125658Sdavidn/*- 225658Sdavidn * Copyright (c) 1996 by 325658Sdavidn * Sean Eric Fagan <sef@kithrup.com> 425658Sdavidn * David Nugent <davidn@blaze.net.au> 525658Sdavidn * All rights reserved. 625658Sdavidn * 725658Sdavidn * Redistribution and use in source and binary forms, with or without 825658Sdavidn * modification, is permitted provided that the following conditions 925658Sdavidn * are met: 1025658Sdavidn * 1. Redistributions of source code must retain the above copyright 1125658Sdavidn * notice immediately at the beginning of the file, without modification, 1225658Sdavidn * this list of conditions, and the following disclaimer. 1325658Sdavidn * 2. Redistributions in binary form must reproduce the above copyright 1425658Sdavidn * notice, this list of conditions and the following disclaimer in the 1525658Sdavidn * documentation and/or other materials provided with the distribution. 1625658Sdavidn * 3. This work was done expressly for inclusion into FreeBSD. Other use 1725658Sdavidn * is permitted provided this notation is included. 1825658Sdavidn * 4. Absolutely no warranty of function or purpose is made by the authors. 1925658Sdavidn * 5. Modifications may be freely made to this file providing the above 2025658Sdavidn * conditions are met. 2125658Sdavidn * 2225658Sdavidn * Low-level routines relating to the user capabilities database 2325658Sdavidn * 2425658Sdavidn * Was login_cap.h,v 1.9 1997/05/07 20:00:01 eivind Exp 2550476Speter * $FreeBSD$ 2625658Sdavidn */ 2725658Sdavidn 2825658Sdavidn#ifndef _LOGIN_CAP_H_ 2925658Sdavidn#define _LOGIN_CAP_H_ 3025658Sdavidn 3125658Sdavidn#define LOGIN_DEFCLASS "default" 3225670Sdavidn#define LOGIN_DEFROOTCLASS "root" 3325670Sdavidn#define LOGIN_MECLASS "me" 3425658Sdavidn#define LOGIN_DEFSTYLE "passwd" 3525658Sdavidn#define LOGIN_DEFSERVICE "login" 36101658Srwatson#define LOGIN_DEFUMASK 022 3725658Sdavidn#define LOGIN_DEFPRI 0 3825658Sdavidn#define _PATH_LOGIN_CONF "/etc/login.conf" 3925658Sdavidn#define _FILE_LOGIN_CONF ".login_conf" 4025658Sdavidn#define _PATH_AUTHPROG "/usr/libexec/login_" 4125658Sdavidn 4225670Sdavidn#define LOGIN_SETGROUP 0x0001 /* set group */ 4325670Sdavidn#define LOGIN_SETLOGIN 0x0002 /* set login (via setlogin) */ 4425670Sdavidn#define LOGIN_SETPATH 0x0004 /* set path */ 4525670Sdavidn#define LOGIN_SETPRIORITY 0x0008 /* set priority */ 4625670Sdavidn#define LOGIN_SETRESOURCES 0x0010 /* set resources (cputime, etc.) */ 4725670Sdavidn#define LOGIN_SETUMASK 0x0020 /* set umask, obviously */ 4825670Sdavidn#define LOGIN_SETUSER 0x0040 /* set user (via setuid) */ 4925670Sdavidn#define LOGIN_SETENV 0x0080 /* set user environment */ 50101959Srwatson#define LOGIN_SETMAC 0x0100 /* set user default MAC label */ 51180815Sbrooks#define LOGIN_SETCPUMASK 0x0200 /* set user cpumask */ 52219304Strasz#define LOGIN_SETLOGINCLASS 0x0400 /* set login class in the kernel */ 53219304Strasz#define LOGIN_SETALL 0x07ff /* set everything */ 5425658Sdavidn 5525670Sdavidn#define BI_AUTH "authorize" /* accepted authentication */ 5625670Sdavidn#define BI_REJECT "reject" /* rejected authentication */ 5725670Sdavidn#define BI_CHALLENG "reject challenge" /* reject with a challenge */ 5825670Sdavidn#define BI_SILENT "reject silent" /* reject silently */ 5925670Sdavidn#define BI_REMOVE "remove" /* remove file on error */ 6025670Sdavidn#define BI_ROOTOKAY "authorize root" /* root authenticated */ 6125670Sdavidn#define BI_SECURE "authorize secure" /* okay on non-secure line */ 6225670Sdavidn#define BI_SETENV "setenv" /* set environment variable */ 6325670Sdavidn#define BI_VALUE "value" /* set local variable */ 6425658Sdavidn 6525670Sdavidn#define AUTH_OKAY 0x01 /* user authenticated */ 6625670Sdavidn#define AUTH_ROOTOKAY 0x02 /* root login okay */ 6725670Sdavidn#define AUTH_SECURE 0x04 /* secure login */ 6825670Sdavidn#define AUTH_SILENT 0x08 /* silent rejection */ 6925670Sdavidn#define AUTH_CHALLENGE 0x10 /* a chellenge was given */ 7025658Sdavidn 71101658Srwatson#define AUTH_ALLOW (AUTH_OKAY | AUTH_ROOTOKAY | AUTH_SECURE) 7225670Sdavidn 7325658Sdavidntypedef struct login_cap { 7425670Sdavidn char *lc_class; 7525670Sdavidn char *lc_cap; 7625670Sdavidn char *lc_style; 7725658Sdavidn} login_cap_t; 7825658Sdavidn 7925658Sdavidntypedef struct login_time { 8025670Sdavidn u_short lt_start; /* Start time */ 8125670Sdavidn u_short lt_end; /* End time */ 8225670Sdavidn#define LTM_NONE 0x00 8325670Sdavidn#define LTM_SUN 0x01 8425670Sdavidn#define LTM_MON 0x02 85184083Sdes#define LTM_TUE 0x04 8625670Sdavidn#define LTM_WED 0x08 8725670Sdavidn#define LTM_THU 0x10 8825670Sdavidn#define LTM_FRI 0x20 8925670Sdavidn#define LTM_SAT 0x40 9025670Sdavidn#define LTM_ANY 0x7F 9125670Sdavidn#define LTM_WK 0x3E 9225670Sdavidn#define LTM_WD 0x41 9325670Sdavidn u_char lt_dow; /* Days of week */ 9425658Sdavidn} login_time_t; 9525670Sdavidn 9625658Sdavidn#define LC_MAXTIMES 64 9725658Sdavidn 9825658Sdavidn#include <sys/cdefs.h> 9925658Sdavidn__BEGIN_DECLS 10025658Sdavidnstruct passwd; 10125658Sdavidn 10292917Sobrienvoid login_close(login_cap_t *); 10392917Sobrienlogin_cap_t *login_getclassbyname(const char *, const struct passwd *); 10492917Sobrienlogin_cap_t *login_getclass(const char *); 10592917Sobrienlogin_cap_t *login_getpwclass(const struct passwd *); 10692917Sobrienlogin_cap_t *login_getuserclass(const struct passwd *); 10725658Sdavidn 108184083Sdesconst char *login_getcapstr(login_cap_t *, const char *, const char *, 109184083Sdes const char *); 110121193Smarkmconst char **login_getcaplist(login_cap_t *, const char *, const char *); 11194202Sruconst char *login_getstyle(login_cap_t *, const char *, const char *); 11292917Sobrienrlim_t login_getcaptime(login_cap_t *, const char *, rlim_t, rlim_t); 11392917Sobrienrlim_t login_getcapnum(login_cap_t *, const char *, rlim_t, rlim_t); 11492917Sobrienrlim_t login_getcapsize(login_cap_t *, const char *, rlim_t, rlim_t); 11594202Sruconst char *login_getpath(login_cap_t *, const char *, const char *); 11692917Sobrienint login_getcapbool(login_cap_t *, const char *, int); 11792917Sobrienconst char *login_setcryptfmt(login_cap_t *, const char *, const char *); 11825658Sdavidn 119184083Sdesint setclasscontext(const char *, unsigned int); 120184084Sdesvoid setclasscpumask(login_cap_t *); 121184083Sdesint setusercontext(login_cap_t *, const struct passwd *, uid_t, unsigned int); 12292917Sobrienvoid setclassresources(login_cap_t *); 12392917Sobrienvoid setclassenvironment(login_cap_t *, const struct passwd *, int); 12425658Sdavidn 12525670Sdavidn/* Most of these functions are deprecated */ 126184083Sdesint auth_approve(login_cap_t *, const char *, const char *); 12792917Sobrienint auth_check(const char *, const char *, const char *, const char *, int *); 12892917Sobrienvoid auth_env(void); 129184083Sdeschar *auth_mkvalue(const char *); 130184083Sdesint auth_response(const char *, const char *, const char *, const char *, int *, 131184083Sdes const char *, const char *); 13292917Sobrienvoid auth_rmfiles(void); 13392917Sobrienint auth_scan(int); 134184083Sdesint auth_script(const char *, ...); 13592917Sobrienint auth_script_data(const char *, int, const char *, ...); 13692917Sobrienchar *auth_valud(const char *); 13792917Sobrienint auth_setopt(const char *, const char *); 13892917Sobrienvoid auth_clropts(void); 13925670Sdavidn 140184083Sdesvoid auth_checknologin(login_cap_t *); 141184083Sdesint auth_cat(const char *); 14225658Sdavidn 143184083Sdesint auth_ttyok(login_cap_t *, const char *); 144184083Sdesint auth_hostok(login_cap_t *, const char *, char const *); 145184083Sdesint auth_timeok(login_cap_t *, time_t); 14625658Sdavidn 14725658Sdavidnstruct tm; 14825658Sdavidn 14992917Sobrienlogin_time_t parse_lt(const char *); 150184088Sdesint in_lt(const login_time_t *, time_t *); 15192917Sobrienint in_ltm(const login_time_t *, struct tm *, time_t *); 15292917Sobrienint in_ltms(const login_time_t *, struct tm *, time_t *); 153184088Sdesint in_lts(const login_time_t *, time_t *); 15425658Sdavidn 15525670Sdavidn/* helper functions */ 15625658Sdavidn 157121193Smarkmint login_strinlist(const char **, char const *, int); 158121193Smarkmint login_str2inlist(const char **, const char *, const char *, int); 159184083Sdeslogin_time_t * login_timelist(login_cap_t *, char const *, int *, 160184083Sdes login_time_t **); 16192917Sobrienint login_ttyok(login_cap_t *, const char *, const char *, const char *); 162184083Sdesint login_hostok(login_cap_t *, const char *, const char *, const char *, 163184083Sdes const char *); 16425658Sdavidn 16525658Sdavidn__END_DECLS 16625658Sdavidn 16725658Sdavidn#endif /* _LOGIN_CAP_H_ */ 168