X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/378393581903b274cb7a4d18e0d978071a6b592d..bb59bff194111743b33cc36712410b5656329d3c:/bsd/kern/kern_authorization.c?ds=sidebyside

diff --git a/bsd/kern/kern_authorization.c b/bsd/kern/kern_authorization.c
index b5dbe6706..91c2305c8 100644
--- a/bsd/kern/kern_authorization.c
+++ b/bsd/kern/kern_authorization.c
@@ -1,23 +1,29 @@
 /*
- * Copyright (c) 2004 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2004-2011 Apple Inc. All rights reserved.
  *
- * @APPLE_LICENSE_HEADER_START@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
- * The contents of this file constitute Original Code as defined in and
- * are subject to the Apple Public Source License Version 1.1 (the
- * "License").  You may not use this file except in compliance with the
- * License.  Please obtain a copy of the License at
- * http://www.apple.com/publicsource and read it before using this file.
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
  * 
- * This Original Code and all software distributed under the License are
- * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
- * License for the specific language governing rights and limitations
- * under the License.
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
  * 
- * @APPLE_LICENSE_HEADER_END@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 
 /*
@@ -37,7 +43,7 @@
 #include <sys/kauth.h>
 #include <sys/stat.h>
 
-#include <bsm/audit_kernel.h>
+#include <security/audit/audit.h>
 
 #include <sys/mount.h>
 #include <sys/sysproto.h>
@@ -126,7 +132,7 @@ static int	kauth_authorize_generic_callback(kauth_cred_t _credential, void *_ida
     uintptr_t arg0, uintptr_t arg1, uintptr_t arg2, uintptr_t arg3);
 kauth_scope_t	kauth_scope_fileop;
 
-extern int 		cansignal(struct proc *, kauth_cred_t, struct proc *, int);
+extern int 		cansignal(struct proc *, kauth_cred_t, struct proc *, int, int);
 extern char *	get_pathbuff(void);
 extern void		release_pathbuff(char *path);
 
@@ -148,11 +154,14 @@ kauth_init(void)
 
 	/* bring up kauth subsystem components */
 	kauth_cred_init();
+#if CONFIG_EXT_RESOLVER
 	kauth_identity_init();
 	kauth_groups_init();
+#endif
 	kauth_scope_init();
+#if CONFIG_EXT_RESOLVER
 	kauth_resolver_init();
-
+#endif
 	/* can't alloc locks after this */
 	lck_grp_free(kauth_lck_grp);
 	kauth_lck_grp = NULL;
@@ -179,10 +188,9 @@ kauth_alloc_scope(const char *identifier, kauth_scope_callback_t callback, void
 	/*
 	 * Allocate and populate the scope structure.
 	 */
-	MALLOC(sp, kauth_scope_t, sizeof(*sp), M_KAUTH, M_WAITOK);
+	MALLOC(sp, kauth_scope_t, sizeof(*sp), M_KAUTH, M_WAITOK | M_ZERO);
 	if (sp == NULL)
 		return(NULL);
-	bzero(&sp->ks_listeners, sizeof(sp->ks_listeners));
 	sp->ks_flags = 0;
 	sp->ks_identifier = identifier;
 	sp->ks_idata = idata;
@@ -222,7 +230,8 @@ kauth_register_scope(const char *identifier, kauth_scope_callback_t callback, vo
 	KAUTH_SCOPELOCK();
 	TAILQ_FOREACH(tsp, &kauth_scopes, ks_link) {
 		/* duplicate! */
-		if (strcmp(tsp->ks_identifier, identifier) == 0) {
+		if (strncmp(tsp->ks_identifier, identifier, 
+					strlen(tsp->ks_identifier) + 1) == 0) {
 			KAUTH_SCOPEUNLOCK();
 			FREE(sp, M_KAUTH);
 			return(NULL);
@@ -238,7 +247,8 @@ kauth_register_scope(const char *identifier, kauth_scope_callback_t callback, vo
 	 */
 restart:
 	TAILQ_FOREACH(klp, &kauth_dangling_listeners, kl_link) {
-		if (strcmp(klp->kl_identifier, sp->ks_identifier) == 0) {
+		if (strncmp(klp->kl_identifier, sp->ks_identifier,
+					strlen(klp->kl_identifier) + 1) == 0) {
 			/* found a match on the dangling listener list.  add it to the
 			 * the active scope.
 			 */
@@ -301,7 +311,8 @@ kauth_listen_scope(const char *identifier, kauth_scope_callback_t callback, void
 	 */
 	KAUTH_SCOPELOCK();
 	TAILQ_FOREACH(sp, &kauth_scopes, ks_link) {
-		if (strcmp(sp->ks_identifier, identifier) == 0) {
+		if (strncmp(sp->ks_identifier, identifier,
+					strlen(sp->ks_identifier) + 1) == 0) {
 			/* scope exists, add it to scope listener table */
 			if (kauth_add_callback_to_scope(sp, klp) == 0) {
 				KAUTH_SCOPEUNLOCK();
@@ -376,6 +387,12 @@ kauth_unlisten_scope(kauth_listener_t listener)
 
 /*
  * Authorization requests.
+ *
+ * Returns:	0			Success
+ *		EPERM			Operation not permitted
+ *
+ * Imputed:	*arg3, modified		Callback return - depends on callback
+ *					modification of *arg3, if any
  */
 int
 kauth_authorize_action(kauth_scope_t scope, kauth_cred_t credential, kauth_action_t action,
@@ -467,7 +484,7 @@ kauth_authorize_process_callback(kauth_cred_t credential, __unused void *idata,
 		/* arg0 - process to signal
 		 * arg1 - signal to send the process
 		 */
-		if (cansignal(current_proc(), credential, (struct proc *)arg0, (int)arg1))
+		if (cansignal(current_proc(), credential, (struct proc *)arg0, (int)arg1, 0))
 			return(KAUTH_RESULT_ALLOW);
 		break;
 	case KAUTH_PROCESS_CANTRACE:
@@ -598,7 +615,7 @@ kauth_authorize_generic_callback(kauth_cred_t credential, __unused void *idata,
 int
 kauth_acl_evaluate(kauth_cred_t cred, kauth_acl_eval_t eval)
 {
-	int applies, error, i;
+	int applies, error, i, gotguid;
 	kauth_ace_t ace;
 	guid_t guid;
 	uint32_t rights;
@@ -611,14 +628,17 @@ kauth_acl_evaluate(kauth_cred_t cred, kauth_acl_eval_t eval)
 	}
 
 	eval->ae_residual = eval->ae_requested;
+	eval->ae_found_deny = FALSE;
 
 	/*
 	 * Get our guid for comparison purposes.
 	 */
 	if ((error = kauth_cred_getguid(cred, &guid)) != 0) {
-		eval->ae_result = KAUTH_RESULT_DENY;
-		KAUTH_DEBUG("    ACL - can't get credential GUID (%d), ACL denied", error);
-		return(error);
+		KAUTH_DEBUG("    ACL - can't get credential GUID (%d)", error);
+		error = 0;
+		gotguid = 0;
+	} else {
+		gotguid = 1;
 	}
 
 	KAUTH_DEBUG("    ACL - %d entries, initial residual %x", eval->ae_count, eval->ae_residual);
@@ -656,12 +676,13 @@ kauth_acl_evaluate(kauth_cred_t cred, kauth_acl_eval_t eval)
 		case KAUTH_ACE_DENY:
 			if (!(eval->ae_requested & rights))
 				continue;
+			eval->ae_found_deny = TRUE;
 			break;
 		default:
 			/* we don't recognise this ACE, skip it */
 			continue;
 		}
-		
+	
 		/*
 		 * Verify whether this entry applies to the credential.
 		 */
@@ -671,7 +692,10 @@ kauth_acl_evaluate(kauth_cred_t cred, kauth_acl_eval_t eval)
 			applies = eval->ae_options & KAUTH_AEVAL_IS_OWNER;
 			break;
 		case KAUTH_WKG_GROUP:
-			applies = eval->ae_options & KAUTH_AEVAL_IN_GROUP;
+			if (!gotguid || (eval->ae_options & KAUTH_AEVAL_IN_GROUP_UNKNOWN))
+				applies = ((ace->ace_flags & KAUTH_ACE_KINDMASK) == KAUTH_ACE_DENY);
+			else
+				applies = eval->ae_options & KAUTH_AEVAL_IN_GROUP;
 			break;
 		/* we short-circuit these here rather than wasting time calling the group membership code */
 		case KAUTH_WKG_EVERYBODY:
@@ -683,12 +707,12 @@ kauth_acl_evaluate(kauth_cred_t cred, kauth_acl_eval_t eval)
 
 		default:
 			/* check to see whether it's exactly us, or a group we are a member of */
-			applies = kauth_guid_equal(&guid, &ace->ace_applicable);
+			applies = !gotguid ? 0 : kauth_guid_equal(&guid, &ace->ace_applicable);
 			KAUTH_DEBUG("    ACL - ACE applicable " K_UUID_FMT " caller " K_UUID_FMT " %smatched",
 			    K_UUID_ARG(ace->ace_applicable), K_UUID_ARG(guid), applies ? "" : "not ");
 		
 			if (!applies) {
-				error = kauth_cred_ismember_guid(cred, &ace->ace_applicable, &applies);
+				error = !gotguid ? ENOENT : kauth_cred_ismember_guid(cred, &ace->ace_applicable, &applies);
 				/*
 				 * If we can't resolve group membership, we have to limit misbehaviour.
 				 * If the ACE is an 'allow' ACE, assume the cred is not a member (avoid
@@ -765,24 +789,51 @@ kauth_acl_inherit(vnode_t dvp, kauth_acl_t initial, kauth_acl_t *product, int is
 	kauth_acl_t inherit, result;
 
 	/*
-	 * Fetch the ACL from the directory.  This should never fail.  Note that we don't
-	 * manage inheritance when the remote server is doing authorization; we just
-	 * want to compose the umask-ACL and any initial ACL.
+	 * Fetch the ACL from the directory.  This should never fail.
+	 * Note that we don't manage inheritance when the remote server is
+	 * doing authorization, since this means server enforcement of
+	 * inheritance semantics; we just want to compose the initial
+	 * ACL and any inherited ACE entries from the container object.
+	 *
+	 * XXX TODO: <rdar://3634665> wants a "umask ACL" from the process.
 	 */
 	inherit = NULL;
-	if ((dvp != NULL) && !vfs_authopaque(vnode_mount(dvp))) {
+	/*
+	 * If there is no initial ACL, or there is, and the initial ACLs
+	 * flags do not request "no inheritance", then we inherit.  This allows
+	 * initial object creation via open_extended() and mkdir_extended()
+	 * to reject inheritance for themselves and for inferior nodes by
+	 * specifying a non-NULL inital ACL which has the KAUTH_ACL_NO_INHERIT
+	 * flag set in the flags field.
+	 */
+	if ((initial == NULL || !(initial->acl_flags & KAUTH_ACL_NO_INHERIT)) &&
+	    (dvp != NULL) && !vfs_authopaque(vnode_mount(dvp))) {
 		VATTR_INIT(&dva);
 		VATTR_WANTED(&dva, va_acl);
 		if ((error = vnode_getattr(dvp, &dva, ctx)) != 0) {
 			KAUTH_DEBUG("    ERROR - could not get parent directory ACL for inheritance");
 			return(error);
 		}
-		if (VATTR_IS_SUPPORTED(&dva, va_acl))
+		if (VATTR_IS_SUPPORTED(&dva, va_acl)) {
 			inherit = dva.va_acl;
+			/*
+			 * If there is an ACL on the parent directory, then
+			 * there are potentially inheritable ACE entries, but
+			 * if the flags on the directory ACL say not to
+			 * inherit, then we don't inherit.  This allows for
+			 * per directory rerooting of the inheritable ACL
+			 * hierarchy.
+			 */
+			if (inherit != NULL && inherit->acl_flags & KAUTH_ACL_NO_INHERIT) {
+				kauth_acl_free(inherit);
+				inherit = NULL;
+			}
+		}
 	}
 
 	/*
-	 * Compute the number of entries in the result ACL by scanning the input lists.
+	 * Compute the number of entries in the result ACL by scanning the
+	 * input lists.
 	 */
 	entries = 0;
 	if (inherit != NULL) {
@@ -793,16 +844,23 @@ kauth_acl_inherit(vnode_t dvp, kauth_acl_t initial, kauth_acl_t *product, int is
 	}
 
 	if (initial == NULL) {
-		/* XXX 3634665 TODO: fetch umask ACL from the process, set in initial */
+		/*
+		 * XXX 3634665 TODO: if the initial ACL is not specfied by
+		 * XXX the caller, fetch the umask ACL from the process,
+		 * and use it in place of "initial".
+		 */
 	}
 
 	if (initial != NULL) {
-		entries += initial->acl_entrycount;
+		if (initial->acl_entrycount != KAUTH_FILESEC_NOACL)
+			entries += initial->acl_entrycount;
+		else
+			initial = NULL;
 	}
 
 	/*
 	 * If there is no initial ACL, and no inheritable entries, the
-	 * object should have no ACL at all.
+	 * object should be created with no ACL at all.
 	 * Note that this differs from the case where the initial ACL
 	 * is empty, in which case the object must also have an empty ACL.
 	 */
@@ -816,32 +874,49 @@ kauth_acl_inherit(vnode_t dvp, kauth_acl_t initial, kauth_acl_t *product, int is
 	 * Allocate the result buffer.
 	 */
 	if ((result = kauth_acl_alloc(entries)) == NULL) {
-		KAUTH_DEBUG("    ERROR - could not allocate %d-entry result buffer for inherited ACL");
+		KAUTH_DEBUG("    ERROR - could not allocate %d-entry result buffer for inherited ACL", entries);
 		error = ENOMEM;
 		goto out;
 	}
 
 	/*
 	 * Composition is simply:
-	 *  - initial
-	 *  - inherited
+	 *  - initial direct ACEs
+	 *  - inherited ACEs from new parent
 	 */
 	index = 0;
 	if (initial != NULL) {
-		for (i = 0; i < initial->acl_entrycount; i++)
-			result->acl_ace[index++] = initial->acl_ace[i];
-		KAUTH_DEBUG("    INHERIT - applied %d initial entries", index);
+		for (i = 0; i < initial->acl_entrycount; i++) {
+			if (!(initial->acl_ace[i].ace_flags & KAUTH_ACE_INHERITED)) {
+				result->acl_ace[index++] = initial->acl_ace[i];
+			}
+		}
+		KAUTH_DEBUG("    INHERIT - applied %d of %d initial entries", index, initial->acl_entrycount);
 	}
 	if (inherit != NULL) {
 		for (i = 0; i < inherit->acl_entrycount; i++) {
-			/* inherit onto this object? */
+			/*
+			 * Inherit onto this object?  We inherit only if
+			 * the target object is a container object and the
+			 * KAUTH_ACE_DIRECTORY_INHERIT bit is set, OR if
+			 * if the target object is not a container, and
+			 * the KAUTH_ACE_FILE_INHERIT bit is set.
+			 */
 			if (inherit->acl_ace[i].ace_flags & (isdir ? KAUTH_ACE_DIRECTORY_INHERIT : KAUTH_ACE_FILE_INHERIT)) {
 				result->acl_ace[index] = inherit->acl_ace[i];
 				result->acl_ace[index].ace_flags |= KAUTH_ACE_INHERITED;
-				/* don't re-inherit? */
-				if (result->acl_ace[index].ace_flags & KAUTH_ACE_LIMIT_INHERIT)
+				result->acl_ace[index].ace_flags &= ~KAUTH_ACE_ONLY_INHERIT;
+				/*
+				 * We do not re-inherit inheritance flags
+				 * if the ACE from the container has a
+				 * KAUTH_ACE_LIMIT_INHERIT, OR if the new
+				 * object is not itself a container (since
+				 * inheritance is always container-based).
+				 */
+				if ((result->acl_ace[index].ace_flags & KAUTH_ACE_LIMIT_INHERIT) || !isdir) {
 					result->acl_ace[index].ace_flags &=
-					    ~(KAUTH_ACE_DIRECTORY_INHERIT | KAUTH_ACE_FILE_INHERIT | KAUTH_ACE_LIMIT_INHERIT);
+					    ~(KAUTH_ACE_INHERIT_CONTROL_FLAGS);
+				}
 				index++;
 			}
 		}
@@ -858,14 +933,32 @@ out:
 
 /*
  * Optimistically copy in a kauth_filesec structure
+ *
  * Parameters:	xsecurity		user space kauth_filesec_t
- *		xsecdstpp		pointer to kauth_filesec_t
+ *		xsecdstpp		pointer to kauth_filesec_t to be
+ *					modified to contain the contain a
+ *					pointer to an allocated copy of the
+ *					user space argument
+ *
+ * Returns:	0			Success
+ *		ENOMEM			Insufficient memory for the copy.
+ *		EINVAL			The user space data was invalid, or
+ *					there were too many ACE entries.
+ *		EFAULT			The user space address was invalid;
+ *					this may mean 'fsec_entrycount' in
+ *					the user copy is corrupt/incorrect.
+ *
+ * Implicit returns: xsecdestpp, modified (only if successful!)
+ *
+ * Notes:	The returned kauth_filesec_t is in host byte order
  *
- * Returns: 0 on success, EINVAL or EFAULT depending on failure mode.
- * Modifies: xsecdestpp, which contains a pointer to an allocated
- *	     and copied-in kauth_filesec_t
+ *		The caller is responsible for freeing the returned
+ *		kauth_filesec_t in the success case using the function
+ *		kauth_filesec_free()
+ *
+ *		Our largest initial guess is 32; this needs to move to
+ *		a manifest constant in <sys/kauth.h>.
  */
-
 int
 kauth_copyinfilesec(user_addr_t xsecurity, kauth_filesec_t *xsecdestpp)
 {
@@ -887,7 +980,7 @@ kauth_copyinfilesec(user_addr_t xsecurity, kauth_filesec_t *xsecdestpp)
 	 * The upper bound must be less than KAUTH_ACL_MAX_ENTRIES.  The
 	 * value here is fairly arbitrary.  It's ok to have a zero count.
 	 */
-	known_bound = xsecurity + sizeof(struct kauth_filesec);
+	known_bound = xsecurity +  KAUTH_FILESEC_SIZE(0);
 	uaddr = mach_vm_round_page(known_bound);
 	count = (uaddr - known_bound) / sizeof(struct kauth_ace);
 	if (count > 32)
@@ -913,6 +1006,7 @@ restart:
 	if ((fsec->fsec_entrycount != KAUTH_FILESEC_NOACL) &&
 	    (fsec->fsec_entrycount > count)) {
 		if (fsec->fsec_entrycount > KAUTH_ACL_MAX_ENTRIES) {
+			/* XXX This should be E2BIG */
 			error = EINVAL;
 			goto out;
 		}
@@ -927,12 +1021,29 @@ out:
 			kauth_filesec_free(fsec);
 	} else {
 		*xsecdestpp = fsec;
+		AUDIT_ARG(opaque, fsec, copysize);
 	}
 	return(error);
 }
 
 /*
- * Allocate a filesec structure.
+ * Allocate a block of memory containing a filesec structure, immediately
+ * followed by 'count' kauth_ace structures.
+ *
+ * Parameters:	count			Number of kauth_ace structures needed
+ *
+ * Returns:	!NULL			A pointer to the allocated block
+ *		NULL			Invalid 'count' or insufficient memory
+ *
+ * Notes:	Returned memory area assumes that the structures are packed
+ *		densely, so this function may only be used by code that also
+ *		assumes no padding following structures.
+ *
+ *		The returned structure must be freed by the caller using the
+ *		function kauth_filesec_free(), in case we decide to use an
+ *		allocation mechanism that is aware of the object size at some
+ *		point, since the object size is only available by introspecting
+ *		the object itself.
  */
 kauth_filesec_t
 kauth_filesec_alloc(int count)
@@ -954,6 +1065,18 @@ kauth_filesec_alloc(int count)
 	return(fsp);
 }	
 
+/*
+ * Free a kauth_filesec_t that was previous allocated, either by a direct
+ * call to kauth_filesec_alloc() or by calling a function that calls it.
+ *
+ * Parameters:	fsp			kauth_filesec_t to free
+ *
+ * Returns:	(void)
+ *
+ * Notes:	The kauth_filesec_t to be freed is assumed to be in host
+ *		byte order so that this function can introspect it in the
+ *		future to determine its size, if necesssary.
+ */
 void
 kauth_filesec_free(kauth_filesec_t fsp)
 {
@@ -966,6 +1089,73 @@ kauth_filesec_free(kauth_filesec_t fsp)
 	FREE(fsp, M_KAUTH);
 }
 
+/*
+ * Set the endianness of a filesec and an ACL; if 'acl' is NULL, use the 
+ * ACL interior to 'fsec' instead.  If the endianness doesn't change, then
+ * this function will have no effect.
+ *
+ * Parameters:	kendian			The endianness to set; this is either
+ *					KAUTH_ENDIAN_HOST or KAUTH_ENDIAN_DISK.
+ *		fsec			The filesec to convert.
+ *		acl			The ACL to convert (optional)
+ *
+ * Returns:	(void)
+ *
+ * Notes:	We use ntohl() because it has a transitive property on Intel
+ *		machines and no effect on PPC mancines.  This guarantees us
+ *		that the swapping only occurs if the endiannes is wrong.
+ */
+void
+kauth_filesec_acl_setendian(int kendian, kauth_filesec_t fsec, kauth_acl_t acl)
+{
+ 	uint32_t	compare_magic = KAUTH_FILESEC_MAGIC;
+	uint32_t	invert_magic = ntohl(KAUTH_FILESEC_MAGIC);
+	uint32_t	compare_acl_entrycount;
+	uint32_t	i;
+
+	if (compare_magic == invert_magic)
+		return;
+
+	/* If no ACL, use ACL interior to 'fsec' instead */
+	if (acl == NULL)
+		acl = &fsec->fsec_acl;
+
+	compare_acl_entrycount = acl->acl_entrycount;
+
+	/*
+	 * Only convert what needs to be converted, and only if the arguments
+	 * are valid.  The following switch and tests effectively reject
+	 * conversions on invalid magic numbers as a desirable side effect.
+	 */
+ 	switch(kendian) {
+	case KAUTH_ENDIAN_HOST:		/* not in host, convert to host */
+		if (fsec->fsec_magic != invert_magic)
+			return;
+		/* acl_entrycount is byteswapped */
+		compare_acl_entrycount = ntohl(acl->acl_entrycount);
+		break;
+	case KAUTH_ENDIAN_DISK:		/* not in disk, convert to disk */
+		if (fsec->fsec_magic != compare_magic)
+			return;
+		break;
+	default:			/* bad argument */
+		return;
+	}
+	
+	/* We are go for conversion */
+	fsec->fsec_magic = ntohl(fsec->fsec_magic);
+	acl->acl_entrycount = ntohl(acl->acl_entrycount);
+	if (compare_acl_entrycount != KAUTH_FILESEC_NOACL) {
+		acl->acl_flags = ntohl(acl->acl_flags);
+
+		/* swap ACE rights and flags */
+		for (i = 0; i < compare_acl_entrycount; i++) {
+			acl->acl_ace[i].ace_flags = ntohl(acl->acl_ace[i].ace_flags);
+			acl->acl_ace[i].ace_rights = ntohl(acl->acl_ace[i].ace_rights);
+		}
+	}
+ }
+
 
 /*
  * Allocate an ACL buffer.