1.\" Copyright (c) 2004, 2006 Kungliga Tekniska Högskolan
2.\" (Royal Institute of Technology, Stockholm, Sweden).
3.\" All rights reserved.
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\"
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\"
12.\" 2. Redistributions in binary form must reproduce the above copyright
13.\"    notice, this list of conditions and the following disclaimer in the
14.\"    documentation and/or other materials provided with the distribution.
15.\"
16.\" 3. Neither the name of the Institute nor the names of its contributors
17.\"    may be used to endorse or promote products derived from this software
18.\"    without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" $Id$
33.\"
34.Dd May 12, 2006
35.Dt KRB5_ACL_MATCH_FILE 3
36.Os HEIMDAL
37.Sh NAME
38.Nm krb5_acl_match_file ,
39.Nm krb5_acl_match_string
40.Nd ACL matching functions
41.Sh LIBRARY
42Kerberos 5 Library (libkrb5, -lkrb5)
43.Sh SYNOPSIS
44.Ft krb5_error_code
45.Fo krb5_acl_match_file
46.Fa "krb5_context context"
47.Fa "const char *file"
48.Fa "const char *format"
49.Fa "..."
50.Fc
51.Ft krb5_error_code
52.Fo krb5_acl_match_string
53.Fa "krb5_context context"
54.Fa "const char *string"
55.Fa "const char *format"
56.Fa "..."
57.Fc
58.Sh DESCRIPTION
59.Nm krb5_acl_match_file
60matches ACL format against each line in a file.
61Lines starting with # are treated like comments and ignored.
62.Pp
63.Nm krb5_acl_match_string
64matches ACL format against a string.
65.Pp
66The ACL format has three format specifiers: s, f, and r.
67Each specifier will retrieve one argument from the variable arguments
68for either matching or storing data.
69The input string is split up using " " and "\et" as a delimiter; multiple
70" " and "\et" in a row are considered to be the same.
71.Pp
72.Bl -tag -width "fXX" -offset indent
73.It s
74Matches a string using
75.Xr strcmp 3
76(case sensitive).
77.It f
78Matches the string with
79.Xr fnmatch 3 .
80The
81.Fa flags
82argument (the last argument) passed to the fnmatch function is 0.
83.It r
84Returns a copy of the string in the char ** passed in; the copy must be
85freed with
86.Xr free 3 .
87There is no need to
88.Xr free 3
89the string on error: the function will clean up and set the pointer to
90.Dv NULL .
91.El
92.Pp
93All unknown format specifiers cause an error.
94.Sh EXAMPLES
95.Bd -literal -offset indent
96char *s;
97
98ret = krb5_acl_match_string(context, "foo", "s", "foo");
99if (ret)
100    krb5_errx(context, 1, "acl didn't match");
101ret = krb5_acl_match_string(context, "foo foo baz/kaka",
102    "ss", "foo", &s, "foo/*");
103if (ret) {
104    /* no need to free(s) on error */
105    assert(s == NULL);
106    krb5_errx(context, 1, "acl didn't match");
107}
108free(s);
109.Ed
110.Sh SEE ALSO
111.Xr krb5 3
112