#ifndef _ACLVAR_H
#define _ACLVAR_H
#include <sys/kauth.h>
struct _acl_entry {
u_int32_t ae_magic;
#define _ACL_ENTRY_MAGIC 0xac1ac101
u_int32_t ae_tag;
guid_t ae_applicable;
u_int32_t ae_flags;
u_int32_t ae_perms;
};
struct _acl {
u_int32_t a_magic;
#define _ACL_ACL_MAGIC 0xac1ac102
unsigned a_entries;
int a_last_get;
u_int32_t a_flags;
struct _acl_entry a_ace[ACL_MAX_ENTRIES];
};
struct _acl_flagset {
u_int32_t af_flags;
};
struct _acl_permset {
u_int32_t ap_perms;
};
#define _ACL_SPECIAL_RANGE 16
#define _ACL_VALID_ENTRY(_e) ((((intptr_t)(_e)) > _ACL_SPECIAL_RANGE || ((intptr_t)(_e)) < -(_ACL_SPECIAL_RANGE)) && (_e)->ae_magic == _ACL_ENTRY_MAGIC)
#define _ACL_VALID_ACL(_a) ((((intptr_t)(_a)) > _ACL_SPECIAL_RANGE || ((intptr_t)(_a)) < -(_ACL_SPECIAL_RANGE)) && (_a)->a_magic == _ACL_ACL_MAGIC)
#define _ACL_ENTRY_CONTAINED(_a, _e) \
((_e) >= &(_a)->a_ace[0]) && ((_e) < &(_a)->a_ace[ACL_MAX_ENTRIES])
#define _ACL_VALID_FLAG(_f) (((_f) & _ACL_FLAGS_MASK) == (_f))
#define _ACL_VALID_ENTRY_FLAG(_f) (((_f) & _ACL_ENTRY_FLAGS_MASK) == (_f))
#define _ACL_PERMS_MASK (ACL_READ_DATA | \
ACL_LIST_DIRECTORY | \
ACL_WRITE_DATA | \
ACL_ADD_FILE | \
ACL_EXECUTE | \
ACL_SEARCH | \
ACL_DELETE | \
ACL_APPEND_DATA | \
ACL_ADD_SUBDIRECTORY | \
ACL_DELETE_CHILD | \
ACL_READ_ATTRIBUTES | \
ACL_WRITE_ATTRIBUTES | \
ACL_READ_EXTATTRIBUTES | \
ACL_WRITE_EXTATTRIBUTES | \
ACL_READ_SECURITY | \
ACL_WRITE_SECURITY | \
ACL_CHANGE_OWNER | \
ACL_SYNCHRONIZE)
#define _ACL_VALID_PERM(_f) (((_f) & ~_ACL_PERMS_MASK) == 0)
#define _ACL_VALIDATE_ACL(_a) \
do { \
if (!_ACL_VALID_ACL((_a))) { \
errno = EINVAL; \
return(-1); \
} \
} while (0)
#define _ACL_VALIDATE_ENTRY(_e) \
do { \
if (!_ACL_VALID_ENTRY((_e))) { \
errno = EINVAL; \
return(-1); \
} \
} while (0)
#define _ACL_VALIDATE_ENTRY_CONTAINED(_a, _e) \
do { \
if (!_ACL_ENTRY_CONTAINED((_a), (_e))) { \
errno = EINVAL; \
return(-1); \
} \
} while (0)
#define _ACL_VALIDATE_FLAG(_f) \
do { \
if (!_ACL_VALID_FLAG((_f))) { \
errno = EINVAL; \
return(-1); \
} \
} while (0)
#define _ACL_VALIDATE_ENTRY_FLAG(_f) \
do { \
if (!_ACL_VALID_ENTRY_FLAG((_f))) { \
errno = EINVAL; \
return(-1); \
} \
} while (0)
#define _ACL_VALIDATE_PERM(_f) \
do { \
if (!_ACL_VALID_PERM((_f))) { \
errno = EINVAL; \
return(-1); \
} \
} while (0)
#endif