getauthattr Subroutine

Purpose

Queries the authorizations that are defined in the authorization database.

Library

Security Library (libc.a)

Syntax

#include <usersec.h>

int getauthattr(Auth, Attribute, Value, Type)
    char *Auth;
    char *Attribute;
    void *Value;
    int Type;

Description

The getauthattr subroutine reads a specified attribute from the authorization database. The getauthattr subroutine can retrieve authorization definitions from both the user-defined authorization database and the system-defined authorization table. For attributes of the SEC_CHAR and SEC_LIST types, the getauthattr subroutine returns the value in allocated memory. The caller needs to free this memory.

Parameters

Item	Description
Auth	The authorization name. This parameter must be specified unless the Type parameter is SEC_COMMIT.
Attribute	Specifies which attribute is read. The following possible attributes are defined in the usersec.h file: S_AUTHORIZATIONS A list of all available authorizations on the system. This attribute is read-only and is only available to the getauthattr subroutine when ALL is specified for the Auth parameter. The attribute type is SEC_LIST. S_AUTH_CHILDREN A list of all authorizations that exist in the authorization hierarchy below the authorization specified by the Auth parameter. This attribute is read-only and is available only to the getauthattr subroutine. The attribute type is SEC_LIST. S_DFLTMSG Specifies the default authorization description to use if message catalogs are not in use. The attribute type is SEC_CHAR. S_ID Specifies a unique integer that is used to identify the authorization. The attribute type is SEC_INT. Note: Do not modify this value after it is set initially when the authorization is created. Modifying the value might compromise the security of the system. S_MSGCAT Specifies the message catalog file name that contains the description of the authorization. The attribute type is SEC_CHAR. S_MSGSET Specifies the message set that contains the description of the authorization in the file that the S_MSGCAT attribute specifies. The attribute type is SEC_INT. S_MSGNUMBER Specifies the message number for the description of the authorization in the file that the S_MSGCAT attribute specifies and the message set that the S_MSGSET attribute specifies. The attribute type is SEC_INT. S_ROLES A list of roles using this authorization. This attribute is read-only. The attribute type is SEC_LIST.
Value	Specifies a buffer, a pointer to a buffer, or a pointer to a pointer depending on the Attribute and Type parameters. See the Type parameter for more details.
Type	Specifies the type of attribute expected. Valid types are defined in the usersec.h file and include: SEC_INT The format of the attribute is an integer. The user should supply a pointer to a defined integer variable. SEC_CHAR The format of the attribute is a null-terminated character string. The user should supply a pointer to a defined character pointer variable. The value is returned as allocated memory. The caller needs to free this memory. SEC_LIST The format of the attribute is a series of concatenated strings, each null-terminated. The last string in the series is terminated by two successive null characters. The user should supply a pointer to a defined character pointer variable. The value is returned as allocated memory. The caller needs to free this memory.

Security

Files Accessed:

File	Mode
/etc/security/authorizations	rw

Return Values

If successful, the getauthattr subroutine returns 0. Otherwise, a value of -1 is returned and the errno global value is set to indicate the error.

Error Codes

If the getauthattr subroutine fails, one of the following errno values can be set:

Item	Description
EINVAL	The Auth parameter is NULL or one of the reserved authorization names (default, ALLOW_OWNER, ALLOW_GROUP, ALLOW_ALL).
EINVAL	The Attribute or Type parameter is NULL or does not contain one of the defined values.
EINVAL	The Auth parameter is ALL and the Attribute parameter is not S_AUTHORIZATIONS.
EINVAL	The Value parameter does not point to a valid buffer for this type of attribute.
ENOATTR	The Attribute parameter is S_AUTHORIZATIONS, but the Auth parameter is not ALL.
ENOATTR	The attribute specified in the Attribute parameter is valid but no value is defined for the authorization.
ENOENT	The authorization specified in the Auth parameter does not exist.
ENOMEM	Memory cannot be allocated.
EPERM	The operation is not permitted.
EACCES	Access permission is denied for the data request.