| 
 getdvagent(3)                                                 getdvagent(3)
 NAME    [Toc]    [Back]
      getdvagent, getdvagnam, setdvagent, enddvagent, putdvagnam,
      copydvagent - manipulate device assignment database entry for a
      trusted system
 SYNOPSIS    [Toc]    [Back]
      #include <sys/types.h>
      #include <hpsecurity.h>
      #include <prot.h>
      struct dev_asg *getdvagent();
      struct dev_asg *getdvagnam(const char *name);
      void setdvagent();
      void enddvagent();
      int putdvagnam(const char *name, struct dev_asg *dv);
      struct dev_asg *copydvagent(struct dev_asg *dv);
 DESCRIPTION    [Toc]    [Back]
      getdvagent, getdvagnam, and copydvagent each return a pointer to an
      object with the following structure containing the broken-out fields
      of an entry in the Device Assignment database.  Each database entry is
      returned as a dev_asg structure, declared in the <prot.h> header file:
           struct dev_field {
                char      *fd_name;        /* external name */
                char      **fd_devs;       /* device list */
                mask_t    fd_type[1];      /* tape, printer, terminal */
                char      **fd_users;      /* authorized user list */
           };
           /* Device Assignment Database entry */
           #define AUTH_DEV_TYPE           "device type"
           #define AUTH_DEV_PRINTER        0
           #define AUTH_DEV_TERMINAL       1
           #define AUTH_DEV_TAPE           2
           #define AUTH_DEV_REMOTE         3
           #define AUTH_MAX_DEV_TYPE       3
           #define AUTH_DEV_TYPE_SIZE      (WORD_OF_BIT (AUTH_MAX_DEV_TYPE) + 1)
           /* this structure tells which of the corresponding fields
            * in dev_field are valid (filled).
            */
           struct dev_flag {
                unsigned short
                     fg_name  : 1,
 Hewlett-Packard Company            - 1 -   HP-UX 11i Version 2: August 2003
 getdvagent(3)                                                 getdvagent(3)
                     fg_devs  : 1,
                     fg_type  : 1,
                     fg_users : 1,
                ;
           };
           struct dev_asg {
                struct dev_field ufld;
                struct dev_flag  uflg;
                struct dev_field sfld;
                struct dev_flag  sflg;
           };
      The Device Assignment database stores device characteristics that are
      related to user authorizations and synonyms.  On systems supporting
      network connections, the Device Assignment database stores information
      about hosts initiating connections.
      Each entry contains a name, which is a cross reference to the terminal
      control database, and a list of devices, each of which is a pathname
      corresponding to that device.  This list allows the device assignment
      software of the trusted system to invalidate all references to a
      device when re-assigning it.  The list is a table of character string
      pointers, whose last entry is a NULL pointer.
      fd_users is a pointer to a null-terminated table of character string
      pointers referring to user allowed access.
      For trusted system versions supporting network connections, the device
      name can be a 12 character host name, where the first 8 characters are
      the ASCII hex address of the device, and the last 4 characters are
      ASCII zeroes.  For example, a host with Internet address 129.75.0.3
      has device name 814b00030000.  The trailing four zeroes are for
      compatibility with ports on terminal concentrators.  The SAM API's
      supports conversion of host name to device name.  Thus, sensitivity
      level ranges and user authorization lists can be enforced on hosts as
      well as on directly connected terminals.
      When getdvagent is first called, it returns a pointer to the first
      device assignment entry.  Thereafter, it returns a pointer to the next
      entry, so successive calls can be used to search the database.
      getdvagnam searches from the beginning of the database until an entry
      with a device name matching name is found, and returns a pointer to
      that entry.  If an end of file or an error is encountered on reading,
      these functions return a NULL pointer.  copydvagent copies a device
      assignment structure and the fields to which it refers to a newlyallocated
 data area.  Since getdvagent, getdvagnam, and putdvagent
      re-use a static structure when accessing the database, the values of
      any entry must be saved if these routines are used again.  The dev_asg
      structure returned by copydvagent can be freed using free (see
      malloc(3C)).
 Hewlett-Packard Company            - 2 -   HP-UX 11i Version 2: August 2003
 getdvagent(3)                                                 getdvagent(3)
      A call to setdvagent has the effect of setting the device assignment
      database back to the first entry to allow repeated searches of the
      database.  enddvagent frees all memory and closes all files used to
      support these routines.
      putdvagnam rewrites or adds an entry to the database.  If there is an
      entry whose fd_name field matches the name argument, that entry is
      replaced with the contents of the dv structure.  Otherwise, that entry
      is added to the database.
 APPLICATION USAGE    [Toc]    [Back]
      In a multithreaded application, these routines are safe to be called
      only from one dedicated thread.  These routines are not POSIX.1c
      async-cancel safe nor async-signal safe.
 RETURN VALUE    [Toc]    [Back]
      getdvagent and getdvagnam return a pointer to a static structure on
      success, or a NULL pointer on failure.  This static structure is
      overwritten by getdvagent, getdvagnam, and putdvagnam.
      putdvagnam returns 1 on success, or 0 on failure.
      copydvagent returns a pointer to the newly-allocated structure on
      success, or a NULL pointer if there was a memory allocation error.
 WARNINGS    [Toc]    [Back]
      The structure returned by this routine contains pointers to character
      strings and lists rather than being self-contained.  copydvagent must
      be used instead of structure assignments to save a returned structure.
      The value returned by getdvagent and getdvagnam refers to a structure
      that is overwritten by calls to these routines.  To retrieve an entry,
      modify it, and replace it in the database, copy the entry using
      copydvagent and supply the modified buffer to putdvagent.
 NOTES    [Toc]    [Back]
      Programs using this routine must be compiled with -lsec.
 FILES    [Toc]    [Back]
      /tcb/files/devassign                    Device assignment database
 SEE ALSO    [Toc]    [Back]
      authcap(4).
 Hewlett-Packard Company            - 3 -   HP-UX 11i Version 2: August 2003[ Back ] |