15a5eeccaSmarks %{ 25a5eeccaSmarks /* 35a5eeccaSmarks * CDDL HEADER START 45a5eeccaSmarks * 55a5eeccaSmarks * The contents of this file are subject to the terms of the 694d2b9abSmarks * Common Development and Distribution License (the "License"). 794d2b9abSmarks * You may not use this file except in compliance with the License. 85a5eeccaSmarks * 95a5eeccaSmarks * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 105a5eeccaSmarks * or http://www.opensolaris.org/os/licensing. 115a5eeccaSmarks * See the License for the specific language governing permissions 125a5eeccaSmarks * and limitations under the License. 135a5eeccaSmarks * 145a5eeccaSmarks * When distributing Covered Code, include this CDDL HEADER in each 155a5eeccaSmarks * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 165a5eeccaSmarks * If applicable, add the following below this CDDL HEADER, with the 175a5eeccaSmarks * fields enclosed by brackets "[]" replaced with your own identifying 185a5eeccaSmarks * information: Portions Copyright [yyyy] [name of copyright owner] 195a5eeccaSmarks * 205a5eeccaSmarks * CDDL HEADER END 215a5eeccaSmarks * 22b249c65cSmarks * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 235a5eeccaSmarks * Use is subject to license terms. 245a5eeccaSmarks */ 255a5eeccaSmarks 26da6c28aaSamw #include <acl_common.h> 275a5eeccaSmarks #include <aclutils.h> 285a5eeccaSmarks 295a5eeccaSmarks extern int yyinteractive; 305a5eeccaSmarks extern acl_t *yyacl; 315a5eeccaSmarks %} 325a5eeccaSmarks 335a5eeccaSmarks %union { 345a5eeccaSmarks char *str; 355a5eeccaSmarks int val; 365a5eeccaSmarks struct acl_perm_type acl_perm; 375a5eeccaSmarks ace_t ace; 385a5eeccaSmarks aclent_t aclent; 395a5eeccaSmarks acl_t *acl; 405a5eeccaSmarks } 415a5eeccaSmarks 425a5eeccaSmarks 43b249c65cSmarks %token USER_TOK USER_SID_TOK GROUP_TOK GROUP_SID_TOK MASK_TOK OTHER_TOK 44b249c65cSmarks %token OWNERAT_TOK GROUPAT_TOK EVERYONEAT_TOK DEFAULT_USER_TOK 45b249c65cSmarks %token DEFAULT_GROUP_TOK DEFAULT_MASK_TOK DEFAULT_OTHER_TOK 46b249c65cSmarks %token COLON COMMA NL SLASH 47*5f41bf46SMark Shellenbaum %token <str> ID IDNAME PERM_TOK INHERIT_TOK SID 48*5f41bf46SMark Shellenbaum %token <val> ERROR ACE_PERM ACE_INHERIT ENTRY_TYPE ACCESS_TYPE 495a5eeccaSmarks 50*5f41bf46SMark Shellenbaum %type <str> idname id 515a5eeccaSmarks %type <acl_perm> perms perm aclent_perm ace_perms 525a5eeccaSmarks %type <acl> acl_entry 535a5eeccaSmarks %type <ace> ace 545a5eeccaSmarks %type <aclent> aclent 55*5f41bf46SMark Shellenbaum %type <val> iflags verbose_iflag compact_iflag access_type entry_type 565a5eeccaSmarks 575a5eeccaSmarks %left ERROR COLON 585a5eeccaSmarks 595a5eeccaSmarks %% 605a5eeccaSmarks 615a5eeccaSmarks acl: acl_entry NL 625a5eeccaSmarks { 635a5eeccaSmarks yyacl = $1; 645a5eeccaSmarks return (0); 655a5eeccaSmarks } 665a5eeccaSmarks 675a5eeccaSmarks /* This seems illegal, but the old aclfromtext() allows it */ 685a5eeccaSmarks | acl_entry COMMA NL 695a5eeccaSmarks { 705a5eeccaSmarks yyacl = $1; 715a5eeccaSmarks return (0); 725a5eeccaSmarks } 735a5eeccaSmarks | acl_entry COMMA acl 745a5eeccaSmarks { 755a5eeccaSmarks yyacl = $1; 765a5eeccaSmarks return (0); 775a5eeccaSmarks } 785a5eeccaSmarks 795a5eeccaSmarks acl_entry: ace 805a5eeccaSmarks { 815a5eeccaSmarks ace_t *acep; 825a5eeccaSmarks 835a5eeccaSmarks if (yyacl == NULL) { 845a5eeccaSmarks yyacl = acl_alloc(ACE_T); 85ec965100Smarks if (yyacl == NULL) { 86ec965100Smarks yycleanup(); 875a5eeccaSmarks return (EACL_MEM_ERROR); 885a5eeccaSmarks } 89ec965100Smarks } 905a5eeccaSmarks 915a5eeccaSmarks $$ = yyacl; 925a5eeccaSmarks if ($$->acl_type == ACLENT_T) { 935b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 945b233e2dSmarks "Cannot have POSIX draft ACL entries" 9594d2b9abSmarks " with NFSv4/ZFS ACL entries.\n")); 965a5eeccaSmarks acl_free(yyacl); 975a5eeccaSmarks yyacl = NULL; 98ec965100Smarks yycleanup(); 995a5eeccaSmarks return (EACL_DIFF_TYPE); 1005a5eeccaSmarks } 1015a5eeccaSmarks 1025a5eeccaSmarks $$->acl_aclp = realloc($$->acl_aclp, 1035a5eeccaSmarks ($$->acl_entry_size * ($$->acl_cnt + 1))); 1045a5eeccaSmarks if ($$->acl_aclp == NULL) { 1055a5eeccaSmarks free (yyacl); 106ec965100Smarks yycleanup(); 1075a5eeccaSmarks return (EACL_MEM_ERROR); 1085a5eeccaSmarks } 1095a5eeccaSmarks acep = $$->acl_aclp; 1105a5eeccaSmarks acep[$$->acl_cnt] = $1; 1115a5eeccaSmarks $$->acl_cnt++; 112ec965100Smarks yycleanup(); 1135a5eeccaSmarks } 1145a5eeccaSmarks | aclent 1155a5eeccaSmarks { 1165a5eeccaSmarks aclent_t *aclent; 1175a5eeccaSmarks 1185a5eeccaSmarks if (yyacl == NULL) { 1195a5eeccaSmarks yyacl = acl_alloc(ACLENT_T); 120ec965100Smarks if (yyacl == NULL) { 121ec965100Smarks yycleanup(); 1225a5eeccaSmarks return (EACL_MEM_ERROR); 1235a5eeccaSmarks } 124ec965100Smarks } 1255a5eeccaSmarks 1265a5eeccaSmarks $$ = yyacl; 1275a5eeccaSmarks if ($$->acl_type == ACE_T) { 1285b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 1295b233e2dSmarks "Cannot have NFSv4/ZFS ACL entries" 13094d2b9abSmarks " with POSIX draft ACL entries.\n")); 1315a5eeccaSmarks acl_free(yyacl); 1325a5eeccaSmarks yyacl = NULL; 133ec965100Smarks yycleanup(); 1345a5eeccaSmarks return (EACL_DIFF_TYPE); 1355a5eeccaSmarks } 1365a5eeccaSmarks 1375a5eeccaSmarks $$->acl_aclp = realloc($$->acl_aclp, 1385a5eeccaSmarks ($$->acl_entry_size * ($$->acl_cnt +1))); 1395a5eeccaSmarks if ($$->acl_aclp == NULL) { 1405a5eeccaSmarks free (yyacl); 141ec965100Smarks yycleanup(); 1425a5eeccaSmarks return (EACL_MEM_ERROR); 1435a5eeccaSmarks } 1445a5eeccaSmarks aclent = $$->acl_aclp; 1455a5eeccaSmarks aclent[$$->acl_cnt] = $1; 1465a5eeccaSmarks $$->acl_cnt++; 147ec965100Smarks yycleanup(); 1485a5eeccaSmarks } 1495a5eeccaSmarks 1505a5eeccaSmarks ace: entry_type idname ace_perms access_type 1515a5eeccaSmarks { 1525a5eeccaSmarks int error; 153b249c65cSmarks uid_t id; 1545a5eeccaSmarks int mask; 1555a5eeccaSmarks 1565a5eeccaSmarks error = get_id($1, $2, &id); 1575a5eeccaSmarks if (error) { 158b249c65cSmarks bad_entry_type($1, $2); 159ec965100Smarks yycleanup(); 1605a5eeccaSmarks return (EACL_INVALID_USER_GROUP); 1615a5eeccaSmarks } 1625a5eeccaSmarks 1635a5eeccaSmarks $$.a_who = id; 1645a5eeccaSmarks $$.a_flags = ace_entry_type($1); 1655a5eeccaSmarks error = ace_perm_mask(&$3, &$$.a_access_mask); 166ec965100Smarks if (error) { 167ec965100Smarks yycleanup(); 1685a5eeccaSmarks return (error); 169ec965100Smarks } 1705a5eeccaSmarks $$.a_type = $4; 1715a5eeccaSmarks 1725a5eeccaSmarks } 1735a5eeccaSmarks | entry_type idname ace_perms access_type COLON id 1745a5eeccaSmarks { 1755a5eeccaSmarks int error; 176b249c65cSmarks uid_t id; 1775a5eeccaSmarks 1785a5eeccaSmarks if (yyinteractive) { 1795b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 1805b233e2dSmarks "Extra fields on the end of " 18194d2b9abSmarks "ACL specification.\n")); 182ec965100Smarks yycleanup(); 1835a5eeccaSmarks return (EACL_UNKNOWN_DATA); 1845a5eeccaSmarks } 1855a5eeccaSmarks error = get_id($1, $2, &id); 1865a5eeccaSmarks if (error) { 187*5f41bf46SMark Shellenbaum $$.a_who = get_id_nofail($1, $6); 1885a5eeccaSmarks } else { 1895a5eeccaSmarks $$.a_who = id; 1905a5eeccaSmarks } 1915a5eeccaSmarks $$.a_flags = ace_entry_type($1); 1925a5eeccaSmarks error = ace_perm_mask(&$3, &$$.a_access_mask); 193ec965100Smarks if (error) { 194ec965100Smarks yycleanup(); 1955a5eeccaSmarks return (error); 196ec965100Smarks } 1975a5eeccaSmarks $$.a_type = $4; 1985a5eeccaSmarks } 1995a5eeccaSmarks | entry_type idname ace_perms iflags access_type 2005a5eeccaSmarks { 2015a5eeccaSmarks int error; 202b249c65cSmarks uid_t id; 2035a5eeccaSmarks 2045a5eeccaSmarks error = get_id($1, $2, &id); 2055a5eeccaSmarks if (error) { 206b249c65cSmarks bad_entry_type($1, $2); 207ec965100Smarks yycleanup(); 2085a5eeccaSmarks return (EACL_INVALID_USER_GROUP); 2095a5eeccaSmarks } 2105a5eeccaSmarks 2115a5eeccaSmarks $$.a_who = id; 2125a5eeccaSmarks $$.a_flags = ace_entry_type($1); 2135a5eeccaSmarks error = ace_perm_mask(&$3, &$$.a_access_mask); 214ec965100Smarks if (error) { 215ec965100Smarks yycleanup(); 2165a5eeccaSmarks return (error); 217ec965100Smarks } 2185a5eeccaSmarks $$.a_type = $5; 2195a5eeccaSmarks $$.a_flags |= $4; 2205a5eeccaSmarks } 2215a5eeccaSmarks | entry_type idname ace_perms iflags access_type COLON id 2225a5eeccaSmarks { 2235a5eeccaSmarks int error; 224b249c65cSmarks uid_t id; 2255a5eeccaSmarks 2265a5eeccaSmarks if (yyinteractive) { 2275b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 2285b233e2dSmarks "Extra fields on the end of " 22994d2b9abSmarks "ACL specification.\n")); 230ec965100Smarks yycleanup(); 2315a5eeccaSmarks return (EACL_UNKNOWN_DATA); 2325a5eeccaSmarks } 2335a5eeccaSmarks error = get_id($1, $2, &id); 2345a5eeccaSmarks if (error) { 235*5f41bf46SMark Shellenbaum $$.a_who = get_id_nofail($1, $7); 2365a5eeccaSmarks } else { 2375a5eeccaSmarks $$.a_who = id; 2385a5eeccaSmarks } 2395a5eeccaSmarks 2405a5eeccaSmarks $$.a_flags = ace_entry_type($1); 2415a5eeccaSmarks error = ace_perm_mask(&$3, &$$.a_access_mask); 242ec965100Smarks if (error) { 243ec965100Smarks yycleanup(); 2445a5eeccaSmarks return (error); 245ec965100Smarks } 2465a5eeccaSmarks 2475a5eeccaSmarks $$.a_type = $5; 2485a5eeccaSmarks $$.a_flags |= $4; 2495a5eeccaSmarks } 2505a5eeccaSmarks | entry_type ace_perms access_type 2515a5eeccaSmarks { 2525a5eeccaSmarks int error; 2535a5eeccaSmarks 2545a5eeccaSmarks $$.a_who = -1; 2555a5eeccaSmarks $$.a_flags = ace_entry_type($1); 2565a5eeccaSmarks error = ace_perm_mask(&$2, &$$.a_access_mask); 2575a5eeccaSmarks if (error) { 258ec965100Smarks yycleanup(); 2595a5eeccaSmarks return (error); 2605a5eeccaSmarks } 2615a5eeccaSmarks $$.a_type = $3; 2625a5eeccaSmarks } 2635a5eeccaSmarks | entry_type ace_perms access_type COLON id 2645a5eeccaSmarks { 265ec965100Smarks yycleanup(); 2665a5eeccaSmarks if (yyinteractive) { 2675b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 2685b233e2dSmarks "Extra fields on the end of " 26994d2b9abSmarks "ACL specification.\n")); 2705a5eeccaSmarks return (EACL_UNKNOWN_DATA); 2715a5eeccaSmarks } 2725a5eeccaSmarks 2735a5eeccaSmarks return (EACL_ENTRY_ERROR); 2745a5eeccaSmarks } 2755a5eeccaSmarks | entry_type ace_perms iflags access_type 2765a5eeccaSmarks { 2775a5eeccaSmarks int error; 2785a5eeccaSmarks 2795a5eeccaSmarks $$.a_who = -1; 2805a5eeccaSmarks $$.a_flags = ace_entry_type($1); 2815a5eeccaSmarks error = ace_perm_mask(&$2, &$$.a_access_mask); 282ec965100Smarks if (error) { 283ec965100Smarks yycleanup(); 2845a5eeccaSmarks return (error); 285ec965100Smarks } 2865a5eeccaSmarks $$.a_type = $4; 2875a5eeccaSmarks $$.a_flags |= $3; 2885a5eeccaSmarks 2895a5eeccaSmarks } 2905a5eeccaSmarks | entry_type ace_perms iflags access_type COLON id 2915a5eeccaSmarks { 292ec965100Smarks yycleanup(); 2935a5eeccaSmarks if (yyinteractive) { 2945b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 2955b233e2dSmarks "Extra fields on the end of " 29694d2b9abSmarks "ACL specification.\n")); 2975a5eeccaSmarks return (EACL_UNKNOWN_DATA); 2985a5eeccaSmarks } 2995a5eeccaSmarks return (EACL_ENTRY_ERROR); 3005a5eeccaSmarks } 3015a5eeccaSmarks 3025a5eeccaSmarks aclent: entry_type idname aclent_perm /* user or group */ 3035a5eeccaSmarks { 3045a5eeccaSmarks int error; 305b249c65cSmarks uid_t id; 3065a5eeccaSmarks 3075a5eeccaSmarks error = get_id($1, $2, &id); 3085a5eeccaSmarks if (error) { 309b249c65cSmarks bad_entry_type($1, $2); 310ec965100Smarks yycleanup(); 3115a5eeccaSmarks return (EACL_INVALID_USER_GROUP); 3125a5eeccaSmarks } 3135a5eeccaSmarks 3145a5eeccaSmarks error = compute_aclent_perms($3.perm_str, &$$.a_perm); 3155a5eeccaSmarks if (error) { 3165b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 31794d2b9abSmarks "Invalid permission(s) '%s' specified.\n"), 3185a5eeccaSmarks $3.perm_str); 319ec965100Smarks yycleanup(); 3205a5eeccaSmarks return (error); 3215a5eeccaSmarks } 3225a5eeccaSmarks $$.a_id = id; 3235a5eeccaSmarks error = aclent_entry_type($1, 0, &$$.a_type); 3245a5eeccaSmarks if (error) { 3255a5eeccaSmarks acl_error( 3265b233e2dSmarks dgettext(TEXT_DOMAIN, 3275b233e2dSmarks "Invalid ACL entry type '%s' specified.\n"), $1); 328ec965100Smarks yycleanup(); 3295a5eeccaSmarks return (error); 3305a5eeccaSmarks } 3315a5eeccaSmarks } 3325a5eeccaSmarks | entry_type COLON aclent_perm /* owner group other */ 3335a5eeccaSmarks { 3345a5eeccaSmarks int error; 3355a5eeccaSmarks 3365a5eeccaSmarks error = compute_aclent_perms($3.perm_str, &$$.a_perm); 3375a5eeccaSmarks if (error) { 3385b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 33994d2b9abSmarks "Invalid permission(s) '%s' specified.\n"), 3405a5eeccaSmarks $3.perm_str); 341ec965100Smarks yycleanup(); 3425a5eeccaSmarks return (error); 3435a5eeccaSmarks } 3445a5eeccaSmarks $$.a_id = -1; 3455a5eeccaSmarks error = aclent_entry_type($1, 1, &$$.a_type); 3465a5eeccaSmarks if (error) { 3475a5eeccaSmarks acl_error( 3485b233e2dSmarks dgettext(TEXT_DOMAIN, 3495b233e2dSmarks "Invalid ACL entry type '%s' specified.\n"), $1); 350ec965100Smarks yycleanup(); 3515a5eeccaSmarks return (error); 3525a5eeccaSmarks } 3535a5eeccaSmarks } 3545a5eeccaSmarks | entry_type COLON aclent_perm COLON id 3555a5eeccaSmarks { 356ec965100Smarks yycleanup(); 3575a5eeccaSmarks if (yyinteractive) { 3585b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 3595b233e2dSmarks "Extra fields on the end of ACL specification.\n")); 3605a5eeccaSmarks return (EACL_UNKNOWN_DATA); 3615a5eeccaSmarks } 3625a5eeccaSmarks return (EACL_ENTRY_ERROR); 3635a5eeccaSmarks } 3645a5eeccaSmarks | entry_type idname aclent_perm COLON id /* user or group */ 3655a5eeccaSmarks { 3665a5eeccaSmarks int error; 367b249c65cSmarks uid_t id; 3685a5eeccaSmarks 3695a5eeccaSmarks if (yyinteractive) { 3705b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 3715b233e2dSmarks "Extra fields on the end of ACL specification.\n")); 372ec965100Smarks yycleanup(); 3735a5eeccaSmarks return (EACL_UNKNOWN_DATA); 3745a5eeccaSmarks } 3755a5eeccaSmarks error = compute_aclent_perms($3.perm_str, &$$.a_perm); 3765a5eeccaSmarks if (error) { 3775b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 37894d2b9abSmarks "Invalid permission(s) '%s' specified.\n"), 3795a5eeccaSmarks $3.perm_str); 380ec965100Smarks yycleanup(); 3815a5eeccaSmarks return (error); 3825a5eeccaSmarks } 3835a5eeccaSmarks error = get_id($1, $2, &id); 384*5f41bf46SMark Shellenbaum if (error) { 385*5f41bf46SMark Shellenbaum $$.a_id = get_id_nofail($1, $5); 386*5f41bf46SMark Shellenbaum } else 3875a5eeccaSmarks $$.a_id = id; 3885a5eeccaSmarks 3895a5eeccaSmarks error = aclent_entry_type($1, 0, &$$.a_type); 3905a5eeccaSmarks if (error) { 3915a5eeccaSmarks acl_error( 3925b233e2dSmarks dgettext(TEXT_DOMAIN, 3935b233e2dSmarks "Invalid ACL entry type '%s' specified.\n"), $1); 394ec965100Smarks yycleanup(); 3955a5eeccaSmarks return (error); 3965a5eeccaSmarks } 3975a5eeccaSmarks } 3985a5eeccaSmarks | entry_type aclent_perm /* mask entry */ 3995a5eeccaSmarks { 4005a5eeccaSmarks int error; 4015a5eeccaSmarks 4025a5eeccaSmarks error = compute_aclent_perms($2.perm_str, &$$.a_perm); 4035a5eeccaSmarks if (error) { 4045b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 40594d2b9abSmarks "Invalid permission(s) '%s' specified.\n"), 4065a5eeccaSmarks $2.perm_str); 407ec965100Smarks yycleanup(); 4085a5eeccaSmarks return (error); 4095a5eeccaSmarks } 4105a5eeccaSmarks $$.a_id = -1; 4115a5eeccaSmarks error = aclent_entry_type($1, 0, &$$.a_type); 4125a5eeccaSmarks if (error) { 4135a5eeccaSmarks acl_error( 4145b233e2dSmarks dgettext(TEXT_DOMAIN, 4155b233e2dSmarks "Invalid ACL entry type specified %d.\n"), 4165a5eeccaSmarks error); 417ec965100Smarks yycleanup(); 4185a5eeccaSmarks return (error); 4195a5eeccaSmarks } 4205a5eeccaSmarks } 4215a5eeccaSmarks | entry_type aclent_perm COLON id 4225a5eeccaSmarks { 423ec965100Smarks yycleanup(); 4245a5eeccaSmarks if (yyinteractive) { 4255b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 4265b233e2dSmarks "Extra fields on the end of ACL specification.\n")); 4275a5eeccaSmarks return (EACL_UNKNOWN_DATA); 4285a5eeccaSmarks } 4295a5eeccaSmarks return (EACL_ENTRY_ERROR); 4305a5eeccaSmarks } 4315a5eeccaSmarks 4325a5eeccaSmarks iflags: compact_iflag COLON {$$ = $1;} 4335a5eeccaSmarks | verbose_iflag COLON {$$ = $1;} 4345a5eeccaSmarks | COLON {$$ = 0;} 4355a5eeccaSmarks 4365a5eeccaSmarks compact_iflag : INHERIT_TOK 4375a5eeccaSmarks { 4385a5eeccaSmarks int error; 4395a5eeccaSmarks uint32_t iflags; 4405a5eeccaSmarks 4415a5eeccaSmarks error = compute_ace_inherit($1, &iflags); 4425a5eeccaSmarks if (error) { 4435b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 4445b233e2dSmarks "Invalid inheritance flags '%s' specified.\n"), $1); 445ec965100Smarks yycleanup(); 4465a5eeccaSmarks return (error); 4475a5eeccaSmarks } 4485a5eeccaSmarks $$ = iflags; 4495a5eeccaSmarks } 4505a5eeccaSmarks | INHERIT_TOK SLASH verbose_iflag 4515a5eeccaSmarks { 4525b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 4535b233e2dSmarks "Can't mix compact inherit flags with" 45494d2b9abSmarks " verbose inheritance flags.\n")); 455ec965100Smarks yycleanup(); 4565a5eeccaSmarks return (EACL_INHERIT_ERROR); 4575a5eeccaSmarks } 4585a5eeccaSmarks 4595a5eeccaSmarks verbose_iflag: ACE_INHERIT {$$ |= $1;} 4605a5eeccaSmarks | ACE_INHERIT SLASH verbose_iflag {$$ = $1 | $3;} 4615a5eeccaSmarks | ACE_INHERIT SLASH compact_iflag 4625a5eeccaSmarks { 4635b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 4645b233e2dSmarks "Can't mix verbose inherit flags with" 46594d2b9abSmarks " compact inheritance flags.\n")); 466ec965100Smarks yycleanup(); 46794d2b9abSmarks return (EACL_INHERIT_ERROR); 46894d2b9abSmarks } 46994d2b9abSmarks | ACE_INHERIT SLASH ACCESS_TYPE 47094d2b9abSmarks { 4715b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 4725b233e2dSmarks "Inheritance flags can't be mixed with access type.\n")); 473ec965100Smarks yycleanup(); 4745a5eeccaSmarks return (EACL_INHERIT_ERROR); 4755a5eeccaSmarks } 476ec965100Smarks | ACE_INHERIT SLASH ERROR 477ec965100Smarks { 478ec965100Smarks yycleanup(); 479ec965100Smarks return ($3); 480ec965100Smarks } 4815a5eeccaSmarks 4825a5eeccaSmarks aclent_perm: PERM_TOK 4835a5eeccaSmarks { 4845a5eeccaSmarks $$.perm_style = PERM_TYPE_UNKNOWN; 4855a5eeccaSmarks $$.perm_str = $1; 4865a5eeccaSmarks $$.perm_val = 0; 4875a5eeccaSmarks } 4885a5eeccaSmarks | PERM_TOK ERROR 4895a5eeccaSmarks { 4905b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 4915b233e2dSmarks "ACL entry permissions are incorrectly specified.\n")); 492ec965100Smarks yycleanup(); 4935a5eeccaSmarks return ($2); 4945a5eeccaSmarks } 4955a5eeccaSmarks 4965a5eeccaSmarks access_type: ACCESS_TYPE {$$ = $1;} 497ec965100Smarks | ERROR 498ec965100Smarks { 499ec965100Smarks yycleanup(); 500ec965100Smarks return ($1); 501ec965100Smarks } 5025a5eeccaSmarks 5035a5eeccaSmarks id: ID {$$ = $1;} 504*5f41bf46SMark Shellenbaum | SID {$$ = $1;} 50594d2b9abSmarks | COLON 50694d2b9abSmarks { 5075b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 5085b233e2dSmarks "Invalid uid/gid specified.\nThe field" 50994d2b9abSmarks " should be a numeric value.\n")); 510ec965100Smarks yycleanup(); 51194d2b9abSmarks return (EACL_UNKNOWN_DATA); 51294d2b9abSmarks } 513ec965100Smarks | ERROR 514ec965100Smarks { 515ec965100Smarks yycleanup(); 516ec965100Smarks return ($1); 517ec965100Smarks } 5185a5eeccaSmarks 5195a5eeccaSmarks ace_perms: perm {$$ = $1;} 5205a5eeccaSmarks | aclent_perm COLON {$$ = $1;} 521ec965100Smarks | ERROR 522ec965100Smarks { 523ec965100Smarks yycleanup(); 524ec965100Smarks return ($1); 525ec965100Smarks } 5265a5eeccaSmarks 5275a5eeccaSmarks perm: perms COLON {$$ = $1;} 5285a5eeccaSmarks | COLON {$$.perm_style = PERM_TYPE_EMPTY;} 5295a5eeccaSmarks 5305a5eeccaSmarks perms: ACE_PERM 5315a5eeccaSmarks { 5325a5eeccaSmarks $$.perm_style = PERM_TYPE_ACE; 5335a5eeccaSmarks $$.perm_val |= $1; 5345a5eeccaSmarks } 5355a5eeccaSmarks | ACE_PERM SLASH perms 5365a5eeccaSmarks { 5375a5eeccaSmarks $$.perm_style = PERM_TYPE_ACE; 5385a5eeccaSmarks $$.perm_val = $1 | $3.perm_val; 5395a5eeccaSmarks } 5405a5eeccaSmarks | ACE_PERM SLASH aclent_perm 5415a5eeccaSmarks { 5425a5eeccaSmarks 5435b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 5445b233e2dSmarks "Can't mix verbose permissions with" 54594d2b9abSmarks " compact permission.\n")); 546ec965100Smarks yycleanup(); 5475a5eeccaSmarks return (EACL_PERM_MASK_ERROR); 5485a5eeccaSmarks 5495a5eeccaSmarks } 550ec965100Smarks | ACE_PERM SLASH ERROR 551ec965100Smarks { 552ec965100Smarks yycleanup(); 553ec965100Smarks return ($3); 554ec965100Smarks } 55594d2b9abSmarks 5565a5eeccaSmarks 5575a5eeccaSmarks idname: IDNAME {$$ = $1;} 5585a5eeccaSmarks 5595a5eeccaSmarks entry_type: ENTRY_TYPE {$$ = $1;} 560ec965100Smarks | ERROR 561ec965100Smarks { 562ec965100Smarks yycleanup(); 563ec965100Smarks return ($1); 564ec965100Smarks } 565b249c65cSmarks 566b249c65cSmarks %% 567b249c65cSmarks static void 568b249c65cSmarks bad_entry_type(int toketype, char *str) 569b249c65cSmarks { 570b249c65cSmarks switch(toketype) { 571b249c65cSmarks case USER_TOK: 572b249c65cSmarks case DEFAULT_USER_TOK: 573b249c65cSmarks acl_error(dgettext(TEXT_DOMAIN, 574b249c65cSmarks "Invalid user %s specified.\n"), str); 575b249c65cSmarks break; 576b249c65cSmarks 577b249c65cSmarks case GROUP_TOK: 578b249c65cSmarks case DEFAULT_GROUP_TOK: 579b249c65cSmarks acl_error(dgettext(TEXT_DOMAIN, 580b249c65cSmarks "Invalid group %s specified.\n"), str); 581b249c65cSmarks break; 582b249c65cSmarks 583b249c65cSmarks case USER_SID_TOK: 584b249c65cSmarks acl_error(dgettext(TEXT_DOMAIN, 585b249c65cSmarks "Invalid user SID %s specified.\n"), str); 586b249c65cSmarks break; 587b249c65cSmarks 588b249c65cSmarks case GROUP_SID_TOK: 589b249c65cSmarks acl_error(dgettext(TEXT_DOMAIN, 590b249c65cSmarks "Invalid group SID %s specified.\n"), str); 591b249c65cSmarks } 592b249c65cSmarks 593b249c65cSmarks } 594