Skip Navigation Links | |
Exit Print View | |
man pages section 3: Networking Library Functions Oracle Solaris 10 1/13 Information Library |
gss_create_empty_oid_set(3GSS)
gss_inquire_cred_by_mech(3GSS)
gss_inquire_mechs_for_name(3GSS)
gss_inquire_names_for_mech(3GSS)
gss_process_context_token(3GSS)
ldap_enable_translation(3LDAP)
ldap_get_entry_controls(3LDAP)
ldap_get_lang_values_len(3LDAP)
ldap_init_getfilter_buf(3LDAP)
ldap_init_searchprefs_buf(3LDAP)
ldap_init_templates_buf(3LDAP)
ldap_parse_extended_result(3LDAP)
ldap_parse_sasl_bind_result(3LDAP)
ldap_sasl_interactive_bind_s(3LDAP)
ldap_set_string_translators(3LDAP)
ldap_translate_from_t61(3LDAP)
rpc_gss_get_principal_name(3NSL)
rpc_gss_svc_max_data_length(3NSL)
sasl_auxprop_add_plugin(3SASL)
sasl_canonuser_add_plugin(3SASL)
sasl_client_plug_init_t(3SASL)
sasl_server_plug_init_t(3SASL)
sasl_server_userdb_checkpass_t(3SASL)
sasl_server_userdb_setpass_t(3SASL)
sdp_add_connection(3COMMPUTIL)
sdp_add_information(3COMMPUTIL)
sdp_delete_all_field(3COMMPUTIL)
sdp_delete_all_media_field(3COMMPUTIL)
sdp_delete_attribute(3COMMPUTIL)
sdp_find_attribute(3COMMPUTIL)
sdp_find_media_rtpmap(3COMMPUTIL)
sdp_session_to_str(3COMMPUTIL)
sip_delete_header_by_name(3SIP)
sip_disable_dialog_logging(3SIP)
sip_disable_trans_logging(3SIP)
sip_enable_dialog_logging(3SIP)
sip_enable_trans_logging(3SIP)
sip_get_contact_display_name(3SIP)
sip_get_content_sub_type(3SIP)
sip_get_dialog_local_contact_uri(3SIP)
sip_get_dialog_local_cseq(3SIP)
sip_get_dialog_local_tag(3SIP)
sip_get_dialog_local_uri(3SIP)
sip_get_dialog_remote_cseq(3SIP)
sip_get_dialog_remote_tag(3SIP)
sip_get_dialog_remote_target_uri(3SIP)
sip_get_dialog_remote_uri(3SIP)
sip_get_dialog_route_set(3SIP)
sip_get_from_display_name(3SIP)
sip_get_passertedid_display_name(3SIP)
sip_get_passertedid_uri_str(3SIP)
sip_get_ppreferredid_display_name(3SIP)
sip_get_ppreferredid_uri_str(3SIP)
sip_get_proxy_authen_param(3SIP)
sip_get_proxy_authen_scheme(3SIP)
sip_get_proxy_author_param(3SIP)
sip_get_proxy_author_scheme(3SIP)
sip_get_replyto_display_name(3SIP)
sip_get_retry_after_cmts(3SIP)
sip_get_retry_after_time(3SIP)
sip_get_route_display_name(3SIP)
sip_get_via_sent_by_host(3SIP)
sip_get_via_sent_by_port(3SIP)
sip_get_via_sent_protocol_name(3SIP)
sip_get_via_sent_protocol_version(3SIP)
sip_get_via_sent_transport(3SIP)
sip_get_www_authen_param(3SIP)
sip_get_www_authen_scheme(3SIP)
- NIS+ group manipulation functions
cc [ flag ... ] file ... -lnsl [ library ... ] #include <rpcsvc/nis.h> bool_t nis_ismember(nis_name principal, nis_name group);
nis_error nis_addmember(nis_name member, nis_name group);
nis_error nis_removemember(nis_name member, nis_name group);
nis_error nis_creategroup(nis_name group, uint_t flags);
nis_error nis_destroygroup(nis_name group);
void nis_print_group_entry(nis_name group);
nis_error nis_verifygroup(nis_name group);
These functions manipulate NIS+ groups. They are used by NIS+ clients and servers, and are the interfaces to the group authorization object.
The names of NIS+ groups are syntactically similar to names of NIS+ objects but they occupy a separate namespace. A group named “a.b.c.d.” is represented by a NIS+ group object named “a.groups_dir.b.c.d.”; the functions described here all expect the name of the group, not the name of the corresponding group object.
There are three types of group members:
An explicit member is just a NIS+ principal-name, for example “wickedwitch.west.oz.”
An implicit (“domain”) member, written “*.west.oz.”, means that all principals in the given domain belong to this member. No other forms of wildcarding are allowed: “wickedwitch.*.oz.” is invalid, as is “wickedwitch.west.*.”. Note that principals in subdomains of the given domain are not included.
A recursive (“group”) member, written “@cowards.oz.”, refers to another group. All principals that belong to that group are considered to belong here.
Any member may be made negative by prefixing it with a minus sign ('-'). A group may thus contain explicit, implicit, recursive, negative explicit, negative implicit, and negative recursive members.
A principal is considered to belong to a group if it belongs to at least one non-negative group member of the group and belongs to no negative group members.
The nis_ismember() function returns TRUE if it can establish that principal belongs to group; otherwise it returns FALSE.
The nis_addmember() and nis_removemember() functions add or remove a member. They do not check whether the member is valid. The user must have read and modify rights for the group in question.
The nis_creategroup() and nis_destroygroup() functions create and destroy group objects. The user must have create or destroy rights, respectively, for the groups_dir directory in the appropriate domain. The parameter flags to nis_creategroup() is currently unused and should be set to zero.
The nis_print_group_entry() function lists a group's members on the standard output.
The nis_verifygroup() function returns NIS_SUCCESS if the given group exists, otherwise it returns an error code.
These functions only accept fully-qualified NIS+ names.
A group is represented by a NIS+ object with a variant part that is defined in the group_obj structure. See nis_objects(3NSL). It contains the following fields:
uint_t gr_flags; /* Interpretation Flags (currently unused) */ struct { uint_t gr_members_len; nis_name *gr_members_val; } gr_members; /* Array of members */
NIS+ servers and clients maintain a local cache of expanded groups to enhance their performance when checking for group membership. Should the membership of a group change, servers and clients with that group cached will not see the change until either the group cache has expired or it is explicitly flushed. A server's cache may be flushed programmatically by calling the nis_servstate() function with tag TAG_GCACHE and a value of 1.
There are currently no known methods for nis_ismember(), nis_print_group_entry(), and nis_verifygroup() to get their answers from only the master server.
Example 1 Simple Memberships
Given a group sadsouls.oz. with members tinman.oz., lion.oz., and scarecrow.oz., the function call
bool_var = nis_ismember("lion.oz.", "sadsouls.oz.");
will return 1 (TRUE) and the function call
bool_var = nis_ismember("toto.oz.", "sadsouls.oz.");
will return 0 (FALSE).
Example 2 Implicit Memberships
Given a group baddies.oz., with members wickedwitch.west.oz. and *.monkeys.west.oz., the function call bool_var = nis_ismember("hogan.monkeys.west.oz.", "baddies.oz."); will return 1 (TRUE) because any principal from the monkeys.west.oz. domain belongs to the implicit group *.monkeys.west.oz., but the function call
bool_var = nis_ismember("hogan.big.monkeys.west.oz.", "baddies.oz.");
will return 0 (FALSE).
Example 3 Recursive Memberships
Given a group goodandbad.oz., with members toto.kansas, @sadsouls.oz., and @baddies.oz., and the groups sadsouls.oz. and baddies.oz. defined above, the function call
bool_var = nis_ismember("wickedwitch.west.oz.", "goodandbad.oz.");
will return 1 (TRUE), because wickedwitch.west.oz. is a member of the baddies.oz. group which is recursively included in the goodandbad.oz. group.
See attributes(5) for descriptions of the following attributes:
|
nisgrpadm(1), nis_objects(3NSL), attributes(5)
NIS+ might not be supported in future releases of the Solaris operating system. Tools to aid the migration from NIS+ to LDAP are available in the current Solaris release. For more information, visit http://www.sun.com/directory/nisplus/transition.html.