acl.h revision 56272 
1/*-
2 * Copyright (c) 1999 Robert N. M. Watson
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 * $FreeBSD: head/sys/sys/acl.h 56272 2000-01-19 06:07:34Z rwatson $
27 */
28/*
29 * Userland/kernel interface for Access Control Lists
30 *
31 * The POSIX.1e implementation page may be reached at:
32 *   http://www.watson.org/fbsd-hardening/posix1e/
33 */
34
35#ifndef _SYS_ACL_H
36#define	_SYS_ACL_H
37
38/*
39 * POSIX.1e ACL types
40 */
41
42#define	ACL_MAX_ENTRIES	32	/* maximum entries in an ACL */
43#define	_POSIX_ACL_PATH_MAX     ACL_MAX_ENTRIES
44
45typedef int	acl_type_t;
46typedef int	acl_tag_t;
47typedef mode_t	acl_perm_t;
48
49struct acl_entry {
50	acl_tag_t	ae_tag;
51	uid_t		ae_id;
52	acl_perm_t	ae_perm;
53};
54typedef struct acl_entry	*acl_entry_t;
55
56struct acl {
57	int			acl_cnt;
58	struct acl_entry	acl_entry[ACL_MAX_ENTRIES];
59};
60typedef struct acl	*acl_t;
61
62/*
63 * Possible valid values for a_type of acl_entry_t
64 */
65#define	ACL_USER_OBJ	0x00000001
66#define	ACL_USER	0x00000002
67#define	ACL_GROUP_OBJ	0x00000004
68#define	ACL_GROUP	0x00000008
69#define	ACL_MASK	0x00000010
70#define	ACL_OTHER	0x00000020
71#define	ACL_OTHER_OBJ	ACL_OTHER
72#define	ACL_AFS_ID	0x00000040
73
74#define	ACL_TYPE_ACCESS	0x00000000
75#define	ACL_TYPE_DEFAULT	0x00000001
76
77/*
78 * Possible flags in a_perm field
79 */
80#define	ACL_PERM_EXEC	0x0001
81#define	ACL_PERM_WRITE	0x0002
82#define	ACL_PERM_READ	0x0004
83#define	ACL_PERM_NONE	0x0000
84#define	ACL_PERM_BITS	(ACL_PERM_EXEC | ACL_PERM_WRITE | ACL_PERM_READ)
85#define	ACL_POSIX1E_BITS	(ACL_PERM_EXEC | ACL_PERM_WRITE | ACL_PERM_READ)
86
87#ifdef _KERNEL
88
89/*
90 * Storage for ACLs and support structures
91 */
92#ifdef MALLOC_DECLARE
93MALLOC_DECLARE(M_ACL);
94#endif
95
96/*
97 * Dummy declarations so that we can expose acl_access all over the place
98 * without worrying about including ucred and friends.  vnode.h does the
99 * same thing.
100 */
101struct ucred;
102struct proc;
103
104/*
105 * POSIX.1e and generic kernel/vfs semantics functions--not currently in the
106 * base distribution, but will be soon.
107 */
108struct vattr;
109struct vop_getacl_args;
110struct vop_aclcheck_args;
111
112void	generic_attr_to_posix1e_acl(struct acl *a_acl, struct vattr *vattr);
113int	generic_vop_aclcheck(struct vop_aclcheck_args *ap);
114int	generic_vop_getacl(struct vop_getacl_args *ap);
115int	posix1e_acl_access(struct acl *a_acl, int a_mode, struct ucred *a_cred,
116	    struct proc *a_p);
117int	posix1e_vop_aclcheck(struct vop_aclcheck_args *ap);
118
119#else /* !_KERNEL */
120
121/*
122 * Syscall interface -- use the library calls instead as the syscalls
123 * have strict acl entry ordering requirements
124 */
125__BEGIN_DECLS
126int	__acl_aclcheck_fd(int filedes, acl_type_t type,
127	    struct acl *aclp);
128int	__acl_aclcheck_file(const char *path, acl_type_t type,
129	    struct acl *aclp);
130int	__acl_delete_fd(int filedes, acl_type_t type);
131int	__acl_delete_file(const char *path_p, acl_type_t type);
132int	__acl_get_fd(int filedes, acl_type_t type, struct acl *aclp);
133int	__acl_get_file(const char *path, acl_type_t type, struct acl *aclp);
134int	__acl_set_fd(int filedes, acl_type_t type, struct acl *aclp);
135int	__acl_set_file(const char *path, acl_type_t type, struct acl *aclp);
136__END_DECLS
137
138/*
139 * Supported POSIX.1e ACL manipulation and assignment/retrieval API
140 */
141__BEGIN_DECLS
142int	acl_calc_mask(acl_t *acl_p);
143int	acl_delete_def_fd(int filedes);
144int	acl_delete_def_file(const char *path_p);
145int	acl_free(void *obj_p);
146acl_t	acl_from_text(const char *buf_p);
147acl_t	acl_get_fd(int fd, acl_type_t type);
148acl_t	acl_get_file(const char *path_p, acl_type_t type);
149acl_t	acl_init(int count);
150int	acl_set_fd(int fd, acl_t acl, acl_type_t type);
151int	acl_set_file(const char *path_p, acl_type_t type, acl_t acl);
152char	*acl_to_text(acl_t acl, ssize_t *len_p);
153int	acl_valid(acl_t acl);
154int	acl_valid_fd(int fd, acl_type_t type, acl_t acl);
155int	acl_valid_file(const char *path_p, acl_type_t type, acl_t acl);
156__END_DECLS
157
158#endif /* !_KERNEL */
159#endif /* !_SYS_ACL_H */
160