/* * Copyright (c) 2004 Apple Computer, Inc. All rights reserved. * * @APPLE_LICENSE_HEADER_START@ * * The contents of this file constitute Original Code as defined in and * are subject to the Apple Public Source License Version 1.1 (the * "License"). You may not use this file except in compliance with the * License. Please obtain a copy of the License at * http://www.apple.com/publicsource and read it before using this file. * * This Original Code and all software distributed under the License are * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the * License for the specific language governing rights and limitations * under the License. * * @APPLE_LICENSE_HEADER_END@ */ #ifndef _ACLVAR_H #define _ACLVAR_H #include #define _ACL_HEADER_SIZE sizeof(struct kauth_filesec) #define _ACL_ENTRY_SIZE sizeof(struct kauth_ace) /* * Internal access control list entry representation. */ struct _acl_entry { u_int32_t ae_magic; #define _ACL_ENTRY_MAGIC 0xac1ac101 u_int32_t ae_tag; guid_t ae_applicable; u_int32_t ae_flags; u_int32_t ae_perms; }; /* * Internal representation of an ACL. * XXX static allocation is wasteful. */ struct _acl { u_int32_t a_magic; #define _ACL_ACL_MAGIC 0xac1ac102 unsigned a_entries; int a_last_get; u_int32_t a_flags; struct _acl_entry a_ace[ACL_MAX_ENTRIES]; }; /* * ACL/entry flags. */ struct _acl_flagset { u_int32_t af_flags; }; /* * ACL entry permissions. */ struct _acl_permset { u_int32_t ap_perms; }; /* * Argument validation. */ #define _ACL_VALID_ENTRY(_e) ((_e)->ae_magic == _ACL_ENTRY_MAGIC) #define _ACL_VALID_ACL(_a) ((_a)->a_magic == _ACL_ACL_MAGIC) #define _ACL_ENTRY_CONTAINED(_a, _e) \ ((_e) >= &(_a)->a_ace[0]) && ((_e) < &(_a)->a_ace[ACL_MAX_ENTRIES]) #define _ACL_VALID_FLAG(_f) (((_f) & _ACL_FLAGS_MASK) == (_f)) #define _ACL_VALID_ENTRY_FLAG(_f) (((_f) & _ACL_ENTRY_FLAGS_MASK) == (_f)) #define _ACL_PERMS_MASK (ACL_READ_DATA | \ ACL_LIST_DIRECTORY | \ ACL_WRITE_DATA | \ ACL_ADD_FILE | \ ACL_EXECUTE | \ ACL_SEARCH | \ ACL_DELETE | \ ACL_APPEND_DATA | \ ACL_ADD_SUBDIRECTORY | \ ACL_DELETE_CHILD | \ ACL_READ_ATTRIBUTES | \ ACL_WRITE_ATTRIBUTES | \ ACL_READ_EXTATTRIBUTES | \ ACL_WRITE_EXTATTRIBUTES | \ ACL_READ_SECURITY | \ ACL_WRITE_SECURITY | \ ACL_CHANGE_OWNER) #define _ACL_VALID_PERM(_f) (((_f) & ~_ACL_PERMS_MASK) == 0) #define _ACL_VALIDATE_ACL(_a) \ do { \ if (!_ACL_VALID_ACL((_a))) { \ errno = EINVAL; \ return(-1); \ } \ } while (0) #define _ACL_VALIDATE_ENTRY(_e) \ do { \ if (!_ACL_VALID_ENTRY((_e))) { \ errno = EINVAL; \ return(-1); \ } \ } while (0) #define _ACL_VALIDATE_ENTRY_CONTAINED(_a, _e) \ do { \ if (!_ACL_ENTRY_CONTAINED((_a), (_e))) { \ errno = EINVAL; \ return(-1); \ } \ } while (0) #define _ACL_VALIDATE_FLAG(_f) \ do { \ if (!_ACL_VALID_FLAG((_f))) { \ errno = EINVAL; \ return(-1); \ } \ } while (0) #define _ACL_VALIDATE_ENTRY_FLAG(_f) \ do { \ if (!_ACL_VALID_ENTRY_FLAG((_f))) { \ errno = EINVAL; \ return(-1); \ } \ } while (0) #define _ACL_VALIDATE_PERM(_f) \ do { \ if (!_ACL_VALID_PERM((_f))) { \ errno = EINVAL; \ return(-1); \ } \ } while (0) #endif /* _ACLVAR_H */