| blob | 57190e9e5653a0552068c24826eef5d1cdd30fc7 |
1 .\" $NetBSD: login_cap.3,v 1.18 2010/05/05 22:05:31 wiz Exp $
2 .\"
3 .\" Copyright (c) 1996,1997 Berkeley Software Design, Inc. All rights reserved.
4 .\"
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
7 .\" are met:
8 .\" 1. Redistributions of source code must retain the above copyright
9 .\" notice, this list of conditions and the following disclaimer.
10 .\" 2. Redistributions in binary form must reproduce the above copyright
11 .\" notice, this list of conditions and the following disclaimer in the
12 .\" documentation and/or other materials provided with the distribution.
13 .\" 3. All advertising materials mentioning features or use of this software
14 .\" must display the following acknowledgement:
15 .\" This product includes software developed by Berkeley Software Design,
16 .\" Inc.
17 .\" 4. The name of Berkeley Software Design, Inc. may not be used to endorse
18 .\" or promote products derived from this software without specific prior
19 .\" written permission.
20 .\"
21 .\" THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
22 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 .\" ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
25 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 .\" SUCH DAMAGE.
32 .\"
33 .\" BSDI login_cap.3,v 1.4 1997/11/07 16:22:27 jch Exp
34 .\"
35 .Dd October 6, 2007
36 .Dt LOGIN_CAP 3
37 .Os
38 .Sh NAME
39 .Nm login_getclass ,
40 .Nm login_getcapbool ,
41 .Nm login_getcapnum ,
42 .Nm login_getcapsize ,
43 .Nm login_getcapstr ,
44 .Nm login_getcaptime ,
45 .Nm login_close ,
46 .Nm setclasscontext ,
47 .Nm setusercontext
48 .Nd query login.conf database about a user class
49 .Sh LIBRARY
50 .Lb libutil
51 .Sh SYNOPSIS
52 .In sys/types.h
53 .In login_cap.h
54 .Ft login_cap_t *
55 .Fn login_getclass "char *class"
56 .Ft int
57 .Fn login_getcapbool "login_cap_t *lc" "const char *cap" "u_int def"
58 .Ft quad_t
59 .Fn login_getcapnum "login_cap_t *lc" "const char *cap" "quad_t def" "quad_t err"
60 .Ft quad_t
61 .Fn login_getcapsize "login_cap_t *lc" "const char *cap" "quad_t def" "quad_t err"
62 .Ft char *
63 .Fn login_getcapstr "login_cap_t *lc" "const char *cap" "char *def" "char *err"
64 .Ft quad_t
65 .Fn login_getcaptime "login_cap_t *lc" "const char *cap" "quad_t def" "quad_t err"
66 .Ft void
67 .Fn login_close "login_cap_t *lc"
68 .Ft int
69 .Fn setclasscontext "const char *class" "u_int flags"
70 .Ft int
71 .Fn setusercontext "login_cap_t *lc" "const struct passwd *pwd" "uid_t uid" "u_int flags"
72 .Sh DESCRIPTION
73 The
74 .Fn login_getclass
75 function extracts the entry specified by
76 .Ar class
77 (or
78 .Li default
79 if
80 .Ar class
81 is
82 .Dv NULL
83 or the empty string)
84 from
85 .Pa /etc/login.conf
86 (see
87 .Xr login.conf 5 ) .
88 If the entry is found, a
89 .Li login_cap_t
90 pointer is returned.
91 .Dv NULL
92 is returned if the user class is not found.
93 When the
94 .Li login_cap_t
95 structure is no longer needed, it should be freed by the
96 .Fn login_close
97 function.
98 .Pp
99 Once
100 .Ar lc
101 has been returned by
102 .Fn login_getclass ,
103 any of the other
104 .Fn login_*
105 functions may be called.
106 .Pp
107 The
108 .Fn login_getcapnum ,
109 .Fn login_getcapsize ,
110 .Fn login_getcapstr ,
111 and
112 .Fn login_getcaptime
113 functions all query the database entry for a field named
114 .Ar cap .
115 If the field is found, its value is returned.
116 If the field is not found, the value specified by
117 .Ar def
118 is returned.
119 If an error is encountered while trying to find the field,
120 .Ar err
121 is returned.
122 See
123 .Xr login.conf 5
124 for a discussion of the various textual forms the value may take.
125 The
126 .Fn login_getcapbool
127 function is slightly different.
128 It returns
129 .Ar def
130 if no capabilities were found for this class (typically meaning that
131 the default class was used and the
132 .Li /etc/login.conf
133 file is missing).
134 It returns a non-zero value if
135 .Ar cap ,
136 with no value, was found,
137 zero otherwise.
138 .Pp
139 The
140 .Fn setclasscontext
141 function takes
142 .Ar class ,
143 the name of a user class,
144 and sets the resources defined by that class according to
145 .Ar flags .
146 Only the
147 .Dv LOGIN_SETPATH ,
148 .Dv LOGIN_SETPRIORITY ,
149 .Dv LOGIN_SETRESOURCES ,
150 and
151 .Dv LOGIN_SETUMASK
152 bits are used.
153 (See
154 .Fn setusercontext
155 below).
156 It returns 0 on success and -1 on failure.
157 .Pp
158 The
159 .Fn setusercontext
160 function
161 sets the resources according to
162 .Ar flags .
163 The
164 .Ar lc
165 argument, if not
166 .Dv NULL ,
167 contains the class information that should
168 be used.
169 The
170 .Ar pwd
171 argument, if not
172 .Dv NULL ,
173 provides information about the user.
174 Both
175 .Ar lc
176 and
177 .Ar pwd
178 cannot be
179 .Dv NULL .
180 The
181 .Ar uid
182 argument is used in place of the user id contained in the
183 .Ar pwd
184 structure when calling
185 .Xr setuid 2 .
186 The various bits available to be or-ed together to make up
187 .Ar flags
188 are:
189 .Bl -tag -width LOGIN_SETRESOURCESXX
190 .It LOGIN_SETGID
191 Set the group id.
192 Requires the
193 .Ar pwd
194 field be specified.
195 .It LOGIN_SETGROUPS
196 Set the group membership list by calling
197 .Xr initgroups 3 .
198 Requires the
199 .Ar pwd
200 field be specified.
201 .It LOGIN_SETGROUP
202 Set the group id and call
203 .Xr initgroups 3 .
204 Requires the
205 .Ar pwd
206 field be specified.
207 .It LOGIN_SETLOGIN
208 Sets the login name by
209 .Xr setlogin 2 .
210 Requires the
211 .Ar pwd
212 field be specified.
213 .It LOGIN_SETPATH
214 Sets the
215 .Ev PATH
216 environment variable.
217 .It LOGIN_SETPRIORITY
218 Sets the priority by
219 .Xr setpriority 2 .
220 .It LOGIN_SETRESOURCES
221 Sets the various system resources by
222 .Xr setrlimit 2 .
223 .It LOGIN_SETUMASK
224 Sets the umask by
225 .Xr umask 2 .
226 .It LOGIN_SETUSER
227 Sets the user id to
228 .Ar uid
229 by
230 .Xr setuid 2 .
231 .It LOGIN_SETENV
232 Sets the environment variables as defined by the setenv keyword, by
233 .Xr setenv 3 .
234 .It LOGIN_SETALL
235 Sets all of the above.
236 .El
237 .Sh SEE ALSO
238 .Xr setlogin 2 ,
239 .Xr setpriority 2 ,
240 .Xr setrlimit 2 ,
241 .Xr setuid 2 ,
242 .Xr umask 2 ,
243 .Xr initgroups 3 ,
244 .Xr secure_path 3 ,
245 .Xr login.conf 5
246 .Sh HISTORY
247 The
248 .Nm
249 family of functions are largely based on the
250 .Bsx
251 implementation of same, and appeared in
252 .Nx 1.5
253 by kind permission.
254 .Sh CAVEATS
255 The string returned by
256 .Fn login_getcapstr
257 is allocated via
258 .Xr malloc 3
259 when the specified capability is present and thus it is the responsibility
260 of the caller to
261 .Fn free
262 this space.
263 However, if the capability was not found or an error occurred and
264 .Fa def
265 or
266 .Fa err
267 (whichever is relevant) are
268 .Pf non- Dv NULL
269 the returned value is simply what was passed in to
270 .Fn login_getcapstr .
271 Therefore it is not possible to blindly
272 .Fn free
273 the return value without first checking it against
274 .Fa def
275 and
276 .Fa err .
277 .Pp
278 The same warnings set forth in
279 .Xr setlogin 2
280 apply to
281 .Fn setusercontext
282 when the
283 .Dv LOGIN_SETLOGIN
284 flag is used.
285 Specifically, changing the login name affects all processes in the current
286 session, not just the current process.
287 See
288 .Xr setlogin 2
289 for more information.