1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2004 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _SYS_ACL_H
#define _SYS_ACL_H
#pragma ident "%Z%%M% %I% %E% SMI"
#include <sys/types.h>
#ifdef __cplusplus
extern "C" {
#endif
#define MAX_ACL_ENTRIES (1024) /* max entries of each type */
typedef struct acl {
int a_type; /* the type of ACL entry */
uid_t a_id; /* the entry in -uid or gid */
o_mode_t a_perm; /* the permission field */
} aclent_t;
typedef struct ace {
uid_t a_who; /* uid or gid */
uint32_t a_access_mask; /* "rwx" */
uint16_t a_flags; /* see below */
uint16_t a_type; /* allow or deny */
} ace_t;
/*
* The following are Defined types for an aclent_t.
*/
#define USER_OBJ (0x01) /* object owner */
#define USER (0x02) /* additional users */
#define GROUP_OBJ (0x04) /* owning group of the object */
#define GROUP (0x08) /* additional groups */
#define CLASS_OBJ (0x10) /* file group class and mask entry */
#define OTHER_OBJ (0x20) /* other entry for the object */
#define ACL_DEFAULT (0x1000) /* default flag */
/* default object owner */
#define DEF_USER_OBJ (ACL_DEFAULT | USER_OBJ)
/* defalut additional users */
#define DEF_USER (ACL_DEFAULT | USER)
/* default owning group */
#define DEF_GROUP_OBJ (ACL_DEFAULT | GROUP_OBJ)
/* default additional groups */
#define DEF_GROUP (ACL_DEFAULT | GROUP)
/* default mask entry */
#define DEF_CLASS_OBJ (ACL_DEFAULT | CLASS_OBJ)
/* default other entry */
#define DEF_OTHER_OBJ (ACL_DEFAULT | OTHER_OBJ)
/*
* The following are defined for ace_t.
*/
#define ACE_FILE_INHERIT_ACE 0x0001
#define ACE_DIRECTORY_INHERIT_ACE 0x0002
#define ACE_NO_PROPOGATE_INHERIT_ACE 0x0004
#define ACE_INHERIT_ONLY_ACE 0x0008
#define ACE_LOCALLY_DEFINED 0x0010
#define ACE_OWNER 0x0100 /* file owner */
#define ACE_GROUP 0x0200 /* file group */
#define ACE_OTHER 0x0400 /* other field */
#define ACE_USER 0x0800 /* additional users */
#define ACE_GROUPS 0x1000 /* additional groups */
/*
* The following flags are supported by both NFSv4 ACLs and ace_t.
*/
#define ACE_NFSV4_SUP_FLAGS (ACE_FILE_INHERIT_ACE | \
ACE_DIRECTORY_INHERIT_ACE | \
ACE_NO_PROPOGATE_INHERIT_ACE | \
ACE_INHERIT_ONLY_ACE)
#define ALLOW 0
#define DENY 1
#define ACE_READ_DATA 04 /* 'r' */
#define ACE_WRITE_DATA 02 /* 'w' */
#define ACE_EXECUTE 01 /* 'x' */
/* cmd args to acl(2) for aclent_t */
#define GETACL 1
#define SETACL 2
#define GETACLCNT 3
/* cmd's to manipulate ace acl's. */
#define ACE_GETACL 4
#define ACE_SETACL 5
#define ACE_GETACLCNT 6
/* minimal acl entries from GETACLCNT */
#define MIN_ACL_ENTRIES 4
#if !defined(_KERNEL)
/* acl check errors */
#define GRP_ERROR 1
#define USER_ERROR 2
#define OTHER_ERROR 3
#define CLASS_ERROR 4
#define DUPLICATE_ERROR 5
#define MISS_ERROR 6
#define MEM_ERROR 7
#define ENTRY_ERROR 8
/*
* similar to ufs_acl.h: changed to char type for user commands (tar, cpio)
* Attribute types
*/
#define UFSD_FREE ('0') /* Free entry */
#define UFSD_ACL ('1') /* Access Control Lists */
#define UFSD_DFACL ('2') /* reserved for future use */
extern int aclcheck(aclent_t *, int, int *);
extern int acltomode(aclent_t *, int, mode_t *);
extern int aclfrommode(aclent_t *, int, mode_t *);
extern int aclsort(int, int, aclent_t *);
extern char *acltotext(aclent_t *, int);
extern aclent_t *aclfromtext(char *, int *);
#else /* !defined(_KERNEL) */
extern void ksort(caddr_t, int, int, int (*)(void *, void *));
extern int cmp2acls(void *, void *);
#endif /* !defined(_KERNEL) */
#if defined(__STDC__)
extern int acl(const char *path, int cmd, int cnt, void *buf);
extern int facl(int fd, int cmd, int cnt, void *buf);
#else /* !__STDC__ */
extern int acl();
extern int facl();
#endif /* defined(__STDC__) */
#ifdef __cplusplus
}
#endif
#endif /* _SYS_ACL_H */
|
