siad_get_groups(3)siad_get_groups(3)NAMEsiad_get_groups - mechanism-specific routine called from sia_get_groups
to fill in a user's supplementary groups for SIA (Security Integration
Architecture)
SYNOPSIS
#include <sia.h> #include <siad.h>
int siad_get_groups(
struct sia_context *context,
const char *username,
gid_t *buffer,
int *ngroups,
int maxgroups );
LIBRARY
Standard C library (libc.so and libc.a)
PARAMETERS
A thread-specific allocation context, shared with other group-related
calls such as siad_getgrent. The name of the user whose supplementary
group list is desired. Pointer to storage for the list of groups. It
may already have some entries in it, depending on the incoming value of
ngroups. The number of slots in the buffer which are used. Read on
input, and updated as groups are added by each mechanism. The maximum
number of secondary groups for which buf has storage allocated. It is
not an error to have ngroups equal to maxgroups, but if another
(unique) group is found beyond that limit, the routine is expected to
return SIADFAIL|SIADSTOP to halt any further scan for additional group
information.
DESCRIPTION
This routine is responsible for ensuring that any group it adds to the
list of GIDs found is not a duplicate.
__sia_isagroup(3) is provided specifically to make that determination
simpler for the mechanism developer. It is not responsible for calling
the mechanism-specific siad_setgrent() routine, since sia_get_groups()
makes that call. The sia_get_groups() routine will also make the call
to the siad_endgrent() routine.
This routine, unlike most of the SIA mechanism-dependent routines, is
optional. If it is not provided, sia_get_groups() will use the mecha‐
nism's siad_getgrent() routine instead. This routine is provided by
mechanisms which have a faster method for finding the groups for a user
than doing a simple getgrent() loop.
RETURN VALUES
This routine should only return failure as described above or if the
mechanism encounters an initialization error that prevents scanning for
group information. In particular, it is not an error for a given mech‐
anism to find no groups for a user.
This routine returns SIADSUCCESS if group scanning was possible and the
group list did not need additional storage. It returns SIADFAIL|SIAD‐
STOP if the group list did need more than maxgroups entries. It
returns SIADFAIL if the mechanism is unable to scan for groups at all.
SEE ALSOsia_get_groups(3), siad_setgrent(3), siad_getgrent(3), siad_end‐
grent(3), matrix.conf(4)
Security
siad_get_groups(3)