get_ids_from_arg()

QNX SDP8.0QNX OS System Security GuideAPIConfiguration

Get identifiers from an argument string, or the string and /etc/passwd and /etc/group

Synopsis:

#include <secpol/ids.h>

int get_ids_from_arg(const char *arg,
                     uid_t *uid,
                     gid_t *gid,
                     gid_t *supp_gids,
                     size_t *supp_count)

Arguments:

arg: The formatted string containing the ID information.
uid: The UID as read or inferred from the formatted string.
gid: The GID as read or inferred from the formatted string.
supp_gids: An allocated array to store the supplementary GIDs that are read from the formatted string and /etc/group. If NULL, the supplementary GIDs are not returned.
supp_count: As input, the size of the provided supp_gids array, or NULL if the caller is not requesting the supplementary GIDs. As ouput on success, this is set to the number of supplementary GIDs written to the supp_gids array.

Library:

libsecpol

Description:

The get_ids_from_arg() function parses a given formatted string and returns the corresponding user ID, group ID, and supplementary group IDs. If supp_gids and supp_count are not NULL, the supplementary GIDs found are written there, and supp_count is set to the number of supplementary GIDs written there. If there is not enough space in the provided array, E2BIG is returned.

QNX recommends that you allocate your supplementary GID array to the size returned by sysconf(_SC_NGROUPS_MAX) to ensure that you have enough space.

This function doesn't support negative IDs.

The arg string format can take one of the following two forms:

UID
```
uid:gid,sgid1,sgid2,sgid3,... 
```
All IDs must be numbers. The UID and GID are separated by a colon. The GID can be followed by a comma-separated list of supplementary group IDs. If the GID is not specified, the GID of the calling process is returned. The supplementary GIDs are also optional.
Username
```
username,sgid1,sgid2,sgid3,... 
```
The username must be a valid username defined in /etc/passwd; otherwise, the function errors out with EINVAL. The supplementary GIDs are optional and must be a comma-separated list of numbers. The GID is looked up in /etc/passwd. The supplementary GIDs returned are a union of the supplementary GIDs in /etc/group for the given username and the GIDs parsed from arg.

Returns:

EOK on success; on failure, one the following values:

EINVAL - The argument is in an invalid format or references a non-existant username.
ERANGE - An ID in the argument is larger than the uid_t or gid_t data type supports.
E2BIG - The array provided by the caller is not large enough to hold all of the IDs.
ENOMEM - Out of memory.

Page updated: March 05, 2025