*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->OpenBSD man pages -> auth_approval (3)              
Title
Content
Arch
Section
 

AUTHENTICATE(3)

Contents


NAME    [Toc]    [Back]

     auth_approval, auth_cat, auth_checknologin, auth_mkvalue,
     auth_userchallenge,      auth_usercheck,      auth_userokay,
auth_userresponse,
     auth_verify - simplified interface to the BSD Authentication
system

SYNOPSIS    [Toc]    [Back]

     #include <login_cap.h>
     #include <bsd_auth.h>

     int
     auth_userokay(char *name,  char  *style,  char  *type,  char
*password);

     auth_session_t *
     auth_userchallenge(char *name, char *style, char *type,
             char **challengep);

     auth_session_t *
     auth_usercheck(char  *name,  char  *style,  char *type, char
*password);

     int
     auth_userresponse(auth_session_t *as,  char  *response,  int
more);

     int
     auth_approval(auth_session_t   *as,  login_cap_t  *lc,  char
*name,
             char *type);

     int
     auth_cat(char *file);

     void
     auth_checknologin(login_cap_t *lc);

     char *
     auth_mkvalue(char *value);

     auth_session_t *
     auth_verify(auth_session_t *as,  char  *style,  char  *name,
...);

DESCRIPTION    [Toc]    [Back]

     These  functions  provide  a simplified interface to the BSD
Authentication
     system (see bsd_auth(3)).  The auth_userokay() function provides a single
     function  call  interface.   Provided  with a user's name in
name, and an optional
 style, type, and password, the auth_userokay()  function returns a
     simple  yes/no  response.  A return value of 0 implies failure, a non-zero
     return value implies success.  If style is not NULL it specifies the desired
  style  of  authentication  to be used.  If it is NULL
then the default
     style for the user is used.  In this case name  may  include
the desired
     style by appending it to the user's name with a single colon
(`:') as a
     separator.  If type is not NULL then it is used as  the  authentication
     type (such as ``auth-myservice'').  If password is NULL then
     auth_userokay() operates in an interactive mode with the user on standard
     input,   output,  and  error.   If  password  is  specified,
auth_userokay() operates
 in a non-interactive mode and only tests  the  specified passwords.
     This non-interactive method does not work with challenge-response authentication
 styles.

     The auth_usercheck()  function  operates  the  same  as  the
auth_userokay()
     function  except  that it does not close the BSD Authentication session
     created.  Rather than returning the status of the session it
returns a
     pointer to the newly created BSD Authentication session.

     The  auth_userchallenge()  function  takes  the  same  name,
style, and type
     arguments as does auth_userokay().  However, rather than authenticating
     the  user,  it  returns  a possible challenge in the pointer
pointed to by
     challengep.  The return value of the function is  a  pointer
to a newly
     created  BSD Authentication session.  This challenge, if not
NULL, should
     be displayed to the user.  In any case, the user should provide a password
 which is the response in a call to auth_userresponse().
In addition
     to    the    password,    the    pointer     returned     by
auth_userchallenge() should be
     passed  in as as and the value of more should be non-zero if
the program
     wishes to allow more attempts.  If more  is  zero  then  the
session will be
     closed.  The auth_userresponse() function closes the BSD Authentication
     session and has the same return value as auth_userokay().

     The auth_approval() function calls the approval  script  for
the user of
     the   specified  type.   The  string  ``approve-''  will  be
prepended to type if
     missing.  The resulting type is used to look up an entry  in
the
     /etc/login.conf for the user's class.  If the entry is missing the generic
 entry for ``approve'' will be used.   The  name  argument
will be passed
     to the approval program as the name of the user.  The lc argument points
     to a login class structure.  If it  is  NULL  then  a  login
class structure
     will  be  looked  up  for  the  class  of  user  name.   The
auth_approval() function
 returns a value of 0 on failure to approve the user.

     Prior to actually calling the approval script, the account's
expiration
     time,  the associated nologin file, and existence of the account's home
     directory  (if  requirehome  is  set  for  this  class)  are
checked.  Failure on
     any  of  these points causes the auth_approval() function to
return a value
     of 0 and not actually call the approval script.

     The auth_cat() function opens file for  reading  and  copies
its contents to
     standard output.  It returns 0 if it was unable to open file
and 1 otherwise.


     The auth_checknologin() function must  be  provided  with  a
pointer to a login
 class.  If the class has a ``nologin'' entry defined and
it points to
     a file that can be opened, the contents of the file will  be
copied to
     standard  output  and exit(3) will be called with a value of
1.  If the
     class does not have the field ``ignorenologin'' and the file
/etc/nologin
     exists  its  contents  will be copied to standard output and
exit(3) will be
     called with a value of 1.

     The auth_verify() function is a front end to the auth_call()
function
     (see  auth_subr(3)).  It will open a BSD Authentication session, if needed,
 and will set the style and user name based on the  style
and name arguments,
 if not NULL.  Values for the style and user name in
an existing
     BSD Authentication session will be replaced and the old values freed (if
     the  calling  program  has obtained pointers to the style or
user name via
     auth_getitem(3), those pointers will become  invalid).   The
variable arguments
  are  passed to auth_call() via the auth_set_va_list()
function (see
     auth_subr(3)).  The, possibly  created,  BSD  Authentication
session is returned.
   The  auth_getstate() or auth_close() function (see
auth_subr(3))
     should be used to determine the outcome of  the  authentication request.

     The  auth_mkvalue()  function takes a null terminated string
pointed to by
     value and returns a  null  terminated  string  suitable  for
passing back to a
     calling  program  on the back channel.  This function is for
use by the login
 scripts themselves.  The string returned should be freed
by free(3)
     when it is no longer needed.  A value of NULL is returned if
no memory
     was available for the new copy of the string.

SEE ALSO    [Toc]    [Back]

      
      
     auth_subr(3), getpwent(3), pw_dup(3)

CAVEATS    [Toc]    [Back]

     The auth_approval(), auth_usercheck(), auth_userokay(), and
     auth_userchallenge()   functions    call    getpwnam()    or
getpwuid(), overwriting
     the  static  storage  used by the getpwent(3) family of routines.  The calling
 program must either make a  local  copy  of  the  passwd
struct pointer
     via  the  pw_dup(3)  function  or,  for  auth_approval() and
auth_usercheck()
     only, use the auth_setpwd(3) function  to  copy  the  passwd
struct into a
     BSD  Authentication  session  structure  which  can  then be
passed to
     auth_approval() or auth_usercheck().

OpenBSD     3.6                          March      26,      1997
[ Back ]
 Similar pages
Name OS Title
auth_check_change OpenBSD interface to the BSD Authentication system
auth_clroptions OpenBSD interface to the BSD Authentication system
auth_clroption OpenBSD interface to the BSD Authentication system
auth_clrenv OpenBSD interface to the BSD Authentication system
auth_close OpenBSD interface to the BSD Authentication system
bsd_auth OpenBSD interface to the BSD Authentication system
auth_clean OpenBSD interface to the BSD Authentication system
auth_challenge OpenBSD interface to the BSD Authentication system
auth_setdata OpenBSD interface to the BSD Authentication system
auth_check_expire OpenBSD interface to the BSD Authentication system
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service