*** UNIX MANUAL PAGE BROWSER ***

getesdfent(3) Library Functions Manual getesdfent(3) NAME getesdfent, getesdfnam, setprdfent, endprdfent, putesdfnam - Manipulate system default database entry (Enhanced Security) LIBRARY Security Library (libsecurity.so) NOTE: In order to quickstart a program, the program must be linked as follows: -lsecurity -ldb -laud -lm See the shared library discussion in the Programmer's Guide for more information about using the quickstarting feature. SYNOPSIS #include <sys/types.h> #include <sys/security.h> #include <prot.h> struct es_default *getesdfent(void); struct es_default *getesdfnam( char *name); void setprdfent(void); void endprdfent(void); int putesdfnam( char *name, struct es_default *pr); PARAMETERS Specifies a system default database entry name. Specifies a system de- fault database control entry structure. DESCRIPTION The getesdfent() and getesdfnam() functions each return a pointer to an object with the following structure containing the separated-out fields of a line in the system default database. Each line in the database contains a es_default structure, declared in the <prot.h> file as fol- lows: struct es_default { AUTH_ESCAP_COMMON char *dd_name; /* copy of sfld->fd_name */ int dg_name; /* copy of sflg->fg_name */ size_t esprof_flen; struct espw_field *prd; struct espw_flag *prg; size_t estc_flen; struct estc_field *tcd; struct estc_flag *tcg; size_t esdev_flen; struct esdev_field *devd; struct esdev_flag *devg; size_t fieldlen; struct es_default_fields *sfld; struct es_default_flags *sflg; } ; struct system_default_fields { time_t fd_inactivity_timeout; time_t fd_pw_expire_warning; char fd_pw_site_callout[MAXPATHLEN]; mask_t fd_secclass[AUTH_SECCLASSVEC_SIZE]; /* System security class */ char fd_boot_authenticate; char fd_audit_enable; } ; struct system_default_flags { unsigned int fg_inactivity_timeout : 1, fg_pw_expire_warning : 1, fg_pw_site_callout : 1, fg_boot_authenticate : 1, fg_audit_enable : 1, fg_secclass : 1 ; } ; struct es_default_fields { char *fd_name; time_t fd_inactivity_timeout; time_t fd_pw_expire_warning; char *fd_pw_site_callout; mand_ir_t *fd_single_user_sl; mask_t *fd_secclass; /* System security class */ char fd_boot_authenticate; char fd_audit_enable; char fd_preexpire; /* admin-set psw should be expired */ char fd_skip_ttys_update; /* skip putprtcnam in login path */ char fd_auto_migrate_u; /* auto-create 'missing' profiles */ time_t fd_max_vac_future; /* how far into future can vac. be? */ time_t fd_max_vac_len; /* how long can vac. be (by user)? */ /* if either of the above fields is 0, user-originated 'vacation' * scheduling is disabled. */ char fd_accept_vouch; /* accept 'vouching' in SIA */ } ; struct es_default_flags { unsigned int fg_name : 1, fg_inactivity_timeout : 1, fg_pw_expire_warning : 1, fg_pw_site_callout : 1, fg_single_user_sl : 1, /* sens. level for single-user*/ fg_boot_authenticate : 1, fg_audit_enable : 1, fg_secclass : 1, fg_preexpire : 1, /* Is fd_preexpire set? */ fg_skip_ttys_update : 1, /* Have fd_skip_ttys_update? */ fg_auto_migrate_u : 1, /* Have fd_auto_migrate_u? */ fg_max_vac_future : 1, /* Have fd_max_vac_future? */ fg_max_vac_len : 1, /* Have fd_max_vac_len? */ fg_accept_vouch : 1 /* Have fd_accept_vouch? */ ; } ; Currently there is only one entry in the system default database, ref- erenced by the name "default". The system default database contains default values for all parameters in the protected password, terminal control, and device assignment databases, as well as configurable system-wide parameters. The fields from the other databases are described in the corresponding reference pages. fd_pw_expire_warning This field is the time, in seconds, before a password's expiration that the system begins printing expiration warnings when the user logs in. fd_secclass Although not used in the software, this field is an indicator of the system's TCSEC (Orange Book) class of trust. fd_boot_authenticate This field is a Boolean flag that indicates whether an authorized user must authenticate before the system begins operation. This field is reserved for future use. fd_audit_enable This field and the fd_audit_flag are always 0 (zero). fd_name Name of the entry. fd_inactivity_timeout Reserved for future use/ fd_pw_site_callout Pathname for the password policy callout script (or program, if replaced by the site). It is currently shipped as "/tcb/bin/pw- policy". fd_preexpire Flag determining whether passwords set by system administrators should be pre-expired. Honored by the dxchpwd program (and thus by dxaccounts), as well as by the auto-migration code in the login sequence (see fd_auto_migrate_u). fd_skip_ttys_update Flag which, if set, disables break-in evasion for terminals by skipping the update of the ttys database during logins. fd_auto_migrate_u Flag determining whether user accounts which have valid accounts according to getpwnam() but which have no entry visible to getesp- wnam() should have an extended profile created automatically dur- ing login processing. fd_max_vac_future Time interval (in seconds) specifying the maximum time from the current time at which a user-initiated vacation can start. (Ad- ministratively-set vacations are not subject to this limit.) If 0, no user-initiated vacationing is possible. fd_max_vac_len Maximum time interval (in seconds) which can be set as the dura- tion of a user-initiated vacation request. (Administratively-set vacations are not subject to this limit.) If 0, no user-initiated vacationing is possible. fd_accept_vouch Flag determining whether the enhanced security login sequence ac- cepts password validation from another SIA mechanism, such as DCE. The getesdfent() function returns a pointer to the first es_default structure in the database when first called. Thereafter, it returns a pointer to the next es_default structure in the database, so successive calls can be used to search the database (not currently supported). The getesdfnam() function searches from the beginning of the file until a default entry matching name is found, and returns a pointer to the particular structure in which it was found. If an end-of-file or an error is encountered on reading, these functions return a null pointer. Currently, all programs access the default database by calling getesdf- nam() (the default). A call to the setprdfent() function has the effect of rewinding the de- fault control file to allow repeated searches. The endprdfent() func- tion can be called to close the database when processing is complete. The putesdfnam() function puts a new or replaced default control entry pr with key name into the database. If the sflg->fg_name field con- tains a value of 0 (zero), the requested entry is deleted from the system default database. The putesdfnam() function locks the database for all update operations, and performs an endprdfent() after the up- date or failed attempt. CAUTIONS Structures returned by the database routines contain pointers to char- acter strings and lists rather than being self-contained. The copy functions must be used rather than doing a structure assignment to save a returned structure. Do not delete the system default entry. This renders the system unus- able. RETURN VALUES The getesdfent() and getesdfnam() functions return null pointers on EOF or an error. The putesdfnam() function returns a value of 0 (zero) if it cannot add or update the entry. FILES System defaults database. RELATED INFORMATION Functions: getespwent(3), getestcent(3), getesdvent(3) Files: authcap(4), default(4) Security delim off getesdfent(3)