dg_getoacl(2) C2 Trusted DG/UX 5.4.2T dg_getoacl(2)
NAME
dggetoacl - get the access control list (ACL) for an object
SYNOPSIS
#include <sys/types.h>
#include <sys/dgtparms.h>
#include <sys/acl.h>
int dggetoacl(targtype, targ, type, acl, aclsize,
textacl, textaclsize)
int targtype;
void *targ;
int type;
aclstructt *acl;
int *aclsize;
char *textacl;
int *textaclsize;
where:
targtype A token that identifies the type of object whose ACL is
fetched. The available tokens are defined in
sys/dgtparms.h as follows:
TFILE The object is a file identified by a path name.
TFD The object is a file identified by a file
descriptor.
targ The address of the identifier of the object whose ACL is
fetched. The value of targtype determines the type of
entity that targ points to as follows:
TFILE targ points to a path name string.
TFD targ points to a file descriptor.
type type indicates whether the call fetches an access ACL or
a default ACL. type must be set to either
ACL_TYPE_DEFAULT or ACL_TYPE_ACCESS. Note that default
ACLs may only exist on directories.
acl The address of an aclstructt buffer to receive the
binary ACL.
aclsize A pointer to the size, in bytes, of the aclstructt
structure pointed to by acl; when zero the binary ACL is
not fetched. If a default ACL is requested but does not
exist on the target directory the size pointer to by
aclsize is set to zero. An aclstructt is actually a
variable size structure with a fixed ``header'' (see
sys/acl.h). If the buffer supplied to dggetoacl is too
small, the call returns -1, sets errno to E2BIG, and
stores the correct size at aclsize.
Licensed material--property of copyright holder(s) 1
dg_getoacl(2) C2 Trusted DG/UX 5.4.2T dg_getoacl(2)
textacl A pointer to a buffer to receive the ASCII text ACL
stored with this object. If no text ACL exists, the
size pointed to by textaclsize is set to zero.
Note that there is no assurance that the binary ACL
stored with the object would match the binary ACL that
is generated by converting the ASCII text ACL to binary.
Only the binary ACL is used by the reference monitor for
access control decisions.
textaclsize Points to the size in bytes of the text ACL. If this
parameter points to zero, dggetoacl assumes that it is
not to fetch the text ACL. If the buffer passed is too
small, dggetoacl stores the required size at
textaclsize, returns -1, and sets errno to E2BIG.
DESCRIPTION
The dggetoacl system call gets the ACL for the object identified by
targtype and targ and stores it in the buffer pointed to by acl.
If the size given for the binary or text ACL is non-zero but not big
enough to hold the requested ACL the correct size is returned, in
aclsize and/or textaclsize, and neither ACL is fetched. When either
buffer is bigger than necessary the ACL is fetched and the actual
size(s) returned. Therefore, the caller must not only check for an
errno of E2BIG, but must also determine whether the value stored in
aclsize or textaclsize has changed.
ACCESS CONTROL
The process must have search access to the object's parent directory
path.
RETURN VALUE
0 Successful completion.
-1 An error occurred. errno is set to indicate the error.
EXCEPTIONS
errno may be set to one of the following error codes:
EINVAL The ACL type indicated in the type parameter is not
ACL_TYPE_DEFAULT or ACL_TYPE_ACCESS.
EINVAL The object type indicated in the targtype parameter is not
valid.
EINVAL Both aclsize and textaclsize pointed to zeros.
EOPNOTSUPP
The object type indicated in the targtype parameter does
not support ACLs.
ENOTDIR The process attempted to get a default ACL for some object
other than a directory.
Licensed material--property of copyright holder(s) 2
dg_getoacl(2) C2 Trusted DG/UX 5.4.2T dg_getoacl(2)
EDGNOATTR
The target object does not have any of the requested ACL
attributes. For example, both a text and default ACLs was
requested but the directory had neither. Note that in this
example if any one of the requested types was found it would
be returned, the size of the missing type would be set to
zero and no error would be returned.
ENOENT The object does not exist.
E2BIG One or both of the supplied buffers was too small. Note, the
size parameter(s) are set to the correct size(s) at the time
of the call.
EFAULT One of the parameters specified an area of memory not
accessible to the calling process.
ENOMEM The operating system was unable to allocate internal memory
to process the system call.
SEE ALSO
dgsetoacl(2)
Security Features User's Guide for C2 Trusted DG/UX System
Licensed material--property of copyright holder(s) 3