4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
27 #pragma ident "%Z%%M% %I% %E% SMI"
29 #include <sys/types.h>
33 #include <sys/systm.h>
34 #include <sys/debug.h>
44 ace_t trivial_acl[] = {
45 {-1, 0, ACE_OWNER, ACE_ACCESS_DENIED_ACE_TYPE},
46 {-1, ACE_WRITE_ACL|ACE_WRITE_OWNER|ACE_WRITE_ATTRIBUTES|
47 ACE_WRITE_NAMED_ATTRS, ACE_OWNER, ACE_ACCESS_ALLOWED_ACE_TYPE},
48 {-1, 0, ACE_GROUP|ACE_IDENTIFIER_GROUP, ACE_ACCESS_DENIED_ACE_TYPE},
49 {-1, 0, ACE_GROUP|ACE_IDENTIFIER_GROUP, ACE_ACCESS_ALLOWED_ACE_TYPE},
50 {-1, ACE_WRITE_ACL|ACE_WRITE_OWNER| ACE_WRITE_ATTRIBUTES|
51 ACE_WRITE_NAMED_ATTRS, ACE_EVERYONE, ACE_ACCESS_DENIED_ACE_TYPE},
52 {-1, ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_READ_NAMED_ATTRS|
53 ACE_SYNCHRONIZE, ACE_EVERYONE, ACE_ACCESS_ALLOWED_ACE_TYPE}
58 adjust_ace_pair(ace_t *pair, mode_t mode)
61 pair[1].a_access_mask |= ACE_READ_DATA;
63 pair[0].a_access_mask |= ACE_READ_DATA;
65 pair[1].a_access_mask |=
66 ACE_WRITE_DATA|ACE_APPEND_DATA;
68 pair[0].a_access_mask |=
69 ACE_WRITE_DATA|ACE_APPEND_DATA;
71 pair[1].a_access_mask |= ACE_EXECUTE;
73 pair[0].a_access_mask |= ACE_EXECUTE;
78 * determine whether an ace_t acl is trivial
80 * Trivialness implys that the acl is composed of only
81 * owner, group, everyone entries. ACL can't
82 * have read_acl denied, and write_owner/write_acl/write_attributes
83 * can only be owner@ entry.
86 ace_trivial(ace_t *acep, int aclcnt)
91 int everyone_seen = 0;
93 for (i = 0; i != aclcnt; i++) {
94 switch (acep[i].a_flags & 0xf040) {
96 if (group_seen || everyone_seen)
100 case ACE_GROUP|ACE_IDENTIFIER_GROUP:
101 if (everyone_seen || owner_seen == 0)
107 if (owner_seen == 0 || group_seen == 0)
116 if (acep[i].a_flags & (ACE_FILE_INHERIT_ACE|
117 ACE_DIRECTORY_INHERIT_ACE|ACE_NO_PROPAGATE_INHERIT_ACE|
118 ACE_INHERIT_ONLY_ACE))
122 * Special check for some special bits
124 * Don't allow anybody to deny reading basic
125 * attributes or a files ACL.
127 if ((acep[i].a_access_mask &
128 (ACE_READ_ACL|ACE_READ_ATTRIBUTES)) &&
129 (acep[i].a_type == ACE_ACCESS_DENIED_ACE_TYPE))
133 * Allow on owner@ to allow
134 * write_acl/write_owner/write_attributes
136 if (acep[i].a_type == ACE_ACCESS_ALLOWED_ACE_TYPE &&
137 (!(acep[i].a_flags & ACE_OWNER) && (acep[i].a_access_mask &
138 (ACE_WRITE_OWNER|ACE_WRITE_ACL|ACE_WRITE_ATTRIBUTES))))
142 if ((owner_seen == 0) || (group_seen == 0) || (everyone_seen == 0))
150 * Generic shellsort, from K&R (1st ed, p 58.), somewhat modified.
151 * v = Ptr to array/vector of objs
152 * n = # objs in the array
153 * s = size of each obj (must be multiples of a word size)
154 * f = ptr to function to compare two objs
155 * returns (-1 = less than, 0 = equal, 1 = greater than
158 ksort(caddr_t v, int n, int s, int (*f)())
161 unsigned int *p1, *p2;
165 if (v == NULL || n <= 1)
168 /* Sanity check on arguments */
169 ASSERT(((uintptr_t)v & 0x3) == 0 && (s & 0x3) == 0);
171 for (g = n / 2; g > 0; g /= 2) {
172 for (i = g; i < n; i++) {
173 for (j = i - g; j >= 0 &&
174 (*f)(v + j * s, v + (j + g) * s) == 1;
176 p1 = (void *)(v + j * s);
177 p2 = (void *)(v + (j + g) * s);
178 for (ii = 0; ii < s / 4; ii++) {
189 * Compare two acls, all fields. Returns:
195 cmp2acls(void *a, void *b)
197 aclent_t *x = (aclent_t *)a;
198 aclent_t *y = (aclent_t *)b;
201 if (x->a_type < y->a_type)
203 if (x->a_type > y->a_type)
205 /* Equal types; compare id's */
206 if (x->a_id < y->a_id)
208 if (x->a_id > y->a_id)
210 /* Equal ids; compare perms */
211 if (x->a_perm < y->a_perm)
213 if (x->a_perm > y->a_perm)