*** UNIX MANUAL PAGE BROWSER ***

getprfient(3) Library Functions Manual getprfient(3) NAME getprfient, getprfinam, putprfinam - Manipulate file control database entry (Enhanced Security) LIBRARY Security Library (libsecurity.a) SYNOPSIS #include <sys/types.h> #include <sys/security.h> #include <prot.h> struct pr_file *getprfient(void); struct pr_file *getprfinam( char *name); void setprfient(void); void endprfient(void); int putprfinam( char *name, struct pr_file *pr); PARAMETERS Specifies a file control database entry name. Specifies a file con- trol database entry structure. DESCRIPTION The getprfient() and getprfinam() functions each return a pointer to an object with the following structure containing the separated-out fields of a line in the file control database. Each line in the database con- tains a pr_file structure, declared in the prot.h header file as fol- lows: struct f_field { char *fd_name; /* Holds full pathname */ ushort fd_uid; /* uid of owner */ ushort fd_gid; /* gid of group */ ushort fd_mode; /* permissions */ char fd_type[2]; /* file type (one of r,b,c,d,f,s) */ acle_t *fd_acl; /* access control list for file */ int fd_acllen; /* number of entries in fd_acl */ }; struct f_flag { unsigned short fg_name:1, /* Is fd_name set? */ fg_uid:1, /* Is fd_uid set? */ fg_gid:1, /* Is fd_gid set? */ fg_mode:1, /* Is fd_mode set? */ fg_type:1, /* Is fd_type set? */ fg_acl:1, /* Is fd_acl set? */ }; struct pr_file { struct f_field ufld; struct f_flag uflg; }; The getprfient() function when first called returns a pointer to the first pr_file structure in the database; thereafter, it returns a pointer to the next pr_file structure in the database, so successive calls can be used to search the database. The getprfinam() function searches from the beginning of the database until a file name matching name is found, and returns a pointer to the particular structure in which it was found. If an end-of-file or an error is encountered on reading, these functions return a null pointer. A call to the setprfient() function has the effect of rewinding the file control database to allow repeated searches. The endprfient() function can be called to close the file control database when process- ing is complete. The putprfinam() function puts a new or replaced file control entry pr with key name into the database. If the uflg.fg_name field is a 0 (zero), the requested entry is deleted from the file control database. The putprfinam() function locks the database for all update operations, and performs a endprfient() after the update or failed attempt. The file control database stores a list of entries for security rele- vant files. This database is used by the setfiles program to assign and maintain the security attributes of system files. The fd_name pointer refers to the file name, which can be an absolute pathname or a pathname whose last component is an * (asterisk), which is treated as a wildcard entry. Entries that refer to a specific file in a directory supersede the wildcard entry if the absolute pathname precedes the wildcard entry in the database. The fd_uid and fd_gid fields are the numeric owner and group of the file. The fd_mode field is the mode word, including owner, group, and other permissions, as well as the SUID and SGID bits. The fd_type field contains a one-char- acter file type indicator: r (regular), b (block-special), c (charac- ter-special), d (directory), f (FIFO), s (symbolic link), The fd_acl field references the internal representation of the file's access con- trol list. The fd_acllen field is the number of entries on that list. NOTES Programs using these functions must be compiled with -lsecurity. CAUTION The value returned by getprfinam() and getprfient() refers to a struc- ture that is overwritten by calls to these functions. To retrieve an entry, modify it, and replace it in the database, you must copy the en- try using structure assignment and supply the modified buffer to putpr- finam(). RETURN VALUES The getprfient() and getprfinam() functions return null pointers on EOF or an error. The putprfinam() function returns a value of 0 (zero) if it cannot add or upgrade the entry. FILES Description file of directories, devices, control, and commands modi- fied for security. General security databases file. delim off getprfient(3)