rbac_chkauth - RBAC authorization check
#include <unistd.h>
rbac_chkauth (const char *username , const char *authname, const char *objname);
The rbac_chkauth() function determines whether the specified username has the authorization indicated by the authname to allow access on the objname object. If username is a null pointer, then the user name associated with the real user ID of the calling process will be used instead. The Oracle Solaris Operating System (OS) accepts role names as well as user names. The contents of the authname string are implementation-defined; consisting of dot-separated words beginning with the name of the vendor or product. The contents of the objname string are implementation-defined. If objname is a null pointer, this function simply verifies whether or not the user has been given this authorization for any object.
Upon successful completion, the return value will be 1 to indicate that the user has the specified authorization.
The user does not have the specified authorization.
On failure, -1 will be returned and errno will be set to indicate the error.
The rbac_chkauth() function can fail if:
The specified arguments are invalid.
The calling process does not have proper authority to verify the authname for a user when username is a non-null pointer.
If username is a null pointer, the rbac_chkauth () function can set errno to values as specified for getpwuid_r().
If objname is not a null pointer, the rbac_chkauth() function can set errno to values as specified for asprintf(3C).
#include <unistd.h> #include <stdio.h> #include <errno.h> #define PRINTER_CONFIG_AUTH "example.printer.configure" int printer_authchk(char *printer) { /* * Verify that this user can configure the specified printer */ switch (rbac_chkauth(NULL, PRINTER_CONFIG_AUTH, printer) { case -1: perror("rbac_chkauth"); return(0); case 0: (void) fprintf(stderr, "user lacks authorization: %s " "for printer: %s\n", PRINTER_CONFIG_AUTH, printer); return(0); } return(1); }
See attributes(5) for descriptions of the following attributes:
|
attributes(5), armor(5), asprintf(3C), auths(5), getpwuid_r(3C)