Print this page
9728 3secdb man pages need some tlc

Split Close
Expand all
Collapse all
          --- old/usr/src/man/man3secdb/getauthattr.3secdb.man.txt
          +++ new/usr/src/man/man3secdb/getauthattr.3secdb.man.txt
↓ open down ↓ 68 lines elided ↑ open up ↑
  69   69         /etc/security/policy.conf file and returns 1 if it finds a match for
  70   70         the given authorization. If chkauthattr() does not find a match and the
  71   71         username is the name of the "console user", defined as the owner of
  72   72         /dev/console, it first reads the CONSOLE_USER key in
  73   73         /etc/security/policy.conf and returns 1 if the given authorization is
  74   74         in any of the profiles specified in the CONSOLE_USER keyword, then
  75   75         reads the PROFS_GRANTED key in /etc/security/policy.conf and returns 1
  76   76         if the given authorization is in any profiles specified with the
  77   77         PROFS_GRANTED keyword. If a match is not found from the default
  78   78         authorizations and default profiles, chkauthattr() reads the
  79      -       user_attr(4) database. If it does not find a match in  user_attr, it
       79 +       user_attr(4) database. If it does not find a match in user_attr, it
  80   80         reads the prof_attr(4) database, using the list of profiles assigned to
  81   81         the user, and checks if any of the profiles assigned to the user has
  82   82         the given authorization.  The chkauthattr() function returns 0 if it
  83   83         does not find a match in any of the three sources or if the user does
  84   84         not exist.
  85   85  
  86   86  
  87   87         A user is considered to have been assigned an authorization if either
  88   88         of the following are true:
  89   89  
  90   90             o      The authorization name matches exactly any authorization
  91      -                  assigned in the user_attr or  prof_attr databases
       91 +                  assigned in the user_attr or prof_attr databases
  92   92                    (authorization names are case-sensitive).
  93   93  
  94      -           o      The authorization name suffix is not the key word  grant and
       94 +           o      The authorization name suffix is not the key word grant and
  95   95                    the authorization name matches any authorization up to the
  96   96                    asterisk (*) character assigned in the user_attr or
  97   97                    prof_attr databases.
  98   98  
  99   99  
 100  100         The examples in the following table illustrate the conditions under
 101  101         which a user is assigned an authorization.
 102  102  
 103  103  
 104  104  
 105  105  
 106      -       +---------------------------+-------------------------------+-------------+
 107      -       |                           | /etc/security/policy.conf or  |   Is user   |
 108      -       +---------------------------+-------------------------------+-------------+
 109      -       |    Authorization name     | user_attr or  prof_attr entry | authorized? |
 110      -       +---------------------------+-------------------------------+-------------+
 111      -       |solaris.printer.postscript |  solaris.printer.postscript   |     Yes     |
 112      -       |solaris.printer.postscript |       solaris.printer.*       |     Yes     |
 113      -       |  solaris.printer.grant    |       solaris.printer.*       |     No      |
 114      -       +---------------------------+-------------------------------+-------------+
      106 +       +---------------------------+------------------------------+-------------+
      107 +       |                           | /etc/security/policy.conf or |   Is user   |
      108 +       |    Authorization name     | user_attr or prof_attr entry | authorized? |
      109 +       +---------------------------+------------------------------+-------------+
      110 +       |solaris.printer.postscript |  solaris.printer.postscript  |     Yes     |
      111 +       |solaris.printer.postscript |      solaris.printer.*       |     Yes     |
      112 +       |  solaris.printer.grant    |      solaris.printer.*       |     No      |
      113 +       +---------------------------+------------------------------+-------------+
 115  114  
 116  115  
 117  116         The free_authattr() function releases memory allocated by the
 118      -       getauthnam() and  getauthattr() functions.
      117 +       getauthnam() and getauthattr() functions.
 119  118  
 120  119  RETURN VALUES
 121      -       The getauthattr() function returns a pointer to an  authattr_t if it
      120 +       The getauthattr() function returns a pointer to an authattr_t if it
 122  121         successfully enumerates an entry; otherwise it returns NULL, indicating
 123  122         the end of the enumeration.
 124  123  
 125  124  
 126      -       The getauthnam() function returns a pointer to an  authattr_t if it
      125 +       The getauthnam() function returns a pointer to an authattr_t if it
 127  126         successfully locates the requested entry; otherwise it returns NULL.
 128  127  
 129  128  
 130  129         The chkauthattr() function returns 1 if the user is authorized and 0 if
 131  130         the user does not exist or is not authorized.
 132  131  
 133  132  USAGE
 134  133         The getauthattr() and getauthnam() functions both allocate memory for
 135  134         the pointers they return. This memory should be deallocated with the
 136  135         free_authattr() call.
 137  136  
 138  137  
 139  138         Individual attributes in the attr structure can be referred to by
 140  139         calling the kva_match(3SECDB) function.
 141  140  
 142  141  WARNINGS
 143      -       Because the list of legal keys is likely to expand, code  must be
      142 +       Because the list of legal keys is likely to expand, code must be
 144  143         written to ignore unknown key-value pairs without error.
 145  144  
 146  145  FILES
 147  146         /etc/nsswitch.conf
 148  147                                      configuration file lookup information for
 149      -                                    the name server switch
      148 +                                    the name service switch
 150  149  
 151  150  
 152  151         /etc/user_attr
 153  152                                      extended user attributes
 154  153  
 155  154  
 156  155         /etc/security/auth_attr
 157  156                                      authorization attributes
 158  157  
 159  158  
↓ open down ↓ 12 lines elided ↑ open up ↑
 172  171  
 173  172  
 174  173         +---------------+-----------------+
 175  174         |ATTRIBUTE TYPE | ATTRIBUTE VALUE |
 176  175         +---------------+-----------------+
 177  176         |MT-Level       | MT-Safe         |
 178  177         +---------------+-----------------+
 179  178  
 180  179  SEE ALSO
 181  180         getexecattr(3SECDB), getprofattr(3SECDB), getuserattr(3SECDB),
 182      -       auth_attr(4), nsswitch.conf(4), prof_attr(4), user_attr(4),
 183      -       attributes(5), rbac(5)
      181 +       kva_match(3SECDB), auth_attr(4), nsswitch.conf(4), policy.conf(4),
      182 +       prof_attr(4), user_attr(4), attributes(5), rbac(5)
 184  183  
 185  184  
 186  185  
 187      -                               February 20, 2009           GETAUTHATTR(3SECDB)
      186 +                                August 13, 2018            GETAUTHATTR(3SECDB)
    
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX