libwliapi.3 (2011 03)
libwliapi(3)
Optional WLI Product Required
libwliapi(3)
int myapp_set_ibac(char *filename)
{
wliapi_err_t rc;
rc = (wli_add_fap( filename, WLIAPI_FAP_IBAC);
if (rc != WLIAPI_SUCCESS) {
fprintf(stderr, "wli_add_fap() failed; rc: %u/n", rc);
return(-1);
else {
printf "An IBAC policy record has been added to %s0,
filename);
}
return(0);
}
/* Create a file that only can be accessed using this compiled
* program (myapp)
*/
if ((myfd = create("/tmp/myfile", "rw")) == -1)) {
fprintf(stderr, "fopen() failed; rc: %u/n", rc);
exit(-1);
}
if (myapp_set_ibac( filename) != 0) {
fprintf(stderr, "Could not add an IBAC policy/n");
exit(-1);
}
Build
myapp:
% cc -I/opt/wli/include -L/opt/wli/lib -lwliapi myapp.c -o myapp
Sign myapp and give it api capability:
% wlisign -a -k/joeprivkey -c joepubkey -o api myapp
Use administrator key adminprivkey to authorize
joepubkey as a WLI user key:
% wlicert -i joe.myapp -k adminprivkey joepubkey The identifier joe.myapp
was chosen to represent joepubkey
Use administrator key adminprivkey to grant
api capability to joepubkey:
% wlicert -c joe.myapp -s -k adminprivkey -o api
Create /tmp/myfile with an IBAC record in metadata that can only be accessed with myapp:
% myapp
AUTHOR
libwliapi was developed by HP.
FILES
/opt/wli/include/wli.h Contains all definitions and structures for libwliapi func-
tions.
/opt/wli/lib/libwliapi.so Shared object file containing libwliapi functions.
SEE ALSO
wlipolicy(1), wlisign(1), wlicert(1M), wli(5).
HP-UX Whitelisting A.01.00 Administrator Guide at:
http://www.hp.com/go/hpux-security-docs.
HP-UX 11iv3: Sep 2010 Web Release − 3 − Hewlett-Packard Company 3