1*5a5eeccaSmarks %{ 2*5a5eeccaSmarks /* 3*5a5eeccaSmarks * CDDL HEADER START 4*5a5eeccaSmarks * 5*5a5eeccaSmarks * The contents of this file are subject to the terms of the 6*5a5eeccaSmarks * Common Development and Distribution License, Version 1.0 only 7*5a5eeccaSmarks * (the "License"). You may not use this file except in compliance 8*5a5eeccaSmarks * with the License. 9*5a5eeccaSmarks * 10*5a5eeccaSmarks * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 11*5a5eeccaSmarks * or http://www.opensolaris.org/os/licensing. 12*5a5eeccaSmarks * See the License for the specific language governing permissions 13*5a5eeccaSmarks * and limitations under the License. 14*5a5eeccaSmarks * 15*5a5eeccaSmarks * When distributing Covered Code, include this CDDL HEADER in each 16*5a5eeccaSmarks * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 17*5a5eeccaSmarks * If applicable, add the following below this CDDL HEADER, with the 18*5a5eeccaSmarks * fields enclosed by brackets "[]" replaced with your own identifying 19*5a5eeccaSmarks * information: Portions Copyright [yyyy] [name of copyright owner] 20*5a5eeccaSmarks * 21*5a5eeccaSmarks * CDDL HEADER END 22*5a5eeccaSmarks * 23*5a5eeccaSmarks * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 24*5a5eeccaSmarks * Use is subject to license terms. 25*5a5eeccaSmarks */ 26*5a5eeccaSmarks 27*5a5eeccaSmarks #pragma ident "%Z%%M% %I% %E% SMI" 28*5a5eeccaSmarks 29*5a5eeccaSmarks #include <sys/acl.h> 30*5a5eeccaSmarks #include <aclutils.h> 31*5a5eeccaSmarks 32*5a5eeccaSmarks extern int yyinteractive; 33*5a5eeccaSmarks extern acl_t *yyacl; 34*5a5eeccaSmarks %} 35*5a5eeccaSmarks 36*5a5eeccaSmarks 37*5a5eeccaSmarks %union { 38*5a5eeccaSmarks char *str; 39*5a5eeccaSmarks int val; 40*5a5eeccaSmarks struct acl_perm_type acl_perm; 41*5a5eeccaSmarks ace_t ace; 42*5a5eeccaSmarks aclent_t aclent; 43*5a5eeccaSmarks acl_t *acl; 44*5a5eeccaSmarks } 45*5a5eeccaSmarks 46*5a5eeccaSmarks 47*5a5eeccaSmarks %token USER_TOK GROUP_TOK MASK_TOK OTHER_TOK OWNERAT_TOK 48*5a5eeccaSmarks %token GROUPAT_TOK EVERYONEAT_TOK DEFAULT_USER_TOK DEFAULT_GROUP_TOK 49*5a5eeccaSmarks %token DEFAULT_MASK_TOK DEFAULT_OTHER_TOK COLON COMMA NL SLASH 50*5a5eeccaSmarks %token <str> IDNAME PERM_TOK INHERIT_TOK 51*5a5eeccaSmarks %token <val> ID ERROR ACE_PERM ACE_INHERIT ENTRY_TYPE ACCESS_TYPE 52*5a5eeccaSmarks 53*5a5eeccaSmarks %type <str> idname 54*5a5eeccaSmarks %type <acl_perm> perms perm aclent_perm ace_perms 55*5a5eeccaSmarks %type <acl> acl_entry 56*5a5eeccaSmarks %type <ace> ace 57*5a5eeccaSmarks %type <aclent> aclent 58*5a5eeccaSmarks %type <val> iflags verbose_iflag compact_iflag access_type id entry_type 59*5a5eeccaSmarks 60*5a5eeccaSmarks %left ERROR COLON 61*5a5eeccaSmarks 62*5a5eeccaSmarks %% 63*5a5eeccaSmarks 64*5a5eeccaSmarks acl: acl_entry NL 65*5a5eeccaSmarks { 66*5a5eeccaSmarks yyacl = $1; 67*5a5eeccaSmarks return (0); 68*5a5eeccaSmarks } 69*5a5eeccaSmarks 70*5a5eeccaSmarks /* This seems illegal, but the old aclfromtext() allows it */ 71*5a5eeccaSmarks | acl_entry COMMA NL 72*5a5eeccaSmarks { 73*5a5eeccaSmarks yyacl = $1; 74*5a5eeccaSmarks return (0); 75*5a5eeccaSmarks } 76*5a5eeccaSmarks | acl_entry COMMA acl 77*5a5eeccaSmarks { 78*5a5eeccaSmarks yyacl = $1; 79*5a5eeccaSmarks return (0); 80*5a5eeccaSmarks } 81*5a5eeccaSmarks 82*5a5eeccaSmarks acl_entry: ace 83*5a5eeccaSmarks { 84*5a5eeccaSmarks ace_t *acep; 85*5a5eeccaSmarks 86*5a5eeccaSmarks if (yyacl == NULL) { 87*5a5eeccaSmarks yyacl = acl_alloc(ACE_T); 88*5a5eeccaSmarks if (yyacl == NULL) 89*5a5eeccaSmarks return (EACL_MEM_ERROR); 90*5a5eeccaSmarks } 91*5a5eeccaSmarks 92*5a5eeccaSmarks $$ = yyacl; 93*5a5eeccaSmarks if ($$->acl_type == ACLENT_T) { 94*5a5eeccaSmarks acl_error(gettext("Cannot have POSIX draft ACL entries" 95*5a5eeccaSmarks " with NFSV4/ZFS ACL entries\n")); 96*5a5eeccaSmarks acl_free(yyacl); 97*5a5eeccaSmarks yyacl = NULL; 98*5a5eeccaSmarks return (EACL_DIFF_TYPE); 99*5a5eeccaSmarks } 100*5a5eeccaSmarks 101*5a5eeccaSmarks $$->acl_aclp = realloc($$->acl_aclp, 102*5a5eeccaSmarks ($$->acl_entry_size * ($$->acl_cnt + 1))); 103*5a5eeccaSmarks if ($$->acl_aclp == NULL) { 104*5a5eeccaSmarks free (yyacl); 105*5a5eeccaSmarks return (EACL_MEM_ERROR); 106*5a5eeccaSmarks } 107*5a5eeccaSmarks acep = $$->acl_aclp; 108*5a5eeccaSmarks acep[$$->acl_cnt] = $1; 109*5a5eeccaSmarks $$->acl_cnt++; 110*5a5eeccaSmarks } 111*5a5eeccaSmarks | aclent 112*5a5eeccaSmarks { 113*5a5eeccaSmarks aclent_t *aclent; 114*5a5eeccaSmarks 115*5a5eeccaSmarks if (yyacl == NULL) { 116*5a5eeccaSmarks yyacl = acl_alloc(ACLENT_T); 117*5a5eeccaSmarks if (yyacl == NULL) 118*5a5eeccaSmarks return (EACL_MEM_ERROR); 119*5a5eeccaSmarks } 120*5a5eeccaSmarks 121*5a5eeccaSmarks $$ = yyacl; 122*5a5eeccaSmarks if ($$->acl_type == ACE_T) { 123*5a5eeccaSmarks acl_error(gettext("Cannot have NFSv4/ZFS ACL entries" 124*5a5eeccaSmarks " with POSIX draft ACL entries\n")); 125*5a5eeccaSmarks acl_free(yyacl); 126*5a5eeccaSmarks yyacl = NULL; 127*5a5eeccaSmarks return (EACL_DIFF_TYPE); 128*5a5eeccaSmarks } 129*5a5eeccaSmarks 130*5a5eeccaSmarks $$->acl_aclp = realloc($$->acl_aclp, 131*5a5eeccaSmarks ($$->acl_entry_size * ($$->acl_cnt +1))); 132*5a5eeccaSmarks if ($$->acl_aclp == NULL) { 133*5a5eeccaSmarks free (yyacl); 134*5a5eeccaSmarks return (EACL_MEM_ERROR); 135*5a5eeccaSmarks } 136*5a5eeccaSmarks aclent = $$->acl_aclp; 137*5a5eeccaSmarks aclent[$$->acl_cnt] = $1; 138*5a5eeccaSmarks $$->acl_cnt++; 139*5a5eeccaSmarks } 140*5a5eeccaSmarks 141*5a5eeccaSmarks ace: entry_type idname ace_perms access_type 142*5a5eeccaSmarks { 143*5a5eeccaSmarks int error; 144*5a5eeccaSmarks int id; 145*5a5eeccaSmarks int mask; 146*5a5eeccaSmarks 147*5a5eeccaSmarks error = get_id($1, $2, &id); 148*5a5eeccaSmarks if (error) { 149*5a5eeccaSmarks acl_error(gettext("Invalid user %s specified\n"), $2); 150*5a5eeccaSmarks free($2); 151*5a5eeccaSmarks return (EACL_INVALID_USER_GROUP); 152*5a5eeccaSmarks } 153*5a5eeccaSmarks 154*5a5eeccaSmarks $$.a_who = id; 155*5a5eeccaSmarks $$.a_flags = ace_entry_type($1); 156*5a5eeccaSmarks free($2); 157*5a5eeccaSmarks error = ace_perm_mask(&$3, &$$.a_access_mask); 158*5a5eeccaSmarks if (error) 159*5a5eeccaSmarks return (error); 160*5a5eeccaSmarks $$.a_type = $4; 161*5a5eeccaSmarks 162*5a5eeccaSmarks } 163*5a5eeccaSmarks | entry_type idname ace_perms access_type COLON id 164*5a5eeccaSmarks { 165*5a5eeccaSmarks int error; 166*5a5eeccaSmarks int id; 167*5a5eeccaSmarks 168*5a5eeccaSmarks if (yyinteractive) { 169*5a5eeccaSmarks acl_error(gettext("Extra fields on the end of " 170*5a5eeccaSmarks "ACL specification\n")); 171*5a5eeccaSmarks return (EACL_UNKNOWN_DATA); 172*5a5eeccaSmarks } 173*5a5eeccaSmarks error = get_id($1, $2, &id); 174*5a5eeccaSmarks if (error) { 175*5a5eeccaSmarks $$.a_who = $6; 176*5a5eeccaSmarks } else { 177*5a5eeccaSmarks $$.a_who = id; 178*5a5eeccaSmarks } 179*5a5eeccaSmarks $$.a_flags = ace_entry_type($1); 180*5a5eeccaSmarks free($2); 181*5a5eeccaSmarks error = ace_perm_mask(&$3, &$$.a_access_mask); 182*5a5eeccaSmarks if (error) 183*5a5eeccaSmarks return (error); 184*5a5eeccaSmarks $$.a_type = $4; 185*5a5eeccaSmarks } 186*5a5eeccaSmarks | entry_type idname ace_perms iflags access_type 187*5a5eeccaSmarks { 188*5a5eeccaSmarks int error; 189*5a5eeccaSmarks int id; 190*5a5eeccaSmarks 191*5a5eeccaSmarks error = get_id($1, $2, &id); 192*5a5eeccaSmarks if (error) { 193*5a5eeccaSmarks acl_error(gettext("Invalid user %s specified\n"), $2); 194*5a5eeccaSmarks free($2); 195*5a5eeccaSmarks return (EACL_INVALID_USER_GROUP); 196*5a5eeccaSmarks } 197*5a5eeccaSmarks 198*5a5eeccaSmarks $$.a_who = id; 199*5a5eeccaSmarks $$.a_flags = ace_entry_type($1); 200*5a5eeccaSmarks free($2); 201*5a5eeccaSmarks error = ace_perm_mask(&$3, &$$.a_access_mask); 202*5a5eeccaSmarks if (error) 203*5a5eeccaSmarks return (error); 204*5a5eeccaSmarks $$.a_type = $5; 205*5a5eeccaSmarks $$.a_flags |= $4; 206*5a5eeccaSmarks } 207*5a5eeccaSmarks | entry_type idname ace_perms iflags access_type COLON id 208*5a5eeccaSmarks { 209*5a5eeccaSmarks int error; 210*5a5eeccaSmarks int id; 211*5a5eeccaSmarks 212*5a5eeccaSmarks if (yyinteractive) { 213*5a5eeccaSmarks acl_error(gettext("Extra fields on the end of " 214*5a5eeccaSmarks "ACL specification\n")); 215*5a5eeccaSmarks return (EACL_UNKNOWN_DATA); 216*5a5eeccaSmarks } 217*5a5eeccaSmarks error = get_id($1, $2, &id); 218*5a5eeccaSmarks if (error) { 219*5a5eeccaSmarks $$.a_who = $7; 220*5a5eeccaSmarks } else { 221*5a5eeccaSmarks $$.a_who = id; 222*5a5eeccaSmarks } 223*5a5eeccaSmarks 224*5a5eeccaSmarks $$.a_flags = ace_entry_type($1); 225*5a5eeccaSmarks free($2); 226*5a5eeccaSmarks error = ace_perm_mask(&$3, &$$.a_access_mask); 227*5a5eeccaSmarks if (error) 228*5a5eeccaSmarks return (error); 229*5a5eeccaSmarks 230*5a5eeccaSmarks $$.a_type = $5; 231*5a5eeccaSmarks $$.a_flags |= $4; 232*5a5eeccaSmarks } 233*5a5eeccaSmarks | entry_type ace_perms access_type 234*5a5eeccaSmarks { 235*5a5eeccaSmarks int error; 236*5a5eeccaSmarks 237*5a5eeccaSmarks $$.a_who = -1; 238*5a5eeccaSmarks $$.a_flags = ace_entry_type($1); 239*5a5eeccaSmarks error = ace_perm_mask(&$2, &$$.a_access_mask); 240*5a5eeccaSmarks if (error) { 241*5a5eeccaSmarks return (error); 242*5a5eeccaSmarks } 243*5a5eeccaSmarks $$.a_type = $3; 244*5a5eeccaSmarks } 245*5a5eeccaSmarks | entry_type ace_perms access_type COLON id 246*5a5eeccaSmarks { 247*5a5eeccaSmarks if (yyinteractive) { 248*5a5eeccaSmarks acl_error(gettext("Extra fields on the end of " 249*5a5eeccaSmarks "ACL specification\n")); 250*5a5eeccaSmarks return (EACL_UNKNOWN_DATA); 251*5a5eeccaSmarks } 252*5a5eeccaSmarks 253*5a5eeccaSmarks return (EACL_ENTRY_ERROR); 254*5a5eeccaSmarks } 255*5a5eeccaSmarks | entry_type ace_perms iflags access_type 256*5a5eeccaSmarks { 257*5a5eeccaSmarks int error; 258*5a5eeccaSmarks 259*5a5eeccaSmarks $$.a_who = -1; 260*5a5eeccaSmarks $$.a_flags = ace_entry_type($1); 261*5a5eeccaSmarks error = ace_perm_mask(&$2, &$$.a_access_mask); 262*5a5eeccaSmarks if (error) 263*5a5eeccaSmarks return (error); 264*5a5eeccaSmarks $$.a_type = $4; 265*5a5eeccaSmarks $$.a_flags |= $3; 266*5a5eeccaSmarks 267*5a5eeccaSmarks } 268*5a5eeccaSmarks | entry_type ace_perms iflags access_type COLON id 269*5a5eeccaSmarks { 270*5a5eeccaSmarks if (yyinteractive) { 271*5a5eeccaSmarks acl_error(gettext("Extra fields on the end of " 272*5a5eeccaSmarks "ACL specification\n")); 273*5a5eeccaSmarks return (EACL_UNKNOWN_DATA); 274*5a5eeccaSmarks } 275*5a5eeccaSmarks return (EACL_ENTRY_ERROR); 276*5a5eeccaSmarks } 277*5a5eeccaSmarks 278*5a5eeccaSmarks aclent: entry_type idname aclent_perm /* user or group */ 279*5a5eeccaSmarks { 280*5a5eeccaSmarks int error; 281*5a5eeccaSmarks int id; 282*5a5eeccaSmarks 283*5a5eeccaSmarks error = get_id($1, $2, &id); 284*5a5eeccaSmarks if (error) { 285*5a5eeccaSmarks acl_error(gettext("Invalid user '%s' specified\n"), 286*5a5eeccaSmarks $2); 287*5a5eeccaSmarks free($2); 288*5a5eeccaSmarks return (EACL_INVALID_USER_GROUP); 289*5a5eeccaSmarks } 290*5a5eeccaSmarks 291*5a5eeccaSmarks error = compute_aclent_perms($3.perm_str, &$$.a_perm); 292*5a5eeccaSmarks if (error) { 293*5a5eeccaSmarks free($2); 294*5a5eeccaSmarks acl_error(gettext( 295*5a5eeccaSmarks "Invalid permission(s) '%s' specified\n"), 296*5a5eeccaSmarks $3.perm_str); 297*5a5eeccaSmarks return (error); 298*5a5eeccaSmarks } 299*5a5eeccaSmarks $$.a_id = id; 300*5a5eeccaSmarks error = aclent_entry_type($1, 0, &$$.a_type); 301*5a5eeccaSmarks free($2); 302*5a5eeccaSmarks if (error) { 303*5a5eeccaSmarks acl_error( 304*5a5eeccaSmarks gettext("Invalid ACL entry type '%s' specified\n"), 305*5a5eeccaSmarks $1); 306*5a5eeccaSmarks return (error); 307*5a5eeccaSmarks } 308*5a5eeccaSmarks } 309*5a5eeccaSmarks | entry_type COLON aclent_perm /* owner group other */ 310*5a5eeccaSmarks { 311*5a5eeccaSmarks int error; 312*5a5eeccaSmarks 313*5a5eeccaSmarks error = compute_aclent_perms($3.perm_str, &$$.a_perm); 314*5a5eeccaSmarks if (error) { 315*5a5eeccaSmarks acl_error(gettext( 316*5a5eeccaSmarks "Invalid permission(s) '%s' specified\n"), 317*5a5eeccaSmarks $3.perm_str); 318*5a5eeccaSmarks return (error); 319*5a5eeccaSmarks } 320*5a5eeccaSmarks $$.a_id = -1; 321*5a5eeccaSmarks error = aclent_entry_type($1, 1, &$$.a_type); 322*5a5eeccaSmarks if (error) { 323*5a5eeccaSmarks acl_error( 324*5a5eeccaSmarks gettext("Invalid ACL entry type '%s' specified\n"), 325*5a5eeccaSmarks $1); 326*5a5eeccaSmarks return (error); 327*5a5eeccaSmarks } 328*5a5eeccaSmarks } 329*5a5eeccaSmarks | entry_type COLON aclent_perm COLON id 330*5a5eeccaSmarks { 331*5a5eeccaSmarks if (yyinteractive) { 332*5a5eeccaSmarks acl_error(gettext("Extra fields on the end of " 333*5a5eeccaSmarks "ACL specification\n")); 334*5a5eeccaSmarks return (EACL_UNKNOWN_DATA); 335*5a5eeccaSmarks } 336*5a5eeccaSmarks return (EACL_ENTRY_ERROR); 337*5a5eeccaSmarks } 338*5a5eeccaSmarks | entry_type idname aclent_perm COLON id /* user or group */ 339*5a5eeccaSmarks { 340*5a5eeccaSmarks int error; 341*5a5eeccaSmarks int id; 342*5a5eeccaSmarks 343*5a5eeccaSmarks if (yyinteractive) { 344*5a5eeccaSmarks acl_error(gettext("Extra fields on the end of " 345*5a5eeccaSmarks "ACL specification\n")); 346*5a5eeccaSmarks return (EACL_UNKNOWN_DATA); 347*5a5eeccaSmarks } 348*5a5eeccaSmarks error = compute_aclent_perms($3.perm_str, &$$.a_perm); 349*5a5eeccaSmarks if (error) { 350*5a5eeccaSmarks free($2); 351*5a5eeccaSmarks acl_error(gettext( 352*5a5eeccaSmarks "Invalid permission(s) '%s' specified\n"), 353*5a5eeccaSmarks $3.perm_str); 354*5a5eeccaSmarks return (error); 355*5a5eeccaSmarks } 356*5a5eeccaSmarks error = get_id($1, $2, &id); 357*5a5eeccaSmarks if (error) 358*5a5eeccaSmarks $$.a_id = $5; 359*5a5eeccaSmarks else 360*5a5eeccaSmarks $$.a_id = id; 361*5a5eeccaSmarks 362*5a5eeccaSmarks error = aclent_entry_type($1, 0, &$$.a_type); 363*5a5eeccaSmarks free($2); 364*5a5eeccaSmarks if (error) { 365*5a5eeccaSmarks acl_error( 366*5a5eeccaSmarks gettext("Invalid ACL entry type '%s' specified\n"), 367*5a5eeccaSmarks $1); 368*5a5eeccaSmarks return (error); 369*5a5eeccaSmarks } 370*5a5eeccaSmarks } 371*5a5eeccaSmarks | entry_type aclent_perm /* mask entry */ 372*5a5eeccaSmarks { 373*5a5eeccaSmarks int error; 374*5a5eeccaSmarks 375*5a5eeccaSmarks error = compute_aclent_perms($2.perm_str, &$$.a_perm); 376*5a5eeccaSmarks if (error) { 377*5a5eeccaSmarks acl_error(gettext( 378*5a5eeccaSmarks "Invalid permission(s) '%s' specified\n"), 379*5a5eeccaSmarks $2.perm_str); 380*5a5eeccaSmarks return (error); 381*5a5eeccaSmarks } 382*5a5eeccaSmarks $$.a_id = -1; 383*5a5eeccaSmarks error = aclent_entry_type($1, 0, &$$.a_type); 384*5a5eeccaSmarks if (error) { 385*5a5eeccaSmarks acl_error( 386*5a5eeccaSmarks gettext("Invalid ACL entry type specified %d\n"), 387*5a5eeccaSmarks error); 388*5a5eeccaSmarks return (error); 389*5a5eeccaSmarks } 390*5a5eeccaSmarks } 391*5a5eeccaSmarks | entry_type aclent_perm COLON id 392*5a5eeccaSmarks { 393*5a5eeccaSmarks if (yyinteractive) { 394*5a5eeccaSmarks acl_error(gettext("Extra fields on the end of " 395*5a5eeccaSmarks "ACL specification\n")); 396*5a5eeccaSmarks return (EACL_UNKNOWN_DATA); 397*5a5eeccaSmarks } 398*5a5eeccaSmarks return (EACL_ENTRY_ERROR); 399*5a5eeccaSmarks } 400*5a5eeccaSmarks 401*5a5eeccaSmarks iflags: compact_iflag COLON {$$ = $1;} 402*5a5eeccaSmarks | verbose_iflag COLON {$$ = $1;} 403*5a5eeccaSmarks | COLON {$$ = 0;} 404*5a5eeccaSmarks 405*5a5eeccaSmarks compact_iflag : INHERIT_TOK 406*5a5eeccaSmarks { 407*5a5eeccaSmarks int error; 408*5a5eeccaSmarks uint32_t iflags; 409*5a5eeccaSmarks 410*5a5eeccaSmarks error = compute_ace_inherit($1, &iflags); 411*5a5eeccaSmarks if (error) { 412*5a5eeccaSmarks acl_error(gettext("Invalid inheritance flags " 413*5a5eeccaSmarks "'%s' specified\n"), $1); 414*5a5eeccaSmarks free($1); 415*5a5eeccaSmarks return (error); 416*5a5eeccaSmarks } 417*5a5eeccaSmarks $$ = iflags; 418*5a5eeccaSmarks } 419*5a5eeccaSmarks | INHERIT_TOK SLASH verbose_iflag 420*5a5eeccaSmarks { 421*5a5eeccaSmarks acl_error(gettext("Can't mix compact inherit flags with" 422*5a5eeccaSmarks " verbose inheritance flags\n")); 423*5a5eeccaSmarks return (EACL_INHERIT_ERROR); 424*5a5eeccaSmarks } 425*5a5eeccaSmarks 426*5a5eeccaSmarks verbose_iflag: ACE_INHERIT {$$ |= $1;} 427*5a5eeccaSmarks | ACE_INHERIT SLASH verbose_iflag {$$ = $1 | $3;} 428*5a5eeccaSmarks | ACE_INHERIT SLASH compact_iflag 429*5a5eeccaSmarks { 430*5a5eeccaSmarks acl_error(gettext("Can't mix verbose inherit flags with" 431*5a5eeccaSmarks " compact inheritance flags\n")); 432*5a5eeccaSmarks return (EACL_INHERIT_ERROR); 433*5a5eeccaSmarks } 434*5a5eeccaSmarks | ACE_INHERIT SLASH ERROR {return ($3);} 435*5a5eeccaSmarks 436*5a5eeccaSmarks aclent_perm: PERM_TOK 437*5a5eeccaSmarks { 438*5a5eeccaSmarks $$.perm_style = PERM_TYPE_UNKNOWN; 439*5a5eeccaSmarks $$.perm_str = $1; 440*5a5eeccaSmarks $$.perm_val = 0; 441*5a5eeccaSmarks } 442*5a5eeccaSmarks | PERM_TOK ERROR 443*5a5eeccaSmarks { 444*5a5eeccaSmarks acl_error(gettext("ACL entry permissions are incorrectly " 445*5a5eeccaSmarks "specified\n")); 446*5a5eeccaSmarks return ($2); 447*5a5eeccaSmarks } 448*5a5eeccaSmarks 449*5a5eeccaSmarks access_type: ACCESS_TYPE { $$ = $1;} 450*5a5eeccaSmarks | ERROR {return ($1);} 451*5a5eeccaSmarks 452*5a5eeccaSmarks id: ID {$$ = $1;} 453*5a5eeccaSmarks | ERROR {return ($1);} 454*5a5eeccaSmarks 455*5a5eeccaSmarks ace_perms: perm {$$ = $1;} 456*5a5eeccaSmarks | aclent_perm COLON {$$ = $1;} 457*5a5eeccaSmarks | ERROR {return ($1);} 458*5a5eeccaSmarks 459*5a5eeccaSmarks perm: perms COLON {$$ = $1;} 460*5a5eeccaSmarks | COLON {$$.perm_style = PERM_TYPE_EMPTY;} 461*5a5eeccaSmarks 462*5a5eeccaSmarks perms: ACE_PERM 463*5a5eeccaSmarks { 464*5a5eeccaSmarks $$.perm_style = PERM_TYPE_ACE; 465*5a5eeccaSmarks $$.perm_val |= $1; 466*5a5eeccaSmarks } 467*5a5eeccaSmarks | ACE_PERM SLASH perms 468*5a5eeccaSmarks { 469*5a5eeccaSmarks $$.perm_style = PERM_TYPE_ACE; 470*5a5eeccaSmarks $$.perm_val = $1 | $3.perm_val; 471*5a5eeccaSmarks } 472*5a5eeccaSmarks | ACE_PERM SLASH aclent_perm 473*5a5eeccaSmarks { 474*5a5eeccaSmarks 475*5a5eeccaSmarks acl_error(gettext("Can't mix verbose permissions with" 476*5a5eeccaSmarks " compact permission\n")); 477*5a5eeccaSmarks return (EACL_PERM_MASK_ERROR); 478*5a5eeccaSmarks 479*5a5eeccaSmarks } 480*5a5eeccaSmarks 481*5a5eeccaSmarks idname: IDNAME {$$ = $1;} 482*5a5eeccaSmarks 483*5a5eeccaSmarks entry_type: ENTRY_TYPE {$$ = $1;} 484*5a5eeccaSmarks | ERROR {return ($1);} 485