PROTOTYPE ACL LIBRARY Introduction An access control list (ACL) is a list of principals, where each principal is is represented by a text string which cannot contain whitespace. The library allows application programs to refer to named access control lists to test membership and to atomically add and delete principals using a natural and intuitive interface. At present, the names of access control lists are required to be Unix filenames, and refer to human-readable Unix files; in the future, when a networked ACL server is implemented, the names may refer to a different namespace specific to the ACL service. Usage cc <files> -lacl -lkrb. Principal Names Principal names have the form <name>[.<instance>][@<realm>] e.g. asp asp.root asp@ATHENA.MIT.EDU asp.@ATHENA.MIT.EDU asp.root@ATHENA.MIT.EDU It is possible for principals to be underspecified. If instance is missing, it is assumed to be "". If realm is missing, it is assumed to be local_realm. The canonical form contains all of name, instance, and realm; the acl_add and acl_delete routines will always leave the file in that form. Note that the canonical form of asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU. Routines acl_canonicalize_principal(principal, buf) char *principal; char *buf; /*RETVAL*/ Store the canonical form of principal in buf. Buf must contain enough space to store a principal, given the limits on the sizes of name, instance, and realm specified in /usr/include/krb.h. acl_check(acl, principal) char *acl; char *principal; Returns nonzero if principal appears in acl. Returns 0 if principal does not appear in acl, or if an error occurs. Canonicalizes principal before checking, and allows the ACL to contain wildcards. acl_exact_match(acl, principal) char *acl; char *principal; Like acl_check, but does no canonicalization or wildcarding. acl_add(acl, principal) char *acl; char *principal; Atomically adds principal to acl. Returns 0 if successful, nonzero otherwise. It is considered a failure if principal is already in acl. This routine will canonicalize principal, but will treat wildcards literally. acl_delete(acl, principal) char *acl; char *principal; Atomically deletes principal from acl. Returns 0 if successful, nonzero otherwise. It is consider a failure if principal is not already in acl. This routine will canonicalize principal, but will treat wildcards literally. acl_initialize(acl, mode) char *acl; int mode; Initialize acl. If acl file does not exist, creates it with mode mode. If acl exists, removes all members. Returns 0 if successful, nonzero otherwise. WARNING: Mode argument is likely to change with the eventual introduction of an ACL service. Known problems In the presence of concurrency, there is a very small chance that acl_add or acl_delete could report success even though it would have had no effect. This is a necessary side effect of using lock files for concurrency control rather than flock(2), which is not supported by NFS. The current implementation caches ACLs in memory in a hash-table format for increased efficiency in checking membership; one effect of the caching scheme is that one file descriptor will be kept open for each ACL cached, up to a maximum of 8.