Main index | Section 3 | Options |
#include <libcasper.h>
#include <casper/cap_pwd.h>
The cap_pwd_limit_cmds() function limits the functions allowed in the service. The cmds variable can be set to getpwent, getpwnam, getpwuid, getpwent_r, getpwnam_r, getpwuid_r, setpassent, setpwent, or endpwent which will allow to use the function associated with the name. The ncmds variable contains the number of cmds provided.
The cap_pwd_limit_fields() function allows limit fields returned in the structure passwd. The fields variable can be set to pw_name, pw_passwd, pw_uid, pw_gid, pw_change, pw_class, pw_gecos, pw_dir, pw_shell, pw_expire or pw_fields The field which was set as the limit will be returned, while the rest of the values not set this way will have default values. The nfields variable contains the number of fields provided.
The cap_pwd_limit_users() function allows to limit access to users. The names variable allows to limit users by name and the uids variable by the user number. The nnames and nuids variables provide numbers of limited names and uids.
cap_channel_t *capcas, *cappwd; const char *cmds[] = { "getpwuid" }; const char *fields[] = { "pw_name" }; uid_t uid[] = { 1 }; struct passwd *passwd;/* Open capability to Casper. */ capcas = cap_init(); if (capcas == NULL) err(1, "Unable to contact Casper");
/* Enter capability mode sandbox. */ if (cap_enter() < 0 && errno != ENOSYS) err(1, "Unable to enter capability mode");
/* Use Casper capability to create capability to the system.pwd service. */ cappwd = cap_service_open(capcas, "system.pwd"); if (cappwd == NULL) err(1, "Unable to open system.pwd service");
/* Close Casper capability, we don't need it anymore. */ cap_close(capcas);
/* Limit service to one single function. */ if (cap_pwd_limit_cmds(cappwd, cmds, nitems(cmds))) err(1, "Unable to limit access to system.pwd service");
/* Limit service to one field as we only need name of the user. */ if (cap_pwd_limit_fields(cappwd, fields, nitems(fields))) err(1, "Unable to limit access to system.pwd service");
/* Limit service to one uid. */ if (cap_pwd_limit_users(cappwd, NULL, 0, uid, nitems(uid))) err(1, "Unable to limit access to system.pwd service");
passwd = cap_getpwuid(cappwd, uid[0]); if (passwd == NULL) err(1, "Unable to get name of user");
printf("UID %d is associated with name %s. , uid[0], passwd->pw_name);
cap_close(cappwd);
This manual page was written by Mariusz Zaborski <Mt oshogbo@FreeBSD.org>.
CAP_PWD (3) | May 5, 2020 |
Main index | Section 3 | Options |
Please direct any comments about this manual page service to Ben Bullock. Privacy policy.
“ | I have a natural revulsion to any operating system that shows so little planning as to have to named all of its commands after digestive noises (awk, grep, fsck, nroff). | ” |