getdvagent(3) getdvagent(3)
NAME [Toc] [Back]
getdvagent, getdvagnam, setdvagent, enddvagent, putdvagnam,
copydvagent - manipulate device assignment database entry for a
trusted system
SYNOPSIS [Toc] [Back]
#include <sys/types.h>
#include <hpsecurity.h>
#include <prot.h>
struct dev_asg *getdvagent();
struct dev_asg *getdvagnam(const char *name);
void setdvagent();
void enddvagent();
int putdvagnam(const char *name, struct dev_asg *dv);
struct dev_asg *copydvagent(struct dev_asg *dv);
DESCRIPTION [Toc] [Back]
getdvagent, getdvagnam, and copydvagent each return a pointer to an
object with the following structure containing the broken-out fields
of an entry in the Device Assignment database. Each database entry is
returned as a dev_asg structure, declared in the <prot.h> header file:
struct dev_field {
char *fd_name; /* external name */
char **fd_devs; /* device list */
mask_t fd_type[1]; /* tape, printer, terminal */
char **fd_users; /* authorized user list */
};
/* Device Assignment Database entry */
#define AUTH_DEV_TYPE "device type"
#define AUTH_DEV_PRINTER 0
#define AUTH_DEV_TERMINAL 1
#define AUTH_DEV_TAPE 2
#define AUTH_DEV_REMOTE 3
#define AUTH_MAX_DEV_TYPE 3
#define AUTH_DEV_TYPE_SIZE (WORD_OF_BIT (AUTH_MAX_DEV_TYPE) + 1)
/* this structure tells which of the corresponding fields
* in dev_field are valid (filled).
*/
struct dev_flag {
unsigned short
fg_name : 1,
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
getdvagent(3) getdvagent(3)
fg_devs : 1,
fg_type : 1,
fg_users : 1,
;
};
struct dev_asg {
struct dev_field ufld;
struct dev_flag uflg;
struct dev_field sfld;
struct dev_flag sflg;
};
The Device Assignment database stores device characteristics that are
related to user authorizations and synonyms. On systems supporting
network connections, the Device Assignment database stores information
about hosts initiating connections.
Each entry contains a name, which is a cross reference to the terminal
control database, and a list of devices, each of which is a pathname
corresponding to that device. This list allows the device assignment
software of the trusted system to invalidate all references to a
device when re-assigning it. The list is a table of character string
pointers, whose last entry is a NULL pointer.
fd_users is a pointer to a null-terminated table of character string
pointers referring to user allowed access.
For trusted system versions supporting network connections, the device
name can be a 12 character host name, where the first 8 characters are
the ASCII hex address of the device, and the last 4 characters are
ASCII zeroes. For example, a host with Internet address 129.75.0.3
has device name 814b00030000. The trailing four zeroes are for
compatibility with ports on terminal concentrators. The SAM API's
supports conversion of host name to device name. Thus, sensitivity
level ranges and user authorization lists can be enforced on hosts as
well as on directly connected terminals.
When getdvagent is first called, it returns a pointer to the first
device assignment entry. Thereafter, it returns a pointer to the next
entry, so successive calls can be used to search the database.
getdvagnam searches from the beginning of the database until an entry
with a device name matching name is found, and returns a pointer to
that entry. If an end of file or an error is encountered on reading,
these functions return a NULL pointer. copydvagent copies a device
assignment structure and the fields to which it refers to a newlyallocated
data area. Since getdvagent, getdvagnam, and putdvagent
re-use a static structure when accessing the database, the values of
any entry must be saved if these routines are used again. The dev_asg
structure returned by copydvagent can be freed using free (see
malloc(3C)).
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003
getdvagent(3) getdvagent(3)
A call to setdvagent has the effect of setting the device assignment
database back to the first entry to allow repeated searches of the
database. enddvagent frees all memory and closes all files used to
support these routines.
putdvagnam rewrites or adds an entry to the database. If there is an
entry whose fd_name field matches the name argument, that entry is
replaced with the contents of the dv structure. Otherwise, that entry
is added to the database.
APPLICATION USAGE [Toc] [Back]
In a multithreaded application, these routines are safe to be called
only from one dedicated thread. These routines are not POSIX.1c
async-cancel safe nor async-signal safe.
RETURN VALUE [Toc] [Back]
getdvagent and getdvagnam return a pointer to a static structure on
success, or a NULL pointer on failure. This static structure is
overwritten by getdvagent, getdvagnam, and putdvagnam.
putdvagnam returns 1 on success, or 0 on failure.
copydvagent returns a pointer to the newly-allocated structure on
success, or a NULL pointer if there was a memory allocation error.
WARNINGS [Toc] [Back]
The structure returned by this routine contains pointers to character
strings and lists rather than being self-contained. copydvagent must
be used instead of structure assignments to save a returned structure.
The value returned by getdvagent and getdvagnam refers to a structure
that is overwritten by calls to these routines. To retrieve an entry,
modify it, and replace it in the database, copy the entry using
copydvagent and supply the modified buffer to putdvagent.
NOTES [Toc] [Back]
Programs using this routine must be compiled with -lsec.
FILES [Toc] [Back]
/tcb/files/devassign Device assignment database
SEE ALSO [Toc] [Back]
authcap(4).
Hewlett-Packard Company - 3 - HP-UX 11i Version 2: August 2003 [ Back ] |