2 * Copyright (c) 2008, 2009 Edward Tomasz NapieraĆa <trasz@FreeBSD.org>
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
40 #include <sys/syscall.h>
41 #include <sys/types.h>
44 #include "acl_support.h"
46 #define MAX_ENTRY_LENGTH 512
49 * Parse the tag field of ACL entry passed as "str". If qualifier
50 * needs to follow, then the variable referenced by "need_qualifier"
51 * is set to 1, otherwise it's set to 0.
54 parse_tag(const char *str, acl_entry_t entry, int *need_qualifier)
57 assert(need_qualifier != NULL);
60 if (strcmp(str, "owner@") == 0)
61 return (acl_set_tag_type(entry, ACL_USER_OBJ));
62 if (strcmp(str, "group@") == 0)
63 return (acl_set_tag_type(entry, ACL_GROUP_OBJ));
64 if (strcmp(str, "everyone@") == 0)
65 return (acl_set_tag_type(entry, ACL_EVERYONE));
69 if (strcmp(str, "user") == 0 || strcmp(str, "u") == 0)
70 return (acl_set_tag_type(entry, ACL_USER));
71 if (strcmp(str, "group") == 0 || strcmp(str, "g") == 0)
72 return (acl_set_tag_type(entry, ACL_GROUP));
74 warnx("malformed ACL: invalid \"tag\" field");
80 * Parse the qualifier field of ACL entry passed as "str".
81 * If user or group name cannot be resolved, then the variable
82 * referenced by "need_qualifier" is set to 1.
85 parse_qualifier(char *str, acl_entry_t entry, int *need_qualifier)
87 int qualifier_length, error;
94 assert(need_qualifier != NULL);
97 qualifier_length = strlen(str);
99 if (qualifier_length == 0) {
100 warnx("malformed ACL: empty \"qualifier\" field");
104 /* XXX: Can we assume that valid username never begins with a digit? */
105 if (isdigit(str[0])) {
106 id = strtod(str, &end);
108 if (end - str != qualifier_length) {
109 warnx("malformed ACL: trailing characters "
110 "after numerical id");
114 return (acl_set_qualifier(entry, &id));
117 error = acl_get_tag_type(entry, &tag);
121 assert(tag == ACL_USER || tag == ACL_GROUP);
123 if (tag == ACL_USER) {
124 /* XXX: Thread-unsafe. */
131 return (acl_set_qualifier(entry, &(pwd->pw_uid)));
134 /* XXX: Thread-unsafe. */
141 return (acl_set_qualifier(entry, &(grp->gr_gid)));
145 parse_access_mask(char *str, acl_entry_t entry)
150 error = _nfs4_parse_access_mask(str, &perm);
154 error = acl_set_permset(entry, &perm);
160 parse_flags(char *str, acl_entry_t entry)
165 error = _nfs4_parse_flags(str, &flags);
169 error = acl_set_flagset_np(entry, &flags);
175 parse_entry_type(const char *str, acl_entry_t entry)
178 if (strcmp(str, "allow") == 0)
179 return (acl_set_entry_type_np(entry, ACL_ENTRY_TYPE_ALLOW));
180 if (strcmp(str, "deny") == 0)
181 return (acl_set_entry_type_np(entry, ACL_ENTRY_TYPE_DENY));
182 if (strcmp(str, "audit") == 0)
183 return (acl_set_entry_type_np(entry, ACL_ENTRY_TYPE_AUDIT));
184 if (strcmp(str, "alarm") == 0)
185 return (acl_set_entry_type_np(entry, ACL_ENTRY_TYPE_ALARM));
187 warnx("malformed ACL: invalid \"type\" field");
193 parse_appended_id(char *str, acl_entry_t entry)
195 int qualifier_length;
199 qualifier_length = strlen(str);
200 if (qualifier_length == 0) {
201 warnx("malformed ACL: \"appended id\" field present, "
206 id = strtod(str, &end);
207 if (end - str != qualifier_length) {
208 warnx("malformed ACL: appended id is not a number");
212 return (acl_set_qualifier(entry, &id));
216 number_of_colons(const char *str)
220 while (*str != '\0') {
231 _nfs4_acl_entry_from_text(acl_t aclp, char *str)
233 int error, need_qualifier;
235 char *field, *qualifier_field;
237 error = acl_create_entry(&aclp, &entry);
241 assert(_entry_brand(entry) == ACL_BRAND_NFS4);
244 goto truncated_entry;
245 field = strsep(&str, ":");
247 field = string_skip_whitespace(field);
248 if ((*field == '\0') && (!str)) {
250 * Is an entirely comment line, skip to next
256 error = parse_tag(field, entry, &need_qualifier);
258 goto malformed_field;
260 if (need_qualifier) {
262 goto truncated_entry;
263 qualifier_field = field = strsep(&str, ":");
264 error = parse_qualifier(field, entry, &need_qualifier);
266 goto malformed_field;
270 goto truncated_entry;
271 field = strsep(&str, ":");
272 error = parse_access_mask(field, entry);
274 goto malformed_field;
277 goto truncated_entry;
278 /* Do we have "flags" field? */
279 if (number_of_colons(str) > 0) {
280 field = strsep(&str, ":");
281 error = parse_flags(field, entry);
283 goto malformed_field;
287 goto truncated_entry;
288 field = strsep(&str, ":");
289 error = parse_entry_type(field, entry);
291 goto malformed_field;
293 if (need_qualifier) {
295 warnx("malformed ACL: unknown user or group name "
296 "\"%s\"", qualifier_field);
297 goto truncated_entry;
300 error = parse_appended_id(str, entry);
302 goto malformed_field;
309 acl_delete_entry(aclp, entry);