man pages section 3: Library Functions

t6sendto(3NSL)

NAME

t6sendto- specify security attributes to send with data on a trusted endpoint

SYNOPSIS

cc

flags

file

-lsocket

-lnsl

-lt6

library

#include <tsix/t6attrs.h>

sock

msg

len

flags

name

namelen

handle

DESCRIPTION

t6sendto() allows a privileged process to specify the security attributes to send with an IPC message. A process may specify only those attributes for which it possesses the appropriate override privilege and need not specify a full set. Any unspecified attributes are supplied by the kernel.

sock is a socket created with socket(3SOCKET). The address of the target is given by name with namelen specifying its size. The length of the message is given by len.

The name pointer and namelen parameter are used only if you are specifying the destination address; otherwise they should be set to 0. You may not specify the address if the trusted endpoint was created for a connection-oriented protocol, such as TCP. If the message is too long to pass atomically through the underlying protocol, then the message is not transmitted and the error EMSGSIZE is returned.

A return value of -1 indicates locally detected errors only, not implicitly that the message was not delivered.

The flags parameter is formed from the bitwise OR of zero or more of these values:

MSG_OOB: Send out-of-band data and any security attributes specified by a privileged process on sockets that support this notion provided that the underlying protocol also supports out-of-band data. Data and attributes sent with this flag are typically not subject to the internal buffering normally applied by the network to improve network efficiency.
MSG_DONTROUTE: The SO_DONTROUTE option is turned on for the duration of the operation. This option is used only by diagnostic or routing programs.

The security attributes are specified by the handle parameter. To set up handle, see t6set_attr(3NSL).

Only a process with the appropriate override privileges can specify the security attributes associated with the data it sends. To specify an attribute, a process must have the override privilege corresponding to the attribute. The override privilege required to specify an attribute is implementation specific. For Trusted Solaris, one or more of these privileges may be required: PRIV_NET_DOWNGRADE_SL, PRIV_NET_UPGRADE_SL, PRIV_NET_SETCLR, PRIV_NET_SETID, PRIV_NET_SETPRIV, PRIV_NET_BROADCAST.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWtsu
MT-Level	MT-Safe

RETURN VALUES

Upon success, the return value is the number of bytes actually sent. Upon failure, the call returns -1 and sets the error code in errno.

Always checking the return value is critical, for the addition of security means that access to an endpoint may be revoked in response to a security violation.

ERRORS

t6sendto() fails if any of these conditions is true:

EBADF: sock is an invalid file descriptor.
EDESTADDRREQ: A destination address is not specified.
EINTR: The operation was interrupted by delivery of a signal before any data could be buffered to be sent.
EINVAL: namelen is not the size of a valid address for the specified address family.
EMSGSIZE: The socket requires that message be sent atomically, and the message was too long.
ENOMEM: There was insufficient memory available to complete the operation.
ENOSR: There were insufficient STREAMS resources available for the operation to complete.
ENOTSOCK: sock is not a socket.

Trusted Solaris 8 4/01 Reference Manual

libt6(3NSL), t6set_attr(3NSL), t6set_endpt_default(3NSL), socket(3SOCKET), Trusted Solaris Developer's Guide

SunOS 5.8 Reference Manual

attributes(5)

NOTES

This man page is based on the version from the TSIX(RE) 1.1 Application Programming Interface (API) document; and this interface is available in TSIX(RE) 1.1-API-compliant systems.

Only SOCK_STREAM sockets created in the AF_INET address family support out-of-band data.

Trusted Solaris 8 4/01 Last Revised 23 Feb 2001