getprtcent(3) getprtcent(3)
NAME [Toc] [Back]
getprtcent, getprtcnam, setprtcent, endprtcent, putprtcnam -
manipulate terminal control database entry for a trusted system
SYNOPSIS [Toc] [Back]
#include <sys/types.h>
#include <hpsecurity.h>
#include <prot.h>
struct pr_term *getprtcent(void);
struct pr_term *getprtcnam(const char *name);
void setprtcent(void);
void endprtcent(void);
int putprtcnam(const char *name, struct pr_term *pr);
DESCRIPTION [Toc] [Back]
getprtcent and getprtcnam each returns a pointer to an object with the
following structure containing the broken-out fields of an entry in
the terminal control database. Each entry in the database contains a
pr_term structure, declared in the <prot.h> header file:
struct t_field {
char fd_devname[14]; /* Terminal (or host) name */
uid_t fd_uid; /* uid of last successful login */
time_t fd_slogin; /* time stamp of successful login */
uid_t fd_uuid; /* uid of last unsuccessful login */
time_t fd_ulogin; /* time stamp of unsuccessful login */
int fd_nlogins; /* consecutive failed attempts */
int fd_max_tries; /* maximum unsuc login tries allowed */
time_t fd_logdelay; /* delay between login tries */
char fd_lock; /* terminal locked? */
int fd_login_timeout; /* login timeout in seconds */
};
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
getprtcent(3) getprtcent(3)
struct t_flag {
unsigned short
fg_devname:1, /* Is fd_devname set? */
fg_uid:1, /* Is fd_uid set? */
fg_slogin:1, /* Is fd_stime set? */
fg_uuid:1, /* Is fd_uuid set? */
fg_ulogin:1, /* Is fd_ftime set? */
fg_nlogins:1, /* Is fd_nlogins set? */
fg_max_tries:1, /* Is fd_max_tries set? */
fg_logdelay:1, /* Is fd_logdelay set? */
fg_lock:1, /* Is fd_lock set? */
fg_login_timeout:1 /* is fd_login_timeout valid? */
;
};
struct pr_term {
struct t_field ufld;
struct t_flag uflg;
struct t_field sfld;
struct t_flag sflg;
};
The system stores the user ID and time of the last successful login (
fd_uid and fd_slogin ) and unsuccessful login ( fd_uuid and fd_ulogin
) in the appropriate Terminal Control database entry. The system
increments fd_nlogins with each unsuccessful login, and resets the
field to 0 on a successful login. The fd_max_tries field is a limit
on the number of unsuccessful logins until the account is locked. An
administrative lock can also be applied, indicated by a non-zero
fd_lock field. fd_logdelay stores the amount of time (in seconds)
that the system waits between unsuccessful login attempts, and
fd_login_timeout stores the number of seconds from the beginning of an
authentication attempt until the login attempt is terminated.
Note that ufld and uflg refer to user-specific entries, and sfld and
sflg refer to the system default values (see authcap(4)).
The value returned by getprtcent or getprtcnam refers to a structure
that is overwritten by calls to these routines. To retrieve an entry,
modify it, and replace it in the database, copy the entry using
structure assignment and supply the modified buffer to putprtcnam.
getprtcent returns a pointer to the first terminal pr_term structure
in the database when first called. Thereafter, it returns a pointer
to the next pr_term structure in the database, so successive calls can
be used to search the database. getprtcnam searches from the
beginning of the database until a terminal name matching name is
found, and returns a pointer to the particular structure in which it
was found. If an end-of-file or an error is encountered on reading,
these functions return a NULL pointer.
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003
getprtcent(3) getprtcent(3)
A call to setprtcent has the effect of rewinding the Terminal Control
database to allow repeated searches. endprtcent can be called to
close the Terminal Control database when processing is complete.
putprtcnam puts a new or replaced terminal control entry pr with key
name into the database. If the fg_devname field is 0, the requested
entry is deleted from the Terminal Control database. putprtcnam locks
the database for all update operations, and performs an endprtcent
after the update or failed attempt.
APPLICATION USAGE [Toc] [Back]
In a multithreaded application, these routines are safe to be called
only from one dedicated thread. These routines are not POSIX.1c
async-cancel safe nor async-signal safe.
RETURN VALUE [Toc] [Back]
getprtcent and getprtcnam return NULL pointers on EOF or error.
putprtcnam returns 0 if it cannot add or update the entry.
NOTES [Toc] [Back]
The fd_devname field, on systems supporting connections, may refer to
the ASCII representation of a host name. This can be determined by
using getdvagnam (see getdvagent(3)) to interrogate the Device
Assignment database as to the type of the device, passing in the
fd_devname field of the Terminal Control structure as an argument.
This allows lockout by machine, instead of the device (typically
pseudo tty) on which the session originated.
Programs using these routines must be compiled with -lsec.
The sfld and sflg structures are filled from corresponding fields in
the system default database. Thus, a program can easily extract the
user-specific or system-wide parameters for each database field (see
getprpwent and getdvagent).
FILES [Toc] [Back]
/tcb/files/ttys Terminal Control database
/tcb/files/auth/system/default System Defaults database
SEE ALSO [Toc] [Back]
getprdfent(3), authcap(4), ttys(4).
Hewlett-Packard Company - 3 - HP-UX 11i Version 2: August 2003 [ Back ] |