From 952d2b05cdc4ca4066ac044cea024978764c6faa Mon Sep 17 00:00:00 2001 From: brian Date: Sun, 31 Aug 1997 20:09:39 +0000 Subject: Remove login_progok() Suggested by: guido --- lib/libutil/Makefile | 4 ++-- lib/libutil/libutil.h | 3 +-- lib/libutil/login.conf.5 | 10 ++------- lib/libutil/login_progok.3 | 52 ---------------------------------------------- lib/libutil/login_progok.c | 39 ---------------------------------- 5 files changed, 5 insertions(+), 103 deletions(-) delete mode 100644 lib/libutil/login_progok.3 delete mode 100644 lib/libutil/login_progok.c (limited to 'lib/libutil') diff --git a/lib/libutil/Makefile b/lib/libutil/Makefile index 9185b62..ae0a2e8 100644 --- a/lib/libutil/Makefile +++ b/lib/libutil/Makefile @@ -7,10 +7,10 @@ CFLAGS+=-Wall -DLIBC_SCCS -I${.CURDIR} -I${.CURDIR}/../../sys #CFLAGS+=LOGIN_CAP_AUTH SRCS= login.c login_tty.c logout.c logwtmp.c pty.c setproctitle.c \ login_cap.c login_class.c login_auth.c login_times.c login_ok.c \ - _secure_path.c uucplock.c login_progok.c + _secure_path.c uucplock.c MAN3+= login.3 login_tty.3 logout.3 logwtmp.3 pty.3 setproctitle.3 \ login_cap.3 login_class.3 login_times.3 login_ok.3 \ - _secure_path.3 uucplock.3 login_progok.3 + _secure_path.3 uucplock.3 MAN5+= login.conf.5 MLINKS+= pty.3 openpty.3 pty.3 forkpty.3 MLINKS+=login_cap.3 login_getclassbyname.3 login_cap.3 login_close.3 \ diff --git a/lib/libutil/libutil.h b/lib/libutil/libutil.h index 62cc1e9..62b308b 100644 --- a/lib/libutil/libutil.h +++ b/lib/libutil/libutil.h @@ -18,7 +18,7 @@ * 5. Modifications may be freely made to this file providing the above * conditions are met. * - * $Id: libutil.h,v 1.10 1997/08/10 18:42:38 ache Exp $ + * $Id: libutil.h,v 1.11 1997/08/27 20:06:19 brian Exp $ */ #ifndef _LIBUTIL_H_ @@ -45,7 +45,6 @@ const char *uu_lockerr __P((int _uu_lockresult)); int uu_lock __P((const char *_ttyname)); int uu_unlock __P((const char *_ttyname)); int _secure_path __P((const char *_path, uid_t _uid, gid_t _gid)); -int login_progok __P((uid_t _uid, const char *prog)); __END_DECLS #define UU_LOCK_INUSE (1) diff --git a/lib/libutil/login.conf.5 b/lib/libutil/login.conf.5 index 8b2397e..6b5f3f6 100644 --- a/lib/libutil/login.conf.5 +++ b/lib/libutil/login.conf.5 @@ -17,7 +17,7 @@ .\" 5. Modifications may be freely made to this file providing the above .\" conditions are met. .\" -.\" $Id: login.conf.5,v 1.10 1997/08/26 23:15:57 brian Exp $ +.\" $Id: login.conf.5,v 1.11 1997/08/27 20:06:19 brian Exp $ .\" .Dd November 22, 1996 .Dt LOGIN.CONF 5 @@ -217,11 +217,6 @@ disallowed. in the class may use for access. .It tty.deny list List of ttys and ttygroups which users in the class may not use for access. -.It prog.allow list List of programs which users in the class -may run irrespective of the contents of prog.deny. Support for this option -must be built into each program. -.It prog.deny list List of programs which users in the class -may not run. Support for this option must be built into each program. .El .Pp These fields are intended to be used by @@ -366,5 +361,4 @@ lists. .Xr getttyent 3 , .Xr login_cap 3 , .Xr login_class 3 , -.Xr ttys 5 , -.Xr login_progok 3 +.Xr ttys 5 diff --git a/lib/libutil/login_progok.3 b/lib/libutil/login_progok.3 deleted file mode 100644 index 3a0a533..0000000 --- a/lib/libutil/login_progok.3 +++ /dev/null @@ -1,52 +0,0 @@ -.\" -.\" $Id: login_ok.3,v 1.4 1997/02/22 15:08:22 peter Exp $ -.\" -.Dd August 27, 1997 -.Os FreeBSD -.Dt LOGIN_PROGOK 3 -.Sh NAME -.Nm login_progok -.Nd Check if the given program may be run. -.Sh SYNOPSIS -.Fd #include -.Fd #include -.Ft int -.Fn login_progok "uid_t uid" "const char *prog" -.Pp -Link with -.Va -lutil -on the -.Xr cc 1 -command line. -.Sh DESCRIPTION -This function determines if the user has permission to run the given -program, returning zero if permission is denied and one if permission -is granted. It should be used by programs that are setuid or for some -reason cannot be easily rebuilt or modified by an ordinary user, allowing -the system administrator to restrict access to certain programs in a -generic fashion. -.Pp -Access to a program is granted by default. In order to deny access, -the users login class entry in -.Xr login.conf 5 -must be set with a -.Em prog.deny -capability that contains the program name. Most programs will use an -absolute path name to avoid conflicts. No special matching is done. The -passed -.Ar prog -must match a list entry in -.Xr login.conf 5 -exactly. -.Pp -The -.Em prog.allow -capability will override the -.Em prog.deny -capability, granting access to the program. This allows flexability in -setting up a hierarchical login class structure. -.Pp -.Sh RETURN VALUES -The function returns 1 if the program may be run and 0 if it may not. -.Sh SEE ALSO -.Xr login.conf 5 diff --git a/lib/libutil/login_progok.c b/lib/libutil/login_progok.c deleted file mode 100644 index 6ef2cf4..0000000 --- a/lib/libutil/login_progok.c +++ /dev/null @@ -1,39 +0,0 @@ -#include -#include -#include -#include - -int -login_progok(uid_t uid, const char *prog) -{ - login_cap_t *lc; - const struct passwd *pwd; - char **data; - - pwd = getpwuid(uid); - if (!pwd) - return 0; /* How did that happen ? - we can't run */ - - lc = login_getpwclass(pwd); - if (!lc) - return 1; /* We're missing login.conf ? - we can run */ - - data = login_getcaplist(lc, "prog.allow", NULL); - if (data) - for (; *data; data++) - if (!strcmp(*data, prog)) { - login_close(lc); - return 1; /* We're in prog.allow - we can run */ - } - - data = login_getcaplist(lc, "prog.deny", NULL); - if (data) - for (; *data; data++) - if (!strcmp(*data, prog)) { - login_close(lc); - return 0; /* We're in prog.deny - we can't run */ - } - - login_close(lc); - return 1; /* We're not mentioned anywhere - we can run */ -} -- cgit v1.1