libutil/login_cap.h

   1 /*-
   2  * Copyright (c) 1996 by
   3  * Sean Eric Fagan <sef@kithrup.com>
   4  * David Nugent <davidn@blaze.net.au>
   5  * All rights reserved.
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, is permitted provided that the following conditions
   9  * are met:
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice immediately at the beginning of the file, without modification,
  12  *    this list of conditions, and the following disclaimer.
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  * 3. This work was done expressly for inclusion into FreeBSD.  Other use
  17  *    is permitted provided this notation is included.
  18  * 4. Absolutely no warranty of function or purpose is made by the authors.
  19  * 5. Modifications may be freely made to this file providing the above
  20  *    conditions are met.
  21  *
  22  * Low-level routines relating to the user capabilities database
  23  *
  24  *      Was login_cap.h,v 1.9 1997/05/07 20:00:01 eivind Exp
  25  * $FreeBSD$
  26  */
  27
  28 #ifndef _LOGIN_CAP_H_
  29 #define _LOGIN_CAP_H_
  30
  31 #define LOGIN_DEFCLASS          "default"
  32 #define LOGIN_DEFROOTCLASS      "root"
  33 #define LOGIN_MECLASS           "me"
  34 #define LOGIN_DEFSTYLE          "passwd"
  35 #define LOGIN_DEFSERVICE        "login"
  36 #define LOGIN_DEFUMASK          022
  37 #define LOGIN_DEFPRI            0
  38 #define _PATH_LOGIN_CONF        "/etc/login.conf"
  39 #define _FILE_LOGIN_CONF        ".login_conf"
  40 #define _PATH_AUTHPROG          "/usr/libexec/login_"
  41
  42 #define LOGIN_SETGROUP          0x0001          /* set group */
  43 #define LOGIN_SETLOGIN          0x0002          /* set login (via setlogin) */
  44 #define LOGIN_SETPATH           0x0004          /* set path */
  45 #define LOGIN_SETPRIORITY       0x0008          /* set priority */
  46 #define LOGIN_SETRESOURCES      0x0010          /* set resources (cputime, etc.) */
  47 #define LOGIN_SETUMASK          0x0020          /* set umask, obviously */
  48 #define LOGIN_SETUSER           0x0040          /* set user (via setuid) */
  49 #define LOGIN_SETENV            0x0080          /* set user environment */
  50 #define LOGIN_SETMAC            0x0100          /* set user default MAC label */
  51 #define LOGIN_SETCPUMASK        0x0200          /* set user cpumask */
  52 #define LOGIN_SETALL            0x03ff          /* set everything */
  53
  54 #define BI_AUTH         "authorize"             /* accepted authentication */
  55 #define BI_REJECT       "reject"                /* rejected authentication */
  56 #define BI_CHALLENG     "reject challenge"      /* reject with a challenge */
  57 #define BI_SILENT       "reject silent"         /* reject silently */
  58 #define BI_REMOVE       "remove"                /* remove file on error */
  59 #define BI_ROOTOKAY     "authorize root"        /* root authenticated */
  60 #define BI_SECURE       "authorize secure"      /* okay on non-secure line */
  61 #define BI_SETENV       "setenv"                /* set environment variable */
  62 #define BI_VALUE        "value"                 /* set local variable */
  63
  64 #define AUTH_OKAY               0x01            /* user authenticated */
  65 #define AUTH_ROOTOKAY           0x02            /* root login okay */
  66 #define AUTH_SECURE             0x04            /* secure login */
  67 #define AUTH_SILENT             0x08            /* silent rejection */
  68 #define AUTH_CHALLENGE          0x10            /* a chellenge was given */
  69
  70 #define AUTH_ALLOW              (AUTH_OKAY | AUTH_ROOTOKAY | AUTH_SECURE)
  71
  72 typedef struct login_cap {
  73     char    *lc_class;
  74     char    *lc_cap;
  75     char    *lc_style;
  76 } login_cap_t;
  77
  78 typedef struct login_time {
  79     u_short     lt_start;       /* Start time */
  80     u_short     lt_end;         /* End time */
  81 #define LTM_NONE  0x00
  82 #define LTM_SUN   0x01
  83 #define LTM_MON   0x02
  84 #define LTM_TUE   0x04
  85 #define LTM_WED   0x08
  86 #define LTM_THU   0x10
  87 #define LTM_FRI   0x20
  88 #define LTM_SAT   0x40
  89 #define LTM_ANY   0x7F
  90 #define LTM_WK    0x3E
  91 #define LTM_WD    0x41
  92     u_char       lt_dow;        /* Days of week */
  93 } login_time_t;
  94
  95 #define LC_MAXTIMES 64
  96
  97 #include <sys/cdefs.h>
  98 __BEGIN_DECLS
  99 struct passwd;
 100
 101 void login_close(login_cap_t *);
 102 login_cap_t *login_getclassbyname(const char *, const struct passwd *);
 103 login_cap_t *login_getclass(const char *);
 104 login_cap_t *login_getpwclass(const struct passwd *);
 105 login_cap_t *login_getuserclass(const struct passwd *);
 106
 107 const char *login_getcapstr(login_cap_t *, const char *, const char *,
 108     const char *);
 109 const char **login_getcaplist(login_cap_t *, const char *, const char *);
 110 const char *login_getstyle(login_cap_t *, const char *, const char *);
 111 rlim_t login_getcaptime(login_cap_t *, const char *, rlim_t, rlim_t);
 112 rlim_t login_getcapnum(login_cap_t *, const char *, rlim_t, rlim_t);
 113 rlim_t login_getcapsize(login_cap_t *, const char *, rlim_t, rlim_t);
 114 const char *login_getpath(login_cap_t *, const char *, const char *);
 115 int login_getcapbool(login_cap_t *, const char *, int);
 116 const char *login_setcryptfmt(login_cap_t *, const char *, const char *);
 117
 118 int setclasscontext(const char *, unsigned int);
 119 void setclasscpumask(login_cap_t *);
 120 int setusercontext(login_cap_t *, const struct passwd *, uid_t, unsigned int);
 121 void setclassresources(login_cap_t *);
 122 void setclassenvironment(login_cap_t *, const struct passwd *, int);
 123
 124 /* Most of these functions are deprecated */
 125 int auth_approve(login_cap_t *, const char *, const char *);
 126 int auth_check(const char *, const char *, const char *, const char *, int *);
 127 void auth_env(void);
 128 char *auth_mkvalue(const char *);
 129 int auth_response(const char *, const char *, const char *, const char *, int *,
 130     const char *, const char *);
 131 void auth_rmfiles(void);
 132 int auth_scan(int);
 133 int auth_script(const char *, ...);
 134 int auth_script_data(const char *, int, const char *, ...);
 135 char *auth_valud(const char *);
 136 int auth_setopt(const char *, const char *);
 137 void auth_clropts(void);
 138
 139 void auth_checknologin(login_cap_t *);
 140 int auth_cat(const char *);
 141
 142 int auth_ttyok(login_cap_t *, const char *);
 143 int auth_hostok(login_cap_t *, const char *, char const *);
 144 int auth_timeok(login_cap_t *, time_t);
 145
 146 struct tm;
 147
 148 login_time_t parse_lt(const char *);
 149 int in_lt(const login_time_t *, time_t *);
 150 int in_ltm(const login_time_t *, struct tm *, time_t *);
 151 int in_ltms(const login_time_t *, struct tm *, time_t *);
 152 int in_lts(const login_time_t *, time_t *);
 153
 154 /* helper functions */
 155
 156 int login_strinlist(const char **, char const *, int);
 157 int login_str2inlist(const char **, const char *, const char *, int);
 158 login_time_t * login_timelist(login_cap_t *, char const *, int *,
 159     login_time_t **);
 160 int login_ttyok(login_cap_t *, const char *, const char *, const char *);
 161 int login_hostok(login_cap_t *, const char *, const char *, const char *,
 162     const char *);
 163
 164 __END_DECLS
 165
 166 #endif /* _LOGIN_CAP_H_ */