1 /*- 2 * Copyright (c) 2001 Chris D. Faulhaber 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27 #include <sys/cdefs.h> 28 __FBSDID("$FreeBSD$"); 29 30 #include <sys/types.h> 31 #include <sys/param.h> 32 #include <sys/stat.h> 33 #include <sys/acl.h> 34 #include <sys/queue.h> 35 36 #include <err.h> 37 #include <errno.h> 38 #include <stdio.h> 39 #include <stdlib.h> 40 #include <string.h> 41 #include <unistd.h> 42 43 #include "setfacl.h" 44 45 static void add_filename(const char *filename); 46 static void usage(void); 47 48 static void 49 add_filename(const char *filename) 50 { 51 struct sf_file *file; 52 53 if (strlen(filename) > PATH_MAX - 1) { 54 warn("illegal filename"); 55 return; 56 } 57 file = zmalloc(sizeof(struct sf_file)); 58 file->filename = filename; 59 TAILQ_INSERT_TAIL(&filelist, file, next); 60 } 61 62 static void 63 usage(void) 64 { 65 66 fprintf(stderr, "usage: setfacl [-bdhkn] [-a position entries] " 67 "[-m entries] [-M file] [-x entries] [-X file] [file ...]\n"); 68 exit(1); 69 } 70 71 int 72 main(int argc, char *argv[]) 73 { 74 acl_t acl; 75 acl_type_t acl_type; 76 acl_entry_t unused_entry; 77 char filename[PATH_MAX]; 78 int local_error, carried_error, ch, i, entry_number, ret; 79 int h_flag; 80 struct sf_file *file; 81 struct sf_entry *entry; 82 const char *fn_dup; 83 char *end; 84 struct stat sb; 85 86 acl_type = ACL_TYPE_ACCESS; 87 carried_error = local_error = 0; 88 h_flag = have_mask = have_stdin = n_flag = need_mask = 0; 89 90 TAILQ_INIT(&entrylist); 91 TAILQ_INIT(&filelist); 92 93 while ((ch = getopt(argc, argv, "M:X:a:bdhkm:nx:")) != -1) 94 switch(ch) { 95 case 'M': 96 entry = zmalloc(sizeof(struct sf_entry)); 97 entry->acl = get_acl_from_file(optarg); 98 if (entry->acl == NULL) 99 err(1, "%s: get_acl_from_file() failed", optarg); 100 entry->op = OP_MERGE_ACL; 101 TAILQ_INSERT_TAIL(&entrylist, entry, next); 102 break; 103 case 'X': 104 entry = zmalloc(sizeof(struct sf_entry)); 105 entry->acl = get_acl_from_file(optarg); 106 entry->op = OP_REMOVE_ACL; 107 TAILQ_INSERT_TAIL(&entrylist, entry, next); 108 break; 109 case 'a': 110 entry = zmalloc(sizeof(struct sf_entry)); 111 112 entry_number = strtol(optarg, &end, 10); 113 if (end - optarg != (int)strlen(optarg)) 114 errx(1, "%s: invalid entry number", optarg); 115 if (entry_number < 0) 116 errx(1, "%s: entry number cannot be less than zero", optarg); 117 entry->entry_number = entry_number; 118 119 if (argv[optind] == NULL) 120 errx(1, "missing ACL"); 121 entry->acl = acl_from_text(argv[optind]); 122 if (entry->acl == NULL) 123 err(1, "%s", argv[optind]); 124 optind++; 125 entry->op = OP_ADD_ACL; 126 TAILQ_INSERT_TAIL(&entrylist, entry, next); 127 break; 128 case 'b': 129 entry = zmalloc(sizeof(struct sf_entry)); 130 entry->op = OP_REMOVE_EXT; 131 TAILQ_INSERT_TAIL(&entrylist, entry, next); 132 break; 133 case 'd': 134 acl_type = ACL_TYPE_DEFAULT; 135 break; 136 case 'h': 137 h_flag = 1; 138 break; 139 case 'k': 140 entry = zmalloc(sizeof(struct sf_entry)); 141 entry->op = OP_REMOVE_DEF; 142 TAILQ_INSERT_TAIL(&entrylist, entry, next); 143 break; 144 case 'm': 145 entry = zmalloc(sizeof(struct sf_entry)); 146 entry->acl = acl_from_text(optarg); 147 if (entry->acl == NULL) 148 err(1, "%s", optarg); 149 entry->op = OP_MERGE_ACL; 150 TAILQ_INSERT_TAIL(&entrylist, entry, next); 151 break; 152 case 'n': 153 n_flag++; 154 break; 155 case 'x': 156 entry = zmalloc(sizeof(struct sf_entry)); 157 entry_number = strtol(optarg, &end, 10); 158 if (end - optarg == (int)strlen(optarg)) { 159 if (entry_number < 0) 160 errx(1, "%s: entry number cannot be less than zero", optarg); 161 entry->entry_number = entry_number; 162 entry->op = OP_REMOVE_BY_NUMBER; 163 } else { 164 entry->acl = acl_from_text(optarg); 165 if (entry->acl == NULL) 166 err(1, "%s", optarg); 167 entry->op = OP_REMOVE_ACL; 168 } 169 TAILQ_INSERT_TAIL(&entrylist, entry, next); 170 break; 171 default: 172 usage(); 173 break; 174 } 175 argc -= optind; 176 argv += optind; 177 178 if (n_flag == 0 && TAILQ_EMPTY(&entrylist)) 179 usage(); 180 181 /* take list of files from stdin */ 182 if (argc == 0 || strcmp(argv[0], "-") == 0) { 183 if (have_stdin) 184 err(1, "cannot have more than one stdin"); 185 have_stdin = 1; 186 bzero(&filename, sizeof(filename)); 187 while (fgets(filename, (int)sizeof(filename), stdin)) { 188 /* remove the \n */ 189 filename[strlen(filename) - 1] = '\0'; 190 fn_dup = strdup(filename); 191 if (fn_dup == NULL) 192 err(1, "strdup() failed"); 193 add_filename(fn_dup); 194 } 195 } else 196 for (i = 0; i < argc; i++) 197 add_filename(argv[i]); 198 199 /* cycle through each file */ 200 TAILQ_FOREACH(file, &filelist, next) { 201 local_error = 0; 202 203 if (stat(file->filename, &sb) == -1) { 204 warn("%s: stat() failed", file->filename); 205 carried_error++; 206 continue; 207 } 208 209 if (acl_type == ACL_TYPE_DEFAULT && S_ISDIR(sb.st_mode) == 0) { 210 warnx("%s: default ACL may only be set on a directory", 211 file->filename); 212 carried_error++; 213 continue; 214 } 215 216 if (h_flag) 217 ret = lpathconf(file->filename, _PC_ACL_NFS4); 218 else 219 ret = pathconf(file->filename, _PC_ACL_NFS4); 220 if (ret > 0) { 221 if (acl_type == ACL_TYPE_DEFAULT) { 222 warnx("%s: there are no default entries " 223 "in NFSv4 ACLs", file->filename); 224 carried_error++; 225 continue; 226 } 227 acl_type = ACL_TYPE_NFS4; 228 } else if (ret == 0) { 229 if (acl_type == ACL_TYPE_NFS4) 230 acl_type = ACL_TYPE_ACCESS; 231 } else if (ret < 0 && errno != EINVAL) { 232 warn("%s: pathconf(..., _PC_ACL_NFS4) failed", 233 file->filename); 234 } 235 236 if (h_flag) 237 acl = acl_get_link_np(file->filename, acl_type); 238 else 239 acl = acl_get_file(file->filename, acl_type); 240 if (acl == NULL) { 241 if (h_flag) 242 warn("%s: acl_get_link_np() failed", 243 file->filename); 244 else 245 warn("%s: acl_get_file() failed", 246 file->filename); 247 carried_error++; 248 continue; 249 } 250 251 /* cycle through each option */ 252 TAILQ_FOREACH(entry, &entrylist, next) { 253 if (local_error) 254 continue; 255 256 switch(entry->op) { 257 case OP_ADD_ACL: 258 local_error += add_acl(entry->acl, 259 entry->entry_number, &acl, file->filename); 260 break; 261 case OP_MERGE_ACL: 262 local_error += merge_acl(entry->acl, &acl, 263 file->filename); 264 need_mask = 1; 265 break; 266 case OP_REMOVE_EXT: 267 /* 268 * Don't try to call remove_ext() for empty 269 * default ACL. 270 */ 271 if (acl_type == ACL_TYPE_DEFAULT && 272 acl_get_entry(acl, ACL_FIRST_ENTRY, 273 &unused_entry) == 0) { 274 local_error += remove_default(&acl, 275 file->filename); 276 break; 277 } 278 remove_ext(&acl, file->filename); 279 need_mask = 0; 280 break; 281 case OP_REMOVE_DEF: 282 if (acl_type == ACL_TYPE_NFS4) { 283 warnx("%s: there are no default entries in NFSv4 ACLs; " 284 "cannot remove", file->filename); 285 local_error++; 286 break; 287 } 288 if (acl_delete_def_file(file->filename) == -1) { 289 warn("%s: acl_delete_def_file() failed", 290 file->filename); 291 local_error++; 292 } 293 if (acl_type == ACL_TYPE_DEFAULT) 294 local_error += remove_default(&acl, 295 file->filename); 296 need_mask = 0; 297 break; 298 case OP_REMOVE_ACL: 299 local_error += remove_acl(entry->acl, &acl, 300 file->filename); 301 need_mask = 1; 302 break; 303 case OP_REMOVE_BY_NUMBER: 304 local_error += remove_by_number(entry->entry_number, 305 &acl, file->filename); 306 need_mask = 1; 307 break; 308 } 309 } 310 311 /* 312 * Don't try to set an empty default ACL; it will always fail. 313 * Use acl_delete_def_file(3) instead. 314 */ 315 if (acl_type == ACL_TYPE_DEFAULT && 316 acl_get_entry(acl, ACL_FIRST_ENTRY, &unused_entry) == 0) { 317 if (acl_delete_def_file(file->filename) == -1) { 318 warn("%s: acl_delete_def_file() failed", 319 file->filename); 320 carried_error++; 321 } 322 continue; 323 } 324 325 /* don't bother setting the ACL if something is broken */ 326 if (local_error) { 327 carried_error++; 328 continue; 329 } 330 331 if (acl_type != ACL_TYPE_NFS4 && need_mask && 332 set_acl_mask(&acl, file->filename) == -1) { 333 warnx("%s: failed to set ACL mask", file->filename); 334 carried_error++; 335 } else if (h_flag) { 336 if (acl_set_link_np(file->filename, acl_type, 337 acl) == -1) { 338 carried_error++; 339 warn("%s: acl_set_link_np() failed", 340 file->filename); 341 } 342 } else { 343 if (acl_set_file(file->filename, acl_type, 344 acl) == -1) { 345 carried_error++; 346 warn("%s: acl_set_file() failed", 347 file->filename); 348 } 349 } 350 351 acl_free(acl); 352 } 353 354 return (carried_error); 355 } 356