1789Sahrens /* 2789Sahrens * CDDL HEADER START 3789Sahrens * 4789Sahrens * The contents of this file are subject to the terms of the 5789Sahrens * Common Development and Distribution License, Version 1.0 only 6789Sahrens * (the "License"). You may not use this file except in compliance 7789Sahrens * with the License. 8789Sahrens * 9789Sahrens * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10789Sahrens * or http://www.opensolaris.org/os/licensing. 11789Sahrens * See the License for the specific language governing permissions 12789Sahrens * and limitations under the License. 13789Sahrens * 14789Sahrens * When distributing Covered Code, include this CDDL HEADER in each 15789Sahrens * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16789Sahrens * If applicable, add the following below this CDDL HEADER, with the 17789Sahrens * fields enclosed by brackets "[]" replaced with your own identifying 18789Sahrens * information: Portions Copyright [yyyy] [name of copyright owner] 19789Sahrens * 20789Sahrens * CDDL HEADER END 21789Sahrens */ 22789Sahrens /* 23789Sahrens * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24789Sahrens * Use is subject to license terms. 25789Sahrens */ 26789Sahrens 27789Sahrens #pragma ident "%Z%%M% %I% %E% SMI" 28789Sahrens 29789Sahrens #include <sys/types.h> 30789Sahrens #include <sys/acl.h> 31789Sahrens #include <sys/stat.h> 32789Sahrens #if defined(_KERNEL) 33789Sahrens #include <sys/systm.h> 34789Sahrens #else 35789Sahrens #include <errno.h> 36789Sahrens #include <stdlib.h> 37789Sahrens #include <strings.h> 38789Sahrens #include <assert.h> 39789Sahrens #define ASSERT assert 40789Sahrens #endif 41789Sahrens 42789Sahrens 43789Sahrens ace_t trivial_acl[] = { 44789Sahrens {-1, 0, ACE_OWNER, ACE_ACCESS_DENIED_ACE_TYPE}, 45789Sahrens {-1, ACE_WRITE_ACL|ACE_WRITE_OWNER|ACE_WRITE_ATTRIBUTES| 46789Sahrens ACE_WRITE_NAMED_ATTRS, ACE_OWNER, ACE_ACCESS_ALLOWED_ACE_TYPE}, 47789Sahrens {-1, 0, ACE_GROUP|ACE_IDENTIFIER_GROUP, ACE_ACCESS_DENIED_ACE_TYPE}, 48789Sahrens {-1, 0, ACE_GROUP|ACE_IDENTIFIER_GROUP, ACE_ACCESS_ALLOWED_ACE_TYPE}, 49789Sahrens {-1, ACE_WRITE_ACL|ACE_WRITE_OWNER| ACE_WRITE_ATTRIBUTES| 50789Sahrens ACE_WRITE_NAMED_ATTRS, ACE_EVERYONE, ACE_ACCESS_DENIED_ACE_TYPE}, 51789Sahrens {-1, ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_READ_NAMED_ATTRS| 52789Sahrens ACE_SYNCHRONIZE, ACE_EVERYONE, ACE_ACCESS_ALLOWED_ACE_TYPE} 53789Sahrens }; 54789Sahrens 55789Sahrens 56789Sahrens void 57789Sahrens adjust_ace_pair(ace_t *pair, mode_t mode) 58789Sahrens { 59789Sahrens if (mode & S_IROTH) 60789Sahrens pair[1].a_access_mask |= ACE_READ_DATA; 61789Sahrens else 62789Sahrens pair[0].a_access_mask |= ACE_READ_DATA; 63789Sahrens if (mode & S_IWOTH) 64789Sahrens pair[1].a_access_mask |= 65789Sahrens ACE_WRITE_DATA|ACE_APPEND_DATA; 66789Sahrens else 67789Sahrens pair[0].a_access_mask |= 68789Sahrens ACE_WRITE_DATA|ACE_APPEND_DATA; 69789Sahrens if (mode & S_IXOTH) 70789Sahrens pair[1].a_access_mask |= ACE_EXECUTE; 71789Sahrens else 72789Sahrens pair[0].a_access_mask |= ACE_EXECUTE; 73789Sahrens } 74789Sahrens 75789Sahrens /* 76789Sahrens * ace_trivial: 77789Sahrens * determine whether an ace_t acl is trivial 78789Sahrens * 79789Sahrens * Trivialness implys that the acl is composed of only 80789Sahrens * owner, group, everyone entries. ACL can't 81789Sahrens * have read_acl denied, and write_owner/write_acl/write_attributes 82789Sahrens * can only be owner@ entry. 83789Sahrens */ 84789Sahrens int 85789Sahrens ace_trivial(ace_t *acep, int aclcnt) 86789Sahrens { 87789Sahrens int i; 88789Sahrens int owner_seen = 0; 89789Sahrens int group_seen = 0; 90789Sahrens int everyone_seen = 0; 91789Sahrens 92789Sahrens for (i = 0; i != aclcnt; i++) { 93789Sahrens switch (acep[i].a_flags & 0xf040) { 94789Sahrens case ACE_OWNER: 95789Sahrens if (group_seen || everyone_seen) 96789Sahrens return (1); 97789Sahrens owner_seen++; 98789Sahrens break; 99789Sahrens case ACE_GROUP|ACE_IDENTIFIER_GROUP: 100789Sahrens if (everyone_seen || owner_seen == 0) 101789Sahrens return (1); 102789Sahrens group_seen++; 103789Sahrens break; 104789Sahrens 105789Sahrens case ACE_EVERYONE: 106789Sahrens if (owner_seen == 0 || group_seen == 0) 107789Sahrens return (1); 108789Sahrens everyone_seen++; 109789Sahrens break; 110789Sahrens default: 111789Sahrens return (1); 112789Sahrens 113789Sahrens } 114789Sahrens 115789Sahrens if (acep[i].a_flags & (ACE_FILE_INHERIT_ACE| 116789Sahrens ACE_DIRECTORY_INHERIT_ACE|ACE_NO_PROPAGATE_INHERIT_ACE| 117789Sahrens ACE_INHERIT_ONLY_ACE)) 118789Sahrens return (1); 119789Sahrens 120789Sahrens /* 121789Sahrens * Special check for some special bits 122789Sahrens * 123*905Smarks * Don't allow anybody to deny reading basic 124*905Smarks * attributes or a files ACL. 125789Sahrens */ 126*905Smarks if ((acep[i].a_access_mask & 127*905Smarks (ACE_READ_ACL|ACE_READ_ATTRIBUTES)) && 128789Sahrens (acep[i].a_type == ACE_ACCESS_DENIED_ACE_TYPE)) 129789Sahrens return (1); 130789Sahrens 131789Sahrens /* 132789Sahrens * Allow on owner@ to allow 133789Sahrens * write_acl/write_owner/write_attributes 134789Sahrens */ 135789Sahrens if (acep[i].a_type == ACE_ACCESS_ALLOWED_ACE_TYPE && 136789Sahrens (!(acep[i].a_flags & ACE_OWNER) && (acep[i].a_access_mask & 137789Sahrens (ACE_WRITE_OWNER|ACE_WRITE_ACL|ACE_WRITE_ATTRIBUTES)))) 138789Sahrens return (1); 139789Sahrens } 140789Sahrens 141789Sahrens if ((owner_seen == 0) || (group_seen == 0) || (everyone_seen == 0)) 142789Sahrens return (1); 143789Sahrens 144789Sahrens return (0); 145789Sahrens } 146789Sahrens 147789Sahrens 148789Sahrens /* 149789Sahrens * Generic shellsort, from K&R (1st ed, p 58.), somewhat modified. 150789Sahrens * v = Ptr to array/vector of objs 151789Sahrens * n = # objs in the array 152789Sahrens * s = size of each obj (must be multiples of a word size) 153789Sahrens * f = ptr to function to compare two objs 154789Sahrens * returns (-1 = less than, 0 = equal, 1 = greater than 155789Sahrens */ 156789Sahrens void 157789Sahrens ksort(caddr_t v, int n, int s, int (*f)()) 158789Sahrens { 159789Sahrens int g, i, j, ii; 160789Sahrens unsigned int *p1, *p2; 161789Sahrens unsigned int tmp; 162789Sahrens 163789Sahrens /* No work to do */ 164789Sahrens if (v == NULL || n <= 1) 165789Sahrens return; 166789Sahrens 167789Sahrens /* Sanity check on arguments */ 168789Sahrens ASSERT(((uintptr_t)v & 0x3) == 0 && (s & 0x3) == 0); 169789Sahrens ASSERT(s > 0); 170789Sahrens for (g = n / 2; g > 0; g /= 2) { 171789Sahrens for (i = g; i < n; i++) { 172789Sahrens for (j = i - g; j >= 0 && 173789Sahrens (*f)(v + j * s, v + (j + g) * s) == 1; 174789Sahrens j -= g) { 175789Sahrens p1 = (void *)(v + j * s); 176789Sahrens p2 = (void *)(v + (j + g) * s); 177789Sahrens for (ii = 0; ii < s / 4; ii++) { 178789Sahrens tmp = *p1; 179789Sahrens *p1++ = *p2; 180789Sahrens *p2++ = tmp; 181789Sahrens } 182789Sahrens } 183789Sahrens } 184789Sahrens } 185789Sahrens } 186789Sahrens 187789Sahrens /* 188789Sahrens * Compare two acls, all fields. Returns: 189789Sahrens * -1 (less than) 190789Sahrens * 0 (equal) 191789Sahrens * +1 (greater than) 192789Sahrens */ 193789Sahrens int 194789Sahrens cmp2acls(void *a, void *b) 195789Sahrens { 196789Sahrens aclent_t *x = (aclent_t *)a; 197789Sahrens aclent_t *y = (aclent_t *)b; 198789Sahrens 199789Sahrens /* Compare types */ 200789Sahrens if (x->a_type < y->a_type) 201789Sahrens return (-1); 202789Sahrens if (x->a_type > y->a_type) 203789Sahrens return (1); 204789Sahrens /* Equal types; compare id's */ 205789Sahrens if (x->a_id < y->a_id) 206789Sahrens return (-1); 207789Sahrens if (x->a_id > y->a_id) 208789Sahrens return (1); 209789Sahrens /* Equal ids; compare perms */ 210789Sahrens if (x->a_perm < y->a_perm) 211789Sahrens return (-1); 212789Sahrens if (x->a_perm > y->a_perm) 213789Sahrens return (1); 214789Sahrens /* Totally equal */ 215789Sahrens return (0); 216789Sahrens } 217