acl.h revision 56220
1/*- 2 * Copyright (c) 1999 Robert N. M. Watson 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD: head/sys/sys/acl.h 56220 2000-01-18 06:21:29Z rwatson $ 27 */ 28/* 29 * Userland/kernel interface for Access Control Lists 30 * 31 * This code from the FreeBSD POSIX.1e implementation. Not all of the ACL 32 * code is committed yet; in order to use the library routines listed 33 * below, you'll need to download libposix1e_acl from the POSIX.1e 34 * implementation page, or possibly update to a more recent version of 35 * FreeBSD, as the code may have been committed. 36 * 37 * The POSIX.1e implementation page may be reached at: 38 * http://www.watson.org/fbsd-hardening/posix1e/ 39 * 40 * However, all syscalls will pass through to appropriate VFS vnops, so 41 * file systems implementing the vnops are accessible through the syscalls. 42 */ 43 44#ifndef _SYS_ACL_H 45#define _SYS_ACL_H 46 47/* 48 * POSIX.1e ACL types 49 */ 50 51#define MAX_ACL_ENTRIES 32 /* maximum entries in an ACL */ 52#define _POSIX_ACL_PATH_MAX MAX_ACL_ENTRIES 53#define ACL_MAX_ENTRIES MAX_ACL_ENTRIES 54 55typedef int acl_type_t; 56typedef int acl_tag_t; 57typedef mode_t acl_perm_t; 58 59struct acl_entry { 60 acl_tag_t ae_tag; 61 uid_t ae_id; 62 acl_perm_t ae_perm; 63}; 64typedef struct acl_entry *acl_entry_t; 65 66struct acl { 67 int acl_cnt; 68 struct acl_entry acl_entry[MAX_ACL_ENTRIES]; 69}; 70typedef struct acl *acl_t; 71 72/* 73 * Possible valid values for a_type of acl_entry_t 74 */ 75#define ACL_USER_OBJ 0x00000001 76#define ACL_USER 0x00000002 77#define ACL_GROUP_OBJ 0x00000004 78#define ACL_GROUP 0x00000008 79#define ACL_MASK 0x00000010 80#define ACL_OTHER 0x00000020 81#define ACL_OTHER_OBJ ACL_OTHER 82#define ACL_AFS_ID 0x00000040 83 84#define ACL_TYPE_ACCESS 0x00000000 85#define ACL_TYPE_DEFAULT 0x00000001 86 87/* 88 * Possible flags in a_perm field 89 */ 90#define ACL_PERM_EXEC 0x0001 91#define ACL_PERM_WRITE 0x0002 92#define ACL_PERM_READ 0x0004 93#define ACL_PERM_NONE 0x0000 94#define ACL_PERM_BITS (ACL_PERM_EXEC | ACL_PERM_WRITE | ACL_PERM_READ) 95#define ACL_POSIX1E_BITS (ACL_PERM_EXEC | ACL_PERM_WRITE | ACL_PERM_READ) 96 97#ifdef _KERNEL 98/* 99 * Storage for ACLs and support structures 100 */ 101#ifdef MALLOC_DECLARE 102MALLOC_DECLARE(M_ACL); 103#endif 104 105/* 106 * Dummy declarations so that we can expose acl_access all over the place 107 * without worrying about including ucred and friends. vnode.h does the 108 * same thing. 109 */ 110struct ucred; 111struct proc; 112 113/* 114 * POSIX.1e and generic kernel/vfs semantics functions--not currently in the 115 * base distribution, but will be soon. 116 */ 117struct vattr; 118struct vop_getacl_args; 119struct vop_aclcheck_args; 120 121int posix1e_acl_access(struct acl *a_acl, int a_mode, struct ucred *a_cred, 122 struct proc *a_p); 123void generic_attr_to_posix1e_acl(struct acl *a_acl, struct vattr *vattr); 124int generic_vop_getacl(struct vop_getacl_args *ap); 125int generic_vop_aclcheck(struct vop_aclcheck_args *ap); 126int posix1e_vop_aclcheck(struct vop_aclcheck_args *ap); 127 128#else /* _KERNEL */ 129 130/* 131 * Syscall interface -- use the library calls instead as the syscalls 132 * have strict acl entry ordering requirements 133 */ 134int acl_syscall_get_file(char *path, acl_type_t type, struct acl *aclp); 135int acl_syscall_set_file(char *path, acl_type_t type, struct acl *aclp); 136int acl_syscall_get_fd(int filedes, acl_type_t type, struct acl *aclp); 137int acl_syscall_set_fd(int filedes, acl_type_t type, struct acl *aclp); 138int acl_syscall_delete_file(const char *path_p, acl_type_t type); 139int acl_syscall_delete_fd(int filedes, acl_type_t type); 140int acl_syscall_aclcheck_file(char *path, acl_type_t type, 141 struct acl *aclp); 142int acl_syscall_aclcheck_fd(int filedes, acl_type_t type, 143 struct acl *aclp); 144 145/* 146 * Supported POSIX.1e ACL manipulation and assignment/retrieval API 147 * These are currently provided by libposix1e_acl, which is not shipped 148 * with the base distribution, but will be soon. Some of these are 149 * from POSIX.1e-extensions. 150 * 151 * Not all POSIX.1e ACL functions are listed here yet, but more will 152 * be soon. 153 */ 154int acl_calc_mask(acl_t *acl_p); 155int acl_delete_def_file(const char *path_p); 156int acl_delete_def_fd(int filedes); 157acl_t acl_from_text(const char *buf_p); 158acl_t acl_get_fd(int fd, acl_type_t type); 159acl_t acl_get_file(const char *path_p, acl_type_t type); 160acl_t acl_init(int count); 161int acl_set_fd(int fd, acl_t acl, acl_type_t type); 162int acl_set_file(const char *path_p, acl_type_t type, acl_t acl); 163char *acl_to_text(acl_t acl, ssize_t *len_p); 164int acl_valid(acl_t acl); 165int acl_valid_file(const char *path_p, acl_type_t type, acl_t acl); 166int acl_valid_fd(int fd, acl_type_t type, acl_t acl); 167int acl_free(void *obj_p); 168 169#endif /* _KERNEL */ 170#endif /* _SYS_ACL_H */ 171