/*

  File: setfacl.c

  (Linux Access Control List Management)

  Copyright (C) 1999-2002

  Andreas Gruenbacher, <a.gruenbacher@bestbits.at>

  This program is free software; you can redistribute it and/or

  modify it under the terms of the GNU Lesser General Public

  License as published by the Free Software Foundation; either

  version 2.1 of the License, or (at your option) any later version.

  This program is distributed in the hope that it will be useful,

  but WITHOUT ANY WARRANTY; without even the implied warranty of

  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public

  License along with this library; if not, write to the Free Software

  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

*/

#include "config.h"

#include <limits.h>

#include <stdio.h>

#include <string.h>

#include <unistd.h>

#include <errno.h>

#include <sys/stat.h>

#include <dirent.h>

#include <libgen.h>

#include <getopt.h>

#include "misc.h"

#include "sequence.h"

#include "parse.h"

#include "do_set.h"

#include "walk_tree.h"

#define POSIXLY_CORRECT_STR "POSIXLY_CORRECT"

/* '-' stands for `process non-option arguments in loop' */

#if !POSIXLY_CORRECT

#  define CMD_LINE_OPTIONS "-:bkndvhm:M:x:X:RLP"

#  define CMD_LINE_SPEC "[-bkndRLP] { -m|-M|-x|-X ... } file ..."

#endif

#define POSIXLY_CMD_LINE_OPTIONS "-:bkndvhm:M:x:X:"

#define POSIXLY_CMD_LINE_SPEC "[-bknd] {-m|-M|-x|-X ... } file ..."

struct option long_options[] = {

#if !POSIXLY_CORRECT

	{ "set",		1, 0, 's' },

	{ "set-file",		1, 0, 'S' },

	{ "mask",		0, 0, 'r' },

	{ "recursive",		0, 0, 'R' },

	{ "logical",		0, 0, 'L' },

	{ "physical",		0, 0, 'P' },

	{ "restore",		1, 0, 'B' },

	{ "test",		0, 0, 't' },

#endif

	{ "modify",		1, 0, 'm' },

	{ "modify-file",	1, 0, 'M' },

	{ "remove",		1, 0, 'x' },

	{ "remove-file",	1, 0, 'X' },

	{ "default",		0, 0, 'd' },

	{ "no-mask",		0, 0, 'n' },

	{ "remove-all",		0, 0, 'b' },

	{ "remove-default",	0, 0, 'k' },

	{ "version",		0, 0, 'v' },

	{ "help",		0, 0, 'h' },

	{ NULL,			0, 0, 0   },

};

const char *progname;

const char *cmd_line_options, *cmd_line_spec;

int walk_flags = WALK_TREE_DEREFERENCE_TOPLEVEL;

int opt_recalculate;  /* recalculate mask entry (0=default, 1=yes, -1=no) */

int opt_promote;  /* promote access ACL to default ACL */

int opt_test;  /* do not write to the file system.

                      Print what would happen instead. */

#if POSIXLY_CORRECT

const int posixly_correct = 1;  /* Posix compatible behavior! */

#else

int posixly_correct;  /* Posix compatible behavior? */

#endif

int chown_error;

int promote_warning;

static const char *xquote(const char *str, const char *quote_chars)

{

	const char *q = __acl_quote(str, quote_chars);

	if (q == NULL) {

		fprintf(stderr, "%s: %s\n", progname, strerror(errno));

		exit(1);

	}

	return q;

}

int

has_any_of_type(

	cmd_t cmd,

	acl_type_t acl_type)

{

	while (cmd) {

		if (cmd->c_type == acl_type)

			return 1;

		cmd = cmd->c_next;

	}

	return 0;

}

#if !POSIXLY_CORRECT

int

restore(

	FILE *file,

	const char *filename)

{

	char *path_p;

	struct stat st;

	uid_t uid;

	gid_t gid;

	mode_t mask, flags;

	struct do_set_args args = { };

	int lineno = 0, backup_line;

	int error, status = 0;

	int chmod_required = 0;

	memset(&st, 0, sizeof(st));

	for(;;) {

		backup_line = lineno;

		error = read_acl_comments(file, &lineno, &path_p, &uid, &gid,

					  &flags);

		if (error < 0) {

			error = -error;

			goto fail;

		}

		if (error == 0)

			return status;

		if (path_p == NULL) {

			if (filename) {

				fprintf(stderr, _("%s: %s: No filename found "

						  "in line %d, aborting\n"),

					progname, xquote(filename, "\n\r"),

					backup_line);

			} else {

				fprintf(stderr, _("%s: No filename found in "

						 "line %d of standard input, "

						 "aborting\n"),

					progname, backup_line);

			}

			status = 1;

			goto getout;

		}

		if (!(args.seq = seq_init()))

			goto fail_errno;

		if (seq_append_cmd(args.seq, CMD_REMOVE_ACL, ACL_TYPE_ACCESS) ||

		    seq_append_cmd(args.seq, CMD_REMOVE_ACL, ACL_TYPE_DEFAULT))

			goto fail_errno;

		error = read_acl_seq(file, args.seq, CMD_ENTRY_REPLACE,

		                     SEQ_PARSE_WITH_PERM |

				     SEQ_PARSE_DEFAULT |

				     SEQ_PARSE_MULTI,

				     &lineno, NULL);

		if (error != 0) {

			fprintf(stderr, _("%s: %s: %s in line %d\n"),

			        progname, xquote(filename, "\n\r"), strerror(errno),

				lineno);

			status = 1;

			goto getout;

		}

		error = stat(path_p, &st);

		if (opt_test && error != 0) {

			fprintf(stderr, "%s: %s: %s\n", progname,

				xquote(path_p, "\n\r"), strerror(errno));

			status = 1;

		}

		args.mode = 0;

		error = do_set(path_p, &st, 0, &args);

		if (error != 0) {

			status = 1;

			goto resume;

		}

		if (uid != ACL_UNDEFINED_ID && uid != st.st_uid)

			st.st_uid = uid;

		else

			st.st_uid = -1;

		if (gid != ACL_UNDEFINED_ID && gid != st.st_gid)

			st.st_gid = gid;

		else

			st.st_gid = -1;

		if (!opt_test &&

		    (st.st_uid != -1 || st.st_gid != -1)) {

			if (chown(path_p, st.st_uid, st.st_gid) != 0) {

				fprintf(stderr, _("%s: %s: Cannot change "

					          "owner/group: %s\n"),

					progname, xquote(path_p, "\n\r"),

					strerror(errno));

				status = 1;

			}

			/* chown() clears setuid/setgid so force a chmod if

			 * S_ISUID/S_ISGID was expected */

			if ((st.st_mode & flags) & (S_ISUID | S_ISGID))

				chmod_required = 1;

		}

		mask = S_ISUID | S_ISGID | S_ISVTX;

		if (chmod_required || ((st.st_mode & mask) != (flags & mask))) {

			if (!args.mode)

				args.mode = st.st_mode;

			args.mode &= (S_IRWXU | S_IRWXG | S_IRWXO);

			if (chmod(path_p, flags | args.mode) != 0) {

				fprintf(stderr, _("%s: %s: Cannot change "

					          "mode: %s\n"),

					progname, xquote(path_p, "\n\r"),

					strerror(errno));

				status = 1;

			}

		}

resume:

		if (path_p) {

			free(path_p);

			path_p = NULL;

		}

		if (args.seq) {

			seq_free(args.seq);

			args.seq = NULL;

		}

	}

getout:

	if (path_p) {

		free(path_p);

		path_p = NULL;

	}

	if (args.seq) {

		seq_free(args.seq);

		args.seq = NULL;

	}

	return status;

fail_errno:

	error = errno;

fail:

	fprintf(stderr, "%s: %s: %s\n", progname, xquote(filename, "\n\r"),

		strerror(error));

	status = 1;

	goto getout;

}

#endif

void help(void)

{

	printf(_("%s %s -- set file access control lists\n"),

		progname, VERSION);

	printf(_("Usage: %s %s\n"),

		progname, cmd_line_spec);

	printf(_(

"  -m, --modify=acl        modify the current ACL(s) of file(s)\n"

"  -M, --modify-file=file  read ACL entries to modify from file\n"

"  -x, --remove=acl        remove entries from the ACL(s) of file(s)\n"

"  -X, --remove-file=file  read ACL entries to remove from file\n"

"  -b, --remove-all        remove all extended ACL entries\n"

"  -k, --remove-default    remove the default ACL\n"));

#if !POSIXLY_CORRECT

	if (!posixly_correct) {

		printf(_(

"      --set=acl           set the ACL of file(s), replacing the current ACL\n"

"      --set-file=file     read ACL entries to set from file\n"

"      --mask              do recalculate the effective rights mask\n"));

	}

#endif

  	printf(_(

"  -n, --no-mask           don't recalculate the effective rights mask\n"

"  -d, --default           operations apply to the default ACL\n"));

#if !POSIXLY_CORRECT

	if (!posixly_correct) {

		printf(_(

"  -R, --recursive         recurse into subdirectories\n"

"  -L, --logical           logical walk, follow symbolic links\n"

"  -P, --physical          physical walk, do not follow symbolic links\n"

"      --restore=file      restore ACLs (inverse of `getfacl -R')\n"

"      --test              test mode (ACLs are not modified)\n"));

	}

#endif

	printf(_(

"  -v, --version           print version and exit\n"

"  -h, --help              this help text\n"));

}

int next_file(const char *arg, seq_t seq)

{

	char *line;

	int errors = 0;

	struct do_set_args args;

	args.seq = seq;

	if (strcmp(arg, "-") == 0) {

		while ((line = __acl_next_line(stdin)))

			errors = walk_tree(line, walk_flags, 0, do_set, &args);

		if (!feof(stdin)) {

			fprintf(stderr, _("%s: Standard input: %s\n"),

				progname, strerror(errno));

			errors = 1;

		}

	} else {

		errors = walk_tree(arg, walk_flags, 0, do_set, &args);

	}

	return errors ? 1 : 0;

}

#define ERRNO_ERROR(s) \

	({status = (s); goto errno_error; })

int main(int argc, char *argv[])

{

	int opt;

	int saw_files = 0;

	int status = 0;

	FILE *file;

	int which;

	int lineno;

	int error;

	seq_t seq;

	int seq_cmd, parse_mode;

	progname = basename(argv[0]);

#if POSIXLY_CORRECT

	cmd_line_options = POSIXLY_CMD_LINE_OPTIONS;

	cmd_line_spec = _(POSIXLY_CMD_LINE_SPEC);

#else

	if (getenv(POSIXLY_CORRECT_STR))

		posixly_correct = 1;

	if (!posixly_correct) {

		cmd_line_options = CMD_LINE_OPTIONS;

		cmd_line_spec = _(CMD_LINE_SPEC);

	} else {

		cmd_line_options = POSIXLY_CMD_LINE_OPTIONS;

		cmd_line_spec = _(POSIXLY_CMD_LINE_SPEC);

	}

#endif

	setlocale(LC_CTYPE, "");

	setlocale(LC_MESSAGES, "");

	bindtextdomain(PACKAGE, LOCALEDIR);

	textdomain(PACKAGE);

	seq = seq_init();

	if (!seq)

		ERRNO_ERROR(1);

	while ((opt = getopt_long(argc, argv, cmd_line_options,

		                  long_options, NULL)) != -1) {

		/* we remember the two REMOVE_ACL commands of the set

		   operations because we may later need to delete them.  */

		cmd_t seq_remove_default_acl_cmd = NULL;

		cmd_t seq_remove_acl_cmd = NULL;

		if (opt != '\1' && saw_files) {

			seq_free(seq);

			seq = seq_init();

			if (!seq)

				ERRNO_ERROR(1);

			saw_files = 0;

		}

		switch (opt) {

			case 'b':  /* remove all extended entries */

				if (seq_append_cmd(seq, CMD_REMOVE_EXTENDED_ACL,

				                        ACL_TYPE_ACCESS) ||

				    seq_append_cmd(seq, CMD_REMOVE_ACL,

				                        ACL_TYPE_DEFAULT))

					ERRNO_ERROR(1);

				break;

			case 'k':  /* remove default ACL */

				if (seq_append_cmd(seq, CMD_REMOVE_ACL,

				                        ACL_TYPE_DEFAULT))

					ERRNO_ERROR(1);

				break;

			case 'n':  /* do not recalculate mask */

				opt_recalculate = -1;

				break;

			case 'r':  /* force recalculate mask */

				opt_recalculate = 1;

				break;

			case 'd':  /*  operations apply to default ACL */

				opt_promote = 1;

				break;

			case 's':  /* set */

				if (seq_append_cmd(seq, CMD_REMOVE_ACL,

					                ACL_TYPE_ACCESS))

					ERRNO_ERROR(1);

				seq_remove_acl_cmd = seq->s_last;

				if (seq_append_cmd(seq, CMD_REMOVE_ACL,

				                        ACL_TYPE_DEFAULT))

					ERRNO_ERROR(1);

				seq_remove_default_acl_cmd = seq->s_last;

				seq_cmd = CMD_ENTRY_REPLACE;

				parse_mode = SEQ_PARSE_WITH_PERM;

				goto set_modify_delete;

			case 'm':  /* modify */

				seq_cmd = CMD_ENTRY_REPLACE;

				parse_mode = SEQ_PARSE_WITH_PERM;

				goto set_modify_delete;

			case 'x':  /* delete */

				seq_cmd = CMD_REMOVE_ENTRY;

#if POSIXLY_CORRECT

				parse_mode = SEQ_PARSE_ANY_PERM;

#else

				if (posixly_correct)

					parse_mode = SEQ_PARSE_ANY_PERM;

				else

					parse_mode = SEQ_PARSE_NO_PERM;

#endif

				goto set_modify_delete;

			set_modify_delete:

				if (!posixly_correct)

					parse_mode |= SEQ_PARSE_DEFAULT;

				if (opt_promote)

					parse_mode |= SEQ_PROMOTE_ACL;

				if (parse_acl_seq(seq, optarg, &which,

				                  seq_cmd, parse_mode) != 0) {

					if (which < 0 ||

					    (size_t) which >= strlen(optarg)) {

						fprintf(stderr, _(

							"%s: Option "

						        "-%c incomplete\n"),

							progname, opt);

					} else {

						fprintf(stderr, _(

							"%s: Option "

						        "-%c: %s near "

							"character %d\n"),

							progname, opt,

							strerror(errno),

							which+1);

					}

					status = 2;

					goto cleanup;

				}

				break;

			case 'S':  /* set from file */

				if (seq_append_cmd(seq, CMD_REMOVE_ACL,

					                ACL_TYPE_ACCESS))

					ERRNO_ERROR(1);

				seq_remove_acl_cmd = seq->s_last;

				if (seq_append_cmd(seq, CMD_REMOVE_ACL,

				                        ACL_TYPE_DEFAULT))

					ERRNO_ERROR(1);

				seq_remove_default_acl_cmd = seq->s_last;

				seq_cmd = CMD_ENTRY_REPLACE;

				parse_mode = SEQ_PARSE_WITH_PERM;

				goto set_modify_delete_from_file;

			case 'M':  /* modify from file */

				seq_cmd = CMD_ENTRY_REPLACE;

				parse_mode = SEQ_PARSE_WITH_PERM;

				goto set_modify_delete_from_file;

			case 'X':  /* delete from file */

				seq_cmd = CMD_REMOVE_ENTRY;

#if POSIXLY_CORRECT

				parse_mode = SEQ_PARSE_ANY_PERM;

#else

				if (posixly_correct)

					parse_mode = SEQ_PARSE_ANY_PERM;

				else

					parse_mode = SEQ_PARSE_NO_PERM;

#endif

				goto set_modify_delete_from_file;

			set_modify_delete_from_file:

				if (!posixly_correct)

					parse_mode |= SEQ_PARSE_DEFAULT;

				if (opt_promote)

					parse_mode |= SEQ_PROMOTE_ACL;

				if (strcmp(optarg, "-") == 0) {

					file = stdin;

				} else {

					file = fopen(optarg, "r");

					if (file == NULL) {

						fprintf(stderr, "%s: %s: %s\n",

							progname,

							xquote(optarg, "\n\r"),

							strerror(errno));

						status = 2;

						goto cleanup;

					}

				}

				lineno = 0;

				error = read_acl_seq(file, seq, seq_cmd,

				                     parse_mode, &lineno, NULL);

				if (file != stdin) {

					fclose(file);

				}

				if (error) {

					if (!errno)

						errno = EINVAL;

					if (file != stdin) {

						fprintf(stderr, _(

							"%s: %s in line "

						        "%d of file %s\n"),

							progname,

							strerror(errno),

							lineno,

							xquote(optarg, "\n\r"));

					} else {

						fprintf(stderr, _(

							"%s: %s in line "

						        "%d of standard "

							"input\n"), progname,

							strerror(errno),

							lineno);

					}

					status = 2;

					goto cleanup;

				}

				break;

			case '\1':  /* file argument */

				if (seq_empty(seq))

					goto synopsis;

				saw_files = 1;

				status = next_file(optarg, seq);

				break;

			case 'B':  /* restore ACL backup */

				saw_files = 1;

				if (strcmp(optarg, "-") == 0)

					file = stdin;

				else {

					file = fopen(optarg, "r");

					if (file == NULL) {

						fprintf(stderr, "%s: %s: %s\n",

							progname,

							xquote(optarg, "\n\r"),

							strerror(errno));

						status = 2;

						goto cleanup;

					}

				}

				status = restore(file,

				               (file == stdin) ? NULL : optarg);

				if (file != stdin)

					fclose(file);

				if (status != 0)

					goto cleanup;

				break;

			case 'R':  /* recursive */

				walk_flags |= WALK_TREE_RECURSIVE;

				break;

			case 'L':  /* follow symlinks */

				walk_flags |= WALK_TREE_LOGICAL | WALK_TREE_DEREFERENCE;

				walk_flags &= ~WALK_TREE_PHYSICAL;

				break;

			case 'P':  /* do not follow symlinks */

				walk_flags |= WALK_TREE_PHYSICAL;

				walk_flags &= ~(WALK_TREE_LOGICAL | WALK_TREE_DEREFERENCE |

						WALK_TREE_DEREFERENCE_TOPLEVEL);

				break;

			case 't':  /* test mode */

				opt_test = 1;

				break;

			case 'v':  /* print version and exit */

				printf("%s " VERSION "\n", progname);

				status = 0;

				goto cleanup;

			case 'h':  /* help! */

				help();

				status = 0;

				goto cleanup;

			case ':':  /* option missing */

			case '?':  /* unknown option */

			default:

				goto synopsis;

		}

		if (seq_remove_acl_cmd) {

			/* This was a set operation. Check if there are

			   actually entries of ACL_TYPE_ACCESS; if there

			   are none, we need to remove this command! */

			if (!has_any_of_type(seq_remove_acl_cmd->c_next,

				            ACL_TYPE_ACCESS))

				seq_delete_cmd(seq, seq_remove_acl_cmd);

		}

		if (seq_remove_default_acl_cmd) {

			/* This was a set operation. Check if there are

			   actually entries of ACL_TYPE_DEFAULT; if there

			   are none, we need to remove this command! */

			if (!has_any_of_type(seq_remove_default_acl_cmd->c_next,

				            ACL_TYPE_DEFAULT))

				seq_delete_cmd(seq, seq_remove_default_acl_cmd);

		}

	}

	while (optind < argc) {

		if(!seq)

			goto synopsis;

		if (seq_empty(seq))

			goto synopsis;

		saw_files = 1;

		status = next_file(argv[optind++], seq);

	}

	if (!saw_files)

		goto synopsis;

	goto cleanup;

synopsis:

	fprintf(stderr, _("Usage: %s %s\n"),

		progname, cmd_line_spec);

	fprintf(stderr, _("Try `%s --help' for more information.\n"),

		progname);

	status = 2;

	goto cleanup;

errno_error:

	fprintf(stderr, "%s: %s\n", progname, strerror(errno));

	goto cleanup;

cleanup:

	if (seq)

		seq_free(seq);

	return status;

}