putcmdattrs Subroutine

Purpose

Modifies multiple command attributes in the privileged command database.

Library

Security Library (libc.a)

Syntax

#include <usersec.h>

int putcmdattrs(Command, Attributes, Count)
    char *Command;
    dbattr_t *Attributes;
    int Count;

Description

The putcmdattrs subroutine modifies one or more attributes from the privileged command database. If the database is not open, this subroutine does an implicit open for reading and writing. The command specified by the Command parameter must include the full path to the command and exist in the privileged command database.

The putcmdattrs subroutine is only used to modify attributes of existing commands in the database. To create or remove command entries, use the putcmdattr subroutine instead. Data changed by the putcmdattrs subroutine must be explicitly committed by calling the putcmdattr subroutine with a Type parameter specifying SEC_COMMIT. Until all the data is committed, only the getcmdattr and getcmdattrs subroutines within the process return the modified data. Changes made to the privileged command database do not impact security considerations until the entire database is sent to the Kernel Security Tables using the setkst command or until the system is rebooted.

The Attributes parameter contains information about each attribute that is to be updated. Each values that is specified in the Attributes parameter must be examined on a successful call to the putcmdattrs subroutine to determine whether the Attributes parameter was successfully written. The dbattr_t data structure contains the following fields:

Name Description Type
S_ACCESSAUTHS Access authorizations, a null-separated list of authorization names. Sixteen authorizations can be specified. A user with any one of the authorizations can run the command. In addition to the user-defined and system-defined authorizations available on the system, the following three special values can be specified:
ALLOW_OWNER
Allows the command owner to run the command without checking for access authorizations.
ALLOW_GROUP
Allows the command group to run the command without checking for access authorizations.
ALLOW_ALL
Allows every user to run the command without checking for access authorizations.
SEC_LIST
S_AUTHPRIVS Authorized privileges. Privilege authorization and authorized privileges pairs indicate process privileges during the execution of the command corresponding to the authorization that the parent process possesses. The authorization and its corresponding privileges are separated by an equal sign (=); individual privileges are separated by a plus sign (+). The attribute is of the SEC_LIST type and the value is a null-separated list, so authorization and privileges pairs are separated by a NULL character (\0), as shown in the following illustration:
 auth=priv+priv+...\0auth=priv+priv+...\0...\0\0
The number of authorization and privileges pairs is limited to sixteen.
SEC_LIST
S_AUTHROLES A role or list of roles, users having these roles have to be authenticated to allow execution of the command. SEC_LIST
S_INNATEPRIVS Innate privileges. This is a null-separated list of privileges that are assigned to the process when running the command. SEC_LIST
S_INHERITPRIVS Inheritable privileges. This is a null-separated list of privileges that are assigned to child processes. SEC_LIST
S_EUID The effective user ID to be assumed when running the command. SEC_INT
S_EGID The effective user ID to be assumed when running the command. SEC_INT
S_RUID The real user ID to be assumed when running the command. SEC_INT
Note: All the above fields corresponds to the attr_name attribute.
Item Description
attr_idx This attribute is used internally by the putcmdattrs subroutine.
attr_type The type of the attribute that is being updated.
attr _flag The result of the request to update the target attribute. On successful completion, a value of zero is returned. Otherwise , it returns a value of nonzero.
  A union that contains the value to update the requested attribute with.
attr_domain This field is ignored by the putcmdattrs subroutine.
The following union members that correspond to the definitions of the attr_char, attr_int, attr_long and attr_llong macros in the usersec.h file respectively.
Item Description
au_char A character pointer to the value that is to be written for attributes of the SEC_CHAR and SEC_LIST types.
au_int Integer value that is to be written for attributes of the SEC_INT type.
au_long Long value that is to be written for attributes of the SEC_LONG type.
au_llong Long long value that is to be written for attributes of the SEC_LLONG type.

Parameters

Item Description
Command Specifies the command name for which the attributes are to be updated.
Attributes A pointer to an array of zero or more elements of the dbattr_t type. The list of command attributes is defined in the usersec.h header file.
Count The number of array elements in the Attributes parameter.

Security

Files Accessed:
File Mode
/etc/security/privcmds
rw

Return Values

If the command specified by the Command parameter exists in the privileged command database, the putcmdattrs subroutine returns zero, even in the case when no attributes in the Attributes parameter were successfully updated. On success, the attr_flag attribute of each element in the Attributes parameter must be examined to determine if it was successfully updated. On failure, a value of -1 is returned and the errno value is set to indicate the error.

Error Codes

If the putcmdattrs subroutine returns -1, one of the following errno values can be set:
Item Description
EINVAL The Command parameter is NULL, default or ALL.
EINVAL The Count parameter is less than zero.
EINVAL The Attributes parameter is NULL and the Count parameter is greater than zero.
EINVAL The Attributes parameter does not point to valid data for the requested attribute.
ENOENT The command specified in the Command parameter does not exist.
EPERM The operation is not permitted.
If the putcmdattrs subroutine fails to update an attribute, one of the following errors is returned in the attr_flag field of the corresponding Attributes element:
Item Description
EACCES The invoker does not have write access to the privileged command database.
EINVAL The attr_name field in the Attributes entry is not a recognized command attribute.
EINVAL The attr_type field in the Attributes entry contains an invalid type.
EINVAL The attr_un field in the Attributes entry does not point to a valid buffer or to valid data for this type of attribute.