The rights profile data is spread between two databases: prof_attr(4) and exec_attr(4). The getexecattr(3SECDB).
This example program uses the getexecattr() routine to find the first exec_attr entry of type cmd in profile supplied.
#include <stdio.h> #include <exec_attr.h> main(int argc, char *argv[]) { execattr_t *execp = NULL; int i; int search_flag = GET_ONE; char *type = KV_COMMAND; char *id = NULL; char *kv_str = NULL; char *attr[] = { EXECATTR_EUID_KW, EXECATTR_EGID_KW, EXECATTR_UID_KW, EXECATTR_GID_KW, EXECATTR_PRIV_KW, EXECATTR_LABEL_KW, EXECATTR_CLEAR_KW, NULL }; if (argc != 2) { printf("\tUsage: %s \"profile name\"\n", argv[0]); printf("\t\tPut multi-word profile name in quotes.\n"); exit(1); } if ((execp = getexecprof(argv[1], type, id, search_flag)) == NULL) { printf("\tNo exec_attr entry found for id %s of type %s" " in profile %s\n", ((id == NULL) ? "NULL" : id), type, argv[1]); exit(0); } if (execp->name) printf("\t%s: %s\n", EXECATTR_COL0_KW, execp->name); if (execp->policy) printf("\t%s: %s\n", EXECATTR_COL1_KW, execp->policy); if (execp->type) printf("\t%s: %s\n", EXECATTR_COL2_KW, execp->type); if (execp->res1) printf("\t%s: %s\n", EXECATTR_COL3_KW, execp->res1); if (execp->res2) printf("\t%s: %s\n", EXECATTR_COL4_KW, execp->res2); if (execp->id) printf("\t%s: %s\n", EXECATTR_COL5_KW, execp->id); if (execp->attr) { for (i = 0; attr[i] != NULL; i++) { if (kv_str = kva_match(execp->attr, attr[i])) printf("\t%s: %s\n", attr[i], kv_str); } } free_execattr(execp); }
Here is a typical result.
% getexecprof ``Media Backup'' name: Media Backup policy: tsol type: cmd res1: res2: id: /usr/lib/fs/ufs/ufsdump egid: 3 privs: 1,4,5,8,10,11,12,19,71 |
The next example program uses the getexecattr() routine to find the first exec_attr entry of type cmd in the first profile for the supplied user.
#include <stdio.h> #include <exec_attr.h> main(int argc, char *argv[]) { execattr_t *execp = NULL; int i; int search_flag = GET_ONE; char *type = KV_COMMAND; char *id = NULL; char *kv_str = NULL; char *attr[] = { EXECATTR_EUID_KW, EXECATTR_EGID_KW, EXECATTR_UID_KW, EXECATTR_GID_KW, EXECATTR_PRIV_KW, EXECATTR_LABEL_KW, EXECATTR_CLEAR_KW, NULL }; if (argc != 2) { printf("\tUsage: %s \"login name\"\n", argv[0]); exit(1); } if ((execp = getexecuser(argv[1], type, id, search_flag)) == NULL) { printf("\tNo exec_attr entry found for id %s of type %s" " for user %s\n", ((id == NULL) ? "NULL" : id), type, argv[1]); exit(0); } if (execp->name) printf("\t%s: %s\n", EXECATTR_COL0_KW, execp->name); if (execp->policy) printf("\t%s: %s\n", EXECATTR_COL1_KW, execp->policy); if (execp->type) printf("\t%s: %s\n", EXECATTR_COL2_KW, execp->type); if (execp->res1) printf("\t%s: %s\n", EXECATTR_COL3_KW, execp->res1); if (execp->res2) printf("\t%s: %s\n", EXECATTR_COL4_KW, execp->res2); if (execp->id) printf("\t%s: %s\n", EXECATTR_COL5_KW, execp->id); if (execp->attr) { for (i = 0; attr[i] != NULL; i++) { if (kv_str = kva_match(execp->attr, attr[i])) printf("\t%s: %s\n", attr[i], kv_str); } } free_execattr(execp); }
Here is a typical result.
% getexecuser janez name: Media Backup policy: tsol type: cmd res1: res2: id: /usr/lib/fs/ufs/ufsdump egid: 3 privs: 1,4,5,8,10,11,12,19,71 |