diff options
author | David Nugent <davidn@FreeBSD.org> | 1997-01-04 16:50:08 +0000 |
---|---|---|
committer | David Nugent <davidn@FreeBSD.org> | 1997-01-04 16:50:08 +0000 |
commit | 68bbf3adb0b5def46b5174261657b038543972e3 (patch) | |
tree | aa04c54fb028c62bb1d96580ed4783ff2af6df69 /lib/libutil/login_ok.3 | |
parent | a87a87a21c5ccd50a0f8d5b316341b79ee022202 (diff) | |
download | src-68bbf3adb0b5def46b5174261657b038543972e3.tar.gz src-68bbf3adb0b5def46b5174261657b038543972e3.zip |
Library functions relating to the login class capabilities database,
including manpages.
See also login_cap.h.
Notes
Notes:
svn path=/head/; revision=21288
Diffstat (limited to 'lib/libutil/login_ok.3')
-rw-r--r-- | lib/libutil/login_ok.3 | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/lib/libutil/login_ok.3 b/lib/libutil/login_ok.3 new file mode 100644 index 000000000000..c459d9482f92 --- /dev/null +++ b/lib/libutil/login_ok.3 @@ -0,0 +1,109 @@ +.\" Copyright (c) 1995 David Nugent <davidn@blaze.net.au> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, is permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice immediately at the beginning of the file, without modification, +.\" this list of conditions, and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. This work was done expressly for inclusion into FreeBSD. Other use +.\" is permitted provided this notation is included. +.\" 4. Absolutely no warranty of function or purpose is made by the author +.\" David Nugent. +.\" 5. Modifications may be freely made to this file providing the above +.\" conditions are met. +.\" +.\" $Id$ +.\" +.Dd January 2, 1997 +.Os FreeBSD +.Dt LOGIN_OK 3 +.Sh NAME +.Nm auth_ttyok +.Nm auth_hostok +.Nm auth_timeok +.Nd Functions for checking login class based login restrictions +.Sh SYNOPSIS +.Fd #include <sys/types.h> +.Fd #include <time.h> +.Fd #include <login_cap.h> +.Ft int +.Fn auth_ttyok "login_cap_t *lc" "const char *tty" +.Ft int +.Fn auth_hostok "login_cap_t *lc" "const char *host" "char const *ip" +.Ft int +.Fn auth_timeok "login_cap_t *lc" "time_t t" +.Sh DESCRIPTION +This set of functions checks to see if login is allowed based on login +class capability entries in the login database, +.Xr login.conf 5 . +.Pp +.Fn auth_ttyok +checks to see if the named tty is available to users of a specific +class, and is either in the "ttys.allow" access list, and not in +the "ttys.deny" access list. +An empty "ttys.allowed" list (or if no such capability exists for +the give login class) logins via any tty device are allowed unless +the "ttys.deny" list exists and is non-empty, and the device or its +tty group (see +.Xr ttys 5 ) +is not in the list. +Access to ttys may be allowed or restricted specifically by tty device +name, a device name which includes a wildcard (e.g. ttyD* or cuaD*), +or may name a ttygroup, when group=<name> tags have been assigned in +.Pa /etc/ttys . +Matching of ttys and ttygroups is case sensitive. +Passing a NULL or empty string as the +.Ar tty +parameter causes the function to return a non-zero value. +.Pp +.Fn auth_hostok +checks for any host restrictions for remote logins. +The function checks on both a host name and IP address (given in its +text form, typically n.n.n.n) against the "host.allow" and "host.deny" +login class capabilities. +As with ttys and their groups, wildcards and character classes may be +used in the host allow and deny capability records. +The +.Xr fnmatch 3 +function is used for matching, and the matching on hostnames is case +insensitive. +Note that this function expects that the hostname is fully expanded +(i.e. the local domain name added if necessary) and the IP address +is in its canonical form. +No hostname or address lookups are attempted. +.Pp +It is possible to call this function with either the hostname or +the IP address missing (i.e. NULL) and matching will be performed +only on the basis of the parameter given. +Passing NULL or empty strings in both parameters will result in +a non-zero return value. +.Pp +The +.Fn auth_timeok +function checks to see that a given time value is within the +"times.allow" login class capability and not within the +"times.deny" access lists. +An empty or non-existent "times.allow" list allows access at any +time, except if a given time is falls within a period in the +"times.deny" list. +The format of time period records contained in both "times.allow" +and "times.deny" capability fields is explained in detail in the +.Xr login_times 3 +manual page. +.Sh RETURN VALUES +A non-zero return value from any of these functions indicates that +login access is granted. +A zero return value means either that the item being tested is not +in the "allow" access list, or is within the "deny" access list. +.Sh SEE ALSO +.Xr login.conf 5 , +.Xr login_cap 3 , +.Xr login_class 3 , +.Xr login_times 3 , +.Xr termcap 5 , +.Xr getcap 3 |