Print this page
10067 Miscellaneous man page typos
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Andy Fiddaman <andy@omniosce.org>
Reviewed by: Volker A. Brandt <vab@bb-c.de>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man3secdb/getauthattr.3secdb
+++ new/usr/src/man/man3secdb/getauthattr.3secdb
1 1 '\" te
2 2 .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved.
3 3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
4 4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
5 5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
6 6 .TH GETAUTHATTR 3SECDB "Aug 13, 2018"
7 7 .SH NAME
8 8 getauthattr, getauthnam, free_authattr, setauthattr, endauthattr, chkauthattr
9 9 \- get authorization entry
10 10 .SH SYNOPSIS
11 11 .LP
12 12 .nf
13 13 cc [ \fIflag\fR... ] \fIfile\fR... -lsecdb -lsocket -lnsl [ \fIlibrary\fR... ]
14 14 #include <auth_attr.h>
15 15 #include <secdb.h>
16 16
17 17 \fBauthattr_t *\fR\fBgetauthattr\fR(\fBvoid\fR);
18 18 .fi
19 19
20 20 .LP
21 21 .nf
22 22 \fBauthattr_t *\fR\fBgetauthnam\fR(\fBconst char *\fR\fIname\fR);
23 23 .fi
24 24
25 25 .LP
26 26 .nf
27 27 \fBvoid\fR \fBfree_authattr\fR(\fBauthattr_t *\fR\fIauth\fR);
28 28 .fi
29 29
30 30 .LP
31 31 .nf
32 32 \fBvoid\fR \fBsetauthattr\fR(\fBvoid\fR);
33 33 .fi
34 34
35 35 .LP
36 36 .nf
37 37 \fBvoid\fR \fBendauthattr\fR(\fBvoid\fR);
38 38 .fi
39 39
40 40 .LP
41 41 .nf
42 42 \fBint\fR \fBchkauthattr\fR(\fBconst char *\fR\fIauthname\fR, \fBconst char *\fR\fIusername\fR);
43 43 .fi
44 44
45 45 .SH DESCRIPTION
46 46 .LP
47 47 The \fBgetauthattr()\fR and \fBgetauthnam()\fR functions each return an
|
↓ open down ↓ |
47 lines elided |
↑ open up ↑ |
48 48 \fBauth_attr\fR(4) entry. Entries can come from any of the sources specified in
49 49 the \fBnsswitch.conf\fR(4) file.
50 50 .sp
51 51 .LP
52 52 The \fBgetauthattr()\fR function enumerates \fBauth_attr\fR entries. The
53 53 \fBgetauthnam()\fR function searches for an \fBauth_attr\fR entry with a given
54 54 authorization name \fIname\fR. Successive calls to these functions return
55 55 either successive \fBauth_attr\fR entries or \fINULL\fR.
56 56 .sp
57 57 .LP
58 -Th internal representation of an \fBauth_attr\fR entry is an \fBauthattr_t\fR
58 +The internal representation of an \fBauth_attr\fR entry is an \fBauthattr_t\fR
59 59 structure defined in <\fBauth_attr.h\fR> with the following members:
60 60 .sp
61 61 .in +2
62 62 .nf
63 63 char *name; /* name of the authorization */
64 64 char *res1; /* reserved for future use */
65 65 char *res2; /* reserved for future use */
66 66 char *short_desc; /* short description */
67 67 char *long_desc; /* long description */
68 68 kva_t *attr; /* array of key-value pair attributes */
69 69 .fi
70 70 .in -2
71 71
72 72 .sp
73 73 .LP
74 74 The \fBsetauthattr()\fR function "rewinds" to the beginning of the enumeration
75 75 of \fBauth_attr\fR entries. Calls to \fBgetauthnam()\fR can leave the
76 76 enumeration in an indeterminate state. Therefore, \fBsetauthattr()\fR should be
77 77 called before the first call to \fBgetauthattr()\fR.
78 78 .sp
79 79 .LP
80 80 The \fBendauthattr()\fR function may be called to indicate that \fBauth_attr\fR
81 81 processing is complete; the system may then close any open \fBauth_attr\fR
82 82 file, deallocate storage, and so forth.
83 83 .sp
84 84 .LP
85 85 The \fBchkauthattr()\fR function verifies whether or not a user has a given
86 86 authorization. It first reads the \fBAUTHS_GRANTED\fR key in the
87 87 \fB/etc/security/policy.conf\fR file and returns 1 if it finds a match for the
88 88 given authorization. If \fBchkauthattr()\fR does not find a match and the
89 89 \fIusername\fR is the name of the "console user", defined as the owner of
90 90 \fB/dev/console\fR, it first reads the \fBCONSOLE_USER\fR key in
91 91 \fB/etc/security/policy.conf\fR and returns 1 if the given authorization is in
92 92 any of the profiles specified in the \fBCONSOLE_USER\fR keyword, then reads the
93 93 \fBPROFS_GRANTED\fR key in \fB/etc/security/policy.conf\fR and returns 1 if the
94 94 given authorization is in any profiles specified with the \fBPROFS_GRANTED\fR
95 95 keyword. If a match is not found from the default authorizations and default
96 96 profiles, \fBchkauthattr()\fR reads the \fBuser_attr\fR(4) database. If it does
97 97 not find a match in \fBuser_attr\fR, it reads the \fBprof_attr\fR(4) database,
98 98 using the list of profiles assigned to the user, and checks if any of the
99 99 profiles assigned to the user has the given authorization. The
100 100 \fBchkauthattr()\fR function returns 0 if it does not find a match in any of
101 101 the three sources or if the user does not exist.
102 102 .sp
103 103 .LP
104 104 A user is considered to have been assigned an authorization if either of the
105 105 following are true:
106 106 .RS +4
107 107 .TP
108 108 .ie t \(bu
109 109 .el o
110 110 The authorization name matches exactly any authorization assigned in the
111 111 \fBuser_attr\fR or \fBprof_attr\fR databases (authorization names are
112 112 case-sensitive).
113 113 .RE
114 114 .RS +4
115 115 .TP
116 116 .ie t \(bu
117 117 .el o
118 118 The authorization name suffix is not the key word \fBgrant\fR and the
119 119 authorization name matches any authorization up to the asterisk (*) character
120 120 assigned in the \fBuser_attr\fR or \fBprof_attr\fR databases.
121 121 .RE
122 122 .sp
123 123 .LP
124 124 The examples in the following table illustrate the conditions under which a
125 125 user is assigned an authorization.
126 126 .sp
127 127
128 128 .sp
129 129 .TS
130 130 box;
131 131 c | c | c
132 132 c | c | c .
133 133 \fB/etc/security/policy.conf\fR or Is user
134 134 \fBAuthorization name\fR \fBuser_attr\fR or \fBprof_attr\fR entry authorized?
135 135 _
136 136 solaris.printer.postscript solaris.printer.postscript Yes
137 137 solaris.printer.postscript solaris.printer.* Yes
138 138 solaris.printer.grant solaris.printer.* No
139 139 .TE
140 140
141 141 .sp
142 142 .LP
143 143 The \fBfree_authattr()\fR function releases memory allocated by the
144 144 \fBgetauthnam()\fR and \fBgetauthattr()\fR functions.
145 145 .SH RETURN VALUES
146 146 .LP
147 147 The \fBgetauthattr()\fR function returns a pointer to an \fBauthattr_t\fR if
148 148 it successfully enumerates an entry; otherwise it returns \fINULL\fR,
149 149 indicating the end of the enumeration.
150 150 .sp
151 151 .LP
152 152 The \fBgetauthnam()\fR function returns a pointer to an \fBauthattr_t\fR if it
153 153 successfully locates the requested entry; otherwise it returns \fINULL\fR.
154 154 .sp
155 155 .LP
156 156 The \fBchkauthattr()\fR function returns 1 if the user is authorized and 0 if
157 157 the user does not exist or is not authorized.
158 158 .SH USAGE
159 159 .LP
160 160 The \fBgetauthattr()\fR and \fBgetauthnam()\fR functions both allocate memory
161 161 for the pointers they return. This memory should be deallocated with the
162 162 \fBfree_authattr()\fR call.
163 163 .sp
164 164 .LP
165 165 Individual attributes in the \fBattr\fR structure can be referred to by calling
166 166 the \fBkva_match\fR(3SECDB) function.
167 167 .SH WARNINGS
168 168 .LP
169 169 Because the list of legal keys is likely to expand, code must be written to
170 170 ignore unknown key-value pairs without error.
171 171 .SH FILES
172 172 .ne 2
173 173 .na
174 174 \fB\fB/etc/nsswitch.conf\fR\fR
175 175 .ad
176 176 .RS 29n
177 177 configuration file lookup information for the name service switch
178 178 .RE
179 179
180 180 .sp
181 181 .ne 2
182 182 .na
183 183 \fB\fB/etc/user_attr\fR\fR
184 184 .ad
185 185 .RS 29n
186 186 extended user attributes
187 187 .RE
188 188
189 189 .sp
190 190 .ne 2
191 191 .na
192 192 \fB\fB/etc/security/auth_attr\fR\fR
193 193 .ad
194 194 .RS 29n
195 195 authorization attributes
196 196 .RE
197 197
198 198 .sp
199 199 .ne 2
200 200 .na
201 201 \fB\fB/etc/security/policy.conf\fR\fR
202 202 .ad
203 203 .RS 29n
204 204 policy definitions
205 205 .RE
206 206
207 207 .sp
208 208 .ne 2
209 209 .na
210 210 \fB\fB/etc/security/prof_attr\fR\fR
211 211 .ad
212 212 .RS 29n
213 213 profile information
214 214 .RE
215 215
216 216 .SH ATTRIBUTES
217 217 .LP
218 218 See \fBattributes\fR(5) for descriptions of the following attributes:
219 219 .sp
220 220
221 221 .sp
222 222 .TS
223 223 box;
224 224 c | c
225 225 l | l .
226 226 ATTRIBUTE TYPE ATTRIBUTE VALUE
227 227 _
228 228 MT-Level MT-Safe
229 229 .TE
230 230
231 231 .SH SEE ALSO
232 232 .LP
233 233 \fBgetexecattr\fR(3SECDB), \fBgetprofattr\fR(3SECDB), \fBgetuserattr\fR(3SECDB),
234 234 \fBkva_match\fR(3SECDB), \fBauth_attr\fR(4), \fBnsswitch.conf\fR(4),
235 235 \fBpolicy.conf\fR(4), \fBprof_attr\fR(4), \fBuser_attr\fR(4),
236 236 \fBattributes\fR(5), \fBrbac\fR(5)
|
↓ open down ↓ |
168 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX