1 /*-
2 * Copyright (c) 1999 Robert N. M. Watson
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 *$FreeBSD: src/lib/libposix1e/acl_from_text.c,v 1.1 2000/01/15 19:44:24 rwatson Exp $
27 *$DragonFly: src/lib/libposix1e/acl_from_text.c,v 1.3 2005/08/04 17:27:09 drhodus Exp $
28 */
29 /*
30 * acl_from_text: convert a text-form ACL from a string to an acl_t
31 */
32
33 #include <sys/types.h>
34 #include <sys/acl.h>
35 #include <sys/errno.h>
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <string.h>
39
40 #include "acl_support.h"
41
42 enum PARSE_MODE {
43 PM_BASE, /* initial, begin line, or after , */
44 PM_QUALIFIER, /* in qualifier field */
45 PM_PERM, /* in permission field */
46 PM_COMMENT, /* in comment */
47 };
48
49 static char *
string_skip_whitespace(char * string)50 string_skip_whitespace(char *string)
51 {
52
53 while (*string && ((*string == ' ') || (*string == '\t'))) {
54 string++;
55 }
56 return (string);
57 }
58
59 static void
string_trim_trailing_whitespace(char * string)60 string_trim_trailing_whitespace(char *string)
61 {
62 char *end;
63
64 if (*string == '\0')
65 return;
66
67 end = string + strlen(string) - 1;
68
69 while (end != string) {
70 if ((*end == ' ') || (*end == '\t')) {
71 *end = '\0';
72 end--;
73 } else {
74 return;
75 }
76 }
77
78 return;
79 }
80
81 acl_tag_t
acl_string_to_tag(char * tag,char * qualifier)82 acl_string_to_tag(char *tag, char *qualifier)
83 {
84
85 if (*qualifier == '\0') {
86 if ((!strcmp(tag, "user")) || (!strcmp(tag, "u"))) {
87 return (ACL_USER_OBJ);
88 } else
89 if ((!strcmp(tag, "group")) || (!strcmp(tag, "g"))) {
90 return (ACL_GROUP_OBJ);
91 } else
92 if ((!strcmp(tag, "mask")) || (!strcmp(tag, "m"))) {
93 return (ACL_MASK);
94 } else
95 if ((!strcmp(tag, "other")) || (!strcmp(tag, "o"))) {
96 return (ACL_OTHER);
97 } else
98 return(-1);
99 } else {
100 if ((!strcmp(tag, "user")) || (!strcmp(tag, "u"))) {
101 return(ACL_USER);
102 } else
103 if ((!strcmp(tag, "group")) || (!strcmp(tag, "g"))) {
104 return(ACL_GROUP);
105 } else
106 return(-1);
107 }
108 }
109
110 /*
111 * acl_from_text -- convert a string into an ACL
112 * postpone most validity checking until the end and cal acl_valid to do
113 * that.
114 */
115 acl_t
acl_from_text(const char * buf_p)116 acl_from_text(const char *buf_p)
117 {
118 acl_tag_t t;
119 acl_perm_t p;
120 acl_t acl;
121 uid_t id;
122 char *mybuf_p, *line, *cur, *notcomment, *comment, *entry;
123 char *tag, *qualifier, *permission;
124 int error;
125
126 /* local copy we can mess up */
127 mybuf_p = strdup(buf_p);
128 if (!mybuf_p) {
129 errno = ENOMEM;
130 return(0);
131 }
132
133 acl = acl_init(3);
134 if (!acl) {
135 free(mybuf_p);
136 errno = ENOMEM;
137 return(0);
138 }
139
140 /* outer loop: delimit at \n boundaries */
141 cur = mybuf_p;
142 while ((line = strsep(&cur, "\n"))) {
143 /* now split the line on the first # to strip out comments */
144 comment = line;
145 notcomment = strsep(&comment, "#");
146
147 /* inner loop: delimit at , boundaries */
148 while ((entry = strsep(¬comment, ","))) {
149 /* now split into three :-delimited fields */
150 tag = strsep(&entry, ":");
151 if (!tag) {
152 /* printf("no tag\n"); */
153 errno = EINVAL;
154 goto error_label;
155 }
156 tag = string_skip_whitespace(tag);
157 if ((*tag == '\0') && (!entry)) {
158 /*
159 * is an entirely comment line, skip to next
160 * comma
161 */
162 continue;
163 }
164 string_trim_trailing_whitespace(tag);
165
166 qualifier = strsep(&entry, ":");
167 if (!qualifier) {
168 /* printf("no qualifier\n"); */
169 errno = EINVAL;
170 goto error_label;
171 }
172 qualifier = string_skip_whitespace(qualifier);
173 string_trim_trailing_whitespace(qualifier);
174
175 permission = strsep(&entry, ":");
176 if ((!permission) || (entry)) {
177 /* printf("no permission, or more stuff\n"); */
178 errno = EINVAL;
179 goto error_label;
180 }
181 permission = string_skip_whitespace(permission);
182 string_trim_trailing_whitespace(permission);
183
184 /* printf("[%s/%s/%s]\n", tag, qualifier,
185 permission); */
186
187 t = acl_string_to_tag(tag, qualifier);
188 if (t == -1) {
189 errno = EINVAL;
190 goto error_label;
191 }
192
193 error = acl_string_to_perm(permission, &p);
194 if (error == -1) {
195 errno = EINVAL;
196 goto error_label;
197 }
198
199 switch(t) {
200 case ACL_USER_OBJ:
201 case ACL_GROUP_OBJ:
202 case ACL_MASK:
203 case ACL_OTHER:
204 if (*qualifier != '\0') {
205 errno = EINVAL;
206 goto error_label;
207 }
208 id = 0;
209 break;
210
211 case ACL_USER:
212 case ACL_GROUP:
213 error = acl_name_to_id(t, qualifier, &id);
214 if (error == -1)
215 goto error_label;
216 break;
217
218 default:
219 errno = EINVAL;
220 goto error_label;
221 }
222
223 error = acl_add_entry(acl, t, id, p);
224 if (error == -1)
225 goto error_label;
226 }
227 }
228
229 #if 0
230 /* XXX should we only return ACLs valid according to acl_valid? */
231 /* verify validity of the ACL we read in */
232 if (acl_valid(acl) == -1) {
233 errno = EINVAL;
234 goto error_label;
235 }
236 #endif
237
238 return(acl);
239
240 error_label:
241 acl_free(acl);
242 free(mybuf_p);
243 return(0);
244 }
245
246
247
248