443 lines
15 KiB
Groff
443 lines
15 KiB
Groff
.\" Copyright (c) 1995 David Nugent <davidn@blaze.net.au>
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, is permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice immediately at the beginning of the file, without modification,
|
|
.\" this list of conditions, and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. This work was done expressly for inclusion into FreeBSD. Other use
|
|
.\" is permitted provided this notation is included.
|
|
.\" 4. Absolutely no warranty of function or purpose is made by the author
|
|
.\" David Nugent.
|
|
.\" 5. Modifications may be freely made to this file providing the above
|
|
.\" conditions are met.
|
|
.\"
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd December 27, 1996
|
|
.Os
|
|
.Dt LOGIN_CAP 3
|
|
.Sh NAME
|
|
.Nm login_close ,
|
|
.Nm login_getcapbool ,
|
|
.Nm login_getcaplist ,
|
|
.Nm login_getcapnum ,
|
|
.Nm login_getcapstr ,
|
|
.Nm login_getcapsize ,
|
|
.Nm login_getcaptime ,
|
|
.Nm login_getclass ,
|
|
.Nm login_getclassbyname ,
|
|
.Nm login_getpwclass ,
|
|
.Nm login_getstyle ,
|
|
.Nm login_getuserclass ,
|
|
.Nm login_setcryptfmt
|
|
.Nd "functions for accessing the login class capabilities database"
|
|
.Sh LIBRARY
|
|
.Lb libutil
|
|
.Sh SYNOPSIS
|
|
.In sys/types.h
|
|
.In login_cap.h
|
|
.Ft void
|
|
.Fn login_close "login_cap_t *lc"
|
|
.Ft login_cap_t *
|
|
.Fn login_getclassbyname "const char *nam" "const struct passwd *pwd"
|
|
.Ft login_cap_t *
|
|
.Fn login_getclass "const char *nam"
|
|
.Ft login_cap_t *
|
|
.Fn login_getpwclass "const struct passwd *pwd"
|
|
.Ft login_cap_t *
|
|
.Fn login_getuserclass "const struct passwd *pwd"
|
|
.Ft "const char *"
|
|
.Fn login_getcapstr "login_cap_t *lc" "const char *cap" "const char *def" "const char *error"
|
|
.Ft char **
|
|
.Fn login_getcaplist "login_cap_t *lc" "const char *cap" "const char *chars"
|
|
.Ft "const char *"
|
|
.Fn login_getpath "login_cap_t *lc" "const char *cap" "const char *error"
|
|
.Ft rlim_t
|
|
.Fn login_getcaptime "login_cap_t *lc" "const char *cap" "rlim_t def" "rlim_t error"
|
|
.Ft rlim_t
|
|
.Fn login_getcapnum "login_cap_t *lc" "const char *cap" "rlim_t def" "rlim_t error"
|
|
.Ft rlim_t
|
|
.Fn login_getcapsize "login_cap_t *lc" "const char *cap" "rlim_t def" "rlim_t error"
|
|
.Ft int
|
|
.Fn login_getcapbool "login_cap_t *lc" "const char *cap" "int def"
|
|
.Ft "const char *"
|
|
.Fn login_getstyle "login_cap_t *lc" "const char *style" "const char *auth"
|
|
.Ft const char *
|
|
.Fn login_setcryptfmt "login_cap_t *lc" "const char *def" "const char *error"
|
|
.Sh DESCRIPTION
|
|
These functions represent a programming interface to the login
|
|
classes database provided in
|
|
.Xr login.conf 5 .
|
|
This database contains capabilities, attributes and default environment
|
|
and accounting settings for users and programs running as specific users,
|
|
as determined by the login class field within entries in
|
|
.Pa /etc/master.passwd .
|
|
.Pp
|
|
Entries in
|
|
.Xr login.conf 5
|
|
consist of colon
|
|
.Ql \&:
|
|
separated fields, the first field in each record being one or more
|
|
identifiers for the record (which must be unique for the entire database),
|
|
each separated by a '|', and may optionally include a description as
|
|
the last 'name'.
|
|
Remaining fields in the record consist of keyword/data pairs.
|
|
Long lines may be continued with a backslash within empty entries,
|
|
with the second and subsequent lines optionally indented for readability.
|
|
This is similar to the format used in
|
|
.Xr termcap 5 ,
|
|
except that keywords are not limited to two significant characters,
|
|
and are usually longer for improved readability.
|
|
As with termcap entries, multiple records can be linked together
|
|
(one record including another) using a field containing tc=<recordid>.
|
|
The result is that the entire record referenced by <recordid> replaces
|
|
the tc= field at the point at which it occurs.
|
|
See
|
|
.Xr getcap 3
|
|
for further details on the format and use of a capabilities database.
|
|
.Pp
|
|
The
|
|
.Nm login_cap
|
|
interface provides a convenient means of retrieving login class
|
|
records with all tc= references expanded.
|
|
A program will typically call one of
|
|
.Fn login_getclass ,
|
|
.Fn login_getpwclass ,
|
|
.Fn login_getuserclass
|
|
or
|
|
.Fn login_getclassbyname
|
|
according to its requirements.
|
|
Each of these functions returns a login capabilities structure,
|
|
.Ft login_cap_t ,
|
|
which may subsequently be used to interrogate the database for
|
|
specific values using the rest of the API.
|
|
Once the login_cap_t is of no further use, the
|
|
.Fn login_close
|
|
function should be called to free all resources used.
|
|
.Pp
|
|
The structure of login_cap_t is defined in login_cap.h, as:
|
|
.Bd -literal -offset indent
|
|
typedef struct {
|
|
char *lc_class;
|
|
char *lc_cap;
|
|
char *lc_style;
|
|
} login_cap_t;
|
|
.Ed
|
|
.Pp
|
|
The
|
|
.Ar lc_class
|
|
member contains a pointer to the name of the login class
|
|
retrieved.
|
|
This may not necessarily be the same as the one requested,
|
|
either directly via
|
|
.Fn login_getclassbyname ,
|
|
indirectly via a user's login record using
|
|
.Fn login_getpwclass ,
|
|
by class name using
|
|
.Fn login_getclass ,
|
|
or
|
|
.Fn login_getuserclass .
|
|
If the referenced user has no login class specified in
|
|
.Pa /etc/master.passwd ,
|
|
the class name is NULL or an empty string.
|
|
If the class
|
|
specified does not exist in the database, each of these
|
|
functions will search for a record with an id of "default",
|
|
with that name returned in the
|
|
.Ar lc_class
|
|
field.
|
|
In addition, if the referenced user has a UID of 0 (normally,
|
|
"root", although the user name is not considered) then
|
|
.Fn login_getpwclass
|
|
will search for a record with an id of "root" before it searches
|
|
for the record with the id of "default".
|
|
.Pp
|
|
The
|
|
.Ar lc_cap
|
|
field is used internally by the library to contain the
|
|
expanded login capabilities record.
|
|
Programs with unusual requirements may wish to use this
|
|
with the lower-level
|
|
.Fn getcap
|
|
style functions to access the record directly.
|
|
.Pp
|
|
The
|
|
.Ar lc_style
|
|
field is set by the
|
|
.Fn login_getstyle
|
|
function to the authorisation style, according to the requirements
|
|
of the program handling a login itself.
|
|
.Pp
|
|
As noted above, the
|
|
.Fn login_get*class
|
|
functions return a login_cap_t object which is used to access
|
|
the matching or default record in the capabilities database.
|
|
The
|
|
.Fn login_getclassbyname
|
|
function accepts two arguments: the first one is the record identifier of the
|
|
record to be retrieved, the second is an optional pointer to a
|
|
.Li passwd
|
|
structure.
|
|
If the first
|
|
.Ar name
|
|
argument is NULL, an empty string, or a class that does not exist
|
|
in the supplemental or system login class database, then the system
|
|
.Em default
|
|
record is returned instead.
|
|
If the second
|
|
.Ar pwd
|
|
parameter is NULL, then only the system login class database is
|
|
used.
|
|
However,
|
|
if the
|
|
.Ar pwd
|
|
parameter and the value of
|
|
.Ar pwd->pw_dir
|
|
are both not NULL, then the directory contained in
|
|
.Ar pwd->pw_dir
|
|
is searched for
|
|
a login database file called ".login_conf", and capability records
|
|
contained within it may override the system defaults.
|
|
This scheme allows users to override some login settings from
|
|
those in the system login class database by creating class records
|
|
for their own private class with a record id of `me'.
|
|
In the context of a
|
|
.Em login ,
|
|
it should be noted that some options cannot by overridden by
|
|
users for two reasons; many options, such as resource settings
|
|
and default process priorities, require root privileges
|
|
in order to take effect, and other fields in the user's file are
|
|
not be consulted at all during the early phases of login for
|
|
security or administrative reasons.
|
|
See
|
|
.Xr login.conf 5
|
|
for more information on which settings a user is able to override.
|
|
Typically, these are limited purely to the user's default login
|
|
environment which might otherwise have been overridden in shell
|
|
startup scripts in any case.
|
|
The user's
|
|
.Pa .login_conf
|
|
merely provides a convenient way for a user to set up their preferred
|
|
login environment before the shell is invoked on login.
|
|
Note that access to the
|
|
.Pa /etc/login.conf
|
|
and
|
|
.Pa .login_conf
|
|
files will only be performed subject to the security checks documented in
|
|
.Xr _secure_path 3
|
|
for the uids 0 and
|
|
.Ar pwd->pw_uid
|
|
respectively.
|
|
.Pp
|
|
If the specified record is NULL, empty or does not exist, and the
|
|
system has no "default" record available to fall back to, there is a
|
|
memory allocation error or for some reason
|
|
.Xr cgetent 3
|
|
is unable to access the login capabilities database, this function
|
|
returns NULL.
|
|
.Pp
|
|
The functions
|
|
.Fn login_getpwclass ,
|
|
.Fn login_getclass
|
|
and
|
|
.Fn login_getuserclass
|
|
retrieve the applicable login class record for the user's passwd
|
|
entry or class name by calling
|
|
.Fn login_getclassbyname .
|
|
On failure, NULL is returned.
|
|
The difference between these functions is that
|
|
.Fn login_getuserclass
|
|
includes the user's overriding
|
|
.Pa .login_conf
|
|
that exists in the user's home directory, and
|
|
.Fn login_getpwclass
|
|
and
|
|
.Fn login_getclass
|
|
restrict lookup only to the system login class database in
|
|
.Pa /etc/login.conf .
|
|
As explained earlier,
|
|
.Fn login_getpwclass
|
|
only differs from
|
|
.Fn login_getclass
|
|
in that it allows the default class for user 'root' as "root"
|
|
if none has been specified in the password database.
|
|
Otherwise, if the passwd pointer is NULL, or the user record
|
|
has no login class, then the system "default" entry is retrieved.
|
|
.Pp
|
|
Once a program no longer wishes to use a login_cap_t object,
|
|
.Fn login_close
|
|
may be called to free all resources used by the login class.
|
|
The
|
|
.Fn login_close
|
|
function may be passed a NULL pointer with no harmful side-effects.
|
|
.Pp
|
|
The remaining functions may be used to retrieve individual
|
|
capability records.
|
|
Each function takes a login_cap_t object as its first parameter,
|
|
a capability tag as the second, and remaining parameters being
|
|
default and error values that are returned if the capability is
|
|
not found.
|
|
The type of the additional parameters passed and returned depend
|
|
on the
|
|
.Em type
|
|
of capability each deals with, be it a simple string, a list,
|
|
a time value, a file or memory size value, a path (consisting of
|
|
a colon-separated list of directories) or a boolean flag.
|
|
The manpage for
|
|
.Xr login.conf 5
|
|
deals in specific tags and their type.
|
|
.Pp
|
|
Note that with all functions in this group, you should not call
|
|
.Xr free 3
|
|
on any pointers returned.
|
|
Memory allocated during retrieval or processing of capability
|
|
tags is automatically reused by subsequent calls to functions
|
|
in this group, or deallocated on calling
|
|
.Fn login_close .
|
|
.Bl -tag -width "login_getcaplist()"
|
|
.It Fn login_getcapstr
|
|
This function returns a simple string capability.
|
|
If the string is not found, then the value in
|
|
.Ar def
|
|
is returned as the default value, or if an error
|
|
occurs, the value in the
|
|
.Ar error
|
|
parameter is returned.
|
|
.It Fn login_getcaplist
|
|
This function returns the value corresponding to the named
|
|
capability tag as a list of values in a NULL terminated
|
|
array.
|
|
Within the login class database, some tags are of type
|
|
.Em list ,
|
|
which consist of one or more comma- or space separated
|
|
values.
|
|
Usually, this function is not called directly from an
|
|
application, but is used indirectly via
|
|
.Fn login_getstyle .
|
|
.It Fn login_getpath
|
|
This function returns a list of directories separated by colons
|
|
.Ql &: .
|
|
Capability tags for which this function is called consist of a list of
|
|
directories separated by spaces.
|
|
.It Fn login_getcaptime
|
|
This function returns a
|
|
.Em time value
|
|
associated with a particular capability tag with the value expressed
|
|
in seconds (the default), minutes, hours, days, weeks or (365 day)
|
|
years or any combination of these.
|
|
A suffix determines the units used: S for seconds, M for minutes,
|
|
H for hours, D for days, W for weeks and Y for 365 day years.
|
|
Case of the units suffix is ignored.
|
|
.Pp
|
|
Time values are normally used for setting resource, accounting and
|
|
session limits.
|
|
If supported by the operating system and compiler (which is true of
|
|
.Fx ) ,
|
|
the value returned is a quad (long long), of type
|
|
.Em rlim_t .
|
|
A value "inf" or "infinity" may be used to express an infinite
|
|
value, in which case RLIM_INFINITY is returned.
|
|
.It Fn login_getcapnum
|
|
This function returns a numeric value for a tag, expressed either as
|
|
tag=<value> or the standard
|
|
.Fn cgetnum
|
|
format tag#<value>.
|
|
The first format should be used in preference to the second, the
|
|
second format is provided for compatibility and consistency with the
|
|
.Xr getcap 3
|
|
database format where numeric types use the
|
|
.Ql \&#
|
|
as the delimiter for numeric values.
|
|
If in the first format, then the value given may be "inf" or
|
|
"infinity" which results in a return value of RLIM_INFINITY.
|
|
If the given capability tag cannot be found, the
|
|
.Ar def
|
|
parameter is returned, and if an error occurs, the
|
|
.Ar error
|
|
parameter is returned.
|
|
.It Fn login_getcapsize
|
|
.Fn login_getcapsize
|
|
returns a value representing a size (typically, file or memory)
|
|
which may be expressed as bytes (the default), 512 byte blocks,
|
|
kilobytes, megabytes, gigabytes, and on systems that support the
|
|
.Ar long long
|
|
type, terabytes.
|
|
The suffix used determines the units, and multiple values and
|
|
units may be used in combination (e.g.\& 1m500k = 1.5 megabytes).
|
|
A value with no suffix is interpreted as bytes, B as 512-byte
|
|
blocks, K as kilobytes, M as megabytes, G as gigabytes and T as
|
|
terabytes.
|
|
Case is ignored.
|
|
The error value is returned if there is a login capabilities database
|
|
error, if an invalid suffix is used, or if a numeric value cannot be
|
|
interpreted.
|
|
.It Fn login_getcapbool
|
|
This function returns a boolean value tied to a particular flag.
|
|
It returns 0 if the given capability tag is not present or is
|
|
negated by the presence of a "tag@" (See
|
|
.Xr getcap 3
|
|
for more information on boolean flags), and returns 1 if the tag
|
|
is found.
|
|
.It Fn login_getstyle
|
|
This function is used by the login authorisation system to determine
|
|
the style of login available in a particular case.
|
|
The function accepts three parameters, the login_cap entry itself and
|
|
two optional parameters, and authorisation type 'auth' and 'style', and
|
|
applies these to determine the authorisation style that best suites
|
|
these rules.
|
|
.Bl -bullet
|
|
.It
|
|
If 'auth' is neither NULL nor an empty string, look for a tag of type
|
|
"auth-<auth>" in the capability record.
|
|
If not present, then look for the default tag "auth=".
|
|
.It
|
|
If no valid authorisation list was found from the previous step, then
|
|
default to "passwd" as the authorisation list.
|
|
.It
|
|
If 'style' is not NULL or empty, look for it in the list of authorisation
|
|
methods found from the pprevious step.
|
|
If 'style' is NULL or an empty string, then default to "passwd"
|
|
authorisation.
|
|
.It
|
|
If 'style' is found in the chosen list of authorisation methods, then
|
|
return that, otherwise return NULL.
|
|
.El
|
|
.Pp
|
|
This scheme allows the administrator to determine the types of
|
|
authorisation methods accepted by the system, depending on the
|
|
means by which the access occurs.
|
|
For example, the administrator may require skey or kerberos as
|
|
the authentication method used for access to the system via the
|
|
network, and standard methods via direct dialup or console
|
|
logins, significantly reducing the risk of password discovery
|
|
by "snooping" network packets.
|
|
.It Fn login_setcryptfmt
|
|
The
|
|
.Fn login_setcryptfmt
|
|
function is used to set the
|
|
.Xr crypt 3
|
|
format using the
|
|
.Ql passwd_format
|
|
configuration entry.
|
|
If no entry is found,
|
|
.Fa def
|
|
is taken to be used as the fallback.
|
|
If calling
|
|
.Xr crypt_set_format 3
|
|
on the specifier fails,
|
|
.Fa error
|
|
is returned to indicate this.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr crypt 3 ,
|
|
.Xr getcap 3 ,
|
|
.Xr login_class 3 ,
|
|
.Xr login.conf 5 ,
|
|
.Xr termcap 5
|