 |
» |
|
|
|
NAMEpriv_str_to_set(), priv_set_to_str() — privilege name to set conversion function SYNOPSIS#include <sys/types.h>
#include <sys/privileges.h> priv_set_t * priv_str_to_set(const char * priv_list,
const char *delimiter,
char **index_ptr); char *priv_set_to_str(const priv_set_t * priv_vec,
char delimiter,
int flag); Parameterspriv_str_to_set()- priv_list
The list of privilege names, passed as a string, separated by
one or more characters from
delimiter.
It may also contain the compound privileges (basic, basicroot, and
policy). - delimiter
Separates the privileges in
priv_list. - index_ptr
If an error occurs while parsing the list of privilege names,
the
char
pointer pointed to by
index_ptr
is set to point to the remainder of the string after the error occurred, so
long as
index_ptr
is not a
NULL pointer.
priv_set_to_str()- delimiter
Separates the individual privilege names by any of the
specified characters.
If
delimiter
is a
NULL
character, the default delimiter of comma
(,)
is used. - flag
Bit mask with the following bit positions defined:
PRIV_STR_LIT,
PRIV_STR_SHORT.
Exactly one of the two flags must be passed.
When flag is
PRIV_STR_SHORT,
the resulting string uses the compound privileges
BASIC,
BASICPOLICY,
and
POLICY
to arrive at a short representation. - priv_vec
Specifies privilege set.
DESCRIPTIONpriv_str_to_set Conversionpriv_str_to_set()
converts a list of privilege names to a privilege set. priv_list
is a string consisting of privilege names and/or compound privileges.
The individual elements in the string are separated by one or more
characters of
delimiter . Any privilege in the list
priv_list
can be optionally preceded by an exclamation mark
(!)
to be interpreted as removal.
For example,
POLICY,!PRIV_CMPTREAD
means all privileges in the compound privilege
POLICY
except the
PRIV_CMPTREAD
privilege. The string is case-insensitive.
PRIV_
prefix
is optional to a privilege name.
For example,
PRIV_CMPTREAD,
CmptRead,
and
Priv_CmPTReaD
all have the same meaning. priv_list
is interpreted left to right, so the string
DACREAD,!DACREAD
is the same as an empty list of privileges, while
!DACREAD,DACREAD
is the same as
DACREAD. For a list of valid privileges (both individual privileges and compound
privileges), see
privileges(5). priv_set_to_str Conversionpriv_set_to_str()
converts a privilege set to a string of privilege names separated by the
character specified by
delimiter . RETURN VALUEpriv_set_to_str()
and
priv_str_to_set()
return the following values:
- pointer
Successful completions.
Returns a non-null pointer.
The caller of
priv_str_to_set()
is responsible for freeing the result using the
privset_free().
The caller of
priv_set_to_str()
is responsible for freeing the result using the
free(). - NULL pointer
Function failed.
Returns a null pointer and sets
errno
to indicate the error .
ERRORSIf any of the following conditions occur, the functions fail and set
errno.
- ENOMEM
Cannot allocate enough memory for the given data. - EINVAL
One or more arguments are invalid.
EXAMPLES#include <stdio.h>
#include <sys/types.h>
#include <sys/privileges.h>
#define priv_list "PRIV_CHOWN,PRIV_CHROOT,PRIV_DACREAD"
main()
{
char *index;
priv_set_t * priv_vector;
if ( (priv_vector = priv_str_to_set( priv_list,
NULL,
&index)) == NULL )
{
perror("priv_str_to_set Failed");
if (index)
printf("Invalid privilege name starting at %s\n", index);
exit(1);
}
printf("The privileges in the given privilege vector are %s\n",
priv_set_to_str( priv_vector, NULL, PRIV_STR_SHORT) );
} DEPENDENCIESpriv_str_to_set()
and
priv_set_to_str()
are both part of the
libsec
library. |
Printable version
