| blob | 0c388f28329acf5c5de94fd03cf296283fd9fe76 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 *
21 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
22 * Use is subject to license terms.
23 */
25 %{
26 #include <sys/acl.h>
27 #include <aclutils.h>
28 #include <idmap.h>
29 #include <errno.h>
30 #include "acl.tab.h"
32 #ifdef input
33 #undef input
34 #endif
36 #ifdef unput
37 #undef unput
38 #endif
40 int grab_string(char *terminators);
41 static int input();
42 static void unput(int);
44 int
45 yyerror(const char *s)
46 {
47 return (0);
48 }
50 int
51 yywrap(void)
52 {
53 return (1);
54 }
56 extern char *yybuf;
57 int yybufpos;
59 /*
60 * Used for tracking allocated strings while walking through an ACL.
61 */
62 struct yystrings {
63 char *y_logname; /* user/group name from LOGNAME */
64 char *y_perms; /* permssions from PERM_TOK */
65 char *y_iflags; /* iflags from INHERIT_TOK */
66 char *y_idstr; /* string of appened id */
67 } yystrings;
69 %}
71 %e 1500
72 %s TS NS PS AIS AS US ES
73 %p 5000
75 /*
76 * TS = type state
77 * NS = name state
78 * PS = Permission state
79 * AIS = Allow/deny/inheritance state
80 * AS = Allow state (only used when inheritance detected)
81 * US = UID/GID state
82 * ES = End state
83 */
85 ID [0-9]+
86 SID S-[^:,\n]+
87 LOGNAME [^:]+:
88 PERM_STR [rRwWxpdDaAcCos-]+
89 INHERIT_STR [fdinFSI-]+
91 %%
93 <TS>user: {
94 BEGIN NS;
95 yylval.val = USER_TOK;
96 return (ENTRY_TYPE);
97 }
98 <TS>usersid: {
99 BEGIN NS;
100 yylval.val = USER_SID_TOK;
101 return (ENTRY_TYPE);
102 }
103 <TS>owner@: {
104 BEGIN PS;
105 yylval.val = OWNERAT_TOK;
106 return (ENTRY_TYPE);
107 }
108 <TS>group@: {
109 BEGIN PS;
110 yylval.val = GROUPAT_TOK;
111 return (ENTRY_TYPE);
112 }
113 <TS>everyone@: {
114 BEGIN PS;
115 yylval.val = EVERYONEAT_TOK;
116 return (ENTRY_TYPE);
117 }
118 <TS>group: {
119 BEGIN NS;
120 yylval.val = GROUP_TOK;
121 return (ENTRY_TYPE);
122 }
123 <TS>groupsid: {
124 BEGIN NS;
125 yylval.val = GROUP_SID_TOK;
126 return (ENTRY_TYPE);
127 }
128 <TS>sid: {
129 BEGIN NS;
130 yylval.val = GROUP_SID_TOK;
131 return (ENTRY_TYPE);
132 }
133 <TS>mask: {
134 BEGIN PS;
135 yylval.val = MASK_TOK;
136 return (ENTRY_TYPE);
137 }
138 <TS>mask:: {
139 BEGIN PS;
140 yylval.val = MASK_TOK;
141 return (ENTRY_TYPE);
142 }
143 <TS>other: {
144 BEGIN PS;
145 yylval.val = OTHER_TOK;
146 return (ENTRY_TYPE);
147 }
148 <TS>other:: {
149 BEGIN PS;
150 yylval.val = OTHER_TOK;
151 return (ENTRY_TYPE);
152 }
153 <TS>defaultuser: {
154 BEGIN NS;
155 yylval.val = DEFAULT_USER_TOK;
156 return (ENTRY_TYPE);
157 }
158 <TS>default:user: {
159 BEGIN NS;
160 yylval.val = DEFAULT_USER_TOK;
161 return (ENTRY_TYPE);
162 }
163 <TS>defaultgroup: {
164 BEGIN NS;
165 yylval.val = DEFAULT_GROUP_TOK;
166 return (ENTRY_TYPE);
167 }
168 <TS>default:group: {
169 BEGIN NS;
170 yylval.val = DEFAULT_GROUP_TOK;
171 return (ENTRY_TYPE);
172 }
173 <TS>defaultother: {
174 BEGIN PS;
175 yylval.val = DEFAULT_OTHER_TOK;
176 return (ENTRY_TYPE);
177 }
178 <TS>defaultother:: {
179 BEGIN PS;
180 yylval.val = DEFAULT_OTHER_TOK;
181 return (ENTRY_TYPE);
182 }
183 <TS>default:other: {
184 BEGIN PS;
185 yylval.val = DEFAULT_OTHER_TOK;
186 return (ENTRY_TYPE);
187 }
188 <TS>defaultmask: {
189 BEGIN PS;
190 yylval.val = DEFAULT_MASK_TOK;
191 return (ENTRY_TYPE);
192 }
193 <TS>defaultmask:: {
194 BEGIN PS;
195 yylval.val = DEFAULT_MASK_TOK;
196 return (ENTRY_TYPE);
197 }
198 <TS>default:mask: {
199 BEGIN PS;
200 yylval.val = DEFAULT_MASK_TOK;
201 return (ENTRY_TYPE);
202 }
203 <TS>"\n" {
204 return (NL);
205 }
206 <TS>. {
207 if (grab_string(":,\n") != 0) {
208 acl_error(dgettext(TEXT_DOMAIN,
209 "Failed to retrieve"
210 " error string.\n"));
211 yylval.val = EACL_MEM_ERROR;
212 return (ERROR);
213 }
214 acl_error(dgettext(TEXT_DOMAIN,
215 "Invalid ACL entry "
216 "type '%s' specified.\n"), yylval.str);
217 free(yylval.str);
218 yylval.val = EACL_ENTRY_ERROR;
219 return (ERROR);
220 }
221 <NS>: {
222 BEGIN PS;
223 return (COLON);
224 }
225 <NS>{LOGNAME} {
226 yylval.str = strdup(yytext);
227 if (yylval.str == NULL) {
228 yylval.val = EACL_MEM_ERROR;
229 return (ERROR);
230 }
231 yylval.str[strlen(yylval.str) -1] = '\0';
232 yystrings.y_logname = yylval.str;
233 BEGIN PS;
234 return (IDNAME);
235 }
236 <NS>"\n" {
237 acl_error(dgettext(TEXT_DOMAIN,
238 "Missing user/group name"
239 " from ACL specification.\n"));
240 yylval.val = EACL_MISSING_FIELDS;
241 return (ERROR);
242 }
243 <NS>. {
244 int error;
246 error = grab_string(":,\n");
247 if (error != 0) {
248 acl_error(dgettext(TEXT_DOMAIN,
249 "Invalid user/group "
250 "name specification.\n"));
251 yylval.val = EACL_INVALID_USER_GROUP;
252 } else {
253 acl_error(dgettext(TEXT_DOMAIN,
254 "User/Group name "
255 "'%s' not specified correctly.\n"),
256 yylval.str);
257 free(yylval.str);
258 yylval.val = EACL_ENTRY_ERROR;
259 }
260 return (ERROR);
261 }
262 <PS>read_data/[:/,] {
263 yylval.val = ACE_READ_DATA;
264 return (ACE_PERM);
265 }
266 <PS>list_directory/[:/,] {
267 yylval.val = ACE_LIST_DIRECTORY;
268 return (ACE_PERM);
269 }
270 <PS>write_data/[:/,] {
271 yylval.val = ACE_WRITE_DATA;
272 return (ACE_PERM);
273 }
274 <PS>add_file/[:/,] {
275 yylval.val = ACE_ADD_FILE;
276 return (ACE_PERM);
277 }
278 <PS>append_data/[:/,] {
279 yylval.val = ACE_APPEND_DATA;
280 return (ACE_PERM);
281 }
282 <PS>add_subdirectory/[:/,] {
283 yylval.val = ACE_ADD_SUBDIRECTORY;
284 return (ACE_PERM);
285 }
286 <PS>read_xattr/[:/,] {
287 yylval.val = ACE_READ_NAMED_ATTRS;
288 return (ACE_PERM);
289 }
290 <PS>write_xattr/[:/,] {
291 yylval.val = ACE_WRITE_NAMED_ATTRS;
292 return (ACE_PERM);
293 }
294 <PS>execute/[:/,] {
295 yylval.val = ACE_EXECUTE;
296 return (ACE_PERM);
297 }
298 <PS>delete_child/[:/,] {
299 yylval.val = ACE_DELETE_CHILD;
300 return (ACE_PERM);
301 }
302 <PS>read_attributes/[:/,] {
303 yylval.val = ACE_READ_ATTRIBUTES;
304 return (ACE_PERM);
305 }
306 <PS>write_attributes/[:/,] {
307 yylval.val = ACE_WRITE_ATTRIBUTES;
308 return (ACE_PERM);
309 }
310 <PS>delete/[:/,] {
311 yylval.val = ACE_DELETE;
312 return (ACE_PERM);
313 }
314 <PS>read_acl/[:/,] {
315 yylval.val = ACE_READ_ACL;
316 return (ACE_PERM);
317 }
318 <PS>write_acl/[:/,] {
319 yylval.val = ACE_WRITE_ACL;
320 return (ACE_PERM);
321 }
322 <PS>write_owner/[:/,] {
323 yylval.val = ACE_WRITE_OWNER;
324 return (ACE_PERM);
325 }
326 <PS>synchronize/[:/,] {
327 yylval.val = ACE_SYNCHRONIZE;
328 return (ACE_PERM);
329 }
330 <PS>read_set/[:/,] {
331 yylval.val = ACE_READ_PERMS;
332 return (ACE_PERM);
333 }
334 <PS>write_set/[:/,] {
335 yylval.val = ACE_WRITE_PERMS;
336 return (ACE_PERM);
337 }
338 <PS>modify_set/[:/,] {
339 yylval.val = ACE_MODIFY_PERMS;
340 return (ACE_PERM);
341 }
342 <PS>full_set/[:/,] {
343 yylval.val = ACE_ALL_PERMS;
344 return (ACE_PERM);
345 }
346 <PS>{PERM_STR}/[:,\n] {
347 int c;
349 c = input();
350 unput(c);
351 yylval.str = strdup(yytext);
352 if (yylval.str == NULL) {
353 yylval.val = EACL_MEM_ERROR;
354 return (ERROR);
355 }
356 yystrings.y_perms = yylval.str;
358 /*
359 * aclent are done after permissions.
360 */
361 if (isdigit(c))
362 BEGIN US;
363 else if (c != ':')
364 BEGIN ES;
366 return (PERM_TOK);
367 }
368 <PS>"/:" {
369 acl_error(dgettext(TEXT_DOMAIN,
370 "Invalid permission /: specified.\n"));
371 yylval.val = EACL_ENTRY_ERROR;
372 return (ERROR);
373 }
374 <PS>: {
375 int c;
377 c = input();
378 unput(c);
379 if (isdigit(c))
380 BEGIN (US);
381 else
382 BEGIN AIS;
383 return (COLON);
384 }
385 <PS>"/" {
386 return (SLASH);
387 }
388 <PS>"\n" {
389 acl_error(dgettext(TEXT_DOMAIN,
390 "ACL entry is missing "
391 "permission fields.\n"));
392 yylval.val = EACL_MISSING_FIELDS;
393 return (ERROR);
394 }
395 <PS>"," {
396 acl_error(
397 dgettext(TEXT_DOMAIN,
398 "The ',' is not a valid permission field "
399 "separator.\nThe comma is used to separate "
400 "access control entries.\nSee acl(5) for "
401 "examples of specifying ACL entries.\n"));
402 yylval.val = EACL_PERM_MASK_ERROR;
403 return (ERROR);
404 }
405 <PS>. {
406 if (grab_string("/:,\n") != 0) {
407 acl_error(dgettext(TEXT_DOMAIN,
408 "Failed to retrieve"
409 " error string.\n"));
410 yylval.val = EACL_MEM_ERROR;
411 return (ERROR);
412 }
413 acl_error(dgettext(TEXT_DOMAIN,
414 "Invalid permission(s) '%s' "
415 "specified.\n"), yylval.str);
416 free(yylval.str);
417 yylval.val = EACL_PERM_MASK_ERROR;
418 return (ERROR);
419 }
420 <AS>allow/[:,\n] {
422 int c;
424 c = input();
425 unput(c);
426 if (c == ',' || c == '\n')
427 BEGIN ES;
428 else
429 BEGIN US;
430 yylval.val = ACE_ACCESS_ALLOWED_ACE_TYPE;
431 return (ACCESS_TYPE);
432 }
433 <AS>deny/[:,\n] {
435 int c;
437 c = input();
438 unput(c);
439 if (c == ',' || c == '\n')
440 BEGIN ES;
441 else
442 BEGIN US;
444 yylval.val = ACE_ACCESS_DENIED_ACE_TYPE;
445 return (ACCESS_TYPE);
446 }
447 <AS>audit/[:,\n] {
448 int c;
450 c = input();
451 unput(c);
452 if (c == ',' || c == '\n')
453 BEGIN ES;
454 else
455 BEGIN US;
457 yylval.val = ACE_SYSTEM_AUDIT_ACE_TYPE;
458 return (ACCESS_TYPE);
459 }
460 <AS>alarm/[:,\n] {
461 int c;
463 c = input();
464 unput(c);
465 if (c == ',' || c == '\n')
466 BEGIN ES;
467 else
468 BEGIN US;
470 yylval.val = ACE_SYSTEM_ALARM_ACE_TYPE;
471 return (ACCESS_TYPE);
472 }
473 <AS>: {
475 acl_error(dgettext(TEXT_DOMAIN,
476 "Invalid Access type "
477 "specified.\nThe field is blank, when"
478 " it should be either allow or deny.\n"));
479 yylval.val = EACL_INVALID_ACCESS_TYPE;
480 return (ERROR);
481 }
482 <AS>"\n" {
483 acl_error(dgettext(TEXT_DOMAIN,
484 "ACL access type must be specified.\n"));
485 yylval.val = EACL_INVALID_ACCESS_TYPE;
486 return (ERROR);
487 }
488 <AS>. {
489 if (yytext[0] != '\n' && yytext[0] != '\0') {
490 if (grab_string(":,\n") != 0) {
491 acl_error(dgettext(TEXT_DOMAIN,
492 "Failed to "
493 "retrieve error "
494 "string.\n"));
495 yylval.val = EACL_MEM_ERROR;
496 return (ERROR);
497 }
498 acl_error(
499 dgettext(TEXT_DOMAIN,
500 "Invalid access "
501 "type '%s' specified.\n"),
502 yylval.str);
503 } else {
504 acl_error(
505 dgettext(TEXT_DOMAIN,
506 "No access "
507 "type specified.\n"), yylval.str);
508 }
510 free(yylval.str);
511 yylval.val = EACL_INVALID_ACCESS_TYPE;
512 return (ERROR);
513 }
514 <AIS>allow/[:,\n] {
516 int c;
518 c = input();
519 unput(c);
520 if (c == ',' || c == '\n')
521 BEGIN ES;
522 else
523 BEGIN US;
524 yylval.val = ACE_ACCESS_ALLOWED_ACE_TYPE;
525 return (ACCESS_TYPE);
526 }
527 <AIS>deny/[:,\n] {
529 int c;
531 c = input();
532 unput(c);
533 if (c == ',' || c == '\n')
534 BEGIN ES;
535 else
536 BEGIN US;
538 yylval.val = ACE_ACCESS_DENIED_ACE_TYPE;
539 return (ACCESS_TYPE);
540 }
541 <AIS>audit/[:,\n] {
542 int c;
544 c = input();
545 unput(c);
546 if (c == ',' || c == '\n')
547 BEGIN ES;
548 else
549 BEGIN US;
551 yylval.val = ACE_SYSTEM_AUDIT_ACE_TYPE;
552 return (ACCESS_TYPE);
553 }
554 <AIS>alarm/[:,\n] {
556 int c;
558 c = input();
559 unput(c);
560 if (c == ',' || c == '\n')
561 BEGIN ES;
562 else
563 BEGIN US;
565 yylval.val = ACE_SYSTEM_ALARM_ACE_TYPE;
566 return (ACCESS_TYPE);
567 }
568 <AIS>file_inherit/[:/,] {
569 yylval.val = ACE_FILE_INHERIT_ACE;
570 return (ACE_INHERIT);
571 }
572 <AIS>dir_inherit/[:/,] {
573 yylval.val = ACE_DIRECTORY_INHERIT_ACE;
574 return (ACE_INHERIT);
575 }
576 <AIS>no_propagate/[/:,] {
577 yylval.val = ACE_NO_PROPAGATE_INHERIT_ACE;
578 return (ACE_INHERIT);
579 }
580 <AIS>inherit_only/[/:,] {
581 yylval.val = ACE_INHERIT_ONLY_ACE;
582 return (ACE_INHERIT);
583 }
585 <AIS>successful_access/[/:,] {
586 yylval.val = ACE_SUCCESSFUL_ACCESS_ACE_FLAG;
587 return (ACE_INHERIT);
588 }
589 <AIS>failed_access/[/:,] {
590 yylval.val = ACE_FAILED_ACCESS_ACE_FLAG;
591 return (ACE_INHERIT);
592 }
593 <AIS>inherited/[/:,] {
594 yylval.val = ACE_INHERITED_ACE;
595 return (ACE_INHERIT);
596 }
597 <AIS>{INHERIT_STR}/[:] {
598 yylval.str = strdup(yytext);
599 if (yylval.str == NULL) {
600 yylval.val = EACL_MEM_ERROR;
601 return (ERROR);
602 }
603 yystrings.y_iflags = yylval.str;
604 return (INHERIT_TOK);
605 }
606 <AIS>: {
607 /*
608 * Only inheritance fields should hit this.
609 * allow/deny fields match on ":" as part
610 * of the regexp.
611 */
612 BEGIN AS;
613 return (COLON);
614 }
615 <AIS>"/" {
616 return (SLASH);
617 }
618 <AIS>"\n" {
619 acl_error(
620 dgettext(TEXT_DOMAIN,
621 "Invalid ACL specification."
622 "\nWas expecting to find"
623 " access type or inheritance flags.\n"),
624 yylval.str);
625 yylval.val = EACL_UNKNOWN_DATA;
626 return (ERROR);
627 }
628 <AIS>"," {
629 acl_error(
630 dgettext(TEXT_DOMAIN,
631 "The ',' is not a valid inheritance field "
632 "separator.\nThe comma is used to separate "
633 "access control entries.\nSee acl(5) for "
634 "examples of specifying ACL entries.\n"));
635 yylval.val = EACL_INVALID_ACCESS_TYPE;
636 return (ERROR);
637 }
638 <AIS>. {
639 if (yytext[0] != '\n' && yytext[0] != '\0') {
640 if (grab_string(":,\n") != 0) {
641 acl_error(dgettext(TEXT_DOMAIN,
642 "Failed to "
643 "retrieve error "
644 "string.\n"));
645 yylval.val = EACL_MEM_ERROR;
646 return (ERROR);
647 }
648 acl_error(
649 dgettext(TEXT_DOMAIN,
650 "Invalid inheritance or"
651 " access type '%s' specified.\n"),
652 yylval.str);
653 } else {
654 acl_error(
655 dgettext(TEXT_DOMAIN,
656 "No inheritance or "
657 "access type specified.\n"),
658 yylval.str);
659 }
661 free(yylval.str);
662 yylval.val = EACL_INVALID_ACCESS_TYPE;
663 return (ERROR);
664 }
665 <US>{ID}/[,\n] {
666 BEGIN ES;
667 yylval.str = strdup(yytext);
668 if (yylval.str == NULL) {
669 yylval.val = EACL_MEM_ERROR;
670 return (ERROR);
671 }
672 yystrings.y_idstr = yylval.str;
673 return (ID);
674 }
675 <US>{SID}/[,\n] {
676 BEGIN ES;
677 yylval.str = strdup(yytext);
678 if (yylval.str == NULL) {
679 yylval.val = EACL_MEM_ERROR;
680 return (ERROR);
681 }
682 yystrings.y_idstr = yylval.str;
683 return (SID);
684 }
685 <US>: {
686 return (COLON);
687 }
688 <US>{INHERIT_STR} { /*
689 * Catch specific error to produce
690 * nice message for users who are trying
691 * to use old syntax format which had
692 * inheritance flags as the last field.
693 */
694 acl_error(dgettext(TEXT_DOMAIN,
695 "Access type should be final"
696 " field in ACL specification.\n"));
697 yylval.val = EACL_ENTRY_ERROR;
698 return (ERROR);
699 }
700 <US>. {
701 if (grab_string(",\n") != 0) {
702 acl_error(dgettext(TEXT_DOMAIN,
703 "Failed to retrieve"
704 " error string.\n"));
705 yylval.val = EACL_MEM_ERROR;
706 return (ERROR);
707 }
708 acl_error(
709 dgettext(TEXT_DOMAIN,
710 "Invalid data ':%s' specified"
711 " on end of ACL.\n"), yylval.str);
712 free(yylval.str);
713 yylval.val = EACL_ENTRY_ERROR;
714 return (ERROR);
715 }
716 <US>"\n" {
717 acl_error(dgettext(TEXT_DOMAIN,
718 "Missing fields in ACL "
719 "specification.\nWas expecting to find "
720 "uid/gid.\n"));
721 yylval.val = EACL_ENTRY_ERROR;
722 return (ERROR);
723 }
724 <ES>"," {
725 BEGIN TS;
726 return (COMMA);
727 }
728 <ES>. {
729 if (grab_string("/:,\n") != 0) {
730 acl_error(
731 dgettext(TEXT_DOMAIN,
732 "Failed to retrieve error"
733 " string.\n"));
734 yylval.val = EACL_MEM_ERROR;
735 return (ERROR);
736 }
737 acl_error(
738 dgettext(TEXT_DOMAIN,
739 "Unrecognized data '%s' found"
740 " in ACL specification.\n"), yylval.str);
741 free(yylval.str);
742 yylval.val = EACL_UNKNOWN_DATA;
743 return (ERROR);
744 }
745 <ES>"\n" {
746 return (NL);
747 }
748 %%
751 /*
752 * Pull string up to terminator off of input string.
753 * used for retrieving illegal data in ACL specification.
754 *
755 * The first set of characters is retrieved from yytext.
756 * subsequent characters are pulled from the input stream,
757 * until either EOF or one of the requested terminators is scene.
758 * Result is returned in yylval.str which is malloced.
759 */
760 int
761 grab_string(char *terminators)
762 {
763 int c;
764 int done = 0;
765 int cnt;
766 int alloced;
767 int error = 0;
768 char *ptr;
770 cnt = strlen(yytext);
771 yylval.str = calloc(cnt + 1, sizeof (char));
772 if (yylval.str == NULL) {
773 return (1);
774 }
775 alloced = cnt + 1;
776 strcpy(yylval.str, yytext);
778 do {
779 c = input();
780 if (c == EOF)
781 break;
783 for (ptr = terminators; *ptr; ptr++) {
784 if (c == *ptr) {
785 done = 1;
786 break;
787 }
788 }
790 if (done)
791 break;
793 if (cnt + 1 >= alloced) {
794 yylval.str = realloc(yylval.str,
795 alloced + 80);
796 alloced += 80;
797 if (yylval.str == NULL)
798 return (1);
800 memset(yylval.str + cnt, 0,
801 alloced - strlen(yylval.str));
802 }
803 yylval.str[strlen(yylval.str)] = c;
804 cnt++;
805 } while (!done);
807 return (error);
808 }
810 static int
811 input(void)
812 {
813 int c;
815 c = yybuf[yybufpos++];
816 if (c == '\0') {
817 return (EOF);
818 }
820 return (c);
821 }
823 static void
824 unput(int c)
825 {
826 if (c == '\0') {
827 return;
828 }
830 if (yybufpos > 0) {
831 --yybufpos;
832 }
833 }
835 /*
836 * return ACE entry type
837 */
838 int
839 ace_entry_type(int type)
840 {
841 int ret = -1;
842 switch (type) {
843 case USER_TOK:
844 case USER_SID_TOK:
845 ret = 0;
846 break;
847 case GROUP_TOK:
848 case GROUP_SID_TOK:
849 ret = ACE_IDENTIFIER_GROUP;
850 break;
851 case OWNERAT_TOK:
852 ret = ACE_OWNER;
853 break;
854 case GROUPAT_TOK:
855 ret = ACE_IDENTIFIER_GROUP | ACE_GROUP;
856 break;
857 case EVERYONEAT_TOK:
858 ret = ACE_EVERYONE;
859 break;
860 }
861 return (ret);
862 }
865 /*
866 * return aclent entry type
867 */
868 int
869 aclent_entry_type(int type, int owning, int *ret)
870 {
872 *ret = 0;
874 switch (type) {
875 case USER_TOK:
876 *ret = (owning == 0) ? USER : USER_OBJ;
877 break;
878 case GROUP_TOK:
879 *ret = (owning == 0) ? GROUP : GROUP_OBJ;
880 break;
881 case OTHER_TOK:
882 *ret = OTHER_OBJ;
883 break;
884 case MASK_TOK:
885 *ret = CLASS_OBJ;
886 break;
887 case DEFAULT_USER_TOK:
888 *ret = (owning == 0) ? DEF_USER : DEF_USER_OBJ;
889 break;
890 case DEFAULT_GROUP_TOK:
891 *ret = (owning == 0) ? DEF_GROUP : DEF_GROUP_OBJ;
892 break;
893 case DEFAULT_MASK_TOK:
894 *ret = DEF_CLASS_OBJ;
895 break;
896 case DEFAULT_OTHER_TOK:
897 *ret = DEF_OTHER_OBJ;
898 break;
899 default:
900 return (EACL_ENTRY_ERROR);
901 }
903 return (0);
904 }
906 /*
907 * convert string into numeric id.
908 */
909 static int
910 acl_str_to_id(char *str, uid_t *id)
911 {
912 char *end;
913 uid_t value;
915 errno = 0;
916 value = strtoul(str, &end, 10);
918 if (errno != 0 || *end != '\0')
919 return (EACL_INVALID_USER_GROUP);
921 *id = value;
923 return (0);
924 }
926 /*
927 * determine either uid/gid for given entry type
928 */
929 int
930 get_id(int entry_type, char *name, uid_t *id)
931 {
932 struct passwd *pw;
933 struct group *gr;
934 int error = 0;
936 switch (entry_type) {
937 case USER_TOK:
938 case DEFAULT_USER_TOK:
939 if ((error = acl_str_to_id(name, id)) == 0)
940 break;
941 pw = getpwnam(name);
942 if (pw) {
943 *id = pw->pw_uid;
944 error = 0;
945 }
946 break;
948 case GROUP_TOK:
949 case DEFAULT_GROUP_TOK:
950 if ((error = acl_str_to_id(name, id)) == 0)
951 break;
952 gr = getgrnam(name);
953 if (gr) {
954 *id = gr->gr_gid;
955 error = 0;
956 }
957 break;
958 case USER_SID_TOK:
959 if (sid_to_id(name, B_TRUE, id))
960 error = EACL_INVALID_USER_GROUP;
961 break;
963 case GROUP_SID_TOK:
964 if (sid_to_id(name, B_FALSE, id))
965 error = EACL_INVALID_USER_GROUP;
966 break;
967 }
969 return (error);
970 }
972 int
973 get_id_nofail(int entry_type, char *name)
974 {
975 uid_t id;
977 if (get_id(entry_type, name, &id))
978 return (UID_NOBODY);
979 else
980 return (id);
981 }
983 /*
984 * reset beginning state to TS and set character position
985 * back to zero.
986 */
987 void
988 yyreset()
989 {
990 yybufpos = 0;
991 memset(&yystrings, 0, sizeof (yystrings));
992 BEGIN TS;
993 }
995 void
996 yycleanup()
997 {
998 if (yystrings.y_logname)
999 free(yystrings.y_logname);
1000 if (yystrings.y_perms)
1001 free(yystrings.y_perms);
1002 if (yystrings.y_iflags)
1003 free(yystrings.y_iflags);
1004 if (yystrings.y_idstr)
1005 free(yystrings.y_idstr);
1006 yystrings.y_logname = NULL;
1007 yystrings.y_perms = NULL;
1008 yystrings.y_iflags = NULL;
1009 yystrings.y_idstr = NULL;
1010 }