Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

mbr_check_service_membership(3) [osx man page]

MBR_CHECK_MEMBERSHIP(3) 				   BSD Library Functions Manual 				   MBR_CHECK_MEMBERSHIP(3)

mbr_check_membership, mbr_check_service_membership -- check whether a user is a member of a group or service ACL SYNOPSIS
#include <membership.h> int mbr_check_membership(uuid_t user, uuid_t group, int *ismember); int mbr_check_service_membership(uuid_t user, const char *service, int *ismember); DESCRIPTION
mbr_check_membership() tests if a given user is a member of a group (either direct or indirect via a nested group). ismember is set to 1 if the user is a member or 0 if not a member of the group. mbr_check_service_membership() similarly tests if a given user is a member of a ser- vice ACL group. Service ACLs are special groups defined with the prefix "". The service is then prefixed (e.g., "afp" would check ""). There is a special group that grants accessto all services called "". Users may belong to any number of groups. mbr_check_membership() should always be used to check group membership, rather than calling getgroups(2) or getgrouplist(2). The setgroups(2) and getgroups(2) routines are limited to a fixed number of gids, and so may not include all of a user's groups. There are two special cases. If the two uuids are equal, then ismember is set to 1. If the group uuid is equal to the reserved "everyone" uuid (ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C), then ismember will be set to 1 for any valid user. Group membership information is managed by opendirectoryd(8). RETURN VALUES
mbr_check_membership() does not test whether group exists or not. Querying membership for a nonexistent group will result in ismember being set to 0. The function returns 0 on success or one of the following error codes on failure: [EIO] Communication with openditectoryd(8) failed. [ENOENT] user can not be found. mbr_check_service_membership() is identical to mbr_check_membership() except that ENOENT means no service ACL has been defined. SEE ALSO
odutil(1), setgroups(2), getgroups(2), mbr_uid_to_uuid(3), opendirectoryd(8) Mac OS X November 5, 2011 Mac OS X

Check Out this Related Man Page

MBR_UID_TO_UUID(3)					   BSD Library Functions Manual 					MBR_UID_TO_UUID(3)

mbr_uid_to_uuid, mbr_gid_to_uuid, mbr_uuid_to_id, mbr_sid_to_uuid, mbr_uuid_to_sid -- user and group identifier translation functions SYNOPSIS
#include <membership.h> int mbr_uid_to_uuid(uid_t id, uuid_t uu); int mbr_gid_to_uuid(gid_t id, uuid_t uu); int mbr_uuid_to_id(const uuid_t uu, uid_t *id, int *id_type); int mbr_sid_to_uuid(const nt_sid_t *sid, uuid_t uu); int mbr_uuid_to_sid(const uuid_t uu, nt_sid_t *sid); int mbr_sid_to_string(const nt_sid_t *sid, char *string); int mbr_string_to_sid(const char *string, nt_sid_t *sid); DESCRIPTION
Users and groups can be referred to in multiple ways. In addition to the traditional uid and gid, every user or group can be referenced by a 128 bit uuid. Additionally, if the user or group is hosted on a PDC or Active Directory server, it will have a 128 bit or larger sid. These routines communicate with opendirectoryd(8). mbr_uid_to_uuid() takes a uid and looks up the associated user account. It provides the the uuid for that user as an output parameter. Note that this routine will succeed and return a fabricated uuid if the input user uid does not exist. getpwuid() should be used to test for the existence of a uid. mbr_gid_to_uuid() similarly gets the uuid associated with a group. Note that this routine will succeed and return a fabricated uuid if the input group gid does not exist. getgrgid() should be used to test for the existence of a gid. mbr_uuid_to_id() takes a uuid that refers to a user or group and fetches the corresponding uid or gid. id_type is set to ID_TYPE_UID or ID_TYPE_GID to indicate which type was found. Note that mbr_uuid_to_id() always returns an id even if the uuid is not found. This returned id is not persistent, but can be used to map back to the uuid during runtime. To determine if the uuid exists, the returned id can be used in a call to getpwuid(3) or getgrgid(3). mbr_sid_to_uuid() takes a sid and returns the associated uuid. mbr_uuid_to_sid() returns a sid for the associated uuid. Two additional utility functions are available to convert between sids and a string representation. String representations may be required, for example, when text files or XML files are used to save sid values. mbr_sid_to_string() converts a sid into a string representation. The string parameter must be a buffer of at least 194 characters. The con- verted string is terminated with a nul character. mbr_string_to_sid() converts an external string representation into a sid. RETURN VALUES
These functions return 0 on success or one of the following error codes on failure: [EIO] Communication with opendirectoryd(8) failed. [ENOENT] The mapping can not be performed. [EAUTH] Communication with opendirectoryd(8) failed due to an authentication error. [EINVAL] Invalid arguments were provided. [ENOMEM] Insufficient storage space is available. mbr_gid_to_uuid() and mbr_uid_to_uuid() return 0 (success), even if the user/group does not exist. SEE ALSO
getpwuid(3), getgrgid(3), mbr_check_membership(3), opendirectoryd(8) Mac OS X October 10, 2011 Mac OS X
Man Page