getauthattr man page on Solaris

Man page or keyword search:  
man Server   20652 pages
apropos Keyword Search (all sections)
Output format
Solaris logo
[printable version]

getauthattr(3SECSecurity Attributes Database Library Functigetauthattr(3SECDB)

NAME
       getauthattr,   getauthnam,   free_authattr,  setauthattr,  endauthattr,
       chkauthattr - get authorization entry

SYNOPSIS
       cc [ flag... ] file... -lsecdb  -lsocket	 -lnsl	[ library... ]
       #include <auth_attr.h>
       #include <secdb.h>

       authattr_t *getauthattr(void);

       authattr_t *getauthnam(const char *name);

       void free_authattr(authattr_t *auth);

       void setauthattr(void);

       void endauthattr(void);

       int chkauthattr(const char *authname, const char *username);

DESCRIPTION
       The  getauthattr()  and	 getauthnam()	functions   each   return   an
       auth_attr(4)  entry. Entries can come from any of the sources specified
       in the nsswitch.conf(4) file.

       The getauthattr() function enumerates auth_attr entries.	 The  getauth‐
       nam()  function searches for an auth_attr entry with a given authoriza‐
       tion name name. Successive calls to these functions return either  suc‐
       cessive auth_attr entries or NULL.

       Th  internal  representation  of	 an  auth_attr	entry is an authattr_t
       structure defined in  <auth_attr.h> with the following members:

       char   *name;	    /* name of the authorization */
       char   *res1;	    /* reserved for future use */
       char   *res2;	    /* reserved for future use */
       char   *short_desc;  /* short description */
       char   *long_desc;   /* long description */
       kva_t  *attr;	    /* array of key-value pair attributes */

       The setauthattr() function "rewinds" to the beginning of	 the  enumera‐
       tion of auth_attr entries.  Calls to getauthnam() can leave the enumer‐
       ation in an indeterminate state.	 Therefore,  setauthattr()  should  be
       called before the first call to getauthattr().

       The  endauthattr()  function  may  be called to indicate that auth_attr
       processing is complete; the system may then close  any  open  auth_attr
       file, deallocate storage, and so forth.

       The  chkauthattr()  function verifies whether or not a user has a given
       authorization. It first reads the AUTHS_GRANTED key in  the  /etc/secu‐
       rity/policy.conf	 file  and returns 1 if it finds a match for the given
       authorization. If chkauthattr() does not find a	match,	it  reads  the
       PROFS_GRANTED  key  in  /etc/security/policy.conf  and returns 1 if the
       given authorization is in any profiles specified with the PROFS_GRANTED
       keyword.	 If  a	match is not found from the default authorizations and
       default profiles, chkauthattr() reads the user_attr(4) database. If  it
       does  not  find	a match in  user_attr, it reads the prof_attr(4) data‐
       base, using the list of profiles assigned to the user,  and  checks  if
       any of the profiles assigned to the user has the given authorization.
	The  chkauthattr()  function  returns 0 if it does not find a match in
       any of the three sources.

       A user is considered to have been assigned an authorization  if	either
       of the following are true:

	 ·  The	 authorization name matches exactly any authorization assigned
	    in the  user_attr or  prof_attr databases (authorization names are
	    case-sensitive).

	 ·  The	 authorization	name suffix is not the key word	 grant and the
	    authorization name matches any authorization up  to	 the  asterisk
	    (*) character assigned in the user_attr or prof_attr databases.

       The  examples  in  the  following table illustrate the conditions under
       which a user is assigned an authorization.

       ┌───────────────────────────┬───────────────────────────────┬─────────────┐
       │			   │ /etc/security/policy.conf or  │ Is user	 │
       ├───────────────────────────┼───────────────────────────────┼─────────────┤
       │Authorization name	   │ user_attr or  prof_attr entry │ authorized? │
       ├───────────────────────────┼───────────────────────────────┼─────────────┤
       │solaris.printer.postscript │ solaris.printer.postscript	   │ Yes	 │
       ├───────────────────────────┼───────────────────────────────┼─────────────┤
       │solaris.printer.postscript │ solaris.printer.*		   │ Yes	 │
       ├───────────────────────────┼───────────────────────────────┼─────────────┤
       │solaris.printer.grant	   │ solaris.printer.*		   │ No		 │
       └───────────────────────────┴───────────────────────────────┴─────────────┘

       The free_authattr() function releases memory allocated by the  getauth‐
       nam() and  getauthattr() functions.

RETURN VALUES
       The  getauthattr()  function  returns a pointer to an  authattr_t if it
       successfully enumerates an entry; otherwise it returns NULL, indicating
       the end of the enumeration.

       The  getauthnam()  function  returns  a pointer to an  authattr_t if it
       successfully locates the requested entry; otherwise it returns NULL.

       The chkauthattr() function returns 1 if the user is  authorized	and  0
       otherwise.

USAGE
       The  getauthattr()  and getauthnam() functions both allocate memory for
       the pointers they return. This memory should be de-allocated  with  the
       free_authattr() call.

       Individual attributes in the attr structure can be referred to by call‐
       ing the kva_match(3SECDB) function.

WARNINGS
       Because the list of legal keys is likely to expand, code	 must be writ‐
       ten to ignore unknown key-value pairs without error.

FILES
       /etc/nsswitch.conf	       configuration  file  lookup information
				       for the name server switch

       /etc/user_attr		       extended user attributes

       /etc/security/auth_attr	       authorization attributes

       /etc/security/policy.conf       policy definitions

       /etc/security/prof_attr	       profile information

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │MT-Level		     │MT-Safe			   │
       └─────────────────────────────┴─────────────────────────────┘

SEE ALSO
       getexecattr(3SECDB),	getprofattr(3SECDB),	  getuserattr(3SECDB),
       auth_attr(4),	 nsswitch.conf(4),     prof_attr(4),	 user_attr(4),
       attributes(5), rbac(5)

SunOS 5.10			  31 Mar 2005		   getauthattr(3SECDB)
[top]

List of man pages available for Solaris

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net