head 1.2; access; symbols perseant-exfatfs-base-20250801:1.2 perseant-exfatfs-base-20240630:1.2 perseant-exfatfs:1.2.0.46 perseant-exfatfs-base:1.2 cjep_sun2x:1.2.0.44 cjep_sun2x-base:1.2 cjep_staticlib_x-base1:1.2 cjep_staticlib_x:1.2.0.42 cjep_staticlib_x-base:1.2 phil-wifi-20200421:1.2 phil-wifi-20200411:1.2 phil-wifi-20200406:1.2 pgoyette-compat-merge-20190127:1.2 pgoyette-compat-20190127:1.2 pgoyette-compat-20190118:1.2 pgoyette-compat-1226:1.2 pgoyette-compat-1126:1.2 pgoyette-compat-1020:1.2 pgoyette-compat-0930:1.2 pgoyette-compat-0906:1.2 pgoyette-compat-0728:1.2 pgoyette-compat-0625:1.2 pgoyette-compat-0521:1.2 pgoyette-compat-0502:1.2 pgoyette-compat-0422:1.2 pgoyette-compat-0415:1.2 pgoyette-compat-0407:1.2 pgoyette-compat-0330:1.2 pgoyette-compat-0322:1.2 pgoyette-compat-0315:1.2 pgoyette-compat:1.2.0.40 pgoyette-compat-base:1.2 perseant-stdc-iso10646:1.2.0.38 perseant-stdc-iso10646-base:1.2 prg-localcount2-base3:1.2 prg-localcount2-base2:1.2 prg-localcount2-base1:1.2 prg-localcount2:1.2.0.36 prg-localcount2-base:1.2 pgoyette-localcount-20170426:1.2 bouyer-socketcan-base1:1.2 pgoyette-localcount-20170320:1.2 bouyer-socketcan:1.2.0.34 bouyer-socketcan-base:1.2 pgoyette-localcount-20170107:1.2 pgoyette-localcount-20161104:1.2 localcount-20160914:1.2 pgoyette-localcount-20160806:1.2 pgoyette-localcount-20160726:1.2 pgoyette-localcount:1.2.0.32 pgoyette-localcount-base:1.2 netbsd-5-2-3-RELEASE:1.2 netbsd-5-1-5-RELEASE:1.2 yamt-pagecache-base9:1.2 yamt-pagecache-tag8:1.2 tls-earlyentropy:1.2.0.28 tls-earlyentropy-base:1.2 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.2 riastradh-drm2-base3:1.2 netbsd-5-2-2-RELEASE:1.2 netbsd-5-1-4-RELEASE:1.2 netbsd-5-2-1-RELEASE:1.2 netbsd-5-1-3-RELEASE:1.2 agc-symver:1.2.0.30 agc-symver-base:1.2 tls-maxphys-base:1.2 yamt-pagecache-base8:1.2 netbsd-5-2:1.2.0.26 yamt-pagecache-base7:1.2 netbsd-5-2-RELEASE:1.2 netbsd-5-2-RC1:1.2 yamt-pagecache-base6:1.2 yamt-pagecache-base5:1.2 yamt-pagecache-base4:1.2 netbsd-5-1-2-RELEASE:1.2 netbsd-5-1-1-RELEASE:1.2 yamt-pagecache-base3:1.2 yamt-pagecache-base2:1.2 yamt-pagecache:1.2.0.24 yamt-pagecache-base:1.2 bouyer-quota2-nbase:1.2 bouyer-quota2:1.2.0.22 bouyer-quota2-base:1.2 matt-nb5-pq3:1.2.0.20 matt-nb5-pq3-base:1.2 netbsd-5-1:1.2.0.18 netbsd-5-1-RELEASE:1.2 netbsd-5-1-RC4:1.2 netbsd-5-1-RC3:1.2 netbsd-5-1-RC2:1.2 netbsd-5-1-RC1:1.2 netbsd-5-0-2-RELEASE:1.2 netbsd-5-0-1-RELEASE:1.2 jym-xensuspend-nbase:1.2 netbsd-5-0:1.2.0.16 netbsd-5-0-RELEASE:1.2 netbsd-5-0-RC4:1.2 netbsd-5-0-RC3:1.2 netbsd-5-0-RC2:1.2 jym-xensuspend:1.2.0.14 jym-xensuspend-base:1.2 netbsd-5-0-RC1:1.2 netbsd-5:1.2.0.12 netbsd-5-base:1.2 mjf-devfs2:1.2.0.10 mjf-devfs2-base:1.2 yamt-pf42-base4:1.2 yamt-pf42-base3:1.2 hpcarm-cleanup-nbase:1.2 yamt-pf42-base2:1.2 yamt-pf42:1.2.0.8 yamt-pf42-base:1.2 keiichi-mipv6:1.2.0.6 keiichi-mipv6-base:1.2 cube-autoconf:1.2.0.4 cube-autoconf-base:1.2 hpcarm-cleanup:1.2.0.2 hpcarm-cleanup-base:1.2 krb4-1-1:1.1.1.1 KTH-KRB:1.1.1; locks; strict; comment @# @; 1.2 date 2001.09.24.12.37.57; author wiz; state dead; branches; next 1.1; 1.1 date 2001.09.17.12.09.53; author assar; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2001.09.17.12.09.53; author assar; state Exp; branches; next ; desc @@ 1.2 log @Remove formatted man pages. Ok'd by joda. @ text @ ACL_CHECK(3) ACL_CHECK(3) NAME acl_canonicalize_principal, acl_check, acl_exact_match, acl_add, acl_delete, acl_initialize - Access control list routines SYNOPSIS cccc <> --llaaccll --llkkrrbb ##iinncclluuddee <> aaccll__ccaannoonniiccaalliizzee__pprriinncciippaall((pprriinncciippaall,, bbuuff)) cchhaarr **pprriinncciippaall;; cchhaarr **bbuuff;; aaccll__cchheecckk((aaccll,, pprriinncciippaall)) cchhaarr **aaccll;; cchhaarr **pprriinncciippaall;; aaccll__eexxaacctt__mmaattcchh((aaccll,, pprriinncciippaall)) cchhaarr **aaccll;; cchhaarr **pprriinncciippaall;; aaccll__aadddd((aaccll,, pprriinncciippaall)) cchhaarr **aaccll;; cchhaarr **pprriinncciippaall;; aaccll__ddeelleettee((aaccll,, pprriinncciippaall)) cchhaarr **aaccll;; cchhaarr **pprriinncciippaall;; aaccll__iinniittiiaalliizzee((aaccll__ffiillee,, mmooddee)) cchhaarr **aaccll__ffiillee;; iinntt mmooddee;; DESCRIPTION Introduction An access control list (ACL) is a list of principals, where each principal is represented by a text string which cannot contain whitespace. The library allows application programs to refer to named access control lists to test membership and to atomically add and delete principals using a nat- ural and intuitive interface. At present, the names of access control lists are required to be Unix filenames, and refer to human-readable Unix files; in the future, when a networked ACL server is implemented, the names may refer to a different namespace specific to the ACL service. Principal Names Principal names have the form [.][@@] e.g.: asp asp.root asp@@ATHENA.MIT.EDU asp.@@ATHENA.MIT.EDU asp.root@@ATHENA.MIT.EDU It is possible for principals to be underspecified. If an instance is missing, it is assumed to be "". If realm is missing, it is assumed to be the local realm as determined by _k_r_b___g_e_t___l_r_e_a_l_m(3). The canonical form contains all of name, instance, and realm; the acl_add and acl_delete rou- tines will always leave the file in that form. Note that the canonical form of asp@@ATHENA.MIT.EDU is actually asp.@@ATHENA.MIT.EDU. Routines _a_c_l___c_a_n_o_n_i_c_a_l_i_z_e___p_r_i_n_c_i_p_a_l stores the canonical form of _p_r_i_n_c_i_p_a_l in _b_u_f. _B_u_f must contain enough space to store a principal, given the limits on the sizes of name, instance, and realm specified as ANAME_SZ, INST_SZ, and REALM_SZ, respectively, in _/_u_s_r_/_i_n_c_l_u_d_e_/_k_r_b_._h. _a_c_l___c_h_e_c_k returns nonzero if _p_r_i_n_c_i_p_a_l appears in _a_c_l. Returns 0 if prin- cipal does not appear in acl, or if an error occurs. Canonicalizes princi- pal before checking, and allows the ACL to contain wildcards. The only supported wildcards are entries of the form name.*@@realm, *.*@@realm, and *.*@@*. An asterisk matches any value for the its component field. For example, "jtkohl.*@@*" would match principal jtkohl, with any instance and any realm. _a_c_l___e_x_a_c_t___m_a_t_c_h performs like _a_c_l___c_h_e_c_k, but does no canonicalization or wildcard matching. _a_c_l___a_d_d atomically adds _p_r_i_n_c_i_p_a_l to _a_c_l. Returns 0 if successful, nonzero otherwise. It is considered a failure if _p_r_i_n_c_i_p_a_l is already in _a_c_l. This routine will canonicalize _p_r_i_n_c_i_p_a_l, but will treat wildcards liter- ally. _a_c_l___d_e_l_e_t_e atomically deletes _p_r_i_n_c_i_p_a_l from _a_c_l. Returns 0 if successful, nonzero otherwise. It is considered a failure if _p_r_i_n_c_i_p_a_l is not already in _a_c_l. This routine will canonicalize _p_r_i_n_c_i_p_a_l, but will treat wildcards literally. _a_c_l___i_n_i_t_i_a_l_i_z_e initializes _a_c_l___f_i_l_e. If the file _a_c_l___f_i_l_e does not exist, _a_c_l___i_n_i_t_i_a_l_i_z_e creates it with mode _m_o_d_e. If the file _a_c_l___f_i_l_e exists, _a_c_l___i_n_i_t_i_a_l_i_z_e removes all members. Returns 0 if successful, nonzero oth- erwise. WARNING: Mode argument is likely to change with the eventual introduction of an ACL service. NOTES In the presence of concurrency, there is a very small chance that _a_c_l___a_d_d or _a_c_l___d_e_l_e_t_e could report success even though it would have had no effect. This is a necessary side effect of using lock files for concurrency control rather than flock(2), which is not supported by NFS. The current implementation caches ACLs in memory in a hash-table format for increased efficiency in checking membership; one effect of the caching scheme is that one file descriptor will be kept open for each ACL cached, up to a maximum of 8. SEE ALSO kerberos(3), krb_get_lrealm(3) AUTHOR James Aspnes (MIT Project Athena) @ 1.1 log @Initial revision @ text @@ 1.1.1.1 log @import krb4-1.1 @ text @@