acl_library(3T) C2 Trusted DG/UX 5.4.2T acl_library(3T)
NAME
acllibrary: acladdperm, aclalloc, aclcalcmask, aclcopyentry,
aclcreateentry, acldeleteentry, acldeleteperm, aclfree,
aclgetentry, aclgetperm, aclgettag, acltoexport,
aclpackagesize, aclread, aclrewind, aclsetperm, aclsettag,
aclfromexport, aclvalid, aclwrite, aclallocated,
aclinternalcopy, aclclear, aclentryvalid, aclorder,
aclnocalcmask, aclinternalclear, aclinternalfree, aclprintf,
aclfprintf, aclgettext, aclreadject, aclwriteject - acl
routines in libtrust.a
SYNOPSIS
/*
* The following functions are modelled after the POSIX 1003.6 Draft
* ballot functions of the same name.
*/
#include <sys/acl.h>
int acladdperm (aclentryt entryd,
aclpermsett perms)
int aclalloc (aclt *acldp)
int aclcalcmask (aclt acld)
int aclcopyentry (aclentryt srcd,
aclentryt destd)
int aclcreateentry (aclt acld,
aclentryt *entrydp)
int acldeleteentry (aclentryt entrydp)
int acldeleteperm (aclentryt entrydp,
aclpermsett perms)
int aclfree (aclt acld)
int aclgetentry (aclt acld,
aclentryt *entrydp)
int aclgetperm (aclentryt entryd,
aclpermsett *perms)
int aclgettag (aclentryt entryd,
acltagt *tagtype,
void *tagqualifier)
ssizet acltoexport (aclt acld,
char *buf,
ssizet buflen,
aclpackagetypet packtype)
Licensed material--property of copyright holder(s) 1
acl_library(3T) C2 Trusted DG/UX 5.4.2T acl_library(3T)
ssizet aclpackagesize (aclt acld,
aclpackagetypet packtype)
int aclread (char *path,
acltypet type,
aclt acld)
int aclrewind (aclt acld)
int aclsetperm (aclentryt entryd,
aclpermsett perms)
int aclsettag (aclentryt entryd,
acltagt tagtype,
void *tagqualifier)
int aclfromexport (char *buf,
aclpackagetypet packtype,
aclt acld)
int aclvalid (aclt acld,
acltypet type,
aclentryt *entrydp)
int aclwrite (char *path,
acltypet type,
aclt acld)
/*
* The following functions are unique to the Trusted DG/UX system, and
* may not be portable to other systems.
*/
#include <acl.h>
int aclallocated (aclt acld)
int aclinternalcopy (aclt src,
aclt dest)
int aclclear (aclt acld)
int aclentryvalid (aclentryt entryd)
void aclorder (aclt acld)
int aclnocalcmask (aclt acld)
int aclinternalclear (aclt acld)
int aclinternalfree (aclt *acldp)
int aclprintf (jectjecttype jecttype,
int targtype,
Licensed material--property of copyright holder(s) 2
acl_library(3T) C2 Trusted DG/UX 5.4.2T acl_library(3T)
const void *targ,
int acltype,
secobjectenumtype objtype,
aclt acld,
int flags,
aclpermsett *maskptr)
int aclfprintf (FILE *file,
jectjecttype jecttype,
int targtype,
const void *targ,
int acltype,
secobjectenumtype objtype,
aclt acld,
int flags,
aclpermsett *maskptr)
char *aclgettext (jectjecttype jecttype,
int targtype,
const void *targ,
int acltype,
secobjectenumtype objtype,
aclt acld,
int *lenptr,
int flags,
aclpermsett *maskptr)
int aclreadject (jectjecttype jecttype,
int targtype,
const void *targ,
int acltype,
aclt acld,
int flags)
int aclwriteject (jectjecttype jecttype,
int targtype,
const void *targ,
int acltype,
aclt acld,
int flags)
DESCRIPTION
The functions in acllibrary provide support for dealing with Trusted
DG/UX access control lists. These functions may be found in
libtrust.a. Some of these functions need functions found in
libdgc.a.
The functions return 0 on success and -1 on failure unless otherwise
noted.
int acladdperm (aclentryt entryd,
Licensed material--property of copyright holder(s) 3
acl_library(3T) C2 Trusted DG/UX 5.4.2T acl_library(3T)
aclpermsett perms)
The addaclperm() function adds the set of permissions found in
perms to the ACL entry refered to by argument entryd. Any
permissions the ACL entry had prior to the call are left unchanged.
Adding a permission that is already granted by the entry is not an
error. This function is modelled after the proposed POSIX 1003.6
Draft standard interface of the same name.
Errors:
EINVAL entryd does not refer to a valid ACL entry.
EINVAL perms contains values not defined in aclpermsett.
int aclalloc (aclt *acldp)
The aclalloc() function allocates and initializes a temporary area
in which an ACL may be manipulated. acldp is set to reference the
created area. This function is modelled after the proposed POSIX
1003.6 Draft standard interface of the same name.
Errors:
ENOMEM Could not allocate the memory for the aclt object.
EINVAL *acldp is not a valid pointer.
int aclcalcmask (aclt acld)
The aclcalcmask() function calculates and sets the ACL_MASK_OBJ ACL
entry for the ACL indicated by acld. The value of ACL_MASK_OBJ is
the union of the permissions of all ACL entries that refer to members
of the File Group Class (i.e., ACL_GROUP_OBJ, ACL_USER, ACL_GROUP).
The value of ACL_MASK_OBJ is identical to the file group class
permission bits as displayed by the ls -l command. If the ACL acld
already contains an ACL_MASK_OBJ, its permissions are overwritten;
if it does not contain an ACL_MASK_OBJ, one is added. This function
is modelled after the proposed POSIX 1003.6 Draft standard interface
of the same name.
Errors:
EINVAL acld does not refer to an ACL allocated by aclalloc().
ENOMEM Can't allocate the memory required for an ACL entry.
int aclcopyentry (aclentryt srcd,
Licensed material--property of copyright holder(s) 4
acl_library(3T) C2 Trusted DG/UX 5.4.2T acl_library(3T)
aclentryt destd)
The aclcopyentry() function copies the contents of the ACL entry
srcd to the ACL entry destd. srcd and destd may refer to entries
in different aclt structures. The previous contents of the ACL
entry destd are overwritten. This function is modelled after the
proposed POSIX 1003.6 Draft standard interface of the same name.
Errors:
EINVAL srcd or destd does not refer to a valid ACL entry.
int aclcreateentry (aclt acld,
aclentryt *entrydp)
The aclcreateentry() function creates a new ACL entry in the ACL
indicated by acld. If there is insufficient space in the ACL for
creating a new entry, then additional memory is allocated. The
descriptor for this new ACL entry is returned in entrydp. The
components of the new ACL entry are initialized so that the ACL tag
type and qualifier are invalid, and the set of permissions is empty.
Use aclsettag() to set the tag and qualifier and aclsetperm() to
set the permissions on the newly created entry. This function is
modelled after the proposed POSIX 1003.6 Draft standard interface of
the same name.
Errors:
EINVAL acld does not refer to an ACL allocated by aclalloc().
ENOMEM The ACL working storage requires more memory than the system
is able to provide.
int acldeleteentry (aclentryt entryd)
The acldeleteentry() function removes the ACL entry entryd from
the ACL that contains it. entryd and any other ACL entry
descriptors that refer to the same ACL entry are undefined after this
function. This function is modelled after the proposed POSIX 1003.6
Draft standard interface of the same name.
Errors:
EINVAL entryd does not refer to a valid ACL entry.
int acldeleteperm (aclentryt entrydp,
aclpermsett perms)
Licensed material--property of copyright holder(s) 5
acl_library(3T) C2 Trusted DG/UX 5.4.2T acl_library(3T)
The acldeleteperm() function deletes the set of permissions
contained in perms from the ACL entry entryd. Any permissions the
ACL entry had prior to the call to acldeleteperm() not specified in
perms are left unchanged. The acldeleteperm() function does not
return an error if the ACL entry does not have any of the specified
permissions. This function is modelled after the proposed POSIX
1003.6 Draft standard interface of the same name.
Errors:
EINVAL entryd does not refer to a valid ACL entry.
EINVAL perms contains values not defined in aclpermsett.
int aclfree (aclt acld)
The aclfree() function releases the working storage associated with
acld. Any existing ACL entry descriptions that refer to entries in
the ACL become undefined. Note that this function does not set the
pointer acld to NULL. This function is modelled after the proposed
POSIX 1003.6 Draft standard interface of the same name.
Errors:
EINVAL acld does refer to an ACL allocated by aclalloc().
int aclgetentry (aclt acld,
aclentryt *entrydp)
The aclgetentry() function obtains a descriptor to the next ACL
entry of acld. entrydp is set to point to this ACL entry. acld
must refer to an ACL that was previously opened via a call to
aclalloc().
The first call to aclgetentry() following a call to aclread(),
aclrewind() or aclfromexport() obtains the first ACL entry in the
ACL, as ordered by the system. Subsequent calls to aclgetentry()
obtain successive ACL entries, until the last entry is obtained.
After the last entry has been obtained, the value 0 is returned.
Calls to aclgetentry() do not modify any ACL entry or the ACL on
the object from which it may have been obtained in any way.
Subsequent operations using the returned ACL entry descriptor operate
on the ACL entry within the ACL in working storage (and do not modify
the ACL on the object from which it may have been obtained). This
function is modelled after the proposed POSIX 1003.6 Draft standard
interface of the same name.
Errors:
EINVAL acld does not refer to an ACL allocated by aclalloc().
Licensed material--property of copyright holder(s) 6
acl_library(3T) C2 Trusted DG/UX 5.4.2T acl_library(3T)
int aclgetperm (aclentryt entryd,
aclpermsett *perms)
The aclgetperm() function retrieves the permissions from the ACL
entry entryd and returns them in perms. Any permissions the ACL
entry has prior to the call to aclgetperm() are left unchanged.
This function is modelled after the proposed POSIX 1003.6 Draft
standard interface of the same name.
Errors:
EINVAL entryd does not refer to a valid ACL entry.
int aclgettag (aclentryt entryd,
acltagt *tagtype,
void *tagqualifier)
The aclgettag() function returns the tag type and qualifier of the
tag for the ACL entry entryd. Upon successful completion, the
location referred to by tagtype is set to the tag type of the ACL
entry. The location referred to by tagqualifier is set to the
qualifier data contained within the ACL entry. If the returned value
of a tag type is (acltagt) ACL_USER, the type of tagqualifier is
uidt. If tagtype is (acltagt) ACL_GROUP, the tag type of
tagqualifier is gidt. If tagtype is ACL_USER_OBJ, ACL_GROUP_OBJ,
ACL_OTHER_OBJ, or ACL_MASK_OBJ, the returned value of tagqualifier
is undefined. This function is modelled after the proposed POSIX
1003.6 Draft standard interface of the same name.
Errors:
EINVAL entryd does not refer to valid ACL entry.
ssizet acltoexport (aclt acld,
char *buf,
ssizet buflen,
aclpackagetypet packtype)
The acltoexport() function translates the ACL in working storage
(acld) into the memory referred to by buf in an exportable text
package as specified by packtype. The acltoexport() function will
only package up to buflen bytes.
packtype may be one of the following values defined in <sys/acl.h>:
ACL_TEXT_PACKAGE The ACL format as output by the getacl(1) command.
This function is modelled after the proposed POSIX
Licensed material--property of copyright holder(s) 7
acl_library(3T) C2 Trusted DG/UX 5.4.2T acl_library(3T)
1003.6 Draft standard interface of the same name.
Errors:
EINVAL acld does not refer to an ACL allocated by aclalloc().
EINVAL packtype is not a valid package type.
ENOMEM The space referred to by buf and buflen is not sufficient to
store the translated ACL.
ssizet aclpackagesize (aclt acld,
aclpackagetypet packtype)
The aclpackagesize() function determines the number of bytes
necessary to represent the exportable data or text package as
specified by packtype, for the ACL in working storage specified by
acld. This function is modelled after the proposed POSIX 1003.6
Draft standard interface of the same name.
Errors:
EINVAL acld does not refer to an ACL allocated by aclalloc().
EINVAL packtype is not a valid package type.
int aclread (char *path,
acltypet type,
aclt acld)
The aclread() function reads an object's access or default ACL into
the working storage referred to by acld. Any ACL already in the
working storage is overwritten. If there is insufficient space in
acld to perform the operation, then additional memory is allocated.
path points to a pathname naming the file object. type is used to
indicate the whether the access or default ACL is to be read. type
may be either ACL_TYPE_ACCESS or ACL_TYPE_DEFAULT.
The ACL in working storage is independent of the ACL on the file
object. The ACL in working storage does not participate in any
access control decision. This function is modelled after the
proposed POSIX 1003.6 Draft standard interface of the same name.
Errors:
EINVAL acld does not refer to an ACL allocated by
aclalloc().
EINVAL type is neither ACL_TYPE_ACCESS nor ACL_TYPE_DEFAULT.
Licensed material--property of copyright holder(s) 8
acl_library(3T) C2 Trusted DG/UX 5.4.2T acl_library(3T)
ENOMEM The ACL working storage requires more memory than the
system is able to provide.
EACCES Search permission is denied on a component of the path
prefix.
EACCES Attribute read access to the file object is denied.
ENAMETOOLONG The length of path exceeds {PATH_MAX}, or a pathname
component is longer than {NAME_MAX} while
{POSIX_NO_TRUNC} is in effect.
ENOTDIR A component of the path prefix is not a directory.
ENOTDIR type is ACL_TYPE_DEFAULT and path does not refer to a
directory.
ENOENT The named file object does not exist or path points to
an empty string.
int aclrewind (aclt acld)
The aclrewind() function sets the internal descriptor for acld such
that a subsequent call to aclgetentry() using the same acld will
obtain the first entry in the ACL. This function is modelled after
the proposed POSIX 1003.6 Draft standard interface of the same name.
Errors:
EINVAL acld does not refer to an ACL allocated by aclalloc().
int aclsetperm (aclentryt entryd,
aclpermsett perms)
The aclsetperm() function sets the permissions of the ACL entry
entryd to the permissions contained in perms. The permissions of
the ACL entry prior to the call to aclsetperm() are replaced. This
function is modelled after the proposed POSIX 1003.6 Draft standard
interface of the same name.
Errors:
EINVAL entryd does not refer to a valid ACL entry.
EINVAL perms contains values not defined in aclpermsett.
int aclsettag (aclentryt entryd,
acltagt tagtype,
void *tagqualifier)
Licensed material--property of copyright holder(s) 9
acl_library(3T) C2 Trusted DG/UX 5.4.2T acl_library(3T)
The aclsettag() function sets the tag type of an ACL entry to the
tag type in tagtype with a qualifier as specified by tagqualifier.
If the tag type is ACL_USER_OBJ, ACL_GROUP_OBJ, ACL_OTHER_OBJ, or
ACL_MASK_OBJ the tagqualifier may be passed as a value of NULL.
This function is modelled after the proposed POSIX 1003.6 Draft
standard interface of the same name.
Errors:
EINVAL entryd does not refer to a valid ACL entry.
EINVAL tagtype is not a valid tag type.
int aclfromexport (char *buf,
aclpackagetypet packtype,
aclt acld)
The aclfromexport() function translates the exportable text or data
package referred to by buf into the ACL working storage referred to
by acld. Any ACL in the working storage is overwritten. If there
is insufficient space in the acld working storage for translating
the ACL, then additional memory is allocated.
packtype may be one of the following values defined in <sys/acl.h>:
ACL_TEXT_PACKAGE The ACL format as output by the getacl(1) command.
Any ACL entry descriptors that previously referred to entries within
acld become undefined. This function is modelled after the proposed
POSIX 1003.6 Draft standard interface of the same name.
Errors:
EINVAL acld does not refer to an ACL allocated by aclalloc().
EINVAL packtype is not a valid package type.
ENOMEM The ACL working storage requires more memory than the system
is able to provide.
int aclvalid (aclt acld,
acltypet type,
aclentryt *entrydp)
The aclvalid() function checks the access ACL or the default ACL
referred to by acld for validity. The three required entries
ACL_USER_OBJ, ACL_GROUP_OBJ and ACL_OTHER_OBJ must exist exactly once
in an access ACL. If an access ACL contains four or more entries,
then the ACL_MASK_OBJ entry must exist exactly once. The qualifier
field must be unique among entries of the same tag type. A default
ACL may have zero entries, but if it does have entries they must
Licensed material--property of copyright holder(s) 10
acl_library(3T) C2 Trusted DG/UX 5.4.2T acl_library(3T)
follow the same rules as entries in an access ACL. This function is
modelled after the proposed POSIX 1003.6 Draft standard interface of
the same name.
Errors:
If any of the following conditions occur, the aclvalid() function
sets the location referred to by entrydp to the ACL entry in error.
EINVAL The ACL contains entries that are not unique.
If any of the following conditions occur, the aclvalid() function
sets the location referred to by entrydp to NULL.
EINVAL acld does not refer to an ACL allocated by aclalloc().
EINVAL One or more of the required entries is not present.
int aclwrite (char *path,
acltypet type,
aclt acld)
The aclwrite() function associates an ACL with a file object, or
deletes a default ACL from a directory. path points to the pathname
of the file object. type indicates whether an access or default ACL
is being written. type may be either ACL_TYPE_ACCESS or
ACL_TYPE_DEFAULT.
The entries in the ACL may have been obtained via a call to the
aclread() function, newly created via calls to the
aclcreateentry() function, or by translating text defining an ACL
with aclfromexport(). The argument path specified in the
aclwrite() call is not necessarily the same as the argument path
specified in the aclread() call. The ACL may be otherwise
manipulated by the various ACL functions.
A default ACL may be removed from a directory by writing an ACL
containing zero entries to that directory, i.e., an ACL created by
aclalloc().
The aclwrite() function will succeed only if the ACL is valid as
defined by the aclvalid() function.
Upon successful completion, aclwrite() sets the specified file
object's access ACL or default ACL (whichever is being written) to
that contained in acld. The file object's previous access or default
ACL is no longer in effect. No intermediate state will exist where
the previous ACL and the new ACL, or the previous default ACL and the
new default ACL, coexist in whole or in part. This call may result
in changes to the file's permission bits. If aclwrite() is
unsuccessful, neither the access ACL nor the default ACL of path will
be changed. This function is modelled after the proposed POSIX
Licensed material--property of copyright holder(s) 11
acl_library(3T) C2 Trusted DG/UX 5.4.2T acl_library(3T)
1003.6 Draft standard interface of the same name.
Errors:
EACCES Search permission is denied on a component of the path
prefix.
EACCES Attribute write access to path is denied.
NAMETOOLONG The length of path exceeds {PATH_MAX}, or a pathname
component is longer than {NAME_MAX} while
{POSIX_NO_TRUNC} is in effect.
ENOTDIR A component of the path prefix is not a directory.
ENOTDIR type is ACL_TYPE_DEFAULT and path does not refer to a
directory.
ENOENT The named file object does not exist or path points to
an empty string.
EINVAL acld does not refer to an ACL allocated by aclalloc()
or contains other errors. Use aclvalid() to determine
what errors are in the ACL.
EINVAL type is neither ACL_TYPE_ACCESS nor ACL_TYPE_DEFAULT.
EPERM The effective UID of the process does not match the
owner of the file object and the process does not have
appropriate privilege to write the ACL.
ENOSPC There was not enough space to store the entire ACL from
the working storage during the write of the ACL.
ENOSPC {_POSIX_ACL_PRESENT} is not in effect for path and the
ACL contains more than the three base entries
(ACL_USER_OBJ, ACL_GROUP_OBJ and ACL_OTHER_OBJ).
EROFS The named file object resides on a read-only file
system.
int aclallocated (aclt acld)
The aclallocated() function ensures that acld is a valid aclt
structure as returned by the aclalloc() function. This function is
unique to the Trusted DG/UX system, and may not be portable to other
systems.
Errors:
EINVAL acld is not of a form as allocated by aclalloc().
Licensed material--property of copyright holder(s) 12
acl_library(3T) C2 Trusted DG/UX 5.4.2T acl_library(3T)
int aclinternalcopy (aclt src,
aclt dest)
The aclinternalcopy() function copies the ACL referenced by src
into the ACL working storage referenced by dest. If there is
insufficient space in dest to perform the operation, then additional
memory is allocated. Any ACL previously in dest is overwritten.
This function is unique to the Trusted DG/UX system, and may not be
portable to other systems.
Errors:
EINVAL src or dest is not a valid acld as allocated by aclalloc().
EINVAL src and dest do not have the same structure revision number.
ENOMEM The ACL working storage requires more memory than the system
is able to provide.
Licensed material--property of copyright holder(s) 13