15a5eeccaSmarks /*
25a5eeccaSmarks * CDDL HEADER START
35a5eeccaSmarks *
45a5eeccaSmarks * The contents of this file are subject to the terms of the
594d2b9abSmarks * Common Development and Distribution License (the "License").
694d2b9abSmarks * You may not use this file except in compliance with the License.
75a5eeccaSmarks *
85a5eeccaSmarks * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
95a5eeccaSmarks * or http://www.opensolaris.org/os/licensing.
105a5eeccaSmarks * See the License for the specific language governing permissions
115a5eeccaSmarks * and limitations under the License.
125a5eeccaSmarks *
135a5eeccaSmarks * When distributing Covered Code, include this CDDL HEADER in each
145a5eeccaSmarks * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
155a5eeccaSmarks * If applicable, add the following below this CDDL HEADER, with the
165a5eeccaSmarks * fields enclosed by brackets "[]" replaced with your own identifying
175a5eeccaSmarks * information: Portions Copyright [yyyy] [name of copyright owner]
185a5eeccaSmarks *
195a5eeccaSmarks * CDDL HEADER END
205a5eeccaSmarks *
21b249c65cSmarks * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
225a5eeccaSmarks * Use is subject to license terms.
23*53312454SGordon Ross *
24*53312454SGordon Ross * Copyright 2022 RackTop Systems, Inc.
255a5eeccaSmarks */
265a5eeccaSmarks
275a5eeccaSmarks %{
285a5eeccaSmarks #include <sys/acl.h>
295a5eeccaSmarks #include <aclutils.h>
30b249c65cSmarks #include <idmap.h>
315a5eeccaSmarks #include <errno.h>
325a5eeccaSmarks #include "acl.tab.h"
335a5eeccaSmarks
345a5eeccaSmarks #ifdef input
355a5eeccaSmarks #undef input
365a5eeccaSmarks #endif
375a5eeccaSmarks
385a5eeccaSmarks #ifdef unput
395a5eeccaSmarks #undef unput
405a5eeccaSmarks #endif
415a5eeccaSmarks
425a5eeccaSmarks int grab_string(char *terminators);
435a5eeccaSmarks static int input();
445a5eeccaSmarks static void unput(int);
455a5eeccaSmarks
46*53312454SGordon Ross int
yyerror(const char * s)475a5eeccaSmarks yyerror(const char *s)
485a5eeccaSmarks {
495a5eeccaSmarks return (0);
505a5eeccaSmarks }
515a5eeccaSmarks
525a5eeccaSmarks int
yywrap(void)535a5eeccaSmarks yywrap(void)
545a5eeccaSmarks {
555a5eeccaSmarks return (1);
565a5eeccaSmarks }
575a5eeccaSmarks
585a5eeccaSmarks extern char *yybuf;
595a5eeccaSmarks int yybufpos;
605a5eeccaSmarks
61ec965100Smarks /*
62ec965100Smarks * Used for tracking allocated strings while walking through an ACL.
63ec965100Smarks */
64ec965100Smarks struct yystrings {
65ec965100Smarks char *y_logname; /* user/group name from LOGNAME */
66ec965100Smarks char *y_perms; /* permssions from PERM_TOK */
67ec965100Smarks char *y_iflags; /* iflags from INHERIT_TOK */
685f41bf46SMark Shellenbaum char *y_idstr; /* string of appened id */
69ec965100Smarks } yystrings;
70ec965100Smarks
715a5eeccaSmarks %}
725a5eeccaSmarks
73da6c28aaSamw %e 1500
7494d2b9abSmarks %s TS NS PS AIS AS US ES
75b249c65cSmarks %p 5000
76b249c65cSmarks
775a5eeccaSmarks /*
785a5eeccaSmarks * TS = type state
795a5eeccaSmarks * NS = name state
805a5eeccaSmarks * PS = Permission state
815a5eeccaSmarks * AIS = Allow/deny/inheritance state
8294d2b9abSmarks * AS = Allow state (only used when inheritance detected)
835a5eeccaSmarks * US = UID/GID state
845a5eeccaSmarks * ES = End state
855a5eeccaSmarks */
865a5eeccaSmarks
87ed78bdc4Smarks ID [0-9]+
885f41bf46SMark Shellenbaum SID S-[^:,\n]+
89b1a2ca0fSmarks LOGNAME [^:]+:
905a5eeccaSmarks PERM_STR [rRwWxpdDaAcCos-]+
91da6c28aaSamw INHERIT_STR [fdinFSI-]+
925a5eeccaSmarks
935a5eeccaSmarks %%
945a5eeccaSmarks
955a5eeccaSmarks <TS>user: {
965a5eeccaSmarks BEGIN NS;
975a5eeccaSmarks yylval.val = USER_TOK;
985a5eeccaSmarks return (ENTRY_TYPE);
995a5eeccaSmarks }
100b249c65cSmarks <TS>usersid: {
101b249c65cSmarks BEGIN NS;
102b249c65cSmarks yylval.val = USER_SID_TOK;
103b249c65cSmarks return (ENTRY_TYPE);
104b249c65cSmarks }
1055a5eeccaSmarks <TS>owner@: {
1065a5eeccaSmarks BEGIN PS;
1075a5eeccaSmarks yylval.val = OWNERAT_TOK;
1085a5eeccaSmarks return (ENTRY_TYPE);
1095a5eeccaSmarks }
1105a5eeccaSmarks <TS>group@: {
1115a5eeccaSmarks BEGIN PS;
1125a5eeccaSmarks yylval.val = GROUPAT_TOK;
1135a5eeccaSmarks return (ENTRY_TYPE);
1145a5eeccaSmarks }
1155a5eeccaSmarks <TS>everyone@: {
1165a5eeccaSmarks BEGIN PS;
1175a5eeccaSmarks yylval.val = EVERYONEAT_TOK;
1185a5eeccaSmarks return (ENTRY_TYPE);
1195a5eeccaSmarks }
1205a5eeccaSmarks <TS>group: {
1215a5eeccaSmarks BEGIN NS;
1225a5eeccaSmarks yylval.val = GROUP_TOK;
1235a5eeccaSmarks return (ENTRY_TYPE);
1245a5eeccaSmarks }
125b249c65cSmarks <TS>groupsid: {
126b249c65cSmarks BEGIN NS;
127b249c65cSmarks yylval.val = GROUP_SID_TOK;
128b249c65cSmarks return (ENTRY_TYPE);
129b249c65cSmarks }
130b249c65cSmarks <TS>sid: {
131b249c65cSmarks BEGIN NS;
132*53312454SGordon Ross yylval.val = BARE_SID_TOK;
133b249c65cSmarks return (ENTRY_TYPE);
134b249c65cSmarks }
1355a5eeccaSmarks <TS>mask: {
1365a5eeccaSmarks BEGIN PS;
1375a5eeccaSmarks yylval.val = MASK_TOK;
1385a5eeccaSmarks return (ENTRY_TYPE);
1395a5eeccaSmarks }
1405a5eeccaSmarks <TS>mask:: {
1415a5eeccaSmarks BEGIN PS;
1425a5eeccaSmarks yylval.val = MASK_TOK;
1435a5eeccaSmarks return (ENTRY_TYPE);
1445a5eeccaSmarks }
1455a5eeccaSmarks <TS>other: {
1465a5eeccaSmarks BEGIN PS;
1475a5eeccaSmarks yylval.val = OTHER_TOK;
1485a5eeccaSmarks return (ENTRY_TYPE);
1495a5eeccaSmarks }
1505a5eeccaSmarks <TS>other:: {
1515a5eeccaSmarks BEGIN PS;
1525a5eeccaSmarks yylval.val = OTHER_TOK;
1535a5eeccaSmarks return (ENTRY_TYPE);
1545a5eeccaSmarks }
155*53312454SGordon Ross <TS>defaultuser: {
1565a5eeccaSmarks BEGIN NS;
1575a5eeccaSmarks yylval.val = DEFAULT_USER_TOK;
1585a5eeccaSmarks return (ENTRY_TYPE);
1595a5eeccaSmarks }
1605a5eeccaSmarks <TS>default:user: {
1615a5eeccaSmarks BEGIN NS;
1625a5eeccaSmarks yylval.val = DEFAULT_USER_TOK;
1635a5eeccaSmarks return (ENTRY_TYPE);
1645a5eeccaSmarks }
165*53312454SGordon Ross <TS>defaultgroup: {
1665a5eeccaSmarks BEGIN NS;
1675a5eeccaSmarks yylval.val = DEFAULT_GROUP_TOK;
1685a5eeccaSmarks return (ENTRY_TYPE);
1695a5eeccaSmarks }
1705a5eeccaSmarks <TS>default:group: {
1715a5eeccaSmarks BEGIN NS;
1725a5eeccaSmarks yylval.val = DEFAULT_GROUP_TOK;
1735a5eeccaSmarks return (ENTRY_TYPE);
1745a5eeccaSmarks }
175*53312454SGordon Ross <TS>defaultother: {
1765a5eeccaSmarks BEGIN PS;
1775a5eeccaSmarks yylval.val = DEFAULT_OTHER_TOK;
1785a5eeccaSmarks return (ENTRY_TYPE);
1795a5eeccaSmarks }
180*53312454SGordon Ross <TS>defaultother:: {
1815a5eeccaSmarks BEGIN PS;
1825a5eeccaSmarks yylval.val = DEFAULT_OTHER_TOK;
1835a5eeccaSmarks return (ENTRY_TYPE);
1845a5eeccaSmarks }
1855a5eeccaSmarks <TS>default:other: {
1865a5eeccaSmarks BEGIN PS;
1875a5eeccaSmarks yylval.val = DEFAULT_OTHER_TOK;
1885a5eeccaSmarks return (ENTRY_TYPE);
1895a5eeccaSmarks }
190*53312454SGordon Ross <TS>defaultmask: {
1915a5eeccaSmarks BEGIN PS;
1925a5eeccaSmarks yylval.val = DEFAULT_MASK_TOK;
1935a5eeccaSmarks return (ENTRY_TYPE);
1945a5eeccaSmarks }
195*53312454SGordon Ross <TS>defaultmask:: {
1965a5eeccaSmarks BEGIN PS;
1975a5eeccaSmarks yylval.val = DEFAULT_MASK_TOK;
1985a5eeccaSmarks return (ENTRY_TYPE);
1995a5eeccaSmarks }
2005a5eeccaSmarks <TS>default:mask: {
2015a5eeccaSmarks BEGIN PS;
2025a5eeccaSmarks yylval.val = DEFAULT_MASK_TOK;
2035a5eeccaSmarks return (ENTRY_TYPE);
2045a5eeccaSmarks }
2055a5eeccaSmarks <TS>"\n" {
2065a5eeccaSmarks return (NL);
2075a5eeccaSmarks }
2085a5eeccaSmarks <TS>. {
209e2c4eff1Smarks if (grab_string(":,\n") != 0) {
2105b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN,
2115b233e2dSmarks "Failed to retrieve"
21294d2b9abSmarks " error string.\n"));
2135a5eeccaSmarks yylval.val = EACL_MEM_ERROR;
2145a5eeccaSmarks return (ERROR);
2155a5eeccaSmarks }
2165b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN,
2175b233e2dSmarks "Invalid ACL entry "
21894d2b9abSmarks "type '%s' specified.\n"), yylval.str);
2195a5eeccaSmarks free(yylval.str);
2205a5eeccaSmarks yylval.val = EACL_ENTRY_ERROR;
2215a5eeccaSmarks return (ERROR);
2225a5eeccaSmarks }
2235a5eeccaSmarks <NS>: {
2245a5eeccaSmarks BEGIN PS;
2255a5eeccaSmarks return (COLON);
2265a5eeccaSmarks }
2275a5eeccaSmarks <NS>{LOGNAME} {
2285a5eeccaSmarks yylval.str = strdup(yytext);
2295a5eeccaSmarks if (yylval.str == NULL) {
2305a5eeccaSmarks yylval.val = EACL_MEM_ERROR;
2315a5eeccaSmarks return (ERROR);
2325a5eeccaSmarks }
2335a5eeccaSmarks yylval.str[strlen(yylval.str) -1] = '\0';
234ec965100Smarks yystrings.y_logname = yylval.str;
2355a5eeccaSmarks BEGIN PS;
2365a5eeccaSmarks return (IDNAME);
2375a5eeccaSmarks }
2385a5eeccaSmarks <NS>"\n" {
2395b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN,
2405b233e2dSmarks "Missing user/group name"
24194d2b9abSmarks " from ACL specification.\n"));
2425a5eeccaSmarks yylval.val = EACL_MISSING_FIELDS;
2435a5eeccaSmarks return (ERROR);
2445a5eeccaSmarks }
2455a5eeccaSmarks <NS>. {
2465a5eeccaSmarks int error;
247*53312454SGordon Ross
248e2c4eff1Smarks error = grab_string(":,\n");
2495a5eeccaSmarks if (error != 0) {
2505b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN,
2515b233e2dSmarks "Invalid user/group "
25294d2b9abSmarks "name specification.\n"));
2535a5eeccaSmarks yylval.val = EACL_INVALID_USER_GROUP;
2545a5eeccaSmarks } else {
2555b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN,
2565b233e2dSmarks "User/Group name "
25794d2b9abSmarks "'%s' not specified correctly.\n"),
2585a5eeccaSmarks yylval.str);
2595a5eeccaSmarks free(yylval.str);
2605a5eeccaSmarks yylval.val = EACL_ENTRY_ERROR;
2615a5eeccaSmarks }
2625a5eeccaSmarks return (ERROR);
2635a5eeccaSmarks }
264f92daba9Smarks <PS>read_data/[:/,] {
2655a5eeccaSmarks yylval.val = ACE_READ_DATA;
2665a5eeccaSmarks return (ACE_PERM);
2675a5eeccaSmarks }
268f92daba9Smarks <PS>list_directory/[:/,] {
2695a5eeccaSmarks yylval.val = ACE_LIST_DIRECTORY;
270*53312454SGordon Ross return (ACE_PERM);
2715a5eeccaSmarks }
272f92daba9Smarks <PS>write_data/[:/,] {
2735a5eeccaSmarks yylval.val = ACE_WRITE_DATA;
2745a5eeccaSmarks return (ACE_PERM);
2755a5eeccaSmarks }
276f92daba9Smarks <PS>add_file/[:/,] {
2775a5eeccaSmarks yylval.val = ACE_ADD_FILE;
2785a5eeccaSmarks return (ACE_PERM);
2795a5eeccaSmarks }
280f92daba9Smarks <PS>append_data/[:/,] {
2815a5eeccaSmarks yylval.val = ACE_APPEND_DATA;
2825a5eeccaSmarks return (ACE_PERM);
2835a5eeccaSmarks }
284f92daba9Smarks <PS>add_subdirectory/[:/,] {
2855a5eeccaSmarks yylval.val = ACE_ADD_SUBDIRECTORY;
2865a5eeccaSmarks return (ACE_PERM);
2875a5eeccaSmarks }
288f92daba9Smarks <PS>read_xattr/[:/,] {
2895a5eeccaSmarks yylval.val = ACE_READ_NAMED_ATTRS;
2905a5eeccaSmarks return (ACE_PERM);
2915a5eeccaSmarks }
292f92daba9Smarks <PS>write_xattr/[:/,] {
2935a5eeccaSmarks yylval.val = ACE_WRITE_NAMED_ATTRS;
2945a5eeccaSmarks return (ACE_PERM);
2955a5eeccaSmarks }
296f92daba9Smarks <PS>execute/[:/,] {
2975a5eeccaSmarks yylval.val = ACE_EXECUTE;
2985a5eeccaSmarks return (ACE_PERM);
2995a5eeccaSmarks }
300f92daba9Smarks <PS>delete_child/[:/,] {
3015a5eeccaSmarks yylval.val = ACE_DELETE_CHILD;
3025a5eeccaSmarks return (ACE_PERM);
3035a5eeccaSmarks }
304f92daba9Smarks <PS>read_attributes/[:/,] {
3055a5eeccaSmarks yylval.val = ACE_READ_ATTRIBUTES;
3065a5eeccaSmarks return (ACE_PERM);
3075a5eeccaSmarks }
308f92daba9Smarks <PS>write_attributes/[:/,] {
3095a5eeccaSmarks yylval.val = ACE_WRITE_ATTRIBUTES;
310*53312454SGordon Ross return (ACE_PERM);
3115a5eeccaSmarks }
312f92daba9Smarks <PS>delete/[:/,] {
3135a5eeccaSmarks yylval.val = ACE_DELETE;
3145a5eeccaSmarks return (ACE_PERM);
3155a5eeccaSmarks }
316f92daba9Smarks <PS>read_acl/[:/,] {
3175a5eeccaSmarks yylval.val = ACE_READ_ACL;
3185a5eeccaSmarks return (ACE_PERM);
3195a5eeccaSmarks }
320f92daba9Smarks <PS>write_acl/[:/,] {
3215a5eeccaSmarks yylval.val = ACE_WRITE_ACL;
3225a5eeccaSmarks return (ACE_PERM);
3235a5eeccaSmarks }
324f92daba9Smarks <PS>write_owner/[:/,] {
3255a5eeccaSmarks yylval.val = ACE_WRITE_OWNER;
3265a5eeccaSmarks return (ACE_PERM);
3275a5eeccaSmarks }
328f92daba9Smarks <PS>synchronize/[:/,] {
3295a5eeccaSmarks yylval.val = ACE_SYNCHRONIZE;
3305a5eeccaSmarks return (ACE_PERM);
3315a5eeccaSmarks }
332b249c65cSmarks <PS>read_set/[:/,] {
333b249c65cSmarks yylval.val = ACE_READ_PERMS;
334b249c65cSmarks return (ACE_PERM);
335b249c65cSmarks }
336b249c65cSmarks <PS>write_set/[:/,] {
337b249c65cSmarks yylval.val = ACE_WRITE_PERMS;
338b249c65cSmarks return (ACE_PERM);
339b249c65cSmarks }
340b249c65cSmarks <PS>modify_set/[:/,] {
341b249c65cSmarks yylval.val = ACE_MODIFY_PERMS;
342b249c65cSmarks return (ACE_PERM);
343b249c65cSmarks }
344b249c65cSmarks <PS>full_set/[:/,] {
345b249c65cSmarks yylval.val = ACE_ALL_PERMS;
346b249c65cSmarks return (ACE_PERM);
347b249c65cSmarks }
348e2c4eff1Smarks <PS>{PERM_STR}/[:,\n] {
3495a5eeccaSmarks int c;
3505a5eeccaSmarks
3515a5eeccaSmarks c = input();
3525a5eeccaSmarks unput(c);
3535a5eeccaSmarks yylval.str = strdup(yytext);
3545a5eeccaSmarks if (yylval.str == NULL) {
3555a5eeccaSmarks yylval.val = EACL_MEM_ERROR;
3565a5eeccaSmarks return (ERROR);
3575a5eeccaSmarks }
358ec965100Smarks yystrings.y_perms = yylval.str;
3595a5eeccaSmarks
3605a5eeccaSmarks /*
3615a5eeccaSmarks * aclent are done after permissions.
3625a5eeccaSmarks */
3635a5eeccaSmarks if (isdigit(c))
3645a5eeccaSmarks BEGIN US;
3655a5eeccaSmarks else if (c != ':')
3665a5eeccaSmarks BEGIN ES;
367*53312454SGordon Ross
368*53312454SGordon Ross return (PERM_TOK);
3695a5eeccaSmarks }
3705a5eeccaSmarks <PS>"/:" {
3715b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN,
3725b233e2dSmarks "Invalid permission /: specified.\n"));
3735a5eeccaSmarks yylval.val = EACL_ENTRY_ERROR;
3745a5eeccaSmarks return (ERROR);
3755a5eeccaSmarks }
3765a5eeccaSmarks <PS>: {
3775a5eeccaSmarks int c;
3785a5eeccaSmarks
3795a5eeccaSmarks c = input();
3805a5eeccaSmarks unput(c);
3815a5eeccaSmarks if (isdigit(c))
3825a5eeccaSmarks BEGIN (US);
3835a5eeccaSmarks else
3845a5eeccaSmarks BEGIN AIS;
3855a5eeccaSmarks return (COLON);
3865a5eeccaSmarks }
3875a5eeccaSmarks <PS>"/" {
3885a5eeccaSmarks return (SLASH);
3895a5eeccaSmarks }
3905a5eeccaSmarks <PS>"\n" {
3915b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN,
3925b233e2dSmarks "ACL entry is missing "
39394d2b9abSmarks "permission fields.\n"));
3945a5eeccaSmarks yylval.val = EACL_MISSING_FIELDS;
3955a5eeccaSmarks return (ERROR);
3965a5eeccaSmarks }
397f92daba9Smarks <PS>"," {
398f92daba9Smarks acl_error(
399f92daba9Smarks dgettext(TEXT_DOMAIN,
400f92daba9Smarks "The ',' is not a valid permission field "
401f92daba9Smarks "separator.\nThe comma is used to separate "
402bbf21555SRichard Lowe "access control entries.\nSee acl(7) for "
403f92daba9Smarks "examples of specifying ACL entries.\n"));
404f92daba9Smarks yylval.val = EACL_PERM_MASK_ERROR;
405f92daba9Smarks return (ERROR);
406f92daba9Smarks }
407*53312454SGordon Ross <PS>. {
408e2c4eff1Smarks if (grab_string("/:,\n") != 0) {
4095b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN,
4105b233e2dSmarks "Failed to retrieve"
41194d2b9abSmarks " error string.\n"));
4125a5eeccaSmarks yylval.val = EACL_MEM_ERROR;
4135a5eeccaSmarks return (ERROR);
4145a5eeccaSmarks }
4155b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN,
416e2c4eff1Smarks "Invalid permission(s) '%s' "
417*53312454SGordon Ross "specified.\n"), yylval.str);
4185a5eeccaSmarks free(yylval.str);
4195a5eeccaSmarks yylval.val = EACL_PERM_MASK_ERROR;
4205a5eeccaSmarks return (ERROR);
4215a5eeccaSmarks }
42294d2b9abSmarks <AS>allow/[:,\n] {
4235a5eeccaSmarks
4245a5eeccaSmarks int c;
425*53312454SGordon Ross
4265a5eeccaSmarks c = input();
42794d2b9abSmarks unput(c);
4285a5eeccaSmarks if (c == ',' || c == '\n')
4295a5eeccaSmarks BEGIN ES;
43094d2b9abSmarks else
43194d2b9abSmarks BEGIN US;
43294d2b9abSmarks yylval.val = ACE_ACCESS_ALLOWED_ACE_TYPE;
43394d2b9abSmarks return (ACCESS_TYPE);
43494d2b9abSmarks }
43594d2b9abSmarks <AS>deny/[:,\n] {
43694d2b9abSmarks
43794d2b9abSmarks int c;
438*53312454SGordon Ross
43994d2b9abSmarks c = input();
4405a5eeccaSmarks unput(c);
44194d2b9abSmarks if (c == ',' || c == '\n')
44294d2b9abSmarks BEGIN ES;
44394d2b9abSmarks else
44494d2b9abSmarks BEGIN US;
44594d2b9abSmarks
44694d2b9abSmarks yylval.val = ACE_ACCESS_DENIED_ACE_TYPE;
44794d2b9abSmarks return (ACCESS_TYPE);
44894d2b9abSmarks }
449da6c28aaSamw <AS>audit/[:,\n] {
450da6c28aaSamw int c;
451*53312454SGordon Ross
452da6c28aaSamw c = input();
453da6c28aaSamw unput(c);
454da6c28aaSamw if (c == ',' || c == '\n')
455da6c28aaSamw BEGIN ES;
456da6c28aaSamw else
457da6c28aaSamw BEGIN US;
458da6c28aaSamw
459da6c28aaSamw yylval.val = ACE_SYSTEM_AUDIT_ACE_TYPE;
460da6c28aaSamw return (ACCESS_TYPE);
461da6c28aaSamw }
462da6c28aaSamw <AS>alarm/[:,\n] {
463da6c28aaSamw int c;
464*53312454SGordon Ross
465da6c28aaSamw c = input();
466da6c28aaSamw unput(c);
467da6c28aaSamw if (c == ',' || c == '\n')
468da6c28aaSamw BEGIN ES;
469da6c28aaSamw else
470da6c28aaSamw BEGIN US;
471da6c28aaSamw
472da6c28aaSamw yylval.val = ACE_SYSTEM_ALARM_ACE_TYPE;
473da6c28aaSamw return (ACCESS_TYPE);
474da6c28aaSamw }
47594d2b9abSmarks <AS>: {
476*53312454SGordon Ross
4775b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN,
4785b233e2dSmarks "Invalid Access type "
47994d2b9abSmarks "specified.\nThe field is blank, when"
48094d2b9abSmarks " it should be either allow or deny.\n"));
48194d2b9abSmarks yylval.val = EACL_INVALID_ACCESS_TYPE;
48294d2b9abSmarks return (ERROR);
48394d2b9abSmarks }
48494d2b9abSmarks <AS>"\n" {
4855b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN,
4865b233e2dSmarks "ACL access type must be specified.\n"));
48794d2b9abSmarks yylval.val = EACL_INVALID_ACCESS_TYPE;
48894d2b9abSmarks return (ERROR);
48994d2b9abSmarks }
49094d2b9abSmarks <AS>. {
49194d2b9abSmarks if (yytext[0] != '\n' && yytext[0] != '\0') {
492e2c4eff1Smarks if (grab_string(":,\n") != 0) {
4935b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN,
4945b233e2dSmarks "Failed to "
49594d2b9abSmarks "retrieve error "
49694d2b9abSmarks "string.\n"));
49794d2b9abSmarks yylval.val = EACL_MEM_ERROR;
49894d2b9abSmarks return (ERROR);
49994d2b9abSmarks }
50094d2b9abSmarks acl_error(
5015b233e2dSmarks dgettext(TEXT_DOMAIN,
5025b233e2dSmarks "Invalid access "
50394d2b9abSmarks "type '%s' specified.\n"),
50494d2b9abSmarks yylval.str);
50594d2b9abSmarks } else {
50694d2b9abSmarks acl_error(
5075b233e2dSmarks dgettext(TEXT_DOMAIN,
5085b233e2dSmarks "No access "
50994d2b9abSmarks "type specified.\n"), yylval.str);
51094d2b9abSmarks }
51194d2b9abSmarks
51294d2b9abSmarks free(yylval.str);
51394d2b9abSmarks yylval.val = EACL_INVALID_ACCESS_TYPE;
51494d2b9abSmarks return (ERROR);
51594d2b9abSmarks }
51694d2b9abSmarks <AIS>allow/[:,\n] {
51794d2b9abSmarks
51894d2b9abSmarks int c;
519*53312454SGordon Ross
52094d2b9abSmarks c = input();
52194d2b9abSmarks unput(c);
52294d2b9abSmarks if (c == ',' || c == '\n')
52394d2b9abSmarks BEGIN ES;
52494d2b9abSmarks else
52594d2b9abSmarks BEGIN US;
5265a5eeccaSmarks yylval.val = ACE_ACCESS_ALLOWED_ACE_TYPE;
5275a5eeccaSmarks return (ACCESS_TYPE);
5285a5eeccaSmarks }
5295a5eeccaSmarks <AIS>deny/[:,\n] {
5305a5eeccaSmarks
5315a5eeccaSmarks int c;
532*53312454SGordon Ross
5335a5eeccaSmarks c = input();
53494d2b9abSmarks unput(c);
5355a5eeccaSmarks if (c == ',' || c == '\n')
5365a5eeccaSmarks BEGIN ES;
53794d2b9abSmarks else
53894d2b9abSmarks BEGIN US;
53994d2b9abSmarks
5405a5eeccaSmarks yylval.val = ACE_ACCESS_DENIED_ACE_TYPE;
5415a5eeccaSmarks return (ACCESS_TYPE);
5425a5eeccaSmarks }
543da6c28aaSamw <AIS>audit/[:,\n] {
544da6c28aaSamw int c;
545*53312454SGordon Ross
546da6c28aaSamw c = input();
547da6c28aaSamw unput(c);
548da6c28aaSamw if (c == ',' || c == '\n')
549da6c28aaSamw BEGIN ES;
550da6c28aaSamw else
551da6c28aaSamw BEGIN US;
552da6c28aaSamw
553da6c28aaSamw yylval.val = ACE_SYSTEM_AUDIT_ACE_TYPE;
554da6c28aaSamw return (ACCESS_TYPE);
555da6c28aaSamw }
556da6c28aaSamw <AIS>alarm/[:,\n] {
557da6c28aaSamw
558da6c28aaSamw int c;
559*53312454SGordon Ross
560da6c28aaSamw c = input();
561da6c28aaSamw unput(c);
562da6c28aaSamw if (c == ',' || c == '\n')
563da6c28aaSamw BEGIN ES;
564da6c28aaSamw else
565da6c28aaSamw BEGIN US;
566da6c28aaSamw
567da6c28aaSamw yylval.val = ACE_SYSTEM_ALARM_ACE_TYPE;
568da6c28aaSamw return (ACCESS_TYPE);
569da6c28aaSamw }
570f92daba9Smarks <AIS>file_inherit/[:/,] {
5715a5eeccaSmarks yylval.val = ACE_FILE_INHERIT_ACE;
5725a5eeccaSmarks return (ACE_INHERIT);
5735a5eeccaSmarks }
574f92daba9Smarks <AIS>dir_inherit/[:/,] {
5755a5eeccaSmarks yylval.val = ACE_DIRECTORY_INHERIT_ACE;
5765a5eeccaSmarks return (ACE_INHERIT);
5775a5eeccaSmarks }
578f92daba9Smarks <AIS>no_propagate/[/:,] {
5795a5eeccaSmarks yylval.val = ACE_NO_PROPAGATE_INHERIT_ACE;
5805a5eeccaSmarks return (ACE_INHERIT);
5815a5eeccaSmarks }
582f92daba9Smarks <AIS>inherit_only/[/:,] {
5835a5eeccaSmarks yylval.val = ACE_INHERIT_ONLY_ACE;
5845a5eeccaSmarks return (ACE_INHERIT);
5855a5eeccaSmarks }
586da6c28aaSamw
587da6c28aaSamw <AIS>successful_access/[/:,] {
588da6c28aaSamw yylval.val = ACE_SUCCESSFUL_ACCESS_ACE_FLAG;
589da6c28aaSamw return (ACE_INHERIT);
590da6c28aaSamw }
591da6c28aaSamw <AIS>failed_access/[/:,] {
592da6c28aaSamw yylval.val = ACE_FAILED_ACCESS_ACE_FLAG;
593da6c28aaSamw return (ACE_INHERIT);
594da6c28aaSamw }
595da6c28aaSamw <AIS>inherited/[/:,] {
596da6c28aaSamw yylval.val = ACE_INHERITED_ACE;
597da6c28aaSamw return (ACE_INHERIT);
598da6c28aaSamw }
59994d2b9abSmarks <AIS>{INHERIT_STR}/[:] {
6005a5eeccaSmarks yylval.str = strdup(yytext);
6015a5eeccaSmarks if (yylval.str == NULL) {
6025a5eeccaSmarks yylval.val = EACL_MEM_ERROR;
6035a5eeccaSmarks return (ERROR);
6045a5eeccaSmarks }
605ec965100Smarks yystrings.y_iflags = yylval.str;
6065a5eeccaSmarks return (INHERIT_TOK);
6075a5eeccaSmarks }
6085a5eeccaSmarks <AIS>: {
60994d2b9abSmarks /*
61094d2b9abSmarks * Only inheritance fields should hit this.
61194d2b9abSmarks * allow/deny fields match on ":" as part
61294d2b9abSmarks * of the regexp.
61394d2b9abSmarks */
61494d2b9abSmarks BEGIN AS;
6155a5eeccaSmarks return (COLON);
6165a5eeccaSmarks }
6175a5eeccaSmarks <AIS>"/" {
6185a5eeccaSmarks return (SLASH);
6195a5eeccaSmarks }
6205a5eeccaSmarks <AIS>"\n" {
6215a5eeccaSmarks acl_error(
6225b233e2dSmarks dgettext(TEXT_DOMAIN,
6235b233e2dSmarks "Invalid ACL specification."
62494d2b9abSmarks "\nWas expecting to find"
62594d2b9abSmarks " access type or inheritance flags.\n"),
62694d2b9abSmarks yylval.str);
6275a5eeccaSmarks yylval.val = EACL_UNKNOWN_DATA;
6285a5eeccaSmarks return (ERROR);
6295a5eeccaSmarks }
630f92daba9Smarks <AIS>"," {
631f92daba9Smarks acl_error(
632f92daba9Smarks dgettext(TEXT_DOMAIN,
633f92daba9Smarks "The ',' is not a valid inheritance field "
634f92daba9Smarks "separator.\nThe comma is used to separate "
635bbf21555SRichard Lowe "access control entries.\nSee acl(7) for "
636f92daba9Smarks "examples of specifying ACL entries.\n"));
637f92daba9Smarks yylval.val = EACL_INVALID_ACCESS_TYPE;
638f92daba9Smarks return (ERROR);
639f92daba9Smarks }
6405a5eeccaSmarks <AIS>. {
6415a5eeccaSmarks if (yytext[0] != '\n' && yytext[0] != '\0') {
642e2c4eff1Smarks if (grab_string(":,\n") != 0) {
6435b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN,
6445b233e2dSmarks "Failed to "
64594d2b9abSmarks "retrieve error "
64694d2b9abSmarks "string.\n"));
6475a5eeccaSmarks yylval.val = EACL_MEM_ERROR;
6485a5eeccaSmarks return (ERROR);
6495a5eeccaSmarks }
6505a5eeccaSmarks acl_error(
6515b233e2dSmarks dgettext(TEXT_DOMAIN,
6525b233e2dSmarks "Invalid inheritance or"
653*53312454SGordon Ross " access type '%s' specified.\n"),
654*53312454SGordon Ross yylval.str);
6555a5eeccaSmarks } else {
6565a5eeccaSmarks acl_error(
6575b233e2dSmarks dgettext(TEXT_DOMAIN,
6585b233e2dSmarks "No inheritance or "
65994d2b9abSmarks "access type specified.\n"),
6605a5eeccaSmarks yylval.str);
6615a5eeccaSmarks }
6625a5eeccaSmarks
6635a5eeccaSmarks free(yylval.str);
6645a5eeccaSmarks yylval.val = EACL_INVALID_ACCESS_TYPE;
6655a5eeccaSmarks return (ERROR);
6665a5eeccaSmarks }
667e2c4eff1Smarks <US>{ID}/[,\n] {
6685a5eeccaSmarks BEGIN ES;
6695f41bf46SMark Shellenbaum yylval.str = strdup(yytext);
6705f41bf46SMark Shellenbaum if (yylval.str == NULL) {
6715f41bf46SMark Shellenbaum yylval.val = EACL_MEM_ERROR;
6725f41bf46SMark Shellenbaum return (ERROR);
6735f41bf46SMark Shellenbaum }
6745f41bf46SMark Shellenbaum yystrings.y_idstr = yylval.str;
6755a5eeccaSmarks return (ID);
6765a5eeccaSmarks }
6775f41bf46SMark Shellenbaum <US>{SID}/[,\n] {
6785f41bf46SMark Shellenbaum BEGIN ES;
6795f41bf46SMark Shellenbaum yylval.str = strdup(yytext);
6805f41bf46SMark Shellenbaum if (yylval.str == NULL) {
6815f41bf46SMark Shellenbaum yylval.val = EACL_MEM_ERROR;
6825f41bf46SMark Shellenbaum return (ERROR);
6835f41bf46SMark Shellenbaum }
6845f41bf46SMark Shellenbaum yystrings.y_idstr = yylval.str;
6855f41bf46SMark Shellenbaum return (SID);
6865f41bf46SMark Shellenbaum }
68794d2b9abSmarks <US>: {
68894d2b9abSmarks return (COLON);
68994d2b9abSmarks }
69094d2b9abSmarks <US>{INHERIT_STR} { /*
69194d2b9abSmarks * Catch specific error to produce
69294d2b9abSmarks * nice message for users who are trying
69394d2b9abSmarks * to use old syntax format which had
69494d2b9abSmarks * inheritance flags as the last field.
69594d2b9abSmarks */
6965b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN,
6975b233e2dSmarks "Access type should be final"
69894d2b9abSmarks " field in ACL specification.\n"));
69994d2b9abSmarks yylval.val = EACL_ENTRY_ERROR;
70094d2b9abSmarks return (ERROR);
70194d2b9abSmarks }
702*53312454SGordon Ross <US>. {
7035a5eeccaSmarks if (grab_string(",\n") != 0) {
7045b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN,
7055b233e2dSmarks "Failed to retrieve"
706*53312454SGordon Ross " error string.\n"));
7075a5eeccaSmarks yylval.val = EACL_MEM_ERROR;
7085a5eeccaSmarks return (ERROR);
7095a5eeccaSmarks }
7105a5eeccaSmarks acl_error(
7115b233e2dSmarks dgettext(TEXT_DOMAIN,
712*53312454SGordon Ross "Invalid data ':%s' specified"
71394d2b9abSmarks " on end of ACL.\n"), yylval.str);
7145a5eeccaSmarks free(yylval.str);
7155a5eeccaSmarks yylval.val = EACL_ENTRY_ERROR;
7165a5eeccaSmarks return (ERROR);
7175a5eeccaSmarks }
7185a5eeccaSmarks <US>"\n" {
7195b233e2dSmarks acl_error(dgettext(TEXT_DOMAIN,
7205b233e2dSmarks "Missing fields in ACL "
72194d2b9abSmarks "specification.\nWas expecting to find "
72294d2b9abSmarks "uid/gid.\n"));
7235a5eeccaSmarks yylval.val = EACL_ENTRY_ERROR;
7245a5eeccaSmarks return (ERROR);
7255a5eeccaSmarks }
7265a5eeccaSmarks <ES>"," {
7275a5eeccaSmarks BEGIN TS;
7285a5eeccaSmarks return (COMMA);
7295a5eeccaSmarks }
7305a5eeccaSmarks <ES>. {
731e2c4eff1Smarks if (grab_string("/:,\n") != 0) {
7325a5eeccaSmarks acl_error(
7335b233e2dSmarks dgettext(TEXT_DOMAIN,
7345b233e2dSmarks "Failed to retrieve error"
735*53312454SGordon Ross " string.\n"));
7365a5eeccaSmarks yylval.val = EACL_MEM_ERROR;
7375a5eeccaSmarks return (ERROR);
7385a5eeccaSmarks }
7395a5eeccaSmarks acl_error(
7405b233e2dSmarks dgettext(TEXT_DOMAIN,
7415b233e2dSmarks "Unrecognized data '%s' found"
742*53312454SGordon Ross " in ACL specification.\n"), yylval.str);
7435a5eeccaSmarks free(yylval.str);
7445a5eeccaSmarks yylval.val = EACL_UNKNOWN_DATA;
7455a5eeccaSmarks return (ERROR);
7465a5eeccaSmarks }
7475a5eeccaSmarks <ES>"\n" {
7485a5eeccaSmarks return (NL);
7495a5eeccaSmarks }
7505a5eeccaSmarks %%
7515a5eeccaSmarks
7525a5eeccaSmarks
7535a5eeccaSmarks /*
754e2c4eff1Smarks * Pull string up to terminator off of input string.
7555a5eeccaSmarks * used for retrieving illegal data in ACL specification.
756e2c4eff1Smarks *
757e2c4eff1Smarks * The first set of characters is retrieved from yytext.
758da6c28aaSamw * subsequent characters are pulled from the input stream,
759e2c4eff1Smarks * until either EOF or one of the requested terminators is scene.
760e2c4eff1Smarks * Result is returned in yylval.str which is malloced.
7615a5eeccaSmarks */
7625a5eeccaSmarks int
7635a5eeccaSmarks grab_string(char *terminators)
7645a5eeccaSmarks {
7655a5eeccaSmarks int c;
7665a5eeccaSmarks int done = 0;
7675a5eeccaSmarks int cnt;
7685a5eeccaSmarks int alloced;
7695a5eeccaSmarks int error = 0;
7705a5eeccaSmarks char *ptr;
771*53312454SGordon Ross
7725a5eeccaSmarks cnt = strlen(yytext);
7735a5eeccaSmarks yylval.str = calloc(cnt + 1, sizeof (char));
7745a5eeccaSmarks if (yylval.str == NULL) {
7755a5eeccaSmarks return (1);
7765a5eeccaSmarks }
7775a5eeccaSmarks alloced = cnt + 1;
7785a5eeccaSmarks strcpy(yylval.str, yytext);
7795a5eeccaSmarks
7805a5eeccaSmarks do {
7815a5eeccaSmarks c = input();
782*53312454SGordon Ross if (c == EOF)
7835a5eeccaSmarks break;
7845a5eeccaSmarks
7855a5eeccaSmarks for (ptr = terminators; *ptr; ptr++) {
7865a5eeccaSmarks if (c == *ptr) {
7875a5eeccaSmarks done = 1;
7885a5eeccaSmarks break;
7895a5eeccaSmarks }
7905a5eeccaSmarks }
791*53312454SGordon Ross
7925a5eeccaSmarks if (done)
7935a5eeccaSmarks break;
794*53312454SGordon Ross
795e2c4eff1Smarks if (cnt + 1 >= alloced) {
7965a5eeccaSmarks yylval.str = realloc(yylval.str,
7975a5eeccaSmarks alloced + 80);
7985a5eeccaSmarks alloced += 80;
7995a5eeccaSmarks if (yylval.str == NULL)
8005a5eeccaSmarks return (1);
8015a5eeccaSmarks
8025a5eeccaSmarks memset(yylval.str + cnt, 0,
8035a5eeccaSmarks alloced - strlen(yylval.str));
8045a5eeccaSmarks }
8055a5eeccaSmarks yylval.str[strlen(yylval.str)] = c;
8065a5eeccaSmarks cnt++;
8075a5eeccaSmarks } while (!done);
8085a5eeccaSmarks
8095a5eeccaSmarks return (error);
8105a5eeccaSmarks }
8115a5eeccaSmarks
8125a5eeccaSmarks static int
input(void)8135a5eeccaSmarks input(void)
8145a5eeccaSmarks {
8155a5eeccaSmarks int c;
8165a5eeccaSmarks
8175a5eeccaSmarks c = yybuf[yybufpos++];
8185a5eeccaSmarks if (c == '\0') {
8195a5eeccaSmarks return (EOF);
8205a5eeccaSmarks }
8215a5eeccaSmarks
822*53312454SGordon Ross return (c);
8235a5eeccaSmarks }
8245a5eeccaSmarks
8255a5eeccaSmarks static void
unput(int c)8265a5eeccaSmarks unput(int c)
8275a5eeccaSmarks {
8285a5eeccaSmarks if (c == '\0') {
8295a5eeccaSmarks return;
8305a5eeccaSmarks }
8315a5eeccaSmarks
8325a5eeccaSmarks if (yybufpos > 0) {
8335a5eeccaSmarks --yybufpos;
8345a5eeccaSmarks }
8355a5eeccaSmarks }
8365a5eeccaSmarks
837*53312454SGordon Ross static int sid_isuser = 0;
838*53312454SGordon Ross
8395a5eeccaSmarks /*
8405a5eeccaSmarks * return ACE entry type
8415a5eeccaSmarks */
8425a5eeccaSmarks int
ace_entry_type(int type)8435a5eeccaSmarks ace_entry_type(int type)
8445a5eeccaSmarks {
8455a5eeccaSmarks int ret = -1;
8465a5eeccaSmarks switch (type) {
847*53312454SGordon Ross case BARE_SID_TOK:
848*53312454SGordon Ross if (sid_isuser == 0)
849*53312454SGordon Ross ret = ACE_IDENTIFIER_GROUP;
850*53312454SGordon Ross else
851*53312454SGordon Ross ret = 0;
852*53312454SGordon Ross break;
8535a5eeccaSmarks case USER_TOK:
854b249c65cSmarks case USER_SID_TOK:
8555a5eeccaSmarks ret = 0;
8565a5eeccaSmarks break;
8575a5eeccaSmarks case GROUP_TOK:
858b249c65cSmarks case GROUP_SID_TOK:
8595a5eeccaSmarks ret = ACE_IDENTIFIER_GROUP;
8605a5eeccaSmarks break;
8615a5eeccaSmarks case OWNERAT_TOK:
8625a5eeccaSmarks ret = ACE_OWNER;
8635a5eeccaSmarks break;
8645a5eeccaSmarks case GROUPAT_TOK:
8655a5eeccaSmarks ret = ACE_IDENTIFIER_GROUP | ACE_GROUP;
8665a5eeccaSmarks break;
8675a5eeccaSmarks case EVERYONEAT_TOK:
8685a5eeccaSmarks ret = ACE_EVERYONE;
8695a5eeccaSmarks break;
8705a5eeccaSmarks }
8715a5eeccaSmarks return (ret);
8725a5eeccaSmarks }
8735a5eeccaSmarks
8745a5eeccaSmarks
8755a5eeccaSmarks /*
8765a5eeccaSmarks * return aclent entry type
8775a5eeccaSmarks */
8785a5eeccaSmarks int
aclent_entry_type(int type,int owning,int * ret)8795a5eeccaSmarks aclent_entry_type(int type, int owning, int *ret)
8805a5eeccaSmarks {
8815a5eeccaSmarks
8825a5eeccaSmarks *ret = 0;
8835a5eeccaSmarks
8845a5eeccaSmarks switch (type) {
8855a5eeccaSmarks case USER_TOK:
8865a5eeccaSmarks *ret = (owning == 0) ? USER : USER_OBJ;
8875a5eeccaSmarks break;
8885a5eeccaSmarks case GROUP_TOK:
8895a5eeccaSmarks *ret = (owning == 0) ? GROUP : GROUP_OBJ;
8905a5eeccaSmarks break;
8915a5eeccaSmarks case OTHER_TOK:
8925a5eeccaSmarks *ret = OTHER_OBJ;
8935a5eeccaSmarks break;
8945a5eeccaSmarks case MASK_TOK:
8955a5eeccaSmarks *ret = CLASS_OBJ;
8965a5eeccaSmarks break;
8975a5eeccaSmarks case DEFAULT_USER_TOK:
8985a5eeccaSmarks *ret = (owning == 0) ? DEF_USER : DEF_USER_OBJ;
8995a5eeccaSmarks break;
9005a5eeccaSmarks case DEFAULT_GROUP_TOK:
9015a5eeccaSmarks *ret = (owning == 0) ? DEF_GROUP : DEF_GROUP_OBJ;
9025a5eeccaSmarks break;
9035a5eeccaSmarks case DEFAULT_MASK_TOK:
9045a5eeccaSmarks *ret = DEF_CLASS_OBJ;
9055a5eeccaSmarks break;
9065a5eeccaSmarks case DEFAULT_OTHER_TOK:
9075a5eeccaSmarks *ret = DEF_OTHER_OBJ;
9085a5eeccaSmarks break;
9095a5eeccaSmarks default:
9105a5eeccaSmarks return (EACL_ENTRY_ERROR);
9115a5eeccaSmarks }
9125a5eeccaSmarks
9135a5eeccaSmarks return (0);
9145a5eeccaSmarks }
9155a5eeccaSmarks
9165a5eeccaSmarks /*
9175a5eeccaSmarks * convert string into numeric id.
9185a5eeccaSmarks */
9195a5eeccaSmarks static int
acl_str_to_id(char * str,uid_t * id)920b249c65cSmarks acl_str_to_id(char *str, uid_t *id)
9215a5eeccaSmarks {
9225a5eeccaSmarks char *end;
9235a5eeccaSmarks uid_t value;
9245a5eeccaSmarks
925ee519a1fSgjelinek errno = 0;
926da6c28aaSamw value = strtoul(str, &end, 10);
9275a5eeccaSmarks
9285a5eeccaSmarks if (errno != 0 || *end != '\0')
9295a5eeccaSmarks return (EACL_INVALID_USER_GROUP);
9305a5eeccaSmarks
9315a5eeccaSmarks *id = value;
9325a5eeccaSmarks
9335a5eeccaSmarks return (0);
9345a5eeccaSmarks }
9355a5eeccaSmarks
9365a5eeccaSmarks /*
9375a5eeccaSmarks * determine either uid/gid for given entry type
9385a5eeccaSmarks */
9395a5eeccaSmarks int
get_id(int entry_type,char * name,uid_t * id)940b249c65cSmarks get_id(int entry_type, char *name, uid_t *id)
9415a5eeccaSmarks {
9425a5eeccaSmarks struct passwd *pw;
9435a5eeccaSmarks struct group *gr;
944b249c65cSmarks int error = 0;
945b249c65cSmarks
946b249c65cSmarks switch (entry_type) {
947b249c65cSmarks case USER_TOK:
948b249c65cSmarks case DEFAULT_USER_TOK:
949b249c65cSmarks if ((error = acl_str_to_id(name, id)) == 0)
950b249c65cSmarks break;
951b249c65cSmarks pw = getpwnam(name);
952b249c65cSmarks if (pw) {
953b249c65cSmarks *id = pw->pw_uid;
954b249c65cSmarks error = 0;
955*53312454SGordon Ross }
956b249c65cSmarks break;
957b249c65cSmarks
958b249c65cSmarks case GROUP_TOK:
959b249c65cSmarks case DEFAULT_GROUP_TOK:
960b249c65cSmarks if ((error = acl_str_to_id(name, id)) == 0)
961b249c65cSmarks break;
962b249c65cSmarks gr = getgrnam(name);
963b249c65cSmarks if (gr) {
964b249c65cSmarks *id = gr->gr_gid;
965b249c65cSmarks error = 0;
966*53312454SGordon Ross }
967b249c65cSmarks break;
968b249c65cSmarks case USER_SID_TOK:
969b249c65cSmarks if (sid_to_id(name, B_TRUE, id))
970b249c65cSmarks error = EACL_INVALID_USER_GROUP;
971b249c65cSmarks break;
972b249c65cSmarks
973b249c65cSmarks case GROUP_SID_TOK:
974b249c65cSmarks if (sid_to_id(name, B_FALSE, id))
975b249c65cSmarks error = EACL_INVALID_USER_GROUP;
976b249c65cSmarks break;
977*53312454SGordon Ross
978*53312454SGordon Ross case BARE_SID_TOK:
979*53312454SGordon Ross if (sid_to_xid(name, &sid_isuser, id))
980*53312454SGordon Ross error = EACL_INVALID_USER_GROUP;
981*53312454SGordon Ross break;
982b249c65cSmarks }
983e9dd6a75Smarks
984e9dd6a75Smarks return (error);
9855a5eeccaSmarks }
986b249c65cSmarks
9875f41bf46SMark Shellenbaum int
get_id_nofail(int entry_type,char * name)9885f41bf46SMark Shellenbaum get_id_nofail(int entry_type, char *name)
9895f41bf46SMark Shellenbaum {
9905f41bf46SMark Shellenbaum uid_t id;
9915f41bf46SMark Shellenbaum
9925f41bf46SMark Shellenbaum if (get_id(entry_type, name, &id))
9935f41bf46SMark Shellenbaum return (UID_NOBODY);
9945f41bf46SMark Shellenbaum else
9955f41bf46SMark Shellenbaum return (id);
9965f41bf46SMark Shellenbaum }
9975f41bf46SMark Shellenbaum
9985a5eeccaSmarks /*
9995a5eeccaSmarks * reset beginning state to TS and set character position
10005a5eeccaSmarks * back to zero.
10015a5eeccaSmarks */
10025a5eeccaSmarks void
yyreset()10035a5eeccaSmarks yyreset()
10045a5eeccaSmarks {
10055a5eeccaSmarks yybufpos = 0;
1006ec965100Smarks memset(&yystrings, 0, sizeof (yystrings));
10075a5eeccaSmarks BEGIN TS;
10085a5eeccaSmarks }
10095a5eeccaSmarks
1010ec965100Smarks void
yycleanup()1011ec965100Smarks yycleanup()
1012ec965100Smarks {
1013ec965100Smarks if (yystrings.y_logname)
1014ec965100Smarks free(yystrings.y_logname);
1015ec965100Smarks if (yystrings.y_perms)
1016ec965100Smarks free(yystrings.y_perms);
1017ec965100Smarks if (yystrings.y_iflags)
1018ec965100Smarks free(yystrings.y_iflags);
10195f41bf46SMark Shellenbaum if (yystrings.y_idstr)
10205f41bf46SMark Shellenbaum free(yystrings.y_idstr);
1021ec965100Smarks yystrings.y_logname = NULL;
1022ec965100Smarks yystrings.y_perms = NULL;
1023ec965100Smarks yystrings.y_iflags = NULL;
10245f41bf46SMark Shellenbaum yystrings.y_idstr = NULL;
1025ec965100Smarks }
1026