xref: /titanic_44/usr/src/man/man3sec/aclcheck.3sec (revision 5fd03bc0f2e00e7ba02316c2e08f45d52aab15db)
te
Copyright (c) 2001, Sun Microsystems, Inc.
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
ACLCHECK 3SEC "Dec 10, 2001"
NAME
aclcheck - check the validity of an ACL
SYNOPSIS

cc [ flag... ] file... -lsec [ library... ]
#include <sys/acl.h>

int aclcheck(aclent_t *aclbufp, int nentries, int *which);
DESCRIPTION

The aclcheck() function checks the validity of an ACL pointed to by aclbufp. The nentries argument is the number of entries contained in the buffer. The which parameter returns the index of the first entry that is invalid.

The function verifies that an ACL pointed to by aclbufp is valid according to the following rules:

There must be exactly one GROUP_OBJ ACL entry.

There must be exactly one USER_OBJ ACL entry.

There must be exactly one OTHER_OBJ ACL entry.

If there are any GROUP ACL entries, then the group ID in each group ACL entry must be unique.

If there are any USER ACL entries, then the user ID in each user ACL entry must be unique.

If there are any GROUP or USER ACL entries, then there must be exactly one CLASS_OBJ (ACL mask) entry.

If there are any default ACL entries, then the following apply:

There must be exactly one default GROUP_OBJ ACL entry.

There must be exactly one default OTHER_OBJ ACL entry.

There must be exactly one default USER_OBJ ACL entry.

If there are any DEF_GROUP entries, then the group ID in each DEF_GROUP ACL entry must be unique.

If there are any DEF_USER entries, then the user ID in each DEF_USER ACL entry must be unique.

If there are any DEF_GROUP or DEF_USER entries, then there must be exactly one DEF_CLASS_OBJ (default ACL mask) entry.

If any of the above rules are violated, then the function fails with errno set to EINVAL.

RETURN VALUES

If the ACL is valid, alcheck() will return 0. Otherwise errno is set to EINVAL and return code is set to one of the following: GRP_ERROR

There is more than one GROUP_OBJ or DEF_GROUP_OBJ ACL entry.

USER_ERROR

There is more than one USER_OBJ or DEF_USER_OBJ ACL entry.

CLASS_ERROR

There is more than one CLASS_OBJ (ACL mask) or DEF_CLASS_OBJ (default ACL mask) entry.

OTHER_ERROR

There is more than one OTHER_OBJ or DEF_OTHER_OBJ ACL entry.

DUPLICATE_ERROR

Duplicate entries of USER, GROUP, DEF_USER, or DEF_GROUP.

ENTRY_ERROR

The entry type is invalid.

MISS_ERROR

Missing an entry. The which parameter returns -1 in this case.

MEM_ERROR

The system cannot allocate any memory. The which parameter returns -1 in this case.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Evolving
MT-Level Unsafe
SEE ALSO

acl(2), aclsort(3SEC), attributes(5)