usermgr-1 - API for user and group administration
#include <rad/client/1/usermgr.h>
cc [ flag... ] file... -lusermgr1_client [ library... ]
interface UserMgr
usermgr_User_t ** users ; (ro)
usermgr_Group_t ** groups ; (ro)
const char ** shells ; (ro)
usermgr_User_t * defaultUser ; (ro)
const char ** scopes ; (ro)
const char ** roles ; (ro)
const char ** profiles ; (ro)
const char ** auths ; (ro)
const char ** defaultPrivs ; (ro)
const char ** limitPrivs ; (ro)
const char ** supplGroups ; (ro)
const char ** auditClasses ; (ro)
const char ** pamUserConfFiles ; (ro)
const char ** pamServices ; (ro)
const char ** projects ; (ro)
rc_err_t usermgr_UserMgr_getUser(rc_instance_t *inst,
const char *username,
usermgr_User_t **result,
usermgr_UserMgrError_t **error);
rc_err_t usermgr_UserMgr_addUser(rc_instance_t *inst,
usermgr_User_t *user,
const char *password,
boolean_t *hashed,
usermgr_User_t **result,
usermgr_UserMgrError_t **error);
rc_err_t usermgr_UserMgr_modifyUser(rc_instance_t *inst,
usermgr_User_t *user,
usermgr_UserChangeFields_t *changeFields,
const char *password,
boolean_t *hashed,
usermgr_User_t **result,
usermgr_UserMgrError_t **error);
rc_err_t usermgr_UserMgr_deleteUser(rc_instance_t *inst,
const char *username,
usermgr_UserMgrError_t **error);
rc_err_t usermgr_UserMgr_selectScope(rc_instance_t *inst,
usermgr_ScopeType_t scope);
rc_err_t usermgr_UserMgr_setFilter(rc_instance_t *inst,
usermgr_UserType_t usertype,
const char *searchstring,
boolean_t *localAttrs);
rc_err_t usermgr_UserMgr_setQualifier(rc_instance_t *inst,
const char *qualifier);
rc_err_t usermgr_UserMgr_isSystemLabeled(rc_instance_t *inst,
boolean_t *result,
usermgr_UserMgrError_t **error);
rc_err_t usermgr_UserMgr_getUserType(rc_instance_t *inst,
const char *username,
usermgr_UserType_t *result,
usermgr_UserMgrError_t **error);
Enumerated Types
enum UserMgrErrorType
typedef enum usermgr_UserMgrErrorType {
UUMET_INVALIDDATA = 0,
UUMET_USEREXISTS = 1,
UUMET_PERMDENIED = 2,
UUMET_READERROR = 3,
UUMET_LASTADMIN = 4,
UUMET_ROOTADMIN = 5,
UUMET_PASSERROR = 6,
} usermgr_UserMgrErrorType_t;
enum ScopeType
typedef enum usermgr_ScopeType {
UST_FILES = 0,
UST_LDAP = 1,
} usermgr_ScopeType_t;
enum UserType
typedef enum usermgr_UserType {
UUT_NORMAL = 0,
UUT_ROLE = 1,
} usermgr_UserType_t;
Structured Types
struct Group
typedef struct usermgr_Group usermgr_Group_t;
struct usermgr_Group {
char *ug_groupName;
unsigned int ug_groupID;
char **ug_groupMembers;
int ug_groupMembers_count;
};
void usermgr_Group_free(usermgr_Group_t *in);
struct User
typedef struct usermgr_User usermgr_User_t;
struct usermgr_User {
char *uu_username;
unsigned int uu_userID;
unsigned int uu_groupID;
char *uu_groupName;
char *uu_description;
char *uu_homeDirectory;
char *uu_defaultShell;
int uu_inactive;
int uu_min;
int uu_max;
int uu_warn;
char *uu_expire;
char *uu_lockAfterRetries;
char *uu_alwaysAuditFlags;
char *uu_neverAuditFlags;
char *uu_type;
char *uu_defaultProj;
char *uu_clearance;
char *uu_minLabel;
char *uu_roleAuth;
char *uu_idleCmd;
char *uu_idleTime;
char *uu_accountStatus;
char **uu_roles;
int uu_roles_count;
char **uu_profiles;
int uu_profiles_count;
char **uu_authProfiles;
int uu_authProfiles_count;
char **uu_auths;
int uu_auths_count;
char **uu_defaultPriv;
int uu_defaultPriv_count;
char **uu_limitPriv;
int uu_limitPriv_count;
char **uu_groups;
int uu_groups_count;
char **uu_alwaysAudit;
int uu_alwaysAudit_count;
char **uu_neverAudit;
int uu_neverAudit_count;
char *uu_pamPolicy;
char *uu_unlockAfter;
char **uu_accessTimes;
int uu_accessTimes_count;
char *uu_accessTZ;
char *uu_tpd;
char *uu_annotation;
char *uu_zfsHome;
};
void usermgr_User_free(usermgr_User_t *in);
struct UserChangeFields
typedef struct usermgr_UserChangeFields usermgr_UserChangeFields_t;
struct usermgr_UserChangeFields {
boolean_t *uucf_gidChanged;
boolean_t *uucf_groupNameChanged;
boolean_t *uucf_descChanged;
boolean_t *uucf_homedirChanged;
boolean_t *uucf_defShellChanged;
boolean_t *uucf_profilesChanged;
boolean_t *uucf_authProfilesChanged;
boolean_t *uucf_rolesChanged;
boolean_t *uucf_authsChanged;
boolean_t *uucf_defaultPrivChanged;
boolean_t *uucf_limitPrivChanged;
boolean_t *uucf_groupsChanged;
boolean_t *uucf_lockAfterRetriesChanged;
boolean_t *uucf_alwaysAuditChanged;
boolean_t *uucf_neverAuditChanged;
boolean_t *uucf_typeChanged;
boolean_t *uucf_defaultProjChanged;
boolean_t *uucf_minLabelChanged;
boolean_t *uucf_roleAuthChanged;
boolean_t *uucf_idleCmdChanged;
boolean_t *uucf_idleTimeChanged;
boolean_t *uucf_expireChanged;
boolean_t *uucf_minChanged;
boolean_t *uucf_maxChanged;
boolean_t *uucf_warnChanged;
boolean_t *uucf_uidChanged;
boolean_t *uucf_accessTimesChanged;
boolean_t *uucf_accessTZChanged;
boolean_t *uucf_pamPolicyChanged;
boolean_t *uucf_clearanceChanged;
boolean_t *uucf_inactiveChanged;
boolean_t *uucf_unlockAfterChanged;
boolean_t *uucf_accountStatusChanged;
boolean_t *uucf_tpdChanged;
boolean_t *uucf_annotationChanged;
boolean_t *uucf_zfsHomeChanged;
};
void usermgr_UserChangeFields_free(usermgr_UserChangeFields_t *in);
struct UserMgrError
typedef struct usermgr_UserMgrError usermgr_UserMgrError_t;
struct usermgr_UserMgrError {
usermgr_UserMgrErrorType_t uume_errorCode;
char *uume_errmsg;
};
void usermgr_UserMgrError_free(usermgr_UserMgrError_t *in);
USERMGR-1(3rad) RAD Module Definitions USERMGR-1(3rad)
NAME
usermgr - API for user and group administration
SYNOPSIS
#include <rad/client/1/usermgr.h>
cc [ flag... ] file... -lusermgr1_client [ library... ]
interface UserMgr
usermgr_User_t ** users ; (ro)
usermgr_Group_t ** groups ; (ro)
const char ** shells ; (ro)
usermgr_User_t * defaultUser ; (ro)
const char ** scopes ; (ro)
const char ** roles ; (ro)
const char ** profiles ; (ro)
const char ** auths ; (ro)
const char ** defaultPrivs ; (ro)
const char ** limitPrivs ; (ro)
const char ** supplGroups ; (ro)
const char ** auditClasses ; (ro)
const char ** pamUserConfFiles ; (ro)
const char ** pamServices ; (ro)
const char ** projects ; (ro)
rc_err_t usermgr_UserMgr_getUser(rc_instance_t *inst,
const char *username,
usermgr_User_t **result,
usermgr_UserMgrError_t **error);
rc_err_t usermgr_UserMgr_addUser(rc_instance_t *inst,
usermgr_User_t *user,
const char *password,
boolean_t *hashed,
usermgr_User_t **result,
usermgr_UserMgrError_t **error);
rc_err_t usermgr_UserMgr_modifyUser(rc_instance_t *inst,
usermgr_User_t *user,
usermgr_UserChangeFields_t *changeFields,
const char *password,
boolean_t *hashed,
usermgr_User_t **result,
usermgr_UserMgrError_t **error);
rc_err_t usermgr_UserMgr_deleteUser(rc_instance_t *inst,
const char *username,
usermgr_UserMgrError_t **error);
rc_err_t usermgr_UserMgr_selectScope(rc_instance_t *inst,
usermgr_ScopeType_t scope);
rc_err_t usermgr_UserMgr_setFilter(rc_instance_t *inst,
usermgr_UserType_t usertype,
const char *searchstring,
boolean_t *localAttrs);
rc_err_t usermgr_UserMgr_setQualifier(rc_instance_t *inst,
const char *qualifier);
rc_err_t usermgr_UserMgr_isSystemLabeled(rc_instance_t *inst,
boolean_t *result,
usermgr_UserMgrError_t **error);
rc_err_t usermgr_UserMgr_getUserType(rc_instance_t *inst,
const char *username,
usermgr_UserType_t *result,
usermgr_UserMgrError_t **error);
Enumerated Types
enum UserMgrErrorType
typedef enum usermgr_UserMgrErrorType {
UUMET_INVALIDDATA = 0,
UUMET_USEREXISTS = 1,
UUMET_PERMDENIED = 2,
UUMET_READERROR = 3,
UUMET_LASTADMIN = 4,
UUMET_ROOTADMIN = 5,
UUMET_PASSERROR = 6,
} usermgr_UserMgrErrorType_t;
enum ScopeType
typedef enum usermgr_ScopeType {
UST_FILES = 0,
UST_LDAP = 1,
} usermgr_ScopeType_t;
enum UserType
typedef enum usermgr_UserType {
UUT_NORMAL = 0,
UUT_ROLE = 1,
} usermgr_UserType_t;
Structured Types
struct Group
typedef struct usermgr_Group usermgr_Group_t;
struct usermgr_Group {
char *ug_groupName;
unsigned int ug_groupID;
char **ug_groupMembers;
int ug_groupMembers_count;
};
void usermgr_Group_free(usermgr_Group_t *in);
struct User
typedef struct usermgr_User usermgr_User_t;
struct usermgr_User {
char *uu_username;
unsigned int uu_userID;
unsigned int uu_groupID;
char *uu_groupName;
char *uu_description;
char *uu_homeDirectory;
char *uu_defaultShell;
int uu_inactive;
int uu_min;
int uu_max;
int uu_warn;
char *uu_expire;
char *uu_lockAfterRetries;
char *uu_alwaysAuditFlags;
char *uu_neverAuditFlags;
char *uu_type;
char *uu_defaultProj;
char *uu_clearance;
char *uu_minLabel;
char *uu_roleAuth;
char *uu_idleCmd;
char *uu_idleTime;
char *uu_accountStatus;
char **uu_roles;
int uu_roles_count;
char **uu_profiles;
int uu_profiles_count;
char **uu_authProfiles;
int uu_authProfiles_count;
char **uu_auths;
int uu_auths_count;
char **uu_defaultPriv;
int uu_defaultPriv_count;
char **uu_limitPriv;
int uu_limitPriv_count;
char **uu_groups;
int uu_groups_count;
char **uu_alwaysAudit;
int uu_alwaysAudit_count;
char **uu_neverAudit;
int uu_neverAudit_count;
char *uu_pamPolicy;
char *uu_unlockAfter;
char **uu_accessTimes;
int uu_accessTimes_count;
char *uu_accessTZ;
char *uu_tpd;
char *uu_annotation;
char *uu_zfsHome;
};
void usermgr_User_free(usermgr_User_t *in);
struct UserChangeFields
typedef struct usermgr_UserChangeFields usermgr_UserChangeFields_t;
struct usermgr_UserChangeFields {
boolean_t *uucf_gidChanged;
boolean_t *uucf_groupNameChanged;
boolean_t *uucf_descChanged;
boolean_t *uucf_homedirChanged;
boolean_t *uucf_defShellChanged;
boolean_t *uucf_profilesChanged;
boolean_t *uucf_authProfilesChanged;
boolean_t *uucf_rolesChanged;
boolean_t *uucf_authsChanged;
boolean_t *uucf_defaultPrivChanged;
boolean_t *uucf_limitPrivChanged;
boolean_t *uucf_groupsChanged;
boolean_t *uucf_lockAfterRetriesChanged;
boolean_t *uucf_alwaysAuditChanged;
boolean_t *uucf_neverAuditChanged;
boolean_t *uucf_typeChanged;
boolean_t *uucf_defaultProjChanged;
boolean_t *uucf_minLabelChanged;
boolean_t *uucf_roleAuthChanged;
boolean_t *uucf_idleCmdChanged;
boolean_t *uucf_idleTimeChanged;
boolean_t *uucf_expireChanged;
boolean_t *uucf_minChanged;
boolean_t *uucf_maxChanged;
boolean_t *uucf_warnChanged;
boolean_t *uucf_uidChanged;
boolean_t *uucf_accessTimesChanged;
boolean_t *uucf_accessTZChanged;
boolean_t *uucf_pamPolicyChanged;
boolean_t *uucf_clearanceChanged;
boolean_t *uucf_inactiveChanged;
boolean_t *uucf_unlockAfterChanged;
boolean_t *uucf_accountStatusChanged;
boolean_t *uucf_tpdChanged;
boolean_t *uucf_annotationChanged;
boolean_t *uucf_zfsHomeChanged;
};
void usermgr_UserChangeFields_free(usermgr_UserChangeFields_t *in);
struct UserMgrError
typedef struct usermgr_UserMgrError usermgr_UserMgrError_t;
struct usermgr_UserMgrError {
usermgr_UserMgrErrorType_t uume_errorCode;
char *uume_errmsg;
};
void usermgr_UserMgrError_free(usermgr_UserMgrError_t *in);
DESCRIPTION
API com.oracle.solaris.rad.usermgr [1]
INTERFACES
interface UserMgr
Set of operations that can be performed on users and roles.
UserMgr Properties
usermgr_User_t ** users (read-only) -- Lists users.
Lists the users present in the selected scope based on the
filter options.
rc_err_t usermgr_UserMgr_get_users(rc_instance_t *inst,
usermgr_User_t ***result,
int *result_cnt,
usermgr_UserMgrError_t **error);
Get property value.
Arguments:
inst -- RAD instance
result -- Property value returned
result_cnt -- Number of items in result array
error
o READERROR - when unable to read user after
Read Error: usermgr_UserMgrError_t **
o READERROR - when unable to read user after
usermgr_Group_t ** groups (read-only) -- Lists groups.
Lists the groups present in the selected scope.
rc_err_t usermgr_UserMgr_get_groups(rc_instance_t *inst,
usermgr_Group_t ***result,
int *result_cnt,
usermgr_UserMgrError_t **error);
Get property value.
Arguments:
inst -- RAD instance
result -- Property value returned
result_cnt -- Number of items in result array
error
o READERROR - when unable to read the groups
database.
Read Error: usermgr_UserMgrError_t **
o READERROR - when unable to read the groups database.
const char ** shells (read-only) -- Lists shells.
Lists the set of available shells that can be set as default
shell for users.
rc_err_t usermgr_UserMgr_get_shells(rc_instance_t *inst,
char ***result,
int *result_cnt,
usermgr_UserMgrError_t **error);
Get property value.
Arguments:
inst -- RAD instance
result -- Property value returned
result_cnt -- Number of items in result array
error
o READERROR - when unable to read the default shells.
Read Error: usermgr_UserMgrError_t **
o READERROR - when unable to read the default shells.
usermgr_User_t * defaultUser (read-only) -- Lists user defaults.
Lists the default values for each of the fields in the User
structure.
rc_err_t usermgr_UserMgr_get_defaultUser(rc_instance_t *inst,
usermgr_User_t **result,
usermgr_UserMgrError_t **error);
Get property value.
Arguments:
inst -- RAD instance
result -- Property value returned
error
o READERROR - when unable to read default user
properties.
Read Error: usermgr_UserMgrError_t **
o READERROR - when unable to read default user
properties.
const char ** scopes (read-only) -- Lists scopes.
Lists the set of name service repositories that can be
administered.
rc_err_t usermgr_UserMgr_get_scopes(rc_instance_t *inst,
char ***result,
int *result_cnt,
usermgr_UserMgrError_t **error);
Get property value.
Arguments:
inst -- RAD instance
result -- Property value returned
result_cnt -- Number of items in result array
error
o READERROR - when unable to read the name services
that can be managed.
Read Error: usermgr_UserMgrError_t **
o READERROR - when unable to read the name services that
can be managed.
const char ** roles (read-only) -- Lists available roles.
Lists the available roles.
rc_err_t usermgr_UserMgr_get_roles(rc_instance_t *inst,
char ***result,
int *result_cnt,
usermgr_UserMgrError_t **error);
Get property value.
Arguments:
inst -- RAD instance
result -- Property value returned
result_cnt -- Number of items in result array
error
o READERROR - when unable to read user roles
Read Error: usermgr_UserMgrError_t **
o READERROR - when unable to read user roles
const char ** profiles (read-only) -- Lists available profiles.
Lists the available profiles.
rc_err_t usermgr_UserMgr_get_profiles(rc_instance_t *inst,
char ***result,
int *result_cnt,
usermgr_UserMgrError_t **error);
Get property value.
Arguments:
inst -- RAD instance
result -- Property value returned
result_cnt -- Number of items in result array
error
o READERROR - when unable to read user profiles.
Read Error: usermgr_UserMgrError_t **
o READERROR - when unable to read user profiles.
const char ** auths (read-only) -- Lists available authorizations.
Lists the available authorizations.
rc_err_t usermgr_UserMgr_get_auths(rc_instance_t *inst,
char ***result,
int *result_cnt,
usermgr_UserMgrError_t **error);
Get property value.
Arguments:
inst -- RAD instance
result -- Property value returned
result_cnt -- Number of items in result array
error
o READERROR - when unable to read user
authorizations.
Read Error: usermgr_UserMgrError_t **
o READERROR - when unable to read user authorizations.
const char ** defaultPrivs (read-only) -- Lists default privileges.
Lists the default privileges assigned to a user.
rc_err_t usermgr_UserMgr_get_defaultPrivs(rc_instance_t *inst,
char ***result,
int *result_cnt,
usermgr_UserMgrError_t **error);
Get property value.
Arguments:
inst -- RAD instance
result -- Property value returned
result_cnt -- Number of items in result array
error
o READERROR - when unable to read user's default
privileges.
Read Error: usermgr_UserMgrError_t **
o READERROR - when unable to read user's default
privileges.
const char ** limitPrivs (read-only) -- Lists limit privileges.
Lists the limit privileges assigned to a user.
rc_err_t usermgr_UserMgr_get_limitPrivs(rc_instance_t *inst,
char ***result,
int *result_cnt,
usermgr_UserMgrError_t **error);
Get property value.
Arguments:
inst -- RAD instance
result -- Property value returned
result_cnt -- Number of items in result array
error
o READERROR - when unable to read user's limit
privileges.
Read Error: usermgr_UserMgrError_t **
o READERROR - when unable to read user's limit
privileges.
const char ** supplGroups (read-only) -- Lists supplemental groups.
Lists the groups present in the selected scope.
rc_err_t usermgr_UserMgr_get_supplGroups(rc_instance_t *inst,
char ***result,
int *result_cnt,
usermgr_UserMgrError_t **error);
Get property value.
Arguments:
inst -- RAD instance
result -- Property value returned
result_cnt -- Number of items in result array
error
o READERROR - when unable to read the groups
database.
Read Error: usermgr_UserMgrError_t **
o READERROR - when unable to read the groups database.
const char ** auditClasses (read-only) -- Lists available audit
classes.
Lists the available audit classes.
rc_err_t usermgr_UserMgr_get_auditClasses(rc_instance_t *inst,
char ***result,
int *result_cnt,
usermgr_UserMgrError_t **error);
Get property value.
Arguments:
inst -- RAD instance
result -- Property value returned
result_cnt -- Number of items in result array
error
o READERROR - when unable to read user's assigned
audit classes.
Read Error: usermgr_UserMgrError_t **
o READERROR - when unable to read user's assigned audit
classes.
const char ** pamUserConfFiles (read-only) -- Lists available PAM
configuration files.
Lists the per-user PAM configuration files.
rc_err_t usermgr_UserMgr_get_pamUserConfFiles(rc_instance_t *inst,
char ***result,
int *result_cnt,
usermgr_UserMgrError_t **error);
Get property value.
Arguments:
inst -- RAD instance
result -- Property value returned
result_cnt -- Number of items in result array
error
o READERROR - when unable to read user specific PAM
configuration files.
Read Error: usermgr_UserMgrError_t **
o READERROR - when unable to read user specific PAM
configuration files.
const char ** pamServices (read-only) -- Lists available PAM
service names.
Lists available PAM services names.
rc_err_t usermgr_UserMgr_get_pamServices(rc_instance_t *inst,
char ***result,
int *result_cnt,
usermgr_UserMgrError_t **error);
Get property value.
Arguments:
inst -- RAD instance
result -- Property value returned
result_cnt -- Number of items in result array
error
o READERROR - when unable to read PAM service names.
Read Error: usermgr_UserMgrError_t **
o READERROR - when unable to read PAM service names.
const char ** projects (read-only) -- Lists available projects.
Lists the available projects.
rc_err_t usermgr_UserMgr_get_projects(rc_instance_t *inst,
char ***result,
int *result_cnt,
usermgr_UserMgrError_t **error);
Get property value.
Arguments:
inst -- RAD instance
result -- Property value returned
result_cnt -- Number of items in result array
error
o READERROR - when unable to read projects database.
Read Error: usermgr_UserMgrError_t **
o READERROR - when unable to read projects database.
UserMgr Methods
rc_err_t usermgr_UserMgr_getUser(rc_instance_t *inst,
const char *username,
usermgr_User_t **result,
usermgr_UserMgrError_t **error);
gets User information for a given username.
Gets the user information for a given username from the name
service repository based on the filter options.
Arguments:
inst -- RAD instance
username -- Specifies the username for which the account
information is to be retrieved.
result
error
o READERROR - when unable to read user
rc_err_t usermgr_UserMgr_addUser(rc_instance_t *inst,
usermgr_User_t *user,
const char *password,
boolean_t *hashed,
usermgr_User_t **result,
usermgr_UserMgrError_t **error);
Add user or role.
Adds a user or role to the selected name service repository
based on the filter options. Applies the properties set in the
user object as the account, password, security attributes. Sets
INVALIDDATA error when arguments are not valid. Sets PASSERROR
error when password update fails. Sets READERROR error when
unable to read user after successful addition of new user. Sets
USEREXISTS error user already exists with same username.
Arguments:
inst -- RAD instance
user -- user object which contains attributes of new user
account to be created.
password (nullable) -- password to be set for the new user
account.
hashed (nullable) -- true indicates password has already been
hashed.
result
error
o INVALIDDATA - when arguments are not valid.
o PERMDENIED - when user is not authorized to add account
o READERROR - when unable to read user after adding new
user.
rc_err_t usermgr_UserMgr_modifyUser(rc_instance_t *inst,
usermgr_User_t *user,
usermgr_UserChangeFields_t *changeFields,
const char *password,
boolean_t *hashed,
usermgr_User_t **result,
usermgr_UserMgrError_t **error);
Modify user or role.
Modifies users or roles present in the selected scope based on
the filter options. Applies the changed fields in the user
object to the user or role attributes. Sets INVALIDDATA error
when arguments are not valid. Sets PASSERROR error when
password update fails. Sets READERROR error when unable to read
user after successful modification of user.
Arguments:
inst -- RAD instance
user -- user object which contains user attributes to be
modified.
changeFields -- Indicates which fields have been modified in
the user object by the client.
password (nullable) -- password to be set for the new user
account.
hashed (nullable) -- true indicates password has already been
hashed.
result
error
o INVALIDDATA - when arguments are not valid.
o INVALIDDATA - when arguments are not valid.
o READERROR - when unable to read user after adding new
user.
rc_err_t usermgr_UserMgr_deleteUser(rc_instance_t *inst,
const char *username,
usermgr_UserMgrError_t **error);
Delete user.
Deletes user or role based on username present in the selected
scope based on the filter options. Sets READERROR error on
failure.
Arguments:
inst -- RAD instance
username -- username of account that needs to be deleted.
error
o READERROR - when unable to read user
rc_err_t usermgr_UserMgr_selectScope(rc_instance_t *inst,
usermgr_ScopeType_t scope);
sets the name-service repository scope.
Sets the name-service repository scope. All subsequent
operations will use the specified scope.
Arguments:
inst -- RAD instance
scope -- Specifies the name-service scope to be used for
managing users.
rc_err_t usermgr_UserMgr_setFilter(rc_instance_t *inst,
usermgr_UserType_t usertype,
const char *searchstring,
boolean_t *localAttrs);
Sets the filter options.
Sets the filter options which are used for all the subsequent
operations. The options are user or role and search string. The
default search string is empty string ("").
Arguments:
inst -- RAD instance
usertype -- Specifies if users or roles will be managed.
searchstring -- Specifies the string to match against user or
role names to be managed.
localAttrs (nullable) -- true indicates to manage file-scoped
attributes instead of the account scope.
rc_err_t usermgr_UserMgr_setQualifier(rc_instance_t *inst,
const char *qualifier);
Sets the LDAP qualifier
Sets the qualifier for user_attr entries that are maintained in
the LDAP scope.
Arguments:
inst -- RAD instance
qualifier -- Specifies the string to use for match qualified
user_attr entries.
rc_err_t usermgr_UserMgr_isSystemLabeled(rc_instance_t *inst,
boolean_t *result,
usermgr_UserMgrError_t **error);
Checks if System is Labeled.
Checks if the Trusted Extensions feature is enabled on the
system. Returns true if successful and sets Sets READERROR
error on failure.
Arguments:
inst -- RAD instance
result
error
o READERROR - when checking if Trusted Extensions is
enabled fails.
rc_err_t usermgr_UserMgr_getUserType(rc_instance_t *inst,
const char *username,
usermgr_UserType_t *result,
usermgr_UserMgrError_t **error);
Gets the user type.
Checks if the user is role or normal user. Returns UserType set
to role or normal user. Sets READERROR error on failure.
Arguments:
inst -- RAD instance
username -- Specifies user name to check for user or role.
result
error
o READERROR - when checking if Trusted Extensions is
enabled fails.
o INVALIDDATA - when arguments are not valid.
UserMgr Retrieve
rc_err_t usermgr_UserMgr__rad_get_name(adr_name_t **result,
int n,
...);
Obtain RAD name of a UserMgr object.
Arguments:
result -- RAD name
n -- Number of key-value pairs provided as variadic arguments
... -- Optional key-value pairs that compose the primary key
rc_err_t usermgr_UserMgr__rad_lookup(rc_conn_t *c,
boolean_t strict,
rc_instance_t **result,
int n,
...);
Lookup a UserMgr instance.
Construct a RAD name for the interface based on the provided
key-value pairs and perform a lookup. If successful, instance
reference is returned in the result.
Arguments:
c -- RAD connection handle
strict -- Strict (B_TRUE) or relaxed (B_FALSE) versioning
result -- RAD instance
n -- Number of key-value pairs provided as variadic arguments
... -- Optional key-value pairs that compose the primary key
rc_err_t usermgr_UserMgr__rad_list(rc_conn_t *c,
boolean_t strict,
adr_pattern_scheme_t scheme,
adr_name_t ***result,
int *result_count,
int n,
...);
List RAD names of a available UserMgr instances.
Returns an array and array size of matching object names.
Arguments:
c -- RAD connection handle
strict -- Strict (B_TRUE) or relaxed (B_FALSE) versioning
scheme -- Apply glob (NS_GLOB) or regex (NS_REGEX) matching
result -- Array of RAD names
result_count -- Number of names in result array
n -- Number of key-value pairs provided as variadic arguments
... -- Optional key-value pairs that compose the primary key
ENUMERATED TYPES
enum UserMgrErrorType -- User Manager api error types
typedef enum usermgr_UserMgrErrorType {
UUMET_INVALIDDATA = 0,
UUMET_USEREXISTS = 1,
UUMET_PERMDENIED = 2,
UUMET_READERROR = 3,
UUMET_LASTADMIN = 4,
UUMET_ROOTADMIN = 5,
UUMET_PASSERROR = 6,
} usermgr_UserMgrErrorType_t;
UUMET_INVALIDDATA (0)
UUMET_USEREXISTS (1)
UUMET_PERMDENIED (2)
UUMET_READERROR (3)
UUMET_LASTADMIN (4)
UUMET_ROOTADMIN (5)
UUMET_PASSERROR (6)
enum ScopeType -- Name service scope types
typedef enum usermgr_ScopeType {
UST_FILES = 0,
UST_LDAP = 1,
} usermgr_ScopeType_t;
UST_FILES (0)
UST_LDAP (1)
enum UserType
typedef enum usermgr_UserType {
UUT_NORMAL = 0,
UUT_ROLE = 1,
} usermgr_UserType_t;
UUT_NORMAL (0)
UUT_ROLE (1)
STRUCTURED TYPES
struct Group -- describes a Solaris group
typedef struct usermgr_Group usermgr_Group_t;
struct usermgr_Group {
char *ug_groupName;
unsigned int ug_groupID;
char **ug_groupMembers;
int ug_groupMembers_count;
};
void usermgr_Group_free(usermgr_Group_t *in);
Fully describes a Solaris group, contains group name, group id,
group members.
Fields:
ug_groupName -- Specifies the group name.
ug_groupID -- Specifies the Gid of the group.
ug_groupMembers -- Specifies the members of the group.
ug_groupMembers_count
struct User -- describes a Solaris user
typedef struct usermgr_User usermgr_User_t;
struct usermgr_User {
char *uu_username;
unsigned int uu_userID;
unsigned int uu_groupID;
char *uu_groupName;
char *uu_description;
char *uu_homeDirectory;
char *uu_defaultShell;
int uu_inactive;
int uu_min;
int uu_max;
int uu_warn;
char *uu_expire;
char *uu_lockAfterRetries;
char *uu_alwaysAuditFlags;
char *uu_neverAuditFlags;
char *uu_type;
char *uu_defaultProj;
char *uu_clearance;
char *uu_minLabel;
char *uu_roleAuth;
char *uu_idleCmd;
char *uu_idleTime;
char *uu_accountStatus;
char **uu_roles;
int uu_roles_count;
char **uu_profiles;
int uu_profiles_count;
char **uu_authProfiles;
int uu_authProfiles_count;
char **uu_auths;
int uu_auths_count;
char **uu_defaultPriv;
int uu_defaultPriv_count;
char **uu_limitPriv;
int uu_limitPriv_count;
char **uu_groups;
int uu_groups_count;
char **uu_alwaysAudit;
int uu_alwaysAudit_count;
char **uu_neverAudit;
int uu_neverAudit_count;
char *uu_pamPolicy;
char *uu_unlockAfter;
char **uu_accessTimes;
int uu_accessTimes_count;
char *uu_accessTZ;
char *uu_tpd;
char *uu_annotation;
char *uu_zfsHome;
};
void usermgr_User_free(usermgr_User_t *in);
Fully describes a Solaris user, contains account, home directory
and security attributes associated with a user. See man passwd(5),
shadow(5), user_attr(5) for more info on fields.
Fields:
uu_username -- username for the account.
uu_userID -- UID for the account.
uu_groupID -- GID for the account.
uu_groupName -- default group for the account.
uu_description -- gecos info for the account.
uu_homeDirectory -- homedirectory location for the account.
uu_defaultShell -- default shell for the account.
uu_inactive -- Number of inactivity days allowed for the account.
uu_min -- Minimum number of days between password changes for the
account.
uu_max -- Maximum number of days the password is valid for the
account.
uu_warn -- Number of days before password expires the user is
warned.
uu_expire -- The date after which login will not be allowed for the
account. The date format is %y-%m-%d %H:%M:%S.
uu_lockAfterRetries -- Specifies whether the account is locked
after failed logins execeeds the allowable limit.
uu_alwaysAuditFlags -- Obsolete. Use alwaysAudit which is a list
type.
uu_neverAuditFlags -- Obsolete. Use neverAudit which is a list
type.
uu_type -- specifies whether account is role or user.
uu_defaultProj -- specifies the default project for the account.
uu_clearance -- Specifies the max label at which the user can
operate.
uu_minLabel -- Specifies the min labelthat the user can login .
uu_roleAuth -- Specifies whether the account user role or user
password for role authentication.
uu_idleCmd -- Specifies when the desktop session for the user gets
locked.
uu_idleTime -- Specifies the idle time before the idlecmd is
executed.
uu_accountStatus -- Specifies the status of the account.
uu_roles -- Specifies the roles that have been assigned to the
account.
uu_roles_count
uu_profiles -- Specifies the profiles that have been assigned to
the account.
uu_profiles_count
uu_authProfiles -- Specifies the authenticated profiles that have
been assigned to the account.
uu_authProfiles_count
uu_auths -- Specifies the authorizations that have been assigned to
the account.
uu_auths_count
uu_defaultPriv -- Specifies the default set of privileges assigned
to user at login.
uu_defaultPriv_count
uu_limitPriv -- Specifies the maximum set of privileges the user or
process started by the user can obtain.
uu_limitPriv_count
uu_groups -- Specifies the supplemental groups that have been
assigned to the account.
uu_groups_count
uu_alwaysAudit -- Specifies per-user always audit pre-selection
flags as a list.
uu_alwaysAudit_count
uu_neverAudit -- Specifies per-user never-audit pre-selection flags
as list.
uu_neverAudit_count
uu_pamPolicy -- Specifies name of per-user PAM stack.
uu_unlockAfter -- Specifies when the account is unlocked after
failed logins execeeds the allowable limit.
uu_accessTimes -- Specifies when services are available.
uu_accessTimes_count
uu_accessTZ -- Specifies the time zone for access times.
uu_tpd -- Specifies whether user can access Trusted Path Domain
uu_annotation -- Specifies whether session annotation is required.
uu_zfsHome -- Specifies whether the user has a ZFS based home
directory. [yes | no | nodelegation]
struct UserChangeFields -- Keeps track of all the fields that have been
changed in the user object.
typedef struct usermgr_UserChangeFields usermgr_UserChangeFields_t;
struct usermgr_UserChangeFields {
boolean_t *uucf_gidChanged;
boolean_t *uucf_groupNameChanged;
boolean_t *uucf_descChanged;
boolean_t *uucf_homedirChanged;
boolean_t *uucf_defShellChanged;
boolean_t *uucf_profilesChanged;
boolean_t *uucf_authProfilesChanged;
boolean_t *uucf_rolesChanged;
boolean_t *uucf_authsChanged;
boolean_t *uucf_defaultPrivChanged;
boolean_t *uucf_limitPrivChanged;
boolean_t *uucf_groupsChanged;
boolean_t *uucf_lockAfterRetriesChanged;
boolean_t *uucf_alwaysAuditChanged;
boolean_t *uucf_neverAuditChanged;
boolean_t *uucf_typeChanged;
boolean_t *uucf_defaultProjChanged;
boolean_t *uucf_minLabelChanged;
boolean_t *uucf_roleAuthChanged;
boolean_t *uucf_idleCmdChanged;
boolean_t *uucf_idleTimeChanged;
boolean_t *uucf_expireChanged;
boolean_t *uucf_minChanged;
boolean_t *uucf_maxChanged;
boolean_t *uucf_warnChanged;
boolean_t *uucf_uidChanged;
boolean_t *uucf_accessTimesChanged;
boolean_t *uucf_accessTZChanged;
boolean_t *uucf_pamPolicyChanged;
boolean_t *uucf_clearanceChanged;
boolean_t *uucf_inactiveChanged;
boolean_t *uucf_unlockAfterChanged;
boolean_t *uucf_accountStatusChanged;
boolean_t *uucf_tpdChanged;
boolean_t *uucf_annotationChanged;
boolean_t *uucf_zfsHomeChanged;
};
void usermgr_UserChangeFields_free(usermgr_UserChangeFields_t *in);
Keeps track of all the fields that have been changed in the user
object. For every field that has been changed in the User object
the respective changeField will be set to true. These field names
must match the corresponding field names in the User object with
the suffix "Changed" appended.
Fields:
uucf_gidChanged
uucf_groupNameChanged
uucf_descChanged
uucf_homedirChanged
uucf_defShellChanged
uucf_profilesChanged
uucf_authProfilesChanged
uucf_rolesChanged
uucf_authsChanged
uucf_defaultPrivChanged
uucf_limitPrivChanged
uucf_groupsChanged
uucf_lockAfterRetriesChanged
uucf_alwaysAuditChanged
uucf_neverAuditChanged
uucf_typeChanged
uucf_defaultProjChanged
uucf_minLabelChanged
uucf_roleAuthChanged
uucf_idleCmdChanged
uucf_idleTimeChanged
uucf_expireChanged
uucf_minChanged
uucf_maxChanged
uucf_warnChanged
uucf_uidChanged
uucf_accessTimesChanged
uucf_accessTZChanged
uucf_pamPolicyChanged
uucf_clearanceChanged
uucf_inactiveChanged
uucf_unlockAfterChanged
uucf_accountStatusChanged
uucf_tpdChanged
uucf_annotationChanged
uucf_zfsHomeChanged
struct UserMgrError
typedef struct usermgr_UserMgrError usermgr_UserMgrError_t;
struct usermgr_UserMgrError {
usermgr_UserMgrErrorType_t uume_errorCode;
char *uume_errmsg;
};
void usermgr_UserMgrError_free(usermgr_UserMgrError_t *in);
Fields:
uume_errorCode
uume_errmsg
VERSION
1.1
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+--------------------+------------------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+------------------------------------------+
|Availability | system/management/rad/module/rad-usermgr |
+--------------------+------------------------------------------+
|Interface Stability | Private |
+--------------------+------------------------------------------+
SEE ALSO
rad(8)
NOTES
1. Accessing Python documentation for this module:
$ pydoc rad.bindings.com.oracle.solaris.rad.usermgr_1
Solaris 11.4 2020-03-05 USERMGR-1(3rad)