putesdfnam man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

getesdfent(3)							 getesdfent(3)

NAME
       getesdfent, getesdfnam, setprdfent, endprdfent, putesdfnam, getprdfent,
       getprdfnam, putprdfnam, copyesdfent - Manipulate system	default	 data‐
       base entry (Enhanced Security)

SYNOPSIS
       #include <sys/types.h> #include <sys/security.h> #include <prot.h>

       struct es_default *getesdfent(
	       void ); struct es_default *getesdfnam(
	       char *name ); void setprdfent(
	       void ); void endprdfent(
	       void ); int putesdfnam(
	       char *name,
	       struct es_default *pr ); struct es_default *copyesdfent(
	       struct es_default *pr );

					Note

       The  getprdfent(),  getprdfnam(),  and  putprdfnam() routines have been
       replaced by getesdfent(), getesdfnam(), and putesdfnam() respectively.

LIBRARY
       Security Library (libsecurity.so)

       NOTE: In order to quickstart a program, the program must be  linked  as
       follows: -lsecurity -ldb -laud -lm

       See  the	 shared	 library discussion in the Programmer's Guide for more
       information about using the quickstarting feature.

PARAMETERS
       Specifies a system default database entry  name.	  Specifies  a	system
       default database control entry structure.

DESCRIPTION
       The getesdfent(), getesdfnam(), and copyesdfent() functions each return
       a pointer to an object with the following structure containing the sep‐
       arated-out  fields  of a line in the system default database. Each line
       in the database	contains  a  es_default	 structure,  declared  in  the
       <prot.h> file as follows:

       struct  es_default  {
	       AUTH_ESCAP_COMMON
	       char			*dd_name; /* copy of sfld->fd_name */
	       int			dg_name;  /* copy of sflg->fg_name */
	       size_t			esprof_flen;
	       struct espw_field	*prd;
	       struct espw_flag		*prg;
	       size_t			estc_flen;
	       struct estc_field	*tcd;
	       struct estc_flag		*tcg;
	       size_t			esdev_flen;
	       struct esdev_field	*devd;
	       struct esdev_flag	*devg;
	       size_t			fieldlen;
	       struct es_default_fields *sfld;
	       struct es_default_flags	*sflg; } ;

       struct  system_default_fields
	 {
	   time_t      fd_inactivity_timeout;
	   time_t      fd_pw_expire_warning;
	   char	       fd_pw_site_callout[MAXPATHLEN];
	   mask_t      fd_secclass[AUTH_SECCLASSVEC_SIZE];
				     /* System security class */
	   char	       fd_boot_authenticate;
	   char	       fd_audit_enable;

	 } ;

       struct  system_default_flags
	 {
	   unsigned int
		       fg_inactivity_timeout  : 1,
		       fg_pw_expire_warning   : 1,
		       fg_pw_site_callout     : 1,
		       fg_boot_authenticate   : 1,
		       fg_audit_enable	      : 1,
		       fg_secclass	      : 1 ;
	 } ;

       struct	      es_default_fields
	 {
	   char	      *fd_name;
	   time_t     fd_inactivity_timeout;
	   time_t     fd_pw_expire_warning;
	   char	      *fd_pw_site_callout;

	   mand_ir_t  *fd_single_user_sl;

	   mask_t     *fd_secclass;	   /* System security class */
	   char	      fd_boot_authenticate;
	   char	      fd_audit_enable;

	   char	       fd_preexpire;	    /* admin-set psw should be expired
       */
	   char	      fd_skip_ttys_update; /* skip putprtcnam in login path */
	   char	      fd_auto_migrate_u;   /* auto-create  'missing'  profiles
       */
	   time_t     fd_max_vac_future;   /* how far into future can vac. be?
       */
	   time_t     fd_max_vac_len;	   /* how long can vac. be (by	user)?
       */  /* if either of the above fields is 0, user-originated 'vacation' *
       scheduling is disabled.	*/

	   char	      fd_accept_vouch;	   /* accept 'vouching' in SIA */
	 } ;

       struct	      es_default_flags
	 {
	   unsigned int
		fg_name		       : 1,
		fg_inactivity_timeout  : 1,
		fg_pw_expire_warning   : 1,
		fg_pw_site_callout     : 1,
		fg_single_user_sl      : 1,  /* sens. level for single-user*/
		fg_boot_authenticate   : 1,
		fg_audit_enable	       : 1,
		fg_secclass	       : 1,
		fg_preexpire	       : 1,  /* Is fd_preexpire set? */
		fg_skip_ttys_update    : 1,  /* Have fd_skip_ttys_update? */
		fg_auto_migrate_u      : 1,  /* Have fd_auto_migrate_u? */
		fg_max_vac_future      : 1,  /* Have fd_max_vac_future? */
		fg_max_vac_len	       : 1,  /* Have fd_max_vac_len? */
		fg_accept_vouch	       : 1   /* Have fd_accept_vouch? */
		;
	 } ;

       Currently there is only one entry in the system default database,  ref‐
       erenced by the name "default".

       The  system default database contains default values for all parameters
       in the protected password,  terminal  control,  and  device  assignment
       databases,  as  well as configurable system-wide parameters. The fields
       from the other databases are described in the  corresponding  reference
       pages.  This field is the time, in seconds, before a password's expira‐
       tion that the system begins printing expiration warnings when the  user
       logs in.	 Although not used in the software, this field is an indicator
       of the system's TCSEC (Orange Book) class of trust.  This  field	 is  a
       Boolean	flag  that indicates whether an authorized user must authenti‐
       cate before the system begins operation. This  field  is	 reserved  for
       future  use.   This  field  and	the fd_audit_flag are always 0 (zero).
       Name of the entry.  Reserved for future use.  Pathname for the password
       policy  callout	script	(or  program, if replaced by the site).	 It is
       currently shipped as  "/tcb/bin/pwpolicy".   Flag  determining  whether
       passwords  set  by system administrators should be pre-expired. Honored
       by the dxchpwd program (and thus by dxaccounts),	 as  well  as  by  the
       auto-migration  code  in	 the  login  sequence (see fd_auto_migrate_u).
       Flag which, if set, disables break-in evasion for terminals by skipping
       the  update  of	the  ttys  database  during  logins.  Flag determining
       whether user accounts which have valid accounts according to getpwnam()
       but which have no entry visible to getespwnam() should have an extended
       profile created automatically during login processing.	Time  interval
       (in seconds) specifying the maximum time from the current time at which
       a user-initiated vacation can start.   (Administratively-set  vacations
       are not subject to this limit.)	If 0, no user-initiated vacationing is
       possible.  Maximum time interval (in seconds) which can be set  as  the
       duration	 of  a	user-initiated vacation request. (Administratively-set
       vacations are not subject to this  limit.)   If	0,  no	user-initiated
       vacationing  is	possible.  Flag determining whether the enhanced secu‐
       rity login sequence accepts password validation from another SIA mecha‐
       nism, such as DCE.

       The  getesdfent()  function  returns  a pointer to the first es_default
       structure in the database when first called.  Thereafter, it returns  a
       pointer to the next es_default structure in the database, so successive
       calls can be used to search the database (not currently supported). The
       getesdfnam()  function  searches from the beginning of the file until a
       default entry matching name is found, and returns a pointer to the par‐
       ticular	structure in which it was found. If an end-of-file or an error
       is encountered on reading, these functions return a null pointer.  Cur‐
       rently,	all  programs  access the default database by calling getesdf‐
       nam() (the default).

       The copyesdfent() function copies  pr,  and  the	 fields	 to  which  it
       refers,	to  a newly allocated data area.  Because the getesdfent() and
       putesdfent() functions reuse a  static  structure  when	accessing  the
       database,  the  values  of any entry must be saved if the database rou‐
       tines are used again.  The es_default structure	returned  by  copyesd‐
       fent() can be freed using the free() function.

       A  call	to  the	 setprdfent() function has the effect of rewinding the
       default control file to allow repeated searches. The endprdfent() func‐
       tion can be called to close the database when processing is complete.

       The  putesdfnam() function puts a new or replaced default control entry
       pr with key name into the database. If the sflg->fg_name field contains
       a  value	 of  0 (zero), the requested entry  is deleted from the system
       default database. The putesdfnam() function locks the database for  all
       update  operations,  and	 performs  an endprdfent() after the update or
       failed attempt.

CAUTIONS
       Structures returned by the database routines contain pointers to	 char‐
       acter  strings and lists rather than being self-contained. The copyesd‐
       fent() function must be used rather than doing a	 structure  assignment
       to save a returned structure.

       The  value  returned  by	 the  getesdfent()  and getesdfnam() functions
       refers to a structure that is overwritten by calls to the function.  To
       retrieve	 an entry, modify it, and replace it in the database, you must
       copy the entry using the copyesdfent() function and supply the modified
       buffer to the putesdfent() function.

RETURN VALUES
       The  ()	and  getesdfnam()  functions return null pointers on EOF or an
       error.

       The putesdfnam() function returns a value of 0 (zero) if it cannot  add
       or update the entry.

       The  copyesdfent()  function returns a pointer, or NULL on (allocation)
       error.

FILES
       System defaults database.

SEE ALSO
       Functions: getespwent(3), getestcent(3), getesdvent(3)

       Files: authcap(4), default(4)

       Security

								 getesdfent(3)
[top]

List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net