1 /*- 2 * Copyright (c) 2001 Chris D. Faulhaber 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27 #include <sys/cdefs.h> 28 __FBSDID("$FreeBSD$"); 29 30 #include <sys/types.h> 31 #include <sys/acl.h> 32 #include <sys/stat.h> 33 34 #include <err.h> 35 #include <stdio.h> 36 #include <string.h> 37 38 #include "setfacl.h" 39 40 /* 41 * remove ACL entries from an ACL 42 */ 43 int 44 remove_acl(acl_t acl, acl_t *prev_acl, const char *filename) 45 { 46 acl_entry_t entry; 47 acl_t acl_new; 48 acl_tag_t tag; 49 int carried_error, entry_id, acl_brand, prev_acl_brand; 50 51 carried_error = 0; 52 53 acl_get_brand_np(acl, &acl_brand); 54 acl_get_brand_np(*prev_acl, &prev_acl_brand); 55 56 if (branding_mismatch(acl_brand, prev_acl_brand)) { 57 warnx("%s: branding mismatch; existing ACL is %s, " 58 "entry to be removed is %s", filename, 59 brand_name(prev_acl_brand), brand_name(acl_brand)); 60 return (-1); 61 } 62 63 carried_error = 0; 64 65 acl_new = acl_dup(*prev_acl); 66 if (acl_new == NULL) 67 err(1, "%s: acl_dup() failed", filename); 68 69 tag = ACL_UNDEFINED_TAG; 70 71 /* find and delete the entry */ 72 entry_id = ACL_FIRST_ENTRY; 73 while (acl_get_entry(acl, entry_id, &entry) == 1) { 74 entry_id = ACL_NEXT_ENTRY; 75 if (acl_get_tag_type(entry, &tag) == -1) 76 err(1, "%s: acl_get_tag_type() failed", filename); 77 if (tag == ACL_MASK) 78 have_mask = true; 79 if (acl_delete_entry(acl_new, entry) == -1) { 80 carried_error++; 81 warnx("%s: cannot remove non-existent ACL entry", 82 filename); 83 } 84 } 85 86 acl_free(*prev_acl); 87 *prev_acl = acl_new; 88 89 if (carried_error) 90 return (-1); 91 92 return (0); 93 } 94 95 int 96 remove_by_number(uint entry_number, acl_t *prev_acl, const char *filename) 97 { 98 acl_entry_t entry; 99 acl_t acl_new; 100 acl_tag_t tag; 101 int carried_error, entry_id; 102 uint i; 103 104 carried_error = 0; 105 106 acl_new = acl_dup(*prev_acl); 107 if (acl_new == NULL) 108 err(1, "%s: acl_dup() failed", filename); 109 110 tag = ACL_UNDEFINED_TAG; 111 112 /* 113 * Find out whether we're removing the mask entry, 114 * to behave the same as the routine above. 115 * 116 * XXX: Is this loop actually needed? 117 */ 118 entry_id = ACL_FIRST_ENTRY; 119 i = 0; 120 while (acl_get_entry(acl_new, entry_id, &entry) == 1) { 121 entry_id = ACL_NEXT_ENTRY; 122 if (i != entry_number) 123 continue; 124 if (acl_get_tag_type(entry, &tag) == -1) 125 err(1, "%s: acl_get_tag_type() failed", filename); 126 if (tag == ACL_MASK) 127 have_mask = true; 128 } 129 130 if (acl_delete_entry_np(acl_new, entry_number) == -1) { 131 carried_error++; 132 warn("%s: acl_delete_entry_np() failed", filename); 133 } 134 135 acl_free(*prev_acl); 136 *prev_acl = acl_new; 137 138 if (carried_error) 139 return (-1); 140 141 return (0); 142 } 143 144 /* 145 * remove default entries 146 */ 147 int 148 remove_default(acl_t *prev_acl, const char *filename) 149 { 150 151 acl_free(*prev_acl); 152 *prev_acl = acl_init(ACL_MAX_ENTRIES); 153 if (*prev_acl == NULL) 154 err(1, "%s: acl_init() failed", filename); 155 156 return (0); 157 } 158 159 /* 160 * remove extended entries 161 */ 162 void 163 remove_ext(acl_t *prev_acl, const char *filename) 164 { 165 acl_t acl_new; 166 167 acl_new = acl_strip_np(*prev_acl, !n_flag); 168 if (acl_new == NULL) 169 err(1, "%s: acl_strip_np() failed", filename); 170 171 acl_free(*prev_acl); 172 *prev_acl = acl_new; 173 } 174