1 .\" Copyright (c) 1995 David Nugent <davidn@blaze.net.au>
2 .\" All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, is permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice immediately at the beginning of the file, without modification,
9 .\" this list of conditions, and the following disclaimer.
10 .\" 2. Redistributions in binary form must reproduce the above copyright
11 .\" notice, this list of conditions and the following disclaimer in the
12 .\" documentation and/or other materials provided with the distribution.
13 .\" 3. This work was done expressly for inclusion into FreeBSD. Other use
14 .\" is permitted provided this notation is included.
15 .\" 4. Absolutely no warranty of function or purpose is made by the author
17 .\" 5. Modifications may be freely made to this file providing the above
18 .\" conditions are met.
20 .\" $FreeBSD: src/lib/libutil/login_ok.3,v 1.7.2.4 2001/12/17 10:08:32 ru Exp $
21 .\" $DragonFly: src/lib/libutil/login_ok.3,v 1.2 2003/06/17 06:26:52 dillon Exp $
30 .Nd functions for checking login class based login restrictions
38 .Fn auth_ttyok "login_cap_t *lc" "const char *tty"
40 .Fn auth_hostok "login_cap_t *lc" "const char *host" "char const *ip"
42 .Fn auth_timeok "login_cap_t *lc" "time_t t"
44 This set of functions checks to see if login is allowed based on login
45 class capability entries in the login database,
49 checks to see if the named tty is available to users of a specific
50 class, and is either in the
52 access list, and not in
58 list (or if no such capability exists for
59 the give login class) logins via any tty device are allowed unless
62 list exists and is non-empty, and the device or its
66 Access to ttys may be allowed or restricted specifically by tty device
67 name, a device name which includes a wildcard (e.g. ttyD* or cuaD*),
68 or may name a ttygroup, when group=<name> tags have been assigned in
70 Matching of ttys and ttygroups is case sensitive.
73 or empty string as the
75 parameter causes the function to return a non-zero value.
78 checks for any host restrictions for remote logins.
79 The function checks on both a host name and IP address (given in its
80 text form, typically n.n.n.n) against the
84 login class capabilities.
85 As with ttys and their groups, wildcards and character classes may be
86 used in the host allow and deny capability records.
89 function is used for matching, and the matching on hostnames is case
91 Note that this function expects that the hostname is fully expanded
92 (i.e. the local domain name added if necessary) and the IP address
93 is in its canonical form.
94 No hostname or address lookups are attempted.
96 It is possible to call this function with either the hostname or
97 the IP address missing (i.e.\&
99 and matching will be performed
100 only on the basis of the parameter given.
103 or empty strings in both parameters will result in
104 a non-zero return value.
108 function checks to see that a given time value is within the
110 login class capability and not within the
113 An empty or non-existent
115 list allows access at any
116 time, except if a given time is falls within a period in the
119 The format of time period records contained in both
123 capability fields is explained in detail in the
127 A non-zero return value from any of these functions indicates that
128 login access is granted.
129 A zero return value means either that the item being tested is not
132 access list, or is within the