2 * Copyright (c) 1999, 2000, 2001 Robert N. M. Watson
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * acl_from_text: Convert a text-form ACL from a string to an acl_t.
30 #include <sys/cdefs.h>
31 __FBSDID("$FreeBSD$");
33 #include <sys/types.h>
34 #include "namespace.h"
36 #include "un-namespace.h"
37 #include <sys/errno.h>
45 #include "acl_support.h"
47 static acl_tag_t acl_string_to_tag(char *tag, char *qualifier);
49 int _nfs4_acl_entry_from_text(acl_t aclp, char *entry);
50 int _text_could_be_nfs4_acl(const char *entry);
53 acl_string_to_tag(char *tag, char *qualifier)
56 if (*qualifier == '\0') {
57 if ((!strcmp(tag, "user")) || (!strcmp(tag, "u"))) {
58 return (ACL_USER_OBJ);
60 if ((!strcmp(tag, "group")) || (!strcmp(tag, "g"))) {
61 return (ACL_GROUP_OBJ);
63 if ((!strcmp(tag, "mask")) || (!strcmp(tag, "m"))) {
66 if ((!strcmp(tag, "other")) || (!strcmp(tag, "o"))) {
71 if ((!strcmp(tag, "user")) || (!strcmp(tag, "u"))) {
74 if ((!strcmp(tag, "group")) || (!strcmp(tag, "g"))) {
82 _posix1e_acl_entry_from_text(acl_t aclp, char *entry)
86 char *tag, *qualifier, *permission;
90 assert(_acl_brand(aclp) == ACL_BRAND_POSIX);
92 /* Split into three ':' delimited fields. */
93 tag = strsep(&entry, ":");
98 tag = string_skip_whitespace(tag);
99 if ((*tag == '\0') && (!entry)) {
101 * Is an entirely comment line, skip to next
106 string_trim_trailing_whitespace(tag);
108 qualifier = strsep(&entry, ":");
109 if (qualifier == NULL) {
113 qualifier = string_skip_whitespace(qualifier);
114 string_trim_trailing_whitespace(qualifier);
116 permission = strsep(&entry, ":");
117 if (permission == NULL || entry) {
121 permission = string_skip_whitespace(permission);
122 string_trim_trailing_whitespace(permission);
124 t = acl_string_to_tag(tag, qualifier);
130 error = _posix1e_acl_string_to_perm(permission, &p);
141 if (*qualifier != '\0') {
150 error = _acl_name_to_id(t, qualifier, &id);
160 error = _posix1e_acl_add_entry(aclp, t, id, p);
168 _text_is_nfs4_entry(const char *entry)
172 assert(strlen(entry) > 0);
174 while (*entry != '\0') {
175 if (*entry == ':' || *entry == '@')
187 * acl_from_text -- Convert a string into an ACL.
188 * Postpone most validity checking until the end and call acl_valid() to do
192 acl_from_text(const char *buf_p)
195 char *mybuf_p, *line, *cur, *notcomment, *comment, *entry;
198 /* Local copy we can mess up. */
199 mybuf_p = strdup(buf_p);
203 acl = acl_init(3); /* XXX: WTF, 3? */
209 /* Outer loop: delimit at \n boundaries. */
211 while ((line = strsep(&cur, "\n"))) {
212 /* Now split the line on the first # to strip out comments. */
214 notcomment = strsep(&comment, "#");
216 /* Inner loop: delimit at ',' boundaries. */
217 while ((entry = strsep(¬comment, ","))) {
219 /* Skip empty lines. */
220 if (strlen(string_skip_whitespace(entry)) == 0)
223 if (_acl_brand(acl) == ACL_BRAND_UNKNOWN) {
224 if (_text_is_nfs4_entry(entry))
225 _acl_brand_as(acl, ACL_BRAND_NFS4);
227 _acl_brand_as(acl, ACL_BRAND_POSIX);
230 switch (_acl_brand(acl)) {
232 error = _nfs4_acl_entry_from_text(acl, entry);
235 case ACL_BRAND_POSIX:
236 error = _posix1e_acl_entry_from_text(acl, entry);
250 /* XXX Should we only return ACLs valid according to acl_valid? */
251 /* Verify validity of the ACL we read in. */
252 if (acl_valid(acl) == -1) {
268 * Given a username/groupname from a text form of an ACL, return the uid/gid
269 * XXX NOT THREAD SAFE, RELIES ON GETPWNAM, GETGRNAM
270 * XXX USES *PW* AND *GR* WHICH ARE STATEFUL AND THEREFORE THIS ROUTINE
271 * MAY HAVE SIDE-EFFECTS
273 * XXX currently doesn't deal correctly with a numeric uid being passed
274 * instead of a username. What is correct behavior here? Check chown.
277 _acl_name_to_id(acl_tag_t tag, char *name, uid_t *id)
288 l = strtoul(name, &endp, 0);
289 if (*endp != '\0' || l != (unsigned long)(uid_t)l) {
302 l = strtoul(name, &endp, 0);
303 if (*endp != '\0' || l != (unsigned long)(gid_t)l) {