getauthattr Subroutine

Purpose

Queries the authorizations that are defined in the authorization database.

Library

Security Library (libc.a)

Syntax

#include <usersec.h>

int getauthattr(Auth, Attribute, Value, Type)
    char *Auth;
    char *Attribute;
    void *Value;
    int Type;

Description

The getauthattr subroutine reads a specified attribute from the authorization database. The getauthattr subroutine can retrieve authorization definitions from both the user-defined authorization database and the system-defined authorization table. For attributes of the SEC_CHAR and SEC_LIST types, the getauthattr subroutine returns the value in allocated memory. The caller needs to free this memory.

Parameters

Item Description
Auth The authorization name. This parameter must be specified unless the Type parameter is SEC_COMMIT.
Attribute Specifies which attribute is read. The following possible attributes are defined in the usersec.h file:
S_AUTHORIZATIONS
A list of all available authorizations on the system. This attribute is read-only and is only available to the getauthattr subroutine when ALL is specified for the Auth parameter. The attribute type is SEC_LIST.
S_AUTH_CHILDREN
A list of all authorizations that exist in the authorization hierarchy below the authorization specified by the Auth parameter. This attribute is read-only and is available only to the getauthattr subroutine. The attribute type is SEC_LIST.
S_DFLTMSG
Specifies the default authorization description to use if message catalogs are not in use. The attribute type is SEC_CHAR.
S_ID
Specifies a unique integer that is used to identify the authorization. The attribute type is SEC_INT.
Note: Do not modify this value after it is set initially when the authorization is created. Modifying the value might compromise the security of the system.
S_MSGCAT
Specifies the message catalog file name that contains the description of the authorization. The attribute type is SEC_CHAR.
S_MSGSET
Specifies the message set that contains the description of the authorization in the file that the S_MSGCAT attribute specifies. The attribute type is SEC_INT.
S_MSGNUMBER
Specifies the message number for the description of the authorization in the file that the S_MSGCAT attribute specifies and the message set that the S_MSGSET attribute specifies. The attribute type is SEC_INT.
S_ROLES
A list of roles using this authorization. This attribute is read-only. The attribute type is SEC_LIST.
Value Specifies a buffer, a pointer to a buffer, or a pointer to a pointer depending on the Attribute and Type parameters. See the Type parameter for more details.
Type Specifies the type of attribute expected. Valid types are defined in the usersec.h file and include:
SEC_INT
The format of the attribute is an integer. The user should supply a pointer to a defined integer variable.
SEC_CHAR
The format of the attribute is a null-terminated character string. The user should supply a pointer to a defined character pointer variable. The value is returned as allocated memory. The caller needs to free this memory.
SEC_LIST
The format of the attribute is a series of concatenated strings, each null-terminated. The last string in the series is terminated by two successive null characters. The user should supply a pointer to a defined character pointer variable. The value is returned as allocated memory. The caller needs to free this memory.

Security

Files Accessed:
File Mode
/etc/security/authorizations rw

Return Values

If successful, the getauthattr subroutine returns 0. Otherwise, a value of -1 is returned and the errno global value is set to indicate the error.

Error Codes

If the getauthattr subroutine fails, one of the following errno values can be set:

Item Description
EINVAL The Auth parameter is NULL or one of the reserved authorization names (default, ALLOW_OWNER, ALLOW_GROUP, ALLOW_ALL).
EINVAL The Attribute or Type parameter is NULL or does not contain one of the defined values.
EINVAL The Auth parameter is ALL and the Attribute parameter is not S_AUTHORIZATIONS.
EINVAL The Value parameter does not point to a valid buffer for this type of attribute.
ENOATTR The Attribute parameter is S_AUTHORIZATIONS, but the Auth parameter is not ALL.
ENOATTR The attribute specified in the Attribute parameter is valid but no value is defined for the authorization.
ENOENT The authorization specified in the Auth parameter does not exist.
ENOMEM Memory cannot be allocated.
EPERM The operation is not permitted.
EACCES Access permission is denied for the data request.