aclx_get or aclx_fget Subroutine

Purpose

Gets the access control information for a file system object.

Library

Security Library (libc.a)

Syntax

#include <sys/acl.h>
int aclx_get (Path, ctl_flags, acl_type, acl, acl_sz,  mode_info)
char * Path;
uint64_t   ctl_flags;
acl_type_t  * acl_type;
void * acl;
size_t  * acl_sz;
mode_t  * mode_info;
int aclx_fget (FileDescriptor, ctl_flags, acl_type, acl, acl_sz,  mode_info)
int  FileDescriptor;
uint64_t   ctl_flags;
acl_type_t  * acl_type;
void * acl;
size_t  * acl_sz;
mode_t  * mode_info;

Description

The aclx_get and aclx_fget subroutines retrieve the access control information for a file system object in the native ACL format. Native ACL format is the format as defined for the particular ACL type in the system. These subroutines are advanced versions of the acl_get and acl_fget subroutines and should be used instead of the older versions. The aclx_get and aclx_fget subroutines provide for more control for the user to interact with the underlying file system directly.

In the earlier versions (acl_get or acl_fget), OS libraries found out the ACL size from the file system and allocated the required memory buffer space to hold the ACL information. The caller does all this now with the aclx_get and aclx_fget subroutines. Callers are responsible for finding out the size and allocating memory for the ACL information, and later freeing the same memory after it is used. These subroutines allow for an acl_type input and output argument. The data specified in this argument can be set to a particular ACL type and a request for the ACL on the file system object of the same type. Some physical file systems might do emulation to return the ACL type requested, if the ACL type that exists on the file system object is different. If the acl_type pointer points to a data area with a value of ACL_ANY or 0, then the underlying physical file system has to return the type of the ACL associated with the file system object.

The ctl_flags parameter is a bit mask that allows for control over the aclx_get requests.

The value returned by these subroutines can be use as an argument to the aclx_get or aclx_fget subroutines to copy or restore the access control information.

Parameters

Item Description
Path Specifies the path name of the file system object.
FileDescriptor Specifies the file descriptor of an open file.
ctl_flags This 64-bit sized bit mask provides control over the ACL retrieval. The following flag value is defined:
GET_ACLINFO_ONLY
Gets only the ACL type and length information from the underlying file system. When this bit is set, the acl argument can be set to NULL. In all other cases, these must be valid buffer pointers (or else an error is returned). If this bit is not specified, then all the other information about the ACL, such as ACL data and mode information, is returned.
acl_type Points to a buffer that will hold ACL type information. The ACL type is 64 bits in size and is unique on the system. The caller can provide an ACL type in this area and a request for the ACL on the file system object of the same type. If the ACL type requested does not match the one on the file system object, the physical file system might return an error or emulate and provide the ACL information in the ACL type format requested. If the caller does not know the ACL type and wants to retrieve the ACL associated with the file system object, then the caller should set the buffer value pointed to by acl_type to ACL_ANY or 0.

The supported ACL types are ACLX and NFS4.

acl Points to a buffer where the ACL retrieved is stored. The size of this buffer is indicated by the acl_sz parameter.
acl_sz Indicates the size of the buffer area passed through the acl parameter.
mode_info Pointer to a buffer where the mode word associated with the file system object is returned. Note that this mode word's meaning and formations depend entirely on the ACL type concerned.

Return Values

On successful completion, the aclx_get and aclx_get subroutines return a value of 0. Otherwise, -1 is returned and the errno global variable is set to indicate the error.

Error Codes

The aclx_get subroutine fails if one or more of the following is true:

Item Description
EACCES Search permission is denied on a component of the Path prefix.
EFAULT The Path parameter points to a location outside of the allocated address space of the process.
ELOOP Too many symbolic links were encountered in translating the Path parameter.
ENAMETOOLONG A component of the Path parameter exceeded 255 characters, or the entire Path parameter exceeded 1023 characters.
ENOENT A component of the Path does not exist or has the disallow truncation attribute (see the ulimit subroutine).
ENOENT The Path parameter was null.
ENOENT A symbolic link was named, but the file to which it refers does not exist.
ENOTDIR A component of the Path prefix is not a directory.
ESTALE The process' root or current directory is located in a virtual file system that has been unmounted.

The aclx_fget subroutine fails if the following is true:

Item Description
EBADF The FileDescriptor parameter is not a valid file descriptor.

The aclx_get or aclx_fget subroutine fails if one or more of the following is true:

Item Description
EINVAL Invalid input parameter. The same error can be returned if an invalid acl_type is specified as input to this routine.
EIO An I/O error occurred during the operation.
ENOSPC Input buffer size acl_sz is not sufficient to store the ACL data in acl.

If Network File System (NFS) is installed on your system, the aclx_get and aclx_fget subroutines can also fail if the following condition is true:

Item Description
ETIMEDOUT The connection timed out.

Security

Access Control: The invoker must have search permission for all components of the Path prefix.

Auditing Events: None