getexecattr man page on OpenIndiana

Man page or keyword search:  
man Server   20441 pages
apropos Keyword Search (all sections)
Output format
OpenIndiana logo
[printable version]

getexecattr(3SECSecurity Attributes Database Library Functigetexecattr(3SECDB)

NAME
       getexecattr,   free_execattr,  setexecattr,  endexecattr,  getexecuser,
       getexecprof, match_execattr - get execution profile entry

SYNOPSIS
       cc [ flag... ] file... -lsecdb  -lsocket	 -lnsl	[ library... ]
       #include <exec_attr.h>
       #include <secdb.h>

       execattr_t *getexecattr(void);

       void free_execattr(execattr_t *ep);

       void setexecattr(void);

       void endexecattr(void);

       execattr_t *getexecuser(const char *username, const char *type,
	    const char *id, int search_flag);

       execattr_t *getexecprof(const char *profname, const char *type,
	    const char *id, int search_flag);

       execattr_t *match_execattr(execattr_t *ep, char *profname,
	    char *type, char *id);

DESCRIPTION
       The getexecattr() function returns a single exec_attr(4) entry. Entries
       can  come  from	any  of	 the sources specified in the nsswitch.conf(4)
       file.

       Successive calls to getexecattr() return	 either	 successive  exec_attr
       entries	or  NULL. Because getexecattr() always returns a single entry,
       the next pointer in the	execattr_t data structure points to NULL.

       The internal representation of an  exec_attr  entry  is	an  execattr_t
       structure defined in  <exec_attr.h> with the following members:

	 char		   *name;   /* name of the profile */
	 char		   *type;   /* type of profile */
	 char		   *policy; /* policy under which the attributes are */
				    /* relevant*/
	 char		   *res1;   /* reserved for future use */
	 char		   *res2;   /* reserved for future use */
	 char		   *id;	    /* unique identifier */
	 kva_t		   *attr;   /* attributes */
	 struct execattr_s *next;   /* optional pointer to next profile */

       The  free_execattr()  function  releases	 memory.  It  follows the next
       pointers in the execattr_t structure so that the entire linked list  is
       released.

       The  setexecattr()  function "rewinds" to the beginning of the enumera‐
       tion of exec_attr entries. Calls to getexecuser() can leave the enumer‐
       ation  in  an  indeterminate  state. Therefore, setexecattr() should be
       called before the first call to getexecattr().

       The endexecattr() function can be called	 to  indicate  that  exec_attr
       processing  is  complete; the library can then close any open exec_attr
       file, deallocate any internal storage, and so forth.

       The getexecuser() function returns a linked list of entries that	 match
       the  type and id arguments and have a profile that has been assigned to
       the user specified by username, as described in passwd(4). Profiles for
       the  user  are obtained from the list of default profiles in /etc/secu‐
       rity/policy.conf (see policy.conf(4)) and  the  user_attr(4)  database.
       Only entries in the name service scope for which the corresponding pro‐
       file entry is found in the prof_attr(4) database are returned.

       The getexecprof() function returns a linked list of entries that	 match
       the  type  and id arguments and have the profile specified by the prof‐
       name argument. Only entries in the name service	scope  for  which  the
       corresponding  profile  entry  is  found	 in the prof_attr database are
       returned.

       Using getexecuser() and getexecprof(), programmers can search  for  any
       type  argument, such as the manifest constant KV_COMMAND. The arguments
       are logically AND-ed together so that only entries exactly matching all
       of the arguments are returned. Wildcard matching applies if there is no
       exact match for an ID. Any argument can be assigned the NULL  value  to
       indicate	 that  it  is  not  used as part of the matching criteria. The
       search_flag controls whether  the  function  returns  the  first	 match
       (GET_ONE),  setting  the	 next  pointer to NULL or all matching entries
       (GET_ALL), using the next pointer  to  create  a	 linked	 list  of  all
       entries that meet the search criteria. See  EXAMPLES.

       Once  a	list of entries is returned by getexecuser() or getexecprof(),
       the convenience function match_execattr() can be used  to  identify  an
       individual  entry.  It returns a pointer to the individual element with
       the same profile name ( profname), type name ( type),  and id. Function
       parameters  set	to NULL are not used as part of the matching criteria.
       In the event that multiple entries meet the matching criteria,  only  a
       pointer	to the first entry is returned. The kva_match(3SECDB) function
       can be used to look up a key in a key-value array.

RETURN VALUES
       Those functions returning data only return data related to  the	active
       policy.	The  getexecattr() function returns a pointer to a  execattr_t
       if it successfully enumerates an	 entry;	 otherwise  it	returns	 NULL,
       indicating the end of the enumeration.

USAGE
       The getexecattr(), getexecuser(), and getexecprof() functions all allo‐
       cate memory for the pointers they return. This memory should be deallo‐
       cated  with  the	 free_execattr()  call. The match_execattr()( function
       does not allocate any memory.  Therefore,  pointers  returned  by  this
       function should not be deallocated.

       Individual  attributes may be referenced in the attr structure by call‐
       ing the kva_match(3SECDB) function.

EXAMPLES
       Example 1 Find all profiles that have the  ping command.

	 if ((execprof=getexecprof(NULL, KV_COMMAND, "/usr/sbin/ping",
	     GET_ONE)) == NULL) {
		 /* do error */
	 }

       Example 2 Find the entry for the ping command in the  Network  Adminis‐
       tration Profile.

	 if ((execprof=getexecprof("Network Administration", KV_COMMAND,
	     "/usr/sbin/ping", GET_ALL))==NULL) {
		 /* do error */
	 }

       Example	3  Tell everything that can be done in the Filesystem Security
       profile.

	 if ((execprof=getexecprof("Filesystem Security", KV_NULL, NULL,
	     GET_ALL))==NULL)) {
		 /* do error */
	 }

       Example 4 Tell if the tar utility is in a profile assigned to user wet‐
       more. If there is no exact profile entry, the wildcard (*), if defined,
       is returned.

       The following tells if the tar utility is in a profile assigned to user
       wetmore.	 If  there  is	no  exact  profile entry, the wildcard (*), if
       defined, is returned.

	 if ((execprof=getexecuser("wetmore", KV_COMMAND, "/usr/bin/tar",
	     GET_ONE))==NULL) {
		 /* do error */
	 }

FILES
       /etc/nsswitch.conf	    configuration file lookup information  for
				    the name server switch

       /etc/user_attr		    extended user attributes

       /etc/security/exec_attr	    execution profiles

       /etc/security/policy.conf    policy definitions

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │MT-Level		     │MT-Safe			   │
       └─────────────────────────────┴─────────────────────────────┘

SEE ALSO
       getauthattr(3SECDB),	  getuserattr(3SECDB),	    kva_match(3SECDB),
       exec_attr(4), passwd(4),	 policy.conf(4),  prof_attr(4),	 user_attr(4),
       attributes(5)

SunOS 5.11			  31 Mar 2005		   getexecattr(3SECDB)
[top]

List of man pages available for OpenIndiana

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net