summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/libutil/login.conf.545
-rw-r--r--lib/libutil/login_ok.367
-rw-r--r--lib/libutil/pty.320
3 files changed, 82 insertions, 50 deletions
diff --git a/lib/libutil/login.conf.5 b/lib/libutil/login.conf.5
index 0ddac7e..6c81af9 100644
--- a/lib/libutil/login.conf.5
+++ b/lib/libutil/login.conf.5
@@ -17,7 +17,7 @@
.\" 5. Modifications may be freely made to this file providing the above
.\" conditions are met.
.\"
-.\" $Id: login.conf.5,v 1.2 1997/01/07 14:29:50 davidn Exp $
+.\" $Id: login.conf.5,v 1.3 1997/01/08 06:51:32 mpp Exp $
.\"
.Dd November 22, 1996
.Dt LOGIN.CONF 5
@@ -233,9 +233,9 @@ To pass these characters literally into the environment variable, escape
the character by preceding it with a backslash '\\'.
.Pp
The
-.Ar host.allow
+.Em host.allow
and
-.Ar host.deny
+.Em host.deny
entries are comma separated lists used for checking remote access to the system,
and consist of a list of hostnames and/or IP addresses against which remote
network logins are checked.
@@ -253,9 +253,9 @@ If host.deny contains one or more hosts, then a login from any matching hosts
will be disallowed.
.Pp
The
-.Ar times.allow
+.Em times.allow
and
-.Ar times.deny
+.Em times.deny
entries consist of a comma-separated list of time periods during which the users
in a class are allowed to be logged in.
These are expressed as one or more day codes followed by a start and end times
@@ -265,13 +265,13 @@ the hours of 2 am and 1 p.m..
If both of these time lists are empty, users in the class are allowed access at
any time.
If
-.Ar times.allow
+.Em times.allow
is specified, then logins are only allowed during the periods given.
If
-.Ar times.deny
+.Em times.deny
is specified, then logins are denied during the periods given, regardless of whether
one of the periods specified in
-.Ar times.allow
+.Em times.allow
applies.
.Pp
Note that
@@ -281,9 +281,9 @@ Further enforcement over the life of a session requires a separate daemon to
monitor transitions from an allowed period to a non-allowed one.
.Pp
The
-.Ar tty.allow
+.Em tty.allow
and
-.Ar tty.deny
+.Em tty.deny
entries contain a comma-separated list of tty devices (without the /dev/ prefix)
that a user in a class may use to access the system, and/or a list of ttygroups
(See
@@ -294,11 +294,11 @@ for information on ttygroups).
If neither entry exists, then the choice of login device used by the user is
unrestricted.
If only
-.Ar tty.allow
+.Em tty.allow
is specified, then the user is restricted only to ttys in the given
group or device list.
If only
-.Ar tty.deny
+.Em tty.deny
is specified, then the user is prevented from using the specified devices or
devices in the group.
If both lists are given and are non-empty, the user is restricted to those
@@ -341,21 +341,24 @@ These fields are used by the time accounting system, which regulates,
controls and records user login access.
.Pp
The
-.Ar ttys.accounted
+.Em ttys.accounted
and
-.Ar ttys.exempt
-fields operate in a similar manner to ttys.allow and ttys.deny as explained
+.Em ttys.exempt
+fields operate in a similar manner to
+.Em ttys.allow
+and
+.Em ttys.deny
+as explained
above.
Similarly with the
-.Ar host.accounted
+.Em host.accounted
and
-.Ar host.exempt
+.Em host.exempt
lists.
.Sh SEE ALSO
+.Xr login 1
.Xr getcap 3 ,
+.Xr getttyent 3 ,
.Xr login_cap 3 ,
.Xr login_class 3 ,
-.Xr getttyent 3 ,
-.Xr ttys 5 ,
-.Xr login 1
-
+.Xr ttys 5
diff --git a/lib/libutil/login_ok.3 b/lib/libutil/login_ok.3
index c459d94..8c50825 100644
--- a/lib/libutil/login_ok.3
+++ b/lib/libutil/login_ok.3
@@ -17,7 +17,7 @@
.\" 5. Modifications may be freely made to this file providing the above
.\" conditions are met.
.\"
-.\" $Id$
+.\" $Id: login_ok.3,v 1.1 1997/01/04 16:50:07 davidn Exp $
.\"
.Dd January 2, 1997
.Os FreeBSD
@@ -44,11 +44,19 @@ class capability entries in the login database,
.Pp
.Fn auth_ttyok
checks to see if the named tty is available to users of a specific
-class, and is either in the "ttys.allow" access list, and not in
-the "ttys.deny" access list.
-An empty "ttys.allowed" list (or if no such capability exists for
+class, and is either in the
+.Em ttys.allow
+access list, and not in
+the
+.Em ttys.deny
+access list.
+An empty
+.Em ttys.allow
+list (or if no such capability exists for
the give login class) logins via any tty device are allowed unless
-the "ttys.deny" list exists and is non-empty, and the device or its
+the
+.Em ttys.deny
+list exists and is non-empty, and the device or its
tty group (see
.Xr ttys 5 )
is not in the list.
@@ -57,14 +65,19 @@ name, a device name which includes a wildcard (e.g. ttyD* or cuaD*),
or may name a ttygroup, when group=<name> tags have been assigned in
.Pa /etc/ttys .
Matching of ttys and ttygroups is case sensitive.
-Passing a NULL or empty string as the
+Passing a
+.Dv NULL
+or empty string as the
.Ar tty
parameter causes the function to return a non-zero value.
.Pp
.Fn auth_hostok
checks for any host restrictions for remote logins.
The function checks on both a host name and IP address (given in its
-text form, typically n.n.n.n) against the "host.allow" and "host.deny"
+text form, typically n.n.n.n) against the
+.Em host.allow
+and
+.Em host.deny
login class capabilities.
As with ttys and their groups, wildcards and character classes may be
used in the host allow and deny capability records.
@@ -78,32 +91,48 @@ is in its canonical form.
No hostname or address lookups are attempted.
.Pp
It is possible to call this function with either the hostname or
-the IP address missing (i.e. NULL) and matching will be performed
+the IP address missing (i.e.
+.Dv NULL )
+and matching will be performed
only on the basis of the parameter given.
-Passing NULL or empty strings in both parameters will result in
+Passing
+.Dv NULL
+or empty strings in both parameters will result in
a non-zero return value.
.Pp
The
.Fn auth_timeok
function checks to see that a given time value is within the
-"times.allow" login class capability and not within the
-"times.deny" access lists.
-An empty or non-existent "times.allow" list allows access at any
+.Em times.allow
+login class capability and not within the
+.Em times.deny
+access lists.
+An empty or non-existent
+.Em times.allow
+list allows access at any
time, except if a given time is falls within a period in the
-"times.deny" list.
-The format of time period records contained in both "times.allow"
-and "times.deny" capability fields is explained in detail in the
+.Em times.deny
+list.
+The format of time period records contained in both
+.Em times.allow
+and
+.Em times.deny
+capability fields is explained in detail in the
.Xr login_times 3
manual page.
.Sh RETURN VALUES
A non-zero return value from any of these functions indicates that
login access is granted.
A zero return value means either that the item being tested is not
-in the "allow" access list, or is within the "deny" access list.
+in the
+.Em allow
+access list, or is within the
+.Em deny
+access list.
.Sh SEE ALSO
-.Xr login.conf 5 ,
+.Xr getcap 3 ,
.Xr login_cap 3 ,
.Xr login_class 3 ,
.Xr login_times 3 ,
-.Xr termcap 5 ,
-.Xr getcap 3
+.Xr login.conf 5 ,
+.Xr termcap 5
diff --git a/lib/libutil/pty.3 b/lib/libutil/pty.3
index 9328451..453f282 100644
--- a/lib/libutil/pty.3
+++ b/lib/libutil/pty.3
@@ -23,7 +23,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $Id: pty.3,v 1.2 1996/12/30 21:08:44 mpp Exp $
+.\" $Id: pty.3,v 1.3 1997/01/01 03:29:33 alex Exp $
.\" "
.Dd December 29, 1996
.Os
@@ -62,7 +62,7 @@ invalidate any current use of the line by calling
.Xr revoke 2 .
.Pp
If the argument
-.Ar name
+.Fa name
is not
.Dv NULL ,
.Fn openpty
@@ -70,9 +70,9 @@ copies the pathname of the slave pty to this area. The caller is
responsible for allocating the required space in this array.
.Pp
If the arguments
-.Ar termp
+.Fa termp
or
-.Ar winp
+.Fa winp
are not
.Dv NULL ,
.Fn openpty
@@ -81,9 +81,9 @@ these arguments point to, respectively.
.Pp
Upon return, the open file descriptors for the master and slave side
of the pty are returned in the locations pointed to by
-.Ar amaster
+.Fa amaster
and
-.Ar aslave ,
+.Fa aslave ,
respectively.
.Pp
.Fn Forkpty
@@ -95,11 +95,11 @@ for the master side of the pty, and calls
.Xr login_tty 3
for the slave pty. In the parent process, it closes the descriptor for the
slave side of the pty. The arguments
-.Ar amaster ,
-.Ar name ,
-.Ar termp ,
+.Fa amaster ,
+.Fa name ,
+.Fa termp ,
and
-.Ar winp
+.Fa winp
have the same meaning as described for
.Fn openpty .
.Sh RETURN VALUES
OpenPOWER on IntegriCloud