1 '\" te
   2 .\" Copyright (c) 2009, Sun Microsystems, Inc.  All Rights Reserved.
   3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
   4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
   5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   6 .TH GETAUTHATTR 3SECDB "Feb 20, 2009"
   7 .SH NAME
   8 getauthattr, getauthnam, free_authattr, setauthattr, endauthattr, chkauthattr
   9 \- get authorization entry
  10 .SH SYNOPSIS
  11 .LP
  12 .nf
  13 cc [ \fIflag\fR... ] \fIfile\fR... -lsecdb  -lsocket  -lnsl  [ \fIlibrary\fR... ]
  14 #include <auth_attr.h>
  15 #include <secdb.h>
  16 
  17 \fBauthattr_t *\fR\fBgetauthattr\fR(\fBvoid\fR);
  18 .fi
  19 
  20 .LP
  21 .nf
  22 \fBauthattr_t *\fR\fBgetauthnam\fR(\fBconst char *\fR\fIname\fR);
  23 .fi
  24 
  25 .LP
  26 .nf
  27 \fBvoid\fR \fBfree_authattr\fR(\fBauthattr_t *\fR\fIauth\fR);
  28 .fi
  29 
  30 .LP
  31 .nf
  32 \fBvoid\fR \fBsetauthattr\fR(\fBvoid\fR);
  33 .fi
  34 
  35 .LP
  36 .nf
  37 \fBvoid\fR \fBendauthattr\fR(\fBvoid\fR);
  38 .fi
  39 
  40 .LP
  41 .nf
  42 \fBint\fR \fBchkauthattr\fR(\fBconst char *\fR\fIauthname\fR, \fBconst char *\fR\fIusername\fR);
  43 .fi
  44 
  45 .SH DESCRIPTION
  46 .sp
  47 .LP
  48 The \fBgetauthattr()\fR and \fBgetauthnam()\fR functions each return an
  49 \fBauth_attr\fR(4) entry. Entries can come from any of the sources specified in
  50 the \fBnsswitch.conf\fR(4) file.
  51 .sp
  52 .LP
  53 The \fBgetauthattr()\fR function enumerates \fBauth_attr\fR entries. The
  54 \fBgetauthnam()\fR function searches for an \fBauth_attr\fR entry with a given
  55 authorization name \fIname\fR. Successive calls to these functions return
  56 either successive \fBauth_attr\fR entries or \fINULL\fR.
  57 .sp
  58 .LP
  59 Th internal representation of an \fBauth_attr\fR entry is an \fBauthattr_t\fR
  60 structure defined in  <\fBauth_attr.h\fR> with the following members:
  61 .sp
  62 .in +2
  63 .nf
  64 char   *name;        /* name of the authorization */
  65 char   *res1;        /* reserved for future use */
  66 char   *res2;        /* reserved for future use */

 114 .RE
 115 .RS +4
 116 .TP
 117 .ie t \(bu
 118 .el o
 119 The authorization name suffix is not the key word  \fBgrant\fR and the
 120 authorization name matches any authorization up to the asterisk (*) character
 121 assigned in the \fBuser_attr\fR or \fBprof_attr\fR databases.
 122 .RE
 123 .sp
 124 .LP
 125 The examples in the following table illustrate the conditions under which a
 126 user is assigned an authorization.
 127 .sp
 128 
 129 .sp
 130 .TS
 131 box;
 132 c | c | c
 133 c | c | c .
 134         \f(CW/etc/security/policy.conf\fR or    Is user

 135 _
 136 \fBAuthorization name\fR        \fBuser_attr\fR or \fB\fR \fBprof_attr\fR entry authorized?
 137 _
 138 solaris.printer.postscript      solaris.printer.postscript      Yes
 139 solaris.printer.postscript      solaris.printer.*       Yes
 140 solaris.printer.grant   solaris.printer.*       No
 141 .TE
 142 
 143 .sp
 144 .LP
 145 The \fBfree_authattr()\fR function releases memory allocated by the
 146 \fBgetauthnam()\fR and  \fBgetauthattr()\fR functions.
 147 .SH RETURN VALUES
 148 .sp
 149 .LP
 150 The \fBgetauthattr()\fR function returns a pointer to an  \fBauthattr_t\fR if
 151 it successfully enumerates an entry; otherwise it returns \fINULL\fR,
 152 indicating the end of the enumeration.
 153 .sp
 154 .LP
 155 The \fBgetauthnam()\fR function returns a pointer to an  \fBauthattr_t\fR if it
 156 successfully locates the requested entry; otherwise it returns \fINULL\fR.
 157 .sp
 158 .LP
 159 The \fBchkauthattr()\fR function returns 1 if the user is authorized and 0 if
 160 the user does not exist or is not authorized.
 161 .SH USAGE
 162 .sp
 163 .LP
 164 The \fBgetauthattr()\fR and \fBgetauthnam()\fR functions both allocate memory
 165 for the pointers they return. This memory should be deallocated with the
 166 \fBfree_authattr()\fR call.
 167 .sp
 168 .LP
 169 Individual attributes in the \fBattr\fR structure can be referred to by calling
 170 the \fBkva_match\fR(3SECDB) function.
 171 .SH WARNINGS
 172 .sp
 173 .LP
 174 Because the list of legal keys is likely to expand, code  must be written to
 175 ignore unknown key-value pairs without error.
 176 .SH FILES
 177 .sp
 178 .ne 2
 179 .na
 180 \fB\fB/etc/nsswitch.conf\fR\fR
 181 .ad
 182 .RS 29n
 183 configuration file lookup information for the name server switch
 184 .RE
 185 
 186 .sp
 187 .ne 2
 188 .na
 189 \fB\fB/etc/user_attr\fR\fR
 190 .ad
 191 .RS 29n
 192 extended user attributes
 193 .RE
 194 
 195 .sp
 196 .ne 2
 197 .na
 198 \fB\fB/etc/security/auth_attr\fR\fR
 199 .ad
 200 .RS 29n
 201 authorization attributes
 202 .RE
 203 
 204 .sp
 205 .ne 2
 206 .na
 207 \fB\fB/etc/security/policy.conf\fR\fR
 208 .ad
 209 .RS 29n
 210 policy definitions
 211 .RE
 212 
 213 .sp
 214 .ne 2
 215 .na
 216 \fB\fB/etc/security/prof_attr\fR\fR
 217 .ad
 218 .RS 29n
 219 profile information
 220 .RE
 221 
 222 .SH ATTRIBUTES
 223 .sp
 224 .LP
 225 See \fBattributes\fR(5) for descriptions of the following attributes:
 226 .sp
 227 
 228 .sp
 229 .TS
 230 box;
 231 c | c
 232 l | l .
 233 ATTRIBUTE TYPE  ATTRIBUTE VALUE
 234 _
 235 MT-Level        MT-Safe
 236 .TE
 237 
 238 .SH SEE ALSO
 239 .sp
 240 .LP
 241 \fBgetexecattr\fR(3SECDB), \fBgetprofattr\fR(3SECDB),
 242 \fBgetuserattr\fR(3SECDB), \fBauth_attr\fR(4), \fBnsswitch.conf\fR(4),
 243 \fBprof_attr\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5), \fBrbac\fR(5)

   1 '\" te
   2 .\" Copyright (c) 2009, Sun Microsystems, Inc.  All Rights Reserved.
   3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
   4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
   5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   6 .TH GETAUTHATTR 3SECDB "Aug 13, 2018"
   7 .SH NAME
   8 getauthattr, getauthnam, free_authattr, setauthattr, endauthattr, chkauthattr
   9 \- get authorization entry
  10 .SH SYNOPSIS
  11 .LP
  12 .nf
  13 cc [ \fIflag\fR... ] \fIfile\fR... -lsecdb  -lsocket  -lnsl  [ \fIlibrary\fR... ]
  14 #include <auth_attr.h>
  15 #include <secdb.h>
  16 
  17 \fBauthattr_t *\fR\fBgetauthattr\fR(\fBvoid\fR);
  18 .fi
  19 
  20 .LP
  21 .nf
  22 \fBauthattr_t *\fR\fBgetauthnam\fR(\fBconst char *\fR\fIname\fR);
  23 .fi
  24 
  25 .LP
  26 .nf
  27 \fBvoid\fR \fBfree_authattr\fR(\fBauthattr_t *\fR\fIauth\fR);
  28 .fi
  29 
  30 .LP
  31 .nf
  32 \fBvoid\fR \fBsetauthattr\fR(\fBvoid\fR);
  33 .fi
  34 
  35 .LP
  36 .nf
  37 \fBvoid\fR \fBendauthattr\fR(\fBvoid\fR);
  38 .fi
  39 
  40 .LP
  41 .nf
  42 \fBint\fR \fBchkauthattr\fR(\fBconst char *\fR\fIauthname\fR, \fBconst char *\fR\fIusername\fR);
  43 .fi
  44 
  45 .SH DESCRIPTION

  46 .LP
  47 The \fBgetauthattr()\fR and \fBgetauthnam()\fR functions each return an
  48 \fBauth_attr\fR(4) entry. Entries can come from any of the sources specified in
  49 the \fBnsswitch.conf\fR(4) file.
  50 .sp
  51 .LP
  52 The \fBgetauthattr()\fR function enumerates \fBauth_attr\fR entries. The
  53 \fBgetauthnam()\fR function searches for an \fBauth_attr\fR entry with a given
  54 authorization name \fIname\fR. Successive calls to these functions return
  55 either successive \fBauth_attr\fR entries or \fINULL\fR.
  56 .sp
  57 .LP
  58 Th internal representation of an \fBauth_attr\fR entry is an \fBauthattr_t\fR
  59 structure defined in  <\fBauth_attr.h\fR> with the following members:
  60 .sp
  61 .in +2
  62 .nf
  63 char   *name;        /* name of the authorization */
  64 char   *res1;        /* reserved for future use */
  65 char   *res2;        /* reserved for future use */

 113 .RE
 114 .RS +4
 115 .TP
 116 .ie t \(bu
 117 .el o
 118 The authorization name suffix is not the key word \fBgrant\fR and the
 119 authorization name matches any authorization up to the asterisk (*) character
 120 assigned in the \fBuser_attr\fR or \fBprof_attr\fR databases.
 121 .RE
 122 .sp
 123 .LP
 124 The examples in the following table illustrate the conditions under which a
 125 user is assigned an authorization.
 126 .sp
 127 
 128 .sp
 129 .TS
 130 box;
 131 c | c | c
 132 c | c | c .
 133         \fB/etc/security/policy.conf\fR or      Is user
 134 \fBAuthorization name\fR        \fBuser_attr\fR or \fBprof_attr\fR entry        authorized?
 135 _


 136 solaris.printer.postscript      solaris.printer.postscript      Yes
 137 solaris.printer.postscript      solaris.printer.*       Yes
 138 solaris.printer.grant   solaris.printer.*       No
 139 .TE
 140 
 141 .sp
 142 .LP
 143 The \fBfree_authattr()\fR function releases memory allocated by the
 144 \fBgetauthnam()\fR and \fBgetauthattr()\fR functions.
 145 .SH RETURN VALUES

 146 .LP
 147 The \fBgetauthattr()\fR function returns a pointer to an \fBauthattr_t\fR if
 148 it successfully enumerates an entry; otherwise it returns \fINULL\fR,
 149 indicating the end of the enumeration.
 150 .sp
 151 .LP
 152 The \fBgetauthnam()\fR function returns a pointer to an \fBauthattr_t\fR if it
 153 successfully locates the requested entry; otherwise it returns \fINULL\fR.
 154 .sp
 155 .LP
 156 The \fBchkauthattr()\fR function returns 1 if the user is authorized and 0 if
 157 the user does not exist or is not authorized.
 158 .SH USAGE

 159 .LP
 160 The \fBgetauthattr()\fR and \fBgetauthnam()\fR functions both allocate memory
 161 for the pointers they return. This memory should be deallocated with the
 162 \fBfree_authattr()\fR call.
 163 .sp
 164 .LP
 165 Individual attributes in the \fBattr\fR structure can be referred to by calling
 166 the \fBkva_match\fR(3SECDB) function.
 167 .SH WARNINGS

 168 .LP
 169 Because the list of legal keys is likely to expand, code must be written to
 170 ignore unknown key-value pairs without error.
 171 .SH FILES

 172 .ne 2
 173 .na
 174 \fB\fB/etc/nsswitch.conf\fR\fR
 175 .ad
 176 .RS 29n
 177 configuration file lookup information for the name service switch
 178 .RE
 179 
 180 .sp
 181 .ne 2
 182 .na
 183 \fB\fB/etc/user_attr\fR\fR
 184 .ad
 185 .RS 29n
 186 extended user attributes
 187 .RE
 188 
 189 .sp
 190 .ne 2
 191 .na
 192 \fB\fB/etc/security/auth_attr\fR\fR
 193 .ad
 194 .RS 29n
 195 authorization attributes
 196 .RE
 197 
 198 .sp
 199 .ne 2
 200 .na
 201 \fB\fB/etc/security/policy.conf\fR\fR
 202 .ad
 203 .RS 29n
 204 policy definitions
 205 .RE
 206 
 207 .sp
 208 .ne 2
 209 .na
 210 \fB\fB/etc/security/prof_attr\fR\fR
 211 .ad
 212 .RS 29n
 213 profile information
 214 .RE
 215 
 216 .SH ATTRIBUTES

 217 .LP
 218 See \fBattributes\fR(5) for descriptions of the following attributes:
 219 .sp
 220 
 221 .sp
 222 .TS
 223 box;
 224 c | c
 225 l | l .
 226 ATTRIBUTE TYPE  ATTRIBUTE VALUE
 227 _
 228 MT-Level        MT-Safe
 229 .TE
 230 
 231 .SH SEE ALSO

 232 .LP
 233 \fBgetexecattr\fR(3SECDB), \fBgetprofattr\fR(3SECDB), \fBgetuserattr\fR(3SECDB),
 234 \fBkva_match\fR(3SECDB), \fBauth_attr\fR(4), \fBnsswitch.conf\fR(4),
 235 \fBpolicy.conf\fR(4), \fBprof_attr\fR(4), \fBuser_attr\fR(4),
 236 \fBattributes\fR(5), \fBrbac\fR(5)