1.\"- 2.\" Copyright (c) 2000 Robert N. M. Watson 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" 26.\" $FreeBSD: src/lib/libposix1e/acl_valid.3,v 1.2.2.5 2001/12/20 16:27:06 ru Exp $ 27.\" $DragonFly: src/lib/libposix1e/acl_valid.3,v 1.3 2004/03/11 12:28:52 hmp Exp $ 28.\" 29.Dd January 28, 2000 30.Dt ACL_VALID 3 31.Os 32.Sh NAME 33.Nm acl_valid , 34.Nm acl_valid_fd_np , 35.Nm acl_valid_file_np 36.Nd validate an ACL 37.Sh LIBRARY 38.Lb libposix1e 39.Sh SYNOPSIS 40.In sys/types.h 41.In sys/acl.h 42.Ft int 43.Fn acl_valid "acl_t acl" 44.Ft int 45.Fn acl_valid_fd_np "int fd" "acl_type_t type" "acl_t acl" 46.Ft int 47.Fn acl_valid_file_np "const char *path_p" "acl_type_t type" "acl_t acl" 48.Sh DESCRIPTION 49These functions check that the ACL referred to by the argument 50.Va acl 51is valid. The POSIX.1e routine, 52.Fn acl_valid , 53checks this validity only with POSIX.1e ACL semantics, and irrespective 54of the context in which the ACL is to be used. The non-portable forms, 55.Fn acl_valid_fd_np 56and 57.Fn acl_valid_file_np , 58allow an ACL to be checked in the context of a specific acl type, 59.Va type , 60and file system object. In environments where additional ACL types are 61supported than just POSIX.1e, this makes more sense. 62.Pp 63For POSIX.1e semantics, the checks include: 64.Bd -literal -offset indent 65The three required entries (ACL_USER_OBJ, ACL_GROUP_OBJ, 66and ACL_OTHER) shall exist exactly once in the ACL. If 67the ACL contains any ACL_USER, ACL_GROUP, or any other 68implementation-defined entries in the file group class 69then one ACL_MASK entry shall also be required. The ACL 70shall contain at most on ACL_MASK entry. 71.Pp 72The qualifier field shall be unique among all entries of 73the same POSIX.1e ACL facility defined tag type. The 74tag type field shall contain valid values including any 75implementation-defined values. Validation of the values 76of the qualifier field is implementation-defined. 77.Ed 78.Pp 79The POSIX.1e 80.Fn acl_valid 81function may reorder the ACL for the purposes of verification; the 82non-portable validation functions will not. 83.Sh IMPLEMENTATION NOTES 84.Dx Ns 's 85support for POSIX.1e interfaces and features is still under 86development at this time. 87.Sh RETURN VALUES 88.Rv -std 89.Sh ERRORS 90If any of the following conditions occur, these functions shall return 91-1 and set 92.Va errno 93to the corresponding value: 94.Bl -tag -width Er 95.It Bq Er EACCES 96Search permission is denied for a component of the path prefix, or the 97object exists and the process does not have appropriate access rights. 98.It Bq Er EBADF 99The 100.Va fd 101argument is not a valid file descriptor. 102.It Bq Er EINVAL 103Argument 104.Va acl 105does not point to a valid ACL. 106.Pp 107One or more of the required ACL entries is not present in 108.Va acl . 109.Pp 110The ACL contains entries that are not unique. 111.Pp 112The file system rejects the ACL based on fs-specific semantics issues. 113.It Bq Er ENAMETOOLONG 114A component of a pathname exceeded 255 characters, or an 115entire path name exceeded 1023 characters. 116.It Bq Er ENOENT 117The named object does not exist, or the 118.Va path_p 119argument points to an empty string. 120.It Bq Er ENOMEM 121Insufficient memory available to fulfill request. 122.It Bq Er EOPNOTSUPP 123The file system does not support ACL retrieval. 124.El 125.Sh SEE ALSO 126.Xr acl 3 , 127.Xr acl_get 3 , 128.Xr acl_init 3 , 129.Xr acl_set 3 , 130.Xr posix1e 3 131.Sh STANDARDS 132POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion 133of the draft continues on the cross-platform POSIX.1e implementation 134mailing list. To join this list, see the 135.Fx 136POSIX.1e implementation 137page for more information. 138.Sh HISTORY 139POSIX.1e support was introduced in 140.Fx 4.0 , 141and development continues. 142.Sh AUTHORS 143.An Robert N M Watson 144.Sh BUGS 145These features are not yet fully implemented. In particular, the shipped 146version of UFS/FFS does not support storage of additional security labels, 147and so is unable to (easily) provide support for most of these features. 148