SunOS man pages : getauthnam (3)
Introduction to Library Functions getauthattr(3SECDB)
NAME
getauthattr, getauthnam, free_authattr, setauthattr, endau-
thattr, chkauthattr - get authorization entry
SYNOPSIS
cc [ flag... ] file... -lsecdb -lsocket -lnsl -lintl [ library... ]
#include <auth_attr.h>
#include <secdb.h>
authattr_t *getauthattr(void);
authattr_t *getauthnam(const char *name);
void free_authattr(authattr_t *auth);
void setauthattr(void);
void endauthattr(void);
int chkauthattr(const char *authname, const char *username);
DESCRIPTION
The getauthattr() and getauthnam() functions each return an
auth_attr(4) entry. Entries can come from any of the sources
specified in the nsswitch.conf(4) file.
The getauthattr() function enumerates auth_attr entries. The
getauthnam() function searches for an auth_attr entry with a
given authorization name name. Successive calls to these
functions return either successive auth_attr entries or
NULL.
Th internal representation of an auth_attr entry is an
authattr_t structure defined in <auth_attr.h> with the fol-
lowing members:
char *name; /* name of the authorization */
char *res1; /* reserved for future use */
char *res2; /* reserved for future use */
char *short_desc; /* short description */
char *long_desc; /* long description */
kva_t *attr; /* array of key-value pair attributes */
The setauthattr() function "rewinds" to the beginning of the
enumeration of auth_attr entries. Calls to getauthnam() can
leave the enumeration in an indeterminate state. Therefore,
setauthattr() should be called before the first call to
getauthattr().
The endauthattr() function may be called to indicate that
auth_attr processing is complete; the system may then close
any open auth_attr file, deallocate storage, and so forth.
SunOS 5.8 Last change: 12 Aug 1999 1
Introduction to Library Functions getauthattr(3SECDB)
The chkauthattr() function verifies whether or not a user
has a given authorization. It first reads the AUTHS_GRANTED
key in the /etc/security/policy.conf file and returns 1 if
it finds a match for the given authorization. If chkau-
thattr() does not find a match, it reads the user_attr(4)
database. If it does not find a match in user_attr, chkau-
thattr() reads the prof_attr(4) database, using the list of
profiles assigned to the user, and checks if any of the pro-
files assigned to the user has the given authorization. The
chkauthattr() function returns 0 if it does not find a match
in any of the three sources.
A user is considered to have been assigned an authorization
if either of the following are true:
o The authorization name matches exactly any authoriza-
tion assigned in the user_attr or prof_attr data-
bases (authorization names are case-sensitive).
o The authorization name suffix is not the key word
grant and the authorization name matches any authori-
zation up to the asterisk (*) character assigned in
the user_attr or prof_attr databases.
The examples in the following table illustrate the condi-
tions under which a user is assigned an authorization.
__________________________________________________________________________
| | /etc/security/policy.conf or | Is user |
|___________________________|_______________________________|_____________|
| Authorization name | user_attr or prof_attr entry| authorized?|
|___________________________|_______________________________|_____________|
| com.sun.printer.postscript| com.sun.printer.postscript | Yes |
|___________________________|_______________________________|_____________|
| com.sun.printer.postscript| com.sun.printer.* | Yes |
|___________________________|_______________________________|_____________|
| com.sun.printer.grant | com.sun.printer.* | No |
|___________________________|_______________________________|_____________|
The free_authattr() function releases memory allocated by
the getauthnam() and getauthattr() functions.
RETURN VALUES
The getauthattr() function returns a pointer to an
authattr_t if it successfully enumerates an entry; otherwise
it returns NULL, indicating the end of the enumeration.
The getauthnam() function returns a pointer to an
authattr_t if it successfully locates the requested entry;
otherwise it returns NULL.
SunOS 5.8 Last change: 12 Aug 1999 2
Introduction to Library Functions getauthattr(3SECDB)
The chkauthattr() function returns 1 if the user is author-
ized and 0 otherwise.
USAGE
The getauthattr() and getauthnam() functions both allocate
memory for the pointers they return. This memory should be
de-allocated with the free_authattr() call.
Applications that use the interfaces described in this
manual page cannot be linked statically, since the implemen-
tations of these functions employ dynamic loading and link-
ing of shared objects at run time. Note that these inter-
faces are reentrant even though they do not use the _r suf-
fix naming convention.
Individual attributes in the attr structure can be referred
to by calling the kva_match(3SECDB) function.
WARNINGS
Because the list of legal keys is likely to expand, code
must be written to ignore unknown key-value pairs without
error.
FILES
/etc/nsswitch.conf
configuration file lookup information for the name
server switch
/etc/user_attr
extended user attributes
/etc/security/auth_attr
authorization attributes
/etc/security/policy.conf
policy definitions
/etc/security/prof_attr
profile information
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| MT-Level | MT-Safe |
|_____________________________|_____________________________|
SunOS 5.8 Last change: 12 Aug 1999 3
Introduction to Library Functions getauthattr(3SECDB)
SEE ALSO
getexecattr(3SECDB), getprofattr(3SECDB),
getuserattr(3SECDB), auth_attr(4), nsswitch.conf(4),
prof_attr(4), user_attr(4), attributes(5), rbac(5)
SunOS 5.8 Last change: 12 Aug 1999 4
|
 |
|
|
