Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
LOGIN_CAP(3)              OpenBSD Programmer's Manual             LOGIN_CAP(3)

     login_getclass, login_getstyle, login_getcapbool, login_getcapnum,
     login_getcapsize, login_getcapstr, login_getcaptime, login_close,
     secure_path, setclasscontext, setusercontext - query login.conf database
     about a user class

     #include <login_cap.h>

     login_cap_t *
     login_getclass(char *class);

     char *
     login_getstyle(login_cap_t *lc, char *style, char *type);

     login_getcapbool(login_cap_t *lc, char *cap, u_int def);

     login_getcapnum(login_cap_t *lc, char *cap, quad_t def, quad_t err);

     login_getcapsize(login_cap_t *lc, char *cap, quad_t def, quad_t err);

     char *
     login_getcapstr(login_cap_t *lc, char *cap, char *def, char *err);

     login_getcaptime(login_cap_t *lc, char *cap, quad_t def, quad_t err);

     login_close(login_cap_t *lc);

     secure_path(char *path);

     setclasscontext(char *class, u_int flags);

     setusercontext(login_cap_t *lc, struct passwd *pwd, uid_t uid,
             u_int flags);

     The login_getclass() function extracts the entry specified by class (or
     default if class is NULL or the empty string) from /etc/login.conf (see
     login.conf(5)). If the entry is found, a login_cap_t pointer is returned.
     NULL is returned if the user class is not found.  When the login_cap_t
     structure is no longer needed, it should be freed by the login_close()

     Once lc has been returned by login_getclass(), any of the other login_*()
     functions may be called.  The login_getstyle() function is used to obtain
     the style of authentication that should be used for this user class.  The
     style argument may either be NULL or the desired style of authentication.
     If NULL, the first available authentication style will be used.  The type
     argument refers to the type of authentication being performed.  This is
     used to override the standard auth entry in the database.  By convention
     this should be of the form "auth-type".  Future releases may remove the
     requirement for the "auth-" prefix and add it if it is missing.  If type
     is NULL then only "auth" will be looked at.  (See login.conf(5)). The
     login_getstyle() function will return NULL if the desired style of au-
     thentication is not available, or if no style is available.
     The login_getcapnum(), login_getcapsize(), login_getcapstr(), and
     login_getcaptime() functions all query the database entry for a field
     named cap. If the field is found, its value is returned.  If the field is
     not found, the value specified by def is returned.  If an error is en-
     countered while trying to find the field, err is returned.  See lo-
     gin.conf(5) for a discussion of the various textual forms the value may
     take.  The login_getcapbool() function is slightly different.  It returns
     def if no capabilities were found for this class (typically meaning that
     the default class was used and the /etc/login.conf file is missing).  It
     returns a non-zero value if cap, with no value, was found, zero other-

     The secure_path() function takes a path name and returns 0 if the path
     name is secure, -1 if not.  To be secure a path must exist, be a regular
     file (and not a directory), owned by root, and only writable by the owner

     The setclasscontext() function takes class, the name of a user class, and
     sets the resources defined by that class according to flags. Only the
     bits are used.  (See setusercontext() below).  It returns 0 on success
     and -1 on failure.

     The setusercontext() function sets the resources according to flags. The
     lc argument, if not NULL, contains the class information that should be
     used.  The pwd argument, if not NULL, provides information about the us-
     er.  Both lc and pwd cannot be NULL. The uid argument is used in place of
     the user ID contained in the pwd structure when calling setuid(2). The
     setusercontext() function returns 0 on success and -1 on failure.  The
     various bits available to be or-ed together to make up flags are:

     LOGIN_SETGROUP        Set the group id and call initgroups(3). Requires
                           the pwd field be specified.

     LOGIN_SETLOGIN        Sets the login name by setlogin(2). Requires the
                           pwd field be specified.

     LOGIN_SETPATH         Sets the PATH environment variable.

     LOGIN_SETPRIORITY     Sets the priority by setpriority(2).

     LOGIN_SETRESOURCES    Sets the various system resources by setrlimit(2).

     LOGIN_SETUMASK        Sets the umask by umask(2).

     LOGIN_SETUSER         Sets the user ID to uid by setuid(2).

     LOGIN_SETALL          Sets all of the above.

     setlogin(2), setpriority(2), setrlimit(2), setuid(2), umask(2),
     initgroups(3), login.conf(5)

     The login_getclass function first appeared in OpenBSD 2.8.

     The string returned by login_getcapstr() is allocated via malloc(3) when
     the specified capability is present and thus it is the responsibility of
     the caller to free() this space.  However, if the capability was not
     found or an error occurred and def or err (whichever is relevant) are
     non-NULL the returned value is simply what was passed in to
     login_getcapstr().  Therefore it is not possible to blindly free() the
     return value without first checking it against def and err.

     The same warnings set forth in setlogin(2) apply to setusercontext() when
     the LOGIN_SETLOGIN flag is used.  Specifically, changing the login name
     affects all processes in the current session, not just the current pro-
     cess.  See setlogin(2) for more information.

OpenBSD 3.1                      July 16, 1996                               3


Want to link to this manual page? Use this URL:

home | help