Print this page
9728 3secdb man pages need some tlc

Split Close
Expand all
Collapse all
          --- old/usr/src/man/man3secdb/getexecattr.3secdb.man.txt
          +++ new/usr/src/man/man3secdb/getexecattr.3secdb.man.txt
↓ open down ↓ 35 lines elided ↑ open up ↑
  36   36  
  37   37  
  38   38  DESCRIPTION
  39   39         The getexecattr() function returns a single exec_attr(4) entry.
  40   40         Entries can come from any of the sources specified in the
  41   41         nsswitch.conf(4) file.
  42   42  
  43   43  
  44   44         Successive calls to getexecattr() return either successive exec_attr
  45   45         entries or NULL. Because getexecattr() always returns a single entry,
  46      -       the next pointer in the  execattr_t data structure points to NULL.
       46 +       the next pointer in the execattr_t data structure points to NULL.
  47   47  
  48   48  
  49   49         The internal representation of an exec_attr entry is an execattr_t
  50      -       structure defined in  <exec_attr.h> with the following members:
       50 +       structure defined in <exec_attr.h> with the following members:
  51   51  
  52   52           char              *name;   /* name of the profile */
  53      -         char              *type;   /* type of profile */
  54   53           char              *policy; /* policy under which the attributes are */
  55   54                                      /* relevant*/
       55 +         char              *type;   /* type of profile */
  56   56           char              *res1;   /* reserved for future use */
  57   57           char              *res2;   /* reserved for future use */
  58   58           char              *id;     /* unique identifier */
  59   59           kva_t             *attr;   /* attributes */
  60   60           struct execattr_s *next;   /* optional pointer to next profile */
  61   61  
  62   62  
  63   63  
  64   64         The free_execattr() function releases memory. It follows the next
  65   65         pointers in the execattr_t structure so that the entire linked list is
↓ open down ↓ 21 lines elided ↑ open up ↑
  87   87         returned.
  88   88  
  89   89  
  90   90         The getexecprof() function returns a linked list of entries that match
  91   91         the type and id arguments and have the profile specified by the
  92   92         profname argument. Only entries in the name service scope for which the
  93   93         corresponding profile entry is found in the prof_attr database are
  94   94         returned.
  95   95  
  96   96  
  97      -       Using getexecuser() and getexecprof(), programmers can search  for any
       97 +       Using getexecuser() and getexecprof(), programmers can search for any
  98   98         type argument, such as the manifest constant KV_COMMAND. The arguments
  99   99         are logically AND-ed together so that only entries exactly matching all
 100  100         of the arguments are returned. Wildcard matching applies if there is no
 101  101         exact match for an ID. Any argument can be assigned the NULL value to
 102  102         indicate that it is not used as part of the matching criteria. The
 103  103         search_flag controls whether the function returns the first match
 104  104         (GET_ONE), setting the next pointer to NULL or all matching entries
 105  105         (GET_ALL), using the next pointer to create a linked list of all
 106      -       entries that meet the search criteria. See  EXAMPLES.
      106 +       entries that meet the search criteria. See EXAMPLES.
 107  107  
 108  108  
 109  109         Once a list of entries is returned by getexecuser() or getexecprof(),
 110  110         the convenience function match_execattr() can be used to identify an
 111  111         individual entry. It returns a pointer to the individual element with
 112  112         the same profile name (profname), type name (type), and id. Function
 113  113         parameters set to NULL are not used as part of the matching criteria.
 114  114         In the event that multiple entries meet the matching criteria, only a
 115  115         pointer to the first entry is returned. The kva_match(3SECDB) function
 116  116         can be used to look up a key in a key-value array.
 117  117  
 118  118  RETURN VALUES
 119  119         Those functions returning data only return data related to the active
 120      -       policy.  The getexecattr() function returns a pointer to a  execattr_t
      120 +       policy.  The getexecattr() function returns a pointer to a execattr_t
 121  121         if it successfully enumerates an entry; otherwise it returns NULL,
 122  122         indicating the end of the enumeration.
 123  123  
 124  124  USAGE
 125  125         The getexecattr(), getexecuser(), and getexecprof() functions all
 126  126         allocate memory for the pointers they return. This memory should be
 127  127         deallocated with the free_execattr() call. The match_execattr()
 128  128         function does not allocate any memory. Therefore, pointers returned by
 129  129         this function should not be deallocated.
 130  130  
 131  131  
 132  132         Individual attributes may be referenced in the attr structure by
 133  133         calling the kva_match(3SECDB) function.
 134  134  
 135  135  EXAMPLES
 136      -       Example 1 Find all profiles that have the  ping command.
      136 +       Example 1 Find all profiles that have the ping command.
 137  137  
 138  138           if ((execprof=getexecprof(NULL, KV_COMMAND, "/usr/sbin/ping",
 139  139               GET_ONE)) == NULL) {
 140  140                   /* do error */
 141  141           }
 142  142  
 143  143  
 144  144         Example 2 Find the entry for the ping command in the Network
 145  145         Administration Profile.
 146  146  
 147  147           if ((execprof=getexecprof("Network Administration", KV_COMMAND,
 148  148               "/usr/sbin/ping", GET_ALL))==NULL) {
 149  149                   /* do error */
 150  150           }
 151  151  
 152  152  
 153  153         Example 3 Tell everything that can be done in the Filesystem Security
 154  154         profile.
 155  155  
 156      -         if ((execprof=getexecprof("Filesystem Security", KV_NULL, NULL,
      156 +         if ((execprof=getexecprof("Filesystem Security", NULL, NULL,
 157  157               GET_ALL))==NULL)) {
 158  158                   /* do error */
 159  159           }
 160  160  
 161  161  
 162  162         Example 4 Tell if the tar utility is in a profile assigned to user
 163  163         wetmore. If there is no exact profile entry, the wildcard (*), if
 164  164         defined, is returned.
 165  165  
 166      -
 167      -       The following tells if the tar utility is in a profile assigned to user
 168      -       wetmore. If there is no exact profile entry, the wildcard (*), if
 169      -       defined, is returned.
 170      -
 171      -
 172  166           if ((execprof=getexecuser("wetmore", KV_COMMAND, "/usr/bin/tar",
 173  167               GET_ONE))==NULL) {
 174  168                   /* do error */
 175  169           }
 176  170  
 177  171  
 178  172  FILES
 179  173         /etc/nsswitch.conf
 180  174                                      configuration file lookup information for
 181      -                                    the name server switch
      175 +                                    the name service switch
 182  176  
 183  177  
 184  178         /etc/user_attr
 185  179                                      extended user attributes
 186  180  
 187  181  
 188  182         /etc/security/exec_attr
 189  183                                      execution profiles
 190  184  
 191  185  
 192  186         /etc/security/policy.conf
 193  187                                      policy definitions
 194  188  
 195  189  
      190 +       /etc/security/prof_attr
      191 +                                    profile information
      192 +
      193 +
 196  194  ATTRIBUTES
 197  195         See attributes(5) for descriptions of the following attributes:
 198  196  
 199  197  
 200  198  
 201  199  
 202  200         +---------------+-----------------+
 203  201         |ATTRIBUTE TYPE | ATTRIBUTE VALUE |
 204  202         +---------------+-----------------+
 205  203         |MT-Level       | MT-Safe         |
 206  204         +---------------+-----------------+
 207  205  
 208  206  SEE ALSO
 209      -       getauthattr(3SECDB), getuserattr(3SECDB), kva_match(3SECDB),
 210      -       exec_attr(4), passwd(4), policy.conf(4), prof_attr(4), user_attr(4),
 211      -       attributes(5)
      207 +       getauthattr(3SECDB), getprofattr(3SECDB), getuserattr(3SECDB),
      208 +       kva_match(3SECDB), exec_attr(4), passwd(4), policy.conf(4),
      209 +       prof_attr(4), user_attr(4), attributes(5)
 212  210  
 213  211  
 214  212  
 215      -                                 May 27, 2014              GETEXECATTR(3SECDB)
      213 +                                August 13, 2018            GETEXECATTR(3SECDB)
    
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX