getconfattr or putconfattr Subroutine

Purpose

Accesses the system information in the user database.

Library

Security Library (libc.a)

Syntax

#include <usersec.h>
#include <userconf.h>

int getconfattr (sysAttributeValueType)
char * sys;
char * Attribute;
void *Value;
int  Type;

int putconfattr (sysAttributeValueType)
char * sys;
char * Attribute;
void *Value;
int  Type;

Description

The getconfattr subroutine reads a specified attribute from the system information database. The putconfattr subroutine writes a specified attribute to the system information database.

Parameters

sys
System attribute. The following possible attributes are defined in the userconf.h file.
  • SC_SYS_LOGIN
  • SC_SYS_USER
  • SC_SYS_ADMUSER
  • SC_SYS_AUDIT    SEC_LIST
  • SC_SYS_AUSERS   SEC_LIST
  • SC_SYS_ASYS    SEC_LIST
  • SC_SYS_ABIN    SEC_LIST
  • SC_SYS_ASTREAM    SEC_LIST

Users can define the system attribute parameter. In this case, the parameter value is used as a stanza name. The stanza name contains the specified attribute and value in the Attribute and Value parameters. The putconfattr subroutine creates this stanza in the file associated with the attribute. The getconfattr subroutine retrieves the value for the specified attribute and user defined stanza.

Attribute
Specifies which attribute is read. The following possible attributes are defined in the usersec.h file:
S_CORECOMP
Core compression status. The attribute type is SEC_CHAR.
S_COREPATH
Core path specification status. The attribute type is SEC_CHAR.
S_COREPNAME
Core path specification location. The attribute type is SEC_CHAR.
S_CORENAMING
Core naming status. The attribute type is SEC_CHAR.
S_PGRP
Principle group name. The attribute type is SEC_CHAR.
S_GROUPS
Groups to which the user belongs. The attribute type is SEC_LIST.
S_ADMGROUPS
Groups for which the user is an administrator. The attribute type is SEC_LIST.
S_ADMIN
Administrative status of a user. The attribute type is SEC_BOOL.
S_AUDITCLASSES
Audit classes to which the user belongs. The attribute type is SEC_LIST.
S_AUTHSYSTEM
Defines the user's authentication method. The attribute type is SEC_CHAR.
S_HOME
Home directory. The attribute type is SEC_CHAR.
S_SHELL
Initial program run by a user. The attribute type is SEC_CHAR.
S_GECOS
Personal information for a user. The attribute type is SEC_CHAR.
S_USRENV
User-state environment variables. The attribute type is SEC_LIST.
S_SYSENV
Protected-state environment variables. The attribute type is SEC_LIST.
S_LOGINCHK
Specifies whether the user account can be used for local logins. The attribute type is SEC_BOOL.
S_HISTEXPIRE
Defines the period of time (in weeks) that a user cannot reuse a password. The attribute type is SEC_INT.
S_HISTSIZE
Specifies the number of previous passwords that the user cannot reuse. The attribute type is SEC_INT.
S_MAXREPEAT
Defines the maximum number of times a user can repeat a character in a new password. The attribute type is SEC_INT.
S_MINAGE
Defines the minimum age in weeks that the user's password must exist before the user can change it. The attribute type is SEC_INT.
S_PWDCHECKS
Defines the password restriction methods for this account. The attribute type is SEC_LIST.
S_MINALPHA
Defines the minimum number of alphabetic characters required in a new user's password. The attribute type is SEC_INT.
S_MINDIFF
Defines the minimum number of characters required in a new password that were not in the old password. The attribute type is SEC_INT.
S_MINLEN
Defines the minimum length of a user's password. The attribute type is SEC_INT.
S_MINOTHER
Defines the minimum number of non-alphabetic characters required in a new user's password. The attribute type is SEC_INT.
S_DICTIONLIST
Defines the password dictionaries for this account. The attribute type is SEC_LIST.
S_SUCHK
Specifies whether the user account can be accessed with the su command. Type SEC_BOOL.
S_REGISTRY
Defines the user's authentication registry. The attribute type is SEC_CHAR.
S_RLOGINCHK
Specifies whether the user account can be used for remote logins using the telnet or rlogin commands. The attribute type is SEC_BOOL.
S_DAEMONCHK
Specifies whether the user account can be used for daemon execution of programs and subsystems using the cron daemon or src. The attribute type is SEC_BOOL.
S_TPATH
Defines how the account may be used on the trusted path. The attribute type is SEC_CHAR. This attribute must be one of the following values:
nosak
The secure attention key is not enabled for this account.
notsh
The trusted shell cannot be accessed from this account.
always
This account may only run trusted programs.
on
Normal trusted-path processing applies.
S_MINLOWERALPHA
Defines the minimum number of lowercase alphabetic characters required in a new user password. The attribute type is SEC_INT.
S_MINUPPERALPHA
Defines the minimum number of uppercase alphabetic characters required in a new user password. The attribute type is SEC_INT.
S_MINDIGIT
Defines the minimum number of digits required in a new user password. The attribute type is SEC_INT.
S_MINSPECIALCHAR
Defines the minimum number of special characters required in a new user password. The attribute type is SEC_INT.
 
S_TTYS
List of ttys that can or cannot be used to access this account. The attribute type is SEC_LIST.
S_SUGROUPS
Groups that can or cannot access this account. The attribute type is SEC_LIST.
S_EXPIRATION
Expiration date for this account, in seconds since the epoch. The attribute type is SEC_CHAR.
S_AUTH1
Primary authentication methods for this account. The attribute type is SEC_LIST.
S_AUTH2
Secondary authentication methods for this account. The attribute type is SEC_LIST.
S_UFSIZE
Process file size soft limit. The attribute type is SEC_INT.
S_UCPU
Process CPU time soft limit. The attribute type is SEC_INT.
S_UDATA
Process data segment size soft limit. The attribute type is SEC_INT.
S_USTACK
Process stack segment size soft limit. Type: SEC_INT.
S_URSS
Process real memory size soft limit. Type: SEC_INT.
S_UCORE
Process core file size soft limit. The attribute type is SEC_INT.
S_PWD
Specifies the value of the passwd field in the /etc/passwd file. The attribute type is SEC_CHAR.
S_UMASK
File creation mask for a user. The attribute type is SEC_INT.
S_LOCKED
Specifies whether the user's account can be logged into. The attribute type is SEC_BOOL.
S_UFSIZE_HARD
Process file size hard limit. The attribute type is SEC_INT.
S_UCPU_HARD
Process CPU time hard limit. The attribute type is SEC_INT.
S_UDATA_HARD
Process data segment size hard limit. The attribute type is SEC_INT.
S_USTACK_HARD
Process stack segment size hard limit. Type: SEC_INT.
S_URSS_HARD
Process real memory size hard limit. Type: SEC_INT.
S_UCORE_HARD
Process core file size hard limit. The attribute type is SEC_INT.
Note: These values are string constants that should be used by applications both for convenience and to permit optimization in latter implementations.
 
Type
Specifies the type of attribute expected. Valid types are defined in the usersec.h file and include:
SEC_INT
The format of the attribute is an integer.

For the getconfattr subroutine, the user should supply a pointer to a defined integer variable. For the putconfattr subroutine, the user should supply an integer.

SEC_CHAR
The format of the attribute is a null-terminated character string.
SEC_LIST
The format of the attribute is a series of concatenated strings, each null-terminated. The last string in the series is terminated by two successive null characters.
SEC_BOOL
The format of the attribute from the getconfattr subroutine is an integer with the value of either 0 (false) or 1 (true). The format of the attribute for the putconfattr subroutine is a null-terminated string containing one of the following strings: true, false, yes, no, always, or never.
SEC_COMMIT
For the putconfattr subroutine, this value specified by itself indicates that the changes to the named sys value or stanza are to be committed to permanent storage. The Attribute and Value parameters are ignored. If no stanza name is specified, all outstanding changes to the system information databases are committed to permanent storage.
SEC_DELETE
The corresponding attribute is deleted from the database.
 

Security

Item Description
Files Accessed:  
Mode File
rw /etc/security/user
rw /etc/security/limits
rw /etc/security/login.cfg
rw /usr/lib/security/mkuser.default
rw /etc/security/audit/config

Return Values

If successful, the getconfattr subroutine returns a value of zero.

If unsuccessful, the getconfattr subroutine returns a value of -1.

Error Codes

Item Description
ENOENT The value that the Sys parameter specifies does not exist.
ENOATTR The specified Attribute variable is not defined for this Sys parameter.
EINVAL The Attribute or Type variable for the specified Sys parameter is not valid.
EACCESS The user does not have access to the specified Attribute variable.
EIO Failed to access remote system information database.

Files

Item Description
/etc/passwd Contains user IDs.