1*1eaf0ac3Slogwang /*- 2*1eaf0ac3Slogwang * Copyright (c) 1996 by 3*1eaf0ac3Slogwang * Sean Eric Fagan <[email protected]> 4*1eaf0ac3Slogwang * David Nugent <[email protected]> 5*1eaf0ac3Slogwang * All rights reserved. 6*1eaf0ac3Slogwang * 7*1eaf0ac3Slogwang * Redistribution and use in source and binary forms, with or without 8*1eaf0ac3Slogwang * modification, is permitted provided that the following conditions 9*1eaf0ac3Slogwang * are met: 10*1eaf0ac3Slogwang * 1. Redistributions of source code must retain the above copyright 11*1eaf0ac3Slogwang * notice immediately at the beginning of the file, without modification, 12*1eaf0ac3Slogwang * this list of conditions, and the following disclaimer. 13*1eaf0ac3Slogwang * 2. Redistributions in binary form must reproduce the above copyright 14*1eaf0ac3Slogwang * notice, this list of conditions and the following disclaimer in the 15*1eaf0ac3Slogwang * documentation and/or other materials provided with the distribution. 16*1eaf0ac3Slogwang * 3. This work was done expressly for inclusion into FreeBSD. Other use 17*1eaf0ac3Slogwang * is permitted provided this notation is included. 18*1eaf0ac3Slogwang * 4. Absolutely no warranty of function or purpose is made by the authors. 19*1eaf0ac3Slogwang * 5. Modifications may be freely made to this file providing the above 20*1eaf0ac3Slogwang * conditions are met. 21*1eaf0ac3Slogwang * 22*1eaf0ac3Slogwang * Low-level routines relating to the user capabilities database 23*1eaf0ac3Slogwang * 24*1eaf0ac3Slogwang * Was login_cap.h,v 1.9 1997/05/07 20:00:01 eivind Exp 25*1eaf0ac3Slogwang * $FreeBSD$ 26*1eaf0ac3Slogwang */ 27*1eaf0ac3Slogwang 28*1eaf0ac3Slogwang #ifndef _LOGIN_CAP_H_ 29*1eaf0ac3Slogwang #define _LOGIN_CAP_H_ 30*1eaf0ac3Slogwang 31*1eaf0ac3Slogwang #define LOGIN_DEFCLASS "default" 32*1eaf0ac3Slogwang #define LOGIN_DEFROOTCLASS "root" 33*1eaf0ac3Slogwang #define LOGIN_MECLASS "me" 34*1eaf0ac3Slogwang #define LOGIN_DEFSTYLE "passwd" 35*1eaf0ac3Slogwang #define LOGIN_DEFSERVICE "login" 36*1eaf0ac3Slogwang #define LOGIN_DEFUMASK 022 37*1eaf0ac3Slogwang #define LOGIN_DEFPRI 0 38*1eaf0ac3Slogwang #define _PATH_LOGIN_CONF "/etc/login.conf" 39*1eaf0ac3Slogwang #define _FILE_LOGIN_CONF ".login_conf" 40*1eaf0ac3Slogwang #define _PATH_AUTHPROG "/usr/libexec/login_" 41*1eaf0ac3Slogwang 42*1eaf0ac3Slogwang #define LOGIN_SETGROUP 0x0001 /* set group */ 43*1eaf0ac3Slogwang #define LOGIN_SETLOGIN 0x0002 /* set login (via setlogin) */ 44*1eaf0ac3Slogwang #define LOGIN_SETPATH 0x0004 /* set path */ 45*1eaf0ac3Slogwang #define LOGIN_SETPRIORITY 0x0008 /* set priority */ 46*1eaf0ac3Slogwang #define LOGIN_SETRESOURCES 0x0010 /* set resources (cputime, etc.) */ 47*1eaf0ac3Slogwang #define LOGIN_SETUMASK 0x0020 /* set umask, obviously */ 48*1eaf0ac3Slogwang #define LOGIN_SETUSER 0x0040 /* set user (via setuid) */ 49*1eaf0ac3Slogwang #define LOGIN_SETENV 0x0080 /* set user environment */ 50*1eaf0ac3Slogwang #define LOGIN_SETMAC 0x0100 /* set user default MAC label */ 51*1eaf0ac3Slogwang #define LOGIN_SETCPUMASK 0x0200 /* set user cpumask */ 52*1eaf0ac3Slogwang #define LOGIN_SETLOGINCLASS 0x0400 /* set login class in the kernel */ 53*1eaf0ac3Slogwang #define LOGIN_SETALL 0x07ff /* set everything */ 54*1eaf0ac3Slogwang 55*1eaf0ac3Slogwang #define BI_AUTH "authorize" /* accepted authentication */ 56*1eaf0ac3Slogwang #define BI_REJECT "reject" /* rejected authentication */ 57*1eaf0ac3Slogwang #define BI_CHALLENG "reject challenge" /* reject with a challenge */ 58*1eaf0ac3Slogwang #define BI_SILENT "reject silent" /* reject silently */ 59*1eaf0ac3Slogwang #define BI_REMOVE "remove" /* remove file on error */ 60*1eaf0ac3Slogwang #define BI_ROOTOKAY "authorize root" /* root authenticated */ 61*1eaf0ac3Slogwang #define BI_SECURE "authorize secure" /* okay on non-secure line */ 62*1eaf0ac3Slogwang #define BI_SETENV "setenv" /* set environment variable */ 63*1eaf0ac3Slogwang #define BI_VALUE "value" /* set local variable */ 64*1eaf0ac3Slogwang 65*1eaf0ac3Slogwang #define AUTH_OKAY 0x01 /* user authenticated */ 66*1eaf0ac3Slogwang #define AUTH_ROOTOKAY 0x02 /* root login okay */ 67*1eaf0ac3Slogwang #define AUTH_SECURE 0x04 /* secure login */ 68*1eaf0ac3Slogwang #define AUTH_SILENT 0x08 /* silent rejection */ 69*1eaf0ac3Slogwang #define AUTH_CHALLENGE 0x10 /* a chellenge was given */ 70*1eaf0ac3Slogwang 71*1eaf0ac3Slogwang #define AUTH_ALLOW (AUTH_OKAY | AUTH_ROOTOKAY | AUTH_SECURE) 72*1eaf0ac3Slogwang 73*1eaf0ac3Slogwang typedef struct login_cap { 74*1eaf0ac3Slogwang char *lc_class; 75*1eaf0ac3Slogwang char *lc_cap; 76*1eaf0ac3Slogwang char *lc_style; 77*1eaf0ac3Slogwang } login_cap_t; 78*1eaf0ac3Slogwang 79*1eaf0ac3Slogwang typedef struct login_time { 80*1eaf0ac3Slogwang u_short lt_start; /* Start time */ 81*1eaf0ac3Slogwang u_short lt_end; /* End time */ 82*1eaf0ac3Slogwang #define LTM_NONE 0x00 83*1eaf0ac3Slogwang #define LTM_SUN 0x01 84*1eaf0ac3Slogwang #define LTM_MON 0x02 85*1eaf0ac3Slogwang #define LTM_TUE 0x04 86*1eaf0ac3Slogwang #define LTM_WED 0x08 87*1eaf0ac3Slogwang #define LTM_THU 0x10 88*1eaf0ac3Slogwang #define LTM_FRI 0x20 89*1eaf0ac3Slogwang #define LTM_SAT 0x40 90*1eaf0ac3Slogwang #define LTM_ANY 0x7F 91*1eaf0ac3Slogwang #define LTM_WK 0x3E 92*1eaf0ac3Slogwang #define LTM_WD 0x41 93*1eaf0ac3Slogwang u_char lt_dow; /* Days of week */ 94*1eaf0ac3Slogwang } login_time_t; 95*1eaf0ac3Slogwang 96*1eaf0ac3Slogwang #define LC_MAXTIMES 64 97*1eaf0ac3Slogwang 98*1eaf0ac3Slogwang #include <sys/cdefs.h> 99*1eaf0ac3Slogwang __BEGIN_DECLS 100*1eaf0ac3Slogwang struct passwd; 101*1eaf0ac3Slogwang 102*1eaf0ac3Slogwang void login_close(login_cap_t *); 103*1eaf0ac3Slogwang login_cap_t *login_getclassbyname(const char *, const struct passwd *); 104*1eaf0ac3Slogwang login_cap_t *login_getclass(const char *); 105*1eaf0ac3Slogwang login_cap_t *login_getpwclass(const struct passwd *); 106*1eaf0ac3Slogwang login_cap_t *login_getuserclass(const struct passwd *); 107*1eaf0ac3Slogwang 108*1eaf0ac3Slogwang const char *login_getcapstr(login_cap_t *, const char *, const char *, 109*1eaf0ac3Slogwang const char *); 110*1eaf0ac3Slogwang const char **login_getcaplist(login_cap_t *, const char *, const char *); 111*1eaf0ac3Slogwang const char *login_getstyle(login_cap_t *, const char *, const char *); 112*1eaf0ac3Slogwang rlim_t login_getcaptime(login_cap_t *, const char *, rlim_t, rlim_t); 113*1eaf0ac3Slogwang rlim_t login_getcapnum(login_cap_t *, const char *, rlim_t, rlim_t); 114*1eaf0ac3Slogwang rlim_t login_getcapsize(login_cap_t *, const char *, rlim_t, rlim_t); 115*1eaf0ac3Slogwang const char *login_getpath(login_cap_t *, const char *, const char *); 116*1eaf0ac3Slogwang int login_getcapbool(login_cap_t *, const char *, int); 117*1eaf0ac3Slogwang const char *login_setcryptfmt(login_cap_t *, const char *, const char *); 118*1eaf0ac3Slogwang 119*1eaf0ac3Slogwang int setclasscontext(const char *, unsigned int); 120*1eaf0ac3Slogwang void setclasscpumask(login_cap_t *); 121*1eaf0ac3Slogwang int setusercontext(login_cap_t *, const struct passwd *, uid_t, unsigned int); 122*1eaf0ac3Slogwang void setclassresources(login_cap_t *); 123*1eaf0ac3Slogwang void setclassenvironment(login_cap_t *, const struct passwd *, int); 124*1eaf0ac3Slogwang 125*1eaf0ac3Slogwang /* Most of these functions are deprecated */ 126*1eaf0ac3Slogwang int auth_approve(login_cap_t *, const char *, const char *); 127*1eaf0ac3Slogwang int auth_check(const char *, const char *, const char *, const char *, int *); 128*1eaf0ac3Slogwang void auth_env(void); 129*1eaf0ac3Slogwang char *auth_mkvalue(const char *); 130*1eaf0ac3Slogwang int auth_response(const char *, const char *, const char *, const char *, int *, 131*1eaf0ac3Slogwang const char *, const char *); 132*1eaf0ac3Slogwang void auth_rmfiles(void); 133*1eaf0ac3Slogwang int auth_scan(int); 134*1eaf0ac3Slogwang int auth_script(const char *, ...); 135*1eaf0ac3Slogwang int auth_script_data(const char *, int, const char *, ...); 136*1eaf0ac3Slogwang char *auth_valud(const char *); 137*1eaf0ac3Slogwang int auth_setopt(const char *, const char *); 138*1eaf0ac3Slogwang void auth_clropts(void); 139*1eaf0ac3Slogwang 140*1eaf0ac3Slogwang void auth_checknologin(login_cap_t *); 141*1eaf0ac3Slogwang int auth_cat(const char *); 142*1eaf0ac3Slogwang 143*1eaf0ac3Slogwang int auth_ttyok(login_cap_t *, const char *); 144*1eaf0ac3Slogwang int auth_hostok(login_cap_t *, const char *, char const *); 145*1eaf0ac3Slogwang int auth_timeok(login_cap_t *, time_t); 146*1eaf0ac3Slogwang 147*1eaf0ac3Slogwang struct tm; 148*1eaf0ac3Slogwang 149*1eaf0ac3Slogwang login_time_t parse_lt(const char *); 150*1eaf0ac3Slogwang int in_lt(const login_time_t *, time_t *); 151*1eaf0ac3Slogwang int in_ltm(const login_time_t *, struct tm *, time_t *); 152*1eaf0ac3Slogwang int in_ltms(const login_time_t *, struct tm *, time_t *); 153*1eaf0ac3Slogwang int in_lts(const login_time_t *, time_t *); 154*1eaf0ac3Slogwang 155*1eaf0ac3Slogwang /* helper functions */ 156*1eaf0ac3Slogwang 157*1eaf0ac3Slogwang int login_strinlist(const char **, char const *, int); 158*1eaf0ac3Slogwang int login_str2inlist(const char **, const char *, const char *, int); 159*1eaf0ac3Slogwang login_time_t * login_timelist(login_cap_t *, char const *, int *, 160*1eaf0ac3Slogwang login_time_t **); 161*1eaf0ac3Slogwang int login_ttyok(login_cap_t *, const char *, const char *, const char *); 162*1eaf0ac3Slogwang int login_hostok(login_cap_t *, const char *, const char *, const char *, 163*1eaf0ac3Slogwang const char *); 164*1eaf0ac3Slogwang 165*1eaf0ac3Slogwang __END_DECLS 166*1eaf0ac3Slogwang 167*1eaf0ac3Slogwang #endif /* _LOGIN_CAP_H_ */ 168