login_cap.h revision 101959 
154359Sroberto/*-
2182007Sroberto * Copyright (c) 1996 by
354359Sroberto * Sean Eric Fagan <sef@kithrup.com>
4182007Sroberto * David Nugent <davidn@blaze.net.au>
5182007Sroberto * All rights reserved.
654359Sroberto *
754359Sroberto * Redistribution and use in source and binary forms, with or without
8182007Sroberto * modification, is permitted provided that the following conditions
9182007Sroberto * are met:
10182007Sroberto * 1. Redistributions of source code must retain the above copyright
11182007Sroberto *    notice immediately at the beginning of the file, without modification,
12182007Sroberto *    this list of conditions, and the following disclaimer.
13182007Sroberto * 2. Redistributions in binary form must reproduce the above copyright
14182007Sroberto *    notice, this list of conditions and the following disclaimer in the
15182007Sroberto *    documentation and/or other materials provided with the distribution.
16182007Sroberto * 3. This work was done expressly for inclusion into FreeBSD.  Other use
17182007Sroberto *    is permitted provided this notation is included.
18182007Sroberto * 4. Absolutely no warranty of function or purpose is made by the authors.
19182007Sroberto * 5. Modifications may be freely made to this file providing the above
20182007Sroberto *    conditions are met.
21182007Sroberto *
22182007Sroberto * Low-level routines relating to the user capabilities database
23182007Sroberto *
24182007Sroberto *	Was login_cap.h,v 1.9 1997/05/07 20:00:01 eivind Exp
25182007Sroberto * $FreeBSD: head/lib/libutil/login_cap.h 101959 2002-08-16 02:14:21Z rwatson $
26182007Sroberto */
27182007Sroberto
28182007Sroberto#ifndef _LOGIN_CAP_H_
29182007Sroberto#define _LOGIN_CAP_H_
30182007Sroberto
31182007Sroberto#define LOGIN_DEFCLASS		"default"
32182007Sroberto#define LOGIN_DEFROOTCLASS	"root"
33182007Sroberto#define LOGIN_MECLASS		"me"
3454359Sroberto#define LOGIN_DEFSTYLE		"passwd"
3554359Sroberto#define LOGIN_DEFSERVICE	"login"
3654359Sroberto#define LOGIN_DEFUMASK		022
3754359Sroberto#define LOGIN_DEFPRI		0
3854359Sroberto#define _PATH_LOGIN_CONF	"/etc/login.conf"
3954359Sroberto#define _FILE_LOGIN_CONF	".login_conf"
4054359Sroberto#define _PATH_AUTHPROG		"/usr/libexec/login_"
4154359Sroberto
4254359Sroberto#define LOGIN_SETGROUP		0x0001		/* set group */
4354359Sroberto#define LOGIN_SETLOGIN		0x0002		/* set login (via setlogin) */
4454359Sroberto#define LOGIN_SETPATH		0x0004		/* set path */
4554359Sroberto#define LOGIN_SETPRIORITY	0x0008		/* set priority */
4654359Sroberto#define LOGIN_SETRESOURCES	0x0010		/* set resources (cputime, etc.) */
4754359Sroberto#define LOGIN_SETUMASK		0x0020		/* set umask, obviously */
4854359Sroberto#define LOGIN_SETUSER		0x0040		/* set user (via setuid) */
4954359Sroberto#define LOGIN_SETENV		0x0080		/* set user environment */
5054359Sroberto#define LOGIN_SETMAC		0x0100		/* set user default MAC label */
5154359Sroberto#define LOGIN_SETALL		0x01ff		/* set everything */
5254359Sroberto
5354359Sroberto#define BI_AUTH		"authorize"		/* accepted authentication */
5454359Sroberto#define BI_REJECT	"reject"		/* rejected authentication */
55285612Sdelphij#define BI_CHALLENG	"reject challenge"	/* reject with a challenge */
56285612Sdelphij#define BI_SILENT	"reject silent"		/* reject silently */
5754359Sroberto#define BI_REMOVE	"remove"		/* remove file on error */
5854359Sroberto#define BI_ROOTOKAY	"authorize root"	/* root authenticated */
5954359Sroberto#define BI_SECURE	"authorize secure"	/* okay on non-secure line */
60182007Sroberto#define BI_SETENV	"setenv"		/* set environment variable */
61182007Sroberto#define BI_VALUE	"value"			/* set local variable */
6254359Sroberto
63182007Sroberto#define AUTH_OKAY		0x01		/* user authenticated */
64182007Sroberto#define AUTH_ROOTOKAY		0x02		/* root login okay */
65182007Sroberto#define AUTH_SECURE		0x04		/* secure login */
66182007Sroberto#define AUTH_SILENT		0x08		/* silent rejection */
67182007Sroberto#define AUTH_CHALLENGE		0x10		/* a chellenge was given */
68182007Sroberto
6954359Sroberto#define AUTH_ALLOW		(AUTH_OKAY | AUTH_ROOTOKAY | AUTH_SECURE)
7054359Sroberto
7154359Srobertotypedef struct login_cap {
7254359Sroberto    char    *lc_class;
7354359Sroberto    char    *lc_cap;
7454359Sroberto    char    *lc_style;
7554359Sroberto} login_cap_t;
7654359Sroberto
7754359Srobertotypedef struct login_time {
7854359Sroberto    u_short     lt_start;	/* Start time */
79    u_short     lt_end;		/* End time */
80#define LTM_NONE  0x00
81#define LTM_SUN   0x01
82#define LTM_MON   0x02
83#define LTM_TUE   0x04
84#define LTM_WED   0x08
85#define LTM_THU   0x10
86#define LTM_FRI   0x20
87#define LTM_SAT   0x40
88#define LTM_ANY   0x7F
89#define LTM_WK    0x3E
90#define LTM_WD    0x41
91    u_char	 lt_dow;	/* Days of week */
92} login_time_t;
93
94#define LC_MAXTIMES 64
95
96#include <sys/cdefs.h>
97__BEGIN_DECLS
98struct passwd;
99
100void login_close(login_cap_t *);
101login_cap_t *login_getclassbyname(const char *, const struct passwd *);
102login_cap_t *login_getclass(const char *);
103login_cap_t *login_getpwclass(const struct passwd *);
104login_cap_t *login_getuserclass(const struct passwd *);
105
106const char *login_getcapstr(login_cap_t*, const char *, const char *, const char *);
107char **login_getcaplist(login_cap_t *, const char *, const char *);
108const char *login_getstyle(login_cap_t *, const char *, const char *);
109rlim_t login_getcaptime(login_cap_t *, const char *, rlim_t, rlim_t);
110rlim_t login_getcapnum(login_cap_t *, const char *, rlim_t, rlim_t);
111rlim_t login_getcapsize(login_cap_t *, const char *, rlim_t, rlim_t);
112const char *login_getpath(login_cap_t *, const char *, const char *);
113int login_getcapbool(login_cap_t *, const char *, int);
114const char *login_setcryptfmt(login_cap_t *, const char *, const char *);
115
116int setclasscontext(const char*, unsigned int);
117int setusercontext(login_cap_t*, const struct passwd*, uid_t, unsigned int);
118void setclassresources(login_cap_t *);
119void setclassenvironment(login_cap_t *, const struct passwd *, int);
120
121/* Most of these functions are deprecated */
122int auth_approve(login_cap_t*, const char*, const char*);
123int auth_check(const char *, const char *, const char *, const char *, int *);
124void auth_env(void);
125char *auth_mkvalue(const char *n);
126int auth_response(const char *, const char *, const char *, const char *, int *, const char *, const char *);
127void auth_rmfiles(void);
128int auth_scan(int);
129int auth_script(const char*, ...);
130int auth_script_data(const char *, int, const char *, ...);
131char *auth_valud(const char *);
132int auth_setopt(const char *, const char *);
133void auth_clropts(void);
134
135void auth_checknologin(login_cap_t*);
136int auth_cat(const char*);
137
138int auth_ttyok(login_cap_t*, const char *);
139int auth_hostok(login_cap_t*, const char *, char const *);
140int auth_timeok(login_cap_t*, time_t);
141
142struct tm;
143
144login_time_t parse_lt(const char *);
145int in_ltm(const login_time_t *, struct tm *, time_t *);
146int in_ltms(const login_time_t *, struct tm *, time_t *);
147
148/* helper functions */
149
150int login_strinlist(char **, char const *, int);
151int login_str2inlist(char **, const char *, const char *, int);
152login_time_t * login_timelist(login_cap_t *, char const *, int *, login_time_t **);
153int login_ttyok(login_cap_t *, const char *, const char *, const char *);
154int login_hostok(login_cap_t *, const char *, const char *, const char *, const char *);
155
156__END_DECLS
157
158#endif /* _LOGIN_CAP_H_ */
159