1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3 *
4 * Copyright (c) 1999, 2000, 2001 Robert N. M. Watson
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28 /*
29 * acl_from_text: Convert a text-form ACL from a string to an acl_t.
30 */
31
32 #include <sys/cdefs.h>
33 #if 0
34 __FBSDID("$FreeBSD: head/lib/libc/posix1e/acl_from_text.c 326193 2017-11-25 17:12:48Z pfg $");
35 #else
36 __RCSID("$NetBSD: acl_from_text.c,v 1.2 2024/01/20 14:52:48 christos Exp $");
37 #endif
38
39 #include "namespace.h"
40 #include <sys/types.h>
41 #include <sys/acl.h>
42 #include <errno.h>
43 #include <grp.h>
44 #include <pwd.h>
45 #include <stdio.h>
46 #include <stdlib.h>
47 #include <string.h>
48 #include <assert.h>
49
50 #include "acl_support.h"
51
52 static acl_tag_t acl_string_to_tag(char *tag, char *qualifier);
53
54 static acl_tag_t
acl_string_to_tag(char * tag,char * qualifier)55 acl_string_to_tag(char *tag, char *qualifier)
56 {
57
58 if (*qualifier == '\0') {
59 if ((!strcmp(tag, "user")) || (!strcmp(tag, "u"))) {
60 return (ACL_USER_OBJ);
61 } else
62 if ((!strcmp(tag, "group")) || (!strcmp(tag, "g"))) {
63 return (ACL_GROUP_OBJ);
64 } else
65 if ((!strcmp(tag, "mask")) || (!strcmp(tag, "m"))) {
66 return (ACL_MASK);
67 } else
68 if ((!strcmp(tag, "other")) || (!strcmp(tag, "o"))) {
69 return (ACL_OTHER);
70 } else
71 return((acl_tag_t)-1);
72 } else {
73 if ((!strcmp(tag, "user")) || (!strcmp(tag, "u"))) {
74 return(ACL_USER);
75 } else
76 if ((!strcmp(tag, "group")) || (!strcmp(tag, "g"))) {
77 return(ACL_GROUP);
78 } else
79 return((acl_tag_t)-1);
80 }
81 }
82
83 static int
_posix1e_acl_entry_from_text(acl_t aclp,char * entry)84 _posix1e_acl_entry_from_text(acl_t aclp, char *entry)
85 {
86 acl_tag_t t;
87 acl_perm_t p;
88 char *tag, *qualifier, *permission;
89 uid_t id;
90 int error;
91
92 assert(_acl_brand(aclp) == ACL_BRAND_POSIX);
93
94 /* Split into three ':' delimited fields. */
95 tag = strsep(&entry, ":");
96 if (tag == NULL) {
97 errno = EINVAL;
98 return (-1);
99 }
100 tag = string_skip_whitespace(tag);
101 if ((*tag == '\0') && (!entry)) {
102 /*
103 * Is an entirely comment line, skip to next
104 * comma.
105 */
106 return (0);
107 }
108 string_trim_trailing_whitespace(tag);
109
110 qualifier = strsep(&entry, ":");
111 if (qualifier == NULL) {
112 errno = EINVAL;
113 return (-1);
114 }
115 qualifier = string_skip_whitespace(qualifier);
116 string_trim_trailing_whitespace(qualifier);
117
118 permission = strsep(&entry, ":");
119 if (permission == NULL || entry) {
120 errno = EINVAL;
121 return (-1);
122 }
123 permission = string_skip_whitespace(permission);
124 string_trim_trailing_whitespace(permission);
125
126 t = acl_string_to_tag(tag, qualifier);
127 if (t == (acl_tag_t)-1) {
128 errno = EINVAL;
129 return (-1);
130 }
131
132 error = _posix1e_acl_string_to_perm(permission, &p);
133 if (error == -1) {
134 errno = EINVAL;
135 return (-1);
136 }
137
138 switch(t) {
139 case ACL_USER_OBJ:
140 case ACL_GROUP_OBJ:
141 case ACL_MASK:
142 case ACL_OTHER:
143 if (*qualifier != '\0') {
144 errno = EINVAL;
145 return (-1);
146 }
147 id = 0;
148 break;
149
150 case ACL_USER:
151 case ACL_GROUP:
152 error = _acl_name_to_id(t, qualifier, &id);
153 if (error == -1)
154 return (-1);
155 break;
156
157 default:
158 errno = EINVAL;
159 return (-1);
160 }
161
162 error = _posix1e_acl_add_entry(aclp, t, id, p);
163 if (error == -1)
164 return (-1);
165
166 return (0);
167 }
168
169 static int
_text_is_nfs4_entry(const char * entry)170 _text_is_nfs4_entry(const char *entry)
171 {
172 int count = 0;
173
174 assert(strlen(entry) > 0);
175
176 while (*entry != '\0') {
177 if (*entry == ':' || *entry == '@')
178 count++;
179 entry++;
180 }
181
182 if (count <= 2)
183 return (0);
184
185 return (1);
186 }
187
188 /*
189 * acl_from_text -- Convert a string into an ACL.
190 * Postpone most validity checking until the end and call acl_valid() to do
191 * that.
192 */
193 acl_t
acl_from_text(const char * buf_p)194 acl_from_text(const char *buf_p)
195 {
196 acl_t acl;
197 char *mybuf_p, *line, *cur, *notcomment, *comment, *entry;
198 int error;
199
200 /* Local copy we can mess up. */
201 mybuf_p = strdup(buf_p);
202 if (mybuf_p == NULL)
203 return(NULL);
204
205 acl = acl_init(3); /* XXX: WTF, 3? */
206 if (acl == NULL) {
207 free(mybuf_p);
208 return(NULL);
209 }
210
211 /* Outer loop: delimit at \n boundaries. */
212 cur = mybuf_p;
213 while ((line = strsep(&cur, "\n"))) {
214 /* Now split the line on the first # to strip out comments. */
215 comment = line;
216 notcomment = strsep(&comment, "#");
217
218 /* Inner loop: delimit at ',' boundaries. */
219 while ((entry = strsep(¬comment, ","))) {
220
221 /* Skip empty lines. */
222 if (strlen(string_skip_whitespace(entry)) == 0)
223 continue;
224
225 if (_acl_brand(acl) == ACL_BRAND_UNKNOWN) {
226 if (_text_is_nfs4_entry(entry))
227 _acl_brand_as(acl, ACL_BRAND_NFS4);
228 else
229 _acl_brand_as(acl, ACL_BRAND_POSIX);
230 }
231
232 switch (_acl_brand(acl)) {
233 case ACL_BRAND_NFS4:
234 error = _nfs4_acl_entry_from_text(acl, entry);
235 break;
236
237 case ACL_BRAND_POSIX:
238 error = _posix1e_acl_entry_from_text(acl, entry);
239 break;
240
241 default:
242 error = EINVAL;
243 break;
244 }
245
246 if (error)
247 goto error_label;
248 }
249 }
250
251 #if 0
252 /* XXX Should we only return ACLs valid according to acl_valid? */
253 /* Verify validity of the ACL we read in. */
254 if (acl_valid(acl) == -1) {
255 errno = EINVAL;
256 goto error_label;
257 }
258 #endif
259
260 free(mybuf_p);
261 return(acl);
262
263 error_label:
264 acl_free(acl);
265 free(mybuf_p);
266 return(NULL);
267 }
268
269 /*
270 * Given a username/groupname from a text form of an ACL, return the uid/gid
271 * XXX NOT THREAD SAFE, RELIES ON GETPWNAM, GETGRNAM
272 * XXX USES *PW* AND *GR* WHICH ARE STATEFUL AND THEREFORE THIS ROUTINE
273 * MAY HAVE SIDE-EFFECTS
274 */
275 int
_acl_name_to_id(acl_tag_t tag,char * name,uid_t * id)276 _acl_name_to_id(acl_tag_t tag, char *name, uid_t *id)
277 {
278 struct group *g;
279 struct passwd *p;
280 unsigned long l;
281 char *endp;
282
283 switch(tag) {
284 case ACL_USER:
285 p = getpwnam(name);
286 if (p == NULL) {
287 l = strtoul(name, &endp, 0);
288 if (*endp != '\0' || l != (unsigned long)(uid_t)l) {
289 errno = EINVAL;
290 return (-1);
291 }
292 *id = (uid_t)l;
293 return (0);
294 }
295 *id = p->pw_uid;
296 return (0);
297
298 case ACL_GROUP:
299 g = getgrnam(name);
300 if (g == NULL) {
301 l = strtoul(name, &endp, 0);
302 if (*endp != '\0' || l != (unsigned long)(gid_t)l) {
303 errno = EINVAL;
304 return (-1);
305 }
306 *id = (gid_t)l;
307 return (0);
308 }
309 *id = g->gr_gid;
310 return (0);
311
312 default:
313 return (EINVAL);
314 }
315 }
316