Print this page
9728 3secdb man pages need some tlc
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man3secdb/getauthattr.3secdb
+++ new/usr/src/man/man3secdb/getauthattr.3secdb
1 1 '\" te
2 2 .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved.
3 3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
4 4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
5 5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
6 -.TH GETAUTHATTR 3SECDB "Feb 20, 2009"
6 +.TH GETAUTHATTR 3SECDB "Aug 13, 2018"
7 7 .SH NAME
8 8 getauthattr, getauthnam, free_authattr, setauthattr, endauthattr, chkauthattr
9 9 \- get authorization entry
10 10 .SH SYNOPSIS
11 11 .LP
12 12 .nf
13 13 cc [ \fIflag\fR... ] \fIfile\fR... -lsecdb -lsocket -lnsl [ \fIlibrary\fR... ]
14 14 #include <auth_attr.h>
15 15 #include <secdb.h>
16 16
17 17 \fBauthattr_t *\fR\fBgetauthattr\fR(\fBvoid\fR);
18 18 .fi
19 19
20 20 .LP
21 21 .nf
22 22 \fBauthattr_t *\fR\fBgetauthnam\fR(\fBconst char *\fR\fIname\fR);
23 23 .fi
24 24
25 25 .LP
26 26 .nf
27 27 \fBvoid\fR \fBfree_authattr\fR(\fBauthattr_t *\fR\fIauth\fR);
28 28 .fi
29 29
30 30 .LP
31 31 .nf
32 32 \fBvoid\fR \fBsetauthattr\fR(\fBvoid\fR);
33 33 .fi
34 34
35 35 .LP
|
↓ open down ↓ |
19 lines elided |
↑ open up ↑ |
36 36 .nf
37 37 \fBvoid\fR \fBendauthattr\fR(\fBvoid\fR);
38 38 .fi
39 39
40 40 .LP
41 41 .nf
42 42 \fBint\fR \fBchkauthattr\fR(\fBconst char *\fR\fIauthname\fR, \fBconst char *\fR\fIusername\fR);
43 43 .fi
44 44
45 45 .SH DESCRIPTION
46 -.sp
47 46 .LP
48 47 The \fBgetauthattr()\fR and \fBgetauthnam()\fR functions each return an
49 48 \fBauth_attr\fR(4) entry. Entries can come from any of the sources specified in
50 49 the \fBnsswitch.conf\fR(4) file.
51 50 .sp
52 51 .LP
53 52 The \fBgetauthattr()\fR function enumerates \fBauth_attr\fR entries. The
54 53 \fBgetauthnam()\fR function searches for an \fBauth_attr\fR entry with a given
55 54 authorization name \fIname\fR. Successive calls to these functions return
56 55 either successive \fBauth_attr\fR entries or \fINULL\fR.
57 56 .sp
58 57 .LP
59 58 Th internal representation of an \fBauth_attr\fR entry is an \fBauthattr_t\fR
60 59 structure defined in <\fBauth_attr.h\fR> with the following members:
61 60 .sp
62 61 .in +2
63 62 .nf
64 63 char *name; /* name of the authorization */
65 64 char *res1; /* reserved for future use */
66 65 char *res2; /* reserved for future use */
67 66 char *short_desc; /* short description */
68 67 char *long_desc; /* long description */
69 68 kva_t *attr; /* array of key-value pair attributes */
70 69 .fi
71 70 .in -2
72 71
73 72 .sp
74 73 .LP
75 74 The \fBsetauthattr()\fR function "rewinds" to the beginning of the enumeration
76 75 of \fBauth_attr\fR entries. Calls to \fBgetauthnam()\fR can leave the
77 76 enumeration in an indeterminate state. Therefore, \fBsetauthattr()\fR should be
78 77 called before the first call to \fBgetauthattr()\fR.
79 78 .sp
80 79 .LP
81 80 The \fBendauthattr()\fR function may be called to indicate that \fBauth_attr\fR
82 81 processing is complete; the system may then close any open \fBauth_attr\fR
83 82 file, deallocate storage, and so forth.
84 83 .sp
85 84 .LP
86 85 The \fBchkauthattr()\fR function verifies whether or not a user has a given
87 86 authorization. It first reads the \fBAUTHS_GRANTED\fR key in the
|
↓ open down ↓ |
31 lines elided |
↑ open up ↑ |
88 87 \fB/etc/security/policy.conf\fR file and returns 1 if it finds a match for the
89 88 given authorization. If \fBchkauthattr()\fR does not find a match and the
90 89 \fIusername\fR is the name of the "console user", defined as the owner of
91 90 \fB/dev/console\fR, it first reads the \fBCONSOLE_USER\fR key in
92 91 \fB/etc/security/policy.conf\fR and returns 1 if the given authorization is in
93 92 any of the profiles specified in the \fBCONSOLE_USER\fR keyword, then reads the
94 93 \fBPROFS_GRANTED\fR key in \fB/etc/security/policy.conf\fR and returns 1 if the
95 94 given authorization is in any profiles specified with the \fBPROFS_GRANTED\fR
96 95 keyword. If a match is not found from the default authorizations and default
97 96 profiles, \fBchkauthattr()\fR reads the \fBuser_attr\fR(4) database. If it does
98 -not find a match in \fBuser_attr\fR, it reads the \fBprof_attr\fR(4) database,
97 +not find a match in \fBuser_attr\fR, it reads the \fBprof_attr\fR(4) database,
99 98 using the list of profiles assigned to the user, and checks if any of the
100 99 profiles assigned to the user has the given authorization. The
101 100 \fBchkauthattr()\fR function returns 0 if it does not find a match in any of
102 101 the three sources or if the user does not exist.
103 102 .sp
104 103 .LP
105 104 A user is considered to have been assigned an authorization if either of the
106 105 following are true:
107 106 .RS +4
108 107 .TP
109 108 .ie t \(bu
110 109 .el o
111 110 The authorization name matches exactly any authorization assigned in the
112 -\fBuser_attr\fR or \fBprof_attr\fR databases (authorization names are
111 +\fBuser_attr\fR or \fBprof_attr\fR databases (authorization names are
113 112 case-sensitive).
114 113 .RE
115 114 .RS +4
116 115 .TP
117 116 .ie t \(bu
118 117 .el o
119 -The authorization name suffix is not the key word \fBgrant\fR and the
118 +The authorization name suffix is not the key word \fBgrant\fR and the
120 119 authorization name matches any authorization up to the asterisk (*) character
121 120 assigned in the \fBuser_attr\fR or \fBprof_attr\fR databases.
122 121 .RE
123 122 .sp
124 123 .LP
125 124 The examples in the following table illustrate the conditions under which a
126 125 user is assigned an authorization.
127 126 .sp
128 127
129 128 .sp
130 129 .TS
131 130 box;
132 131 c | c | c
133 132 c | c | c .
134 - \f(CW/etc/security/policy.conf\fR or Is user
133 + \fB/etc/security/policy.conf\fR or Is user
134 +\fBAuthorization name\fR \fBuser_attr\fR or \fBprof_attr\fR entry authorized?
135 135 _
136 -\fBAuthorization name\fR \fBuser_attr\fR or \fB\fR \fBprof_attr\fR entry authorized?
137 -_
138 136 solaris.printer.postscript solaris.printer.postscript Yes
139 137 solaris.printer.postscript solaris.printer.* Yes
140 138 solaris.printer.grant solaris.printer.* No
141 139 .TE
142 140
143 141 .sp
144 142 .LP
145 143 The \fBfree_authattr()\fR function releases memory allocated by the
146 -\fBgetauthnam()\fR and \fBgetauthattr()\fR functions.
144 +\fBgetauthnam()\fR and \fBgetauthattr()\fR functions.
147 145 .SH RETURN VALUES
148 -.sp
149 146 .LP
150 -The \fBgetauthattr()\fR function returns a pointer to an \fBauthattr_t\fR if
147 +The \fBgetauthattr()\fR function returns a pointer to an \fBauthattr_t\fR if
151 148 it successfully enumerates an entry; otherwise it returns \fINULL\fR,
152 149 indicating the end of the enumeration.
153 150 .sp
154 151 .LP
155 -The \fBgetauthnam()\fR function returns a pointer to an \fBauthattr_t\fR if it
152 +The \fBgetauthnam()\fR function returns a pointer to an \fBauthattr_t\fR if it
156 153 successfully locates the requested entry; otherwise it returns \fINULL\fR.
157 154 .sp
158 155 .LP
159 156 The \fBchkauthattr()\fR function returns 1 if the user is authorized and 0 if
160 157 the user does not exist or is not authorized.
161 158 .SH USAGE
162 -.sp
163 159 .LP
164 160 The \fBgetauthattr()\fR and \fBgetauthnam()\fR functions both allocate memory
165 161 for the pointers they return. This memory should be deallocated with the
166 162 \fBfree_authattr()\fR call.
167 163 .sp
168 164 .LP
169 165 Individual attributes in the \fBattr\fR structure can be referred to by calling
170 166 the \fBkva_match\fR(3SECDB) function.
171 167 .SH WARNINGS
172 -.sp
173 168 .LP
174 -Because the list of legal keys is likely to expand, code must be written to
169 +Because the list of legal keys is likely to expand, code must be written to
175 170 ignore unknown key-value pairs without error.
176 171 .SH FILES
177 -.sp
178 172 .ne 2
179 173 .na
180 174 \fB\fB/etc/nsswitch.conf\fR\fR
181 175 .ad
182 176 .RS 29n
183 -configuration file lookup information for the name server switch
177 +configuration file lookup information for the name service switch
184 178 .RE
185 179
186 180 .sp
187 181 .ne 2
188 182 .na
189 183 \fB\fB/etc/user_attr\fR\fR
190 184 .ad
191 185 .RS 29n
192 186 extended user attributes
193 187 .RE
194 188
195 189 .sp
196 190 .ne 2
197 191 .na
198 192 \fB\fB/etc/security/auth_attr\fR\fR
199 193 .ad
200 194 .RS 29n
201 195 authorization attributes
202 196 .RE
203 197
204 198 .sp
205 199 .ne 2
206 200 .na
207 201 \fB\fB/etc/security/policy.conf\fR\fR
208 202 .ad
209 203 .RS 29n
210 204 policy definitions
211 205 .RE
212 206
|
↓ open down ↓ |
19 lines elided |
↑ open up ↑ |
213 207 .sp
214 208 .ne 2
215 209 .na
216 210 \fB\fB/etc/security/prof_attr\fR\fR
217 211 .ad
218 212 .RS 29n
219 213 profile information
220 214 .RE
221 215
222 216 .SH ATTRIBUTES
223 -.sp
224 217 .LP
225 218 See \fBattributes\fR(5) for descriptions of the following attributes:
226 219 .sp
227 220
228 221 .sp
229 222 .TS
230 223 box;
231 224 c | c
232 225 l | l .
233 226 ATTRIBUTE TYPE ATTRIBUTE VALUE
234 227 _
235 228 MT-Level MT-Safe
236 229 .TE
237 230
238 231 .SH SEE ALSO
239 -.sp
240 232 .LP
241 -\fBgetexecattr\fR(3SECDB), \fBgetprofattr\fR(3SECDB),
242 -\fBgetuserattr\fR(3SECDB), \fBauth_attr\fR(4), \fBnsswitch.conf\fR(4),
243 -\fBprof_attr\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5), \fBrbac\fR(5)
233 +\fBgetexecattr\fR(3SECDB), \fBgetprofattr\fR(3SECDB), \fBgetuserattr\fR(3SECDB),
234 +\fBkva_match\fR(3SECDB), \fBauth_attr\fR(4), \fBnsswitch.conf\fR(4),
235 +\fBpolicy.conf\fR(4), \fBprof_attr\fR(4), \fBuser_attr\fR(4),
236 +\fBattributes\fR(5), \fBrbac\fR(5)
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX