siad_get_groups - mechanism-specific routine called from sia_get_groups to fill in a user's supplementary groups for SIA (Security Integration Architecture)
Standard C library (libc.so and libc.a)
int siad_get_groups( struct sia_context *context const char *username gid_t *buffer int *ngroups int maxgroups)
A thread-specific allocation context, shared with other group-related calls such as siad_getgrent. The name of the user whose supplementary group list is desired. Pointer to storage for the list of groups. It may already have some entries in it, depending on the incoming value of ngroups. The number of slots in the buffer which are used. Read on input, and updated as groups are added by each mechanism. The maximum number of secondary groups for which buf has storage allocated. It is not an error to have ngroups equal to maxgroups, but if another (unique) group is found beyond that limit, the routine is expected to return SIADFAIL|SIADSTOP to halt any further scan for additional group information.
This routine is responsible for ensuring that any group it adds to the list of GIDs found is not a duplicate. __sia_isagroup(3) is provided specifically to make that determination simpler for the mechanism developer. It is not responsible for calling the mechanism-specific siad_setgrent() routine, since sia_get_groups() makes that call. The sia_get_groups() routine will also make the call to the siad_endgrent() routine.
This routine, unlike most of the SIA mechanism-dependent routines, is optional. If it is not provided, sia_get_groups() will use the mechanism's siad_getgrent() routine instead. This routine is provided by mechanisms which have a faster method for finding the groups for a user than doing a simple getgrent() loop.
This routine should only return failure as described above or if the mechanism encounters an initialization error that prevents scanning for group information. In particular, it is not an error for a given mechanism to find no groups for a user.
This routine returns SIADSUCCESS if group scanning was possible and the group list did not need additional storage. It returns SIADFAIL|SIADSTOP if the group list did need more than maxgroups entries. It returns SIADFAIL if the mechanism is unable to scan for groups at all.
sia_get_groups(3), siad_setgrent(3), siad_getgrent(3), siad_endgrent(3), matrix.conf(4),
Security delim off