manpagez: man pages & more
man mbr_check_membership(3)
Home | html | info | man
mbr_check_membership(3)  BSD Library Functions Manual  mbr_check_membership(3)


NAME

     mbr_check_membership, mbr_check_service_membership -- check whether a
     user is a member of a group or service ACL


SYNOPSIS

     #include <membership.h>

     int
     mbr_check_membership(uuid_t user, uuid_t group, int *ismember);

     int
     mbr_check_service_membership(uuid_t user, const char *service,
         int *ismember);


DESCRIPTION

     mbr_check_membership() tests if a given user is a member of a group
     (either direct or indirect via a nested group).  ismember is set to 1 if
     the user is a member or 0 if not a member of the group.
     mbr_check_service_membership() similarly tests if a given user is a mem-
     ber of a service ACL group.  Service ACLs are special groups defined with
     the prefix "com.apple.access_".  The service is then prefixed (e.g.,
     "afp" would check "com.apple.access_afp").  There is a special group that
     grants accessto all services called "com.apple.access_all_services".

     Users may belong to any number of groups.  mbr_check_membership() should
     always be used to check group membership, rather than calling
     getgroups(2) or getgrouplist(2).  The setgroups(2) and getgroups(2) rou-
     tines are limited to a fixed number of gids, and so may not include all
     of a user's groups.

     There are two special cases.  If the two uuids are equal, then ismember
     is set to 1.  If the group uuid is equal to the reserved "everyone" uuid
     (ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C), then ismember will be set to 1
     for any valid user.

     Group membership information is managed by opendirectoryd(8).


RETURN VALUES

     mbr_check_membership() does not test whether group exists or not.  Query-
     ing membership for a nonexistent group will result in ismember being set
     to 0.  The function returns 0 on success or one of the following error
     codes on failure:

     [EIO]              Communication with openditectoryd(8) failed.

     [ENOENT]           user can not be found.

     mbr_check_service_membership() is identical to mbr_check_membership()
     except that ENOENT means no service ACL has been defined.


SEE ALSO

     odutil(1), setgroups(2), getgroups(2), mbr_uid_to_uuid(3),
     opendirectoryd(8)

Mac OS X                       November 5, 2011                       Mac OS X

Mac OS X 10.8 - Generated Sat Aug 25 18:33:18 CDT 2012
© manpagez.com 2000-2024
Individual documents may contain additional copyright information.