Remove login_progok()

Suggested by: guido
svn path=/head/; revision=28962
1997-08-31 20:09:39 +00:00 · 1997-08-31 20:09:39 +00:00 · ad1d4e56a2 · 2020-12-20 02:59:44 +00:00
commit ad1d4e56a2
parent 709db7fbee
5 changed files with 5 additions and 103 deletions
--- a/lib/libutil/Makefile
+++ b/lib/libutil/Makefile
@ -7,10 +7,10 @@ CFLAGS+=-Wall -DLIBC_SCCS -I${.CURDIR} -I${.CURDIR}/../../sys
 #CFLAGS+=LOGIN_CAP_AUTH
 SRCS=	login.c login_tty.c logout.c logwtmp.c pty.c setproctitle.c \
 	login_cap.c login_class.c login_auth.c login_times.c login_ok.c \
-	_secure_path.c uucplock.c login_progok.c
+	_secure_path.c uucplock.c
 MAN3+=	login.3 login_tty.3 logout.3 logwtmp.3 pty.3 setproctitle.3 \
 	login_cap.3 login_class.3 login_times.3 login_ok.3 \
-	_secure_path.3 uucplock.3 login_progok.3
+	_secure_path.3 uucplock.3
 MAN5+=	login.conf.5
 MLINKS+= pty.3 openpty.3  pty.3 forkpty.3
 MLINKS+=login_cap.3 login_getclassbyname.3 login_cap.3 login_close.3 \
--- a/lib/libutil/libutil.h
+++ b/lib/libutil/libutil.h
@ -18,7 +18,7 @@
 * 5. Modifications may be freely made to this file providing the above
 *    conditions are met.
 *
- * $Id: libutil.h,v 1.10 1997/08/10 18:42:38 ache Exp $
+ * $Id: libutil.h,v 1.11 1997/08/27 20:06:19 brian Exp $
 */

 #ifndef _LIBUTIL_H_
@ -45,7 +45,6 @@ const char *uu_lockerr __P((int _uu_lockresult));
 int	uu_lock __P((const char *_ttyname));
 int	uu_unlock __P((const char *_ttyname));
 int	_secure_path __P((const char *_path, uid_t _uid, gid_t _gid));
-int	login_progok __P((uid_t _uid, const char *prog));
 __END_DECLS

 #define UU_LOCK_INUSE (1)
--- a/lib/libutil/login.conf.5
+++ b/lib/libutil/login.conf.5
@ -17,7 +17,7 @@
 .\" 5. Modifications may be freely made to this file providing the above
 .\"    conditions are met.
 .\"
-.\" $Id: login.conf.5,v 1.10 1997/08/26 23:15:57 brian Exp $
+.\" $Id: login.conf.5,v 1.11 1997/08/27 20:06:19 brian Exp $
 .\"
 .Dd November 22, 1996
 .Dt LOGIN.CONF 5
@ -217,11 +217,6 @@ disallowed.
 in the class may use for access.
 .It tty.deny	list		List of ttys and ttygroups which users
 in the class may not use for access.
-.It prog.allow	list		List of programs which users in the class
-may run irrespective of the contents of prog.deny.  Support for this option
-must be built into each program.
-.It prog.deny	list		List of programs which users in the class
-may not run.  Support for this option must be built into each program.
 .El
 .Pp
 These fields are intended to be used by
@ -366,5 +361,4 @@ lists.
 .Xr getttyent 3 ,
 .Xr login_cap 3 ,
 .Xr login_class 3 ,
-.Xr ttys 5 ,
-.Xr login_progok 3
+.Xr ttys 5
--- a/lib/libutil/login_progok.3
+++ b/lib/libutil/login_progok.3
@ -1,52 +0,0 @@
-.\"
-.\" $Id: login_ok.3,v 1.4 1997/02/22 15:08:22 peter Exp $
-.\"
-.Dd August 27, 1997
-.Os FreeBSD
-.Dt LOGIN_PROGOK 3
-.Sh NAME
-.Nm login_progok
-.Nd Check if the given program may be run.
-.Sh SYNOPSIS
-.Fd #include <sys/types.h>
-.Fd #include <libutil.h>
-.Ft int
-.Fn login_progok "uid_t uid" "const char *prog"
-.Pp
-Link with
-.Va -lutil
-on the
-.Xr cc 1
-command line.
-.Sh DESCRIPTION
-This function determines if the user has permission to run the given
-program, returning zero if permission is denied and one if permission
-is granted.  It should be used by programs that are setuid or for some
-reason cannot be easily rebuilt or modified by an ordinary user, allowing
-the system administrator to restrict access to certain programs in a
-generic fashion.
-.Pp
-Access to a program is granted by default.  In order to deny access,
-the users login class entry in
-.Xr login.conf 5
-must be set with a 
-.Em prog.deny
-capability that contains the program name.  Most programs will use an
-absolute path name to avoid conflicts.  No special matching is done.  The
-passed
-.Ar prog
-must match a list entry in
-.Xr login.conf 5
-exactly.
-.Pp
-The
-.Em prog.allow
-capability will override the
-.Em prog.deny
-capability, granting access to the program.  This allows flexability in
-setting up a hierarchical login class structure.
-.Pp
-.Sh RETURN VALUES
-The function returns 1 if the program may be run and 0 if it may not.
-.Sh SEE ALSO
-.Xr login.conf 5
--- a/lib/libutil/login_progok.c
+++ b/lib/libutil/login_progok.c
@ -1,39 +0,0 @@
-#include <sys/types.h>
-#include <login_cap.h>
-#include <pwd.h>
-#include <string.h>
-
-int
-login_progok(uid_t uid, const char *prog)
-{
-  login_cap_t *lc;
-  const struct passwd *pwd;
-  char **data;
-
-  pwd = getpwuid(uid);
-  if (!pwd)
-    return 0;			/* How did that happen ? - we can't run */
-
-  lc = login_getpwclass(pwd);
-  if (!lc)
-    return 1;			/* We're missing login.conf ? - we can run */
-
-  data = login_getcaplist(lc, "prog.allow", NULL);
-  if (data) 
-    for (; *data; data++)
-      if (!strcmp(*data, prog)) {
-        login_close(lc);
-	return 1;		/* We're in prog.allow - we can run */
-      }
-
-  data = login_getcaplist(lc, "prog.deny", NULL);
-  if (data) 
-    for (; *data; data++)
-      if (!strcmp(*data, prog)) {
-        login_close(lc);
-	return 0;		/* We're in prog.deny - we can't run */
-      }
-
-  login_close(lc);
-  return 1;			/* We're not mentioned anywhere - we can run */
-}