acl.h revision 56272
1/*- 2 * Copyright (c) 1999 Robert N. M. Watson 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD: head/sys/sys/acl.h 56272 2000-01-19 06:07:34Z rwatson $ 27 */ 28/* 29 * Userland/kernel interface for Access Control Lists 30 * 31 * The POSIX.1e implementation page may be reached at: 32 * http://www.watson.org/fbsd-hardening/posix1e/ 33 */ 34 35#ifndef _SYS_ACL_H 36#define _SYS_ACL_H 37 38/* 39 * POSIX.1e ACL types 40 */ 41 42#define ACL_MAX_ENTRIES 32 /* maximum entries in an ACL */ 43#define _POSIX_ACL_PATH_MAX ACL_MAX_ENTRIES 44 45typedef int acl_type_t; 46typedef int acl_tag_t; 47typedef mode_t acl_perm_t; 48 49struct acl_entry { 50 acl_tag_t ae_tag; 51 uid_t ae_id; 52 acl_perm_t ae_perm; 53}; 54typedef struct acl_entry *acl_entry_t; 55 56struct acl { 57 int acl_cnt; 58 struct acl_entry acl_entry[ACL_MAX_ENTRIES]; 59}; 60typedef struct acl *acl_t; 61 62/* 63 * Possible valid values for a_type of acl_entry_t 64 */ 65#define ACL_USER_OBJ 0x00000001 66#define ACL_USER 0x00000002 67#define ACL_GROUP_OBJ 0x00000004 68#define ACL_GROUP 0x00000008 69#define ACL_MASK 0x00000010 70#define ACL_OTHER 0x00000020 71#define ACL_OTHER_OBJ ACL_OTHER 72#define ACL_AFS_ID 0x00000040 73 74#define ACL_TYPE_ACCESS 0x00000000 75#define ACL_TYPE_DEFAULT 0x00000001 76 77/* 78 * Possible flags in a_perm field 79 */ 80#define ACL_PERM_EXEC 0x0001 81#define ACL_PERM_WRITE 0x0002 82#define ACL_PERM_READ 0x0004 83#define ACL_PERM_NONE 0x0000 84#define ACL_PERM_BITS (ACL_PERM_EXEC | ACL_PERM_WRITE | ACL_PERM_READ) 85#define ACL_POSIX1E_BITS (ACL_PERM_EXEC | ACL_PERM_WRITE | ACL_PERM_READ) 86 87#ifdef _KERNEL 88 89/* 90 * Storage for ACLs and support structures 91 */ 92#ifdef MALLOC_DECLARE 93MALLOC_DECLARE(M_ACL); 94#endif 95 96/* 97 * Dummy declarations so that we can expose acl_access all over the place 98 * without worrying about including ucred and friends. vnode.h does the 99 * same thing. 100 */ 101struct ucred; 102struct proc; 103 104/* 105 * POSIX.1e and generic kernel/vfs semantics functions--not currently in the 106 * base distribution, but will be soon. 107 */ 108struct vattr; 109struct vop_getacl_args; 110struct vop_aclcheck_args; 111 112void generic_attr_to_posix1e_acl(struct acl *a_acl, struct vattr *vattr); 113int generic_vop_aclcheck(struct vop_aclcheck_args *ap); 114int generic_vop_getacl(struct vop_getacl_args *ap); 115int posix1e_acl_access(struct acl *a_acl, int a_mode, struct ucred *a_cred, 116 struct proc *a_p); 117int posix1e_vop_aclcheck(struct vop_aclcheck_args *ap); 118 119#else /* !_KERNEL */ 120 121/* 122 * Syscall interface -- use the library calls instead as the syscalls 123 * have strict acl entry ordering requirements 124 */ 125__BEGIN_DECLS 126int __acl_aclcheck_fd(int filedes, acl_type_t type, 127 struct acl *aclp); 128int __acl_aclcheck_file(const char *path, acl_type_t type, 129 struct acl *aclp); 130int __acl_delete_fd(int filedes, acl_type_t type); 131int __acl_delete_file(const char *path_p, acl_type_t type); 132int __acl_get_fd(int filedes, acl_type_t type, struct acl *aclp); 133int __acl_get_file(const char *path, acl_type_t type, struct acl *aclp); 134int __acl_set_fd(int filedes, acl_type_t type, struct acl *aclp); 135int __acl_set_file(const char *path, acl_type_t type, struct acl *aclp); 136__END_DECLS 137 138/* 139 * Supported POSIX.1e ACL manipulation and assignment/retrieval API 140 */ 141__BEGIN_DECLS 142int acl_calc_mask(acl_t *acl_p); 143int acl_delete_def_fd(int filedes); 144int acl_delete_def_file(const char *path_p); 145int acl_free(void *obj_p); 146acl_t acl_from_text(const char *buf_p); 147acl_t acl_get_fd(int fd, acl_type_t type); 148acl_t acl_get_file(const char *path_p, acl_type_t type); 149acl_t acl_init(int count); 150int acl_set_fd(int fd, acl_t acl, acl_type_t type); 151int acl_set_file(const char *path_p, acl_type_t type, acl_t acl); 152char *acl_to_text(acl_t acl, ssize_t *len_p); 153int acl_valid(acl_t acl); 154int acl_valid_fd(int fd, acl_type_t type, acl_t acl); 155int acl_valid_file(const char *path_p, acl_type_t type, acl_t acl); 156__END_DECLS 157 158#endif /* !_KERNEL */ 159#endif /* !_SYS_ACL_H */ 160