lib/libutil/login_cap.h

25658Sdavidn/*-
25658Sdavidn * Copyright (c) 1996 by
25658Sdavidn * Sean Eric Fagan <sef@kithrup.com>
25658Sdavidn * David Nugent <davidn@blaze.net.au>
25658Sdavidn * All rights reserved.
25658Sdavidn *
25658Sdavidn * Redistribution and use in source and binary forms, with or without
25658Sdavidn * modification, is permitted provided that the following conditions
25658Sdavidn * are met:
25658Sdavidn * 1. Redistributions of source code must retain the above copyright
25658Sdavidn *    notice immediately at the beginning of the file, without modification,
25658Sdavidn *    this list of conditions, and the following disclaimer.
25658Sdavidn * 2. Redistributions in binary form must reproduce the above copyright
25658Sdavidn *    notice, this list of conditions and the following disclaimer in the
25658Sdavidn *    documentation and/or other materials provided with the distribution.
25658Sdavidn * 3. This work was done expressly for inclusion into FreeBSD.  Other use
25658Sdavidn *    is permitted provided this notation is included.
25658Sdavidn * 4. Absolutely no warranty of function or purpose is made by the authors.
25658Sdavidn * 5. Modifications may be freely made to this file providing the above
25658Sdavidn *    conditions are met.
25658Sdavidn *
25658Sdavidn * Low-level routines relating to the user capabilities database
25658Sdavidn *
25658Sdavidn *	Was login_cap.h,v 1.9 1997/05/07 20:00:01 eivind Exp
50476Speter * $FreeBSD: head/lib/libutil/login_cap.h 180815 2008-07-25 19:58:14Z brooks $
25658Sdavidn */
25658Sdavidn
25658Sdavidn#ifndef _LOGIN_CAP_H_
25658Sdavidn#define _LOGIN_CAP_H_
25658Sdavidn
25658Sdavidn#define LOGIN_DEFCLASS		"default"
25670Sdavidn#define LOGIN_DEFROOTCLASS	"root"
25670Sdavidn#define LOGIN_MECLASS		"me"
25658Sdavidn#define LOGIN_DEFSTYLE		"passwd"
25658Sdavidn#define LOGIN_DEFSERVICE	"login"
101658Srwatson#define LOGIN_DEFUMASK		022
25658Sdavidn#define LOGIN_DEFPRI		0
25658Sdavidn#define _PATH_LOGIN_CONF	"/etc/login.conf"
25658Sdavidn#define _FILE_LOGIN_CONF	".login_conf"
25658Sdavidn#define _PATH_AUTHPROG		"/usr/libexec/login_"
25658Sdavidn
25670Sdavidn#define LOGIN_SETGROUP		0x0001		/* set group */
25670Sdavidn#define LOGIN_SETLOGIN		0x0002		/* set login (via setlogin) */
25670Sdavidn#define LOGIN_SETPATH		0x0004		/* set path */
25670Sdavidn#define LOGIN_SETPRIORITY	0x0008		/* set priority */
25670Sdavidn#define LOGIN_SETRESOURCES	0x0010		/* set resources (cputime, etc.) */
25670Sdavidn#define LOGIN_SETUMASK		0x0020		/* set umask, obviously */
25670Sdavidn#define LOGIN_SETUSER		0x0040		/* set user (via setuid) */
25670Sdavidn#define LOGIN_SETENV		0x0080		/* set user environment */
101959Srwatson#define LOGIN_SETMAC		0x0100		/* set user default MAC label */
180815Sbrooks#define LOGIN_SETCPUMASK	0x0200		/* set user cpumask */
180815Sbrooks#define LOGIN_SETALL		0x03ff		/* set everything */
25658Sdavidn
25670Sdavidn#define BI_AUTH		"authorize"		/* accepted authentication */
25670Sdavidn#define BI_REJECT	"reject"		/* rejected authentication */
25670Sdavidn#define BI_CHALLENG	"reject challenge"	/* reject with a challenge */
25670Sdavidn#define BI_SILENT	"reject silent"		/* reject silently */
25670Sdavidn#define BI_REMOVE	"remove"		/* remove file on error */
25670Sdavidn#define BI_ROOTOKAY	"authorize root"	/* root authenticated */
25670Sdavidn#define BI_SECURE	"authorize secure"	/* okay on non-secure line */
25670Sdavidn#define BI_SETENV	"setenv"		/* set environment variable */
25670Sdavidn#define BI_VALUE	"value"			/* set local variable */
25658Sdavidn
25670Sdavidn#define AUTH_OKAY		0x01		/* user authenticated */
25670Sdavidn#define AUTH_ROOTOKAY		0x02		/* root login okay */
25670Sdavidn#define AUTH_SECURE		0x04		/* secure login */
25670Sdavidn#define AUTH_SILENT		0x08		/* silent rejection */
25670Sdavidn#define AUTH_CHALLENGE		0x10		/* a chellenge was given */
25658Sdavidn
101658Srwatson#define AUTH_ALLOW		(AUTH_OKAY | AUTH_ROOTOKAY | AUTH_SECURE)
25670Sdavidn
25658Sdavidntypedef struct login_cap {
25670Sdavidn    char    *lc_class;
25670Sdavidn    char    *lc_cap;
25670Sdavidn    char    *lc_style;
25658Sdavidn} login_cap_t;
25658Sdavidn
25658Sdavidntypedef struct login_time {
25670Sdavidn    u_short     lt_start;	/* Start time */
25670Sdavidn    u_short     lt_end;		/* End time */
25670Sdavidn#define LTM_NONE  0x00
25670Sdavidn#define LTM_SUN   0x01
25670Sdavidn#define LTM_MON   0x02
25670Sdavidn#define LTM_TUE   0x04
25670Sdavidn#define LTM_WED   0x08
25670Sdavidn#define LTM_THU   0x10
25670Sdavidn#define LTM_FRI   0x20
25670Sdavidn#define LTM_SAT   0x40
25670Sdavidn#define LTM_ANY   0x7F
25670Sdavidn#define LTM_WK    0x3E
25670Sdavidn#define LTM_WD    0x41
25670Sdavidn    u_char	 lt_dow;	/* Days of week */
25658Sdavidn} login_time_t;
25670Sdavidn
25658Sdavidn#define LC_MAXTIMES 64
25658Sdavidn
25658Sdavidn#include <sys/cdefs.h>
25658Sdavidn__BEGIN_DECLS
25658Sdavidnstruct passwd;
25658Sdavidn
92917Sobrienvoid login_close(login_cap_t *);
92917Sobrienlogin_cap_t *login_getclassbyname(const char *, const struct passwd *);
92917Sobrienlogin_cap_t *login_getclass(const char *);
92917Sobrienlogin_cap_t *login_getpwclass(const struct passwd *);
92917Sobrienlogin_cap_t *login_getuserclass(const struct passwd *);
25658Sdavidn
94202Sruconst char *login_getcapstr(login_cap_t*, const char *, const char *, const char *);
121193Smarkmconst char **login_getcaplist(login_cap_t *, const char *, const char *);
94202Sruconst char *login_getstyle(login_cap_t *, const char *, const char *);
92917Sobrienrlim_t login_getcaptime(login_cap_t *, const char *, rlim_t, rlim_t);
92917Sobrienrlim_t login_getcapnum(login_cap_t *, const char *, rlim_t, rlim_t);
92917Sobrienrlim_t login_getcapsize(login_cap_t *, const char *, rlim_t, rlim_t);
94202Sruconst char *login_getpath(login_cap_t *, const char *, const char *);
92917Sobrienint login_getcapbool(login_cap_t *, const char *, int);
92917Sobrienconst char *login_setcryptfmt(login_cap_t *, const char *, const char *);
25658Sdavidn
92917Sobrienint setclasscontext(const char*, unsigned int);
92917Sobrienint setusercontext(login_cap_t*, const struct passwd*, uid_t, unsigned int);
92917Sobrienvoid setclassresources(login_cap_t *);
92917Sobrienvoid setclassenvironment(login_cap_t *, const struct passwd *, int);
25658Sdavidn
25670Sdavidn/* Most of these functions are deprecated */
92917Sobrienint auth_approve(login_cap_t*, const char*, const char*);
92917Sobrienint auth_check(const char *, const char *, const char *, const char *, int *);
92917Sobrienvoid auth_env(void);
92917Sobrienchar *auth_mkvalue(const char *n);
92917Sobrienint auth_response(const char *, const char *, const char *, const char *, int *, const char *, const char *);
92917Sobrienvoid auth_rmfiles(void);
92917Sobrienint auth_scan(int);
92917Sobrienint auth_script(const char*, ...);
92917Sobrienint auth_script_data(const char *, int, const char *, ...);
92917Sobrienchar *auth_valud(const char *);
92917Sobrienint auth_setopt(const char *, const char *);
92917Sobrienvoid auth_clropts(void);
25670Sdavidn
92917Sobrienvoid auth_checknologin(login_cap_t*);
92917Sobrienint auth_cat(const char*);
25658Sdavidn
92917Sobrienint auth_ttyok(login_cap_t*, const char *);
92917Sobrienint auth_hostok(login_cap_t*, const char *, char const *);
92917Sobrienint auth_timeok(login_cap_t*, time_t);
25658Sdavidn
25658Sdavidnstruct tm;
25658Sdavidn
92917Sobrienlogin_time_t parse_lt(const char *);
92917Sobrienint in_ltm(const login_time_t *, struct tm *, time_t *);
92917Sobrienint in_ltms(const login_time_t *, struct tm *, time_t *);
25658Sdavidn
25670Sdavidn/* helper functions */
25658Sdavidn
121193Smarkmint login_strinlist(const char **, char const *, int);
121193Smarkmint login_str2inlist(const char **, const char *, const char *, int);
92917Sobrienlogin_time_t * login_timelist(login_cap_t *, char const *, int *, login_time_t **);
92917Sobrienint login_ttyok(login_cap_t *, const char *, const char *, const char *);
92917Sobrienint login_hostok(login_cap_t *, const char *, const char *, const char *, const char *);
25658Sdavidn
25658Sdavidn__END_DECLS
25658Sdavidn
25658Sdavidn#endif /* _LOGIN_CAP_H_ */