PreviousNext

sec_rgy_acct_lookup(3sec)

Returns data for a specified account

Synopsis

#include <dce/acct.h>

void sec_rgy_acct_lookup(
sec_rgy_handle_t context,
sec_rgy_login_name_t *name_key,
sec_rgy_cursor_t *account_cursor,
sec_rgy_login_name_t *name_result,
sec_rgy_sid_t *id_sid,
sec_rgy_unix_sid_t *unix_sid,
sec_rgy_acct_key_t *key_parts,
sec_rgy_acct_user_t *user_part,
sec_rgy_acct_admin_t *admin_part,
error_status_t *status);

Parameters

Input

context
An opaque handle bound to a registry server. Use sec_rgy_site_open( ) to acquire a bound handle.

name_key
A pointer to the account login name. A login name is composed of three character strings, containing the principal, group, and organization (PGO) names corresponding to the account. Blank strings serve as wildcards, matching any entry.

Input/Output

account_cursor
An opaque pointer to a specific account in the registry database. If name_key is blank, sec_rgy_acct_lookup( ) returns information about the account to which the cursor is pointing. On return, the cursor points to the next account in the database after the returned account. If name_key is blank and the account_cursor has been reset with sec_rgy_cursor_reset( ), sec_rgy_acct_lookup( ) returns information about the first account in the database. When the end of the list of accounts in the database is reached, the routine returns the value sec_rgy_no_more_entries in the status parameter. Use sec_rgy_cursor_reset( ) to refresh the cursor.

Output

name_result
A pointer to the full login name of the account (including all three names) for which the information is returned. The remaining parameters contain the information belonging to the returned account.

id_sid
A structure containing the three UUIDs of the principal, group, and organization for the account.

unix_sid
A structure containing the three UNIX numbers of the principal, group, and organization for the account.

key_parts
A pointer to the minimum abbreviation allowed when logging in to the account. Abbreviations are not currently implemented and the only legal value is sec_rgy_acct_key_person.

user_part
A pointer to the sec_rgy_acct_user_t structure containing the user part of the account data. This represents such information as the account password, home directory, and default shell, all of which are accessible to, and may be modified by, the account owner.

admin_part
A pointer to the sec_rgy_acct_admin_t structure containing the administrative part of an account's data. This information includes the account creation and expiration dates and flags describing limits to the use of privilege attribute certificates, among other information, and can be modified only by an administrator.

status
A pointer to the completion status. On successful completion, the routine returns error_status_ok. Otherwise, it returns an error.

Description
The sec_rgy_acct_lookup( ) routine returns all the information about an account in the registry database. The account can be specified either with name_key or account_cursor. If name_key is completely blank, the routine uses the account_cursor value instead.

For name_key, a zero-length principal, group, or organization key serves as a wildcard. For example, a login name key with the principal and organization fields blank returns the next (possibly first) account whose group matches the input group field. The full login name of the returned account is passed back in name_result.

The account_cursor provides an automatic place holder in the registry database. The routine automatically updates this variable to point to the next account in the database, after the account for which the information was returned. If name_key is blank and the account_cursor has been reset with sec_rgy_cursor_reset( )*O, sec_rgy_acct_lookup( ) returns information about the first account in the database.

Permissions Required
The sec_rgy_acct_lookup( ) routine requires the r (read) permission on the account principal to be viewed.

Cautions
There are several different types of cursors used in the registry Application Programmer Interface (API). Some cursors point to PGO items, others point to members in a membership list, and others point to account data. Do not use a cursor for one sort of object in a call expecting another sort of object. For example, you cannot use the same cursor on a call to sec_rgy_acct_get_projlist( ) and sec_rgy_pgo_get_next( ). The behavior in this case is undefined.

Furthermore, cursors are specific to a server. A cursor pointing into one replica of the registry database is useless as a pointer into another replica.

Use sec_rgy_cursor_reset( ) to renew a cursor for use with another call or for another server.

Files

/usr/include/dce/acct.idl
The idl file from which dce/acct.h was derived.

Errors

The following describes a partial list of errors that might be returned. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.

sec_rgy_no_more_entries
The cursor is at the end of the accounts in the registry.

sec_rgy_object_not_found
The input account could not be found by the registry server.

sec_rgy_server_unavailable
The DCE Registry Server is unavailable.

error_status_ok
The call was successful.

Related Information
Functions:

sec_intro(3sec)

sec_rgy_cursor_reset(3sec)

sec_rgy_acct_replace_all(3sec)

sec_rgy_acct_admin_replace(3sec)

sec_rgy_acct_user_replace(3sec)