GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
LOGIN_OK(3) FreeBSD Library Functions Manual LOGIN_OK(3)

auth_ttyok, auth_hostok, auth_timeokfunctions for checking login class based login restrictions

System Utilities Library (libutil, -lutil)

#include <sys/types.h>
#include <time.h>
#include <login_cap.h>

int
auth_ttyok(login_cap_t *lc, const char *tty);

int
auth_hostok(login_cap_t *lc, const char *host, char const *ip);

int
auth_timeok(login_cap_t *lc, time_t t);

This set of functions checks to see if login is allowed based on login class capability entries in the login database, login.conf(5).

The () function checks to see if the named tty is available to users of a specific class, and is either in the ttys.allow access list, and not in the ttys.deny access list. An empty ttys.allow list (or if no such capability exists for the given login class) logins via any tty device are allowed unless the ttys.deny list exists and is non-empty, and the device or its tty group (see ttys(5)) is not in the list. Access to ttys may be allowed or restricted specifically by tty device name, a device name which includes a wildcard (e.g. ttyD* or cuaD*), or may name a ttygroup, when group=<name> tags have been assigned in /etc/ttys. Matching of ttys and ttygroups is case sensitive. Passing a NULL or empty string as the tty parameter causes the function to return a non-zero value.

The () function checks for any host restrictions for remote logins. The function checks on both a host name and IP address (given in its text form, typically n.n.n.n) against the and login class capabilities. As with ttys and their groups, wildcards and character classes may be used in the host allow and deny capability records. The fnmatch(3) function is used for matching, and the matching on hostnames is case insensitive. Note that this function expects that the hostname is fully expanded (i.e., the local domain name added if necessary) and the IP address is in its canonical form. No hostname or address lookups are attempted.

It is possible to call this function with either the hostname or the IP address missing (i.e. NULL) and matching will be performed only on the basis of the parameter given. Passing NULL or empty strings in both parameters will result in a non-zero return value.

The () function checks to see that a given time value is within the times.allow login class capability and not within the times.deny access lists. An empty or non-existent times.allow list allows access at any time, except if a given time is falls within a period in the times.deny list. The format of time period records contained in both times.allow and times.deny capability fields is explained in detail in the login_times(3) manual page.

A non-zero return value from any of these functions indicates that login access is granted. A zero return value means either that the item being tested is not in the access list, or is within the access list.

getcap(3), login_cap(3), login_class(3), login_times(3), login.conf(5), termcap(5)

The functions auth_ttyok(), auth_hostok()
and auth_timeok() functions first appeared in FreeBSD 2.1.5.

May 10, 2020 FreeBSD 14.3-RELEASE
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.