xref: /freebsd/lib/libutil/login_cap.h (revision ecfcbb9f0376351e59850d6a6e528e4dd026cefd) 
1 /*-
2  * Copyright (c) 1996 by
3  * Sean Eric Fagan <sef@kithrup.com>
4  * David Nugent <davidn@blaze.net.au>
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, is permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice immediately at the beginning of the file, without modification,
12  *    this list of conditions, and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 3. This work was done expressly for inclusion into FreeBSD.  Other use
17  *    is permitted provided this notation is included.
18  * 4. Absolutely no warranty of function or purpose is made by the authors.
19  * 5. Modifications may be freely made to this file providing the above
20  *    conditions are met.
21  *
22  * Low-level routines relating to the user capabilities database
23  *
24  *	Was login_cap.h,v 1.9 1997/05/07 20:00:01 eivind Exp
25  * $FreeBSD$
26  */
27 
28 #ifndef _LOGIN_CAP_H_
29 #define _LOGIN_CAP_H_
30 
31 #define LOGIN_DEFCLASS		"default"
32 #define LOGIN_DEFROOTCLASS	"root"
33 #define LOGIN_MECLASS		"me"
34 #define LOGIN_DEFSTYLE		"passwd"
35 #define LOGIN_DEFSERVICE	"login"
36 #define LOGIN_DEFUMASK		022
37 #define LOGIN_DEFPRI		0
38 #define _PATH_LOGIN_CONF	"/etc/login.conf"
39 #define _FILE_LOGIN_CONF	".login_conf"
40 #define _PATH_AUTHPROG		"/usr/libexec/login_"
41 
42 #define LOGIN_SETGROUP		0x0001		/* set group */
43 #define LOGIN_SETLOGIN		0x0002		/* set login (via setlogin) */
44 #define LOGIN_SETPATH		0x0004		/* set path */
45 #define LOGIN_SETPRIORITY	0x0008		/* set priority */
46 #define LOGIN_SETRESOURCES	0x0010		/* set resources (cputime, etc.) */
47 #define LOGIN_SETUMASK		0x0020		/* set umask, obviously */
48 #define LOGIN_SETUSER		0x0040		/* set user (via setuid) */
49 #define LOGIN_SETENV		0x0080		/* set user environment */
50 #define LOGIN_SETMAC		0x0100		/* set user default MAC label */
51 #define LOGIN_SETCPUMASK	0x0200		/* set user cpumask */
52 #define LOGIN_SETALL		0x03ff		/* set everything */
53 
54 #define BI_AUTH		"authorize"		/* accepted authentication */
55 #define BI_REJECT	"reject"		/* rejected authentication */
56 #define BI_CHALLENG	"reject challenge"	/* reject with a challenge */
57 #define BI_SILENT	"reject silent"		/* reject silently */
58 #define BI_REMOVE	"remove"		/* remove file on error */
59 #define BI_ROOTOKAY	"authorize root"	/* root authenticated */
60 #define BI_SECURE	"authorize secure"	/* okay on non-secure line */
61 #define BI_SETENV	"setenv"		/* set environment variable */
62 #define BI_VALUE	"value"			/* set local variable */
63 
64 #define AUTH_OKAY		0x01		/* user authenticated */
65 #define AUTH_ROOTOKAY		0x02		/* root login okay */
66 #define AUTH_SECURE		0x04		/* secure login */
67 #define AUTH_SILENT		0x08		/* silent rejection */
68 #define AUTH_CHALLENGE		0x10		/* a chellenge was given */
69 
70 #define AUTH_ALLOW		(AUTH_OKAY | AUTH_ROOTOKAY | AUTH_SECURE)
71 
72 typedef struct login_cap {
73     char    *lc_class;
74     char    *lc_cap;
75     char    *lc_style;
76 } login_cap_t;
77 
78 typedef struct login_time {
79     u_short     lt_start;	/* Start time */
80     u_short     lt_end;		/* End time */
81 #define LTM_NONE  0x00
82 #define LTM_SUN   0x01
83 #define LTM_MON   0x02
84 #define LTM_TUE   0x04
85 #define LTM_WED   0x08
86 #define LTM_THU   0x10
87 #define LTM_FRI   0x20
88 #define LTM_SAT   0x40
89 #define LTM_ANY   0x7F
90 #define LTM_WK    0x3E
91 #define LTM_WD    0x41
92     u_char	 lt_dow;	/* Days of week */
93 } login_time_t;
94 
95 #define LC_MAXTIMES 64
96 
97 #include <sys/cdefs.h>
98 __BEGIN_DECLS
99 struct passwd;
100 
101 void login_close(login_cap_t *);
102 login_cap_t *login_getclassbyname(const char *, const struct passwd *);
103 login_cap_t *login_getclass(const char *);
104 login_cap_t *login_getpwclass(const struct passwd *);
105 login_cap_t *login_getuserclass(const struct passwd *);
106 
107 const char *login_getcapstr(login_cap_t*, const char *, const char *, const char *);
108 const char **login_getcaplist(login_cap_t *, const char *, const char *);
109 const char *login_getstyle(login_cap_t *, const char *, const char *);
110 rlim_t login_getcaptime(login_cap_t *, const char *, rlim_t, rlim_t);
111 rlim_t login_getcapnum(login_cap_t *, const char *, rlim_t, rlim_t);
112 rlim_t login_getcapsize(login_cap_t *, const char *, rlim_t, rlim_t);
113 const char *login_getpath(login_cap_t *, const char *, const char *);
114 int login_getcapbool(login_cap_t *, const char *, int);
115 const char *login_setcryptfmt(login_cap_t *, const char *, const char *);
116 
117 int setclasscontext(const char*, unsigned int);
118 int setusercontext(login_cap_t*, const struct passwd*, uid_t, unsigned int);
119 void setclassresources(login_cap_t *);
120 void setclassenvironment(login_cap_t *, const struct passwd *, int);
121 
122 /* Most of these functions are deprecated */
123 int auth_approve(login_cap_t*, const char*, const char*);
124 int auth_check(const char *, const char *, const char *, const char *, int *);
125 void auth_env(void);
126 char *auth_mkvalue(const char *n);
127 int auth_response(const char *, const char *, const char *, const char *, int *, const char *, const char *);
128 void auth_rmfiles(void);
129 int auth_scan(int);
130 int auth_script(const char*, ...);
131 int auth_script_data(const char *, int, const char *, ...);
132 char *auth_valud(const char *);
133 int auth_setopt(const char *, const char *);
134 void auth_clropts(void);
135 
136 void auth_checknologin(login_cap_t*);
137 int auth_cat(const char*);
138 
139 int auth_ttyok(login_cap_t*, const char *);
140 int auth_hostok(login_cap_t*, const char *, char const *);
141 int auth_timeok(login_cap_t*, time_t);
142 
143 struct tm;
144 
145 login_time_t parse_lt(const char *);
146 int in_ltm(const login_time_t *, struct tm *, time_t *);
147 int in_ltms(const login_time_t *, struct tm *, time_t *);
148 
149 /* helper functions */
150 
151 int login_strinlist(const char **, char const *, int);
152 int login_str2inlist(const char **, const char *, const char *, int);
153 login_time_t * login_timelist(login_cap_t *, char const *, int *, login_time_t **);
154 int login_ttyok(login_cap_t *, const char *, const char *, const char *);
155 int login_hostok(login_cap_t *, const char *, const char *, const char *, const char *);
156 
157 __END_DECLS
158 
159 #endif /* _LOGIN_CAP_H_ */
160