86
87 A user is considered to have been assigned an authorization if either
88 of the following are true:
89
90 o The authorization name matches exactly any authorization
91 assigned in the user_attr or prof_attr databases
92 (authorization names are case-sensitive).
93
94 o The authorization name suffix is not the key word grant and
95 the authorization name matches any authorization up to the
96 asterisk (*) character assigned in the user_attr or
97 prof_attr databases.
98
99
100 The examples in the following table illustrate the conditions under
101 which a user is assigned an authorization.
102
103
104
105
106 +---------------------------+-------------------------------+-------------+
107 | | /etc/security/policy.conf or | Is user |
108 +---------------------------+-------------------------------+-------------+
109 | Authorization name | user_attr or prof_attr entry | authorized? |
110 +---------------------------+-------------------------------+-------------+
111 |solaris.printer.postscript | solaris.printer.postscript | Yes |
112 |solaris.printer.postscript | solaris.printer.* | Yes |
113 | solaris.printer.grant | solaris.printer.* | No |
114 +---------------------------+-------------------------------+-------------+
115
116
117 The free_authattr() function releases memory allocated by the
118 getauthnam() and getauthattr() functions.
119
120 RETURN VALUES
121 The getauthattr() function returns a pointer to an authattr_t if it
122 successfully enumerates an entry; otherwise it returns NULL, indicating
123 the end of the enumeration.
124
125
126 The getauthnam() function returns a pointer to an authattr_t if it
127 successfully locates the requested entry; otherwise it returns NULL.
128
129
130 The chkauthattr() function returns 1 if the user is authorized and 0 if
131 the user does not exist or is not authorized.
132
133 USAGE
134 The getauthattr() and getauthnam() functions both allocate memory for
135 the pointers they return. This memory should be deallocated with the
136 free_authattr() call.
137
138
139 Individual attributes in the attr structure can be referred to by
140 calling the kva_match(3SECDB) function.
141
142 WARNINGS
143 Because the list of legal keys is likely to expand, code must be
144 written to ignore unknown key-value pairs without error.
145
146 FILES
147 /etc/nsswitch.conf
148 configuration file lookup information for
149 the name server switch
150
151
152 /etc/user_attr
153 extended user attributes
154
155
156 /etc/security/auth_attr
157 authorization attributes
158
159
160 /etc/security/policy.conf
161 policy definitions
162
163
164 /etc/security/prof_attr
165 profile information
166
167
168 ATTRIBUTES
169 See attributes(5) for descriptions of the following attributes:
170
171
172
173
174 +---------------+-----------------+
175 |ATTRIBUTE TYPE | ATTRIBUTE VALUE |
176 +---------------+-----------------+
177 |MT-Level | MT-Safe |
178 +---------------+-----------------+
179
180 SEE ALSO
181 getexecattr(3SECDB), getprofattr(3SECDB), getuserattr(3SECDB),
182 auth_attr(4), nsswitch.conf(4), prof_attr(4), user_attr(4),
183 attributes(5), rbac(5)
184
185
186
187 February 20, 2009 GETAUTHATTR(3SECDB)
|
86
87 A user is considered to have been assigned an authorization if either
88 of the following are true:
89
90 o The authorization name matches exactly any authorization
91 assigned in the user_attr or prof_attr databases
92 (authorization names are case-sensitive).
93
94 o The authorization name suffix is not the key word grant and
95 the authorization name matches any authorization up to the
96 asterisk (*) character assigned in the user_attr or
97 prof_attr databases.
98
99
100 The examples in the following table illustrate the conditions under
101 which a user is assigned an authorization.
102
103
104
105
106 +---------------------------+------------------------------+-------------+
107 | | /etc/security/policy.conf or | Is user |
108 | Authorization name | user_attr or prof_attr entry | authorized? |
109 +---------------------------+------------------------------+-------------+
110 |solaris.printer.postscript | solaris.printer.postscript | Yes |
111 |solaris.printer.postscript | solaris.printer.* | Yes |
112 | solaris.printer.grant | solaris.printer.* | No |
113 +---------------------------+------------------------------+-------------+
114
115
116 The free_authattr() function releases memory allocated by the
117 getauthnam() and getauthattr() functions.
118
119 RETURN VALUES
120 The getauthattr() function returns a pointer to an authattr_t if it
121 successfully enumerates an entry; otherwise it returns NULL, indicating
122 the end of the enumeration.
123
124
125 The getauthnam() function returns a pointer to an authattr_t if it
126 successfully locates the requested entry; otherwise it returns NULL.
127
128
129 The chkauthattr() function returns 1 if the user is authorized and 0 if
130 the user does not exist or is not authorized.
131
132 USAGE
133 The getauthattr() and getauthnam() functions both allocate memory for
134 the pointers they return. This memory should be deallocated with the
135 free_authattr() call.
136
137
138 Individual attributes in the attr structure can be referred to by
139 calling the kva_match(3SECDB) function.
140
141 WARNINGS
142 Because the list of legal keys is likely to expand, code must be
143 written to ignore unknown key-value pairs without error.
144
145 FILES
146 /etc/nsswitch.conf
147 configuration file lookup information for
148 the name service switch
149
150
151 /etc/user_attr
152 extended user attributes
153
154
155 /etc/security/auth_attr
156 authorization attributes
157
158
159 /etc/security/policy.conf
160 policy definitions
161
162
163 /etc/security/prof_attr
164 profile information
165
166
167 ATTRIBUTES
168 See attributes(5) for descriptions of the following attributes:
169
170
171
172
173 +---------------+-----------------+
174 |ATTRIBUTE TYPE | ATTRIBUTE VALUE |
175 +---------------+-----------------+
176 |MT-Level | MT-Safe |
177 +---------------+-----------------+
178
179 SEE ALSO
180 getexecattr(3SECDB), getprofattr(3SECDB), getuserattr(3SECDB),
181 kva_match(3SECDB), auth_attr(4), nsswitch.conf(4), policy.conf(4),
182 prof_attr(4), user_attr(4), attributes(5), rbac(5)
183
184
185
186 August 13, 2018 GETAUTHATTR(3SECDB)
|