Security Attributes
The server handle for RPC library calls is a pointer to an SVCXPRT data structure, and the client handle for RPC library calls is a pointer to a CLIENT data structure. In the Trusted Solaris environment, both structures have additional fields that point to security attribute information.
The security attributes pointed to by the server and client handles are based on the TSIX library. See Chapter 12, Trusted Security Information Exchange Library for information on the library routines and privileges required to change security attributes.
Note -
The caller must free all memory blocks allocated for security attribute pointers.
Servers
The following security attribute fields of the SVCXPRT structure can be accessed directly by the server process:
t6attr_t xp_tsol_incoming_attrsp t6attr_t xp_tsol_outgoing_attrsp t6mask_t xp_tsol_incoming_new_attrs |
A server can receive one or more security attributes of incoming client requests by using t6alloc_blk(3NSL) to allocate an opaque structure with space for the security attributes and setting xp_tsol_incoming_attrsp field in the SVCXPRT structure to point to the security attribute structure.
A privileged server can set security attributes on a request to the server by using t6alloc_blk(3NSL) to allocate an opaque structure with space for the security attributes and setting xp_tsol_outgoing_attrsp field in the SVCXPRT to point to the security attribute structure. The RPC library routines pick up the attributes and send them as the attributes for the response.
A server can examine the security attributes on the next and last bytes of data by using the xp_tsol_incoming_new_attrs field in the SVCXPRT structure to point to specific incoming attributes to be examined.
Clients
The following security attribute fields of the CLIENT structure can be accessed directly by the client process:
t6attr_t cl_tsol_incoming_attrsp t6attr_t cl_tsol_outgoing_attrsp |
A client can receive one or more security attributes of incoming server responses by using t6alloc_blk(3NSL) to allocate an opaque structure with space for the attributes and setting cl_tsol_incoming_attrsp field in the CLIENT structure to point to the security attribute structure.
A privileged client can set security attributes on a request to the server by using t6alloc_blk(3NSL) to allocate an opaque structure with space for the security attributes and setting xp_tsol_outgoing_attrsp field in the CLIENT structure to point to the security attribute structure. The RPC library routines pick up the attributes and send them as the attributes for the response.
- © 2010, Oracle Corporation and/or its affiliates