head 1.2; access; symbols perseant-exfatfs-base-20250801:1.2 perseant-exfatfs-base-20240630:1.2 perseant-exfatfs:1.2.0.46 perseant-exfatfs-base:1.2 cjep_sun2x:1.2.0.44 cjep_sun2x-base:1.2 cjep_staticlib_x-base1:1.2 cjep_staticlib_x:1.2.0.42 cjep_staticlib_x-base:1.2 phil-wifi-20200421:1.2 phil-wifi-20200411:1.2 phil-wifi-20200406:1.2 pgoyette-compat-merge-20190127:1.2 pgoyette-compat-20190127:1.2 pgoyette-compat-20190118:1.2 pgoyette-compat-1226:1.2 pgoyette-compat-1126:1.2 pgoyette-compat-1020:1.2 pgoyette-compat-0930:1.2 pgoyette-compat-0906:1.2 pgoyette-compat-0728:1.2 pgoyette-compat-0625:1.2 pgoyette-compat-0521:1.2 pgoyette-compat-0502:1.2 pgoyette-compat-0422:1.2 pgoyette-compat-0415:1.2 pgoyette-compat-0407:1.2 pgoyette-compat-0330:1.2 pgoyette-compat-0322:1.2 pgoyette-compat-0315:1.2 pgoyette-compat:1.2.0.40 pgoyette-compat-base:1.2 perseant-stdc-iso10646:1.2.0.38 perseant-stdc-iso10646-base:1.2 prg-localcount2-base3:1.2 prg-localcount2-base2:1.2 prg-localcount2-base1:1.2 prg-localcount2:1.2.0.36 prg-localcount2-base:1.2 pgoyette-localcount-20170426:1.2 bouyer-socketcan-base1:1.2 pgoyette-localcount-20170320:1.2 bouyer-socketcan:1.2.0.34 bouyer-socketcan-base:1.2 pgoyette-localcount-20170107:1.2 pgoyette-localcount-20161104:1.2 localcount-20160914:1.2 pgoyette-localcount-20160806:1.2 pgoyette-localcount-20160726:1.2 pgoyette-localcount:1.2.0.32 pgoyette-localcount-base:1.2 netbsd-5-2-3-RELEASE:1.2 netbsd-5-1-5-RELEASE:1.2 yamt-pagecache-base9:1.2 yamt-pagecache-tag8:1.2 tls-earlyentropy:1.2.0.28 tls-earlyentropy-base:1.2 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.2 riastradh-drm2-base3:1.2 netbsd-5-2-2-RELEASE:1.2 netbsd-5-1-4-RELEASE:1.2 netbsd-5-2-1-RELEASE:1.2 netbsd-5-1-3-RELEASE:1.2 agc-symver:1.2.0.30 agc-symver-base:1.2 tls-maxphys-base:1.2 yamt-pagecache-base8:1.2 netbsd-5-2:1.2.0.26 yamt-pagecache-base7:1.2 netbsd-5-2-RELEASE:1.2 netbsd-5-2-RC1:1.2 yamt-pagecache-base6:1.2 yamt-pagecache-base5:1.2 yamt-pagecache-base4:1.2 netbsd-5-1-2-RELEASE:1.2 netbsd-5-1-1-RELEASE:1.2 yamt-pagecache-base3:1.2 yamt-pagecache-base2:1.2 yamt-pagecache:1.2.0.24 yamt-pagecache-base:1.2 bouyer-quota2-nbase:1.2 bouyer-quota2:1.2.0.22 bouyer-quota2-base:1.2 matt-nb5-pq3:1.2.0.20 matt-nb5-pq3-base:1.2 netbsd-5-1:1.2.0.18 netbsd-5-1-RELEASE:1.2 netbsd-5-1-RC4:1.2 netbsd-5-1-RC3:1.2 netbsd-5-1-RC2:1.2 netbsd-5-1-RC1:1.2 netbsd-5-0-2-RELEASE:1.2 netbsd-5-0-1-RELEASE:1.2 jym-xensuspend-nbase:1.2 netbsd-5-0:1.2.0.16 netbsd-5-0-RELEASE:1.2 netbsd-5-0-RC4:1.2 netbsd-5-0-RC3:1.2 netbsd-5-0-RC2:1.2 jym-xensuspend:1.2.0.14 jym-xensuspend-base:1.2 netbsd-5-0-RC1:1.2 netbsd-5:1.2.0.12 netbsd-5-base:1.2 mjf-devfs2:1.2.0.10 mjf-devfs2-base:1.2 yamt-pf42-base4:1.2 yamt-pf42-base3:1.2 hpcarm-cleanup-nbase:1.2 yamt-pf42-base2:1.2 yamt-pf42:1.2.0.8 yamt-pf42-base:1.2 keiichi-mipv6:1.2.0.6 keiichi-mipv6-base:1.2 cube-autoconf:1.2.0.4 cube-autoconf-base:1.2 hpcarm-cleanup:1.2.0.2 hpcarm-cleanup-base:1.2 netbsd-1-5-PATCH003:1.1.1.1.2.1 netbsd-1-5-PATCH002:1.1.1.1.2.1 netbsd-1-5-PATCH001:1.1.1.1.2.1 krb4-1-0-5:1.1.1.2 netbsd-1-5-RELEASE:1.1.1.1.2.1 netbsd-1-5-BETA2:1.1.1.1.2.1 netbsd-1-5-BETA:1.1.1.1.2.1 netbsd-1-5-ALPHA2:1.1.1.1.2.1 minoura-xpg4dl:1.1.1.1.0.4 minoura-xpg4dl-base:1.1.1.1 netbsd-1-5:1.1.1.1.0.2 netbsd-1-5-base:1.1.1.1 v1-0-1-netbsd-cryptosrc-intl:1.1.1.1 KTH-KRB:1.1.1; locks; strict; comment @# @; 1.2 date 2000.06.20.22.00.16; author thorpej; state dead; branches; next 1.1; 1.1 date 2000.06.16.18.45.33; author thorpej; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2000.06.16.18.45.33; author thorpej; state Exp; branches 1.1.1.1.2.1 1.1.1.1.4.1; next 1.1.1.2; 1.1.1.2 date 2000.12.29.01.44.04; author assar; state Exp; branches; next ; 1.1.1.1.2.1 date 2000.06.21.04.10.10; author thorpej; state dead; branches; next ; 1.1.1.1.4.1 date 2000.06.16.18.45.33; author thorpej; state dead; branches; next 1.1.1.1.4.2; 1.1.1.1.4.2 date 2000.06.16.18.45.34; author thorpej; state Exp; branches; next ; desc @@ 1.2 log @Remove formatted manpages. @ text @ AACCLL__CCHHEECCKK((33)) MMIITT PPrroojjeecctt AAtthheennaa AACCLL__CCHHEECCKK((33)) KKeerrbbeerrooss VVeerrssiioonn 44..00 NNAAMMEE acl_canonicalize_principal, acl_check, acl_exact_match, acl_add, acl_delete, acl_initialize - Access control list routines SSYYNNOOPPSSIISS cccc <> --llaaccll --llkkrrbb ##iinncclluuddee <> aaccll__ccaannoonniiccaalliizzee__pprriinncciippaall((pprriinncciippaall,, bbuuff)) cchhaarr **pprriinncciippaall;; cchhaarr **bbuuff;; aaccll__cchheecckk((aaccll,, pprriinncciippaall)) cchhaarr **aaccll;; cchhaarr **pprriinncciippaall;; aaccll__eexxaacctt__mmaattcchh((aaccll,, pprriinncciippaall)) cchhaarr **aaccll;; cchhaarr **pprriinncciippaall;; aaccll__aadddd((aaccll,, pprriinncciippaall)) cchhaarr **aaccll;; cchhaarr **pprriinncciippaall;; aaccll__ddeelleettee((aaccll,, pprriinncciippaall)) cchhaarr **aaccll;; cchhaarr **pprriinncciippaall;; aaccll__iinniittiiaalliizzee((aaccll__ffiillee,, mmooddee)) cchhaarr **aaccll__ffiillee;; iinntt mmooddee;; DDEESSCCRRIIPPTTIIOONN IInnttrroodduuccttiioonn An access control list (ACL) is a list of principals, where each principal is represented by a text string which cannot contain whitespace. The library allows application programs to refer to named access control lists to test membership and to atomically add and delete principals using a natural and intuitive interface. At present, the names of access control lists are required to be Unix filenames, and refer to human-readable Unix files; in the future, when a networked ACL server is implemented, the names may refer to a different namespace specific to the ACL service. PPrriinncciippaall NNaammeess Principal names have the form [.][@@] e.g.: asp asp.root - 1 - Formatted: March 12, 2000 AACCLL__CCHHEECCKK((33)) MMIITT PPrroojjeecctt AAtthheennaa AACCLL__CCHHEECCKK((33)) KKeerrbbeerrooss VVeerrssiioonn 44..00 asp@@ATHENA.MIT.EDU asp.@@ATHENA.MIT.EDU asp.root@@ATHENA.MIT.EDU It is possible for principals to be underspecified. If an instance is missing, it is assumed to be "". If realm is missing, it is assumed to be the local realm as determined by _k_r_b___g_e_t___l_r_e_a_l_m(3). The canonical form contains all of name, instance, and realm; the acl_add and acl_delete routines will always leave the file in that form. Note that the canonical form of asp@@ATHENA.MIT.EDU is actually asp.@@ATHENA.MIT.EDU. RRoouuttiinneess _a_c_l___c_a_n_o_n_i_c_a_l_i_z_e___p_r_i_n_c_i_p_a_l stores the canonical form of _p_r_i_n_c_i_p_a_l in _b_u_f. _B_u_f must contain enough space to store a principal, given the limits on the sizes of name, instance, and realm specified as ANAME_SZ, INST_SZ, and REALM_SZ, respectively, in _/_u_s_r_/_i_n_c_l_u_d_e_/_k_r_b_._h. _a_c_l___c_h_e_c_k returns nonzero if _p_r_i_n_c_i_p_a_l appears in _a_c_l. Returns 0 if principal does not appear in acl, or if an error occurs. Canonicalizes principal before checking, and allows the ACL to contain wildcards. The only supported wildcards are entries of the form name.*@@realm, *.*@@realm, and *.*@@*. An asterisk matches any value for the its component field. For example, "jtkohl.*@@*" would match principal jtkohl, with any instance and any realm. _a_c_l___e_x_a_c_t___m_a_t_c_h performs like _a_c_l___c_h_e_c_k, but does no canonicalization or wildcard matching. _a_c_l___a_d_d atomically adds _p_r_i_n_c_i_p_a_l to _a_c_l. Returns 0 if successful, nonzero otherwise. It is considered a failure if _p_r_i_n_c_i_p_a_l is already in _a_c_l. This routine will canonicalize _p_r_i_n_c_i_p_a_l, but will treat wildcards literally. _a_c_l___d_e_l_e_t_e atomically deletes _p_r_i_n_c_i_p_a_l from _a_c_l. Returns 0 if successful, nonzero otherwise. It is considered a failure if _p_r_i_n_c_i_p_a_l is not already in _a_c_l. This routine will canonicalize _p_r_i_n_c_i_p_a_l, but will treat wildcards literally. _a_c_l___i_n_i_t_i_a_l_i_z_e initializes _a_c_l___f_i_l_e. If the file _a_c_l___f_i_l_e does not exist, _a_c_l___i_n_i_t_i_a_l_i_z_e creates it with mode _m_o_d_e. If the file _a_c_l___f_i_l_e exists, _a_c_l___i_n_i_t_i_a_l_i_z_e removes all members. Returns 0 if successful, nonzero otherwise. WARNING: Mode argument is likely to change with the eventual introduction of an ACL service. NNOOTTEESS In the presence of concurrency, there is a very small chance that _a_c_l___a_d_d or _a_c_l___d_e_l_e_t_e could report success even though it would have had no effect. This is a necessary side effect of using lock files for concurrency control rather than flock(2), which is not supported by NFS. - 2 - Formatted: March 12, 2000 AACCLL__CCHHEECCKK((33)) MMIITT PPrroojjeecctt AAtthheennaa AACCLL__CCHHEECCKK((33)) KKeerrbbeerrooss VVeerrssiioonn 44..00 The current implementation caches ACLs in memory in a hash-table format for increased efficiency in checking membership; one effect of the caching scheme is that one file descriptor will be kept open for each ACL cached, up to a maximum of 8. SSEEEE AALLSSOO kerberos(3), krb_get_lrealm(3) AAUUTTHHOORR James Aspnes (MIT Project Athena) - 3 - Formatted: March 12, 2000 @ 1.1 log @Initial revision @ text @@ 1.1.1.1 log @Import KTH Kerberos 4 from cryptosrc-intl. @ text @@ 1.1.1.1.4.1 log @file acl_check.cat3 was added on branch minoura-xpg4dl on 2000-06-16 18:45:34 +0000 @ text @d1 198 @ 1.1.1.1.4.2 log @Import KTH Kerberos 4 from cryptosrc-intl. @ text @a0 198 AACCLL__CCHHEECCKK((33)) MMIITT PPrroojjeecctt AAtthheennaa AACCLL__CCHHEECCKK((33)) KKeerrbbeerrooss VVeerrssiioonn 44..00 NNAAMMEE acl_canonicalize_principal, acl_check, acl_exact_match, acl_add, acl_delete, acl_initialize - Access control list routines SSYYNNOOPPSSIISS cccc <> --llaaccll --llkkrrbb ##iinncclluuddee <> aaccll__ccaannoonniiccaalliizzee__pprriinncciippaall((pprriinncciippaall,, bbuuff)) cchhaarr **pprriinncciippaall;; cchhaarr **bbuuff;; aaccll__cchheecckk((aaccll,, pprriinncciippaall)) cchhaarr **aaccll;; cchhaarr **pprriinncciippaall;; aaccll__eexxaacctt__mmaattcchh((aaccll,, pprriinncciippaall)) cchhaarr **aaccll;; cchhaarr **pprriinncciippaall;; aaccll__aadddd((aaccll,, pprriinncciippaall)) cchhaarr **aaccll;; cchhaarr **pprriinncciippaall;; aaccll__ddeelleettee((aaccll,, pprriinncciippaall)) cchhaarr **aaccll;; cchhaarr **pprriinncciippaall;; aaccll__iinniittiiaalliizzee((aaccll__ffiillee,, mmooddee)) cchhaarr **aaccll__ffiillee;; iinntt mmooddee;; DDEESSCCRRIIPPTTIIOONN IInnttrroodduuccttiioonn An access control list (ACL) is a list of principals, where each principal is represented by a text string which cannot contain whitespace. The library allows application programs to refer to named access control lists to test membership and to atomically add and delete principals using a natural and intuitive interface. At present, the names of access control lists are required to be Unix filenames, and refer to human-readable Unix files; in the future, when a networked ACL server is implemented, the names may refer to a different namespace specific to the ACL service. PPrriinncciippaall NNaammeess Principal names have the form [.][@@] e.g.: asp asp.root - 1 - Formatted: March 12, 2000 AACCLL__CCHHEECCKK((33)) MMIITT PPrroojjeecctt AAtthheennaa AACCLL__CCHHEECCKK((33)) KKeerrbbeerrooss VVeerrssiioonn 44..00 asp@@ATHENA.MIT.EDU asp.@@ATHENA.MIT.EDU asp.root@@ATHENA.MIT.EDU It is possible for principals to be underspecified. If an instance is missing, it is assumed to be "". If realm is missing, it is assumed to be the local realm as determined by _k_r_b___g_e_t___l_r_e_a_l_m(3). The canonical form contains all of name, instance, and realm; the acl_add and acl_delete routines will always leave the file in that form. Note that the canonical form of asp@@ATHENA.MIT.EDU is actually asp.@@ATHENA.MIT.EDU. RRoouuttiinneess _a_c_l___c_a_n_o_n_i_c_a_l_i_z_e___p_r_i_n_c_i_p_a_l stores the canonical form of _p_r_i_n_c_i_p_a_l in _b_u_f. _B_u_f must contain enough space to store a principal, given the limits on the sizes of name, instance, and realm specified as ANAME_SZ, INST_SZ, and REALM_SZ, respectively, in _/_u_s_r_/_i_n_c_l_u_d_e_/_k_r_b_._h. _a_c_l___c_h_e_c_k returns nonzero if _p_r_i_n_c_i_p_a_l appears in _a_c_l. Returns 0 if principal does not appear in acl, or if an error occurs. Canonicalizes principal before checking, and allows the ACL to contain wildcards. The only supported wildcards are entries of the form name.*@@realm, *.*@@realm, and *.*@@*. An asterisk matches any value for the its component field. For example, "jtkohl.*@@*" would match principal jtkohl, with any instance and any realm. _a_c_l___e_x_a_c_t___m_a_t_c_h performs like _a_c_l___c_h_e_c_k, but does no canonicalization or wildcard matching. _a_c_l___a_d_d atomically adds _p_r_i_n_c_i_p_a_l to _a_c_l. Returns 0 if successful, nonzero otherwise. It is considered a failure if _p_r_i_n_c_i_p_a_l is already in _a_c_l. This routine will canonicalize _p_r_i_n_c_i_p_a_l, but will treat wildcards literally. _a_c_l___d_e_l_e_t_e atomically deletes _p_r_i_n_c_i_p_a_l from _a_c_l. Returns 0 if successful, nonzero otherwise. It is considered a failure if _p_r_i_n_c_i_p_a_l is not already in _a_c_l. This routine will canonicalize _p_r_i_n_c_i_p_a_l, but will treat wildcards literally. _a_c_l___i_n_i_t_i_a_l_i_z_e initializes _a_c_l___f_i_l_e. If the file _a_c_l___f_i_l_e does not exist, _a_c_l___i_n_i_t_i_a_l_i_z_e creates it with mode _m_o_d_e. If the file _a_c_l___f_i_l_e exists, _a_c_l___i_n_i_t_i_a_l_i_z_e removes all members. Returns 0 if successful, nonzero otherwise. WARNING: Mode argument is likely to change with the eventual introduction of an ACL service. NNOOTTEESS In the presence of concurrency, there is a very small chance that _a_c_l___a_d_d or _a_c_l___d_e_l_e_t_e could report success even though it would have had no effect. This is a necessary side effect of using lock files for concurrency control rather than flock(2), which is not supported by NFS. - 2 - Formatted: March 12, 2000 AACCLL__CCHHEECCKK((33)) MMIITT PPrroojjeecctt AAtthheennaa AACCLL__CCHHEECCKK((33)) KKeerrbbeerrooss VVeerrssiioonn 44..00 The current implementation caches ACLs in memory in a hash-table format for increased efficiency in checking membership; one effect of the caching scheme is that one file descriptor will be kept open for each ACL cached, up to a maximum of 8. SSEEEE AALLSSOO kerberos(3), krb_get_lrealm(3) AAUUTTHHOORR James Aspnes (MIT Project Athena) - 3 - Formatted: March 12, 2000 @ 1.1.1.2 log @import krb4-1.0.5 @ text @d63 1 a63 1 - 1 - Formatted: December 28, 19100 d129 1 a129 1 - 2 - Formatted: December 28, 19100 d195 1 a195 1 - 3 - Formatted: December 28, 19100 @ 1.1.1.1.2.1 log @Remove formatted manpages [frrom trunk]. @ text @@