Determines user access to system by validating the user security labels against the system labels.
Trusted AIX® Library ( libmls.a )
The labelsession subroutine determines whether the user specified by the Name parameter is allowed to access the system based on the sensitivity and the integrity clearances of the user. The Mode parameter gives the mode of the account usage and the TTY parameter defines the terminal that is used for access. The EffSL and EffTL parameters specify the effective sensitivity label and the effective integrity label for the session respectively. The Msg parameter returns an information message that explains the reason that the subroutine fails.
Item | Description |
---|---|
Name | Specifies the user login name. |
Mode | Specifies the mode to use. The Mode parameter
contains one of the following valid values that are defined in the login.h file:
|
TTY | Specifies the terminal of the originating activity. If this parameter is a null pointer or a null string, no TTY checking is done. |
EffSL | Specifies the effective SL that the session requires. |
EffTL | Specifies the effective TL that the session requires. |
Msg | Returns a message to the user interface that explains the reason why the subroutine fails. The returned value is either a pointer to a valid string within memory allocated storage or a null value. |
Flag | When the Flag parameter is set to 1, the current user labels do not need to dominate those of the new user to allow access. This parameter is valid only for the S_SU mode. This parameter is ignored for all other session types. |
Access Control: The calling process must have access to the account information in the user database and the port information in the port database. The calling process must also have the privileges that are required by the subroutines that this subroutine invokes.
Mode | File |
---|---|
r | /etc/security/enc/LabelEncodings |
r | /etc/security/user |
If the session labels are valid for the specified usage, the labelsession subroutine returns a value of zero. Otherwise, the subroutine returns a value of -1, sets the errno global value and the Msg parameter returns the error information.
If the subroutine fails, it returns one of the following error codes:
Item | Description |
---|---|
EINVAL | Error in label encodings file or error in the label dominance |
EINVAL | The specified effective SL is not valid on the system |
ENOATTR | The clearance attributes for the user do not exist |
ENOMEM | Memory cannot be allocated to store the returned value |
EPERM | No permission to complete the operation |