 |
Click this button to go to the index for this section. |
getprdfent(3)
NAME
getprdfent, getprdfnam, putprdfnam - Manipulate system default database
entry (Enhanced Security)
LIBRARY
Security Library (libsecurity.a)
SYNOPSIS
#include <sys/types.h>
#include <sys/security.h>
#include <prot.h>
struct pr_default *getprdfent(void);
struct pr_default *getprdfnam(
char *name);
void setprdfent(void);
void endprdfent(void);
int putprdfnam(
char *name,
struct pr_default *pr);
PARAMETERS
name Specifies a system default database entry name.
pr Specifies a system default database control entry structure.
DESCRIPTION
The getprdfent() and getprdfnam() functions each return a pointer to an
object with the following structure containing the separated-out fields of
a line in the system default database. Each line in the database contains
a pr_default structure, declared in the prot.h header file as follows:
struct system_default_fields {
time_t fd_inactivity_timeout;
time_t fd_pw_expire_warning;
char fd_pw_site_callout[MAXPATHLEN];
mask_t fd_secclass[AUTH_SECCLASSVEC_SIZE];
char fd_boot_authenticate;
char fd_audit_enable;
} ;
struct system_default_flags {
unsigned short
fg_inactivity_timeout:1,
fg_pw_expire_warning:1,
fg_secclass:1,
fg_boot_authenticate:1,
fg_audit_enable,
} ;
struct pr_default {
char dd_name[20];
char dg_name;
struct pr_field prd;
struct pr_flag prg;
struct t_field tcd;
struct t_flag tcg;
struct dev_field devd;
struct dev_flag devg;
struct system_default_fields sfld;
struct system_default_flags sflg;
} ;
Currently there is only one entry in the system default database,
referenced by the name default.
The system default database contains default values for all parameters in
the protected password, terminal control, and device assignment databases,
as well as configurable system-wide parameters. The fields from the other
databases are described in the corresponding reference pages.
fd_pw_expire_warning
This field is the time, in seconds, before a password's expiration
that the system begins printing expiration warnings when the user logs
in.
fd_secclass
Although not used in the software, this field is an indicator of the
system's TCSEC (Orange Book) class of trust.
fd_boot_authenticate
This field is a Boolean flag that indicates whether an authorized user
must authenticate before the system begins operation.
fd_audit_enable
This field is true if the system begins audit at system startup, and
is 0 (zero) otherwise.
The getprdfent() function returns a pointer to the first pr_default
structure in the database when first called. Thereafter, it returns a
pointer to the next pr_default structure in the database, so successive
calls can be used to search the database (not currently supported). The
getprdfnam() function searches from the beginning of the file until a
default entry matching name is found, and returns a pointer to the
particular structure in which it was found. If an end-of-file or an error
is encountered on reading, these functions return a null pointer.
Currently, all programs access the default database by calling getprdfnam()
(the default).
A call to the setprdfent() function has the effect of rewinding the default
control file to allow repeated searches. The endprdfent() function can be
called to close the database when processing is complete.
The putprdfnam() function puts a new or replaced default control entry pr
with key name into the database. If the prg.fg_name field contains a value
of 0 (zero), the requested entry is deleted from the system default
database. The putprdfnam() function locks the database for all update
operations, and performs an endprdfent() after the update or failed
attempt.
NOTES
The value returned by getprdfent() and getprdfnam() refers to a structure
that is overwritten by calls to these functions. To retrieve an entry,
modify it, and replace it in the database, you must copy the entry using
structure assignment and supply the modified buffer to putprdfnam().
Programs using these functions must be compiled with -lsecurity.
CAUTIONS
Do not delete the system default entry. This renders the system unusable.
RETURN VALUES
The getprdfent() and getprdfnam() functions return null pointers on EOF or
an error. The putprdfnam() function returns a value of 0 (zero) if it
cannot add or update the entry.
FILES
/etc/auth/system/default System defaults database.
RELATED INFORMATION
Functions: getprpwent(3), getprtcent(3), getdvagent(3).
Files: default(4)