FreeBSD/Linux Kernel Cross Reference
sys/sys/acl.h
1 /*-
2 * Copyright (c) 1999, 2000 Robert N. M. Watson
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 * $FreeBSD$
27 */
28
29 /*
30 * Userland/kernel interface for Access Control Lists.
31 *
32 * The POSIX.1e implementation page may be reached at:
33 * http://www.watson.org/fbsd-hardening/posix1e/
34 */
35
36 #ifndef _SYS_ACL_H
37 #define _SYS_ACL_H
38
39 /*
40 * POSIX.1e ACL types and related constants
41 */
42
43 #define ACL_MAX_ENTRIES 32 /* maximum entries in an ACL */
44 #define _POSIX_ACL_PATH_MAX ACL_MAX_ENTRIES
45
46 typedef int acl_type_t;
47 typedef int acl_tag_t;
48 typedef mode_t acl_perm_t;
49
50 struct acl_entry {
51 acl_tag_t ae_tag;
52 uid_t ae_id;
53 acl_perm_t ae_perm;
54 };
55 typedef struct acl_entry *acl_entry_t;
56
57 struct acl {
58 int acl_cnt;
59 struct acl_entry acl_entry[ACL_MAX_ENTRIES];
60 };
61 typedef struct acl *acl_t;
62
63 /*
64 * Possible valid values for a_tag of acl_entry_t
65 */
66 #define ACL_USER_OBJ 0x00000001
67 #define ACL_USER 0x00000002
68 #define ACL_GROUP_OBJ 0x00000004
69 #define ACL_GROUP 0x00000008
70 #define ACL_MASK 0x00000010
71 #define ACL_OTHER 0x00000020
72 #define ACL_OTHER_OBJ ACL_OTHER
73
74 /*
75 * Possible valid values a_type_t arguments
76 */
77 #define ACL_TYPE_ACCESS 0x00000000
78 #define ACL_TYPE_DEFAULT 0x00000001
79 #define ACL_TYPE_AFS 0x00000002
80 #define ACL_TYPE_CODA 0x00000003
81 #define ACL_TYPE_NTFS 0x00000004
82 #define ACL_TYPE_NWFS 0x00000005
83
84 /*
85 * Possible flags in a_perm field
86 */
87 #define ACL_PERM_EXEC 0x0001
88 #define ACL_PERM_WRITE 0x0002
89 #define ACL_PERM_READ 0x0004
90 #define ACL_PERM_NONE 0x0000
91 #define ACL_PERM_BITS (ACL_PERM_EXEC | ACL_PERM_WRITE | ACL_PERM_READ)
92 #define ACL_POSIX1E_BITS (ACL_PERM_EXEC | ACL_PERM_WRITE | ACL_PERM_READ)
93
94 #ifdef _KERNEL
95
96 /*
97 * Storage for ACLs and support structures
98 */
99 #ifdef MALLOC_DECLARE
100 MALLOC_DECLARE(M_ACL);
101 #endif
102
103 #else /* !_KERNEL */
104
105 /*
106 * Syscall interface -- use the library calls instead as the syscalls
107 * have strict acl entry ordering requirements
108 */
109 __BEGIN_DECLS
110 int __acl_aclcheck_fd(int _filedes, acl_type_t _type, struct acl *_aclp);
111 int __acl_aclcheck_file(const char *_path, acl_type_t _type,
112 struct acl *_aclp);
113 int __acl_delete_fd(int _filedes, acl_type_t _type);
114 int __acl_delete_file(const char *_path_p, acl_type_t _type);
115 int __acl_get_fd(int _filedes, acl_type_t _type, struct acl *_aclp);
116 int __acl_get_file(const char *_path, acl_type_t _type, struct acl *_aclp);
117 int __acl_set_fd(int _filedes, acl_type_t _type, struct acl *_aclp);
118 int __acl_set_file(const char *_path, acl_type_t _type, struct acl *_aclp);
119 __END_DECLS
120
121 /*
122 * Supported POSIX.1e ACL manipulation and assignment/retrieval API
123 * _np calls are local extensions that reflect an environment capable of
124 * opening file descriptors of directories, and allowing additional
125 * ACL type for different file systems (i.e., AFS)
126 */
127 __BEGIN_DECLS
128 int acl_delete_fd_np(int _filedes, acl_type_t _type);
129 int acl_delete_file_np(const char *_path_p, acl_type_t _type);
130 int acl_delete_def_file(const char *_path_p);
131 acl_t acl_dup(acl_t _acl);
132 int acl_free(void *_obj_p);
133 acl_t acl_from_text(const char *_buf_p);
134 acl_t acl_get_fd(int _fd);
135 acl_t acl_get_fd_np(int fd, acl_type_t _type);
136 acl_t acl_get_file(const char *_path_p, acl_type_t _type);
137 acl_t acl_init(int _count);
138 int acl_set_fd(int _fd, acl_t _acl);
139 int acl_set_fd_np(int _fd, acl_t _acl, acl_type_t _type);
140 int acl_set_file(const char *_path_p, acl_type_t _type, acl_t _acl);
141 char *acl_to_text(acl_t _acl, ssize_t *_len_p);
142 int acl_valid(acl_t _acl);
143 int acl_valid_fd_np(int _fd, acl_type_t _type, acl_t _acl);
144 int acl_valid_file_np(const char *_path_p, acl_type_t _type, acl_t _acl);
145 __END_DECLS
146
147 #endif /* !_KERNEL */
148
149 #endif /* !_SYS_ACL_H */
Cache object: e138e4bcd15ff293bea0cbd060145ebd
|