Working with Rights Profile Execution Data
The rights profile data is spread between two databases: prof_attr(4) and exec_attr(4). The getexecattr(3SECDB).
This example program uses the getexecattr() routine to find the first exec_attr entry of type cmd in profile supplied.
#include <stdio.h>
#include <exec_attr.h>
main(int argc, char *argv[])
{
execattr_t *execp = NULL;
int i;
int search_flag = GET_ONE;
char *type = KV_COMMAND;
char *id = NULL;
char *kv_str = NULL;
char *attr[] = { EXECATTR_EUID_KW,
EXECATTR_EGID_KW,
EXECATTR_UID_KW,
EXECATTR_GID_KW,
EXECATTR_PRIV_KW,
EXECATTR_LABEL_KW,
EXECATTR_CLEAR_KW,
NULL };
if (argc != 2) {
printf("\tUsage: %s \"profile name\"\n", argv[0]);
printf("\t\tPut multi-word profile name in quotes.\n");
exit(1);
}
if ((execp = getexecprof(argv[1], type, id, search_flag)) == NULL) {
printf("\tNo exec_attr entry found for id %s of type %s"
" in profile %s\n",
((id == NULL) ? "NULL" : id), type, argv[1]);
exit(0);
}
if (execp->name)
printf("\t%s: %s\n", EXECATTR_COL0_KW, execp->name);
if (execp->policy)
printf("\t%s: %s\n", EXECATTR_COL1_KW, execp->policy);
if (execp->type)
printf("\t%s: %s\n", EXECATTR_COL2_KW, execp->type);
if (execp->res1)
printf("\t%s: %s\n", EXECATTR_COL3_KW, execp->res1);
if (execp->res2)
printf("\t%s: %s\n", EXECATTR_COL4_KW, execp->res2);
if (execp->id)
printf("\t%s: %s\n", EXECATTR_COL5_KW, execp->id);
if (execp->attr) {
for (i = 0; attr[i] != NULL; i++) {
if (kv_str = kva_match(execp->attr, attr[i]))
printf("\t%s: %s\n", attr[i], kv_str);
}
}
free_execattr(execp);
}
Here is a typical result.
% getexecprof ``Media Backup''
name: Media Backup
policy: tsol
type: cmd
res1:
res2:
id: /usr/lib/fs/ufs/ufsdump
egid: 3
privs: 1,4,5,8,10,11,12,19,71
|
The next example program uses the getexecattr() routine to find the first exec_attr entry of type cmd in the first profile for the supplied user.
#include <stdio.h>
#include <exec_attr.h>
main(int argc, char *argv[])
{
execattr_t *execp = NULL;
int i;
int search_flag = GET_ONE;
char *type = KV_COMMAND;
char *id = NULL;
char *kv_str = NULL;
char *attr[] = { EXECATTR_EUID_KW,
EXECATTR_EGID_KW,
EXECATTR_UID_KW,
EXECATTR_GID_KW,
EXECATTR_PRIV_KW,
EXECATTR_LABEL_KW,
EXECATTR_CLEAR_KW,
NULL };
if (argc != 2) {
printf("\tUsage: %s \"login name\"\n", argv[0]);
exit(1);
}
if ((execp = getexecuser(argv[1], type, id, search_flag)) == NULL) {
printf("\tNo exec_attr entry found for id %s of type %s"
" for user %s\n",
((id == NULL) ? "NULL" : id), type, argv[1]);
exit(0);
}
if (execp->name)
printf("\t%s: %s\n", EXECATTR_COL0_KW, execp->name);
if (execp->policy)
printf("\t%s: %s\n", EXECATTR_COL1_KW, execp->policy);
if (execp->type)
printf("\t%s: %s\n", EXECATTR_COL2_KW, execp->type);
if (execp->res1)
printf("\t%s: %s\n", EXECATTR_COL3_KW, execp->res1);
if (execp->res2)
printf("\t%s: %s\n", EXECATTR_COL4_KW, execp->res2);
if (execp->id)
printf("\t%s: %s\n", EXECATTR_COL5_KW, execp->id);
if (execp->attr) {
for (i = 0; attr[i] != NULL; i++) {
if (kv_str = kva_match(execp->attr, attr[i]))
printf("\t%s: %s\n", attr[i], kv_str);
}
}
free_execattr(execp);
}
Here is a typical result.
% getexecuser janez
name: Media Backup
policy: tsol
type: cmd
res1:
res2:
id: /usr/lib/fs/ufs/ufsdump
egid: 3
privs: 1,4,5,8,10,11,12,19,71
|
- © 2010, Oracle Corporation and/or its affiliates