diff options
author | Diomidis Spinellis <dds@FreeBSD.org> | 2004-05-11 11:05:26 +0000 |
---|---|---|
committer | Diomidis Spinellis <dds@FreeBSD.org> | 2004-05-11 11:05:26 +0000 |
commit | 94cf9da03c17f6ae69c4839c43d61f96b3215622 (patch) | |
tree | 79970332a81d4097820fb7f7606545e30f8708e8 /lib | |
parent | f52e2ef29fc14c435e73831f1eabc4c29af9702b (diff) | |
download | src-94cf9da03c17f6ae69c4839c43d61f96b3215622.tar.gz src-94cf9da03c17f6ae69c4839c43d61f96b3215622.zip |
Bring the description for login_getclassbyname in sync with the function's
arguments. The function has as a second argument a struct passwd * pointer,
not a directory name.
MFC after: 2 weeks
Notes
Notes:
svn path=/head/; revision=129112
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libutil/login_cap.3 | 29 | ||||
-rw-r--r-- | lib/libutil/login_cap.c | 7 |
2 files changed, 28 insertions, 8 deletions
diff --git a/lib/libutil/login_cap.3 b/lib/libutil/login_cap.3 index ccbb93f603ac..b3a2d6660059 100644 --- a/lib/libutil/login_cap.3 +++ b/lib/libutil/login_cap.3 @@ -175,13 +175,15 @@ function to the authorisation style, according to the requirements of the program handling a login itself. .Pp As noted above, the -.Fn get*class +.Fn login_get*class functions return a login_cap_t object which is used to access the matching or default record in the capabilities database. The -.Fn getclassbyname +.Fn login_getclassbyname function accepts two arguments: the first one is the record identifier of the -record to be retrieved, the second is an optional directory name. +record to be retrieved, the second is an optional pointer to a +.Li passwd +structure. If the first .Ar name argument is NULL, an empty string, or a class that does not exist @@ -189,9 +191,17 @@ in the supplemental or system login class database, then the system .Em default record is returned instead. If the second -.Ar dir +.Ar pwd parameter is NULL, then only the system login class database is -used, but when not NULL, the named directory is searched for +used. +However, +if the +.Ar pwd +parameter and the value of +.Ar pwd->pw_dir +are both not NULL, then the directory contained in +.Ar pwd->pw_dir +is searched for a login database file called ".login_conf", and capability records contained within it may override the system defaults. This scheme allows users to override some login settings from @@ -215,6 +225,15 @@ The user's .Pa .login_conf merely provides a convenient way for a user to set up their preferred login environment before the shell is invoked on login. +Note that access to the +.Pa /etc/login.conf +and +.Pa .login_conf +files will only be performed subject to the security checks documented in +.Xr _secure_path 3 +for the uids 0 and +.Ar pwd->pw_uid +respectively. .Pp If the specified record is NULL, empty or does not exist, and the system has no "default" record available to fall back to, there is a diff --git a/lib/libutil/login_cap.c b/lib/libutil/login_cap.c index ad1dacbb6a79..50ebf260620e 100644 --- a/lib/libutil/login_cap.c +++ b/lib/libutil/login_cap.c @@ -172,9 +172,10 @@ login_close(login_cap_t * lc) * login_getclassbyname() get the login class by its name. * If the name given is NULL or empty, the default class * LOGIN_DEFCLASS (ie. "default") is fetched. If the - * 'dir' argument contains a non-NULL non-empty string, - * then the file _FILE_LOGIN_CONF is picked up from that - * directory instead of the system login database. + * 'pwd' argument is non-NULL and contains an non-NULL + * dir entry, then the file _FILE_LOGIN_CONF is picked + * up from that directory and used before the system + * login database. * Return a filled-out login_cap_t structure, including * class name, and the capability record buffer. */ |