1/*-
  2 * Copyright (c) 1996 by
  3 * Sean Eric Fagan <sef@kithrup.com>
  4 * David Nugent <davidn@blaze.net.au>
  5 * All rights reserved.
  6 *
  7 * Redistribution and use in source and binary forms, with or without
  8 * modification, is permitted provided that the following conditions
  9 * are met:
 10 * 1. Redistributions of source code must retain the above copyright
 11 *    notice immediately at the beginning of the file, without modification,
 12 *    this list of conditions, and the following disclaimer.
 13 * 2. Redistributions in binary form must reproduce the above copyright
 14 *    notice, this list of conditions and the following disclaimer in the
 15 *    documentation and/or other materials provided with the distribution.
 16 * 3. This work was done expressly for inclusion into FreeBSD.  Other use
 17 *    is permitted provided this notation is included.
 18 * 4. Absolutely no warranty of function or purpose is made by the authors.
 19 * 5. Modifications may be freely made to this file providing the above
 20 *    conditions are met.
 21 *
 22 * Low-level routines relating to the user capabilities database
 23 *
 24 *	Was login_cap.h,v 1.9 1997/05/07 20:00:01 eivind Exp
 25 */
 26
 27#ifndef _LOGIN_CAP_H_
 28#define _LOGIN_CAP_H_
 29
 30#define LOGIN_DEFCLASS		"default"
 31#define LOGIN_DEFROOTCLASS	"root"
 32#define LOGIN_MECLASS		"me"
 33#define LOGIN_DEFSTYLE		"passwd"
 34#define LOGIN_DEFSERVICE	"login"
 35#define _PATH_LOGIN_CONF	"/etc/login.conf"
 36#define _FILE_LOGIN_CONF	".login_conf"
 37#define _PATH_AUTHPROG		"/usr/libexec/login_"
 38
 39#define LOGIN_SETGROUP		0x0001		/* set group */
 40#define LOGIN_SETLOGIN		0x0002		/* set login (via setlogin) */
 41#define LOGIN_SETPATH		0x0004		/* set path */
 42#define LOGIN_SETPRIORITY	0x0008		/* set priority */
 43#define LOGIN_SETRESOURCES	0x0010		/* set resources (cputime, etc.) */
 44#define LOGIN_SETUMASK		0x0020		/* set umask, obviously */
 45#define LOGIN_SETUSER		0x0040		/* set user (via setuid) */
 46#define LOGIN_SETENV		0x0080		/* set user environment */
 47#define LOGIN_SETMAC		0x0100		/* set user default MAC label */
 48#define LOGIN_SETCPUMASK	0x0200		/* set user cpumask */
 49#define LOGIN_SETLOGINCLASS	0x0400		/* set login class in the kernel */
 50#define LOGIN_SETALL		0x07ff		/* set everything */
 51
 52#define BI_AUTH		"authorize"		/* accepted authentication */
 53#define BI_REJECT	"reject"		/* rejected authentication */
 54#define BI_CHALLENG	"reject challenge"	/* reject with a challenge */
 55#define BI_SILENT	"reject silent"		/* reject silently */
 56#define BI_REMOVE	"remove"		/* remove file on error */
 57#define BI_ROOTOKAY	"authorize root"	/* root authenticated */
 58#define BI_SECURE	"authorize secure"	/* okay on non-secure line */
 59#define BI_SETENV	"setenv"		/* set environment variable */
 60#define BI_VALUE	"value"			/* set local variable */
 61
 62#define AUTH_OKAY		0x01		/* user authenticated */
 63#define AUTH_ROOTOKAY		0x02		/* root login okay */
 64#define AUTH_SECURE		0x04		/* secure login */
 65#define AUTH_SILENT		0x08		/* silent rejection */
 66#define AUTH_CHALLENGE		0x10		/* a chellenge was given */
 67
 68#define AUTH_ALLOW		(AUTH_OKAY | AUTH_ROOTOKAY | AUTH_SECURE)
 69
 70typedef struct login_cap {
 71    char    *lc_class;
 72    char    *lc_cap;
 73    char    *lc_style;
 74} login_cap_t;
 75
 76typedef struct login_time {
 77    u_short     lt_start;	/* Start time */
 78    u_short     lt_end;		/* End time */
 79#define LTM_NONE  0x00
 80#define LTM_SUN   0x01
 81#define LTM_MON   0x02
 82#define LTM_TUE   0x04
 83#define LTM_WED   0x08
 84#define LTM_THU   0x10
 85#define LTM_FRI   0x20
 86#define LTM_SAT   0x40
 87#define LTM_ANY   0x7F
 88#define LTM_WK    0x3E
 89#define LTM_WD    0x41
 90    u_char	 lt_dow;	/* Days of week */
 91} login_time_t;
 92
 93#define LC_MAXTIMES 64
 94
 95#include <sys/cdefs.h>
 96__BEGIN_DECLS
 97struct passwd;
 98
 99void login_close(login_cap_t *);
100login_cap_t *login_getclassbyname(const char *, const struct passwd *);
101login_cap_t *login_getclass(const char *);
102login_cap_t *login_getpwclass(const struct passwd *);
103login_cap_t *login_getuserclass(const struct passwd *);
104
105const char *login_getcapstr(login_cap_t *, const char *, const char *,
106    const char *);
107const char **login_getcaplist(login_cap_t *, const char *, const char *);
108const char *login_getstyle(login_cap_t *, const char *, const char *);
109rlim_t login_getcaptime(login_cap_t *, const char *, rlim_t, rlim_t);
110rlim_t login_getcapnum(login_cap_t *, const char *, rlim_t, rlim_t);
111int login_getcapenum(login_cap_t *lc, const char *cap,
112    const char * const *values);
113rlim_t login_getcapsize(login_cap_t *, const char *, rlim_t, rlim_t);
114const char *login_getpath(login_cap_t *, const char *, const char *);
115int login_getcapbool(login_cap_t *, const char *, int);
116const char *login_setcryptfmt(login_cap_t *, const char *, const char *);
117
118int setclasscontext(const char *, unsigned int);
119void setclasscpumask(login_cap_t *);
120int setusercontext(login_cap_t *, const struct passwd *, uid_t, unsigned int);
121void setclassresources(login_cap_t *);
122void setclassenvironment(login_cap_t *, const struct passwd *, int);
123
124/* Most of these functions are deprecated */
125int auth_approve(login_cap_t *, const char *, const char *);
126int auth_check(const char *, const char *, const char *, const char *, int *);
127void auth_env(void);
128char *auth_mkvalue(const char *);
129int auth_response(const char *, const char *, const char *, const char *, int *,
130    const char *, const char *);
131void auth_rmfiles(void);
132int auth_scan(int);
133int auth_script(const char *, ...);
134int auth_script_data(const char *, int, const char *, ...);
135char *auth_valud(const char *);
136int auth_setopt(const char *, const char *);
137void auth_clropts(void);
138
139void auth_checknologin(login_cap_t *);
140int auth_cat(const char *);
141
142int auth_ttyok(login_cap_t *, const char *);
143int auth_hostok(login_cap_t *, const char *, char const *);
144int auth_timeok(login_cap_t *, time_t);
145
146struct tm;
147
148login_time_t parse_lt(const char *);
149int in_lt(const login_time_t *, time_t *);
150int in_ltm(const login_time_t *, struct tm *, time_t *);
151int in_ltms(const login_time_t *, struct tm *, time_t *);
152int in_lts(const login_time_t *, time_t *);
153
154/* helper functions */
155
156int login_strinlist(const char **, char const *, int);
157int login_str2inlist(const char **, const char *, const char *, int);
158login_time_t * login_timelist(login_cap_t *, char const *, int *,
159    login_time_t **);
160int login_ttyok(login_cap_t *, const char *, const char *, const char *);
161int login_hostok(login_cap_t *, const char *, const char *, const char *,
162    const char *);
163
164__END_DECLS
165
166#endif /* _LOGIN_CAP_H_ */