Home | History | Annotate | Line # | Download | only in ufs
      1 /*-
      2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
      3  *
      4  * Copyright (c) 1999-2003 Robert N. M. Watson
      5  * All rights reserved.
      6  *
      7  * This software was developed by Robert Watson for the TrustedBSD Project.
      8  *
      9  * Redistribution and use in source and binary forms, with or without
     10  * modification, are permitted provided that the following conditions
     11  * are met:
     12  * 1. Redistributions of source code must retain the above copyright
     13  *    notice, this list of conditions and the following disclaimer.
     14  * 2. Redistributions in binary form must reproduce the above copyright
     15  *    notice, this list of conditions and the following disclaimer in the
     16  *    documentation and/or other materials provided with the distribution.
     17  *
     18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
     19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     21  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     23  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     24  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     25  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     26  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     27  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     28  * SUCH DAMAGE.
     29  */
     30 
     31 /*
     32  * Support for POSIX.1e access control lists: UFS-specific support functions.
     33  */
     34 
     35 #include <sys/cdefs.h>
     36 #if 0
     37 __FBSDID("$FreeBSD: head/sys/ufs/ufs/ufs_acl.c 356669 2020-01-13 02:31:51Z mjg $");
     38 #endif
     39 __KERNEL_RCSID(0, "$NetBSD: ufs_acl.c,v 1.7 2026/01/22 03:24:19 riastradh Exp $");
     40 
     41 #if defined(_KERNEL_OPT)
     42 #include "opt_ffs.h"
     43 #include "opt_quota.h"
     44 #include "opt_wapbl.h"
     45 #endif
     46 
     47 #include <sys/param.h>
     48 #include <sys/types.h>
     49 
     50 #include <sys/acl.h>
     51 #include <sys/event.h>
     52 #include <sys/extattr.h>
     53 #include <sys/mount.h>
     54 #include <sys/proc.h>
     55 #include <sys/sdt.h>
     56 #include <sys/stat.h>
     57 #include <sys/systm.h>
     58 #include <sys/vnode.h>
     59 #include <sys/wapbl.h>
     60 
     61 #include <ufs/ufs/acl.h>
     62 #include <ufs/ufs/dir.h>
     63 #include <ufs/ufs/extattr.h>
     64 #include <ufs/ufs/inode.h>
     65 #include <ufs/ufs/quota.h>
     66 #include <ufs/ufs/ufs_extern.h>
     67 #include <ufs/ufs/ufs_wapbl.h>
     68 #include <ufs/ufs/ufsmount.h>
     69 
     70 #include <ufs/ffs/fs.h>
     71 
     72 #ifdef UFS_ACL
     73 
     74 /*
     75  * Synchronize an ACL and an inode by copying over appropriate inode fields
     76  * to the passed ACL.  Assumes an ACL that would satisfy acl_posix1e_check(),
     77  * and may panic if not.
     78  */
     79 void
     80 ufs_sync_acl_from_inode(struct inode *ip, struct acl *acl)
     81 {
     82 	struct acl_entry	*acl_mask, *acl_group_obj;
     83 	int	i;
     84 
     85 	/*
     86 	 * Update ACL_USER_OBJ, ACL_OTHER, but simply identify ACL_MASK
     87 	 * and ACL_GROUP_OBJ for use after we know whether ACL_MASK is
     88 	 * present.
     89 	 */
     90 	acl_mask = NULL;
     91 	acl_group_obj = NULL;
     92 	for (i = 0; i < acl->acl_cnt; i++) {
     93 		switch (acl->acl_entry[i].ae_tag) {
     94 		case ACL_USER_OBJ:
     95 			acl->acl_entry[i].ae_perm = acl_posix1e_mode_to_perm(
     96 			    ACL_USER_OBJ, ip->i_mode);
     97 			acl->acl_entry[i].ae_id = ACL_UNDEFINED_ID;
     98 			break;
     99 
    100 		case ACL_GROUP_OBJ:
    101 			acl_group_obj = &acl->acl_entry[i];
    102 			acl->acl_entry[i].ae_id = ACL_UNDEFINED_ID;
    103 			break;
    104 
    105 		case ACL_OTHER:
    106 			acl->acl_entry[i].ae_perm = acl_posix1e_mode_to_perm(
    107 			    ACL_OTHER, ip->i_mode);
    108 			acl->acl_entry[i].ae_id = ACL_UNDEFINED_ID;
    109 			break;
    110 
    111 		case ACL_MASK:
    112 			acl_mask = &acl->acl_entry[i];
    113 			acl->acl_entry[i].ae_id = ACL_UNDEFINED_ID;
    114 			break;
    115 
    116 		case ACL_USER:
    117 		case ACL_GROUP:
    118 			break;
    119 
    120 		default:
    121 			panic("ufs_sync_acl_from_inode(): bad ae_tag");
    122 		}
    123 	}
    124 
    125 	if (acl_group_obj == NULL)
    126 		panic("ufs_sync_acl_from_inode(): no ACL_GROUP_OBJ");
    127 
    128 	if (acl_mask == NULL) {
    129 		/*
    130 		 * There is no ACL_MASK, so update ACL_GROUP_OBJ.
    131 		 */
    132 		acl_group_obj->ae_perm = acl_posix1e_mode_to_perm(
    133 		    ACL_GROUP_OBJ, ip->i_mode);
    134 	} else {
    135 		/*
    136 		 * Update the ACL_MASK entry instead of ACL_GROUP_OBJ.
    137 		 */
    138 		acl_mask->ae_perm = acl_posix1e_mode_to_perm(ACL_GROUP_OBJ,
    139 		    ip->i_mode);
    140 	}
    141 }
    142 
    143 /*
    144  * Calculate what the inode mode should look like based on an authoritative
    145  * ACL for the inode.  Replace only the fields in the inode that the ACL
    146  * can represent.
    147  */
    148 void
    149 ufs_sync_inode_from_acl(struct acl *acl, struct inode *ip)
    150 {
    151 
    152 	ip->i_mode &= ACL_PRESERVE_MASK;
    153 	ip->i_mode |= acl_posix1e_acl_to_mode(acl);
    154 	DIP_ASSIGN(ip, mode, ip->i_mode);
    155 }
    156 
    157 /*
    158  * Retrieve NFSv4 ACL, skipping access checks.  Must be used in UFS code
    159  * instead of VOP_GETACL() when we don't want to be restricted by the user
    160  * not having ACL_READ_ACL permission, e.g. when calculating inherited ACL
    161  * or in ufs_vnops.c:ufs_accessx().
    162  */
    163 int
    164 ufs_getacl_nfs4_internal(struct vnode *vp, struct acl *aclp, struct lwp *l)
    165 {
    166 	int error;
    167 	size_t len;
    168 	struct inode *ip = VTOI(vp);
    169 
    170 	len = sizeof(*aclp);
    171 	bzero(aclp, len);
    172 
    173 	error = vn_extattr_get(vp, IO_NODELOCKED,
    174 	    NFS4_ACL_EXTATTR_NAMESPACE, NFS4_ACL_EXTATTR_NAME, &len, aclp, l);
    175 	aclp->acl_maxcnt = ACL_MAX_ENTRIES;
    176 	if (error == ENOATTR) {
    177 		/*
    178 		 * Legitimately no ACL set on object, purely
    179 		 * emulate it through the inode.
    180 		 */
    181 		acl_nfs4_sync_acl_from_mode(aclp, ip->i_mode, ip->i_uid);
    182 
    183 		return 0;
    184 	}
    185 
    186 	if (error)
    187 		return error;
    188 
    189 	if (len != sizeof(*aclp)) {
    190 		/*
    191 		 * A short (or long) read, meaning that for
    192 		 * some reason the ACL is corrupted.  Return
    193 		 * EPERM since the object DAC protections
    194 		 * are unsafe.
    195 		 */
    196 		printf("%s: Loaded invalid ACL ("
    197 		    "%zu bytes), inumber %ju on %s\n", __func__, len,
    198 		    (uintmax_t)ip->i_number, ip->i_fs->fs_fsmnt);
    199 
    200 		return SET_ERROR(EPERM);
    201 	}
    202 
    203 	error = acl_nfs4_check(aclp, vp->v_type == VDIR);
    204 	if (error) {
    205 		printf("%s: Loaded invalid ACL "
    206 		    "(failed acl_nfs4_check), inumber %ju on %s\n", __func__,
    207 		    (uintmax_t)ip->i_number, ip->i_fs->fs_fsmnt);
    208 
    209 		return SET_ERROR(EPERM);
    210 	}
    211 
    212 	return 0;
    213 }
    214 
    215 static int
    216 ufs_getacl_nfs4(struct vop_getacl_args *ap, struct lwp *l)
    217 {
    218 	int error;
    219 
    220 	if ((ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) == 0)
    221 		return SET_ERROR(EINVAL);
    222 
    223 	error = VOP_ACCESSX(ap->a_vp, VREAD_ACL, ap->a_cred);
    224 	if (error)
    225 		return error;
    226 
    227 	error = ufs_getacl_nfs4_internal(ap->a_vp, ap->a_aclp, l);
    228 
    229 	return error;
    230 }
    231 
    232 /*
    233  * Read POSIX.1e ACL from an EA.  Return error if its not found
    234  * or if any other error has occurred.
    235  */
    236 static int
    237 ufs_get_oldacl(acl_type_t type, struct oldacl *old, struct vnode *vp,
    238     struct lwp *l)
    239 {
    240 	int error;
    241 	size_t len;
    242 	struct inode *ip = VTOI(vp);
    243 
    244 	len = sizeof(*old);
    245 
    246 	switch (type) {
    247 	case ACL_TYPE_ACCESS:
    248 		error = vn_extattr_get(vp, IO_NODELOCKED,
    249 		    POSIX1E_ACL_ACCESS_EXTATTR_NAMESPACE,
    250 		    POSIX1E_ACL_ACCESS_EXTATTR_NAME, &len, old, l);
    251 		break;
    252 	case ACL_TYPE_DEFAULT:
    253 		if (vp->v_type != VDIR)
    254 			return SET_ERROR(EINVAL);
    255 		error = vn_extattr_get(vp, IO_NODELOCKED,
    256 		    POSIX1E_ACL_DEFAULT_EXTATTR_NAMESPACE,
    257 		    POSIX1E_ACL_DEFAULT_EXTATTR_NAME, &len, old, l);
    258 		break;
    259 	default:
    260 		return SET_ERROR(EINVAL);
    261 	}
    262 
    263 	if (error != 0)
    264 		return (error);
    265 
    266 	if (len != sizeof(*old)) {
    267 		/*
    268 		 * A short (or long) read, meaning that for some reason
    269 		 * the ACL is corrupted.  Return EPERM since the object
    270 		 * DAC protections are unsafe.
    271 		 */
    272 		printf("%s: Loaded invalid ACL "
    273 		    "(len = %zu), inumber %ju on %s\n", __func__, len,
    274 		    (uintmax_t)ip->i_number, ip->i_fs->fs_fsmnt);
    275 		return SET_ERROR(EPERM);
    276 	}
    277 
    278 	return 0;
    279 }
    280 
    281 /*
    282  * Retrieve the ACL on a file.
    283  *
    284  * As part of the ACL is stored in the inode, and the rest in an EA,
    285  * assemble both into a final ACL product.  Right now this is not done
    286  * very efficiently.
    287  */
    288 static int
    289 ufs_getacl_posix1e(struct vop_getacl_args *ap, struct lwp *l)
    290 {
    291 	struct inode *ip = VTOI(ap->a_vp);
    292 	int error;
    293 	struct oldacl *old;
    294 
    295 	/*
    296 	 * XXX: If ufs_getacl() should work on file systems not supporting
    297 	 * ACLs, remove this check.
    298 	 */
    299 	if ((ap->a_vp->v_mount->mnt_flag & MNT_POSIX1EACLS) == 0)
    300 		return SET_ERROR(EINVAL);
    301 
    302 	old = kmem_zalloc(sizeof(*old), KM_SLEEP);
    303 
    304 	/*
    305 	 * Attempt to retrieve the ACL from the extended attributes.
    306 	 */
    307 	error = ufs_get_oldacl(ap->a_type, old, ap->a_vp, l);
    308 	switch (error) {
    309 	/*
    310 	 * XXX: If ufs_getacl() should work on filesystems
    311 	 * without the EA configured, add case EOPNOTSUPP here.
    312 	 */
    313 	case ENOATTR:
    314 		switch (ap->a_type) {
    315 		case ACL_TYPE_ACCESS:
    316 			/*
    317 			 * Legitimately no ACL set on object, purely
    318 			 * emulate it through the inode.  These fields will
    319 			 * be updated when the ACL is synchronized with
    320 			 * the inode later.
    321 			 */
    322 			old->acl_cnt = 3;
    323 			old->acl_entry[0].ae_tag = ACL_USER_OBJ;
    324 			old->acl_entry[0].ae_id = ACL_UNDEFINED_ID;
    325 			old->acl_entry[0].ae_perm = ACL_PERM_NONE;
    326 			old->acl_entry[1].ae_tag = ACL_GROUP_OBJ;
    327 			old->acl_entry[1].ae_id = ACL_UNDEFINED_ID;
    328 			old->acl_entry[1].ae_perm = ACL_PERM_NONE;
    329 			old->acl_entry[2].ae_tag = ACL_OTHER;
    330 			old->acl_entry[2].ae_id = ACL_UNDEFINED_ID;
    331 			old->acl_entry[2].ae_perm = ACL_PERM_NONE;
    332 			break;
    333 
    334 		case ACL_TYPE_DEFAULT:
    335 			/*
    336 			 * Unlike ACL_TYPE_ACCESS, there is no relationship
    337 			 * between the inode contents and the ACL, and it is
    338 			 * therefore possible for the request for the ACL
    339 			 * to fail since the ACL is undefined.  In this
    340 			 * situation, return success and an empty ACL,
    341 			 * as required by POSIX.1e.
    342 			 */
    343 			old->acl_cnt = 0;
    344 			break;
    345 		}
    346 		/* FALLTHROUGH */
    347 	case 0:
    348 		error = acl_copy_oldacl_into_acl(old, ap->a_aclp);
    349 		if (error != 0)
    350 			break;
    351 
    352 		if (ap->a_type == ACL_TYPE_ACCESS)
    353 			ufs_sync_acl_from_inode(ip, ap->a_aclp);
    354 	default:
    355 		break;
    356 	}
    357 
    358 	kmem_free(old, sizeof(*old));
    359 	return error;
    360 }
    361 
    362 int
    363 ufs_getacl(void *v)
    364 {
    365 	struct vop_getacl_args *ap = v;
    366 
    367 	if ((ap->a_vp->v_mount->mnt_flag & (MNT_POSIX1EACLS | MNT_NFS4ACLS)) == 0)
    368 		return SET_ERROR(EOPNOTSUPP);
    369 
    370 	if (ap->a_type == ACL_TYPE_NFS4)
    371 		return ufs_getacl_nfs4(ap, curlwp);
    372 
    373 	return ufs_getacl_posix1e(ap, curlwp);
    374 }
    375 
    376 /*
    377  * Set NFSv4 ACL without doing any access checking.  This is required
    378  * e.g. by the UFS code that implements ACL inheritance, or from
    379  * ufs_vnops.c:ufs_chmod(), as some of the checks have to be skipped
    380  * in that case, and others are redundant.
    381  */
    382 int
    383 ufs_setacl_nfs4_internal(struct vnode *vp, struct acl *aclp,
    384     struct lwp *l, bool lock)
    385 {
    386 	int error;
    387 	mode_t mode;
    388 	struct inode *ip = VTOI(vp);
    389 
    390 	KASSERT(acl_nfs4_check(aclp, vp->v_type == VDIR) == 0);
    391 
    392 	if (acl_nfs4_is_trivial(aclp, ip->i_uid)) {
    393 		error = vn_extattr_rm(vp, IO_NODELOCKED,
    394 		    NFS4_ACL_EXTATTR_NAMESPACE, NFS4_ACL_EXTATTR_NAME, l);
    395 		/*
    396 		 * An attempt to remove ACL from a file that didn't have
    397 		 * any extended entries is not an error.
    398 		 */
    399 		if (error == ENOATTR)
    400 			error = 0;
    401 
    402 	} else {
    403 		error = vn_extattr_set(vp, IO_NODELOCKED,
    404 		    NFS4_ACL_EXTATTR_NAMESPACE, NFS4_ACL_EXTATTR_NAME,
    405 		    sizeof(*aclp), aclp, l);
    406 	}
    407 
    408 	/*
    409 	 * Map lack of attribute definition in UFS_EXTATTR into lack of
    410 	 * support for ACLs on the filesystem.
    411 	 */
    412 	if (error == ENOATTR)
    413 		return SET_ERROR(EOPNOTSUPP);
    414 
    415 	if (error)
    416 		return error;
    417 
    418 	mode = ip->i_mode;
    419 
    420 	__acl_nfs4_sync_mode_from_acl(&mode, aclp);
    421 
    422 	if (lock && (error = UFS_WAPBL_BEGIN(vp->v_mount)) != 0)
    423 		return error;
    424 
    425 	ip->i_mode &= ACL_PRESERVE_MASK;
    426 	ip->i_mode |= mode;
    427 	DIP_ASSIGN(ip, mode, ip->i_mode);
    428 	ip->i_flag |= IN_CHANGE;
    429 
    430 	error = UFS_UPDATE(vp, NULL, NULL, 0);
    431 	if (lock)
    432 		UFS_WAPBL_END(vp->v_mount);
    433 
    434 	return error;
    435 }
    436 
    437 static int
    438 ufs_setacl_nfs4(struct vop_setacl_args *ap, struct lwp *l)
    439 {
    440 	int error;
    441 	struct inode *ip = VTOI(ap->a_vp);
    442 
    443 	if ((ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) == 0)
    444 		return SET_ERROR(EINVAL);
    445 
    446 	if (ap->a_vp->v_mount->mnt_flag & MNT_RDONLY)
    447 		return SET_ERROR(EROFS);
    448 
    449 	if (ap->a_aclp == NULL)
    450 		return SET_ERROR(EINVAL);
    451 
    452 	error = VOP_ACLCHECK(ap->a_vp, ap->a_type, ap->a_aclp, ap->a_cred);
    453 	if (error)
    454 		return error;
    455 
    456 	/*
    457 	 * Authorize the ACL operation.
    458 	 */
    459 	if (ip->i_flags & (IMMUTABLE | APPEND))
    460 		return SET_ERROR(EPERM);
    461 
    462 	/*
    463 	 * Must hold VWRITE_ACL or have appropriate privilege.
    464 	 */
    465 	if ((error = VOP_ACCESSX(ap->a_vp, VWRITE_ACL, l->l_cred)))
    466 		return error;
    467 
    468 	/*
    469 	 * With NFSv4 ACLs, chmod(2) may need to add additional entries.
    470 	 * Make sure it has enough room for that - splitting every entry
    471 	 * into two and appending "canonical six" entries at the end.
    472 	 */
    473 	if (ap->a_aclp->acl_cnt > (ACL_MAX_ENTRIES - 6) / 2)
    474 		return SET_ERROR(ENOSPC);
    475 
    476 	error = ufs_setacl_nfs4_internal(ap->a_vp, ap->a_aclp, l, true);
    477 
    478 	return error;
    479 }
    480 
    481 /*
    482  * Set the ACL on a file.
    483  *
    484  * As part of the ACL is stored in the inode, and the rest in an EA,
    485  * this is necessarily non-atomic, and has complex authorization.
    486  * As ufs_setacl() includes elements of ufs_chown() and ufs_chmod(),
    487  * a fair number of different access checks may be required to go ahead
    488  * with the operation at all.
    489  */
    490 int
    491 ufs_setacl_posix1e(struct vnode *vp, int type, struct acl *aclp,
    492     kauth_cred_t cred, struct lwp *l)
    493 {
    494 	struct inode *ip = VTOI(vp);
    495 	int error;
    496 	struct oldacl *old;
    497 
    498 	if ((vp->v_mount->mnt_flag & MNT_POSIX1EACLS) == 0)
    499 		return SET_ERROR(EINVAL);
    500 
    501 	/*
    502 	 * If this is a set operation rather than a delete operation,
    503 	 * invoke VOP_ACLCHECK() on the passed ACL to determine if it is
    504 	 * valid for the target.  This will include a check on ap->a_type.
    505 	 */
    506 	if (aclp != NULL) {
    507 		/*
    508 		 * Set operation.
    509 		 */
    510 		error = VOP_ACLCHECK(vp, type, aclp, cred);
    511 		if (error != 0)
    512 			return error;
    513 	} else {
    514 		/*
    515 		 * Delete operation.
    516 		 * POSIX.1e allows only deletion of the default ACL on a
    517 		 * directory (ACL_TYPE_DEFAULT).
    518 		 */
    519 		if (type != ACL_TYPE_DEFAULT)
    520 			return SET_ERROR(EINVAL);
    521 		if (vp->v_type != VDIR)
    522 			return SET_ERROR(ENOTDIR);
    523 	}
    524 
    525 	if (vp->v_mount->mnt_flag & MNT_RDONLY)
    526 		return SET_ERROR(EROFS);
    527 
    528 	/*
    529 	 * Authorize the ACL operation.
    530 	 */
    531 	if (ip->i_flags & (IMMUTABLE | APPEND))
    532 		return SET_ERROR(EPERM);
    533 
    534 	/*
    535 	 * Must hold VADMIN (be file owner) or have appropriate privilege.
    536 	 */
    537 	if ((error = VOP_ACCESS(vp, VADMIN, cred)))
    538 		return error;
    539 
    540 	switch(type) {
    541 	case ACL_TYPE_ACCESS:
    542 		old = kmem_zalloc(sizeof(*old), KM_SLEEP);
    543 		error = acl_copy_acl_into_oldacl(aclp, old);
    544 		if (error == 0) {
    545 			error = vn_extattr_set(vp, IO_NODELOCKED,
    546 			    POSIX1E_ACL_ACCESS_EXTATTR_NAMESPACE,
    547 			    POSIX1E_ACL_ACCESS_EXTATTR_NAME, sizeof(*old),
    548 			    old, l);
    549 		}
    550 		kmem_free(old, sizeof(*old));
    551 		break;
    552 
    553 	case ACL_TYPE_DEFAULT:
    554 		if (aclp == NULL) {
    555 			error = vn_extattr_rm(vp, IO_NODELOCKED,
    556 			    POSIX1E_ACL_DEFAULT_EXTATTR_NAMESPACE,
    557 			    POSIX1E_ACL_DEFAULT_EXTATTR_NAME, l);
    558 			/*
    559 			 * Attempting to delete a non-present default ACL
    560 			 * will return success for portability purposes.
    561 			 * (TRIX)
    562 			 *
    563 			 * XXX: Note that since we can't distinguish
    564 			 * "that EA is not supported" from "that EA is not
    565 			 * defined", the success case here overlaps the
    566 			 * the ENOATTR->EOPNOTSUPP case below.
    567 		 	 */
    568 			if (error == ENOATTR)
    569 				error = 0;
    570 		} else {
    571 			old = kmem_zalloc(sizeof(*old), KM_SLEEP);
    572 			error = acl_copy_acl_into_oldacl(aclp, old);
    573 			if (error == 0) {
    574 				error = vn_extattr_set(vp, IO_NODELOCKED,
    575 				    POSIX1E_ACL_DEFAULT_EXTATTR_NAMESPACE,
    576 				    POSIX1E_ACL_DEFAULT_EXTATTR_NAME,
    577 				    sizeof(*old), (char *) old, l);
    578 			}
    579 			kmem_free(old, sizeof(*old));
    580 		}
    581 		break;
    582 
    583 	default:
    584 		error = SET_ERROR(EINVAL);
    585 	}
    586 	/*
    587 	 * Map lack of attribute definition in UFS_EXTATTR into lack of
    588 	 * support for ACLs on the filesystem.
    589 	 */
    590 	if (error == ENOATTR)
    591 		return SET_ERROR(EOPNOTSUPP);
    592 	if (error != 0)
    593 		return error;
    594 
    595 	if (type == ACL_TYPE_ACCESS) {
    596 		/*
    597 		 * Now that the EA is successfully updated, update the
    598 		 * inode and mark it as changed.
    599 		 */
    600 		if ((error = UFS_WAPBL_BEGIN(vp->v_mount)) != 0)
    601 			return error;
    602 
    603 		ufs_sync_inode_from_acl(aclp, ip);
    604 		ip->i_flag |= IN_CHANGE;
    605 		error = UFS_UPDATE(vp, NULL, NULL, 0);
    606 
    607 		UFS_WAPBL_END(vp->v_mount);
    608 	}
    609 
    610 	return error;
    611 }
    612 
    613 int
    614 ufs_setacl(void *v)
    615 {
    616 	struct vop_setacl_args *ap = v;
    617 	if ((ap->a_vp->v_mount->mnt_flag & (MNT_POSIX1EACLS | MNT_NFS4ACLS)) == 0)
    618 		return SET_ERROR(EOPNOTSUPP);
    619 
    620 	if (ap->a_type == ACL_TYPE_NFS4)
    621 		return ufs_setacl_nfs4(ap, curlwp);
    622 
    623 	return ufs_setacl_posix1e(ap->a_vp, ap->a_type, ap->a_aclp, ap->a_cred,
    624 	    curlwp);
    625 }
    626 
    627 static int
    628 ufs_aclcheck_nfs4(struct vop_aclcheck_args *ap, struct lwp *l)
    629 {
    630 	int is_directory = 0;
    631 
    632 	if ((ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) == 0)
    633 		return SET_ERROR(EINVAL);
    634 
    635 	/*
    636 	 * With NFSv4 ACLs, chmod(2) may need to add additional entries.
    637 	 * Make sure it has enough room for that - splitting every entry
    638 	 * into two and appending "canonical six" entries at the end.
    639 	 */
    640 	if (ap->a_aclp->acl_cnt > (ACL_MAX_ENTRIES - 6) / 2)
    641 		return SET_ERROR(ENOSPC);
    642 
    643 	if (ap->a_vp->v_type == VDIR)
    644 		is_directory = 1;
    645 
    646 	return acl_nfs4_check(ap->a_aclp, is_directory);
    647 }
    648 
    649 static int
    650 ufs_aclcheck_posix1e(struct vop_aclcheck_args *ap, struct lwp *l)
    651 {
    652 
    653 	if ((ap->a_vp->v_mount->mnt_flag & MNT_POSIX1EACLS) == 0)
    654 		return SET_ERROR(EINVAL);
    655 
    656 	/*
    657 	 * Verify we understand this type of ACL, and that it applies
    658 	 * to this kind of object.
    659 	 * Rely on the acl_posix1e_check() routine to verify the contents.
    660 	 */
    661 	switch(ap->a_type) {
    662 	case ACL_TYPE_ACCESS:
    663 		break;
    664 
    665 	case ACL_TYPE_DEFAULT:
    666 		if (ap->a_vp->v_type != VDIR)
    667 			return SET_ERROR(EINVAL);
    668 		break;
    669 
    670 	default:
    671 		return SET_ERROR(EINVAL);
    672 	}
    673 
    674 	if (ap->a_aclp->acl_cnt > OLDACL_MAX_ENTRIES)
    675 		return SET_ERROR(EINVAL);
    676 
    677 	return acl_posix1e_check(ap->a_aclp);
    678 }
    679 
    680 /*
    681  * Check the validity of an ACL for a file.
    682  */
    683 int
    684 ufs_aclcheck(void *v)
    685 {
    686 	struct vop_aclcheck_args *ap = v;
    687 
    688 	if ((ap->a_vp->v_mount->mnt_flag & (MNT_POSIX1EACLS | MNT_NFS4ACLS)) == 0)
    689 		return SET_ERROR(EOPNOTSUPP);
    690 
    691 	if (ap->a_type == ACL_TYPE_NFS4)
    692 		return ufs_aclcheck_nfs4(ap, curlwp);
    693 
    694 	return ufs_aclcheck_posix1e(ap, curlwp);
    695 }
    696 
    697 #endif /* !UFS_ACL */
    698