*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Tru64 Unix man pages -> getprdfent (3)              
Title
Content
Arch
Section
 

getesdfent(3)

Contents


NAME    [Toc]    [Back]

       getesdfent,  getesdfnam,  setprdfent, endprdfent, putesdfnam,
 getprdfent,  getprdfnam,  putprdfnam,  copyesdfent  -
       Manipulate  system  default database entry (Enhanced Security)

SYNOPSIS    [Toc]    [Back]

       #include <sys/types.h> #include <sys/security.h>  #include
       <prot.h>

       struct es_default *getesdfent(
               void ); struct es_default *getesdfnam(
               char *name ); void setprdfent(
               void ); void endprdfent(
               void ); int putesdfnam(
               char *name,
               struct  es_default *pr ); struct es_default *copyesdfent(

               struct es_default *pr );

                                  Note

       The getprdfent(), getprdfnam(), and putprdfnam()  routines
       have  been  replaced  by  getesdfent(),  getesdfnam(), and
       putesdfnam() respectively.

LIBRARY    [Toc]    [Back]

       Security Library (libsecurity.so)

       NOTE: In order to quickstart a program, the  program  must
       be linked as follows: -lsecurity -ldb -laud -lm

       See  the  shared  library  discussion  in the Programmer's
       Guide for more information about using  the  quickstarting
       feature.

PARAMETERS    [Toc]    [Back]

       Specifies a system default database entry name.  Specifies
       a system default database control entry structure.

DESCRIPTION    [Toc]    [Back]

       The getesdfent(), getesdfnam(),  and  copyesdfent()  functions
  each return a pointer to an object with the following
 structure containing the  separated-out  fields  of  a
       line  in  the  system  default  database. Each line in the
       database contains a es_default structure, declared in  the
       <prot.h> file as follows:

       struct  es_default  {
               AUTH_ESCAP_COMMON
               char                       *dd_name;  /*  copy  of
       sfld->fd_name */
               int                       dg_name;   /*  copy   of
       sflg->fg_name */
               size_t                   esprof_flen;
               struct espw_field        *prd;
               struct espw_flag         *prg;
               size_t                   estc_flen;
               struct estc_field        *tcd;
               struct estc_flag         *tcg;
               size_t                   esdev_flen;
               struct esdev_field       *devd;
               struct esdev_flag        *devg;
               size_t                   fieldlen;
               struct es_default_fields *sfld;
               struct es_default_flags  *sflg; } ;

       struct  system_default_fields
         {
           time_t      fd_inactivity_timeout;
           time_t      fd_pw_expire_warning;
           char        fd_pw_site_callout[MAXPATHLEN];
           mask_t      fd_secclass[AUTH_SECCLASSVEC_SIZE];
                                     /* System security class */
           char        fd_boot_authenticate;
           char        fd_audit_enable;

         } ;

       struct  system_default_flags
         {
           unsigned int
                       fg_inactivity_timeout  : 1,
                       fg_pw_expire_warning   : 1,
                       fg_pw_site_callout     : 1,
                       fg_boot_authenticate   : 1,
                       fg_audit_enable        : 1,
                       fg_secclass            : 1 ;
         } ;


       struct         es_default_fields
         {
           char       *fd_name;
           time_t     fd_inactivity_timeout;
           time_t     fd_pw_expire_warning;
           char       *fd_pw_site_callout;

           mand_ir_t  *fd_single_user_sl;

           mask_t      *fd_secclass;         /*  System  security
       class */
           char       fd_boot_authenticate;
           char       fd_audit_enable;

           char        fd_preexpire;         /*   admin-set   psw
       should be expired */
           char        fd_skip_ttys_update; /* skip putprtcnam in
       login path */
           char       fd_auto_migrate_u;   /* auto-create  'missing'
 profiles */
           time_t     fd_max_vac_future;   /* how far into future
       can vac. be? */
           time_t     fd_max_vac_len;      /* how long  can  vac.
       be  (by  user)?  */ /* if either of the above fields is 0,
       user-originated 'vacation' *  scheduling is disabled.  */

           char       fd_accept_vouch;     /*  accept  'vouching'
       in SIA */
         } ;

       struct         es_default_flags
         {
           unsigned int
                fg_name                : 1,
                fg_inactivity_timeout  : 1,
                fg_pw_expire_warning   : 1,
                fg_pw_site_callout     : 1,
                fg_single_user_sl       :  1,  /* sens. level for
       single-user*/
                fg_boot_authenticate   : 1,
                fg_audit_enable        : 1,
                fg_secclass            : 1,
                fg_preexpire           : 1,  /*  Is  fd_preexpire
       set? */
                fg_skip_ttys_update        :    1,     /*    Have
       fd_skip_ttys_update? */
                fg_auto_migrate_u         :    1,     /*     Have
       fd_auto_migrate_u? */
                fg_max_vac_future          :    1,     /*    Have
       fd_max_vac_future? */
                fg_max_vac_len            :    1,     /*     Have
       fd_max_vac_len? */
                fg_accept_vouch            :    1      /*    Have
       fd_accept_vouch? */
                ;
         } ;

       Currently there is only one entry in  the  system  default
       database, referenced by the name "default".

       The  system  default  database contains default values for
       all parameters in the protected  password,  terminal  control,
  and device assignment databases, as well as configurable
 system-wide parameters. The fields from  the  other
       databases  are  described  in  the corresponding reference
       pages.  This field is the time, in seconds, before a password's
  expiration that the system begins printing expiration
 warnings when the user logs in.  Although not used in
       the  software,  this field is an indicator of the system's
       TCSEC (Orange Book) class  of  trust.   This  field  is  a
       Boolean  flag  that  indicates  whether an authorized user
       must authenticate before the system begins operation. This
       field  is  reserved  for  future  use.  This field and the
       fd_audit_flag are always 0 (zero).   Name  of  the  entry.
       Reserved for future use.  Pathname for the password policy
       callout script (or program, if replaced by the site).   It
       is  currently shipped as "/tcb/bin/pwpolicy".  Flag determining
 whether  passwords  set  by  system  administrators
       should be pre-expired. Honored by the dxchpwd program (and
       thus by dxaccounts), as well as by the auto-migration code
       in  the  login  sequence  (see  fd_auto_migrate_u).   Flag
       which, if set, disables break-in evasion for terminals  by
       skipping  the  update  of the ttys database during logins.
       Flag determining whether user accounts  which  have  valid
       accounts  according  to getpwnam() but which have no entry
       visible to getespwnam() should have  an  extended  profile
       created   automatically  during  login  processing.   Time
       interval (in seconds) specifying the maximum time from the
       current time at which a user-initiated vacation can start.
       (Administratively-set vacations are not  subject  to  this
       limit.)   If 0, no user-initiated vacationing is possible.
       Maximum time interval (in seconds) which can be set as the
       duration  of  a user-initiated vacation request. (Administratively-set
 vacations are not subject  to  this  limit.)
       If  0,  no  user-initiated  vacationing is possible.  Flag
       determining whether the enhanced security  login  sequence
       accepts  password  validation  from another SIA mechanism,
       such as DCE.

       The getesdfent() function returns a pointer to  the  first
       es_default  structure  in  the database when first called.
       Thereafter, it returns a pointer to  the  next  es_default
       structure in the database, so successive calls can be used
       to search the  database  (not  currently  supported).  The
       getesdfnam()  function  searches from the beginning of the
       file until a default entry matching  name  is  found,  and
       returns  a pointer to the particular structure in which it
       was found. If an end-of-file or an error is encountered on
       reading, these functions return a null pointer. Currently,
       all programs access the default database by calling getesdfnam()
 (the default).

       The  copyesdfent()  function  copies pr, and the fields to
       which it refers, to a newly allocated data area.   Because
       the getesdfent() and putesdfent() functions reuse a static
       structure when accessing the database, the values  of  any
       entry  must  be  saved  if  the database routines are used
       again.  The es_default structure returned by copyesdfent()
       can be freed using the free() function.

       A  call  to  the  setprdfent()  function has the effect of
       rewinding the  default  control  file  to  allow  repeated
       searches. The endprdfent() function can be called to close
       the database when processing is complete.

       The putesdfnam() function puts a new or  replaced  default
       control  entry  pr with key name into the database. If the
       sflg->fg_name field contains a  value  of  0  (zero),  the
       requested  entry   is  deleted  from  the  system  default
       database. The putesdfnam() function locks the database for
       all  update operations, and performs an endprdfent() after
       the update or failed attempt.

CAUTIONS    [Toc]    [Back]

       Structures  returned  by  the  database  routines  contain
       pointers  to character strings and lists rather than being
       self-contained. The copyesdfent() function  must  be  used
       rather  than  doing  a  structure  assignment  to  save  a
       returned structure.

       The value returned by the  getesdfent()  and  getesdfnam()
       functions  refers  to  a  structure that is overwritten by
       calls to the function. To retrieve an  entry,  modify  it,
       and  replace  it  in the database, you must copy the entry
       using the copyesdfent() function and supply  the  modified
       buffer to the putesdfent() function.

RETURN VALUES    [Toc]    [Back]

       The  () and getesdfnam() functions return null pointers on
       EOF or an error.

       The putesdfnam() function returns a value of 0  (zero)  if
       it cannot add or update the entry.

       The  copyesdfent()  function returns a pointer, or NULL on
       (allocation) error.

FILES    [Toc]    [Back]

       System defaults database.

SEE ALSO    [Toc]    [Back]

      
      
       Functions: getespwent(3), getestcent(3), getesdvent(3)

       Files: authcap(4), default(4)

       Security



                                                    getesdfent(3)
[ Back ]
 Similar pages
Name OS Title
default Tru64 System default database file (Enhanced Security)
putprfinam Tru64 Manipulate file control database entry (Enhanced Security)
getesfinam Tru64 Manipulate file control database entry (Enhanced Security)
putestcnam Tru64 Manipulate terminal control database entry (Enhanced Security)
putespwnam Tru64 Manipulate protected password database entry (Enhanced Security)
endprtcent Tru64 Manipulate terminal control database entry (Enhanced Security)
putesdvnam Tru64 Manipulate device assignment database entry (Enhanced Security)
endprfient Tru64 Manipulate file control database entry (Enhanced Security)
enddvagent Tru64 Manipulate device assignment database entry (Enhanced Security)
getprfient Tru64 Manipulate file control database entry (Enhanced Security)
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service