Accessing the User Databases
The programming interfaces for manipulating user data require the following header files:
#include <user_attr.h> #include <prof_attr.h> #include <exec_attr.h> #include <auth_attr.h> |
The examples in this chapter compile with the following libraries:
-lsecdb -lnsl -lcmd -DTSOL |
Working with User Data
The main interface for accessing user information is the getuserattr(3SECDB) family of interfaces. The getuserattr function enumerates the user_attr entries. The getusernam function searches for a user_attr entry with a given name. In similar fashion, the getuseruid function searches for a user_attr entry with a given UID. Successive calls to these functions return successive user_attr entries or NULL.
Working with Rights Header Data
The rights profile data is spread between two databases: prof_attr(4) and exec_attr(4). There are two corresponding interface families for accessing rights profiles data: getprofattr(3SECDB) and getexecattr(3SECDB).
The getprofattr function enumerates the prof_attr entries. The getprofnam function searches for a prof_attr entry with a given name. The getproflist function searches for supplementary profiles.
An example program using the getprofattr function follows.
#include <stdio.h>
#include <prof_attr.h>
main(int argc, char *argv[])
{
profattr_t *profp = NULL;
int i;
char *kv_str = NULL;
char *attr[] = { PROFATTR_AUTHS_KW,
PROFATTR_PROFS_KW,
"help",
NULL };
if (argc != 2) {
printf("\tUsage: %s \"profile name\"\n", argv[0]);
printf("\t\tPut multi-word profile names in quotes\n");
exit(1);
}
if ((profp = getprofnam(argv[1])) == NULL) {
printf("\tNo prof_attr entry found for %s\n", argv[1]);
exit(0);
}
if (profp->name)
printf("\t%s: %s\n", PROFATTR_COL0_KW, profp->name);
if (profp->res1)
printf("\t%s: %s\n", PROFATTR_COL1_KW, profp->res1);
if (profp->res2)
printf("\t%s: %s\n", PROFATTR_COL2_KW, profp->res2);
if (profp->desc)
printf("\t%s: %s\n", PROFATTR_COL3_KW, profp->desc);
if (profp->attr) {
for (i = 0; attr[i] != NULL; i++) {
if (kv_str = kva_match(profp->attr, attr[i]))
printf("\t%s: %s\n", attr[i], kv_str);
}
}
free_profattr(profp);
}
This program gets the six fields in the argument's prof_attr record and dumps them to a display as follows:
% getprof ``Media Backup'' name: Media Backup res1: res2: desc: Backup files and file systems auths: solaris.device.allocate help: RtMediaBkup.html |
Working with Rights Profile Execution Data
The rights profile data is spread between two databases: prof_attr(4) and exec_attr(4). The getexecattr(3SECDB).
This example program uses the getexecattr() routine to find the first exec_attr entry of type cmd in profile supplied.
#include <stdio.h>
#include <exec_attr.h>
main(int argc, char *argv[])
{
execattr_t *execp = NULL;
int i;
int search_flag = GET_ONE;
char *type = KV_COMMAND;
char *id = NULL;
char *kv_str = NULL;
char *attr[] = { EXECATTR_EUID_KW,
EXECATTR_EGID_KW,
EXECATTR_UID_KW,
EXECATTR_GID_KW,
EXECATTR_PRIV_KW,
EXECATTR_LABEL_KW,
EXECATTR_CLEAR_KW,
NULL };
if (argc != 2) {
printf("\tUsage: %s \"profile name\"\n", argv[0]);
printf("\t\tPut multi-word profile name in quotes.\n");
exit(1);
}
if ((execp = getexecprof(argv[1], type, id, search_flag)) == NULL) {
printf("\tNo exec_attr entry found for id %s of type %s"
" in profile %s\n",
((id == NULL) ? "NULL" : id), type, argv[1]);
exit(0);
}
if (execp->name)
printf("\t%s: %s\n", EXECATTR_COL0_KW, execp->name);
if (execp->policy)
printf("\t%s: %s\n", EXECATTR_COL1_KW, execp->policy);
if (execp->type)
printf("\t%s: %s\n", EXECATTR_COL2_KW, execp->type);
if (execp->res1)
printf("\t%s: %s\n", EXECATTR_COL3_KW, execp->res1);
if (execp->res2)
printf("\t%s: %s\n", EXECATTR_COL4_KW, execp->res2);
if (execp->id)
printf("\t%s: %s\n", EXECATTR_COL5_KW, execp->id);
if (execp->attr) {
for (i = 0; attr[i] != NULL; i++) {
if (kv_str = kva_match(execp->attr, attr[i]))
printf("\t%s: %s\n", attr[i], kv_str);
}
}
free_execattr(execp);
}
Here is a typical result.
% getexecprof ``Media Backup''
name: Media Backup
policy: tsol
type: cmd
res1:
res2:
id: /usr/lib/fs/ufs/ufsdump
egid: 3
privs: 1,4,5,8,10,11,12,19,71
|
The next example program uses the getexecattr() routine to find the first exec_attr entry of type cmd in the first profile for the supplied user.
#include <stdio.h>
#include <exec_attr.h>
main(int argc, char *argv[])
{
execattr_t *execp = NULL;
int i;
int search_flag = GET_ONE;
char *type = KV_COMMAND;
char *id = NULL;
char *kv_str = NULL;
char *attr[] = { EXECATTR_EUID_KW,
EXECATTR_EGID_KW,
EXECATTR_UID_KW,
EXECATTR_GID_KW,
EXECATTR_PRIV_KW,
EXECATTR_LABEL_KW,
EXECATTR_CLEAR_KW,
NULL };
if (argc != 2) {
printf("\tUsage: %s \"login name\"\n", argv[0]);
exit(1);
}
if ((execp = getexecuser(argv[1], type, id, search_flag)) == NULL) {
printf("\tNo exec_attr entry found for id %s of type %s"
" for user %s\n",
((id == NULL) ? "NULL" : id), type, argv[1]);
exit(0);
}
if (execp->name)
printf("\t%s: %s\n", EXECATTR_COL0_KW, execp->name);
if (execp->policy)
printf("\t%s: %s\n", EXECATTR_COL1_KW, execp->policy);
if (execp->type)
printf("\t%s: %s\n", EXECATTR_COL2_KW, execp->type);
if (execp->res1)
printf("\t%s: %s\n", EXECATTR_COL3_KW, execp->res1);
if (execp->res2)
printf("\t%s: %s\n", EXECATTR_COL4_KW, execp->res2);
if (execp->id)
printf("\t%s: %s\n", EXECATTR_COL5_KW, execp->id);
if (execp->attr) {
for (i = 0; attr[i] != NULL; i++) {
if (kv_str = kva_match(execp->attr, attr[i]))
printf("\t%s: %s\n", attr[i], kv_str);
}
}
free_execattr(execp);
}
Here is a typical result.
% getexecuser janez
name: Media Backup
policy: tsol
type: cmd
res1:
res2:
id: /usr/lib/fs/ufs/ufsdump
egid: 3
privs: 1,4,5,8,10,11,12,19,71
|
- © 2010, Oracle Corporation and/or its affiliates