HP-UX Reference (11i v3 07/02) - 3 Library Functions A-M (vol 6)
a
acps_spi(3) acps_spi(3)
EXAMPLES
The following example illustrates a sample policy module that enforces the policy:
"users Ron, Ren, and Bill may read or write the password object"
#include <acps_spi.h>
#include <stdio.h>
extern int acpm_checkauth(acp_handle_t h, int argc, const char **argv)
{
char *user;
char *operation;
char *object;
char *buf;
int retval;
// get the user
if((retval = acpm_getsubid(h, buf, &user)) != ACPS_SUCCESS)
return retval;
if(strcmp(buf, ACPS_ID_NAME) != 0) // type validation
return ACPS_GEN_ERROR;
// get the operation
if((retval=acpm_getop(h, buf, &operation)) != ACPS_SUCCESS)
return retval;
if(strcmp(buf, ACPS_OP_DOTHEIRARCHICAL) != 0)
return ACPS_GEN_ERROR;
// get the object
if((retval = acpm_getobj(h, buf, &object)) != ACPS_SUCCESS)
return retval;
if(strcmp(buf, ACPS_OBJ_GENERIC) != 0)
return ACPS_GEN_ERROR;
// evaluate primitives against policy
if( ( (strcmp(user, "Ron") == 0)
|| (strcmp(user, "Ren") == 0)
|| (strcmp(user, "Bill") == 0))
&&( (strcmp(operation, "read") == 0)
|| (strcmp(operation, "write") == 0))
&&(strcmp(object, "password"))) {
return ACPS_ALLOW;
}
else {
return ACPS_DENY;
}
}
SEE ALSO
acps(3), acps_api(3).
98 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: February 2007