United States-English |
|
|
HP-UX Reference > Ggetprtcent(3)TO BE OBSOLETEDHP-UX 11i Version 3: February 2007 |
|
NAMEgetprtcent, getprtcnam, setprtcent, endprtcent, putprtcnam — manipulate terminal control database entry for a trusted system SYNOPSIS#include <sys/types.h> #include <hpsecurity.h> #include <prot.h> struct pr_term *getprtcent(void); struct pr_term *getprtcnam(const char *name); void setprtcent(void); void endprtcent(void); int putprtcnam(const char *name, struct pr_term *pr); DESCRIPTIONgetprtcent and getprtcnam each returns a pointer to an object with the following structure containing the broken-out fields of an entry in the terminal control database. Each entry in the database contains a pr_term structure, declared in the <prot.h> header file: struct t_field { char fd_devname[14]; /* Terminal (or host) name */ uid_t fd_uid; /* uid of last successful login */ time_t fd_slogin; /* time stamp of successful login */ uid_t fd_uuid; /* uid of last unsuccessful login */ time_t fd_ulogin; /* time stamp of unsuccessful login */ int fd_nlogins; /* consecutive failed attempts */ int fd_max_tries; /* maximum unsuc login tries allowed */ time_t fd_logdelay; /* delay between login tries */ char fd_lock; /* terminal locked? */ int fd_login_timeout; /* login timeout in seconds */ }; struct t_flag { unsigned short fg_devname:1, /* Is fd_devname set? */ fg_uid:1, /* Is fd_uid set? */ fg_slogin:1, /* Is fd_stime set? */ fg_uuid:1, /* Is fd_uuid set? */ fg_ulogin:1, /* Is fd_ftime set? */ fg_nlogins:1, /* Is fd_nlogins set? */ fg_max_tries:1, /* Is fd_max_tries set? */ fg_logdelay:1, /* Is fd_logdelay set? */ fg_lock:1, /* Is fd_lock set? */ fg_login_timeout:1 /* is fd_login_timeout valid? */ ; }; struct pr_term { struct t_field ufld; struct t_flag uflg; struct t_field sfld; struct t_flag sflg; }; The system stores the user ID and time of the last successful login ( fd_uid and fd_slogin) and unsuccessful login ( fd_uuid and fd_ulogin) in the appropriate Terminal Control database entry. The system increments fd_nlogins with each unsuccessful login, and resets the field to 0 on a successful login. The fd_max_tries field is a limit on the number of unsuccessful logins until the account is locked. An administrative lock can also be applied, indicated by a non-zero fd_lock field. fd_logdelay stores the amount of time (in seconds) that the system waits between unsuccessful login attempts, and fd_login_timeout stores the number of seconds from the beginning of an authentication attempt until the login attempt is terminated. Note that ufld and uflg refer to user-specific entries, and sfld and sflg refer to the system default values (see authcap(4)). The value returned by getprtcent or getprtcnam refers to a structure that is overwritten by calls to these routines. To retrieve an entry, modify it, and replace it in the database, copy the entry using structure assignment and supply the modified buffer to putprtcnam. getprtcent returns a pointer to the first terminal pr_term structure in the database when first called. Thereafter, it returns a pointer to the next pr_term structure in the database, so successive calls can be used to search the database. getprtcnam searches from the beginning of the database until a terminal name matching name is found, and returns a pointer to the particular structure in which it was found. If an end-of-file or an error is encountered on reading, these functions return a NULL pointer. A call to setprtcent has the effect of rewinding the Terminal Control database to allow repeated searches. endprtcent can be called to close the Terminal Control database when processing is complete. putprtcnam puts a new or replaced terminal control entry pr with key name into the database. If the fg_devname field is 0, the requested entry is deleted from the Terminal Control database. putprtcnam locks the database for all update operations, and performs an endprtcent after the update or failed attempt. APPLICATION USAGEIn a multithreaded application, these routines are safe to be called only from one dedicated thread. These routines are not POSIX.1c async-cancel safe nor async-signal safe. RETURN VALUEgetprtcent and getprtcnam return NULL pointers on EOF or error. putprtcnam returns 0 if it cannot add or update the entry. NOTESThe fd_devname field, on systems supporting connections, may refer to the ASCII representation of a host name. This can be determined by using getdvagnam (see getdvagent(3)) to interrogate the Device Assignment database as to the type of the device, passing in the fd_devname field of the Terminal Control structure as an argument. This allows lockout by machine, instead of the device (typically pseudo tty) on which the session originated. Programs using these routines must be compiled with -lsec. The sfld and sflg structures are filled from corresponding fields in the system default database. Thus, a program can easily extract the user-specific or system-wide parameters for each database field (see getprpwent and getdvagent). |
Printable version | ||
|