Purpose
Modifies
multiple authorization attributes in the authorization database.
Library
Security
Library (libc.a)
Description
The putauthattrs subroutine
modifies one or more attributes from the authorization database. The
subroutine can be called only with an authorization that already exists
in the user-defined authorization database. Calling the putauthattrs subroutine
with an authorization in the system-defined authorization table fails.
The putauthattrs subroutine
is used to modify attributes of existing authorizations only. To create
or remove user-defined authorizations, use the putauthattr subroutine
instead. Data changed by the putauthattrs subroutine must be
explicitly committed by calling the putauthattr subroutine
with a Type parameter specifying SEC_COMMIT. When all
the data is committed, only the getauthattr and getauthattrs subroutines
within the process return the modified data. Changes that are made
to the authorization database do not impact security considerations
until the entire database is sent to the Kernel Security Tables using
the setkst command.
The
Attributes array
contains information about each attribute that is to be updated. Each
value specified in the
Attributes array
must be examined on a successful call to the
putauthattrs subroutine
to determine whether the value of the
Attributes array
was successfully written. The
dbattr_t data structure contains
the following fields:
Item |
Description |
attr_name |
The name of the authorization attribute to
update. |
attr_idx |
This attribute is used internally by the putauthattrs subroutine. |
attr_type |
The type of the attribute that is being updated. |
attr _flag |
The result of the request to update the target
attribute. On successful completion, a value of zero is returned.
Otherwise, a value of nonzero value is returned. |
attr_un |
A union that contains the value to update the
requested attribute with. |
attr_domain |
This field is ignored by the putauthattrs subroutine. |
The following valid authorization attributes for the
putauthattrs subroutine
are defined in the
usersec.h file:
Name |
Description |
Type |
S_DFLTMSG |
The default authorization
description that is used when catalogs are not in use. |
SEC_CHAR |
S_ID |
A unique integer that
is used to identify the authorization. Note: After the value is set
initially, it must not be modified because it might be in use on the
system.
|
SEC_INT |
S_MSGCAT |
The message catalog name
that contains the authorization description. |
SEC_CHAR |
S_MSGSET |
The message catalog's
set number for the authorization description. |
SEC_INT |
S_MSGNUMBER |
The message number for
the authorization description. |
SEC_INT |
The following union members correspond to the definitions
of the
attr_char,
attr_int,
attr_long and the
attr_llong macros
in the
usersec.h file respectively.
Item |
Description |
au_char |
A character pointer to
the value that is to be written for attributes of SEC_CHAR and SEC_LIST types. |
au_int |
Integer value that is
to be written for attributes of the SEC_INT type. |
au_long |
Long value that is to
be written for attributes of the SEC_LONG type. |
au_llong |
Long long value that is
to be written for attributes of the SEC_LLONG type. |
Parameters
Item |
Description |
Auth |
Specifies the authorization name for which
the attributes are to be updated. |
Attributes |
A pointer to an array of zero or more attributes
of the dbattr_t type. The list of authorization attributes
is defined in the usersec.h header file. |
Count |
The number of array elements in the Attributes parameter. |
Security
Files
Accessed: File |
Mode |
/etc/security/authorizations |
rw |
Return Values
If
the authorization specified by the Auth parameter exists in
the authorization database, the putauthattrs subroutine returns
zero, even in the case when no attributes in the Attributes array
are successfully updated. On successful completion, the attr_flag attribute
of each value that is specified in the Attributes array
must be examined to determine whether it was successfully updated.
If the specified authorization does not exist, a value of -1 is returned
and the errno value is set to indicate the error.
Error Codes
If the
putauthattrs returns
-1, one of the following
errno values is set:
Item |
Description |
EINVAL |
The Auth parameter is NULL, default,
ALL, ALLOW_OWNER, ALLOW_GROUP, or ALLOW_ALL. |
EINVAL |
The Auth parameter begins with aix.
Authorizations with a hierarchy that begin with aix are reserved
for system-defined authorizations and are not modifiable through the putauthattrs subroutine. |
EINVAL |
The Count parameter is less than zero. |
EINVAL |
The Attributes array is NULL and
the Count parameter is greater than zero. |
EINVAL |
The Attributes array does not point
to valid data for the requested attribute. |
ENOENT |
The authorization specified by the Auth parameter
does not exist. |
ENOMEM |
Memory cannot be allocated. |
EPERM |
The operation is not permitted. |
EACCES |
Access permission is denied for the data request. |
If the
putauthattrs subroutine fails to update
an attribute, one of the following errors is returned in the
attr_flag field
of the corresponding
Attributes element:
Item |
Description |
EACCES |
The invoker does not have write access to the
authorization database. |
EINVAL |
The attr_name field in the Attributes entry
is not a recognized authorization attribute. |
EINVAL |
The attr_type field in the Attributes entry
contains a type that is not valid. |
EINVAL |
The attr_un field in the Attributes entry
does not point to a valid buffer or to valid data for this type of
attribute. |