17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
5*b249c65cSmarks * Common Development and Distribution License (the "License").
6*b249c65cSmarks * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
217c478bd9Sstevel@tonic-gate /*
22*b249c65cSmarks * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23fa9e4066Sahrens * Use is subject to license terms.
247c478bd9Sstevel@tonic-gate */
257c478bd9Sstevel@tonic-gate
267c478bd9Sstevel@tonic-gate /*LINTLIBRARY*/
277c478bd9Sstevel@tonic-gate
287c478bd9Sstevel@tonic-gate /*
297c478bd9Sstevel@tonic-gate * aclcheck(): check validity of an ACL
307c478bd9Sstevel@tonic-gate * A valid ACL is defined as follows:
317c478bd9Sstevel@tonic-gate * There must be exactly one USER_OBJ, GROUP_OBJ, and OTHER_OBJ entry.
327c478bd9Sstevel@tonic-gate * If there are any USER entries, then the user id must be unique.
337c478bd9Sstevel@tonic-gate * If there are any GROUP entries, then the group id must be unique.
347c478bd9Sstevel@tonic-gate * If there are any GROUP or USER entries, there must be exactly one
357c478bd9Sstevel@tonic-gate * CLASS_OBJ entry.
367c478bd9Sstevel@tonic-gate * The same rules apply to default ACL entries.
377c478bd9Sstevel@tonic-gate */
387c478bd9Sstevel@tonic-gate
397c478bd9Sstevel@tonic-gate #include <errno.h>
407c478bd9Sstevel@tonic-gate #include <stdlib.h>
417c478bd9Sstevel@tonic-gate #include <string.h>
427c478bd9Sstevel@tonic-gate #include <sys/types.h>
437c478bd9Sstevel@tonic-gate #include <sys/acl.h>
44fa9e4066Sahrens #include <aclutils.h>
457c478bd9Sstevel@tonic-gate
467c478bd9Sstevel@tonic-gate struct entry {
477c478bd9Sstevel@tonic-gate int count;
487c478bd9Sstevel@tonic-gate uid_t *id;
497c478bd9Sstevel@tonic-gate };
507c478bd9Sstevel@tonic-gate
517c478bd9Sstevel@tonic-gate struct entry_stat {
527c478bd9Sstevel@tonic-gate struct entry user_obj;
537c478bd9Sstevel@tonic-gate struct entry user;
547c478bd9Sstevel@tonic-gate struct entry group_obj;
557c478bd9Sstevel@tonic-gate struct entry group;
567c478bd9Sstevel@tonic-gate struct entry other_obj;
577c478bd9Sstevel@tonic-gate struct entry class_obj;
587c478bd9Sstevel@tonic-gate struct entry def_user_obj;
597c478bd9Sstevel@tonic-gate struct entry def_user;
607c478bd9Sstevel@tonic-gate struct entry def_group_obj;
617c478bd9Sstevel@tonic-gate struct entry def_group;
627c478bd9Sstevel@tonic-gate struct entry def_other_obj;
637c478bd9Sstevel@tonic-gate struct entry def_class_obj;
647c478bd9Sstevel@tonic-gate };
657c478bd9Sstevel@tonic-gate
667c478bd9Sstevel@tonic-gate static void free_mem(struct entry_stat *);
677c478bd9Sstevel@tonic-gate static int check_dup(int, uid_t *, uid_t, struct entry_stat *);
687c478bd9Sstevel@tonic-gate
69fa9e4066Sahrens static int
aclent_aclcheck(aclent_t * aclbufp,int nentries,int * which,int isdir)70fa9e4066Sahrens aclent_aclcheck(aclent_t *aclbufp, int nentries, int *which, int isdir)
717c478bd9Sstevel@tonic-gate {
727c478bd9Sstevel@tonic-gate struct entry_stat tally;
737c478bd9Sstevel@tonic-gate aclent_t *aclentp;
747c478bd9Sstevel@tonic-gate uid_t **idp;
757c478bd9Sstevel@tonic-gate int cnt;
767c478bd9Sstevel@tonic-gate
777c478bd9Sstevel@tonic-gate *which = -1;
787c478bd9Sstevel@tonic-gate memset(&tally, '\0', sizeof (tally));
797c478bd9Sstevel@tonic-gate
807c478bd9Sstevel@tonic-gate for (aclentp = aclbufp; nentries > 0; nentries--, aclentp++) {
817c478bd9Sstevel@tonic-gate switch (aclentp->a_type) {
827c478bd9Sstevel@tonic-gate case USER_OBJ:
837c478bd9Sstevel@tonic-gate /* check uniqueness */
847c478bd9Sstevel@tonic-gate if (tally.user_obj.count > 0) {
85fa9e4066Sahrens *which = (int)(aclentp - aclbufp);
867c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
877c478bd9Sstevel@tonic-gate errno = EINVAL;
88fa9e4066Sahrens return (EACL_USER_ERROR);
897c478bd9Sstevel@tonic-gate }
907c478bd9Sstevel@tonic-gate tally.user_obj.count = 1;
917c478bd9Sstevel@tonic-gate break;
927c478bd9Sstevel@tonic-gate
937c478bd9Sstevel@tonic-gate case GROUP_OBJ:
947c478bd9Sstevel@tonic-gate /* check uniqueness */
957c478bd9Sstevel@tonic-gate if (tally.group_obj.count > 0) {
96fa9e4066Sahrens *which = (int)(aclentp - aclbufp);
977c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
987c478bd9Sstevel@tonic-gate errno = EINVAL;
99fa9e4066Sahrens return (EACL_GRP_ERROR);
1007c478bd9Sstevel@tonic-gate }
1017c478bd9Sstevel@tonic-gate tally.group_obj.count = 1;
1027c478bd9Sstevel@tonic-gate break;
1037c478bd9Sstevel@tonic-gate
1047c478bd9Sstevel@tonic-gate case OTHER_OBJ:
1057c478bd9Sstevel@tonic-gate /* check uniqueness */
1067c478bd9Sstevel@tonic-gate if (tally.other_obj.count > 0) {
107fa9e4066Sahrens *which = (int)(aclentp - aclbufp);
1087c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
1097c478bd9Sstevel@tonic-gate errno = EINVAL;
110fa9e4066Sahrens return (EACL_OTHER_ERROR);
1117c478bd9Sstevel@tonic-gate }
1127c478bd9Sstevel@tonic-gate tally.other_obj.count = 1;
1137c478bd9Sstevel@tonic-gate break;
1147c478bd9Sstevel@tonic-gate
1157c478bd9Sstevel@tonic-gate case CLASS_OBJ:
1167c478bd9Sstevel@tonic-gate /* check uniqueness */
1177c478bd9Sstevel@tonic-gate if (tally.class_obj.count > 0) {
118fa9e4066Sahrens *which = (int)(aclentp - aclbufp);
1197c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
1207c478bd9Sstevel@tonic-gate errno = EINVAL;
121fa9e4066Sahrens return (EACL_CLASS_ERROR);
1227c478bd9Sstevel@tonic-gate }
1237c478bd9Sstevel@tonic-gate tally.class_obj.count = 1;
1247c478bd9Sstevel@tonic-gate break;
1257c478bd9Sstevel@tonic-gate
1267c478bd9Sstevel@tonic-gate case USER:
1277c478bd9Sstevel@tonic-gate case GROUP:
1287c478bd9Sstevel@tonic-gate case DEF_USER:
1297c478bd9Sstevel@tonic-gate case DEF_GROUP:
1307c478bd9Sstevel@tonic-gate /* check duplicate */
1317c478bd9Sstevel@tonic-gate if (aclentp->a_type == DEF_USER) {
1327c478bd9Sstevel@tonic-gate cnt = (tally.def_user.count)++;
1337c478bd9Sstevel@tonic-gate idp = &(tally.def_user.id);
1347c478bd9Sstevel@tonic-gate } else if (aclentp->a_type == DEF_GROUP) {
1357c478bd9Sstevel@tonic-gate cnt = (tally.def_group.count)++;
1367c478bd9Sstevel@tonic-gate idp = &(tally.def_group.id);
1377c478bd9Sstevel@tonic-gate } else if (aclentp->a_type == USER) {
1387c478bd9Sstevel@tonic-gate cnt = (tally.user.count)++;
1397c478bd9Sstevel@tonic-gate idp = &(tally.user.id);
1407c478bd9Sstevel@tonic-gate } else {
1417c478bd9Sstevel@tonic-gate cnt = (tally.group.count)++;
1427c478bd9Sstevel@tonic-gate idp = &(tally.group.id);
1437c478bd9Sstevel@tonic-gate }
1447c478bd9Sstevel@tonic-gate
1457c478bd9Sstevel@tonic-gate if (cnt == 0) {
1467c478bd9Sstevel@tonic-gate *idp = calloc(nentries, sizeof (uid_t));
1477c478bd9Sstevel@tonic-gate if (*idp == NULL)
148fa9e4066Sahrens return (EACL_MEM_ERROR);
1497c478bd9Sstevel@tonic-gate } else {
1507c478bd9Sstevel@tonic-gate if (check_dup(cnt, *idp, aclentp->a_id,
1517c478bd9Sstevel@tonic-gate &tally) == -1) {
152fa9e4066Sahrens *which = (int)(aclentp - aclbufp);
153fa9e4066Sahrens return (EACL_DUPLICATE_ERROR);
1547c478bd9Sstevel@tonic-gate }
1557c478bd9Sstevel@tonic-gate }
1567c478bd9Sstevel@tonic-gate (*idp)[cnt] = aclentp->a_id;
1577c478bd9Sstevel@tonic-gate break;
1587c478bd9Sstevel@tonic-gate
1597c478bd9Sstevel@tonic-gate case DEF_USER_OBJ:
1607c478bd9Sstevel@tonic-gate /* check uniqueness */
1617c478bd9Sstevel@tonic-gate if (tally.def_user_obj.count > 0) {
162fa9e4066Sahrens *which = (int)(aclentp - aclbufp);
1637c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
1647c478bd9Sstevel@tonic-gate errno = EINVAL;
165fa9e4066Sahrens return (EACL_USER_ERROR);
1667c478bd9Sstevel@tonic-gate }
1677c478bd9Sstevel@tonic-gate tally.def_user_obj.count = 1;
1687c478bd9Sstevel@tonic-gate break;
1697c478bd9Sstevel@tonic-gate
1707c478bd9Sstevel@tonic-gate case DEF_GROUP_OBJ:
1717c478bd9Sstevel@tonic-gate /* check uniqueness */
1727c478bd9Sstevel@tonic-gate if (tally.def_group_obj.count > 0) {
173fa9e4066Sahrens *which = (int)(aclentp - aclbufp);
1747c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
1757c478bd9Sstevel@tonic-gate errno = EINVAL;
176fa9e4066Sahrens return (EACL_GRP_ERROR);
1777c478bd9Sstevel@tonic-gate }
1787c478bd9Sstevel@tonic-gate tally.def_group_obj.count = 1;
1797c478bd9Sstevel@tonic-gate break;
1807c478bd9Sstevel@tonic-gate
1817c478bd9Sstevel@tonic-gate case DEF_OTHER_OBJ:
1827c478bd9Sstevel@tonic-gate /* check uniqueness */
1837c478bd9Sstevel@tonic-gate if (tally.def_other_obj.count > 0) {
184fa9e4066Sahrens *which = (int)(aclentp - aclbufp);
1857c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
1867c478bd9Sstevel@tonic-gate errno = EINVAL;
187fa9e4066Sahrens return (EACL_OTHER_ERROR);
1887c478bd9Sstevel@tonic-gate }
1897c478bd9Sstevel@tonic-gate tally.def_other_obj.count = 1;
1907c478bd9Sstevel@tonic-gate break;
1917c478bd9Sstevel@tonic-gate
1927c478bd9Sstevel@tonic-gate case DEF_CLASS_OBJ:
1937c478bd9Sstevel@tonic-gate /* check uniqueness */
1947c478bd9Sstevel@tonic-gate if (tally.def_class_obj.count > 0) {
195fa9e4066Sahrens *which = (int)(aclentp - aclbufp);
1967c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
1977c478bd9Sstevel@tonic-gate errno = EINVAL;
198fa9e4066Sahrens return (EACL_CLASS_ERROR);
1997c478bd9Sstevel@tonic-gate }
2007c478bd9Sstevel@tonic-gate tally.def_class_obj.count = 1;
2017c478bd9Sstevel@tonic-gate break;
2027c478bd9Sstevel@tonic-gate
2037c478bd9Sstevel@tonic-gate default:
2047c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
2057c478bd9Sstevel@tonic-gate errno = EINVAL;
206fa9e4066Sahrens *which = (int)(aclentp - aclbufp);
207fa9e4066Sahrens return (EACL_ENTRY_ERROR);
2087c478bd9Sstevel@tonic-gate }
2097c478bd9Sstevel@tonic-gate }
2107c478bd9Sstevel@tonic-gate /* If there are group or user entries, there must be one class entry */
2117c478bd9Sstevel@tonic-gate if (tally.user.count > 0 || tally.group.count > 0)
2127c478bd9Sstevel@tonic-gate if (tally.class_obj.count != 1) {
2137c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
2147c478bd9Sstevel@tonic-gate errno = EINVAL;
215fa9e4066Sahrens return (EACL_MISS_ERROR);
2167c478bd9Sstevel@tonic-gate }
2177c478bd9Sstevel@tonic-gate /* same is true for default entries */
2187c478bd9Sstevel@tonic-gate if (tally.def_user.count > 0 || tally.def_group.count > 0)
2197c478bd9Sstevel@tonic-gate if (tally.def_class_obj.count != 1) {
2207c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
2217c478bd9Sstevel@tonic-gate errno = EINVAL;
222fa9e4066Sahrens return (EACL_MISS_ERROR);
2237c478bd9Sstevel@tonic-gate }
2247c478bd9Sstevel@tonic-gate
2257c478bd9Sstevel@tonic-gate /* there must be exactly one user_obj, group_obj, and other_obj entry */
2267c478bd9Sstevel@tonic-gate if (tally.user_obj.count != 1 ||
2277c478bd9Sstevel@tonic-gate tally.group_obj.count != 1 ||
228*b249c65cSmarks tally.other_obj.count != 1) {
2297c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
2307c478bd9Sstevel@tonic-gate errno = EINVAL;
231fa9e4066Sahrens return (EACL_MISS_ERROR);
2327c478bd9Sstevel@tonic-gate }
2337c478bd9Sstevel@tonic-gate
2347c478bd9Sstevel@tonic-gate /* has default? same rules apply to default entries */
235fa9e4066Sahrens if (tally.def_user.count > 0 || tally.def_user_obj.count > 0 ||
236fa9e4066Sahrens tally.def_group.count > 0 || tally.def_group_obj.count > 0 ||
237fa9e4066Sahrens tally.def_class_obj.count > 0 || tally.def_other_obj.count > 0) {
238fa9e4066Sahrens
239fa9e4066Sahrens /*
240fa9e4066Sahrens * Can't have default ACL's on non-directories
241fa9e4066Sahrens */
242fa9e4066Sahrens if (isdir == 0) {
243fa9e4066Sahrens (void) free_mem(&tally);
244fa9e4066Sahrens errno = EINVAL;
245fa9e4066Sahrens return (EACL_INHERIT_NOTDIR);
246fa9e4066Sahrens }
247fa9e4066Sahrens
2487c478bd9Sstevel@tonic-gate if (tally.def_user_obj.count != 1 ||
2497c478bd9Sstevel@tonic-gate tally.def_group_obj.count != 1 ||
2507c478bd9Sstevel@tonic-gate tally.def_other_obj.count != 1) {
2517c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
2527c478bd9Sstevel@tonic-gate errno = EINVAL;
253fa9e4066Sahrens return (EACL_MISS_ERROR);
2547c478bd9Sstevel@tonic-gate }
255fa9e4066Sahrens }
256fa9e4066Sahrens
2577c478bd9Sstevel@tonic-gate (void) free_mem(&tally);
2587c478bd9Sstevel@tonic-gate return (0);
2597c478bd9Sstevel@tonic-gate }
2607c478bd9Sstevel@tonic-gate
261fa9e4066Sahrens int
aclcheck(aclent_t * aclbufp,int nentries,int * which)262fa9e4066Sahrens aclcheck(aclent_t *aclbufp, int nentries, int *which)
263fa9e4066Sahrens {
264fa9e4066Sahrens return (aclent_aclcheck(aclbufp, nentries, which, 1));
265fa9e4066Sahrens }
266fa9e4066Sahrens
267fa9e4066Sahrens
2687c478bd9Sstevel@tonic-gate static void
free_mem(struct entry_stat * tallyp)2697c478bd9Sstevel@tonic-gate free_mem(struct entry_stat *tallyp)
2707c478bd9Sstevel@tonic-gate {
2717c478bd9Sstevel@tonic-gate if ((tallyp->user).count > 0)
2727c478bd9Sstevel@tonic-gate free((tallyp->user).id);
2737c478bd9Sstevel@tonic-gate if ((tallyp->group).count > 0)
2747c478bd9Sstevel@tonic-gate free((tallyp->group).id);
2757c478bd9Sstevel@tonic-gate if ((tallyp->def_user).count > 0)
2767c478bd9Sstevel@tonic-gate free((tallyp->def_user).id);
2777c478bd9Sstevel@tonic-gate if ((tallyp->def_group).count > 0)
2787c478bd9Sstevel@tonic-gate free((tallyp->def_group).id);
2797c478bd9Sstevel@tonic-gate }
2807c478bd9Sstevel@tonic-gate
2817c478bd9Sstevel@tonic-gate static int
check_dup(int count,uid_t * ids,uid_t newid,struct entry_stat * tallyp)2827c478bd9Sstevel@tonic-gate check_dup(int count, uid_t *ids, uid_t newid, struct entry_stat *tallyp)
2837c478bd9Sstevel@tonic-gate {
2847c478bd9Sstevel@tonic-gate int i;
2857c478bd9Sstevel@tonic-gate
2867c478bd9Sstevel@tonic-gate for (i = 0; i < count; i++) {
2877c478bd9Sstevel@tonic-gate if (ids[i] == newid) {
2887c478bd9Sstevel@tonic-gate errno = EINVAL;
2897c478bd9Sstevel@tonic-gate (void) free_mem(tallyp);
2907c478bd9Sstevel@tonic-gate return (-1);
2917c478bd9Sstevel@tonic-gate }
2927c478bd9Sstevel@tonic-gate }
2937c478bd9Sstevel@tonic-gate return (0);
2947c478bd9Sstevel@tonic-gate }
295fa9e4066Sahrens
296fa9e4066Sahrens #define IFLAGS (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE| \
297fa9e4066Sahrens ACE_NO_PROPAGATE_INHERIT_ACE|ACE_INHERIT_ONLY_ACE)
298fa9e4066Sahrens
299fa9e4066Sahrens static int
ace_aclcheck(acl_t * aclp,int isdir)300fa9e4066Sahrens ace_aclcheck(acl_t *aclp, int isdir)
301fa9e4066Sahrens {
302fa9e4066Sahrens ace_t *acep;
303fa9e4066Sahrens int i;
304fa9e4066Sahrens int error = 0;
305fa9e4066Sahrens
306fa9e4066Sahrens /*
307fa9e4066Sahrens * step through all valid flags.
308fa9e4066Sahrens */
309fa9e4066Sahrens
310fa9e4066Sahrens if (aclp->acl_cnt <= 0 || aclp->acl_cnt > MAX_ACL_ENTRIES)
311fa9e4066Sahrens return (EACL_COUNT_ERROR);
312fa9e4066Sahrens
313fa9e4066Sahrens for (i = 0, acep = aclp->acl_aclp;
314fa9e4066Sahrens i != aclp->acl_cnt && error == 0; i++, acep++) {
315fa9e4066Sahrens switch (acep->a_flags & 0xf040) {
316fa9e4066Sahrens case 0:
317fa9e4066Sahrens case ACE_OWNER:
318fa9e4066Sahrens case ACE_EVERYONE:
319fa9e4066Sahrens case ACE_IDENTIFIER_GROUP:
320fa9e4066Sahrens case ACE_GROUP|ACE_IDENTIFIER_GROUP:
321fa9e4066Sahrens break;
322fa9e4066Sahrens default:
323fa9e4066Sahrens errno = EINVAL;
324fa9e4066Sahrens return (EACL_FLAGS_ERROR);
325fa9e4066Sahrens }
326fa9e4066Sahrens
327fa9e4066Sahrens /*
328fa9e4066Sahrens * INHERIT_ONLY/NO_PROPAGATE need a to INHERIT_FILE
329fa9e4066Sahrens * or INHERIT_DIR also
330fa9e4066Sahrens */
331fa9e4066Sahrens if (acep->a_flags &
332fa9e4066Sahrens (ACE_INHERIT_ONLY_ACE|ACE_NO_PROPAGATE_INHERIT_ACE)) {
333fa9e4066Sahrens if ((acep->a_flags & (ACE_FILE_INHERIT_ACE|
334fa9e4066Sahrens ACE_DIRECTORY_INHERIT_ACE)) == 0) {
335fa9e4066Sahrens errno = EINVAL;
336fa9e4066Sahrens return (EACL_INHERIT_ERROR);
337fa9e4066Sahrens }
338fa9e4066Sahrens break;
339fa9e4066Sahrens }
340fa9e4066Sahrens
341fa9e4066Sahrens switch (acep->a_type) {
342fa9e4066Sahrens case ACE_ACCESS_ALLOWED_ACE_TYPE:
343fa9e4066Sahrens case ACE_ACCESS_DENIED_ACE_TYPE:
344fa9e4066Sahrens case ACE_SYSTEM_AUDIT_ACE_TYPE:
345fa9e4066Sahrens case ACE_SYSTEM_ALARM_ACE_TYPE:
346fa9e4066Sahrens break;
347fa9e4066Sahrens default:
348fa9e4066Sahrens errno = EINVAL;
349fa9e4066Sahrens return (EACL_ENTRY_ERROR);
350fa9e4066Sahrens }
351fa9e4066Sahrens if (acep->a_access_mask > ACE_ALL_PERMS) {
352fa9e4066Sahrens errno = EINVAL;
353fa9e4066Sahrens return (EACL_PERM_MASK_ERROR);
354fa9e4066Sahrens }
355fa9e4066Sahrens }
356fa9e4066Sahrens
357fa9e4066Sahrens return (0);
358fa9e4066Sahrens }
359fa9e4066Sahrens
360fa9e4066Sahrens int
acl_check(acl_t * aclp,int flag)361fa9e4066Sahrens acl_check(acl_t *aclp, int flag)
362fa9e4066Sahrens {
363fa9e4066Sahrens int error;
364fa9e4066Sahrens int where;
365fa9e4066Sahrens
366fa9e4066Sahrens switch (aclp->acl_type) {
367fa9e4066Sahrens case ACLENT_T:
368fa9e4066Sahrens error = aclent_aclcheck(aclp->acl_aclp, aclp->acl_cnt,
369fa9e4066Sahrens &where, flag);
370fa9e4066Sahrens break;
371fa9e4066Sahrens case ACE_T:
372fa9e4066Sahrens error = ace_aclcheck(aclp, flag);
373fa9e4066Sahrens break;
374fa9e4066Sahrens default:
375fa9e4066Sahrens errno = EINVAL;
376fa9e4066Sahrens error = EACL_ENTRY_ERROR;
377fa9e4066Sahrens }
378fa9e4066Sahrens return (error);
379fa9e4066Sahrens }
380