63*789Sahrens if (mode & S_IWOTH) 64*789Sahrens pair[1].a_access_mask |= 65*789Sahrens ACE_WRITE_DATA|ACE_APPEND_DATA; 66*789Sahrens else 67*789Sahrens pair[0].a_access_mask |= 68*789Sahrens ACE_WRITE_DATA|ACE_APPEND_DATA; 69*789Sahrens if (mode & S_IXOTH) 70*789Sahrens pair[1].a_access_mask |= ACE_EXECUTE; 71*789Sahrens else 72*789Sahrens pair[0].a_access_mask |= ACE_EXECUTE; 73*789Sahrens } 74*789Sahrens 75*789Sahrens /* 76*789Sahrens * ace_trivial: 77*789Sahrens * determine whether an ace_t acl is trivial 78*789Sahrens * 79*789Sahrens * Trivialness implys that the acl is composed of only 80*789Sahrens * owner, group, everyone entries. ACL can't 81*789Sahrens * have read_acl denied, and write_owner/write_acl/write_attributes 82*789Sahrens * can only be owner@ entry. 83*789Sahrens */ 84*789Sahrens int 85*789Sahrens ace_trivial(ace_t *acep, int aclcnt) 86*789Sahrens { 87*789Sahrens int i; 88*789Sahrens int owner_seen = 0; 89*789Sahrens int group_seen = 0; 90*789Sahrens int everyone_seen = 0; 91*789Sahrens 92*789Sahrens for (i = 0; i != aclcnt; i++) { 93*789Sahrens switch (acep[i].a_flags & 0xf040) { 94*789Sahrens case ACE_OWNER: 95*789Sahrens if (group_seen || everyone_seen) 96*789Sahrens return (1); 97*789Sahrens owner_seen++; 98*789Sahrens break; 99*789Sahrens case ACE_GROUP|ACE_IDENTIFIER_GROUP: 100*789Sahrens if (everyone_seen || owner_seen == 0) 101*789Sahrens return (1); 102*789Sahrens group_seen++; 103*789Sahrens break; 104*789Sahrens 105*789Sahrens case ACE_EVERYONE: 106*789Sahrens if (owner_seen == 0 || group_seen == 0) 107*789Sahrens return (1); 108*789Sahrens everyone_seen++; 109*789Sahrens break; 110*789Sahrens default: 111*789Sahrens return (1); 112*789Sahrens 113*789Sahrens } 114*789Sahrens 115*789Sahrens if (acep[i].a_flags & (ACE_FILE_INHERIT_ACE| 116*789Sahrens ACE_DIRECTORY_INHERIT_ACE|ACE_NO_PROPAGATE_INHERIT_ACE| 117*789Sahrens ACE_INHERIT_ONLY_ACE)) 118*789Sahrens return (1); 119*789Sahrens 120*789Sahrens /* 121*789Sahrens * Special check for some special bits 122*789Sahrens * 123*789Sahrens * Don't allow anybody to deny reading an ACL 124*789Sahrens */ 125*789Sahrens if ((acep[i].a_access_mask & ACE_READ_ACL) && 126*789Sahrens (acep[i].a_type == ACE_ACCESS_DENIED_ACE_TYPE)) 127*789Sahrens return (1); 128*789Sahrens 129*789Sahrens /* 130*789Sahrens * Allow on owner@ to allow 131*789Sahrens * write_acl/write_owner/write_attributes 132*789Sahrens */ 133*789Sahrens if (acep[i].a_type == ACE_ACCESS_ALLOWED_ACE_TYPE && 134*789Sahrens (!(acep[i].a_flags & ACE_OWNER) && (acep[i].a_access_mask & 135*789Sahrens (ACE_WRITE_OWNER|ACE_WRITE_ACL|ACE_WRITE_ATTRIBUTES)))) 136*789Sahrens return (1); 137*789Sahrens } 138*789Sahrens 139*789Sahrens if ((owner_seen == 0) || (group_seen == 0) || (everyone_seen == 0)) 140*789Sahrens return (1); 141*789Sahrens 142*789Sahrens return (0); 143*789Sahrens } 144*789Sahrens 145*789Sahrens 146*789Sahrens /* 147*789Sahrens * Generic shellsort, from K&R (1st ed, p 58.), somewhat modified. 148*789Sahrens * v = Ptr to array/vector of objs 149*789Sahrens * n = # objs in the array 150*789Sahrens * s = size of each obj (must be multiples of a word size) 151*789Sahrens * f = ptr to function to compare two objs 152*789Sahrens * returns (-1 = less than, 0 = equal, 1 = greater than 153*789Sahrens */ 154*789Sahrens void 155*789Sahrens ksort(caddr_t v, int n, int s, int (*f)()) 156*789Sahrens { 157*789Sahrens int g, i, j, ii; 158*789Sahrens unsigned int *p1, *p2; 159*789Sahrens unsigned int tmp; 160*789Sahrens 161*789Sahrens /* No work to do */ 162*789Sahrens if (v == NULL || n <= 1) 163*789Sahrens return; 164*789Sahrens 165*789Sahrens /* Sanity check on arguments */ 166*789Sahrens ASSERT(((uintptr_t)v & 0x3) == 0 && (s & 0x3) == 0); 167*789Sahrens ASSERT(s > 0); 168*789Sahrens for (g = n / 2; g > 0; g /= 2) { 169*789Sahrens for (i = g; i < n; i++) { 170*789Sahrens for (j = i - g; j >= 0 && 171*789Sahrens (*f)(v + j * s, v + (j + g) * s) == 1; 172*789Sahrens j -= g) { 173*789Sahrens p1 = (void *)(v + j * s); 174*789Sahrens p2 = (void *)(v + (j + g) * s); 175*789Sahrens for (ii = 0; ii < s / 4; ii++) { 176*789Sahrens tmp = *p1; 177*789Sahrens *p1++ = *p2; 178*789Sahrens *p2++ = tmp; 179*789Sahrens } 180*789Sahrens } 181*789Sahrens } 182*789Sahrens } 183*789Sahrens } 184*789Sahrens 185*789Sahrens /* 186*789Sahrens * Compare two acls, all fields. Returns: 187*789Sahrens * -1 (less than) 188*789Sahrens * 0 (equal) 189*789Sahrens * +1 (greater than) 190*789Sahrens */ 191*789Sahrens int 192*789Sahrens cmp2acls(void *a, void *b) 193*789Sahrens { 194*789Sahrens aclent_t *x = (aclent_t *)a; 195*789Sahrens aclent_t *y = (aclent_t *)b; 196*789Sahrens 197*789Sahrens /* Compare types */ 198*789Sahrens if (x->a_type < y->a_type) 199*789Sahrens return (-1); 200*789Sahrens if (x->a_type > y->a_type) 201*789Sahrens return (1); 202*789Sahrens /* Equal types; compare id's */ 203*789Sahrens if (x->a_id < y->a_id) 204*789Sahrens return (-1); 205*789Sahrens if (x->a_id > y->a_id) 206*789Sahrens return (1); 207*789Sahrens /* Equal ids; compare perms */ 208*789Sahrens if (x->a_perm < y->a_perm) 209*789Sahrens return (-1); 210*789Sahrens if (x->a_perm > y->a_perm) 211*789Sahrens return (1); 212*789Sahrens /* Totally equal */ 213*789Sahrens return (0); 214*789Sahrens } 215