test

Trusted Solaris Developer's Guide

Receiving and Retrieving Security Attributes

This example receives a message with security attributes and retrieves the security attribute information. 

#include <tsix/t6attrs.h>
#include <tsol/label.h>
main()
{
	char buf[512];
	int retval, len = sizeof(buf), sock;
	t6mask_t recvmask;
	t6attr_t recvattrs;
	bslabel_t *senslabel;
	bclear_t *clearance;
	struct sockaddr_in sin;
	t6mask_t rcv_mask;

/* Initialize a mask with all security attribute fields */
	recvmask = T6M_ALL_ATTRS;
	recvattrs = t6alloc_blk(recvmask);
/* Code to set up socket communications */
/* ... */
/* Receive security attributes on the message */
	retval = t6recvfrom(sock, buf, len, 0,(struct sockaddr *) &sin;,
		sizeof (sin), recvattrs, &rcv_mask;);
/* Retrieve security attribute Values */
	senslabel = (bslabel_t *)t6get_attr(T6_SL, recvattrs);
	clearance = (bclear_t *)t6get_attr(T6_CLEARANCE, recvattrs);
}

The next example creates newmask with no attributes specified, calls the t6new_attr(3NSL) routine with a value of T6_ON, and calls the t6recvfrom(3NSL) routine with newmask. This combination tells the t6recvfrom() routine to get the security attribute information with the message only when one or more security attributes are different from the set of security attributes on the last message received. The t6recvfrom() call returns the full set of security attributes requested; not just the changed security attributes. When security attributes change, the newmask value becomes non-zero so you check this value to find out when to look for new security attributes. 

#include <tsix/t6attrs.h>
#include <tsol/label.h>

main()
{
	char buf[512];
	int retval, len = sizeof(buf), sock;
	t6mask_t newmask;
	t6attr_t recvattrs;

/* Code to set up socket communications */
/* ... */

/* Create mask to look for change in the sensitivity label */
	newmask = T6M_NO_ATTRS;

/* Turn on new attributes and test for sensitivity label */
	retval = t6new_attr(sock, T6_ON) > 0;
	retval = t6recvfrom(sock, buf, len, 0, 0, 0, recvattrs, &newmask);

	if(newmask > 0)
		{/* Process security attribute information */}
}