login_cap.h revision 1.4 
1/*	$OpenBSD: login_cap.h,v 1.4 2001/01/01 21:50:11 millert Exp $	*/
2
3/*-
4 * Copyright (c) 1995,1997 Berkeley Software Design, Inc. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 *    notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 *    notice, this list of conditions and the following disclaimer in the
13 *    documentation and/or other materials provided with the distribution.
14 * 3. All advertising materials mentioning features or use of this software
15 *    must display the following acknowledgement:
16 *	This product includes software developed by Berkeley Software Design,
17 *	Inc.
18 * 4. The name of Berkeley Software Design, Inc.  may not be used to endorse
19 *    or promote products derived from this software without specific prior
20 *    written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED.  IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 *	BSDI $From: login_cap.h,v 2.11 1999/09/08 18:11:57 prb Exp $
35 */
36
37#ifndef _LOGIN_CAP_H_
38#define _LOGIN_CAP_H_
39
40#define	LOGIN_DEFCLASS		"default"
41#define	LOGIN_DEFSTYLE		"krb-or-pwd"
42#define	LOGIN_DEFSERVICE	"login"
43#define	LOGIN_DEFUMASK		022
44#define	_PATH_LOGIN_CONF	"/etc/login.conf"
45#define	_PATH_AUTHPROG		"/usr/libexec/auth/login_"
46
47#define	LOGIN_SETGROUP		0x0001	/* Set group */
48#define	LOGIN_SETLOGIN		0x0002	/* Set login */
49#define	LOGIN_SETPATH		0x0004	/* Set path */
50#define	LOGIN_SETPRIORITY	0x0008	/* Set priority */
51#define	LOGIN_SETRESOURCES	0x0010	/* Set resource limits */
52#define	LOGIN_SETUMASK		0x0020	/* Set umask */
53#define	LOGIN_SETUSER		0x0040	/* Set user */
54#define	LOGIN_SETALL 		0x007f	/* Set all. */
55
56#define	BI_AUTH		"authorize"		/* Accepted authentication */
57#define	BI_REJECT	"reject"		/* Rejected authentication */
58#define	BI_CHALLENGE	"reject challenge"	/* Reject with a challenge */
59#define	BI_SILENT	"reject silent"		/* Reject silently */
60#define	BI_REMOVE	"remove"		/* remove file on error */
61#define	BI_ROOTOKAY	"authorize root"	/* root authenticated */
62#define	BI_SECURE	"authorize secure"	/* okay on non-secure line */
63#define	BI_SETENV	"setenv"		/* set environment variable */
64#define	BI_UNSETENV	"unsetenv"		/* unset environment variable */
65#define	BI_VALUE	"value"			/* set local variable */
66#define	BI_EXPIRED	"reject expired"	/* account expired */
67#define	BI_PWEXPIRED	"reject pwexpired"	/* password expired */
68
69/*
70 * bits which can be returned by authenticate()/auth_scan()
71 */
72#define	AUTH_OKAY	0x01			/* user authentciated */
73#define	AUTH_ROOTOKAY	0x02			/* authenticated as root */
74#define	AUTH_SECURE	0x04			/* secure login */
75#define	AUTH_SILENT	0x08			/* silent rejection */
76#define	AUTH_CHALLENGE	0x10			/* a challenge was given */
77#define	AUTH_EXPIRED	0x20			/* account expired */
78#define	AUTH_PWEXPIRED	0x40			/* password expired */
79
80#define	AUTH_ALLOW	(AUTH_OKAY | AUTH_ROOTOKAY | AUTH_SECURE)
81
82typedef struct {
83	char	*lc_class;
84	char	*lc_cap;
85	char	*lc_style;
86} login_cap_t;
87
88#include <sys/cdefs.h>
89__BEGIN_DECLS
90struct passwd;
91
92login_cap_t *login_getclass __P((char *));
93void	 login_close __P((login_cap_t *));
94int	 login_getcapbool __P((login_cap_t *, char *, u_int));
95quad_t	 login_getcapnum __P((login_cap_t *, char *, quad_t, quad_t));
96quad_t	 login_getcapsize __P((login_cap_t *, char *, quad_t, quad_t));
97char	*login_getcapstr __P((login_cap_t *, char *, char *, char *));
98quad_t	 login_getcaptime __P((login_cap_t *, char *, quad_t, quad_t));
99char	*login_getstyle __P((login_cap_t *, char *, char *));
100
101int	secure_path __P((char *));
102int	setclasscontext __P((char *, u_int));
103int	setusercontext __P((login_cap_t *, struct passwd *, uid_t, u_int));
104
105__END_DECLS
106
107#endif /* _LOGIN_CAP_H_ */
108