File: v1client.html

package info (click to toggle)
cvm 0.97-0.1
  • links: PTS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 1,036 kB
  • sloc: ansic: 4,065; sh: 2,758; makefile: 235; sql: 15
file content (109 lines) | stat: -rw-r--r-- 4,637 bytes parent folder | download | duplicates (5)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
<html>
<body>

<h2><a href="cvm.html">CVM</a></h2>

<h1>CVM Version 1 Client Library</h1>

<p>The CVM version 1 client library defines the following functions:</p>

<dl>

<dt><tt>int cvm_client_authenticate(const char* module, const char*
account, const char* domain, const char** credentials, int
parse_account)</tt> <dd><p>This is the main entry point to the library.
Simply set up the credentials as an array with a trailing NULL pointer
and call <tt>authenticate</tt>.  If the <tt>domain</tt> parameter is a
NULL pointer, it will be treated as an empty string; no other parameter
may be NULL.  The function will return 0 if authentication succeeded and
an <a href="errors.html">error code</a> otherwise.</p>

<p>If <tt>parse_account</tt> is true then <tt>account</tt> is searched
for the last instance of any character from
<tt>cvm_client_account_split_chars</tt>.  If found, <tt>domain</tt> is
replaced with the portion of <tt>account</tt> following that character,
and <tt>account</tt> is truncated before that character.
<tt>cvm_client_account_split_chars</tt> defaults to "<tt>@</tt>", which
may be overridden by either setting it to a different string from the
client program or by setting the <tt>$CVM_ACCOUNT_SPLIT_CHARS</tt>
environment variable.  Setting it to an empty string will effectively
prevent parsing of the account name, no matter what
<tt>parse_account</tt> may be set to.</p>

<p>If authentication succeeds, this routine automatically retrieves
<tt>cvm_fact_username</tt>, <tt>cvm_fact_userid</tt>,
<tt>cvm_fact_groupid</tt>, <tt>cvm_fact_directory</tt>, and
<tt>cvm_fact_shell</tt>.  <tt>cvm_fact_realname</tt>,
<tt>cvm_fact_groupname</tt>, <tt>cvm_fact_sys_username</tt>,
<tt>cvm_fact_sys_directory</tt>, and <tt>cvm_fact_domain</tt> are also
set if they were present in the results.</p>

<p>The client should change directory to the named home directory and
drop root priviledges as soon as possible after successful
authentication.  Where reasonable, the client should also chroot to
the directory for added protection.</p>

<dt><tt>int cvm_client_fact_str(unsigned number, const char** data)</tt>
<dd><p>Retrieves a <a href="facts.html">fact</a> from the data returned
by the module as a NUL-terminated string.  Returns zero if the fact was
present, and <tt>CVME_NOFACT</tt> otherwise.  Successive calls to this
function with the same <tt>number</tt> return subsequent facts if more
than one instance of the fact was present.</p>

<dt><tt>int cvm_client_fact_uint(unsigned number, unsigned long*
data)</tt> <dd><p>Retrieves a <a href="facts.html">fact</a> from the
data returned by the module as an unsigned integer.  Returns zero if the
fact was present and was an unsigned integer.  Returns
<tt>CVME_BAD_MODDATA</tt> if the fact was present but was not an
unsigned integer.  Successive calls to this function with the same
<tt>number</tt> return subsequent facts if more than one instance of the
fact was present.</p>

<dt><tt>const char* cvm_client_ucspi_domain(void)</tt> <dd><p>Retrieves
the UCSPI local domain from the environment variable named
<tt>${PROTO}LOCALHOST</tt>.  Use this as the <tt>domain</tt> paramenter
to <tt>cvm_authenticate</tt> in all UCSPI servers that have no other
means of determining the domain name.</p>

<dt><tt>int cvm_client_setenv(void)</tt> <dd><p>Exports the following
environment variables based on their associated CVM fact.  If the fact
was optional and was not present in the results from the module, the
environment variable will not be set or unset.</p>

<table border=1>

<tr> <th>Variable</th> <th>CVM Fact</th> </tr>

<tr> <td><tt>USER</tt></td> <td><tt>CVM_FACT_USERNAME</tt></td> </tr>

<tr> <td><tt>UID</tt></td> <td><tt>CVM_FACT_USERID</tt></td> </tr>

<tr> <td><tt>GID</tt></td> <td><tt>CVM_FACT_GROUPID</tt></td> </tr>

<tr> <td><tt>NAME</tt></td> <td><tt>CVM_FACT_REALNAME</tt></td> </tr>

<tr> <td><tt>HOME</tt></td> <td><tt>CVM_FACT_DIRECTORY</tt></td> </tr>

<tr> <td><tt>SHELL</tt></td> <td><tt>CVM_FACT_SHELL</tt></td> </tr>

<tr> <td><tt>GROUP</tt></td> <td><tt>CVM_FACT_GROUPNAME</tt></td> </tr>

<tr> <td><tt>DOMAIN</tt></td> <td><tt>CVM_FACT_DOMAIN</tt></td> </tr>

<tr> <td><tt>MAIL</tt></td> <td><tt>CVM_FACT_MAILBOX</tt></td> </tr>

<tr> <td><tt>MAILBOX</tt></td> <td><tt>CVM_FACT_MAILBOX</tt></td> </tr>

<tr> <td><tt>MAILDIR</tt></td> <td><tt>CVM_FACT_MAILBOX</tt></td> </tr>

</table>

<dt><tt>int cvm_client_setugid(void)</tt> <dd><p>Calls <tt>chdir</tt>,
<tt>setgid</tt> and <tt>setuid</tt> with appropriate values based on the
data returned from the authentication.  Returns zero if any of the calls
failed.</p>

</dl>

</body>
</html>