acl_check man page on Ultrix
Printed from http://www.polarhome.com/service/man/?qf=acl_check&af=0&tf=2&of=Ultrix

acl_check(3krb)						       acl_check(3krb)

Name
       acl_check - Access control list (ACL) library routines.

Syntax
	cc <files> -lacl -l krb

	#include <krb.h>

	acl_canonicalize_principal (principal, buf)
	char	 *principal;
	char	 *buf;

	acl_check (acl_file, principal)
	char	  *acl_file;
	char	 *principal;

	acl_exact_match (acl_file, principal)
	char	 *acl_file;
	char	 *principal;

	acl_add (acl_file, principal)
	char	 *acl_file;
	char	 *principal;

	acl_delete (acl_file, principal)
	char	 *acl_file;
	char	 *principal;

	acl_initialize (acl_file, mode)
	char	 *acl_file;
	int	  mode;

	kname_parse (primary_name, instance_name,
			      realm_name, principal)
	char	 *primary_name;
	char	 *instance_name;
	char	 *realm_name;
	char	 *principal;

Arguments
       principal
		The  name of a principal.  Principal names consist of from one
		to three fields.  The first field must be included because  it
		stores the primary name of the principal.  The second field is
		not always required.  It begins with a period (.), and	stores
		the  instance  name  of the principal.	The third field is not
		always required.  It begins with an "at" sign (@), and	stores
		the  realm  name  of the principal.  The principal name format
		can be expressed as:
		name[.instance][@realm]
		For example, all of the names below are	 legitimate  principal
		names:
		venus
		venus.root
		venus@dec.com
		venus.@dec.com
		venus.root@dec.com

       buf	Pointer	 to  the  buffer  that	stores the canonical form of a
		principal name.	 The canonical form is derived from  the  form
		of  a  principal  name.	  Like a principal name, it includes a
		primary name in its first field.  Unlike a principal name,  it
		must  include  an  instance name as its next field even if the
		instance name is blank.	 Also, unlike  a  principal  name,  it
		must  contain  a  realm field.	If a canonical name is derived
		from a principal name that has no realm field, the local realm
		returned  by is used as the realm field in the canonical name.
		Of the above examples, only the	 last  two  are	 in  canonical
		form.

       acl_file The  path  name	 of  the file in which the access control list
		(ACL) is stored.

       mode	If the ACL file, acl_file, does not currently  exist  when  is
		called,	 the  file  acl_file, is created with read, write, and
		access mode bits set equal to mode.

       primary_name
		The primary name portion of principal,	returned  by  ANAME_SZ
		bytes of storage space must be allocated for primary_name.

       instance_name
		The  instance  name of principal, returned by INST_SZ bytes of
		storage space must be allocated for instance_name.

       realm_name
		The realm name of principal, returned  by  REALM_SZ  bytes  of
		storage space must be allocated for realm_name.

Description
       The routines of the library allow you to perform various administrative
       functions on an access control list (ACL). An ACL is a list of Kerberos
       principals  in  which  each  principal is represented by a text string.
       The routines of this library allow application  programs	 to  refer  to
       named  ACLs  to	test whether a principal is a member of an ACL, and to
       add or delete principals from the ACL file.

       The routines of the acl_check library are:

       acl_canonicalize_principal
	      Stores the canonical form of the principal name  pointed	to  by
	      principal	 in  the  buffer  pointed to by buf.  This buffer must
	      contain enough space to store a full  canonical  principal  name
	      (MAX_PRINCIPAL_SIZE   characters).    No	 meaningful  value  is
	      returned by

       acl_check
	      Verifies that the principal name, principal, appears in the  ACL
	      file,  acl_file.	This routine returns a zero (0) if the princi‐
	      pal does not appear in the ACL, or if there is an	 error	condi‐
	      tion.   If  the  principal  is a member of the ACL, a one (1) is
	      returned.	 The acl_check routine always canonicalizes a  princi‐
	      pal  before  trying  to  find  it in the ACL.  will determine if
	      there is an ACL entry in	the  acl_file  which  exactly  matches
	      principal, principal, or if principal matches an ACL entry which
	      contains a wildcard.  A wildcard appears in  place  of  a	 field
	      name  in	an ACL entry and is represented as an asterisk (*).  A
	      wildcard in a field name of an ACL entry allows the ACL entry to
	      match a principal name that contains anything in that particular
	      field.  For example, if there is an entry, in the ACL, the prin‐
	      cipals,  and would be included in the ACL.  The use of wildcards
	      is limited, for they may be used in  only	 the  three  following
	      configurations in an ACL file:
	      name.*@realm
	      *.*@realm
	      *.*@*

       acl_exact_match
	      Verifies	that  principal	 name,	principal,  appears in the ACL
	      file, This routine returns a zero (0) if the principal does  not
	      appear  in the ACL, or if any error occurs.  If the principal is
	      a member of the ACL, returns a non-zero.	The routine  does  not
	      canonicalize  a principal before the ACL checks are made, and it
	      does not support wildcards.  Only an exact match is  acceptable.
	      So,  for	example,  if  there  is an entry, in the ACL, only the
	      principal would match the ACL entry.  This routine makes it easy
	      to find ACL entries with wildcards.

       acl_add
	      Adds  the	 principal name, principal, to the ACL file, acl_file.
	      This routine returns a zero (0)  if  it  successfully  adds  the
	      principal	 to  the  ACL.	 Otherwise,  if	 there was an internal
	      error, or if the principal is already in the  ACL,  the  routine
	      returns  a  non-zero value.  The routine canonicalizes a princi‐
	      pal, but treats wildcards literally.

       acl_delete
	      Deletes the principal, principal, from the ACL  file,  acl_file.
	      The  routine  returns  a zero (0) if it successfully deletes the
	      principal from the ACL.  Otherwise, if  there  was  an  internal
	      error or if the principal is not in the ACL, the acl_delete rou‐
	      tine returns a non-zero  value.	The  routine  canonicalizes  a
	      principal, but treats wildcards literally.

       acl_initialize
	      Initializes  the ACL file, acl_file.  If the named acl_file does
	      not exist, acl_initialize creates one with the permissions spec‐
	      ified  by	 the mode argument.  If the ACL exists, acl_initialize
	      removes all previously stored principal  members	of  the	 list.
	      This routine returns a zero (0) if successful or a nonzero if it
	      fails.

       kname_parse
	      parses the principal name, principal,  and  stores  the  primary
	      name  of	the  principal in principal_name, the instance name of
	      the principal in instance_name, and the realm name of the	 prin‐
	      cipal in realm_name.  returns KNAME_FMT if the principal name is
	      incorrectly formatted or if it is too long  to  be  a  principal
	      name.   It returns KSUCCESS if the parsing of the principal name
	      succeeded.

See Also
       kerberos(3krb), krb_get_lrealm(3krb)

							       acl_check(3krb)
[top]

List of man pages available for Ultrix

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net