xref: /freebsd/bin/setfacl/remove.c (revision 5521ff5a4d1929056e7ffc982fac3341ca54df7c) 
1 /*
2  * Copyright (c) 2001 Chris D. Faulhaber
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE
18  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
19  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
20  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
22  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
23  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
24  * POSSIBILITY OF SUCH DAMAGE.
25  *
26  * $FreeBSD$
27  */
28 
29 #include <sys/types.h>
30 #include <sys/acl.h>
31 #include <sys/stat.h>
32 
33 #include <err.h>
34 #include <stdio.h>
35 #include <string.h>
36 #include <sysexits.h>
37 
38 #include "setfacl.h"
39 
40 /* remove ACL entries from an ACL */
41 int
42 remove_acl(acl_t acl, acl_t *prev_acl)
43 {
44 	acl_entry_t	entry;
45 	acl_t		acl_new;
46 	acl_tag_t	tag;
47 	int		carried_error, entry_id;
48 
49 	carried_error = 0;
50 
51 	if (acl_type == ACL_TYPE_ACCESS)
52 		acl_new = acl_dup(prev_acl[0]);
53 	else
54 		acl_new = acl_dup(prev_acl[1]);
55 	if (!acl_new)
56 		err(EX_OSERR, "acl_dup() failed");
57 
58 	tag = ACL_UNDEFINED_TAG;
59 
60 	/* find and delete the entry */
61 	entry_id = ACL_FIRST_ENTRY;
62 	while (acl_get_entry(acl, entry_id, &entry) == 1) {
63 		entry_id = ACL_NEXT_ENTRY;
64 		if (acl_get_tag_type(entry, &tag) == -1)
65 			err(1, "acl_get_tag_type() failed");
66 		if (tag == ACL_MASK)
67 			have_mask++;
68 		if (acl_delete_entry(acl_new, entry) == -1) {
69 			carried_error++;
70 			warnx("cannot remove non-existent acl entry");
71 		}
72 	}
73 
74 	if (acl_type == ACL_TYPE_ACCESS) {
75 		acl_free(prev_acl[0]);
76 		prev_acl[0] = acl_new;
77 	} else {
78 		acl_free(prev_acl[1]);
79 		prev_acl[1] = acl_new;
80 	}
81 
82 	if (carried_error)
83 		return -1;
84 
85 	return 0;
86 }
87 
88 /* remove default entries */
89 int
90 remove_default(acl_t *prev_acl)
91 {
92 
93 	if (prev_acl[1]) {
94 		acl_free(prev_acl[1]);
95 		prev_acl[1] = acl_init(ACL_MAX_ENTRIES);
96 		if (!prev_acl[1])
97 			err(1, "acl_init() failed");
98 	} else {
99 		warn("cannot remove default ACL");
100 		return -1;
101 	}
102 	return 0;
103 }
104 
105 /* remove extended entries */
106 void
107 remove_ext(acl_t *prev_acl)
108 {
109 	acl_t acl_new, acl_old;
110 	acl_entry_t entry, entry_new;
111 	acl_permset_t perm;
112 	acl_tag_t tag;
113 	int entry_id, have_mask_entry;
114 
115 	if (acl_type == ACL_TYPE_ACCESS)
116 		acl_old = acl_dup(prev_acl[0]);
117 	else
118 		acl_old = acl_dup(prev_acl[1]);
119 	if (!acl_old)
120 		err(EX_OSERR, "acl_dup() failed");
121 
122 	have_mask_entry = 0;
123 	acl_new = acl_init(ACL_MAX_ENTRIES);
124 	if (!acl_new)
125 		err(EX_OSERR, "%s", "acl_init() failed");
126 	tag = ACL_UNDEFINED_TAG;
127 
128 	/* only save the default user/group/other entries */
129 	entry_id = ACL_FIRST_ENTRY;
130 	while (acl_get_entry(acl_old, entry_id, &entry) == 1) {
131 		entry_id = ACL_NEXT_ENTRY;
132 
133 		if (acl_get_tag_type(entry, &tag) == -1)
134 			err(1, "acl_get_tag_type() failed");
135 
136 		switch(tag) {
137 		case ACL_USER_OBJ:
138 		case ACL_GROUP_OBJ:
139 		case ACL_OTHER:
140 			if (acl_get_tag_type(entry, &tag) == -1)
141 				err(1, "acl_get_tag_type() failed");
142 			if (acl_get_permset(entry, &perm) == -1)
143 				err(1, "acl_get_permset() failed");
144 			if (acl_create_entry(&acl_new, &entry_new) == -1)
145 				err(1, "acl_create_entry() failed");
146 			if (acl_set_tag_type(entry_new, tag) == -1)
147 				err(1, "acl_set_tag_type() failed");
148 			if (acl_set_permset(entry_new, perm) == -1)
149 				err(1, "acl_get_permset() failed");
150 			if (acl_copy_entry(entry_new, entry) == -1)
151 				err(1, "acl_copy_entry() failed");
152 			break;
153 		case ACL_MASK:
154 			have_mask_entry = 1;
155 			break;
156 		default:
157 			break;
158 		}
159 	}
160 	if (have_mask_entry && !n_flag) {
161 		if (acl_calc_mask(&acl_new) == -1)
162 			err(1, "acl_calc_mask() failed");
163 	} else {
164 		have_mask = 1;
165 	}
166 
167 	if (acl_type == ACL_TYPE_ACCESS) {
168 		acl_free(prev_acl[0]);
169 		prev_acl[0] = acl_new;
170 	} else {
171 		acl_free(prev_acl[1]);
172 		prev_acl[1] = acl_new;
173 	}
174 }
175