1997-05-10 12:49:30 +00:00
|
|
|
/*-
|
|
|
|
* Copyright (c) 1996 by
|
|
|
|
* Sean Eric Fagan <sef@kithrup.com>
|
|
|
|
* David Nugent <davidn@blaze.net.au>
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, is permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice immediately at the beginning of the file, without modification,
|
|
|
|
* this list of conditions, and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. This work was done expressly for inclusion into FreeBSD. Other use
|
|
|
|
* is permitted provided this notation is included.
|
|
|
|
* 4. Absolutely no warranty of function or purpose is made by the authors.
|
|
|
|
* 5. Modifications may be freely made to this file providing the above
|
|
|
|
* conditions are met.
|
|
|
|
*
|
|
|
|
* Low-level routines relating to the user capabilities database
|
|
|
|
*
|
|
|
|
* Was login_cap.h,v 1.9 1997/05/07 20:00:01 eivind Exp
|
1999-08-28 00:22:10 +00:00
|
|
|
* $FreeBSD$
|
1997-05-10 12:49:30 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _LOGIN_CAP_H_
|
|
|
|
#define _LOGIN_CAP_H_
|
|
|
|
|
|
|
|
#define LOGIN_DEFCLASS "default"
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
#define LOGIN_DEFROOTCLASS "root"
|
|
|
|
#define LOGIN_MECLASS "me"
|
1997-05-10 12:49:30 +00:00
|
|
|
#define LOGIN_DEFSTYLE "passwd"
|
|
|
|
#define LOGIN_DEFSERVICE "login"
|
2002-08-11 01:48:43 +00:00
|
|
|
#define LOGIN_DEFUMASK 022
|
1997-05-10 12:49:30 +00:00
|
|
|
#define LOGIN_DEFPRI 0
|
|
|
|
#define _PATH_LOGIN_CONF "/etc/login.conf"
|
|
|
|
#define _FILE_LOGIN_CONF ".login_conf"
|
|
|
|
#define _PATH_AUTHPROG "/usr/libexec/login_"
|
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
#define LOGIN_SETGROUP 0x0001 /* set group */
|
|
|
|
#define LOGIN_SETLOGIN 0x0002 /* set login (via setlogin) */
|
|
|
|
#define LOGIN_SETPATH 0x0004 /* set path */
|
|
|
|
#define LOGIN_SETPRIORITY 0x0008 /* set priority */
|
|
|
|
#define LOGIN_SETRESOURCES 0x0010 /* set resources (cputime, etc.) */
|
|
|
|
#define LOGIN_SETUMASK 0x0020 /* set umask, obviously */
|
|
|
|
#define LOGIN_SETUSER 0x0040 /* set user (via setuid) */
|
|
|
|
#define LOGIN_SETENV 0x0080 /* set user environment */
|
2002-08-16 02:14:21 +00:00
|
|
|
#define LOGIN_SETMAC 0x0100 /* set user default MAC label */
|
|
|
|
#define LOGIN_SETALL 0x01ff /* set everything */
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
|
|
|
|
#define BI_AUTH "authorize" /* accepted authentication */
|
|
|
|
#define BI_REJECT "reject" /* rejected authentication */
|
|
|
|
#define BI_CHALLENG "reject challenge" /* reject with a challenge */
|
|
|
|
#define BI_SILENT "reject silent" /* reject silently */
|
|
|
|
#define BI_REMOVE "remove" /* remove file on error */
|
|
|
|
#define BI_ROOTOKAY "authorize root" /* root authenticated */
|
|
|
|
#define BI_SECURE "authorize secure" /* okay on non-secure line */
|
|
|
|
#define BI_SETENV "setenv" /* set environment variable */
|
|
|
|
#define BI_VALUE "value" /* set local variable */
|
|
|
|
|
|
|
|
#define AUTH_OKAY 0x01 /* user authenticated */
|
|
|
|
#define AUTH_ROOTOKAY 0x02 /* root login okay */
|
|
|
|
#define AUTH_SECURE 0x04 /* secure login */
|
|
|
|
#define AUTH_SILENT 0x08 /* silent rejection */
|
|
|
|
#define AUTH_CHALLENGE 0x10 /* a chellenge was given */
|
|
|
|
|
2002-08-11 01:48:43 +00:00
|
|
|
#define AUTH_ALLOW (AUTH_OKAY | AUTH_ROOTOKAY | AUTH_SECURE)
|
1997-05-10 12:49:30 +00:00
|
|
|
|
|
|
|
typedef struct login_cap {
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
char *lc_class;
|
|
|
|
char *lc_cap;
|
|
|
|
char *lc_style;
|
1997-05-10 12:49:30 +00:00
|
|
|
} login_cap_t;
|
|
|
|
|
|
|
|
typedef struct login_time {
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
u_short lt_start; /* Start time */
|
|
|
|
u_short lt_end; /* End time */
|
|
|
|
#define LTM_NONE 0x00
|
|
|
|
#define LTM_SUN 0x01
|
|
|
|
#define LTM_MON 0x02
|
|
|
|
#define LTM_TUE 0x04
|
|
|
|
#define LTM_WED 0x08
|
|
|
|
#define LTM_THU 0x10
|
|
|
|
#define LTM_FRI 0x20
|
|
|
|
#define LTM_SAT 0x40
|
|
|
|
#define LTM_ANY 0x7F
|
|
|
|
#define LTM_WK 0x3E
|
|
|
|
#define LTM_WD 0x41
|
|
|
|
u_char lt_dow; /* Days of week */
|
1997-05-10 12:49:30 +00:00
|
|
|
} login_time_t;
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
|
1997-05-10 12:49:30 +00:00
|
|
|
#define LC_MAXTIMES 64
|
|
|
|
|
|
|
|
#include <sys/cdefs.h>
|
|
|
|
__BEGIN_DECLS
|
|
|
|
struct passwd;
|
|
|
|
|
2002-03-21 23:54:04 +00:00
|
|
|
void login_close(login_cap_t *);
|
|
|
|
login_cap_t *login_getclassbyname(const char *, const struct passwd *);
|
|
|
|
login_cap_t *login_getclass(const char *);
|
|
|
|
login_cap_t *login_getpwclass(const struct passwd *);
|
|
|
|
login_cap_t *login_getuserclass(const struct passwd *);
|
|
|
|
|
2002-04-08 11:04:56 +00:00
|
|
|
const char *login_getcapstr(login_cap_t*, const char *, const char *, const char *);
|
2002-03-21 23:54:04 +00:00
|
|
|
char **login_getcaplist(login_cap_t *, const char *, const char *);
|
2002-04-08 11:04:56 +00:00
|
|
|
const char *login_getstyle(login_cap_t *, const char *, const char *);
|
2002-03-21 23:54:04 +00:00
|
|
|
rlim_t login_getcaptime(login_cap_t *, const char *, rlim_t, rlim_t);
|
|
|
|
rlim_t login_getcapnum(login_cap_t *, const char *, rlim_t, rlim_t);
|
|
|
|
rlim_t login_getcapsize(login_cap_t *, const char *, rlim_t, rlim_t);
|
2002-04-08 11:04:56 +00:00
|
|
|
const char *login_getpath(login_cap_t *, const char *, const char *);
|
2002-03-21 23:54:04 +00:00
|
|
|
int login_getcapbool(login_cap_t *, const char *, int);
|
|
|
|
const char *login_setcryptfmt(login_cap_t *, const char *, const char *);
|
|
|
|
|
|
|
|
int setclasscontext(const char*, unsigned int);
|
|
|
|
int setusercontext(login_cap_t*, const struct passwd*, uid_t, unsigned int);
|
|
|
|
void setclassresources(login_cap_t *);
|
|
|
|
void setclassenvironment(login_cap_t *, const struct passwd *, int);
|
1997-05-10 12:49:30 +00:00
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
/* Most of these functions are deprecated */
|
2002-03-21 23:54:04 +00:00
|
|
|
int auth_approve(login_cap_t*, const char*, const char*);
|
|
|
|
int auth_check(const char *, const char *, const char *, const char *, int *);
|
|
|
|
void auth_env(void);
|
|
|
|
char *auth_mkvalue(const char *n);
|
|
|
|
int auth_response(const char *, const char *, const char *, const char *, int *, const char *, const char *);
|
|
|
|
void auth_rmfiles(void);
|
|
|
|
int auth_scan(int);
|
|
|
|
int auth_script(const char*, ...);
|
|
|
|
int auth_script_data(const char *, int, const char *, ...);
|
|
|
|
char *auth_valud(const char *);
|
|
|
|
int auth_setopt(const char *, const char *);
|
|
|
|
void auth_clropts(void);
|
|
|
|
|
|
|
|
void auth_checknologin(login_cap_t*);
|
|
|
|
int auth_cat(const char*);
|
|
|
|
|
|
|
|
int auth_ttyok(login_cap_t*, const char *);
|
|
|
|
int auth_hostok(login_cap_t*, const char *, char const *);
|
|
|
|
int auth_timeok(login_cap_t*, time_t);
|
1997-05-10 12:49:30 +00:00
|
|
|
|
|
|
|
struct tm;
|
|
|
|
|
2002-03-21 23:54:04 +00:00
|
|
|
login_time_t parse_lt(const char *);
|
|
|
|
int in_ltm(const login_time_t *, struct tm *, time_t *);
|
|
|
|
int in_ltms(const login_time_t *, struct tm *, time_t *);
|
1997-05-10 12:49:30 +00:00
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
/* helper functions */
|
1997-05-10 12:49:30 +00:00
|
|
|
|
2002-03-21 23:54:04 +00:00
|
|
|
int login_strinlist(char **, char const *, int);
|
|
|
|
int login_str2inlist(char **, const char *, const char *, int);
|
|
|
|
login_time_t * login_timelist(login_cap_t *, char const *, int *, login_time_t **);
|
|
|
|
int login_ttyok(login_cap_t *, const char *, const char *, const char *);
|
|
|
|
int login_hostok(login_cap_t *, const char *, const char *, const char *, const char *);
|
1997-05-10 12:49:30 +00:00
|
|
|
|
|
|
|
__END_DECLS
|
|
|
|
|
|
|
|
#endif /* _LOGIN_CAP_H_ */
|