| Skip Navigation Links | |
| Exit Print View | |
 | man pages section 3: Basic Library Functions Oracle Solaris 11 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
| man pages section 3: Basic Library Functions Oracle Solaris 11 Information Library |
enable_extended_FILE_stdio(3C)
posix_spawnattr_getschedparam(3C)
posix_spawnattr_getschedpolicy(3C)
posix_spawnattr_getsigdefault(3C)
posix_spawnattr_getsigignore_np(3C)
posix_spawnattr_getsigmask(3C)
posix_spawnattr_setschedparam(3C)
posix_spawnattr_setschedpolicy(3C)
posix_spawnattr_setsigdefault(3C)
posix_spawnattr_setsigignore_np(3C)
posix_spawnattr_setsigmask(3C)
posix_spawn_file_actions_addclose(3C)
posix_spawn_file_actions_addclosefrom_np(3C)
posix_spawn_file_actions_adddup2(3C)
posix_spawn_file_actions_addopen(3C)
posix_spawn_file_actions_destroy(3C)
posix_spawn_file_actions_init(3C)
pthread_attr_getdetachstate(3C)
pthread_attr_getinheritsched(3C)
pthread_attr_getschedparam(3C)
pthread_attr_getschedpolicy(3C)
pthread_attr_setdetachstate(3C)
pthread_attr_setinheritsched(3C)
pthread_attr_setschedparam(3C)
pthread_attr_setschedpolicy(3C)
pthread_barrierattr_destroy(3C)
pthread_barrierattr_getpshared(3C)
pthread_barrierattr_setpshared(3C)
pthread_condattr_getpshared(3C)
pthread_condattr_setpshared(3C)
pthread_cond_reltimedwait_np(3C)
pthread_key_create_once_np(3C)
pthread_mutexattr_getprioceiling(3C)
pthread_mutexattr_getprotocol(3C)
pthread_mutexattr_getpshared(3C)
pthread_mutexattr_getrobust(3C)
pthread_mutexattr_setprioceiling(3C)
pthread_mutexattr_setprotocol(3C)
pthread_mutexattr_setpshared(3C)
pthread_mutexattr_setrobust(3C)
pthread_mutex_getprioceiling(3C)
pthread_mutex_reltimedlock_np(3C)
pthread_mutex_setprioceiling(3C)
pthread_rwlockattr_destroy(3C)
pthread_rwlockattr_getpshared(3C)
pthread_rwlockattr_setpshared(3C)
pthread_rwlock_reltimedrdlock_np(3C)
pthread_rwlock_reltimedwrlock_np(3C)
pthread_rwlock_timedrdlock(3C)
pthread_rwlock_timedwrlock(3C)
rctlblk_get_enforced_value(3C)
- get execution profile entry
execattr_t *getexecattr(void);
voidfree_execattr(execattr_t *ep);
voidsetexecattr(void);
voidendexecattr(void);
execattr_t *getexecuser(const char *username,const char *type,const char *id,intsearch_flag);
execattr_t *getexecprof(const char *profname,const char *type,const char *id,intsearch_flag);
execattr_t *match_execattr(execattr_t *ep,char *profname,char *type,char *id);
Thegetexecattr() function returns a singleexec_attr(4) entry. Entries can come fromany of the sources specified in thensswitch.conf(4) file.
Successive calls togetexecattr() return either successiveexec_attr entries orNULL. Becausegetexecattr() always returns a single entry, thenext pointer in theexecattr_t data structure points toNULL.
The internal representation of anexec_attr entry is anexecattr_t structure definedin <exec_attr.h> with the following members:
char *name; /* name of the profile */char *policy; /* policy under which the attributes are */ /* relevant*/char *type; /* type of profile */char *res1; /* reserved for future use */char *res2; /* reserved for future use */char *id; /* unique identifier */kva_t *attr; /* attributes */struct execattr_s *next; /* optional pointer to next profile */
Thefree_execattr() function releases memory. It follows thenext pointers in theexecattr_t structure so that the entire linked list is released.
Thesetexecattr() function “rewinds” to the beginning of the enumeration ofexec_attrentries. Calls togetexecuser() can leave the enumeration in an indeterminate state.Therefore,setexecattr() should be called before the first call togetexecattr().
Theendexecattr() function can be called to indicate thatexec_attr processing iscomplete; the library can then close any openexec_attr file, deallocate anyinternal storage, and so forth.
Thegetexecuser() function returns a linked list of entries that match thetype andid arguments and have a profile that has been assignedto the user specified byusername, as described inpasswd(4). Profiles forthe user are obtained from the list of default profiles in/etc/security/policy.conf(seepolicy.conf(4)) and theuser_attr(4) database. Only entries in the name service scopefor which the corresponding profile entry is found in theprof_attr(4) databaseare returned.
Thegetexecprof() function returns a linked list of entries that match thetype andid arguments and have the profile specified by theprofnameargument. Only entries in the name service scope for which the corresponding profileentry is found in theprof_attr database are returned.
Usinggetexecuser() andgetexecprof(), programmers can search for anytype argument,such as the manifest constantKV_COMMAND. The arguments are logically AND-ed togetherso that only entries exactly matching all of the arguments are returned. Wildcardmatching applies if there is no exact match for an ID. Anyargument can be assigned theNULL value to indicate that it isnot used as part of the matching criteria. The search_flag controls whetherthe function returns the first match (GET_ONE), setting thenext pointer toNULL or all matching entries (GET_ALL), using thenext pointer to createa linked list of all entries that meet the search criteria. SeeEXAMPLES.
IfGET_ALL is specified, the entire database is searched, resulting in amuch slower operation. UseGET_ONE when searching for the attributes for oneparticular application.
Once a list of entries is returned bygetexecuser() orgetexecprof(), theconvenience functionmatch_execattr() can be used to identify an individual entry. Itreturns a pointer to the individual element with the same profile name (profname), type name (type), andid. Function parameters set toNULL are not used as part of the matching criteria. In theevent that multiple entries meet the matching criteria, only a pointer to thefirst entry is returned. Thekva_match(3C) function can be used to lookup a key in a key-value array.
Those functions returning data only return data related to the active policy.Thegetexecattr() function returns a pointer to aexecattr_t if itsuccessfully enumerates an entry; otherwise it returnsNULL, indicating the end of theenumeration.
Thegetexecattr(),getexecuser(), andgetexecprof() functions all allocate memory for the pointersthey return. This memory should be deallocated with thefree_execattr() call. Thematch_execattr()( function does not allocate any memory. Therefore, pointers returned by this functionshould not be deallocated.
Individual attributes may be referenced in theattr structure by calling thekva_match(3C) function.
Example 1 Find all profiles that have theping command.
if ((execprof=getexecprof(NULL, KV_COMMAND, "/usr/sbin/ping", GET_ALL)) == NULL) { /* do error */}Example 2 Find the entry for theping command in the Network Administration Profile.
if ((execprof=getexecprof("Network Administration", KV_COMMAND, "/usr/sbin/ping", GET_ONE))==NULL) { /* do error */}Example 3 Tell everything that can be done in the Filesystem Security profile.
if ((execprof=getexecprof("Filesystem Security", KV_NULL, NULL, GET_ALL))==NULL)) { /* do error */}Example 4 Tell if thetar utility is in a profile assigned to user wetmore. If there is no exact profile entry, the wildcard (*), if defined, is returned.
The following tells if thetar utility is in a profile assignedto user wetmore. If there is no exact profile entry, the wildcard(*), if defined, is returned.
if ((execprof=getexecuser("wetmore", KV_COMMAND, "/usr/bin/tar", GET_ONE))==NULL) { /* do error */}configuration file lookup information for the name server switch
extended user attributes
execution profiles
policy definitions
Seeattributes(5) for descriptions of the following attributes:
|
getauthattr(3C),getuserattr(3C),kva_match(3C),exec_attr(4),passwd(4),policy.conf(4),prof_attr(4),user_attr(4),attributes(5)
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.Legal Notices |   |