125658Sdavidn/*-
225658Sdavidn * Copyright (c) 1996 by
325658Sdavidn * Sean Eric Fagan <sef@kithrup.com>
425658Sdavidn * David Nugent <davidn@blaze.net.au>
525658Sdavidn * All rights reserved.
625658Sdavidn *
725658Sdavidn * Redistribution and use in source and binary forms, with or without
825658Sdavidn * modification, is permitted provided that the following conditions
925658Sdavidn * are met:
1025658Sdavidn * 1. Redistributions of source code must retain the above copyright
1125658Sdavidn *    notice immediately at the beginning of the file, without modification,
1225658Sdavidn *    this list of conditions, and the following disclaimer.
1325658Sdavidn * 2. Redistributions in binary form must reproduce the above copyright
1425658Sdavidn *    notice, this list of conditions and the following disclaimer in the
1525658Sdavidn *    documentation and/or other materials provided with the distribution.
1625658Sdavidn * 3. This work was done expressly for inclusion into FreeBSD.  Other use
1725658Sdavidn *    is permitted provided this notation is included.
1825658Sdavidn * 4. Absolutely no warranty of function or purpose is made by the authors.
1925658Sdavidn * 5. Modifications may be freely made to this file providing the above
2025658Sdavidn *    conditions are met.
2125658Sdavidn *
2225658Sdavidn * Low-level routines relating to the user capabilities database
2325658Sdavidn *
2425658Sdavidn *	Was login_cap.h,v 1.9 1997/05/07 20:00:01 eivind Exp
2550476Speter * $FreeBSD$
2625658Sdavidn */
2725658Sdavidn
2825658Sdavidn#ifndef _LOGIN_CAP_H_
2925658Sdavidn#define _LOGIN_CAP_H_
3025658Sdavidn
3125658Sdavidn#define LOGIN_DEFCLASS		"default"
3225670Sdavidn#define LOGIN_DEFROOTCLASS	"root"
3325670Sdavidn#define LOGIN_MECLASS		"me"
3425658Sdavidn#define LOGIN_DEFSTYLE		"passwd"
3525658Sdavidn#define LOGIN_DEFSERVICE	"login"
36101658Srwatson#define LOGIN_DEFUMASK		022
3725658Sdavidn#define LOGIN_DEFPRI		0
3825658Sdavidn#define _PATH_LOGIN_CONF	"/etc/login.conf"
3925658Sdavidn#define _FILE_LOGIN_CONF	".login_conf"
4025658Sdavidn#define _PATH_AUTHPROG		"/usr/libexec/login_"
4125658Sdavidn
4225670Sdavidn#define LOGIN_SETGROUP		0x0001		/* set group */
4325670Sdavidn#define LOGIN_SETLOGIN		0x0002		/* set login (via setlogin) */
4425670Sdavidn#define LOGIN_SETPATH		0x0004		/* set path */
4525670Sdavidn#define LOGIN_SETPRIORITY	0x0008		/* set priority */
4625670Sdavidn#define LOGIN_SETRESOURCES	0x0010		/* set resources (cputime, etc.) */
4725670Sdavidn#define LOGIN_SETUMASK		0x0020		/* set umask, obviously */
4825670Sdavidn#define LOGIN_SETUSER		0x0040		/* set user (via setuid) */
4925670Sdavidn#define LOGIN_SETENV		0x0080		/* set user environment */
50101959Srwatson#define LOGIN_SETMAC		0x0100		/* set user default MAC label */
51180815Sbrooks#define LOGIN_SETCPUMASK	0x0200		/* set user cpumask */
52219304Strasz#define LOGIN_SETLOGINCLASS	0x0400		/* set login class in the kernel */
53219304Strasz#define LOGIN_SETALL		0x07ff		/* set everything */
5425658Sdavidn
5525670Sdavidn#define BI_AUTH		"authorize"		/* accepted authentication */
5625670Sdavidn#define BI_REJECT	"reject"		/* rejected authentication */
5725670Sdavidn#define BI_CHALLENG	"reject challenge"	/* reject with a challenge */
5825670Sdavidn#define BI_SILENT	"reject silent"		/* reject silently */
5925670Sdavidn#define BI_REMOVE	"remove"		/* remove file on error */
6025670Sdavidn#define BI_ROOTOKAY	"authorize root"	/* root authenticated */
6125670Sdavidn#define BI_SECURE	"authorize secure"	/* okay on non-secure line */
6225670Sdavidn#define BI_SETENV	"setenv"		/* set environment variable */
6325670Sdavidn#define BI_VALUE	"value"			/* set local variable */
6425658Sdavidn
6525670Sdavidn#define AUTH_OKAY		0x01		/* user authenticated */
6625670Sdavidn#define AUTH_ROOTOKAY		0x02		/* root login okay */
6725670Sdavidn#define AUTH_SECURE		0x04		/* secure login */
6825670Sdavidn#define AUTH_SILENT		0x08		/* silent rejection */
6925670Sdavidn#define AUTH_CHALLENGE		0x10		/* a chellenge was given */
7025658Sdavidn
71101658Srwatson#define AUTH_ALLOW		(AUTH_OKAY | AUTH_ROOTOKAY | AUTH_SECURE)
7225670Sdavidn
7325658Sdavidntypedef struct login_cap {
7425670Sdavidn    char    *lc_class;
7525670Sdavidn    char    *lc_cap;
7625670Sdavidn    char    *lc_style;
7725658Sdavidn} login_cap_t;
7825658Sdavidn
7925658Sdavidntypedef struct login_time {
8025670Sdavidn    u_short     lt_start;	/* Start time */
8125670Sdavidn    u_short     lt_end;		/* End time */
8225670Sdavidn#define LTM_NONE  0x00
8325670Sdavidn#define LTM_SUN   0x01
8425670Sdavidn#define LTM_MON   0x02
85184083Sdes#define LTM_TUE   0x04
8625670Sdavidn#define LTM_WED   0x08
8725670Sdavidn#define LTM_THU   0x10
8825670Sdavidn#define LTM_FRI   0x20
8925670Sdavidn#define LTM_SAT   0x40
9025670Sdavidn#define LTM_ANY   0x7F
9125670Sdavidn#define LTM_WK    0x3E
9225670Sdavidn#define LTM_WD    0x41
9325670Sdavidn    u_char	 lt_dow;	/* Days of week */
9425658Sdavidn} login_time_t;
9525670Sdavidn
9625658Sdavidn#define LC_MAXTIMES 64
9725658Sdavidn
9825658Sdavidn#include <sys/cdefs.h>
9925658Sdavidn__BEGIN_DECLS
10025658Sdavidnstruct passwd;
10125658Sdavidn
10292917Sobrienvoid login_close(login_cap_t *);
10392917Sobrienlogin_cap_t *login_getclassbyname(const char *, const struct passwd *);
10492917Sobrienlogin_cap_t *login_getclass(const char *);
10592917Sobrienlogin_cap_t *login_getpwclass(const struct passwd *);
10692917Sobrienlogin_cap_t *login_getuserclass(const struct passwd *);
10725658Sdavidn
108184083Sdesconst char *login_getcapstr(login_cap_t *, const char *, const char *,
109184083Sdes    const char *);
110121193Smarkmconst char **login_getcaplist(login_cap_t *, const char *, const char *);
11194202Sruconst char *login_getstyle(login_cap_t *, const char *, const char *);
11292917Sobrienrlim_t login_getcaptime(login_cap_t *, const char *, rlim_t, rlim_t);
11392917Sobrienrlim_t login_getcapnum(login_cap_t *, const char *, rlim_t, rlim_t);
11492917Sobrienrlim_t login_getcapsize(login_cap_t *, const char *, rlim_t, rlim_t);
11594202Sruconst char *login_getpath(login_cap_t *, const char *, const char *);
11692917Sobrienint login_getcapbool(login_cap_t *, const char *, int);
11792917Sobrienconst char *login_setcryptfmt(login_cap_t *, const char *, const char *);
11825658Sdavidn
119184083Sdesint setclasscontext(const char *, unsigned int);
120184084Sdesvoid setclasscpumask(login_cap_t *);
121184083Sdesint setusercontext(login_cap_t *, const struct passwd *, uid_t, unsigned int);
12292917Sobrienvoid setclassresources(login_cap_t *);
12392917Sobrienvoid setclassenvironment(login_cap_t *, const struct passwd *, int);
12425658Sdavidn
12525670Sdavidn/* Most of these functions are deprecated */
126184083Sdesint auth_approve(login_cap_t *, const char *, const char *);
12792917Sobrienint auth_check(const char *, const char *, const char *, const char *, int *);
12892917Sobrienvoid auth_env(void);
129184083Sdeschar *auth_mkvalue(const char *);
130184083Sdesint auth_response(const char *, const char *, const char *, const char *, int *,
131184083Sdes    const char *, const char *);
13292917Sobrienvoid auth_rmfiles(void);
13392917Sobrienint auth_scan(int);
134184083Sdesint auth_script(const char *, ...);
13592917Sobrienint auth_script_data(const char *, int, const char *, ...);
13692917Sobrienchar *auth_valud(const char *);
13792917Sobrienint auth_setopt(const char *, const char *);
13892917Sobrienvoid auth_clropts(void);
13925670Sdavidn
140184083Sdesvoid auth_checknologin(login_cap_t *);
141184083Sdesint auth_cat(const char *);
14225658Sdavidn
143184083Sdesint auth_ttyok(login_cap_t *, const char *);
144184083Sdesint auth_hostok(login_cap_t *, const char *, char const *);
145184083Sdesint auth_timeok(login_cap_t *, time_t);
14625658Sdavidn
14725658Sdavidnstruct tm;
14825658Sdavidn
14992917Sobrienlogin_time_t parse_lt(const char *);
150184088Sdesint in_lt(const login_time_t *, time_t *);
15192917Sobrienint in_ltm(const login_time_t *, struct tm *, time_t *);
15292917Sobrienint in_ltms(const login_time_t *, struct tm *, time_t *);
153184088Sdesint in_lts(const login_time_t *, time_t *);
15425658Sdavidn
15525670Sdavidn/* helper functions */
15625658Sdavidn
157121193Smarkmint login_strinlist(const char **, char const *, int);
158121193Smarkmint login_str2inlist(const char **, const char *, const char *, int);
159184083Sdeslogin_time_t * login_timelist(login_cap_t *, char const *, int *,
160184083Sdes    login_time_t **);
16192917Sobrienint login_ttyok(login_cap_t *, const char *, const char *, const char *);
162184083Sdesint login_hostok(login_cap_t *, const char *, const char *, const char *,
163184083Sdes    const char *);
16425658Sdavidn
16525658Sdavidn__END_DECLS
16625658Sdavidn
16725658Sdavidn#endif /* _LOGIN_CAP_H_ */
168