15a5eeccaSmarks %{ 25a5eeccaSmarks /* 35a5eeccaSmarks * CDDL HEADER START 45a5eeccaSmarks * 55a5eeccaSmarks * The contents of this file are subject to the terms of the 694d2b9abSmarks * Common Development and Distribution License (the "License"). 794d2b9abSmarks * You may not use this file except in compliance with the License. 85a5eeccaSmarks * 95a5eeccaSmarks * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 105a5eeccaSmarks * or http://www.opensolaris.org/os/licensing. 115a5eeccaSmarks * See the License for the specific language governing permissions 125a5eeccaSmarks * and limitations under the License. 135a5eeccaSmarks * 145a5eeccaSmarks * When distributing Covered Code, include this CDDL HEADER in each 155a5eeccaSmarks * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 165a5eeccaSmarks * If applicable, add the following below this CDDL HEADER, with the 175a5eeccaSmarks * fields enclosed by brackets "[]" replaced with your own identifying 185a5eeccaSmarks * information: Portions Copyright [yyyy] [name of copyright owner] 195a5eeccaSmarks * 205a5eeccaSmarks * CDDL HEADER END 215a5eeccaSmarks * 22b249c65cSmarks * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 235a5eeccaSmarks * Use is subject to license terms. 24*53312454SGordon Ross * 25*53312454SGordon Ross * Copyright 2022 RackTop Systems, Inc. 265a5eeccaSmarks */ 275a5eeccaSmarks 28da6c28aaSamw #include <acl_common.h> 295a5eeccaSmarks #include <aclutils.h> 305a5eeccaSmarks 315a5eeccaSmarks extern int yyinteractive; 325a5eeccaSmarks extern acl_t *yyacl; 335a5eeccaSmarks %} 345a5eeccaSmarks 355a5eeccaSmarks %union { 365a5eeccaSmarks char *str; 375a5eeccaSmarks int val; 385a5eeccaSmarks struct acl_perm_type acl_perm; 395a5eeccaSmarks ace_t ace; 405a5eeccaSmarks aclent_t aclent; 415a5eeccaSmarks acl_t *acl; 425a5eeccaSmarks } 435a5eeccaSmarks 44*53312454SGordon Ross %token BARE_SID_TOK 45b249c65cSmarks %token USER_TOK USER_SID_TOK GROUP_TOK GROUP_SID_TOK MASK_TOK OTHER_TOK 46*53312454SGordon Ross %token OWNERAT_TOK GROUPAT_TOK EVERYONEAT_TOK DEFAULT_USER_TOK 47b249c65cSmarks %token DEFAULT_GROUP_TOK DEFAULT_MASK_TOK DEFAULT_OTHER_TOK 48b249c65cSmarks %token COLON COMMA NL SLASH 495f41bf46SMark Shellenbaum %token <str> ID IDNAME PERM_TOK INHERIT_TOK SID 505f41bf46SMark Shellenbaum %token <val> ERROR ACE_PERM ACE_INHERIT ENTRY_TYPE ACCESS_TYPE 515a5eeccaSmarks 525f41bf46SMark Shellenbaum %type <str> idname id 535a5eeccaSmarks %type <acl_perm> perms perm aclent_perm ace_perms 545a5eeccaSmarks %type <acl> acl_entry 55*53312454SGordon Ross %type <ace> ace 565a5eeccaSmarks %type <aclent> aclent 575f41bf46SMark Shellenbaum %type <val> iflags verbose_iflag compact_iflag access_type entry_type 585a5eeccaSmarks 5994d2b9abSmarks %left ERROR COLON 605a5eeccaSmarks 615a5eeccaSmarks %% 625a5eeccaSmarks 63*53312454SGordon Ross acl: acl_entry NL 64*53312454SGordon Ross { 655a5eeccaSmarks yyacl = $1; 665a5eeccaSmarks return (0); 67*53312454SGordon Ross } 685a5eeccaSmarks 695a5eeccaSmarks /* This seems illegal, but the old aclfromtext() allows it */ 70*53312454SGordon Ross | acl_entry COMMA NL 715a5eeccaSmarks { 725a5eeccaSmarks yyacl = $1; 735a5eeccaSmarks return (0); 745a5eeccaSmarks } 75*53312454SGordon Ross | acl_entry COMMA acl 76*53312454SGordon Ross { 775a5eeccaSmarks yyacl = $1; 785a5eeccaSmarks return (0); 795a5eeccaSmarks } 80*53312454SGordon Ross 81*53312454SGordon Ross acl_entry: ace 825a5eeccaSmarks { 835a5eeccaSmarks ace_t *acep; 845a5eeccaSmarks 855a5eeccaSmarks if (yyacl == NULL) { 865a5eeccaSmarks yyacl = acl_alloc(ACE_T); 87ec965100Smarks if (yyacl == NULL) { 88ec965100Smarks yycleanup(); 895a5eeccaSmarks return (EACL_MEM_ERROR); 90ec965100Smarks } 91*53312454SGordon Ross } 925a5eeccaSmarks 935a5eeccaSmarks $$ = yyacl; 945a5eeccaSmarks if ($$->acl_type == ACLENT_T) { 955b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 965b233e2dSmarks "Cannot have POSIX draft ACL entries" 975b233e2dSmarks " with NFSv4/ZFS ACL entries.\n")); 985a5eeccaSmarks acl_free(yyacl); 995a5eeccaSmarks yyacl = NULL; 100ec965100Smarks yycleanup(); 1015a5eeccaSmarks return (EACL_DIFF_TYPE); 1025a5eeccaSmarks } 103*53312454SGordon Ross 1045a5eeccaSmarks $$->acl_aclp = realloc($$->acl_aclp, 1055a5eeccaSmarks ($$->acl_entry_size * ($$->acl_cnt + 1))); 1065a5eeccaSmarks if ($$->acl_aclp == NULL) { 1075a5eeccaSmarks free (yyacl); 108ec965100Smarks yycleanup(); 109*53312454SGordon Ross return (EACL_MEM_ERROR); 1105a5eeccaSmarks } 1115a5eeccaSmarks acep = $$->acl_aclp; 1125a5eeccaSmarks acep[$$->acl_cnt] = $1; 1135a5eeccaSmarks $$->acl_cnt++; 114ec965100Smarks yycleanup(); 1155a5eeccaSmarks } 1165a5eeccaSmarks | aclent 1175a5eeccaSmarks { 1185a5eeccaSmarks aclent_t *aclent; 1195a5eeccaSmarks 1205a5eeccaSmarks if (yyacl == NULL) { 1215a5eeccaSmarks yyacl = acl_alloc(ACLENT_T); 122ec965100Smarks if (yyacl == NULL) { 123ec965100Smarks yycleanup(); 1245a5eeccaSmarks return (EACL_MEM_ERROR); 125ec965100Smarks } 126*53312454SGordon Ross } 1275a5eeccaSmarks 1285a5eeccaSmarks $$ = yyacl; 1295a5eeccaSmarks if ($$->acl_type == ACE_T) { 1305b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 1315b233e2dSmarks "Cannot have NFSv4/ZFS ACL entries" 1325b233e2dSmarks " with POSIX draft ACL entries.\n")); 1335a5eeccaSmarks acl_free(yyacl); 1345a5eeccaSmarks yyacl = NULL; 135ec965100Smarks yycleanup(); 1365a5eeccaSmarks return (EACL_DIFF_TYPE); 1375a5eeccaSmarks } 1385a5eeccaSmarks 1395a5eeccaSmarks $$->acl_aclp = realloc($$->acl_aclp, 1405a5eeccaSmarks ($$->acl_entry_size * ($$->acl_cnt +1))); 1415a5eeccaSmarks if ($$->acl_aclp == NULL) { 1425a5eeccaSmarks free (yyacl); 143ec965100Smarks yycleanup(); 144*53312454SGordon Ross return (EACL_MEM_ERROR); 1455a5eeccaSmarks } 1465a5eeccaSmarks aclent = $$->acl_aclp; 1475a5eeccaSmarks aclent[$$->acl_cnt] = $1; 1485a5eeccaSmarks $$->acl_cnt++; 149ec965100Smarks yycleanup(); 1505a5eeccaSmarks } 1515a5eeccaSmarks 1525a5eeccaSmarks ace: entry_type idname ace_perms access_type 1535a5eeccaSmarks { 1545a5eeccaSmarks int error; 155b249c65cSmarks uid_t id; 1565a5eeccaSmarks int mask; 1575a5eeccaSmarks 1585a5eeccaSmarks error = get_id($1, $2, &id); 1595a5eeccaSmarks if (error) { 160b249c65cSmarks bad_entry_type($1, $2); 161ec965100Smarks yycleanup(); 1625a5eeccaSmarks return (EACL_INVALID_USER_GROUP); 1635a5eeccaSmarks } 164*53312454SGordon Ross 1655a5eeccaSmarks $$.a_who = id; 1665a5eeccaSmarks $$.a_flags = ace_entry_type($1); 1675a5eeccaSmarks error = ace_perm_mask(&$3, &$$.a_access_mask); 168ec965100Smarks if (error) { 169ec965100Smarks yycleanup(); 1705a5eeccaSmarks return (error); 171ec965100Smarks } 1725a5eeccaSmarks $$.a_type = $4; 1735a5eeccaSmarks 1745a5eeccaSmarks } 1755a5eeccaSmarks | entry_type idname ace_perms access_type COLON id 1765a5eeccaSmarks { 1775a5eeccaSmarks int error; 178b249c65cSmarks uid_t id; 1795a5eeccaSmarks 1805a5eeccaSmarks if (yyinteractive) { 1815b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 1825b233e2dSmarks "Extra fields on the end of " 18394d2b9abSmarks "ACL specification.\n")); 184ec965100Smarks yycleanup(); 1855a5eeccaSmarks return (EACL_UNKNOWN_DATA); 1865a5eeccaSmarks } 1875a5eeccaSmarks error = get_id($1, $2, &id); 1885a5eeccaSmarks if (error) { 1895f41bf46SMark Shellenbaum $$.a_who = get_id_nofail($1, $6); 1905a5eeccaSmarks } else { 1915a5eeccaSmarks $$.a_who = id; 1925a5eeccaSmarks } 1935a5eeccaSmarks $$.a_flags = ace_entry_type($1); 1945a5eeccaSmarks error = ace_perm_mask(&$3, &$$.a_access_mask); 195ec965100Smarks if (error) { 196ec965100Smarks yycleanup(); 1975a5eeccaSmarks return (error); 198ec965100Smarks } 1995a5eeccaSmarks $$.a_type = $4; 2005a5eeccaSmarks } 201*53312454SGordon Ross | entry_type idname ace_perms iflags access_type 2025a5eeccaSmarks { 2035a5eeccaSmarks int error; 204b249c65cSmarks uid_t id; 2055a5eeccaSmarks 2065a5eeccaSmarks error = get_id($1, $2, &id); 2075a5eeccaSmarks if (error) { 208b249c65cSmarks bad_entry_type($1, $2); 209ec965100Smarks yycleanup(); 2105a5eeccaSmarks return (EACL_INVALID_USER_GROUP); 2115a5eeccaSmarks } 212*53312454SGordon Ross 2135a5eeccaSmarks $$.a_who = id; 2145a5eeccaSmarks $$.a_flags = ace_entry_type($1); 2155a5eeccaSmarks error = ace_perm_mask(&$3, &$$.a_access_mask); 216ec965100Smarks if (error) { 217ec965100Smarks yycleanup(); 2185a5eeccaSmarks return (error); 219ec965100Smarks } 2205a5eeccaSmarks $$.a_type = $5; 2215a5eeccaSmarks $$.a_flags |= $4; 2225a5eeccaSmarks } 2235a5eeccaSmarks | entry_type idname ace_perms iflags access_type COLON id 2245a5eeccaSmarks { 2255a5eeccaSmarks int error; 226b249c65cSmarks uid_t id; 2275a5eeccaSmarks 2285a5eeccaSmarks if (yyinteractive) { 2295b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 2305b233e2dSmarks "Extra fields on the end of " 23194d2b9abSmarks "ACL specification.\n")); 232ec965100Smarks yycleanup(); 2335a5eeccaSmarks return (EACL_UNKNOWN_DATA); 2345a5eeccaSmarks } 2355a5eeccaSmarks error = get_id($1, $2, &id); 2365a5eeccaSmarks if (error) { 2375f41bf46SMark Shellenbaum $$.a_who = get_id_nofail($1, $7); 2385a5eeccaSmarks } else { 2395a5eeccaSmarks $$.a_who = id; 2405a5eeccaSmarks } 2415a5eeccaSmarks 2425a5eeccaSmarks $$.a_flags = ace_entry_type($1); 2435a5eeccaSmarks error = ace_perm_mask(&$3, &$$.a_access_mask); 244ec965100Smarks if (error) { 245ec965100Smarks yycleanup(); 2465a5eeccaSmarks return (error); 247ec965100Smarks } 2485a5eeccaSmarks 2495a5eeccaSmarks $$.a_type = $5; 2505a5eeccaSmarks $$.a_flags |= $4; 2515a5eeccaSmarks } 2525a5eeccaSmarks | entry_type ace_perms access_type 253*53312454SGordon Ross { 2545a5eeccaSmarks int error; 2555a5eeccaSmarks 2565a5eeccaSmarks $$.a_who = -1; 2575a5eeccaSmarks $$.a_flags = ace_entry_type($1); 2585a5eeccaSmarks error = ace_perm_mask(&$2, &$$.a_access_mask); 2595a5eeccaSmarks if (error) { 260ec965100Smarks yycleanup(); 2615a5eeccaSmarks return (error); 2625a5eeccaSmarks } 2635a5eeccaSmarks $$.a_type = $3; 264*53312454SGordon Ross } 2655a5eeccaSmarks | entry_type ace_perms access_type COLON id 2665a5eeccaSmarks { 267ec965100Smarks yycleanup(); 2685a5eeccaSmarks if (yyinteractive) { 2695b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 2705b233e2dSmarks "Extra fields on the end of " 27194d2b9abSmarks "ACL specification.\n")); 2725a5eeccaSmarks return (EACL_UNKNOWN_DATA); 2735a5eeccaSmarks } 2745a5eeccaSmarks 2755a5eeccaSmarks return (EACL_ENTRY_ERROR); 2765a5eeccaSmarks } 277*53312454SGordon Ross | entry_type ace_perms iflags access_type 2785a5eeccaSmarks { 2795a5eeccaSmarks int error; 2805a5eeccaSmarks 2815a5eeccaSmarks $$.a_who = -1; 2825a5eeccaSmarks $$.a_flags = ace_entry_type($1); 2835a5eeccaSmarks error = ace_perm_mask(&$2, &$$.a_access_mask); 284ec965100Smarks if (error) { 285ec965100Smarks yycleanup(); 2865a5eeccaSmarks return (error); 287ec965100Smarks } 2885a5eeccaSmarks $$.a_type = $4; 2895a5eeccaSmarks $$.a_flags |= $3; 2905a5eeccaSmarks 2915a5eeccaSmarks } 2925a5eeccaSmarks | entry_type ace_perms iflags access_type COLON id 2935a5eeccaSmarks { 294ec965100Smarks yycleanup(); 2955a5eeccaSmarks if (yyinteractive) { 2965b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 2975b233e2dSmarks "Extra fields on the end of " 29894d2b9abSmarks "ACL specification.\n")); 2995a5eeccaSmarks return (EACL_UNKNOWN_DATA); 3005a5eeccaSmarks } 3015a5eeccaSmarks return (EACL_ENTRY_ERROR); 3025a5eeccaSmarks } 3035a5eeccaSmarks 3045a5eeccaSmarks aclent: entry_type idname aclent_perm /* user or group */ 3055a5eeccaSmarks { 3065a5eeccaSmarks int error; 307b249c65cSmarks uid_t id; 3085a5eeccaSmarks 3095a5eeccaSmarks error = get_id($1, $2, &id); 3105a5eeccaSmarks if (error) { 311b249c65cSmarks bad_entry_type($1, $2); 312ec965100Smarks yycleanup(); 3135a5eeccaSmarks return (EACL_INVALID_USER_GROUP); 3145a5eeccaSmarks } 3155a5eeccaSmarks 3165a5eeccaSmarks error = compute_aclent_perms($3.perm_str, &$$.a_perm); 3175a5eeccaSmarks if (error) { 3185b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 31994d2b9abSmarks "Invalid permission(s) '%s' specified.\n"), 3205a5eeccaSmarks $3.perm_str); 321ec965100Smarks yycleanup(); 3225a5eeccaSmarks return (error); 3235a5eeccaSmarks } 3245a5eeccaSmarks $$.a_id = id; 3255a5eeccaSmarks error = aclent_entry_type($1, 0, &$$.a_type); 3265a5eeccaSmarks if (error) { 3275a5eeccaSmarks acl_error( 3285b233e2dSmarks dgettext(TEXT_DOMAIN, 3295b233e2dSmarks "Invalid ACL entry type '%s' specified.\n"), $1); 330ec965100Smarks yycleanup(); 3315a5eeccaSmarks return (error); 3325a5eeccaSmarks } 3335a5eeccaSmarks } 3345a5eeccaSmarks | entry_type COLON aclent_perm /* owner group other */ 3355a5eeccaSmarks { 3365a5eeccaSmarks int error; 3375a5eeccaSmarks 3385a5eeccaSmarks error = compute_aclent_perms($3.perm_str, &$$.a_perm); 3395a5eeccaSmarks if (error) { 3405b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 34194d2b9abSmarks "Invalid permission(s) '%s' specified.\n"), 3425a5eeccaSmarks $3.perm_str); 343ec965100Smarks yycleanup(); 3445a5eeccaSmarks return (error); 3455a5eeccaSmarks } 3465a5eeccaSmarks $$.a_id = -1; 3475a5eeccaSmarks error = aclent_entry_type($1, 1, &$$.a_type); 3485a5eeccaSmarks if (error) { 3495a5eeccaSmarks acl_error( 3505b233e2dSmarks dgettext(TEXT_DOMAIN, 3515b233e2dSmarks "Invalid ACL entry type '%s' specified.\n"), $1); 352ec965100Smarks yycleanup(); 3535a5eeccaSmarks return (error); 3545a5eeccaSmarks } 3555a5eeccaSmarks } 3565a5eeccaSmarks | entry_type COLON aclent_perm COLON id 357*53312454SGordon Ross { 358ec965100Smarks yycleanup(); 3595a5eeccaSmarks if (yyinteractive) { 3605b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 3615b233e2dSmarks "Extra fields on the end of ACL specification.\n")); 3625a5eeccaSmarks return (EACL_UNKNOWN_DATA); 3635a5eeccaSmarks } 3645a5eeccaSmarks return (EACL_ENTRY_ERROR); 3655a5eeccaSmarks } 366*53312454SGordon Ross | entry_type idname aclent_perm COLON id /* user or group */ 367*53312454SGordon Ross { 3685a5eeccaSmarks int error; 369b249c65cSmarks uid_t id; 3705a5eeccaSmarks 3715a5eeccaSmarks if (yyinteractive) { 3725b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 3735b233e2dSmarks "Extra fields on the end of ACL specification.\n")); 374ec965100Smarks yycleanup(); 3755a5eeccaSmarks return (EACL_UNKNOWN_DATA); 3765a5eeccaSmarks } 3775a5eeccaSmarks error = compute_aclent_perms($3.perm_str, &$$.a_perm); 3785a5eeccaSmarks if (error) { 3795b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 38094d2b9abSmarks "Invalid permission(s) '%s' specified.\n"), 3815a5eeccaSmarks $3.perm_str); 382ec965100Smarks yycleanup(); 3835a5eeccaSmarks return (error); 3845a5eeccaSmarks } 3855a5eeccaSmarks error = get_id($1, $2, &id); 3865f41bf46SMark Shellenbaum if (error) { 3875f41bf46SMark Shellenbaum $$.a_id = get_id_nofail($1, $5); 388*53312454SGordon Ross } else 3895a5eeccaSmarks $$.a_id = id; 3905a5eeccaSmarks 3915a5eeccaSmarks error = aclent_entry_type($1, 0, &$$.a_type); 3925a5eeccaSmarks if (error) { 3935a5eeccaSmarks acl_error( 3945b233e2dSmarks dgettext(TEXT_DOMAIN, 3955b233e2dSmarks "Invalid ACL entry type '%s' specified.\n"), $1); 396ec965100Smarks yycleanup(); 3975a5eeccaSmarks return (error); 3985a5eeccaSmarks } 3995a5eeccaSmarks } 4005a5eeccaSmarks | entry_type aclent_perm /* mask entry */ 4015a5eeccaSmarks { 4025a5eeccaSmarks int error; 4035a5eeccaSmarks 4045a5eeccaSmarks error = compute_aclent_perms($2.perm_str, &$$.a_perm); 4055a5eeccaSmarks if (error) { 4065b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 40794d2b9abSmarks "Invalid permission(s) '%s' specified.\n"), 4085a5eeccaSmarks $2.perm_str); 409ec965100Smarks yycleanup(); 4105a5eeccaSmarks return (error); 4115a5eeccaSmarks } 4125a5eeccaSmarks $$.a_id = -1; 4135a5eeccaSmarks error = aclent_entry_type($1, 0, &$$.a_type); 4145a5eeccaSmarks if (error) { 4155a5eeccaSmarks acl_error( 4165b233e2dSmarks dgettext(TEXT_DOMAIN, 4175b233e2dSmarks "Invalid ACL entry type specified %d.\n"), 4185a5eeccaSmarks error); 419ec965100Smarks yycleanup(); 4205a5eeccaSmarks return (error); 4215a5eeccaSmarks } 4225a5eeccaSmarks } 4235a5eeccaSmarks | entry_type aclent_perm COLON id 4245a5eeccaSmarks { 425ec965100Smarks yycleanup(); 4265a5eeccaSmarks if (yyinteractive) { 4275b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 4285b233e2dSmarks "Extra fields on the end of ACL specification.\n")); 4295a5eeccaSmarks return (EACL_UNKNOWN_DATA); 4305a5eeccaSmarks } 4315a5eeccaSmarks return (EACL_ENTRY_ERROR); 4325a5eeccaSmarks } 4335a5eeccaSmarks 4345a5eeccaSmarks iflags: compact_iflag COLON {$$ = $1;} 4355a5eeccaSmarks | verbose_iflag COLON {$$ = $1;} 4365a5eeccaSmarks | COLON {$$ = 0;} 4375a5eeccaSmarks 4385a5eeccaSmarks compact_iflag : INHERIT_TOK 4395a5eeccaSmarks { 4405a5eeccaSmarks int error; 4415a5eeccaSmarks uint32_t iflags; 4425a5eeccaSmarks 4435a5eeccaSmarks error = compute_ace_inherit($1, &iflags); 4445a5eeccaSmarks if (error) { 4455b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 4465b233e2dSmarks "Invalid inheritance flags '%s' specified.\n"), $1); 447ec965100Smarks yycleanup(); 4485a5eeccaSmarks return (error); 4495a5eeccaSmarks } 4505a5eeccaSmarks $$ = iflags; 4515a5eeccaSmarks } 4525a5eeccaSmarks | INHERIT_TOK SLASH verbose_iflag 4535a5eeccaSmarks { 4545b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 4555b233e2dSmarks "Can't mix compact inherit flags with" 45694d2b9abSmarks " verbose inheritance flags.\n")); 457ec965100Smarks yycleanup(); 4585a5eeccaSmarks return (EACL_INHERIT_ERROR); 4595a5eeccaSmarks } 4605a5eeccaSmarks 4615a5eeccaSmarks verbose_iflag: ACE_INHERIT {$$ |= $1;} 4625a5eeccaSmarks | ACE_INHERIT SLASH verbose_iflag {$$ = $1 | $3;} 4635a5eeccaSmarks | ACE_INHERIT SLASH compact_iflag 4645a5eeccaSmarks { 4655b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 4665b233e2dSmarks "Can't mix verbose inherit flags with" 46794d2b9abSmarks " compact inheritance flags.\n")); 468ec965100Smarks yycleanup(); 46994d2b9abSmarks return (EACL_INHERIT_ERROR); 47094d2b9abSmarks } 47194d2b9abSmarks | ACE_INHERIT SLASH ACCESS_TYPE 47294d2b9abSmarks { 4735b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 4745b233e2dSmarks "Inheritance flags can't be mixed with access type.\n")); 475ec965100Smarks yycleanup(); 4765a5eeccaSmarks return (EACL_INHERIT_ERROR); 4775a5eeccaSmarks } 478ec965100Smarks | ACE_INHERIT SLASH ERROR 479ec965100Smarks { 480ec965100Smarks yycleanup(); 481ec965100Smarks return ($3); 482ec965100Smarks } 483*53312454SGordon Ross 4845a5eeccaSmarks aclent_perm: PERM_TOK 4855a5eeccaSmarks { 4865a5eeccaSmarks $$.perm_style = PERM_TYPE_UNKNOWN; 4875a5eeccaSmarks $$.perm_str = $1; 4885a5eeccaSmarks $$.perm_val = 0; 4895a5eeccaSmarks } 490*53312454SGordon Ross | PERM_TOK ERROR 4915a5eeccaSmarks { 4925b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 4935b233e2dSmarks "ACL entry permissions are incorrectly specified.\n")); 494ec965100Smarks yycleanup(); 4955a5eeccaSmarks return ($2); 4965a5eeccaSmarks } 4975a5eeccaSmarks 498*53312454SGordon Ross access_type: ACCESS_TYPE {$$ = $1;} 499ec965100Smarks | ERROR 500ec965100Smarks { 501ec965100Smarks yycleanup(); 502ec965100Smarks return ($1); 503ec965100Smarks } 5045a5eeccaSmarks 5055a5eeccaSmarks id: ID {$$ = $1;} 5065f41bf46SMark Shellenbaum | SID {$$ = $1;} 507*53312454SGordon Ross | COLON 50894d2b9abSmarks { 5095b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 5105b233e2dSmarks "Invalid uid/gid specified.\nThe field" 511*53312454SGordon Ross " should be a numeric value.\n")); 512ec965100Smarks yycleanup(); 51394d2b9abSmarks return (EACL_UNKNOWN_DATA); 51494d2b9abSmarks } 515ec965100Smarks | ERROR 516ec965100Smarks { 517ec965100Smarks yycleanup(); 518ec965100Smarks return ($1); 519ec965100Smarks } 5205a5eeccaSmarks 5215a5eeccaSmarks ace_perms: perm {$$ = $1;} 5225a5eeccaSmarks | aclent_perm COLON {$$ = $1;} 523ec965100Smarks | ERROR 524ec965100Smarks { 525ec965100Smarks yycleanup(); 526ec965100Smarks return ($1); 527ec965100Smarks } 5285a5eeccaSmarks 5295a5eeccaSmarks perm: perms COLON {$$ = $1;} 530*53312454SGordon Ross | COLON {$$.perm_style = PERM_TYPE_EMPTY;} 5315a5eeccaSmarks 532*53312454SGordon Ross perms: ACE_PERM 533*53312454SGordon Ross { 5345a5eeccaSmarks $$.perm_style = PERM_TYPE_ACE; 5355a5eeccaSmarks $$.perm_val |= $1; 5365a5eeccaSmarks } 5375a5eeccaSmarks | ACE_PERM SLASH perms 5385a5eeccaSmarks { 5395a5eeccaSmarks $$.perm_style = PERM_TYPE_ACE; 5405a5eeccaSmarks $$.perm_val = $1 | $3.perm_val; 5415a5eeccaSmarks } 5425a5eeccaSmarks | ACE_PERM SLASH aclent_perm 5435a5eeccaSmarks { 5445a5eeccaSmarks 5455b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN, 5465b233e2dSmarks "Can't mix verbose permissions with" 54794d2b9abSmarks " compact permission.\n")); 548ec965100Smarks yycleanup(); 5495a5eeccaSmarks return (EACL_PERM_MASK_ERROR); 5505a5eeccaSmarks 5515a5eeccaSmarks } 552ec965100Smarks | ACE_PERM SLASH ERROR 553ec965100Smarks { 554ec965100Smarks yycleanup(); 555ec965100Smarks return ($3); 556ec965100Smarks } 557*53312454SGordon Ross 5585a5eeccaSmarks 5595a5eeccaSmarks idname: IDNAME {$$ = $1;} 5605a5eeccaSmarks 5615a5eeccaSmarks entry_type: ENTRY_TYPE {$$ = $1;} 562ec965100Smarks | ERROR 563ec965100Smarks { 564ec965100Smarks yycleanup(); 565ec965100Smarks return ($1); 566ec965100Smarks } 567b249c65cSmarks 568b249c65cSmarks %% 569b249c65cSmarks static void 570b249c65cSmarks bad_entry_type(int toketype, char *str) 571b249c65cSmarks { 572b249c65cSmarks switch(toketype) { 573b249c65cSmarks case USER_TOK: 574b249c65cSmarks case DEFAULT_USER_TOK: 575b249c65cSmarks acl_error(dgettext(TEXT_DOMAIN, 576b249c65cSmarks "Invalid user %s specified.\n"), str); 577b249c65cSmarks break; 578b249c65cSmarks 579b249c65cSmarks case GROUP_TOK: 580b249c65cSmarks case DEFAULT_GROUP_TOK: 581b249c65cSmarks acl_error(dgettext(TEXT_DOMAIN, 582b249c65cSmarks "Invalid group %s specified.\n"), str); 583b249c65cSmarks break; 584*53312454SGordon Ross 585b249c65cSmarks case USER_SID_TOK: 586b249c65cSmarks acl_error(dgettext(TEXT_DOMAIN, 587b249c65cSmarks "Invalid user SID %s specified.\n"), str); 588b249c65cSmarks break; 589b249c65cSmarks 590b249c65cSmarks case GROUP_SID_TOK: 591b249c65cSmarks acl_error(dgettext(TEXT_DOMAIN, 592b249c65cSmarks "Invalid group SID %s specified.\n"), str); 593*53312454SGordon Ross break; 594b249c65cSmarks 595*53312454SGordon Ross case BARE_SID_TOK: 596*53312454SGordon Ross acl_error(dgettext(TEXT_DOMAIN, 597*53312454SGordon Ross "Invalid SID %s specified.\n"), str); 598*53312454SGordon Ross break; 599*53312454SGordon Ross } 600b249c65cSmarks } 601