Network PC

home *** CD-ROM | disk | FTP | other *** search

/ Network PC / Network PC.iso / amiga utilities / communication / internet / amitcp3.0b / doc / usergroup.doc < prev

Wrap

Text File | 1997-11-21 | 44.0 KB | 1,321 lines

TABLE OF CONTENTS usergroup.library/--background-- usergroup.library/--Licence-- usergroup.library/crypt usergroup.library/getcredentials usergroup.library/getgrent usergroup.library/getgroups usergroup.library/getlastlog usergroup.library/getlogin usergroup.library/getpass usergroup.library/getpwent usergroup.library/getspgrp usergroup.library/getuid usergroup.library/getumask usergroup.library/getutent usergroup.library/initgroups usergroup.library/MU2UG usergroup.library/setgroups usergroup.library/setlastlog usergroup.library/setlogin usergroup.library/setsid usergroup.library/setuid usergroup.library/ug_GetConsoleName usergroup.library/ug_GetErr usergroup.library/ug_GetSalt usergroup.library/ug_OnConsole usergroup.library/ug_SetupContextTags usergroup.library/ug_StrError usergroup.library/umask usergroup.library/--background-- usergroup.library/--background-- WARNING Unfortunately, this experimental release of usergroup.library is not compatible with multiuser.library. There are some problems with multiuser.library, eg. the multiuser.library does not support the real ids. Also the password format is different, multiuser.library uses the AS225r2 password format, which is very simple encoding. The usergroup.library uses the standard Unix password encryption. The current implementation of this model is very simple. All tasks belong to one session and they share common credentials. The setsid() function call does nothing. You are supposed to log in using "login -f login-name" when the machine is booted. PURPOSE When the AmiTCP/IP was originally released, a little attention was paid to the security aspects. Since the AmigaOS is basically a single user operating system with little or no provisions for multiple users, there was no standard how accounts, password checking and access control should be implemented. USERGROUP.LIBRARAY SEMANTICS The usergroup.library provides a BSD-stylish interface to the user and group identification, the account database, the group databases, password checking and login information. Since it is a shared library instead of link library, the underlying security mechanisms can be changed according future standards and needs. The usergroup.library provides quite clean basic model. Each process has credentials, which consist of real used ID, real group ID, effective user ID and up to 32 effective group IDs. The process credentials can be changed with setuid()/setgid()/setgroups() functions. Each process belongs also to an session. A new session will created with setsid() function call, which is typically executed before you call command or when you create a new connection. A session contains the login name of the user and possibly some other information. The information about users logging in and out is typically stored into a file in Unix systems. These files (in BSD Net2 release they are /var/run/utmp and /var/log/wtmp) are usually very long and contain holes. Since the AmigaDOS files cannot contain holes, this approach is not practical. The usergroup.library provides an loosely HP-UX-stylish interface to the utmp and lastlogin databases. The utmp database contains an entry for each session, it is searched in linear manner qith getutent(). The lastlogin database contains an entry for each user and getlastlogin() returns an entry for given UID. The usergroup.library does not directly depend on AmiTCP/IP. It can be used with any program needing user identification, account and group databases. USING USERGROUP.LIBRARY Each time the usergroup.library is opened, it creates an new instance of the library base. The library base contains the static data buffers used by many library functions. The usergroup.library functions behave exactly like they were in link library. The functions allocate all resources for you, the library also frees the resources when they are no more needed. Since each library contains static data and resources allocated in the context of calling task (ie. signals), only the task which opened the library is allowed to call most library functions. However, any task whatsoever can call following functions: getuid() geteuid() getgid() getegid() getsid() These functions return the credentials of calling task. It is also possible to call following functions from any task. However, note that a non-owning tasks cannot recover error codes: getgroups() setreuid() setuid() setregid() setgid() setgroups() setsid() setlogin() It is possible to give the library instance to another task. Only the current owner can close the library. The user and group information is provided by netinfo.device. It is more convenient interface to user and group databases for multitasking applications. EXAMPLE PROGRAMS There are a few utilities provided as examples. The finger programs deals with user (password), utmp and lastlog database, the id and whoami with user and group identification, login and passwd with password checking and password changing. SEE ALSO netinfo.device/--background--, ug_SetupContextTags(), SAS C Manual, libinit.c and libinitr.o COPYRIGHT Copyright © 1980--1991 The Regents of the University of California. Copyright © 1993, 1994 AmiTCP/IP-Group, <AmiTCP-Group@hut.fi>, Helsinki University of Technology, Finland. usergroup.library/--Licence-- usergroup.library/--Licence-- USERGROUP.LIBRARY LICENCE The usergroup.library is Copyright © 1993, 1994 AmiTCP/IP-Group, <AmiTCP-Group@hut.fi>, Helsinki University of Technology, Finland. The usergroup.library contains source code from 4.3BSD Net2 release. The 4.3BSD Net2 release is copyright © 1980 --- 1991 The Regents of the University of California. The following licence apply to the usergroup.library and its documentation: Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the University of California, Berkeley and its contributors. 4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. usergroup.library/crypt usergroup.library/crypt NAME crypt - password encryption with DES SYNOPSIS result = crypt(key, setting); D0 A0 A1 char *crypt(const char *, const char *) FUNCTION The crypt function performs password encryption. It is derived from the NBS Data Encryption Standard. Additional code has been added to deter key search attempts. INPUTS key - a NUL-terminated string (normally a password typed by a user). setting - a character array, 9 bytes in length, consisting of an underscore (`_') followed by 4 bytes of iteration count and 4 bytes of salt. Both the iteration count and the salt are encoded with 6 bits per character, least significant bits first. The values 0 to 63 are encoded by the characters `./0-9A-Za-z', respectively. The salt is used to induce disorder in to the DES algorithm in one of 16777216 possible ways (specifically, if bit i of the salt is set then bits i and i+24 are swapped in the DES `E' box output). The key is divided into groups of 8 characters (a short final group is null-padded) and the low-order 7 bits of each each character (56 bits per group) are used to form the DES key as follows: the first group of 56 bits becomes the initial DES key. For each additional group, the XOR of the group bits and the encryption of the DES key with itself becomes the next DES key. Then the final DES key is used to perform count cumulative encryptions of a 64-bit constant. RESULTS result - a NUL-terminated string, 20 bytes in length, consisting of the setting followed by the encoded 64-bit encryption. NOTE For compatibility with Version 7 UNIX version of crypt(), the setting may consist of 2 bytes of salt, encoded as above, in which case an iteration count of 25 is used, fewer perturbations of DES are available, at most 8 characters of key are used, and the returned value is a NUL-terminated string 13 bytes in length. HISTORY A rotor-based crypt() function appeared in Version 6 AT&T UNIX. The current style crypt() first appeared in Version 7 AT&T UNIX. BUGS The crypt() function leaves its result in an internal static object and returns a pointer to that object. Subsequent calls to crypt() will modify the same object. SEE ALSO netutil/login, netutil/passwd, getpass(), netinfo.device/passwd Wayne Patterson, Mathematical Cryptology for Computer Scientists and Mathematicians, ISBN 0-8476-7438-X, 1987. R. Morris, and Ken Thompson, "Password Security: A Case History", Communications of the ACM, vol. 22, pp. 594-597, Nov. 1979. M.E. Hellman, "DES will be Totally Insecure within Ten Years", IEEE Spectrum, vol. 16, pp. 32-39, July 1979. usergroup.library/getcredentials usergroup.library/getcredentials NAME getcredentials -- get credentials of given task. (V4) SYNOPSIS #include <libraries/usergroup.h> credentials = getcredentials(task) D0 A0 struct UserGroupCredentials *getcredentials(struct Task *); FUNCTION The function getcredentials() returns all credentials of the given task. The credentials include real and effective user and group IDs, umask, login name and session ID. If the task pointer is NULL, the credentials of current task are returned. RESULT A getcredentials() function returns a valid pointer to structure UserGroupCredentials on success and a null pointer if an error occurs. ERRORS [EINVAL] An illegal task pointer was specified. BUGS This function leave its result in an internal static object and return a pointer to that object. Subsequent calls to this function will modify the same object. SEE ALSO usergroup.library/getgrent usergroup.library/getgrent NAME getgrgid, getgrnam, getgrent, setgrent, endgrent - group database operations SYNOPSIS #include <grp.h> groupent = getgrgid(gid) D0 D0 struct group *getgrgid(gid_t); groupent = getgrnam(name) D0 A1 struct group *getgrnam(const char *); groupent = getgrent() D0 struct group *getgrent(void); setgrent() void setgrent(void); endgrent() void endgrent(void); FUNCTION These functions operate on the group database via netinfo.device interface. They provide a convenient unix-compatible interface to the group unit of the netinfo.device. The local group database is stored in the file AmiTCP:db/group, its format is described in netinfo.device/group. The entry returned by each reading function is defined by the structure group found in the include file <grp.h>: struct group { char *gr_name; /* Group name. */ char *gr_passwd; /* Password. */ gid_t gr_gid; /* Group ID. */ char **gr_mem; /* Member list. */ }; The functions getgrnam() and getgrgid() search the group database for the given group name pointed to by name or the group id pointed to by gid, respectively, returning the first one encountered. Identical group names or group gids may result in undefined behavior. The getgrent() function sequentially reads the group database and is intended for programs that wish to step through the complete list of groups. All three routines will open the group unit of netinfo.device for reading, if necesssary. The setgrent() function opens the group unit of netinfo.device. The endgrent() function closes the group unit of netinfo.device. It is recommended to call endgrent() if the program won't access group database any more. RESULTS The functions getgrent(), getgrnam(), and getgrgid(), return a pointer to the group entry if successful; if the end of database is reached or an error occurs a null pointer is returned. The functions endgrent() and setgrent() have no return value. ERRORS [ENOENT] -- the netinfo.device could not be opened. Other netinfo.device IO errors can be retrieved by ug_GetErr(). FILES AmiTCP:db/group The group database file SEE ALSO getpwnam(), netinfo.device/group HISTORY The functions getgrgid(), getgrnam(), getgrent(), setgrent() and endgrent() appeared in Version 7 AT&T UNIX. BUGS These functions leave their results in an internal static object and return a pointer to that object. Subsequent calls to the same function will modify the same object. If you need re-entrant operation, you can use directly the netinfo.device commands. COMPATIBILITY The BSD passwd database handling routines setgrfile() and setgroupent() are fairly useless in a networked environment and they are not implemented. usergroup.library/getgroups usergroup.library/getgroups NAME getgroups - get group access list SYNOPSIS len = getgroups(gidsetlen, gidset[]) D0 D0 A0 int getgroups(int, gid_t *); FUNCTION Getgroups() gets the current group access list of the user process and stores it in the array gidset. The parameter gidsetlen indicates the number of entries that may be placed in gidset. The function getgroups() returns the actual number of groups returned in gidset. No more than NGROUPS, as defined in <libraries/usergroup.h>, will ever be returned. RESULT A successful call returns the number of groups in the group set. A value of -1 indicates that the argument gidsetlen is smaller than the number of groups in the group set. ERRORS [EINVAL] The argument gidsetlen is smaller than the number of groups in the group set. [EFAULT] The argument gidset specifies an invalid address. SEE ALSO setgroups(), initgroups(), getgid(), getegid() HISTORY The getgroups function call appeared in 4.2BSD. usergroup.library/getlastlog usergroup.library/getlastlog NAME getlastlog - get lastlog database entry SYNOPSIS #include <utmp.h> lastlog = getlastlog(uid) D0 D0 struct lastlog *getlastlog(uid_t); FUNCTION The getlastlog() function search the lastlog database for the given user id. There should be an lastlog entry for each user. A lastlog entry with ll_time being zero means that user has never logged in this system. The entry returned by getlastlog is defined by the structure lastlog found in the include file <utmp.h>: struct lastlog { long ll_time; /* the login time */ uid_t ll_uid; /* user ID */ char ll_name[UT_NAMESIZE]; /* the login name */ char ll_line[UT_LINESIZE]; /* the name of login device */ char ll_host[UT_HOSTSIZE]; /* where the login originated */ }; RESULTS The function getlastlog() returns a pointer to the lastlog entry if successful; if an error occurs a null pointer is returned. ERRORS [ENOENT] -- no lastlog entry was found [EINVAL] -- the user ID was illegal SEE ALSO setlastlog() BUGS The getlastlog() function leaves its result in an internal static object and return a pointer to that object. Subsequent calls to the same function will modify the same object. Current implementation stores only the lastlog data of the latest user logged in. usergroup.library/getlogin usergroup.library/getlogin NAME getlogin - get login name SYNOPSIS name = getlogin() D0 char *getlogin(void) FUNCTION The getlogin() routine returns the login name of the user associated with the current session, as previously set by setlogin(). The name is normally associated with a console at the time a session is created, and is inherited by all processes descended from the login process. (This is true even if some of those processes assume another user ID, for example when su is used.) INPUTS RESULT name - pointer to login name SEE ALSO setlogin() usergroup.library/getpass usergroup.library/getpass NAME getpass - get a password SYNOPSIS password = getpass(prompt) D0 A1 char *getpass(const char *); FUNCTION The getpass() function displays a prompt to, and reads in a password from "CONSOLE:". If this device is not accessible, getpass() displays the prompt on the standard error output and reads from the standard input. The password may be up to _PASSWORD_LEN (currently 128) characters in length. Any additional characters and the terminating newline character are discarded. Getpass turns off character echoing while reading the password. RESULT password - a pointer to the null terminated password FILES Special device "CONSOLE:" SEE ALSO crypt() HISTORY A getpass function appeared in Version 7 AT&T UNIX. BUGS The getpass function leaves its result in an internal static object and returns a pointer to that object. Subsequent calls to getpass will modify the same object. The calling program should zero the password as soon as possible to avoid leaving the cleartext password visible in the memory. usergroup.library/getpwent usergroup.library/getpwent NAME getpwent, getpwnam, getpwuid, setpwent, endpwent - password database operations SYNOPSIS #include <pwd.h> pw = getpwuid(uid) D0 D0 struct passwd *getpwuid(uid_t); pw = getpwnam(name) D0 A1 struct passwd *getpwnam(const char *); pw = getpwent() D0 struct passwd *getpwent(void); setpwent() void setpwent(void); endpwent() void endpwent(void); FUNCTION These functions operate on the user database via netinfo.device interface. They provide convenient unix-compatible interface to the password unit of the netinfo.device. The local password database is stored in the file AmiTCP:db/passwd, its format is described in netinfo.device/passwd. The entry returned by each reading function is defined by the structure passwd found in the include file <pwd.h>: struct passwd { char *pw_name; /* Username */ char *pw_passwd; /* Encrypted password */ pid_t pw_uid; /* User ID */ gid_t pw_gid; /* Group ID */ char *pw_gecos; /* Real name etc */ char *pw_dir; /* Home directory */ char *pw_shell; /* Shell */ }; The functions getpwnam() and getpwuid() search the password database for the given login name or user uid, respectively, always returning the first one encountered. The getpwent() function sequentially reads the password database and is intended for programs that wish to process the complete list of users. All three routines will open the password unit of netinfo.device for reading, if necesssary. The setpwent() function opens the password unit of netinfo.device. The endpwent() function closes the password unit of netinfo.device. It is recommended to call endpwent() if the program won't access password database any more. RESULTS The functions getpwent(), getpwnam() and getpwuid() return a valid pointer to a passwd structure on success and a null pointer if end of database is reached or an error occurs. The functions endpwent() and setpwent() have no return value. ERRORS [ENOENT] -- the netinfo.device could not be opened. Other netinfo.device IO errors can be retrieved by ug_GetErr(). FILES AmiTCP:db/passwd The password database file SEE ALSO getgrent(), netinfo.device/passwd HISTORY The functions getpwent(), getpwnam(), getpwuid(), setpwent() and endpwent() functions appeared in Version 7 AT&T UNIX. BUGS These functions leave their results in an internal static object and return a pointer to that object. Subsequent calls to these function will modify the same object. If you need re-entrant operation, you should use directly the netinfo.device. COMPATIBILITY The BSD passwd database handling routines setpwfile() and setpassent() are fairly useless in a networked environment and they are not implemented. usergroup.library/getspgrp usergroup.library/getspgrp NAME getpgrp - get process group identification SYNOPSIS #include <libraries/usergroup.h> sessionid = getpgrp() D0 pid_t getpgrp(void); FUNCTION The getpgrp() function returns the process group id for the current process. Currently, the process group ID is the same as the session ID. The 0 is valid process group ID for console session. RESULTS Upon successful completion, the value of the process group ID is returned. Otherwise, a value of -1 is returned and an error code is stored to global errno location. ERRORS [ESRCH] The calling process don't belong to any process group. SEE ALSO setsid(), exec.library/FindTask() usergroup.library/getuid usergroup.library/getuid NAME getuid, geteuid - get user process identification getgid, getegid - get group process identification SYNOPSIS ruid = getuid() D0 uid_t getuid(void); euid = geteuid() D0 uid_t geteuid(void); rgid = getgid() D0 gid_t getgid(void); egid = getegid() D0 gid_t getegid(void); FUNCTION The getuid() function returns the real user ID of the calling process, geteuid() returns the effective user ID of the calling process. The getgid() function returns the real group ID of the calling process, getegid() returns the effective group ID of the calling process. The real user ID and real group ID is specified at login time. The real ID is the ID of the user who invoked the program. As the effective user and gourp ID gives the process additional permissions during the execution of `set-user-ID' or `set-group-ID' mode programs, functions getgid() and getuid () are used to determine the real-ids of the calling process. RESULT The getuid(), geteuid(), getgid(), and getegid() functions are always successful, and no return value is reserved to indicate an error. NOTES Any task can call these functions SEE ALSO getgroups(), setuid(), setreuid(), setgid(), setregid(), setgroups() usergroup.library/getumask usergroup.library/getumask NAME getumask - get file creation mode mask SYNOPSIS #include <sys/stat.h> oldmask = getumask() D0 mode_t getumask(void); FUNCTION The getumask() routine sets the process's file mode creation mask to numask and returns the previous value of the mask. The 9 low-order access permission bits of numask are used by Unix-compatible filesystems, for examble by NFS, to turn off corresponding bits requested in file mode. RESULT The value of the file mode mask is returned by the call. ERRORS The getumask() function is always successful. SEE ALSO umask() usergroup.library/getutent usergroup.library/getutent NAME getutsid, getutent, setutent, endutent - utmp database operations SYNOPSIS #include <utmp.h> utmpent = getutsid(sid) D0 D0 struct utmp *getutsid(long); utmpent = getutent() D0 struct utmp *getutent(void); setutent() void setutent(void); endutent() void endutent(void); FUNCTION These functions operate on the utmp database. There is an utmp entry for each active session. A session is started with login command and finished with logout command. The entry returned by each reading function is defined by the structure utmp found in the include file <utmp.h>: struct utmp { long ut_time; /* the login time */ long ut_sid; /* session ID */ char ut_name[UT_NAMESIZE]; /* the login name */ char ut_line[UT_LINESIZE]; /* the name of login device */ char ut_host[UT_HOSTSIZE]; /* where the login originated */ }; The getutsid() function search the utmp database for the given session id, returning the first one encountered. The getutent() function sequentially reads the utmp database. Both functions also open the utmp database, if necessary. The setutent() function opens the utmp database. The endutent() function closes the utmp database. It is recommended to call endutent() if the program won't access utmp database any more. RESULTS The functions getutsid() and getutent() return a pointer to the utmp entry if successful; if the end of database is reached or an error occurs a null pointer is returned. The functions endutent() and setutent() have no return value. ERRORS [ENOENT] -- no utmp entries were available. SEE ALSO BUGS The getutent() and getutsid() function leave their result in an internal static object and return a pointer to that object. Subsequent calls to the same function will modify the same object. Current implementation allows only one user to be logged in concurrently. usergroup.library/initgroups usergroup.library/initgroups NAME initgroups - initialize group access list SYNOPSIS error = initgroups(name, basegid) D0 A0 D0 int initgroups(const char *, gid_t); FUNCTION The initgroups() function reads through the group file and sets up, the group access list for the user specified in name. The basegid is automatically included in the groups list. Typically this value is given as the group number from the password file. RESULT The initgroups() function returns -1 if the process has got no necessary privileges, zero if the call is succesful. FILES AmiTCP:db/group SEE ALSO setgroups() HISTORY The initgroups function appeared in 4.2BSD. usergroup.library/MU2UG usergroup.library/MU2UG NAME MU2ID - macro converting MultiUser id to usergroup id ID2MU - macro converting usergroup id to MultiUser id SYNOPSIS ug_id = MU2ID(mu_id) mu_id = ID2MU(ug_id) FUNCTION These macros are used to convert between different user ID formats. The mu_id is in the format used by MultiUser filesystem and multiuser.library. The ug_id is the format used by Unix and usergroup.library. Most of the id values are identical in usergroup.library and multiuser.library. However, these two exceptions have values as follows: usergroup.library multiuser.library super-user 0 65535 nobody -2 0 INPUTS AND RESULTS mu_id - user ID in MultiUser format. ug_id - user ID in usergroup format. BUGS The usergroup id values that won't fit into UWORD are truncated. SEE ALSO usergroup.library/setgroups usergroup.library/setgroups NAME setgroups - set group access list SYNOPSIS success = setgroups(ngroups, gidset) D0 D0 A0 int setgroups(int, const gid_t *); FUNCTION Setgroups() sets the group access list of the current user process according to the array gidset. The parameter ngroups indicates the number of entries in the array and must be no more than NGROUPS, as defined in <libraries/usergroup.h>. Only the super-user may set new groups. The super-user can not set illegal groups (-1). RESULT A 0 value is returned on success, -1 on error, with an error code stored in errno and available with ug_GetErr() function. ERRORS [EINVAL] An illegal group id was specified. [EPERM] The caller has got no necessary privileges. [EFAULT] The address specified for gidset is illegal. NOTES Any task can call this function. SEE ALSO getgroups(), initgroups() usergroup.library/setlastlog usergroup.library/setlastlog NAME setlastlog - login an user SYNOPSIS #include <utmp.h> lastlogin = setlastlog(uid, name, console, host) struct lastlog setlastlog(uid_t, char *, char *, char *); FUNCTION The setlastlog function is used to register user logging in. Each time a user is logging in, the function setlastlog() should be called to register that event. INPUTS uid -- the uid of user logging in name -- the user login name console -- the console handler name (from ug_GetConsole()) host -- the host which the user is logging in from RESULTS The setlastlog() function returns an success indicator, 0 if the call was successful, -1 otherwise. The error code is set if an error occurs. ERRORS The setlastlog() can have following error codes: [EFAULT] -- the utmp entry cannot be accessed [ENOMEM] -- the memory has been exhausted [ENOENT] -- cannot access utmp database BUGS Current implementation stores only the lastlog data of the latest user logged in. FILES SEE ALSO getutent(), getlastlog() usergroup.library/setlogin usergroup.library/setlogin NAME setlogin - set login name SYNOPSIS success = setlogin(name) D0 A1 int setlogin(const char *); FUNCTION The function setlogin() sets the login name of the user associated with the current session to name. This call is restricted to the super-user, and is normally used only when a new session is being created on behalf of the named user (for example, at login time, or when a remote shell is invoked). INPUTS name - Buffer to hold login name RESULT If a call to setlogin() succeeds, a value of 0 is returned. If setlogin() fails, a value of -1 is returned and an error code is placed into global errno location. ERRORS [EPERM] - The caller has got no necessary privileges. [EFAULT] - The name parameter gave an invalid address. [EINVAL] - The name parameter pointed to a string that was too long. Login names are limited to MAXLOGNAME (from <sys/param.h>) characters, currently 16. BUGS SEE ALSO getlogin() usergroup.library/setsid usergroup.library/setsid NAME setsid - create a new session SYNOPSIS #include <unistd.h> sessionid = setsid() D0 pid_t setsid(void); FUNCTION The setsid() function creates a new session when the calling process is not a process group leader. The calling process then becomes the session leader of this session and the only process in the new session. RESULTS Upon successful completion, the value of the new session ID is returned. Otherwise, a value of -1 is returned and an error code is stored to global errno location. ERRORS [EPERM] The calling process is already a session leader. SEE ALSO getpgrp() usergroup.library/setuid usergroup.library/setuid NAME setuid, setreuid - set real and effective user ID's setgid, setregid - set real and effective group ID's SYNOPSIS success = setuid(uid) D0 D0 int setuid(uid_t); success = setreuid(ruid, euid); D0 D0 D1 int setreuid(uid_t, uid_t); success = setgid(gid) D0 D0 int setgid(gid_t); success = setregid(ruid, euid) D0 D0 D1 int setregid(gid_t ruid, gid_t euid); FUNCTION The real and effective ID's of the current process are set according to the arguments. If ruid or euid is -1, the current uid is filled in by the system. Unprivileged users may change the real ID to the effective ID and vice-versa; only the super-user may make other changes. RETURN VALUES Upon successful completion, a value of 0 is returned. Otherwise, a value of -1 is returned and errno is set to indicate the error. ERRORS [EPERM] The current process is not the super-user and a change other than changing the effective id to the real id was specified. SEE ALSO getuid(), getgid(), geteuid(), getegid() NOTES Any task can call these functions. HISTORY A setuid() and setgid() function calls appeared in Version 6 AT&T UNIX. The setreuid() and setregid() function calls appeared in 4.2BSD. usergroup.library/ug_GetConsoleName usergroup.library/ug_GetConsoleName NAME ug_GetConsoleName --- Get Console Identifier SYNOPSIS name = ug_GetConsoleName(fh, buffer, size) D0 D0 A0 D1 UBYTE * ug_GetConsoleName(BPTR, UBYTE *, ULONG) FUNCTION Get a unique printable identifier for the interactive filehandle. This identifier is usually the task name of handler concatenated with message port address. INPUTS fh - An interactive filehandle buffer - Buffer to hold console identifier size - Number of bytes in buffer. RESULT name - If call is successful, pointer to buffer. NULL if error. BUGS May not get the proprer console name for all different console handlers. SEE ALSO dos.library/GetConsoleTask() usergroup.library/ug_GetErr usergroup.library/ug_GetErr NAME ug_GetErr - get current error code SYNOPSIS error = ug_GetErr(void) D0 int ug_GetErr(void) FUNCTION Most usergroup.library functions return -1 to indicate an error. When this happens (or whatever the defined error return for the routine) this routine may be called to determine more information. The default startup function will redirect the error codes also into the global variable `errno'. Note: there is no guarantee as to the value returned from ug_GetErr() after a successful operation. RESULTS error - error code SEE ALSO ug_StrError(), ug_SetupContextTags(), dos.library/IoErr() usergroup.library/ug_GetSalt usergroup.library/ug_GetSalt NAME ug_GetSalt - generate password encryption setting for an user SYNOPSIS setting = ug_GetSalt(passwd, buffer, size); D0 A0 A1 D0 UBYTE *ug_GetSalt(const struct passwd *, UBYTE *, ULONG); FUNCTION This function generates a setting parameter, which is used to configure the password encryption process. If an old entry exists, the new salt depends on it. The particular salt format depends on the system security level. INPUTS passwd - the old passwd entry for the user, or NULL if there is none. buffer - address of character array, which the new salt is stored in. size - the number of bytes in the buffer. The buffer should be at least 12 bytes long. RETURN VALUE Pointer to the buffer, or NULL if the buffer is too small. NOTE By default the Version 7 UNIX compatible setting is generated. SEE ALSO crypt() usergroup.library/ug_OnConsole usergroup.library/ug_OnConsole NAME ug_OnConsole - check whether session is on local console SYNOPSIS result = ug_OnConsole(void) D0 BOOL ug_OnConsole(void) FUNCTION Check if the user is logged on local console. RESULT result - 1 if the user is on console, 0 otherwise. BUGS Currently checking is done depending on the process window pointer. SEE ALSO usergroup.library/ug_SetupContextTags usergroup.library/ug_SetupContextTags NAME ug_SetupContextTagList - Set up the caller context ug_SetupContextTags - varargs stub for ug_SetupContextTagList SYNOPSIS success = ug_SetupContextTagList(taglist) D0 A1 ULONG ug_SetupContextTagList(struct TagItem *); success = ug_SetupContextTags(...) ULONG ug_SetupContextTags(LONG tag, ...); FUNCTION The function ug_SetupContextTags() will prepare the library caller context. INPUTS taglist - pointer to taglist Currently, there are defined tags as follows: UGT_ERRNOPTR - gives the pointer to the errno variable. The error variable is redirected to the scope of the task. If the pointer is NULL, no redirection is done anymore. UGT_ERRNOSIZE - specifies the size of the errno variable. Legal values are 1, 2 and 4. The UGT_ERRNOSIZE must be given with same call if the UGT_ERRNOPTR is given a non-NULL value. UGT_INTRMASK - specifies the interrupt signal mask. All blocking library calls will be interrrupted when a signal in the break mask is received. The signals in the `mask' are not cleared when a library call is interrupted. The signals in INTRMASK should be allocated in the context of the owning task. UGT_OWNER - changes the owner of this library instance. The UGT_OWNET tagData must be a valid task pointer or NULL. If the pointer is NULL, the library will have no owner and any task can become owner by calling ug_SetupContextTagList(UGT_OWNER, FindTask(NULL), TAG_END) ; Most of the library calls are allowed only for the owner of library. Only the owner can CloseLibrary() this library. RESULT If the call is successfull, value of 0 is returned. Otherwise the value -1 is returned. Old context is cleared, if an error occurs. The error code can be retrieved with function ug_GetErr(). ERRORS [EINVAL] An illegal input value was specified. BUGS Strange and unusual things will happen if the signal allocated for the use of the library is included in the mask. SEE ALSO ug_GetErr(), --background-- usergroup.library/ug_StrError usergroup.library/ug_StrError NAME ug_StrError - Return the text associated with error code SYNOPSIS text = ug_StrError(code) D0 D1 const char *ug_StrError(LONG); FUNCTION The strerror() function maps the error number specified by the errnum parameter to a language-dependent error message string, and returns a pointer to the string. The string pointed to by the return value should not be modified by the program, but may be overwritten by a subsequent call to this function. INPUTS code - error code returned by ug_GetErr() function. RESULT text - text associated with the error code. NOTES The current implementation will understands also the negative IO error codes. BUGS Currently only language available is English. SEE ALSO ug_GetErr() usergroup.library/umask usergroup.library/umask NAME umask - set file creation mode mask SYNOPSIS #include <sys/stat.h> oldmask = umask(newmask) D0 D0 mode_t umask(mode_t); FUNCTION The umask() routine sets the process's file mode creation mask to numask and returns the previous value of the mask. The 9 low-order access permission bits of numask are used by Unix-compatible filesystems, for examble by NFS, to turn off corresponding bits requested in file mode. This clearing allows each user to restrict the default access to his files. The default mask value is 022 (write access for owner only). Child processes should inherit the mask of the calling process. RESULT The previous value of the file mode mask is returned by the call. ERRORS The umask() function is always successful. SEE ALSO getumask()