acl.h revision 108408
154263Sshin/*- 254263Sshin * Copyright (c) 1999-2001 Robert N. M. Watson 354263Sshin * All rights reserved. 454263Sshin * 554263Sshin * This software was developed by Robert Watson for the TrustedBSD Project. 654263Sshin * 754263Sshin * Redistribution and use in source and binary forms, with or without 854263Sshin * modification, are permitted provided that the following conditions 954263Sshin * are met: 1054263Sshin * 1. Redistributions of source code must retain the above copyright 1154263Sshin * notice, this list of conditions and the following disclaimer. 1254263Sshin * 2. Redistributions in binary form must reproduce the above copyright 1354263Sshin * notice, this list of conditions and the following disclaimer in the 1454263Sshin * documentation and/or other materials provided with the distribution. 1554263Sshin * 1654263Sshin * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1754263Sshin * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1854263Sshin * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1954263Sshin * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 2054263Sshin * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2154263Sshin * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2254263Sshin * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2354263Sshin * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2454263Sshin * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2554263Sshin * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2654263Sshin * SUCH DAMAGE. 2754263Sshin * 2854263Sshin * $FreeBSD: head/sys/sys/acl.h 108408 2002-12-29 20:30:00Z rwatson $ 2954263Sshin */ 3054263Sshin/* 3154263Sshin * Developed by the TrustedBSD Project. 3254263Sshin * Support for POSIX.1e access control lists. 3354263Sshin */ 3454263Sshin 3554263Sshin#ifndef _SYS_ACL_H 3654263Sshin#define _SYS_ACL_H 3754263Sshin 3854263Sshin/* 3954263Sshin * POSIX.1e ACL types and related constants. 4054263Sshin */ 4154263Sshin 4254263Sshin#define POSIX1E_ACL_ACCESS_EXTATTR_NAMESPACE EXTATTR_NAMESPACE_SYSTEM 4364342Sume#define POSIX1E_ACL_ACCESS_EXTATTR_NAME "posix1e.acl_access" 4454263Sshin#define POSIX1E_ACL_DEFAULT_EXTATTR_NAMESPACE EXTATTR_NAMESPACE_SYSTEM 4554263Sshin#define POSIX1E_ACL_DEFAULT_EXTATTR_NAME "posix1e.acl_default" 4654263Sshin#define ACL_MAX_ENTRIES 32 /* maximum entries in an ACL */ 4754263Sshin 4854263Sshintypedef int acl_type_t; 4954263Sshintypedef int acl_tag_t; 5078064Sumetypedef mode_t acl_perm_t; 5154263Sshintypedef mode_t *acl_permset_t; 5254263Sshin 5354263Sshinstruct acl_entry { 5454263Sshin acl_tag_t ae_tag; 5554263Sshin uid_t ae_id; 5654263Sshin acl_perm_t ae_perm; 5754263Sshin}; 5854263Sshintypedef struct acl_entry *acl_entry_t; 5954263Sshin 6054263Sshin/* internal ACL structure */ 6154263Sshinstruct acl { 6254263Sshin int acl_cnt; 6378064Sume struct acl_entry acl_entry[ACL_MAX_ENTRIES]; 6454263Sshin}; 6554263Sshin 6654263Sshin/* external ACL structure */ 6754263Sshinstruct acl_t_struct { 6854263Sshin struct acl ats_acl; 6954263Sshin int ats_cur_entry; 7054263Sshin}; 7154263Sshintypedef struct acl_t_struct *acl_t; 7254263Sshin 7354263Sshin/* 7454263Sshin * Possible valid values for ae_tag field. 7554263Sshin */ 7654263Sshin#define ACL_UNDEFINED_TAG 0x00000000 7754263Sshin#define ACL_USER_OBJ 0x00000001 7854263Sshin#define ACL_USER 0x00000002 7954263Sshin#define ACL_GROUP_OBJ 0x00000004 8054263Sshin#define ACL_GROUP 0x00000008 8154263Sshin#define ACL_MASK 0x00000010 8254263Sshin#define ACL_OTHER 0x00000020 8354263Sshin#define ACL_OTHER_OBJ ACL_OTHER 8454263Sshin 8554263Sshin/* 8654263Sshin * Possible valid values for acl_type_t arguments. 8754263Sshin */ 8854263Sshin#define ACL_TYPE_ACCESS 0x00000000 8954263Sshin#define ACL_TYPE_DEFAULT 0x00000001 9054263Sshin#define ACL_TYPE_AFS 0x00000002 9154263Sshin#define ACL_TYPE_CODA 0x00000003 9254263Sshin#define ACL_TYPE_NTFS 0x00000004 9354263Sshin#define ACL_TYPE_NWFS 0x00000005 9454263Sshin 9554263Sshin/* 9654263Sshin * Possible flags in ae_perm field. 9754263Sshin */ 9854263Sshin#define ACL_EXECUTE 0x0001 9954263Sshin#define ACL_WRITE 0x0002 10054263Sshin#define ACL_READ 0x0004 10154263Sshin#define ACL_PERM_NONE 0x0000 10254263Sshin#define ACL_PERM_BITS (ACL_EXECUTE | ACL_WRITE | ACL_READ) 10354263Sshin#define ACL_POSIX1E_BITS (ACL_EXECUTE | ACL_WRITE | ACL_READ) 10454263Sshin 10554263Sshin/* 10654263Sshin * Possible entry_id values for acl_get_entry() 10754263Sshin */ 10854263Sshin#define ACL_FIRST_ENTRY 0 10954263Sshin#define ACL_NEXT_ENTRY 1 11054263Sshin 11154263Sshin/* 11254263Sshin * Undefined value in ae_id field 11354263Sshin */ 11454263Sshin#define ACL_UNDEFINED_ID ((uid_t)-1) 11554263Sshin 11654263Sshin 11754263Sshin#ifdef _KERNEL 11854263Sshin 11954263Sshin/* 12054263Sshin * Storage for ACLs and support structures. 12154263Sshin */ 12254263Sshin#ifdef MALLOC_DECLARE 12354263SshinMALLOC_DECLARE(M_ACL); 12454263Sshin#endif 12554263Sshin 12654263Sshinacl_perm_t acl_posix1e_mode_to_perm(acl_tag_t tag, mode_t mode); 12754263Sshinstruct acl_entry acl_posix1e_mode_to_entry(acl_tag_t tag, uid_t uid, 12854263Sshin gid_t gid, mode_t mode); 12954263Sshinmode_t acl_posix1e_perms_to_mode(struct acl_entry *acl_user_obj_entry, 13054263Sshin struct acl_entry *acl_group_obj_entry, struct acl_entry *acl_other_entry); 13154263Sshinint acl_posix1e_check(struct acl *acl); 13254263Sshin 13354263Sshin#else /* !_KERNEL */ 13454263Sshin 13554263Sshin/* 13654263Sshin * Syscall interface -- use the library calls instead as the syscalls 13754263Sshin * have strict acl entry ordering requirements. 13854263Sshin */ 13954263Sshin__BEGIN_DECLS 14054263Sshinint __acl_aclcheck_fd(int _filedes, acl_type_t _type, struct acl *_aclp); 14154263Sshinint __acl_aclcheck_file(const char *_path, acl_type_t _type, 14254263Sshin struct acl *_aclp); 14354263Sshinint __acl_aclcheck_link(const char *_path, acl_type_t _type, 14454263Sshin struct acl *_aclp); 14554263Sshinint __acl_delete_fd(int _filedes, acl_type_t _type); 14654263Sshinint __acl_delete_file(const char *_path_p, acl_type_t _type); 14754263Sshinint __acl_delete_link(const char *_path_p, acl_type_t _type); 14854263Sshinint __acl_get_fd(int _filedes, acl_type_t _type, struct acl *_aclp); 14954263Sshinint __acl_get_file(const char *_path, acl_type_t _type, struct acl *_aclp); 15054263Sshinint __acl_get_link(const char *_path, acl_type_t _type, struct acl *_aclp); 15154263Sshinint __acl_set_fd(int _filedes, acl_type_t _type, struct acl *_aclp); 15254263Sshinint __acl_set_file(const char *_path, acl_type_t _type, struct acl *_aclp); 15354263Sshinint __acl_set_link(const char *_path, acl_type_t _type, struct acl *_aclp); 15454263Sshin__END_DECLS 15554263Sshin 15654263Sshin/* 15754263Sshin * Supported POSIX.1e ACL manipulation and assignment/retrieval API 15854263Sshin * _np calls are local extensions that reflect an environment capable of 15954263Sshin * opening file descriptors of directories, and allowing additional 16054263Sshin * ACL type for different filesystems (i.e., AFS). 16154263Sshin */ 16254263Sshin__BEGIN_DECLS 16354263Sshinint acl_add_perm(acl_permset_t _permset_d, acl_perm_t _perm); 16454263Sshinint acl_calc_mask(acl_t *_acl_p); 16554263Sshinint acl_clear_perms(acl_permset_t _permset_d); 16654263Sshinint acl_copy_entry(acl_entry_t _dest_d, acl_entry_t _src_d); 16754263Sshinssize_t acl_copy_ext(void *_buf_p, acl_t _acl, ssize_t _size); 16854263Sshinacl_t acl_copy_int(const void *_buf_p); 16954263Sshinint acl_create_entry(acl_t *_acl_p, acl_entry_t *_entry_p); 17062584Sitojunint acl_delete_entry(acl_t _acl, acl_entry_t _entry_d); 17154263Sshinint acl_delete_fd_np(int _filedes, acl_type_t _type); 17254263Sshinint acl_delete_file_np(const char *_path_p, acl_type_t _type); 17354263Sshinint acl_delete_link_np(const char *_path_p, acl_type_t _type); 17454263Sshinint acl_delete_def_file(const char *_path_p); 17554263Sshinint acl_delete_def_link_np(const char *_path_p); 17654263Sshinint acl_delete_perm(acl_permset_t _permset_d, acl_perm_t _perm); 17754263Sshinacl_t acl_dup(acl_t _acl); 17854263Sshinint acl_free(void *_obj_p); 17954263Sshinacl_t acl_from_text(const char *_buf_p); 18054263Sshinint acl_get_entry(acl_t _acl, int _entry_id, acl_entry_t *_entry_p); 18154263Sshinacl_t acl_get_fd(int _fd); 18254263Sshinacl_t acl_get_fd_np(int fd, acl_type_t _type); 18354263Sshinacl_t acl_get_file(const char *_path_p, acl_type_t _type); 18454263Sshinacl_t acl_get_link_np(const char *_path_p, acl_type_t _type); 18554263Sshinvoid *acl_get_qualifier(acl_entry_t _entry_d); 18654263Sshinint acl_get_perm_np(acl_permset_t _permset_d, acl_perm_t _perm); 18754263Sshinint acl_get_permset(acl_entry_t _entry_d, acl_permset_t *_permset_p); 18854263Sshinint acl_get_tag_type(acl_entry_t _entry_d, acl_tag_t *_tag_type_p); 18954263Sshinacl_t acl_init(int _count); 19054263Sshinint acl_set_fd(int _fd, acl_t _acl); 19154263Sshinint acl_set_fd_np(int _fd, acl_t _acl, acl_type_t _type); 19254263Sshinint acl_set_file(const char *_path_p, acl_type_t _type, acl_t _acl); 19354263Sshinint acl_set_link_np(const char *_path_p, acl_type_t _type, acl_t _acl); 19454263Sshinint acl_set_permset(acl_entry_t _entry_d, acl_permset_t _permset_d); 19554263Sshinint acl_set_qualifier(acl_entry_t _entry_d, const void *_tag_qualifier_p); 19654263Sshinint acl_set_tag_type(acl_entry_t _entry_d, acl_tag_t _tag_type); 19754263Sshinssize_t acl_size(acl_t _acl); 19854263Sshinchar *acl_to_text(acl_t _acl, ssize_t *_len_p); 19954263Sshinint acl_valid(acl_t _acl); 20054263Sshinint acl_valid_fd_np(int _fd, acl_type_t _type, acl_t _acl); 20154263Sshinint acl_valid_file_np(const char *_path_p, acl_type_t _type, acl_t _acl); 20254263Sshinint acl_valid_link_np(const char *_path_p, acl_type_t _type, acl_t _acl); 20354263Sshin__END_DECLS 20454263Sshin 20554263Sshin#endif /* !_KERNEL */ 20654263Sshin 20754263Sshin#endif /* !_SYS_ACL_H */ 20854263Sshin