libsec/common/aclutils.c

fa9e4066f08beec538e775443c5be79dd423fcabahrens/*
fa9e4066f08beec538e775443c5be79dd423fcabahrens * CDDL HEADER START
fa9e4066f08beec538e775443c5be79dd423fcabahrens *
fa9e4066f08beec538e775443c5be79dd423fcabahrens * The contents of this file are subject to the terms of the
3eb3c57322eccc9d4c2880c26f57ceb5a85c2491marks * Common Development and Distribution License (the "License").
3eb3c57322eccc9d4c2880c26f57ceb5a85c2491marks * You may not use this file except in compliance with the License.
fa9e4066f08beec538e775443c5be79dd423fcabahrens *
fa9e4066f08beec538e775443c5be79dd423fcabahrens * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
fa9e4066f08beec538e775443c5be79dd423fcabahrens * or http://www.opensolaris.org/os/licensing.
fa9e4066f08beec538e775443c5be79dd423fcabahrens * See the License for the specific language governing permissions
fa9e4066f08beec538e775443c5be79dd423fcabahrens * and limitations under the License.
fa9e4066f08beec538e775443c5be79dd423fcabahrens *
fa9e4066f08beec538e775443c5be79dd423fcabahrens * When distributing Covered Code, include this CDDL HEADER in each
fa9e4066f08beec538e775443c5be79dd423fcabahrens * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
fa9e4066f08beec538e775443c5be79dd423fcabahrens * If applicable, add the following below this CDDL HEADER, with the
fa9e4066f08beec538e775443c5be79dd423fcabahrens * fields enclosed by brackets "[]" replaced with your own identifying
fa9e4066f08beec538e775443c5be79dd423fcabahrens * information: Portions Copyright [yyyy] [name of copyright owner]
fa9e4066f08beec538e775443c5be79dd423fcabahrens *
fa9e4066f08beec538e775443c5be79dd423fcabahrens * CDDL HEADER END
fa9e4066f08beec538e775443c5be79dd423fcabahrens */
fa9e4066f08beec538e775443c5be79dd423fcabahrens/*
27dd1e87cd3d939264769dd4af7e6a529cde001fMark Shellenbaum * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
a3c49ce110f325a563c245bedc4d533adddb7211Albert Lee * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
fa9e4066f08beec538e775443c5be79dd423fcabahrens */
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens#include <stdlib.h>
fa9e4066f08beec538e775443c5be79dd423fcabahrens#include <string.h>
fa9e4066f08beec538e775443c5be79dd423fcabahrens#include <unistd.h>
fa9e4066f08beec538e775443c5be79dd423fcabahrens#include <limits.h>
fa9e4066f08beec538e775443c5be79dd423fcabahrens#include <grp.h>
fa9e4066f08beec538e775443c5be79dd423fcabahrens#include <pwd.h>
3eb3c57322eccc9d4c2880c26f57ceb5a85c2491marks#include <strings.h>
fa9e4066f08beec538e775443c5be79dd423fcabahrens#include <sys/types.h>
fa9e4066f08beec538e775443c5be79dd423fcabahrens#include <errno.h>
fa9e4066f08beec538e775443c5be79dd423fcabahrens#include <sys/stat.h>
5a5eeccada4b11bc692e9a5015d5f4a4f188226cmarks#include <sys/varargs.h>
fa9e4066f08beec538e775443c5be79dd423fcabahrens#include <locale.h>
fa9e4066f08beec538e775443c5be79dd423fcabahrens#include <aclutils.h>
3eb3c57322eccc9d4c2880c26f57ceb5a85c2491marks#include <sys/avl.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <acl_common.h>
b249c65cf0a7400e86a36ddab5c3fce085809859marks#include <idmap.h>
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens#define ACL_PATH    0
fa9e4066f08beec538e775443c5be79dd423fcabahrens#define ACL_FD      1
fa9e4066f08beec538e775443c5be79dd423fcabahrens
d2443e765650e70b88cd0346e67d2aee6dd1ea3amarks
fa9e4066f08beec538e775443c5be79dd423fcabahrenstypedef union {
fa9e4066f08beec538e775443c5be79dd423fcabahrens    const char *file;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int  fd;
fa9e4066f08beec538e775443c5be79dd423fcabahrens} acl_inp;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens/*
fa9e4066f08beec538e775443c5be79dd423fcabahrens * Determine whether a file has a trivial ACL
fa9e4066f08beec538e775443c5be79dd423fcabahrens * returns:     0 = trivial
fa9e4066f08beec538e775443c5be79dd423fcabahrens *      1 = nontrivial
fa9e4066f08beec538e775443c5be79dd423fcabahrens *      <0 some other system failure, such as ENOENT or EPERM
fa9e4066f08beec538e775443c5be79dd423fcabahrens */
fa9e4066f08beec538e775443c5be79dd423fcabahrensint
fa9e4066f08beec538e775443c5be79dd423fcabahrensacl_trivial(const char *filename)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int acl_flavor;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int aclcnt;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int cntcmd;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int val = 0;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    ace_t *acep;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    acl_flavor = pathconf(filename, _PC_ACL_ENABLED);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (acl_flavor == _ACL_ACE_ENABLED)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        cntcmd = ACE_GETACLCNT;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    else
fa9e4066f08beec538e775443c5be79dd423fcabahrens        cntcmd = GETACLCNT;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    aclcnt = acl(filename, cntcmd, 0, NULL);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (aclcnt > 0) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        if (acl_flavor == _ACL_ACE_ENABLED) {
d2443e765650e70b88cd0346e67d2aee6dd1ea3amarks            acep = malloc(sizeof (ace_t) * aclcnt);
d2443e765650e70b88cd0346e67d2aee6dd1ea3amarks            if (acep == NULL)
d2443e765650e70b88cd0346e67d2aee6dd1ea3amarks                return (-1);
d2443e765650e70b88cd0346e67d2aee6dd1ea3amarks            if (acl(filename, ACE_GETACL,
d2443e765650e70b88cd0346e67d2aee6dd1ea3amarks                aclcnt, acep) < 0) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens                free(acep);
d2443e765650e70b88cd0346e67d2aee6dd1ea3amarks                return (-1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens            }
d2443e765650e70b88cd0346e67d2aee6dd1ea3amarks
d2443e765650e70b88cd0346e67d2aee6dd1ea3amarks            val = ace_trivial(acep, aclcnt);
d2443e765650e70b88cd0346e67d2aee6dd1ea3amarks            free(acep);
d2443e765650e70b88cd0346e67d2aee6dd1ea3amarks
fa9e4066f08beec538e775443c5be79dd423fcabahrens        } else if (aclcnt > MIN_ACL_ENTRIES)
fa9e4066f08beec538e775443c5be79dd423fcabahrens            val = 1;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return (val);
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
3eb3c57322eccc9d4c2880c26f57ceb5a85c2491marks
0157963dec6f442e8566c5903063c99c18ac358bmarksstatic int
fa9e4066f08beec538e775443c5be79dd423fcabahrenscacl_get(acl_inp inp, int get_flag, int type, acl_t **aclp)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    const char *fname;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int fd;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int ace_acl = 0;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int error;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int getcmd, cntcmd;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    acl_t *acl_info;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int save_errno;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int stat_error;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    struct stat64 statbuf;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    *aclp = NULL;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (type == ACL_PATH) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        fname = inp.file;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        ace_acl = pathconf(fname, _PC_ACL_ENABLED);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    } else {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        fd = inp.fd;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        ace_acl = fpathconf(fd, _PC_ACL_ENABLED);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    /*
fa9e4066f08beec538e775443c5be79dd423fcabahrens     * if acl's aren't supported then
fa9e4066f08beec538e775443c5be79dd423fcabahrens     * send it through the old GETACL interface
fa9e4066f08beec538e775443c5be79dd423fcabahrens     */
a222db82aa8aaee84f3cba02cf799fe851fa7ac3marks    if (ace_acl == 0 || ace_acl == -1) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        ace_acl = _ACL_ACLENT_ENABLED;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (ace_acl & _ACL_ACE_ENABLED) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        cntcmd = ACE_GETACLCNT;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        getcmd = ACE_GETACL;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl_info = acl_alloc(ACE_T);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    } else {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        cntcmd = GETACLCNT;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        getcmd = GETACL;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl_info = acl_alloc(ACLENT_T);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (acl_info == NULL)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (-1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (type == ACL_PATH) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl_info->acl_cnt = acl(fname, cntcmd, 0, NULL);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    } else {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl_info->acl_cnt = facl(fd, cntcmd, 0, NULL);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    save_errno = errno;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (acl_info->acl_cnt < 0) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl_free(acl_info);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        errno = save_errno;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (-1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (acl_info->acl_cnt == 0) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl_free(acl_info);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        errno = save_errno;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (0);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    acl_info->acl_aclp =
fa9e4066f08beec538e775443c5be79dd423fcabahrens        malloc(acl_info->acl_cnt * acl_info->acl_entry_size);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    save_errno = errno;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (acl_info->acl_aclp == NULL) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl_free(acl_info);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        errno = save_errno;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (-1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (type == ACL_PATH) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        stat_error = stat64(fname, &statbuf);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        error = acl(fname, getcmd, acl_info->acl_cnt,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            acl_info->acl_aclp);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    } else {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        stat_error = fstat64(fd, &statbuf);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        error = facl(fd, getcmd, acl_info->acl_cnt,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            acl_info->acl_aclp);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    save_errno = errno;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (error == -1) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl_free(acl_info);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        errno = save_errno;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (-1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (stat_error == 0) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl_info->acl_flags =
fa9e4066f08beec538e775443c5be79dd423fcabahrens            (S_ISDIR(statbuf.st_mode) ? ACL_IS_DIR : 0);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    } else
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl_info->acl_flags = 0;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    switch (acl_info->acl_type) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case ACLENT_T:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        if (acl_info->acl_cnt <= MIN_ACL_ENTRIES)
fa9e4066f08beec538e775443c5be79dd423fcabahrens            acl_info->acl_flags |= ACL_IS_TRIVIAL;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        break;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case ACE_T:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        if (ace_trivial(acl_info->acl_aclp, acl_info->acl_cnt) == 0)
fa9e4066f08beec538e775443c5be79dd423fcabahrens            acl_info->acl_flags |= ACL_IS_TRIVIAL;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        break;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    default:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        errno = EINVAL;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl_free(acl_info);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (-1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if ((acl_info->acl_flags & ACL_IS_TRIVIAL) &&
fa9e4066f08beec538e775443c5be79dd423fcabahrens        (get_flag & ACL_NO_TRIVIAL)) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl_free(acl_info);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        errno = 0;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (0);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    *aclp = acl_info;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return (0);
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens/*
fa9e4066f08beec538e775443c5be79dd423fcabahrens * return -1 on failure, otherwise the number of acl
fa9e4066f08beec538e775443c5be79dd423fcabahrens * entries is returned
fa9e4066f08beec538e775443c5be79dd423fcabahrens */
fa9e4066f08beec538e775443c5be79dd423fcabahrensint
fa9e4066f08beec538e775443c5be79dd423fcabahrensacl_get(const char *path, int get_flag, acl_t **aclp)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    acl_inp acl_inp;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    acl_inp.file = path;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return (cacl_get(acl_inp, get_flag, ACL_PATH, aclp));
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrensint
fa9e4066f08beec538e775443c5be79dd423fcabahrensfacl_get(int fd, int get_flag, acl_t **aclp)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    acl_inp acl_inp;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    acl_inp.fd = fd;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return (cacl_get(acl_inp, get_flag, ACL_FD, aclp));
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens/*
fa9e4066f08beec538e775443c5be79dd423fcabahrens * Set an ACL, translates acl to ace_t when appropriate.
fa9e4066f08beec538e775443c5be79dd423fcabahrens */
fa9e4066f08beec538e775443c5be79dd423fcabahrensstatic int
fa9e4066f08beec538e775443c5be79dd423fcabahrenscacl_set(acl_inp *acl_inp, acl_t *aclp, int type)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int error = 0;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int acl_flavor_target;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    struct stat64 statbuf;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int stat_error;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int isdir;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (type == ACL_PATH) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        stat_error = stat64(acl_inp->file, &statbuf);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        if (stat_error)
fa9e4066f08beec538e775443c5be79dd423fcabahrens            return (-1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl_flavor_target = pathconf(acl_inp->file, _PC_ACL_ENABLED);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    } else {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        stat_error = fstat64(acl_inp->fd, &statbuf);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        if (stat_error)
fa9e4066f08beec538e775443c5be79dd423fcabahrens            return (-1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl_flavor_target = fpathconf(acl_inp->fd, _PC_ACL_ENABLED);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
a222db82aa8aaee84f3cba02cf799fe851fa7ac3marks    /*
a222db82aa8aaee84f3cba02cf799fe851fa7ac3marks     * If target returns an error or 0 from pathconf call then
a222db82aa8aaee84f3cba02cf799fe851fa7ac3marks     * fall back to UFS/POSIX Draft interface.
a222db82aa8aaee84f3cba02cf799fe851fa7ac3marks     * In the case of 0 we will then fail in either acl(2) or
a222db82aa8aaee84f3cba02cf799fe851fa7ac3marks     * acl_translate().  We could erroneously get 0 back from
a222db82aa8aaee84f3cba02cf799fe851fa7ac3marks     * a file system that is using fs_pathconf() and not answering
a222db82aa8aaee84f3cba02cf799fe851fa7ac3marks     * the _PC_ACL_ENABLED question itself.
a222db82aa8aaee84f3cba02cf799fe851fa7ac3marks     */
a222db82aa8aaee84f3cba02cf799fe851fa7ac3marks    if (acl_flavor_target == 0 || acl_flavor_target == -1)
a222db82aa8aaee84f3cba02cf799fe851fa7ac3marks        acl_flavor_target = _ACL_ACLENT_ENABLED;
a222db82aa8aaee84f3cba02cf799fe851fa7ac3marks
fa9e4066f08beec538e775443c5be79dd423fcabahrens    isdir = S_ISDIR(statbuf.st_mode);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
3eb3c57322eccc9d4c2880c26f57ceb5a85c2491marks    if ((error = acl_translate(aclp, acl_flavor_target, isdir,
3eb3c57322eccc9d4c2880c26f57ceb5a85c2491marks        statbuf.st_uid, statbuf.st_gid)) != 0) {
3eb3c57322eccc9d4c2880c26f57ceb5a85c2491marks        return (error);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (type == ACL_PATH) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        error = acl(acl_inp->file,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            (aclp->acl_type == ACE_T) ? ACE_SETACL : SETACL,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            aclp->acl_cnt, aclp->acl_aclp);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    } else {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        error = facl(acl_inp->fd,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            (aclp->acl_type == ACE_T) ? ACE_SETACL : SETACL,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            aclp->acl_cnt, aclp->acl_aclp);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return (error);
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrensint
fa9e4066f08beec538e775443c5be79dd423fcabahrensacl_set(const char *path, acl_t *aclp)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    acl_inp acl_inp;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    acl_inp.file = path;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return (cacl_set(&acl_inp, aclp, ACL_PATH));
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrensint
fa9e4066f08beec538e775443c5be79dd423fcabahrensfacl_set(int fd, acl_t *aclp)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    acl_inp acl_inp;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    acl_inp.fd = fd;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return (cacl_set(&acl_inp, aclp, ACL_FD));
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrensint
fa9e4066f08beec538e775443c5be79dd423fcabahrensacl_cnt(acl_t *aclp)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return (aclp->acl_cnt);
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrensint
fa9e4066f08beec538e775443c5be79dd423fcabahrensacl_type(acl_t *aclp)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return (aclp->acl_type);
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrensacl_t *
fa9e4066f08beec538e775443c5be79dd423fcabahrensacl_dup(acl_t *aclp)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    acl_t *newaclp;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    newaclp = acl_alloc(aclp->acl_type);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (newaclp == NULL)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (NULL);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    newaclp->acl_aclp = malloc(aclp->acl_entry_size * aclp->acl_cnt);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (newaclp->acl_aclp == NULL) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl_free(newaclp);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (NULL);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    (void) memcpy(newaclp->acl_aclp,
fa9e4066f08beec538e775443c5be79dd423fcabahrens        aclp->acl_aclp, aclp->acl_entry_size * aclp->acl_cnt);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    newaclp->acl_cnt = aclp->acl_cnt;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return (newaclp);
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrensint
fa9e4066f08beec538e775443c5be79dd423fcabahrensacl_flags(acl_t *aclp)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return (aclp->acl_flags);
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrensvoid *
fa9e4066f08beec538e775443c5be79dd423fcabahrensacl_data(acl_t *aclp)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return (aclp->acl_aclp);
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
49f0e51890161901ae4f49c7a47602d97b52b934marks/*
49f0e51890161901ae4f49c7a47602d97b52b934marks * Take an acl array and build an acl_t.
49f0e51890161901ae4f49c7a47602d97b52b934marks */
49f0e51890161901ae4f49c7a47602d97b52b934marksacl_t *
49f0e51890161901ae4f49c7a47602d97b52b934marksacl_to_aclp(enum acl_type type, void *acl, int count)
49f0e51890161901ae4f49c7a47602d97b52b934marks{
49f0e51890161901ae4f49c7a47602d97b52b934marks    acl_t *aclp;
49f0e51890161901ae4f49c7a47602d97b52b934marks
49f0e51890161901ae4f49c7a47602d97b52b934marks
49f0e51890161901ae4f49c7a47602d97b52b934marks    aclp = acl_alloc(type);
49f0e51890161901ae4f49c7a47602d97b52b934marks    if (aclp == NULL)
49f0e51890161901ae4f49c7a47602d97b52b934marks        return (aclp);
49f0e51890161901ae4f49c7a47602d97b52b934marks
49f0e51890161901ae4f49c7a47602d97b52b934marks    aclp->acl_aclp = acl;
49f0e51890161901ae4f49c7a47602d97b52b934marks    aclp->acl_cnt = count;
49f0e51890161901ae4f49c7a47602d97b52b934marks
49f0e51890161901ae4f49c7a47602d97b52b934marks    return (aclp);
49f0e51890161901ae4f49c7a47602d97b52b934marks}
49f0e51890161901ae4f49c7a47602d97b52b934marks
fa9e4066f08beec538e775443c5be79dd423fcabahrens/*
fa9e4066f08beec538e775443c5be79dd423fcabahrens * Remove an ACL from a file and create a trivial ACL based
fa9e4066f08beec538e775443c5be79dd423fcabahrens * off of the mode argument.  After acl has been set owner/group
fa9e4066f08beec538e775443c5be79dd423fcabahrens * are updated to match owner,group arguments
fa9e4066f08beec538e775443c5be79dd423fcabahrens */
fa9e4066f08beec538e775443c5be79dd423fcabahrensint
fa9e4066f08beec538e775443c5be79dd423fcabahrensacl_strip(const char *file, uid_t owner, gid_t group, mode_t mode)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int error = 0;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    aclent_t min_acl[MIN_ACL_ENTRIES];
27dd1e87cd3d939264769dd4af7e6a529cde001fMark Shellenbaum    ace_t   *min_ace_acl;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int acl_flavor;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int aclcnt;
a3c49ce110f325a563c245bedc4d533adddb7211Albert Lee    struct stat64 statbuf;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    acl_flavor = pathconf(file, _PC_ACL_ENABLED);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
a3c49ce110f325a563c245bedc4d533adddb7211Albert Lee    if (stat64(file, &statbuf) != 0) {
a3c49ce110f325a563c245bedc4d533adddb7211Albert Lee        error = 1;
a3c49ce110f325a563c245bedc4d533adddb7211Albert Lee        return (error);
a3c49ce110f325a563c245bedc4d533adddb7211Albert Lee    }
a3c49ce110f325a563c245bedc4d533adddb7211Albert Lee
fa9e4066f08beec538e775443c5be79dd423fcabahrens    /*
fa9e4066f08beec538e775443c5be79dd423fcabahrens     * force it through aclent flavor when file system doesn't
fa9e4066f08beec538e775443c5be79dd423fcabahrens     * understand question
fa9e4066f08beec538e775443c5be79dd423fcabahrens     */
a222db82aa8aaee84f3cba02cf799fe851fa7ac3marks    if (acl_flavor == 0 || acl_flavor == -1)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl_flavor = _ACL_ACLENT_ENABLED;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (acl_flavor & _ACL_ACLENT_ENABLED) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        min_acl[0].a_type = USER_OBJ;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        min_acl[0].a_id   = owner;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        min_acl[0].a_perm = ((mode & 0700) >> 6);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        min_acl[1].a_type = GROUP_OBJ;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        min_acl[1].a_id   = group;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        min_acl[1].a_perm = ((mode & 0070) >> 3);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        min_acl[2].a_type = CLASS_OBJ;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        min_acl[2].a_id   = (uid_t)-1;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        min_acl[2].a_perm = ((mode & 0070) >> 3);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        min_acl[3].a_type = OTHER_OBJ;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        min_acl[3].a_id   = (uid_t)-1;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        min_acl[3].a_perm = (mode & 0007);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        aclcnt = 4;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        error = acl(file, SETACL, aclcnt, min_acl);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    } else if (acl_flavor & _ACL_ACE_ENABLED) {
a3c49ce110f325a563c245bedc4d533adddb7211Albert Lee        if ((error = acl_trivial_create(mode, S_ISDIR(statbuf.st_mode),
a3c49ce110f325a563c245bedc4d533adddb7211Albert Lee            &min_ace_acl, &aclcnt)) != 0)
27dd1e87cd3d939264769dd4af7e6a529cde001fMark Shellenbaum            return (error);
27dd1e87cd3d939264769dd4af7e6a529cde001fMark Shellenbaum        error = acl(file, ACE_SETACL, aclcnt, min_ace_acl);
27dd1e87cd3d939264769dd4af7e6a529cde001fMark Shellenbaum        free(min_ace_acl);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    } else {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        errno = EINVAL;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        error = 1;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (error == 0)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        error = chown(file, owner, group);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return (error);
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrensstatic int
fa9e4066f08beec538e775443c5be79dd423fcabahrensace_match(void *entry1, void *entry2)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    ace_t *p1 = (ace_t *)entry1;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    ace_t *p2 = (ace_t *)entry2;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    ace_t ace1, ace2;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    ace1 = *p1;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    ace2 = *p2;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    /*
fa9e4066f08beec538e775443c5be79dd423fcabahrens     * Need to fixup who field for abstrations for
fa9e4066f08beec538e775443c5be79dd423fcabahrens     * accurate comparison, since field is undefined.
fa9e4066f08beec538e775443c5be79dd423fcabahrens     */
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (ace1.a_flags & (ACE_OWNER|ACE_GROUP|ACE_EVERYONE))
f48205be61a214698b763ff550ab9e657525104ccasper        ace1.a_who = (uid_t)-1;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (ace2.a_flags & (ACE_OWNER|ACE_GROUP|ACE_EVERYONE))
f48205be61a214698b763ff550ab9e657525104ccasper        ace2.a_who = (uid_t)-1;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return (memcmp(&ace1, &ace2, sizeof (ace_t)));
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrensstatic int
fa9e4066f08beec538e775443c5be79dd423fcabahrensaclent_match(void *entry1, void *entry2)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    aclent_t *aclent1 = (aclent_t *)entry1;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    aclent_t *aclent2 = (aclent_t *)entry2;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return (memcmp(aclent1, aclent2, sizeof (aclent_t)));
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens/*
fa9e4066f08beec538e775443c5be79dd423fcabahrens * Find acl entries in acl that correspond to removeacl.  Search
fa9e4066f08beec538e775443c5be79dd423fcabahrens * is started from slot.  The flag argument indicates whether to
fa9e4066f08beec538e775443c5be79dd423fcabahrens * remove all matches or just the first match.
fa9e4066f08beec538e775443c5be79dd423fcabahrens */
fa9e4066f08beec538e775443c5be79dd423fcabahrensint
fa9e4066f08beec538e775443c5be79dd423fcabahrensacl_removeentries(acl_t *acl, acl_t *removeacl, int start_slot, int flag)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int i, j;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int match;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int (*acl_match)(void *acl1, void *acl2);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    void *acl_entry, *remove_entry;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    void *start;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int found = 0;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (flag != ACL_REMOVE_ALL && flag != ACL_REMOVE_FIRST)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        flag = ACL_REMOVE_FIRST;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (acl == NULL || removeacl == NULL)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (EACL_NO_ACL_ENTRY);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (acl->acl_type != removeacl->acl_type)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (EACL_DIFF_TYPE);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (acl->acl_type == ACLENT_T)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl_match = aclent_match;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    else
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl_match = ace_match;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    for (i = 0, remove_entry = removeacl->acl_aclp;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        i != removeacl->acl_cnt; i++) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens        j = 0;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl_entry = (char *)acl->acl_aclp +
fa9e4066f08beec538e775443c5be79dd423fcabahrens            (acl->acl_entry_size * start_slot);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        for (;;) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens            match = acl_match(acl_entry, remove_entry);
fa9e4066f08beec538e775443c5be79dd423fcabahrens            if (match == 0)  {
fa9e4066f08beec538e775443c5be79dd423fcabahrens                found++;
57841ad7c4da76238b3e15b3f642e30e046a5256Renaud Manus
57841ad7c4da76238b3e15b3f642e30e046a5256Renaud Manus                /* avoid memmove if last entry */
57841ad7c4da76238b3e15b3f642e30e046a5256Renaud Manus                if (acl->acl_cnt == (j + 1)) {
57841ad7c4da76238b3e15b3f642e30e046a5256Renaud Manus                    acl->acl_cnt--;
57841ad7c4da76238b3e15b3f642e30e046a5256Renaud Manus                    break;
57841ad7c4da76238b3e15b3f642e30e046a5256Renaud Manus                }
57841ad7c4da76238b3e15b3f642e30e046a5256Renaud Manus
fa9e4066f08beec538e775443c5be79dd423fcabahrens                start = (char *)acl_entry +
fa9e4066f08beec538e775443c5be79dd423fcabahrens                    acl->acl_entry_size;
fa9e4066f08beec538e775443c5be79dd423fcabahrens                (void) memmove(acl_entry, start,
fa9e4066f08beec538e775443c5be79dd423fcabahrens                    acl->acl_entry_size *
57841ad7c4da76238b3e15b3f642e30e046a5256Renaud Manus                    (acl->acl_cnt-- - (j + 1)));
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens                if (flag == ACL_REMOVE_FIRST)
fa9e4066f08beec538e775443c5be79dd423fcabahrens                    break;
fa9e4066f08beec538e775443c5be79dd423fcabahrens                /*
b249c65cf0a7400e86a36ddab5c3fce085809859marks                 * List has changed, just continue so this
b249c65cf0a7400e86a36ddab5c3fce085809859marks                 * slot gets checked with it's new contents.
fa9e4066f08beec538e775443c5be79dd423fcabahrens                 */
fa9e4066f08beec538e775443c5be79dd423fcabahrens                continue;
fa9e4066f08beec538e775443c5be79dd423fcabahrens            }
fa9e4066f08beec538e775443c5be79dd423fcabahrens            acl_entry = ((char *)acl_entry + acl->acl_entry_size);
fa9e4066f08beec538e775443c5be79dd423fcabahrens            if (++j >= acl->acl_cnt) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens                break;
fa9e4066f08beec538e775443c5be79dd423fcabahrens            }
fa9e4066f08beec538e775443c5be79dd423fcabahrens        }
b249c65cf0a7400e86a36ddab5c3fce085809859marks        remove_entry = (char *)remove_entry + removeacl->acl_entry_size;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return ((found == 0) ? EACL_NO_ACL_ENTRY : 0);
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens/*
fa9e4066f08beec538e775443c5be79dd423fcabahrens * Replace entires entries in acl1 with the corresponding entries
fa9e4066f08beec538e775443c5be79dd423fcabahrens * in newentries.  The where argument specifies where to begin
fa9e4066f08beec538e775443c5be79dd423fcabahrens * the replacement.  If the where argument is 1 greater than the
fa9e4066f08beec538e775443c5be79dd423fcabahrens * number of acl entries in acl1 then they are appended.  If the
fa9e4066f08beec538e775443c5be79dd423fcabahrens * where argument is 2+ greater than the number of acl entries then
fa9e4066f08beec538e775443c5be79dd423fcabahrens * EACL_INVALID_SLOT is returned.
fa9e4066f08beec538e775443c5be79dd423fcabahrens */
fa9e4066f08beec538e775443c5be79dd423fcabahrensint
fa9e4066f08beec538e775443c5be79dd423fcabahrensacl_modifyentries(acl_t *acl1, acl_t *newentries, int where)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int slot;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int slots_needed;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int slots_left;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int newsize;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (acl1 == NULL || newentries == NULL)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (EACL_NO_ACL_ENTRY);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (where < 0 || where >= acl1->acl_cnt)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (EACL_INVALID_SLOT);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (acl1->acl_type != newentries->acl_type)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (EACL_DIFF_TYPE);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    slot = where;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    slots_left = acl1->acl_cnt - slot + 1;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (slots_left < newentries->acl_cnt) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        slots_needed = newentries->acl_cnt - slots_left;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        newsize = (acl1->acl_entry_size * acl1->acl_cnt) +
fa9e4066f08beec538e775443c5be79dd423fcabahrens            (acl1->acl_entry_size * slots_needed);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl1->acl_aclp = realloc(acl1->acl_aclp, newsize);
fa9e4066f08beec538e775443c5be79dd423fcabahrens        if (acl1->acl_aclp == NULL)
fa9e4066f08beec538e775443c5be79dd423fcabahrens            return (-1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens    (void) memcpy((char *)acl1->acl_aclp + (acl1->acl_entry_size * slot),
fa9e4066f08beec538e775443c5be79dd423fcabahrens        newentries->acl_aclp,
fa9e4066f08beec538e775443c5be79dd423fcabahrens        newentries->acl_entry_size * newentries->acl_cnt);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    /*
fa9e4066f08beec538e775443c5be79dd423fcabahrens     * Did ACL grow?
fa9e4066f08beec538e775443c5be79dd423fcabahrens     */
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if ((slot + newentries->acl_cnt) > acl1->acl_cnt) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl1->acl_cnt = slot + newentries->acl_cnt;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return (0);
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens/*
fa9e4066f08beec538e775443c5be79dd423fcabahrens * Add acl2 entries into acl1.  The where argument specifies where
fa9e4066f08beec538e775443c5be79dd423fcabahrens * to add the entries.
fa9e4066f08beec538e775443c5be79dd423fcabahrens */
fa9e4066f08beec538e775443c5be79dd423fcabahrensint
fa9e4066f08beec538e775443c5be79dd423fcabahrensacl_addentries(acl_t *acl1, acl_t *acl2, int where)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int newsize;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int len;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    void *start;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    void *to;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (acl1 == NULL || acl2 == NULL)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (EACL_NO_ACL_ENTRY);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (acl1->acl_type != acl2->acl_type)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (EACL_DIFF_TYPE);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    /*
fa9e4066f08beec538e775443c5be79dd423fcabahrens     * allow where to specify 1 past last slot for an append operation
fa9e4066f08beec538e775443c5be79dd423fcabahrens     * but anything greater is an error.
fa9e4066f08beec538e775443c5be79dd423fcabahrens     */
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (where < 0 || where > acl1->acl_cnt)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (EACL_INVALID_SLOT);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    newsize = (acl2->acl_entry_size * acl2->acl_cnt) +
fa9e4066f08beec538e775443c5be79dd423fcabahrens        (acl1->acl_entry_size * acl1->acl_cnt);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    acl1->acl_aclp = realloc(acl1->acl_aclp, newsize);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (acl1->acl_aclp == NULL)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (-1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    /*
fa9e4066f08beec538e775443c5be79dd423fcabahrens     * first push down entries where new ones will be inserted
fa9e4066f08beec538e775443c5be79dd423fcabahrens     */
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    to = (void *)((char *)acl1->acl_aclp +
fa9e4066f08beec538e775443c5be79dd423fcabahrens        ((where + acl2->acl_cnt) * acl1->acl_entry_size));
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    start = (void *)((char *)acl1->acl_aclp +
fa9e4066f08beec538e775443c5be79dd423fcabahrens        where * acl1->acl_entry_size);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (where < acl1->acl_cnt) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        len = (acl1->acl_cnt - where) * acl1->acl_entry_size;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        (void) memmove(to, start, len);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    /*
fa9e4066f08beec538e775443c5be79dd423fcabahrens     * now stick in new entries.
fa9e4066f08beec538e775443c5be79dd423fcabahrens     */
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    (void) memmove(start, acl2->acl_aclp,
fa9e4066f08beec538e775443c5be79dd423fcabahrens        acl2->acl_cnt * acl2->acl_entry_size);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    acl1->acl_cnt += acl2->acl_cnt;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return (0);
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens/*
fa9e4066f08beec538e775443c5be79dd423fcabahrens * return text for an ACL error.
fa9e4066f08beec538e775443c5be79dd423fcabahrens */
fa9e4066f08beec538e775443c5be79dd423fcabahrenschar *
fa9e4066f08beec538e775443c5be79dd423fcabahrensacl_strerror(int errnum)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    switch (errnum) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_GRP_ERROR:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN,
5a5eeccada4b11bc692e9a5015d5f4a4f188226cmarks            "There is more than one group or default group entry"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_USER_ERROR:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN,
5a5eeccada4b11bc692e9a5015d5f4a4f188226cmarks            "There is more than one user or default user entry"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_OTHER_ERROR:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            "There is more than one other entry"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_CLASS_ERROR:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            "There is more than one mask entry"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_DUPLICATE_ERROR:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            "Duplicate user or group entries"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_MISS_ERROR:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            "Missing user/group owner, other, mask entry"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_MEM_ERROR:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            "Memory error"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_ENTRY_ERROR:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            "Unrecognized entry type"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_INHERIT_ERROR:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            "Invalid inheritance flags"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_FLAGS_ERROR:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            "Unrecognized entry flags"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_PERM_MASK_ERROR:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            "Invalid ACL permissions"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_COUNT_ERROR:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            "Invalid ACL count"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_INVALID_SLOT:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            "Invalid ACL entry number specified"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_NO_ACL_ENTRY:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            "ACL entry doesn't exist"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_DIFF_TYPE:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN,
2269545aca348693948db4c9329109dbd770ffa9stephanie scheffler            "Different file system ACL types cannot be merged"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_INVALID_USER_GROUP:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN, "Invalid user or group"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_INVALID_STR:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN, "ACL string is invalid"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_FIELD_NOT_BLANK:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN, "Field expected to be blank"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_INVALID_ACCESS_TYPE:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN, "Invalid access type"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_UNKNOWN_DATA:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN, "Unrecognized entry"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_MISSING_FIELDS:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            "ACL specification missing required fields"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case EACL_INHERIT_NOTDIR:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN,
fa9e4066f08beec538e775443c5be79dd423fcabahrens            "Inheritance flags are only allowed on directories"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    case -1:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (strerror(errno));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    default:
fa9e4066f08beec538e775443c5be79dd423fcabahrens        errno = EINVAL;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (dgettext(TEXT_DOMAIN, "Unknown error"));
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
5a5eeccada4b11bc692e9a5015d5f4a4f188226cmarks
5a5eeccada4b11bc692e9a5015d5f4a4f188226cmarksextern int yyinteractive;
5a5eeccada4b11bc692e9a5015d5f4a4f188226cmarks
5a5eeccada4b11bc692e9a5015d5f4a4f188226cmarks/* PRINTFLIKE1 */
5a5eeccada4b11bc692e9a5015d5f4a4f188226cmarksvoid
5a5eeccada4b11bc692e9a5015d5f4a4f188226cmarksacl_error(const char *fmt, ...)
5a5eeccada4b11bc692e9a5015d5f4a4f188226cmarks{
5a5eeccada4b11bc692e9a5015d5f4a4f188226cmarks    va_list va;
5a5eeccada4b11bc692e9a5015d5f4a4f188226cmarks
5a5eeccada4b11bc692e9a5015d5f4a4f188226cmarks    if (yyinteractive == 0)
5a5eeccada4b11bc692e9a5015d5f4a4f188226cmarks        return;
5a5eeccada4b11bc692e9a5015d5f4a4f188226cmarks
5a5eeccada4b11bc692e9a5015d5f4a4f188226cmarks    va_start(va, fmt);
5a5eeccada4b11bc692e9a5015d5f4a4f188226cmarks    (void) vfprintf(stderr, fmt, va);
5a5eeccada4b11bc692e9a5015d5f4a4f188226cmarks    va_end(va);
5a5eeccada4b11bc692e9a5015d5f4a4f188226cmarks}
b249c65cf0a7400e86a36ddab5c3fce085809859marks
b249c65cf0a7400e86a36ddab5c3fce085809859marksint
b249c65cf0a7400e86a36ddab5c3fce085809859markssid_to_id(char *sid, boolean_t user, uid_t *id)
b249c65cf0a7400e86a36ddab5c3fce085809859marks{
b249c65cf0a7400e86a36ddab5c3fce085809859marks    idmap_get_handle_t *get_hdl = NULL;
b249c65cf0a7400e86a36ddab5c3fce085809859marks    char *rid_start = NULL;
b249c65cf0a7400e86a36ddab5c3fce085809859marks    idmap_stat status;
b249c65cf0a7400e86a36ddab5c3fce085809859marks    char *end;
909c9a9f5171df17baed828a2889f1817ee87cfaMark Shellenbaum    int error = 1;
b249c65cf0a7400e86a36ddab5c3fce085809859marks    char *domain_start;
b249c65cf0a7400e86a36ddab5c3fce085809859marks
b249c65cf0a7400e86a36ddab5c3fce085809859marks    if ((domain_start = strchr(sid, '@')) == NULL) {
b249c65cf0a7400e86a36ddab5c3fce085809859marks        idmap_rid_t rid;
b249c65cf0a7400e86a36ddab5c3fce085809859marks
b249c65cf0a7400e86a36ddab5c3fce085809859marks        if ((rid_start = strrchr(sid, '-')) == NULL)
909c9a9f5171df17baed828a2889f1817ee87cfaMark Shellenbaum            return (1);
b249c65cf0a7400e86a36ddab5c3fce085809859marks        *rid_start++ = '\0';
b249c65cf0a7400e86a36ddab5c3fce085809859marks        errno = 0;
b249c65cf0a7400e86a36ddab5c3fce085809859marks        rid = strtoul(rid_start--, &end, 10);
b249c65cf0a7400e86a36ddab5c3fce085809859marks        if (errno == 0 && *end == '\0') {
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh            if (idmap_get_create(&get_hdl) ==
909c9a9f5171df17baed828a2889f1817ee87cfaMark Shellenbaum                IDMAP_SUCCESS) {
b249c65cf0a7400e86a36ddab5c3fce085809859marks                if (user)
b249c65cf0a7400e86a36ddab5c3fce085809859marks                    error = idmap_get_uidbysid(get_hdl,
3ee87bca47e74aa2719352485b80973ca6e079b7Julian Pullen                        sid, rid, IDMAP_REQ_FLG_USE_CACHE,
3ee87bca47e74aa2719352485b80973ca6e079b7Julian Pullen                        id, &status);
b249c65cf0a7400e86a36ddab5c3fce085809859marks                else
b249c65cf0a7400e86a36ddab5c3fce085809859marks                    error = idmap_get_gidbysid(get_hdl,
3ee87bca47e74aa2719352485b80973ca6e079b7Julian Pullen                        sid, rid, IDMAP_REQ_FLG_USE_CACHE,
3ee87bca47e74aa2719352485b80973ca6e079b7Julian Pullen                        id, &status);
909c9a9f5171df17baed828a2889f1817ee87cfaMark Shellenbaum                if (error == IDMAP_SUCCESS) {
909c9a9f5171df17baed828a2889f1817ee87cfaMark Shellenbaum                    error = idmap_get_mappings(get_hdl);
909c9a9f5171df17baed828a2889f1817ee87cfaMark Shellenbaum                    if (error == IDMAP_SUCCESS &&
909c9a9f5171df17baed828a2889f1817ee87cfaMark Shellenbaum                        status != IDMAP_SUCCESS)
909c9a9f5171df17baed828a2889f1817ee87cfaMark Shellenbaum                        error = 1;
909c9a9f5171df17baed828a2889f1817ee87cfaMark Shellenbaum                    else
909c9a9f5171df17baed828a2889f1817ee87cfaMark Shellenbaum                        error = 0;
909c9a9f5171df17baed828a2889f1817ee87cfaMark Shellenbaum                }
909c9a9f5171df17baed828a2889f1817ee87cfaMark Shellenbaum            } else {
909c9a9f5171df17baed828a2889f1817ee87cfaMark Shellenbaum                error = 1;
b249c65cf0a7400e86a36ddab5c3fce085809859marks            }
909c9a9f5171df17baed828a2889f1817ee87cfaMark Shellenbaum            if (get_hdl)
909c9a9f5171df17baed828a2889f1817ee87cfaMark Shellenbaum                idmap_get_destroy(get_hdl);
b249c65cf0a7400e86a36ddab5c3fce085809859marks        } else {
909c9a9f5171df17baed828a2889f1817ee87cfaMark Shellenbaum            error = 1;
b249c65cf0a7400e86a36ddab5c3fce085809859marks        }
b249c65cf0a7400e86a36ddab5c3fce085809859marks        *rid_start = '-'; /* putback character removed earlier */
b249c65cf0a7400e86a36ddab5c3fce085809859marks    } else {
b249c65cf0a7400e86a36ddab5c3fce085809859marks        char *name = sid;
b249c65cf0a7400e86a36ddab5c3fce085809859marks        *domain_start++ = '\0';
b249c65cf0a7400e86a36ddab5c3fce085809859marks
b249c65cf0a7400e86a36ddab5c3fce085809859marks        if (user)
3ee87bca47e74aa2719352485b80973ca6e079b7Julian Pullen            error = idmap_getuidbywinname(name, domain_start,
3ee87bca47e74aa2719352485b80973ca6e079b7Julian Pullen                IDMAP_REQ_FLG_USE_CACHE, id);
b249c65cf0a7400e86a36ddab5c3fce085809859marks        else
3ee87bca47e74aa2719352485b80973ca6e079b7Julian Pullen            error = idmap_getgidbywinname(name, domain_start,
3ee87bca47e74aa2719352485b80973ca6e079b7Julian Pullen                IDMAP_REQ_FLG_USE_CACHE, id);
b249c65cf0a7400e86a36ddab5c3fce085809859marks        *--domain_start = '@';
909c9a9f5171df17baed828a2889f1817ee87cfaMark Shellenbaum        error = (error == IDMAP_SUCCESS) ? 0 : 1;
b249c65cf0a7400e86a36ddab5c3fce085809859marks    }
b249c65cf0a7400e86a36ddab5c3fce085809859marks
b249c65cf0a7400e86a36ddab5c3fce085809859marks    return (error);
b249c65cf0a7400e86a36ddab5c3fce085809859marks}