Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ dg_cd_fd_close(3) — DG/UX R4.11MU05

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

credentiald(1M)

open(2)

close(2)



cd_library(3)            DG/UX B2 Security R4.12MU02           cd_library(3)


NAME
       cdlibrary: dgcdclienttoagentfd, dgcdfdclose,
       dgcdkitcreate, dgcdkitfree, dgcdkitsend, dgcdkitreceive -
       credential server interface routines in libsm.a

SYNOPSIS
       #include <dgcdinterface.h>

       int     dgcdclienttoagentfd ( )

       int     dgcdfdclose (int                     fd)

       int     dgcdkitcreate (dgcdkitt **        cdkitpp)

       void    dgcdkitfree (dgcdkitt **          cdkitpp)

       int     dgcdkitsend (int                     fd,
                               dgcdkitt **          cdkitpp)

       int     dgcdkitreceive (int                  fd,
                                  dgcdkitt **       cdkitpp)

DESCRIPTION
       The functions in cdlibrary provide support for communicating with
       the credential server (daemon), credentiald, and therefore for
       session creation.

       The functions return 0 on success and -1 on failure, unless otherwise
       noted.

   dgcdclienttoagentfd
       This function establishes the connection to the credential server.
       On success, it returns a file descriptor (a non-negative integer)
       that should be used as an argument to the other functions in this
       family that require an fd argument.  On failure it returns 0 and sets
       errno to indicate the error.  Possible errno values are the same as
       those for open(2).  Use of this function requires appropriate
       privilege, as access to credentiald is restricted by the system.  On
       a process configured for capability (ie., dgrunningwithcap()
       returns 1), the process calling this function must have the
       capability DG_CAP_SI_ACCESS_CREDENTIALD in its permitted set in order
       to succeed.  On a system which is not configured for capability, the
       process must have a user id of 0.  If the process does not have
       appropriate privilege, this function will still appear to succeed,
       but credentiald will immediately drop the connection, and subsequent
       attempts to use the fd returned by this function will fail.

   dgcdfdclose
       This function closes the connection to the credential server.  It
       takes as an argument the file descriptor that was returned by
       dgcdclienttoagentfd().  Possible errno values on error are the
       same as those for close(2).

   dgcdkitcreate
       This function allocates and initializes a new dgcdkitt structure.
       Its argument should be the address of a pointer, which will be set to
       point to the new structure on return.

       Errors:

       EINVAL  cdkitpp is not a valid pointer.

       ENOMEM  The system was unable to allocate sufficient memory for the
               new structure.

   dgcdkitfree
       This function frees all the memory associated with the dgcdkitt *
       whose  address is the argument to the function.  It frees both the
       structure and any fields of the structure that are pointers that are
       not NULL.

   dgcdkitsend
       This function sends the kit pointed to by the pointer whose address
       is the second argument of the function to the credential server,
       which it assumes is listening at the other end of fd.  fd should be
       previously obtained by a call to dgcdclienttoagentfd().  The kit
       passed in is treated in a read-only manner by the function -- the
       data in it is simply copied across the connection to the credential
       server.

       Errors:

       EINVAL  cdkitpp or the pointer it points to is NULL.

       EBADF   fd is not a valid file descriptor as returned by a call to
               dgcdclienttoagentfd().

       EMFILE  The system is out of file descriptors.

       EIO     The communication with the credential server failed.

   dgcdkitreceive
       Receive a kit from the credential server via fd. fd should be the
       file descriptor returned by a previous call to
       dgcdclienttoagentfd().  cdkitpp should be the address of a
       pointer which is set to NULL.  The function will allocate a new kit,
       read the data from the credential server, and store the incoming data
       in the new kit.  Finally, it will set the pointer pointed to by
       cdkitpp to point to the new kit.  When it is no longer needed, the
       received kit can be disposed of with a call to dgcdkitfree.

       Errors:

       EINVAL  cdkitpp is not a valid address.

       EBADF   fd is not a valid file descriptor as returned by a call to
               dgcdclienttoagentfd().

       EMFILE  The system is out of file descriptors.

       EIO     The communication with the credential server failed.

   dgcdkit{get,put} functions
       The various fields of the dgcdkitt structure should not be
       accessed directly with the C language's '.' or '->' operators.
       Instead, all access to the internals of the kit should be through the
       various get/put functions that are provided.  The precise list of
       these (with function prototypes) is available in the header file
       dgcdinterface.h.  These functions define what should be considered
       the kit, rather than the structure definition itself.  The structure
       may change in the future, but compatibility will be preserved through
       the function interfaces.  The various "options" fields, such as
       B_BYPASS_LOCATION_LOCKED, should be boolean values: 1 indicates that
       the option is turned on, 0 indicates that it is turned off.

SEE ALSO
       credentiald(1M), open(2), close(2), adlibrary(3), silibrary(3),
       dgrunningwith(3C).


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026