NAME    [Toc]    [Back]

       siad_get_groups  -  mechanism-specific routine called from
       sia_get_groups to fill in a  user's  supplementary  groups
       for SIA (Security Integration Architecture)

SYNOPSIS    [Toc]    [Back]

       #include <sia.h> #include <siad.h>

       int siad_get_groups(
               struct sia_context *context,
               const char *username,
               gid_t *buffer,
               int *ngroups,
               int maxgroups );

LIBRARY    [Toc]    [Back]

       Standard C library (libc.so and libc.a)

PARAMETERS    [Toc]    [Back]

       A  thread-specific  allocation  context, shared with other
       group-related calls such as siad_getgrent.   The  name  of
       the  user  whose  supplementary  group  list  is  desired.
       Pointer to storage for the list of groups.  It may already
       have  some  entries in it, depending on the incoming value
       of ngroups.  The number of slots in the buffer  which  are
       used.   Read  on input, and updated as groups are added by
       each mechanism.  The maximum number  of  secondary  groups
       for  which  buf has storage allocated.  It is not an error
       to  have  ngroups  equal  to  maxgroups,  but  if  another
       (unique)  group is found beyond that limit, the routine is
       expected to return SIADFAIL|SIADSTOP to halt  any  further
       scan for additional group information.

DESCRIPTION    [Toc]    [Back]

       This routine is responsible for ensuring that any group it
       adds to the list of GIDs found is not a duplicate.

       __sia_isagroup(3) is provided specifically  to  make  that
       determination  simpler for the mechanism developer.  It is
       not  responsible  for   calling   the   mechanism-specific
       siad_setgrent() routine, since sia_get_groups() makes that
       call.  The sia_get_groups() routine  will  also  make  the
       call to the siad_endgrent() routine.

       This  routine,  unlike most of the SIA mechanism-dependent
       routines,  is  optional.    If   it   is   not   provided,
       sia_get_groups()  will use the mechanism's siad_getgrent()
       routine instead.  This routine is provided  by  mechanisms
       which  have  a  faster method for finding the groups for a
       user than doing a simple getgrent() loop.

RETURN VALUES    [Toc]    [Back]

       This routine should only return failure as described above
       or  if  the  mechanism  encounters an initialization error
       that prevents scanning for group information.  In particular,
  it  is not an error for a given mechanism to find no
       groups for a user.

       This routine returns SIADSUCCESS  if  group  scanning  was
       possible  and the group list did not need additional storage.
  It returns SIADFAIL|SIADSTOP if the group  list  did
       need  more than maxgroups entries.  It returns SIADFAIL if
       the mechanism is unable to scan for groups at all.

SEE ALSO    [Toc]    [Back]

       sia_get_groups(3),   siad_setgrent(3),   siad_getgrent(3),
       siad_endgrent(3), matrix.conf(4)

       Security



                                               siad_get_groups(3)