2 * Copyright (c) 1999, 2000, 2001 Robert N. M. Watson
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * acl_from_text: Convert a text-form ACL from a string to an acl_t.
30 #include <sys/cdefs.h>
31 __FBSDID("$FreeBSD$");
33 #include <sys/types.h>
34 #include "namespace.h"
36 #include "un-namespace.h"
37 #include <sys/errno.h>
45 #include "acl_support.h"
47 static int _posix1e_acl_name_to_id(acl_tag_t tag, char *name, uid_t *id);
48 static acl_tag_t acl_string_to_tag(char *tag, char *qualifier);
50 int _nfs4_acl_entry_from_text(acl_t aclp, char *entry);
51 int _text_could_be_nfs4_acl(const char *entry);
54 acl_string_to_tag(char *tag, char *qualifier)
57 if (*qualifier == '\0') {
58 if ((!strcmp(tag, "user")) || (!strcmp(tag, "u"))) {
59 return (ACL_USER_OBJ);
61 if ((!strcmp(tag, "group")) || (!strcmp(tag, "g"))) {
62 return (ACL_GROUP_OBJ);
64 if ((!strcmp(tag, "mask")) || (!strcmp(tag, "m"))) {
67 if ((!strcmp(tag, "other")) || (!strcmp(tag, "o"))) {
72 if ((!strcmp(tag, "user")) || (!strcmp(tag, "u"))) {
75 if ((!strcmp(tag, "group")) || (!strcmp(tag, "g"))) {
83 _posix1e_acl_entry_from_text(acl_t aclp, char *entry)
87 char *tag, *qualifier, *permission;
91 assert(_acl_brand(aclp) == ACL_BRAND_POSIX);
93 /* Split into three ':' delimited fields. */
94 tag = strsep(&entry, ":");
99 tag = string_skip_whitespace(tag);
100 if ((*tag == '\0') && (!entry)) {
102 * Is an entirely comment line, skip to next
107 string_trim_trailing_whitespace(tag);
109 qualifier = strsep(&entry, ":");
110 if (qualifier == NULL) {
114 qualifier = string_skip_whitespace(qualifier);
115 string_trim_trailing_whitespace(qualifier);
117 permission = strsep(&entry, ":");
118 if (permission == NULL || entry) {
122 permission = string_skip_whitespace(permission);
123 string_trim_trailing_whitespace(permission);
125 t = acl_string_to_tag(tag, qualifier);
131 error = _posix1e_acl_string_to_perm(permission, &p);
142 if (*qualifier != '\0') {
151 error = _posix1e_acl_name_to_id(t, qualifier,
162 error = _posix1e_acl_add_entry(aclp, t, id, p);
170 _text_is_nfs4_entry(const char *entry)
174 assert(strlen(entry) > 0);
176 while (*entry != '\0') {
177 if (*entry == ':' || *entry == '@')
189 * acl_from_text -- Convert a string into an ACL.
190 * Postpone most validity checking until the end and call acl_valid() to do
194 acl_from_text(const char *buf_p)
197 char *mybuf_p, *line, *cur, *notcomment, *comment, *entry;
200 /* Local copy we can mess up. */
201 mybuf_p = strdup(buf_p);
205 acl = acl_init(3); /* XXX: WTF, 3? */
211 /* Outer loop: delimit at \n boundaries. */
213 while ((line = strsep(&cur, "\n"))) {
214 /* Now split the line on the first # to strip out comments. */
216 notcomment = strsep(&comment, "#");
218 /* Inner loop: delimit at ',' boundaries. */
219 while ((entry = strsep(¬comment, ","))) {
221 /* Skip empty lines. */
222 if (strlen(string_skip_whitespace(entry)) == 0)
225 if (_acl_brand(acl) == ACL_BRAND_UNKNOWN) {
226 if (_text_is_nfs4_entry(entry))
227 _acl_brand_as(acl, ACL_BRAND_NFS4);
229 _acl_brand_as(acl, ACL_BRAND_POSIX);
232 switch (_acl_brand(acl)) {
234 error = _nfs4_acl_entry_from_text(acl, entry);
237 case ACL_BRAND_POSIX:
238 error = _posix1e_acl_entry_from_text(acl, entry);
252 /* XXX Should we only return ACLs valid according to acl_valid? */
253 /* Verify validity of the ACL we read in. */
254 if (acl_valid(acl) == -1) {
270 * Given a username/groupname from a text form of an ACL, return the uid/gid
271 * XXX NOT THREAD SAFE, RELIES ON GETPWNAM, GETGRNAM
272 * XXX USES *PW* AND *GR* WHICH ARE STATEFUL AND THEREFORE THIS ROUTINE
273 * MAY HAVE SIDE-EFFECTS
275 * XXX currently doesn't deal correctly with a numeric uid being passed
276 * instead of a username. What is correct behavior here? Check chown.
279 _posix1e_acl_name_to_id(acl_tag_t tag, char *name, uid_t *id)
290 l = strtoul(name, &endp, 0);
291 if (*endp != '\0' || l != (unsigned long)(uid_t)l) {
304 l = strtoul(name, &endp, 0);
305 if (*endp != '\0' || l != (unsigned long)(gid_t)l) {