NAME¶
krb5_acl_match_file
,
krb5_acl_match_string
—
ACL matching functions
LIBRARY¶
Kerberos 5 Library (libkrb5, -lkrb5)
SYNOPSIS¶
krb5_error_code
krb5_acl_match_file
(
krb5_context
context,
const char *file,
const char *format,
...);
krb5_error_code
krb5_acl_match_string
(
krb5_context
context,
const char *string,
const char *format,
...);
DESCRIPTION¶
krb5_acl_match_file
matches ACL format
against each line in a file. Lines starting with # are treated like comments
and ignored.
krb5_acl_match_string
matches ACL format
against a string.
The ACL format has three format specifiers: s, f, and r. Each specifier will
retrieve one argument from the variable arguments for either matching or
storing data. The input string is split up using " " and
"\t" as a delimiter; multiple " " and "\t" in a
row are considered to be the same.
- s
- Matches a string using strcmp(3) (case
sensitive).
- f
- Matches the string with fnmatch(3). The
flags argument (the last argument) passed
to the fnmatch function is 0.
- r
- Returns a copy of the string in the char ** passed in; the copy must be
freed with free(3). There is no need to
free(3) the string on error: the function
will clean up and set the pointer to
NULL
.
All unknown format specifiers cause an error.
EXAMPLES¶
char *s;
ret = krb5_acl_match_string(context, "foo", "s", "foo");
if (ret)
krb5_errx(context, 1, "acl didn't match");
ret = krb5_acl_match_string(context, "foo foo baz/kaka",
"ss", "foo", &s, "foo/*");
if (ret) {
/* no need to free(s) on error */
assert(s == NULL);
krb5_errx(context, 1, "acl didn't match");
}
free(s);
SEE ALSO¶
krb5(3)