login_cap_t
*
login_getclass(
char *class
)
int
login_getcapbool(
login_cap_t *lc
, const char *cap
, u_int def
)
quad_t
login_getcapnum(
login_cap_t *lc
, const char *cap
, quad_t def
, quad_t err
)
quad_t
login_getcapsize(
login_cap_t *lc
, const char *cap
, quad_t def
, quad_t err
)
char
*
login_getcapstr(
login_cap_t *lc
, const char *cap
, char *def
, char *err
)
quad_t
login_getcaptime(
login_cap_t *lc
, const char *cap
, quad_t def
, quad_t err
)
void
login_close(
login_cap_t *lc
)
int
setclasscontext(
const char *class
, u_int flags
)
int
setusercontext(
login_cap_t *lc
, const struct passwd *pwd
, uid_t uid
, u_int flags
)
)
function extracts the entry specified by
class
(or
default
if
class
is NULL or the empty string)
from
/etc/login.conf
(see
login.conf(5)).
If the entry is found, a
login_cap_t
pointer is returned.
NULL is returned if the user class is not found.
When the
login_cap_t
structure is no longer needed, it should be freed by the
login_close(
)
function.
Once
lc
has been returned by
login_getclass(),
any of the other
login_*(
)
functions may be called.
The
login_getcapnum(),
login_getcapsize(
),
login_getcapstr(
),
and
login_getcaptime(
)
functions all query the database entry for a field named
cap.
If the field is found, its value is returned.
If the field is not found, the value specified by
def
is returned.
If an error is encountered while trying to find the field,
err
is returned.
See
login.conf(5)
for a discussion of the various textual forms the value may take.
The
login_getcapbool(
)
function is slightly different.
It returns
def
if no capabilities were found for this class (typically meaning that
the default class was used and the
/etc/login.conf
file is missing).
It returns a non-zero value if
cap,
with no value, was found,
zero otherwise.
The
setclasscontext()
function takes
class,
the name of a user class,
and sets the resources defined by that class according to
flags.
Only the
LOGIN_SETPATH
,
LOGIN_SETPRIORITY
,
LOGIN_SETRESOURCES
,
and
LOGIN_SETUMASK
bits are used.
(See
setusercontext()
below).
It returns 0 on success and -1 on failure.
The
setusercontext()
function
sets the resources according to
flags.
The
lc
argument, if not NULL, contains the class information that should
be used.
The
pwd
argument, if not NULL, provides information about the user.
Both
lc
and
pwd
cannot be NULL.
The
uid
argument is used in place of the user id contained in the
pwd
structure when calling
setuid(2).
The various bits available to be or-ed together to make up
flags
are:
PATH
environment variable.
)
is allocated via
malloc(3)
when the specified capability is present and thus it is the responsibility
of the caller to
free(
)
this space.
However, if the capability was not found or an error occurred and
def
or
err
(whichever is relevant) are non-NULL the returned value is simply what
was passed in to
login_getcapstr(
).
Therefore it is not possible to blindly
free(
)
the return value without first checking it against
def
and
err
.
The same warnings set forth in
setlogin(2)
apply to
setusercontext()
when the
LOGIN_SETLOGIN
flag is used.
Specifically, changing the login name affects all processes in the current
session, not just the current process.
See
setlogin(2)
for more information.