login_ok(3) [freebsd man page]
LOGIN_OK(3) BSD Library Functions Manual LOGIN_OK(3) NAME
auth_ttyok, auth_hostok, auth_timeok -- functions for checking login class based login restrictions LIBRARY
System Utilities Library (libutil, -lutil) SYNOPSIS
#include <sys/types.h> #include <time.h> #include <login_cap.h> int auth_ttyok(login_cap_t *lc, const char *tty); int auth_hostok(login_cap_t *lc, const char *host, char const *ip); int auth_timeok(login_cap_t *lc, time_t t); DESCRIPTION
This set of functions checks to see if login is allowed based on login class capability entries in the login database, login.conf(5). The auth_ttyok() function checks to see if the named tty is available to users of a specific class, and is either in the ttys.allow access list, and not in the ttys.deny access list. An empty ttys.allow list (or if no such capability exists for the given login class) logins via any tty device are allowed unless the ttys.deny list exists and is non-empty, and the device or its tty group (see ttys(5)) is not in the list. Access to ttys may be allowed or restricted specifically by tty device name, a device name which includes a wildcard (e.g. ttyD* or cuaD*), or may name a ttygroup, when group=<name> tags have been assigned in /etc/ttys. Matching of ttys and ttygroups is case sensitive. Passing a NULL or empty string as the tty parameter causes the function to return a non-zero value. The auth_hostok() function checks for any host restrictions for remote logins. The function checks on both a host name and IP address (given in its text form, typically n.n.n.n) against the host.allow and host.deny login class capabilities. As with ttys and their groups, wildcards and character classes may be used in the host allow and deny capability records. The fnmatch(3) function is used for matching, and the matching on hostnames is case insensitive. Note that this function expects that the hostname is fully expanded (i.e., the local domain name added if necessary) and the IP address is in its canonical form. No hostname or address lookups are attempted. It is possible to call this function with either the hostname or the IP address missing (i.e. NULL) and matching will be performed only on the basis of the parameter given. Passing NULL or empty strings in both parameters will result in a non-zero return value. The auth_timeok() function checks to see that a given time value is within the times.allow login class capability and not within the times.deny access lists. An empty or non-existent times.allow list allows access at any time, except if a given time is falls within a period in the times.deny list. The format of time period records contained in both times.allow and times.deny capability fields is explained in detail in the login_times(3) manual page. RETURN VALUES
A non-zero return value from any of these functions indicates that login access is granted. A zero return value means either that the item being tested is not in the allow access list, or is within the deny access list. SEE ALSO
getcap(3), login_cap(3), login_class(3), login_times(3), login.conf(5), termcap(5) BSD
January 2, 1997 BSD
Check Out this Related Man Page
GETTTYENT(3) BSD Library Functions Manual GETTTYENT(3) NAME
getttyent, getttynam, setttyent, endttyent -- get ttys file entry LIBRARY
Standard C Library (libc, -lc) SYNOPSIS
#include <ttyent.h> struct ttyent * getttyent(void); struct ttyent * getttynam(const char *name); int setttyent(void); int endttyent(void); DESCRIPTION
The getttyent(), and getttynam() functions each return a pointer to an object, with the following structure, containing the broken-out fields of a line from the tty description file. struct ttyent { char *ty_name; /* terminal device name */ char *ty_getty; /* command to execute, usually getty */ char *ty_type; /* terminal type for termcap */ #define TTY_ON 0x01 /* enable logins (start ty_getty program) */ #define TTY_SECURE 0x02 /* allow uid of 0 to login */ #define TTY_DIALUP 0x04 /* is a dialup tty */ #define TTY_NETWORK 0x08 /* is a network tty */ int ty_status; /* status flags */ char *ty_window; /* command to start up window manager */ char *ty_comment; /* comment field */ char *ty_group; /* tty group name */ }; The fields are as follows: ty_name The name of the character-special file. ty_getty The name of the command invoked to initialize tty line characteristics. ty_type The name of the default terminal type connected to this tty line. ty_status A mask of bit fields which indicate various actions allowed on this tty line. The possible flags are as follows: TTY_ON Enables logins TTY_SECURE Allow users with a uid of 0 to login on this terminal. TTY_DIALUP Identifies a tty as a dialin line. TTY_NETWORK Identifies a tty used for network connections. ty_window The command to execute for a window system associated with the line. ty_group A group name to which the tty belongs. If no group is specified in the ttys description file, then the tty is placed in an anonymous group called "none". ty_comment Any trailing comment field, with any leading hash marks (``#'') or whitespace removed. If any of the fields pointing to character strings are unspecified, they are returned as null pointers. The field ty_status will be zero if no flag values are specified. See ttys(5) for a more complete discussion of the meaning and usage of the fields. The getttyent() function reads the next line from the ttys file, opening the file if necessary. The setttyent() function rewinds the file if open, or opens the file if it is unopened. The endttyent() function closes any open files. The getttynam() function searches from the beginning of the file until a matching name is found (or until EOF is encountered). RETURN VALUES
The routines getttyent() and getttynam() return a null pointer on EOF or error. The setttyent() function and endttyent() return 0 on failure and 1 on success. FILES
/etc/ttys SEE ALSO
login(1), ttyslot(3), gettytab(5), termcap(5), ttys(5), getty(8), HISTORY
The getttyent(), getttynam(), setttyent(), and endttyent() functions appeared in 4.3BSD. BUGS
These functions use static data storage; if the data is needed for future use, it should be copied before any subsequent calls overwrite it. BSD
November 17, 1996 BSD