getesdfent(3)getesdfent(3)NAME
getesdfent, getesdfnam, setprdfent, endprdfent, putesdfnam, getprdfent,
getprdfnam, putprdfnam, copyesdfent - Manipulate system default data‐
base entry (Enhanced Security)
SYNOPSIS
#include <sys/types.h> #include <sys/security.h> #include <prot.h>
struct es_default *getesdfent(
void ); struct es_default *getesdfnam(
char *name ); void setprdfent(
void ); void endprdfent(
void ); int putesdfnam(
char *name,
struct es_default *pr ); struct es_default *copyesdfent(
struct es_default *pr );
Note
The getprdfent(), getprdfnam(), and putprdfnam() routines have been
replaced by getesdfent(), getesdfnam(), and putesdfnam() respectively.
LIBRARY
Security Library (libsecurity.so)
NOTE: In order to quickstart a program, the program must be linked as
follows: -lsecurity -ldb -laud -lm
See the shared library discussion in the Programmer's Guide for more
information about using the quickstarting feature.
PARAMETERS
Specifies a system default database entry name. Specifies a system
default database control entry structure.
DESCRIPTION
The getesdfent(), getesdfnam(), and copyesdfent() functions each return
a pointer to an object with the following structure containing the sep‐
arated-out fields of a line in the system default database. Each line
in the database contains a es_default structure, declared in the
<prot.h> file as follows:
struct es_default {
AUTH_ESCAP_COMMON
char *dd_name; /* copy of sfld->fd_name */
int dg_name; /* copy of sflg->fg_name */
size_t esprof_flen;
struct espw_field *prd;
struct espw_flag *prg;
size_t estc_flen;
struct estc_field *tcd;
struct estc_flag *tcg;
size_t esdev_flen;
struct esdev_field *devd;
struct esdev_flag *devg;
size_t fieldlen;
struct es_default_fields *sfld;
struct es_default_flags *sflg; } ;
struct system_default_fields
{
time_t fd_inactivity_timeout;
time_t fd_pw_expire_warning;
char fd_pw_site_callout[MAXPATHLEN];
mask_t fd_secclass[AUTH_SECCLASSVEC_SIZE];
/* System security class */
char fd_boot_authenticate;
char fd_audit_enable;
} ;
struct system_default_flags
{
unsigned int
fg_inactivity_timeout : 1,
fg_pw_expire_warning : 1,
fg_pw_site_callout : 1,
fg_boot_authenticate : 1,
fg_audit_enable : 1,
fg_secclass : 1 ;
} ;
struct es_default_fields
{
char *fd_name;
time_t fd_inactivity_timeout;
time_t fd_pw_expire_warning;
char *fd_pw_site_callout;
mand_ir_t *fd_single_user_sl;
mask_t *fd_secclass; /* System security class */
char fd_boot_authenticate;
char fd_audit_enable;
char fd_preexpire; /* admin-set psw should be expired
*/
char fd_skip_ttys_update; /* skip putprtcnam in login path */
char fd_auto_migrate_u; /* auto-create 'missing' profiles
*/
time_t fd_max_vac_future; /* how far into future can vac. be?
*/
time_t fd_max_vac_len; /* how long can vac. be (by user)?
*/ /* if either of the above fields is 0, user-originated 'vacation' *
scheduling is disabled. */
char fd_accept_vouch; /* accept 'vouching' in SIA */
} ;
struct es_default_flags
{
unsigned int
fg_name : 1,
fg_inactivity_timeout : 1,
fg_pw_expire_warning : 1,
fg_pw_site_callout : 1,
fg_single_user_sl : 1, /* sens. level for single-user*/
fg_boot_authenticate : 1,
fg_audit_enable : 1,
fg_secclass : 1,
fg_preexpire : 1, /* Is fd_preexpire set? */
fg_skip_ttys_update : 1, /* Have fd_skip_ttys_update? */
fg_auto_migrate_u : 1, /* Have fd_auto_migrate_u? */
fg_max_vac_future : 1, /* Have fd_max_vac_future? */
fg_max_vac_len : 1, /* Have fd_max_vac_len? */
fg_accept_vouch : 1 /* Have fd_accept_vouch? */
;
} ;
Currently there is only one entry in the system default database, ref‐
erenced by the name "default".
The system default database contains default values for all parameters
in the protected password, terminal control, and device assignment
databases, as well as configurable system-wide parameters. The fields
from the other databases are described in the corresponding reference
pages. This field is the time, in seconds, before a password's expira‐
tion that the system begins printing expiration warnings when the user
logs in. Although not used in the software, this field is an indicator
of the system's TCSEC (Orange Book) class of trust. This field is a
Boolean flag that indicates whether an authorized user must authenti‐
cate before the system begins operation. This field is reserved for
future use. This field and the fd_audit_flag are always 0 (zero).
Name of the entry. Reserved for future use. Pathname for the password
policy callout script (or program, if replaced by the site). It is
currently shipped as "/tcb/bin/pwpolicy". Flag determining whether
passwords set by system administrators should be pre-expired. Honored
by the dxchpwd program (and thus by dxaccounts), as well as by the
auto-migration code in the login sequence (see fd_auto_migrate_u).
Flag which, if set, disables break-in evasion for terminals by skipping
the update of the ttys database during logins. Flag determining
whether user accounts which have valid accounts according to getpwnam()
but which have no entry visible to getespwnam() should have an extended
profile created automatically during login processing. Time interval
(in seconds) specifying the maximum time from the current time at which
a user-initiated vacation can start. (Administratively-set vacations
are not subject to this limit.) If 0, no user-initiated vacationing is
possible. Maximum time interval (in seconds) which can be set as the
duration of a user-initiated vacation request. (Administratively-set
vacations are not subject to this limit.) If 0, no user-initiated
vacationing is possible. Flag determining whether the enhanced secu‐
rity login sequence accepts password validation from another SIA mecha‐
nism, such as DCE.
The getesdfent() function returns a pointer to the first es_default
structure in the database when first called. Thereafter, it returns a
pointer to the next es_default structure in the database, so successive
calls can be used to search the database (not currently supported). The
getesdfnam() function searches from the beginning of the file until a
default entry matching name is found, and returns a pointer to the par‐
ticular structure in which it was found. If an end-of-file or an error
is encountered on reading, these functions return a null pointer. Cur‐
rently, all programs access the default database by calling getesdf‐
nam() (the default).
The copyesdfent() function copies pr, and the fields to which it
refers, to a newly allocated data area. Because the getesdfent() and
putesdfent() functions reuse a static structure when accessing the
database, the values of any entry must be saved if the database rou‐
tines are used again. The es_default structure returned by copyesd‐
fent() can be freed using the free() function.
A call to the setprdfent() function has the effect of rewinding the
default control file to allow repeated searches. The endprdfent() func‐
tion can be called to close the database when processing is complete.
The putesdfnam() function puts a new or replaced default control entry
pr with key name into the database. If the sflg->fg_name field contains
a value of 0 (zero), the requested entry is deleted from the system
default database. The putesdfnam() function locks the database for all
update operations, and performs an endprdfent() after the update or
failed attempt.
CAUTIONS
Structures returned by the database routines contain pointers to char‐
acter strings and lists rather than being self-contained. The copyesd‐
fent() function must be used rather than doing a structure assignment
to save a returned structure.
The value returned by the getesdfent() and getesdfnam() functions
refers to a structure that is overwritten by calls to the function. To
retrieve an entry, modify it, and replace it in the database, you must
copy the entry using the copyesdfent() function and supply the modified
buffer to the putesdfent() function.
RETURN VALUES
The () and getesdfnam() functions return null pointers on EOF or an
error.
The putesdfnam() function returns a value of 0 (zero) if it cannot add
or update the entry.
The copyesdfent() function returns a pointer, or NULL on (allocation)
error.
FILES
System defaults database.
SEE ALSO
Functions: getespwent(3), getestcent(3), getesdvent(3)
Files: authcap(4), default(4)
Security
getesdfent(3)