rainlance
/
AmiTCP-SDK
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
AmiTCP-SDK/doc/usergroup.doc

1321 lines
44 KiB
Plaintext
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

TABLE OF CONTENTS
usergroup.library/--background--
usergroup.library/--Licence--
usergroup.library/crypt
usergroup.library/getcredentials
usergroup.library/getgrent
usergroup.library/getgroups
usergroup.library/getlastlog
usergroup.library/getlogin
usergroup.library/getpass
usergroup.library/getpwent
usergroup.library/getspgrp
usergroup.library/getuid
usergroup.library/getumask
usergroup.library/getutent
usergroup.library/initgroups
usergroup.library/MU2UG
usergroup.library/setgroups
usergroup.library/setlastlog
usergroup.library/setlogin
usergroup.library/setsid
usergroup.library/setuid
usergroup.library/ug_GetConsoleName
usergroup.library/ug_GetErr
usergroup.library/ug_GetSalt
usergroup.library/ug_OnConsole
usergroup.library/ug_SetupContextTags
usergroup.library/ug_StrError
usergroup.library/umask
usergroup.library/--background-- usergroup.library/--background--
WARNING
Unfortunately, this experimental release of usergroup.library is not
compatible with multiuser.library. There are some problems with
multiuser.library, eg. the multiuser.library does not support the
real ids. Also the password format is different, multiuser.library
uses the AS225r2 password format, which is very simple encoding.
The usergroup.library uses the standard Unix password encryption.
The current implementation of this model is very simple. All tasks
belong to one session and they share common credentials. The
setsid() function call does nothing. You are supposed to log in
using "login -f login-name" when the machine is booted.
PURPOSE
When the AmiTCP/IP was originally released, a little attention was
paid to the security aspects. Since the AmigaOS is basically a
single user operating system with little or no provisions for
multiple users, there was no standard how accounts, password
checking and access control should be implemented.
USERGROUP.LIBRARAY SEMANTICS
The usergroup.library provides a BSD-stylish interface to the user
and group identification, the account database, the group databases,
password checking and login information. Since it is a shared
library instead of link library, the underlying security mechanisms
can be changed according future standards and needs. The
usergroup.library provides quite clean basic model. Each process has
credentials, which consist of real used ID, real group ID, effective
user ID and up to 32 effective group IDs. The process credentials
can be changed with setuid()/setgid()/setgroups() functions.
Each process belongs also to an session. A new session will created
with setsid() function call, which is typically executed before you
call command or when you create a new connection. A session
contains the login name of the user and possibly some other
information.
The information about users logging in and out is typically stored
into a file in Unix systems. These files (in BSD Net2 release they
are /var/run/utmp and /var/log/wtmp) are usually very long and
contain holes. Since the AmigaDOS files cannot contain holes, this
approach is not practical. The usergroup.library provides an
loosely HP-UX-stylish interface to the utmp and lastlogin databases.
The utmp database contains an entry for each session, it is searched
in linear manner qith getutent(). The lastlogin database contains
an entry for each user and getlastlogin() returns an entry for given
UID.
The usergroup.library does not directly depend on AmiTCP/IP. It can
be used with any program needing user identification, account and
group databases.
USING USERGROUP.LIBRARY
Each time the usergroup.library is opened, it creates an new
instance of the library base. The library base contains the static
data buffers used by many library functions. The usergroup.library
functions behave exactly like they were in link library. The
functions allocate all resources for you, the library also frees the
resources when they are no more needed.
Since each library contains static data and resources allocated in
the context of calling task (ie. signals), only the task which
opened the library is allowed to call most library functions.
However, any task whatsoever can call following functions:
getuid() geteuid() getgid() getegid() getsid()
These functions return the credentials of calling task.
It is also possible to call following functions from any task.
However, note that a non-owning tasks cannot recover error codes:
getgroups() setreuid() setuid() setregid() setgid() setgroups()
setsid() setlogin()
It is possible to give the library instance to another task. Only
the current owner can close the library.
The user and group information is provided by netinfo.device.
It is more convenient interface to user and group databases
for multitasking applications.
EXAMPLE PROGRAMS
There are a few utilities provided as examples. The finger programs
deals with user (password), utmp and lastlog database, the id and
whoami with user and group identification, login and passwd with
password checking and password changing.
SEE ALSO
netinfo.device/--background--, ug_SetupContextTags(),
SAS C Manual, libinit.c and libinitr.o
COPYRIGHT
Copyright <20> 1980--1991 The Regents of the University of California.
Copyright <20> 1993, 1994 AmiTCP/IP Group,
Network Solutions Development Inc., Finland.
usergroup.library/--Licence-- usergroup.library/--Licence--
USERGROUP.LIBRARY LICENCE
The usergroup.library is Copyright <20> 1993, 1994 AmiTCP/IP Group,
Network Solutions Development Inc., Finland.
The usergroup.library contains source code from 4.3BSD Net2 release.
The 4.3BSD Net2 release is copyright <20> 1980 --- 1991 The Regents of
the University of California. The following licence apply to the
usergroup.library and its documentation:
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
3. All advertising materials mentioning features or use of this
software must display the following acknowledgement: This product
includes software developed by the University of California,
Berkeley and its contributors.
4. Neither the name of the University nor the names of its
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS''
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
usergroup.library/crypt usergroup.library/crypt
NAME
crypt - password encryption with DES
SYNOPSIS
result = crypt(key, setting);
D0 A0 A1
char *crypt(const char *, const char *)
FUNCTION
The crypt function performs password encryption. It is derived from
the NBS Data Encryption Standard. Additional code has been added to
deter key search attempts.
INPUTS
key - a NUL-terminated string (normally a password typed by a user).
setting - a character array, 9 bytes in length, consisting of an
underscore (`_') followed by 4 bytes of iteration count
and 4 bytes of salt. Both the iteration count and the
salt are encoded with 6 bits per character, least
significant bits first. The values 0 to 63 are encoded by
the characters `./0-9A-Za-z', respectively.
The salt is used to induce disorder in to the DES algorithm in one
of 16777216 possible ways (specifically, if bit i of the salt is set
then bits i and i+24 are swapped in the DES `E' box output). The
key is divided into groups of 8 characters (a short final group is
null-padded) and the low-order 7 bits of each each character (56
bits per group) are used to form the DES key as follows: the first
group of 56 bits becomes the initial DES key. For each additional
group, the XOR of the group bits and the encryption of the DES key
with itself becomes the next DES key. Then the final DES key is
used to perform count cumulative encryptions of a 64-bit constant.
RESULTS
result - a NUL-terminated string, 20 bytes in length, consisting of
the setting followed by the encoded 64-bit encryption.
NOTE
For compatibility with Version 7 UNIX version of crypt(), the
setting may consist of 2 bytes of salt, encoded as above, in which
case an iteration count of 25 is used, fewer perturbations of DES
are available, at most 8 characters of key are used, and the
returned value is a NUL-terminated string 13 bytes in length.
HISTORY
A rotor-based crypt() function appeared in Version 6 AT&T UNIX. The
current style crypt() first appeared in Version 7 AT&T UNIX.
BUGS
The crypt() function leaves its result in an internal static object
and returns a pointer to that object. Subsequent calls to crypt()
will modify the same object.
SEE ALSO
netutil/login, netutil/passwd, getpass(), netinfo.device/passwd
Wayne Patterson, Mathematical Cryptology for Computer Scientists and
Mathematicians, ISBN 0-8476-7438-X, 1987.
R. Morris, and Ken Thompson, "Password Security: A Case History",
Communications of the ACM, vol. 22, pp. 594-597, Nov. 1979.
M.E. Hellman, "DES will be Totally Insecure within Ten Years", IEEE
Spectrum, vol. 16, pp. 32-39, July 1979.
usergroup.library/getcredentials usergroup.library/getcredentials
NAME
getcredentials -- get credentials of given task. (V4)
SYNOPSIS
#include <libraries/usergroup.h>
credentials = getcredentials(task)
D0 A0
struct UserGroupCredentials *getcredentials(struct Task *);
FUNCTION
The function getcredentials() returns all credentials of the given
task. The credentials include real and effective user and group IDs,
umask, login name and session ID. If the task pointer is NULL, the
credentials of current task are returned.
RESULT
A getcredentials() function returns a valid pointer to structure
UserGroupCredentials on success and a null pointer if an error
occurs.
ERRORS
[EINVAL] An illegal task pointer was specified.
BUGS
This function leave its result in an internal static object and
return a pointer to that object. Subsequent calls to this function
will modify the same object.
SEE ALSO
usergroup.library/getgrent usergroup.library/getgrent
NAME
getgrgid, getgrnam, getgrent, setgrent, endgrent
- group database operations
SYNOPSIS
#include <grp.h>
groupent = getgrgid(gid)
D0 D0
struct group *getgrgid(gid_t);
groupent = getgrnam(name)
D0 A1
struct group *getgrnam(const char *);
groupent = getgrent()
D0
struct group *getgrent(void);
setgrent()
void setgrent(void);
endgrent()
void endgrent(void);
FUNCTION
These functions operate on the group database via netinfo.device
interface. They provide a convenient unix-compatible interface to
the group unit of the netinfo.device.
The local group database is stored in the file AmiTCP:db/group, its
format is described in netinfo.device/group. The entry returned by
each reading function is defined by the structure group found in the
include file <grp.h>:
struct group
{
char *gr_name; /* Group name. */
char *gr_passwd; /* Password. */
gid_t gr_gid; /* Group ID. */
char **gr_mem; /* Member list. */
};
The functions getgrnam() and getgrgid() search the group database
for the given group name pointed to by name or the group id pointed
to by gid, respectively, returning the first one encountered.
Identical group names or group gids may result in undefined
behavior.
The getgrent() function sequentially reads the group database and is
intended for programs that wish to step through the complete list of
groups.
All three routines will open the group unit of netinfo.device for
reading, if necesssary.
The setgrent() function opens the group unit of netinfo.device. The
endgrent() function closes the group unit of netinfo.device. It is
recommended to call endgrent() if the program won't access group
database any more.
RESULTS
The functions getgrent(), getgrnam(), and getgrgid(), return a
pointer to the group entry if successful; if the end of database is
reached or an error occurs a null pointer is returned. The
functions endgrent() and setgrent() have no return value.
ERRORS
[ENOENT] -- the netinfo.device could not be opened.
Other netinfo.device IO errors can be retrieved by ug_GetErr().
FILES
AmiTCP:db/group The group database file
SEE ALSO
getpwnam(), netinfo.device/group
HISTORY
The functions getgrgid(), getgrnam(), getgrent(), setgrent() and
endgrent() appeared in Version 7 AT&T UNIX.
BUGS
These functions leave their results in an internal static object and
return a pointer to that object. Subsequent calls to the same
function will modify the same object. If you need re-entrant
operation, you can use directly the netinfo.device commands.
COMPATIBILITY
The BSD passwd database handling routines setgrfile() and
setgroupent() are fairly useless in a networked environment and they
are not implemented.
usergroup.library/getgroups usergroup.library/getgroups
NAME
getgroups - get group access list
SYNOPSIS
len = getgroups(gidsetlen, gidset[])
D0 D0 A0
int getgroups(int, gid_t *);
FUNCTION
Getgroups() gets the current group access list of the user process
and stores it in the array gidset. The parameter gidsetlen indicates
the number of entries that may be placed in gidset. The function
getgroups() returns the actual number of groups returned in gidset.
No more than NGROUPS, as defined in <libraries/usergroup.h>, will
ever be returned.
RESULT
A successful call returns the number of groups in the group set. A
value of -1 indicates that the argument gidsetlen is smaller than
the number of groups in the group set.
ERRORS
[EINVAL] The argument gidsetlen is smaller than the number of
groups in the group set.
[EFAULT] The argument gidset specifies an invalid address.
SEE ALSO
setgroups(), initgroups(), getgid(), getegid()
HISTORY
The getgroups function call appeared in 4.2BSD.
usergroup.library/getlastlog usergroup.library/getlastlog
NAME
getlastlog - get lastlog database entry
SYNOPSIS
#include <utmp.h>
lastlog = getlastlog(uid)
D0 D0
struct lastlog *getlastlog(uid_t);
FUNCTION
The getlastlog() function search the lastlog database for the given
user id. There should be an lastlog entry for each user. A lastlog
entry with ll_time being zero means that user has never logged in
this system.
The entry returned by getlastlog is defined by the structure lastlog
found in the include file <utmp.h>:
struct lastlog {
long ll_time; /* the login time */
uid_t ll_uid; /* user ID */
char ll_name[UT_NAMESIZE]; /* the login name */
char ll_line[UT_LINESIZE]; /* the name of login device */
char ll_host[UT_HOSTSIZE]; /* where the login originated */
};
RESULTS
The function getlastlog() returns a pointer to the lastlog entry if
successful; if an error occurs a null pointer is returned.
ERRORS
[ENOENT] -- no lastlog entry was found
[EINVAL] -- the user ID was illegal
SEE ALSO
setlastlog()
BUGS
The getlastlog() function leaves its result in an internal static
object and return a pointer to that object. Subsequent calls to the
same function will modify the same object.
Current implementation stores only the lastlog data of the latest
user logged in.
usergroup.library/getlogin usergroup.library/getlogin
NAME
getlogin - get login name
SYNOPSIS
name = getlogin()
D0
char *getlogin(void)
FUNCTION
The getlogin() routine returns the login name of the user associated
with the current session, as previously set by setlogin(). The name
is normally associated with a console at the time a session is
created, and is inherited by all processes descended from the login
process. (This is true even if some of those processes assume
another user ID, for example when su is used.)
INPUTS
RESULT
name - pointer to login name
SEE ALSO
setlogin()
usergroup.library/getpass usergroup.library/getpass
NAME
getpass - get a password
SYNOPSIS
password = getpass(prompt)
D0 A1
char *getpass(const char *);
FUNCTION
The getpass() function displays a prompt to, and reads in a password
from "CONSOLE:". If this device is not accessible, getpass()
displays the prompt on the standard error output and reads from the
standard input.
The password may be up to _PASSWORD_LEN (currently 128) characters
in length. Any additional characters and the terminating newline
character are discarded.
Getpass turns off character echoing while reading the password.
RESULT
password - a pointer to the null terminated password
FILES
Special device "CONSOLE:"
SEE ALSO
crypt()
HISTORY
A getpass function appeared in Version 7 AT&T UNIX.
BUGS
The getpass function leaves its result in an internal static object
and returns a pointer to that object. Subsequent calls to getpass
will modify the same object.
The calling program should zero the password as soon as possible to
avoid leaving the cleartext password visible in the memory.
usergroup.library/getpwent usergroup.library/getpwent
NAME
getpwent, getpwnam, getpwuid, setpwent, endpwent
- password database operations
SYNOPSIS
#include <pwd.h>
pw = getpwuid(uid)
D0 D0
struct passwd *getpwuid(uid_t);
pw = getpwnam(name)
D0 A1
struct passwd *getpwnam(const char *);
pw = getpwent()
D0
struct passwd *getpwent(void);
setpwent()
void setpwent(void);
endpwent()
void endpwent(void);
FUNCTION
These functions operate on the user database via netinfo.device
interface. They provide convenient unix-compatible interface to the
password unit of the netinfo.device.
The local password database is stored in the file AmiTCP:db/passwd,
its format is described in netinfo.device/passwd. The entry
returned by each reading function is defined by the structure passwd
found in the include file <pwd.h>:
struct passwd
{
char *pw_name; /* Username */
char *pw_passwd; /* Encrypted password */
pid_t pw_uid; /* User ID */
gid_t pw_gid; /* Group ID */
char *pw_gecos; /* Real name etc */
char *pw_dir; /* Home directory */
char *pw_shell; /* Shell */
};
The functions getpwnam() and getpwuid() search the password database
for the given login name or user uid, respectively, always returning
the first one encountered.
The getpwent() function sequentially reads the password database and
is intended for programs that wish to process the complete list of
users.
All three routines will open the password unit of netinfo.device for
reading, if necesssary.
The setpwent() function opens the password unit of netinfo.device.
The endpwent() function closes the password unit of netinfo.device.
It is recommended to call endpwent() if the program won't access
password database any more.
RESULTS
The functions getpwent(), getpwnam() and getpwuid() return a valid
pointer to a passwd structure on success and a null pointer if end
of database is reached or an error occurs. The functions endpwent()
and setpwent() have no return value.
ERRORS
[ENOENT] -- the netinfo.device could not be opened.
Other netinfo.device IO errors can be retrieved by ug_GetErr().
FILES
AmiTCP:db/passwd The password database file
SEE ALSO
getgrent(), netinfo.device/passwd
HISTORY
The functions getpwent(), getpwnam(), getpwuid(), setpwent() and
endpwent() functions appeared in Version 7 AT&T UNIX.
BUGS
These functions leave their results in an internal static object and
return a pointer to that object. Subsequent calls to these function
will modify the same object. If you need re-entrant operation, you
should use directly the netinfo.device.
COMPATIBILITY
The BSD passwd database handling routines setpwfile() and
setpassent() are fairly useless in a networked environment and they
are not implemented.
usergroup.library/getspgrp usergroup.library/getspgrp
NAME
getpgrp - get process group identification
SYNOPSIS
#include <libraries/usergroup.h>
sessionid = getpgrp()
D0
pid_t getpgrp(void);
FUNCTION
The getpgrp() function returns the process group id for the current
process. Currently, the process group ID is the same as the session
ID. The 0 is valid process group ID for console session.
RESULTS
Upon successful completion, the value of the process group ID is
returned. Otherwise, a value of -1 is returned and an error code is
stored to global errno location.
ERRORS
[ESRCH] The calling process don't belong to any process group.
SEE ALSO
setsid(), exec.library/FindTask()
usergroup.library/getuid usergroup.library/getuid
NAME
getuid, geteuid - get user process identification
getgid, getegid - get group process identification
SYNOPSIS
ruid = getuid()
D0
uid_t getuid(void);
euid = geteuid()
D0
uid_t geteuid(void);
rgid = getgid()
D0
gid_t getgid(void);
egid = getegid()
D0
gid_t getegid(void);
FUNCTION
The getuid() function returns the real user ID of the calling
process, geteuid() returns the effective user ID of the calling
process.
The getgid() function returns the real group ID of the calling
process, getegid() returns the effective group ID of the calling
process.
The real user ID and real group ID is specified at login time.
The real ID is the ID of the user who invoked the program. As the
effective user and gourp ID gives the process additional permissions
during the execution of `set-user-ID' or `set-group-ID' mode
programs, functions getgid() and getuid () are used to determine the
real-ids of the calling process.
RESULT
The getuid(), geteuid(), getgid(), and getegid() functions are
always successful, and no return value is reserved to indicate an
error.
NOTES
Any task can call these functions
SEE ALSO
getgroups(), setuid(), setreuid(), setgid(), setregid(), setgroups()
usergroup.library/getumask usergroup.library/getumask
NAME
getumask - get file creation mode mask
SYNOPSIS
#include <sys/stat.h>
oldmask = getumask()
D0
mode_t getumask(void);
FUNCTION
The getumask() routine sets the process's file mode creation mask to
numask and returns the previous value of the mask. The 9 low-order
access permission bits of numask are used by Unix-compatible
filesystems, for examble by NFS, to turn off corresponding bits
requested in file mode.
RESULT
The value of the file mode mask is returned by the call.
ERRORS
The getumask() function is always successful.
SEE ALSO
umask()
usergroup.library/getutent usergroup.library/getutent
NAME
getutsid, getutent, setutent, endutent - utmp database operations
SYNOPSIS
#include <utmp.h>
utmpent = getutsid(sid)
D0 D0
struct utmp *getutsid(long);
utmpent = getutent()
D0
struct utmp *getutent(void);
setutent()
void setutent(void);
endutent()
void endutent(void);
FUNCTION
These functions operate on the utmp database. There is an utmp
entry for each active session. A session is started with login
command and finished with logout command.
The entry returned by each reading function is defined by the
structure utmp found in the include file <utmp.h>:
struct utmp {
long ut_time; /* the login time */
long ut_sid; /* session ID */
char ut_name[UT_NAMESIZE]; /* the login name */
char ut_line[UT_LINESIZE]; /* the name of login device */
char ut_host[UT_HOSTSIZE]; /* where the login originated */
};
The getutsid() function search the utmp database for the given
session id, returning the first one encountered. The getutent()
function sequentially reads the utmp database. Both functions also
open the utmp database, if necessary.
The setutent() function opens the utmp database. The
endutent() function closes the utmp database. It is
recommended to call endutent() if the program won't access
utmp database any more.
RESULTS
The functions getutsid() and getutent() return a pointer to the utmp
entry if successful; if the end of database is reached or an error
occurs a null pointer is returned. The functions endutent() and
setutent() have no return value.
ERRORS
[ENOENT] -- no utmp entries were available.
SEE ALSO
BUGS
The getutent() and getutsid() function leave their result in an
internal static object and return a pointer to that object.
Subsequent calls to the same function will modify the same object.
Current implementation allows only one user to be logged in
concurrently.
usergroup.library/initgroups usergroup.library/initgroups
NAME
initgroups - initialize group access list
SYNOPSIS
error = initgroups(name, basegid)
D0 A0 D0
int initgroups(const char *, gid_t);
FUNCTION
The initgroups() function reads through the group file and sets up,
the group access list for the user specified in name. The basegid is
automatically included in the groups list. Typically this value is
given as the group number from the password file.
RESULT
The initgroups() function returns -1 if the process has got no
necessary privileges, zero if the call is succesful.
FILES
AmiTCP:db/group
SEE ALSO
setgroups()
HISTORY
The initgroups function appeared in 4.2BSD.
usergroup.library/MU2UG usergroup.library/MU2UG
NAME
MU2ID - macro converting MultiUser id to usergroup id
ID2MU - macro converting usergroup id to MultiUser id
SYNOPSIS
ug_id = MU2ID(mu_id)
mu_id = ID2MU(ug_id)
FUNCTION
These macros are used to convert between different user ID
formats. The mu_id is in the format used by MultiUser filesystem
and multiuser.library. The ug_id is the format used by Unix and
usergroup.library.
Most of the id values are identical in usergroup.library and
multiuser.library. However, these two exceptions have values as
follows:
usergroup.library multiuser.library
super-user 0 65535
nobody -2 0
INPUTS AND RESULTS
mu_id - user ID in MultiUser format.
ug_id - user ID in usergroup format.
BUGS
The usergroup id values that won't fit into UWORD are truncated.
SEE ALSO
usergroup.library/setgroups usergroup.library/setgroups
NAME
setgroups - set group access list
SYNOPSIS
success = setgroups(ngroups, gidset)
D0 D0 A0
int setgroups(int, const gid_t *);
FUNCTION
Setgroups() sets the group access list of the current user process
according to the array gidset. The parameter ngroups indicates the
number of entries in the array and must be no more than NGROUPS, as
defined in <libraries/usergroup.h>.
Only the super-user may set new groups. The super-user can not
set illegal groups (-1).
RESULT
A 0 value is returned on success, -1 on error, with an error
code stored in errno and available with ug_GetErr() function.
ERRORS
[EINVAL] An illegal group id was specified.
[EPERM] The caller has got no necessary privileges.
[EFAULT] The address specified for gidset is illegal.
NOTES
Any task can call this function.
SEE ALSO
getgroups(), initgroups()
usergroup.library/setlastlog usergroup.library/setlastlog
NAME
setlastlog - login an user
SYNOPSIS
#include <utmp.h>
lastlogin = setlastlog(uid, name, console, host)
struct lastlog setlastlog(uid_t, char *, char *, char *);
FUNCTION
The setlastlog function is used to register user logging in. Each
time a user is logging in, the function setlastlog() should be
called to register that event.
INPUTS
uid -- the uid of user logging in
name -- the user login name
console -- the console handler name (from ug_GetConsole())
host -- the host which the user is logging in from
RESULTS
The setlastlog() function returns an success indicator, 0 if the
call was successful, -1 otherwise. The error code is set if an
error occurs.
ERRORS
The setlastlog() can have following error codes:
[EFAULT] -- the utmp entry cannot be accessed
[ENOMEM] -- the memory has been exhausted
[ENOENT] -- cannot access utmp database
BUGS
Current implementation stores only the lastlog data of the latest
user logged in.
FILES
SEE ALSO
getutent(), getlastlog()
usergroup.library/setlogin usergroup.library/setlogin
NAME
setlogin - set login name
SYNOPSIS
success = setlogin(name)
D0 A1
int setlogin(const char *);
FUNCTION
The function setlogin() sets the login name of the user associated
with the current session to name. This call is restricted to the
super-user, and is normally used only when a new session is being
created on behalf of the named user (for example, at login time, or
when a remote shell is invoked).
INPUTS
name - Buffer to hold login name
RESULT
If a call to setlogin() succeeds, a value of 0 is returned. If
setlogin() fails, a value of -1 is returned and an error code is
placed into global errno location.
ERRORS
[EPERM] - The caller has got no necessary privileges.
[EFAULT] - The name parameter gave an invalid address.
[EINVAL] - The name parameter pointed to a string that was too long.
Login names are limited to MAXLOGNAME (from <sys/param.h>)
characters, currently 16.
BUGS
SEE ALSO
getlogin()
usergroup.library/setsid usergroup.library/setsid
NAME
setsid - create a new session
SYNOPSIS
#include <unistd.h>
sessionid = setsid()
D0
pid_t setsid(void);
FUNCTION
The setsid() function creates a new session when the calling
process is not a process group leader. The calling process
then becomes the session leader of this session and the only
process in the new session.
RESULTS
Upon successful completion, the value of the new session ID is
returned. Otherwise, a value of -1 is returned and an error
code is stored to global errno location.
ERRORS
[EPERM] The calling process is already a session leader.
SEE ALSO
getpgrp()
usergroup.library/setuid usergroup.library/setuid
NAME
setuid, setreuid - set real and effective user ID's
setgid, setregid - set real and effective group ID's
SYNOPSIS
success = setuid(uid)
D0 D0
int setuid(uid_t);
success = setreuid(ruid, euid);
D0 D0 D1
int setreuid(uid_t, uid_t);
success = setgid(gid)
D0 D0
int setgid(gid_t);
success = setregid(ruid, euid)
D0 D0 D1
int setregid(gid_t ruid, gid_t euid);
FUNCTION
The real and effective ID's of the current process are set according
to the arguments. If ruid or euid is -1, the current uid is filled
in by the system. Unprivileged users may change the real ID to the
effective ID and vice-versa; only the super-user may make other
changes.
RETURN VALUES
Upon successful completion, a value of 0 is returned. Otherwise, a
value of -1 is returned and errno is set to indicate the error.
ERRORS
[EPERM] The current process is not the super-user and a change
other than changing the effective id to the real id was
specified.
SEE ALSO
getuid(), getgid(), geteuid(), getegid()
NOTES
Any task can call these functions.
HISTORY
A setuid() and setgid() function calls appeared in Version 6 AT&T
UNIX. The setreuid() and setregid() function calls appeared in
4.2BSD.
usergroup.library/ug_GetConsoleName usergroup.library/ug_GetConsoleName
NAME
ug_GetConsoleName --- Get Console Identifier
SYNOPSIS
name = ug_GetConsoleName(fh, buffer, size)
D0 D0 A0 D1
UBYTE * ug_GetConsoleName(BPTR, UBYTE *, ULONG)
FUNCTION
Get a unique printable identifier for the interactive filehandle.
This identifier is usually the task name of handler concatenated
with message port address.
INPUTS
fh - An interactive filehandle
buffer - Buffer to hold console identifier
size - Number of bytes in buffer.
RESULT
name - If call is successful, pointer to buffer. NULL if
error.
BUGS
May not get the proprer console name for all different console
handlers.
SEE ALSO
dos.library/GetConsoleTask()
usergroup.library/ug_GetErr usergroup.library/ug_GetErr
NAME
ug_GetErr - get current error code
SYNOPSIS
error = ug_GetErr(void)
D0
int ug_GetErr(void)
FUNCTION
Most usergroup.library functions return -1 to indicate an error.
When this happens (or whatever the defined error return for the
routine) this routine may be called to determine more information.
The default startup function will redirect the error codes also into
the global variable `errno'.
Note: there is no guarantee as to the value returned from ug_GetErr()
after a successful operation.
RESULTS
error - error code
SEE ALSO
ug_StrError(), ug_SetupContextTags(), dos.library/IoErr()
usergroup.library/ug_GetSalt usergroup.library/ug_GetSalt
NAME
ug_GetSalt - generate password encryption setting for an user
SYNOPSIS
setting = ug_GetSalt(passwd, buffer, size);
D0 A0 A1 D0
UBYTE *ug_GetSalt(const struct passwd *, UBYTE *, ULONG);
FUNCTION
This function generates a setting parameter, which is used to
configure the password encryption process. If an old entry exists,
the new salt depends on it.
The particular salt format depends on the system security level.
INPUTS
passwd - the old passwd entry for the user, or NULL if there is none.
buffer - address of character array, which the new salt is stored
in.
size - the number of bytes in the buffer. The buffer should be at
least 12 bytes long.
RETURN VALUE
Pointer to the buffer, or NULL if the buffer is too small.
NOTE
By default the Version 7 UNIX compatible setting is generated.
SEE ALSO
crypt()
usergroup.library/ug_OnConsole usergroup.library/ug_OnConsole
NAME
ug_OnConsole - check whether session is on local console
SYNOPSIS
result = ug_OnConsole(void)
D0
BOOL ug_OnConsole(void)
FUNCTION
Check if the user is logged on local console.
RESULT
result - 1 if the user is on console,
0 otherwise.
BUGS
Currently checking is done depending on the process window pointer.
SEE ALSO
usergroup.library/ug_SetupContextTags usergroup.library/ug_SetupContextTags
NAME
ug_SetupContextTagList - Set up the caller context
ug_SetupContextTags - varargs stub for ug_SetupContextTagList
SYNOPSIS
success = ug_SetupContextTagList(taglist)
D0 A1
ULONG ug_SetupContextTagList(struct TagItem *);
success = ug_SetupContextTags(...)
ULONG ug_SetupContextTags(LONG tag, ...);
FUNCTION
The function ug_SetupContextTags() will prepare the library caller
context.
INPUTS
taglist - pointer to taglist
Currently, there are defined tags as follows:
UGT_ERRNOPTR - gives the pointer to the errno variable. The error
variable is redirected to the scope of the task. If
the pointer is NULL, no redirection is done anymore.
UGT_ERRNOSIZE - specifies the size of the errno variable. Legal
values are 1, 2 and 4. The UGT_ERRNOSIZE must be
given with same call if the UGT_ERRNOPTR is given a
non-NULL value.
UGT_INTRMASK - specifies the interrupt signal mask. All blocking
library calls will be interrrupted when a signal in
the break mask is received. The signals in the
`mask' are not cleared when a library call is
interrupted. The signals in INTRMASK should be
allocated in the context of the owning task.
UGT_OWNER - changes the owner of this library instance. The
UGT_OWNET tagData must be a valid task pointer or
NULL. If the pointer is NULL, the library will have
no owner and any task can become owner by calling
ug_SetupContextTagList(UGT_OWNER, FindTask(NULL),
TAG_END) ;
Most of the library calls are allowed only for the
owner of library. Only the owner can CloseLibrary()
this library.
RESULT
If the call is successfull, value of 0 is returned. Otherwise the
value -1 is returned. Old context is cleared, if an error occurs.
The error code can be retrieved with function ug_GetErr().
ERRORS
[EINVAL] An illegal input value was specified.
BUGS
Strange and unusual things will happen if the signal allocated for
the use of the library is included in the mask.
SEE ALSO
ug_GetErr(), --background--
usergroup.library/ug_StrError usergroup.library/ug_StrError
NAME
ug_StrError - Return the text associated with error code
SYNOPSIS
text = ug_StrError(code)
D0 D1
const char *ug_StrError(LONG);
FUNCTION
The strerror() function maps the error number specified by the
errnum parameter to a language-dependent error message string, and
returns a pointer to the string. The string pointed to by the
return value should not be modified by the program, but may be
overwritten by a subsequent call to this function.
INPUTS
code - error code returned by ug_GetErr() function.
RESULT
text - text associated with the error code.
NOTES
The current implementation will understands also the negative IO
error codes.
BUGS
Currently only language available is English.
SEE ALSO
ug_GetErr()
usergroup.library/umask usergroup.library/umask
NAME
umask - set file creation mode mask
SYNOPSIS
#include <sys/stat.h>
oldmask = umask(newmask)
D0 D0
mode_t umask(mode_t);
FUNCTION
The umask() routine sets the process's file mode creation mask to
numask and returns the previous value of the mask. The 9 low-order
access permission bits of numask are used by Unix-compatible
filesystems, for examble by NFS, to turn off corresponding bits
requested in file mode. This clearing allows each user to restrict
the default access to his files.
The default mask value is 022 (write access for owner only). Child
processes should inherit the mask of the calling process.
RESULT
The previous value of the file mode mask is returned by the call.
ERRORS
The umask() function is always successful.
SEE ALSO
getumask()
Reference in New Issue View Git Blame Copy Permalink