1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org>
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 */
27
28 #include <stdio.h>
29 #include <stdlib.h>
30 #include <unistd.h>
31 #include <errno.h>
32 #include <assert.h>
33 #include <string.h>
34 #include <pwd.h>
35 #include <grp.h>
36 #include <ctype.h>
37 #include <err.h>
38 #include <sys/syscall.h>
39 #include <sys/types.h>
40 #include <sys/acl.h>
41
42 #include "acl_support.h"
43
44 #define MAX_ENTRY_LENGTH 512
45
46 /*
47 * Parse the tag field of ACL entry passed as "str". If qualifier
48 * needs to follow, then the variable referenced by "need_qualifier"
49 * is set to 1, otherwise it's set to 0.
50 */
51 static int
parse_tag(const char * str,acl_entry_t entry,int * need_qualifier)52 parse_tag(const char *str, acl_entry_t entry, int *need_qualifier)
53 {
54
55 assert(need_qualifier != NULL);
56 *need_qualifier = 0;
57
58 if (strcmp(str, "owner@") == 0)
59 return (acl_set_tag_type(entry, ACL_USER_OBJ));
60 if (strcmp(str, "group@") == 0)
61 return (acl_set_tag_type(entry, ACL_GROUP_OBJ));
62 if (strcmp(str, "everyone@") == 0)
63 return (acl_set_tag_type(entry, ACL_EVERYONE));
64
65 *need_qualifier = 1;
66
67 if (strcmp(str, "user") == 0 || strcmp(str, "u") == 0)
68 return (acl_set_tag_type(entry, ACL_USER));
69 if (strcmp(str, "group") == 0 || strcmp(str, "g") == 0)
70 return (acl_set_tag_type(entry, ACL_GROUP));
71
72 warnx("malformed ACL: invalid \"tag\" field");
73
74 return (-1);
75 }
76
77 /*
78 * Parse the qualifier field of ACL entry passed as "str".
79 * If user or group name cannot be resolved, then the variable
80 * referenced by "need_qualifier" is set to 1; it will be checked
81 * later to figure out whether the appended_id is required.
82 */
83 static int
parse_qualifier(char * str,acl_entry_t entry,int * need_qualifier)84 parse_qualifier(char *str, acl_entry_t entry, int *need_qualifier)
85 {
86 int qualifier_length, error;
87 uid_t id;
88 acl_tag_t tag;
89
90 assert(need_qualifier != NULL);
91 *need_qualifier = 0;
92
93 qualifier_length = strlen(str);
94
95 if (qualifier_length == 0) {
96 warnx("malformed ACL: empty \"qualifier\" field");
97 return (-1);
98 }
99
100 error = acl_get_tag_type(entry, &tag);
101 if (error)
102 return (error);
103
104 error = _acl_name_to_id(tag, str, &id);
105 if (error) {
106 *need_qualifier = 1;
107 return (0);
108 }
109
110 return (acl_set_qualifier(entry, &id));
111 }
112
113 static int
parse_access_mask(char * str,acl_entry_t entry)114 parse_access_mask(char *str, acl_entry_t entry)
115 {
116 int error;
117 acl_perm_t perm;
118
119 error = _nfs4_parse_access_mask(str, &perm);
120 if (error)
121 return (error);
122
123 error = acl_set_permset(entry, &perm);
124
125 return (error);
126 }
127
128 static int
parse_flags(char * str,acl_entry_t entry)129 parse_flags(char *str, acl_entry_t entry)
130 {
131 int error;
132 acl_flag_t flags;
133
134 error = _nfs4_parse_flags(str, &flags);
135 if (error)
136 return (error);
137
138 error = acl_set_flagset_np(entry, &flags);
139
140 return (error);
141 }
142
143 static int
parse_entry_type(const char * str,acl_entry_t entry)144 parse_entry_type(const char *str, acl_entry_t entry)
145 {
146
147 if (strcmp(str, "allow") == 0)
148 return (acl_set_entry_type_np(entry, ACL_ENTRY_TYPE_ALLOW));
149 if (strcmp(str, "deny") == 0)
150 return (acl_set_entry_type_np(entry, ACL_ENTRY_TYPE_DENY));
151 if (strcmp(str, "audit") == 0)
152 return (acl_set_entry_type_np(entry, ACL_ENTRY_TYPE_AUDIT));
153 if (strcmp(str, "alarm") == 0)
154 return (acl_set_entry_type_np(entry, ACL_ENTRY_TYPE_ALARM));
155
156 warnx("malformed ACL: invalid \"type\" field");
157
158 return (-1);
159 }
160
161 static int
parse_appended_id(char * str,acl_entry_t entry)162 parse_appended_id(char *str, acl_entry_t entry)
163 {
164 int qualifier_length;
165 char *end;
166 id_t id;
167
168 qualifier_length = strlen(str);
169 if (qualifier_length == 0) {
170 warnx("malformed ACL: \"appended id\" field present, "
171 "but empty");
172 return (-1);
173 }
174
175 id = strtod(str, &end);
176 if (end - str != qualifier_length) {
177 warnx("malformed ACL: appended id is not a number");
178 return (-1);
179 }
180
181 return (acl_set_qualifier(entry, &id));
182 }
183
184 static int
number_of_colons(const char * str)185 number_of_colons(const char *str)
186 {
187 int count = 0;
188
189 while (*str != '\0') {
190 if (*str == ':')
191 count++;
192
193 str++;
194 }
195
196 return (count);
197 }
198
199 int
_nfs4_acl_entry_from_text(acl_t aclp,char * str)200 _nfs4_acl_entry_from_text(acl_t aclp, char *str)
201 {
202 int error, need_qualifier;
203 acl_entry_t entry;
204 char *field, *qualifier_field;
205
206 error = acl_create_entry(&aclp, &entry);
207 if (error)
208 return (error);
209
210 assert(_entry_brand(entry) == ACL_BRAND_NFS4);
211
212 if (str == NULL)
213 goto truncated_entry;
214 field = strsep(&str, ":");
215
216 field = string_skip_whitespace(field);
217 if ((*field == '\0') && (!str)) {
218 /*
219 * Is an entirely comment line, skip to next
220 * comma.
221 */
222 return (0);
223 }
224
225 error = parse_tag(field, entry, &need_qualifier);
226 if (error)
227 goto malformed_field;
228
229 if (need_qualifier) {
230 if (str == NULL)
231 goto truncated_entry;
232 qualifier_field = field = strsep(&str, ":");
233 error = parse_qualifier(field, entry, &need_qualifier);
234 if (error)
235 goto malformed_field;
236 }
237
238 if (str == NULL)
239 goto truncated_entry;
240 field = strsep(&str, ":");
241 error = parse_access_mask(field, entry);
242 if (error)
243 goto malformed_field;
244
245 if (str == NULL)
246 goto truncated_entry;
247 /* Do we have "flags" field? */
248 if (number_of_colons(str) > 0) {
249 field = strsep(&str, ":");
250 error = parse_flags(field, entry);
251 if (error)
252 goto malformed_field;
253 }
254
255 if (str == NULL)
256 goto truncated_entry;
257 field = strsep(&str, ":");
258 error = parse_entry_type(field, entry);
259 if (error)
260 goto malformed_field;
261
262 if (need_qualifier) {
263 if (str == NULL) {
264 warnx("malformed ACL: unknown user or group name "
265 "\"%s\"", qualifier_field);
266 goto truncated_entry;
267 }
268
269 error = parse_appended_id(str, entry);
270 if (error)
271 goto malformed_field;
272 }
273
274 return (0);
275
276 truncated_entry:
277 malformed_field:
278 acl_delete_entry(aclp, entry);
279 errno = EINVAL;
280 return (-1);
281 }
282