27a68d26ae
that it should also set the user's default MAC label, if available and permitted. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
159 lines
6.0 KiB
C
159 lines
6.0 KiB
C
/*-
|
|
* Copyright (c) 1996 by
|
|
* Sean Eric Fagan <sef@kithrup.com>
|
|
* David Nugent <davidn@blaze.net.au>
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, is permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice immediately at the beginning of the file, without modification,
|
|
* this list of conditions, and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. This work was done expressly for inclusion into FreeBSD. Other use
|
|
* is permitted provided this notation is included.
|
|
* 4. Absolutely no warranty of function or purpose is made by the authors.
|
|
* 5. Modifications may be freely made to this file providing the above
|
|
* conditions are met.
|
|
*
|
|
* Low-level routines relating to the user capabilities database
|
|
*
|
|
* Was login_cap.h,v 1.9 1997/05/07 20:00:01 eivind Exp
|
|
* $FreeBSD$
|
|
*/
|
|
|
|
#ifndef _LOGIN_CAP_H_
|
|
#define _LOGIN_CAP_H_
|
|
|
|
#define LOGIN_DEFCLASS "default"
|
|
#define LOGIN_DEFROOTCLASS "root"
|
|
#define LOGIN_MECLASS "me"
|
|
#define LOGIN_DEFSTYLE "passwd"
|
|
#define LOGIN_DEFSERVICE "login"
|
|
#define LOGIN_DEFUMASK 022
|
|
#define LOGIN_DEFPRI 0
|
|
#define _PATH_LOGIN_CONF "/etc/login.conf"
|
|
#define _FILE_LOGIN_CONF ".login_conf"
|
|
#define _PATH_AUTHPROG "/usr/libexec/login_"
|
|
|
|
#define LOGIN_SETGROUP 0x0001 /* set group */
|
|
#define LOGIN_SETLOGIN 0x0002 /* set login (via setlogin) */
|
|
#define LOGIN_SETPATH 0x0004 /* set path */
|
|
#define LOGIN_SETPRIORITY 0x0008 /* set priority */
|
|
#define LOGIN_SETRESOURCES 0x0010 /* set resources (cputime, etc.) */
|
|
#define LOGIN_SETUMASK 0x0020 /* set umask, obviously */
|
|
#define LOGIN_SETUSER 0x0040 /* set user (via setuid) */
|
|
#define LOGIN_SETENV 0x0080 /* set user environment */
|
|
#define LOGIN_SETMAC 0x0100 /* set user default MAC label */
|
|
#define LOGIN_SETALL 0x01ff /* set everything */
|
|
|
|
#define BI_AUTH "authorize" /* accepted authentication */
|
|
#define BI_REJECT "reject" /* rejected authentication */
|
|
#define BI_CHALLENG "reject challenge" /* reject with a challenge */
|
|
#define BI_SILENT "reject silent" /* reject silently */
|
|
#define BI_REMOVE "remove" /* remove file on error */
|
|
#define BI_ROOTOKAY "authorize root" /* root authenticated */
|
|
#define BI_SECURE "authorize secure" /* okay on non-secure line */
|
|
#define BI_SETENV "setenv" /* set environment variable */
|
|
#define BI_VALUE "value" /* set local variable */
|
|
|
|
#define AUTH_OKAY 0x01 /* user authenticated */
|
|
#define AUTH_ROOTOKAY 0x02 /* root login okay */
|
|
#define AUTH_SECURE 0x04 /* secure login */
|
|
#define AUTH_SILENT 0x08 /* silent rejection */
|
|
#define AUTH_CHALLENGE 0x10 /* a chellenge was given */
|
|
|
|
#define AUTH_ALLOW (AUTH_OKAY | AUTH_ROOTOKAY | AUTH_SECURE)
|
|
|
|
typedef struct login_cap {
|
|
char *lc_class;
|
|
char *lc_cap;
|
|
char *lc_style;
|
|
} login_cap_t;
|
|
|
|
typedef struct login_time {
|
|
u_short lt_start; /* Start time */
|
|
u_short lt_end; /* End time */
|
|
#define LTM_NONE 0x00
|
|
#define LTM_SUN 0x01
|
|
#define LTM_MON 0x02
|
|
#define LTM_TUE 0x04
|
|
#define LTM_WED 0x08
|
|
#define LTM_THU 0x10
|
|
#define LTM_FRI 0x20
|
|
#define LTM_SAT 0x40
|
|
#define LTM_ANY 0x7F
|
|
#define LTM_WK 0x3E
|
|
#define LTM_WD 0x41
|
|
u_char lt_dow; /* Days of week */
|
|
} login_time_t;
|
|
|
|
#define LC_MAXTIMES 64
|
|
|
|
#include <sys/cdefs.h>
|
|
__BEGIN_DECLS
|
|
struct passwd;
|
|
|
|
void login_close(login_cap_t *);
|
|
login_cap_t *login_getclassbyname(const char *, const struct passwd *);
|
|
login_cap_t *login_getclass(const char *);
|
|
login_cap_t *login_getpwclass(const struct passwd *);
|
|
login_cap_t *login_getuserclass(const struct passwd *);
|
|
|
|
const char *login_getcapstr(login_cap_t*, const char *, const char *, const char *);
|
|
char **login_getcaplist(login_cap_t *, const char *, const char *);
|
|
const char *login_getstyle(login_cap_t *, const char *, const char *);
|
|
rlim_t login_getcaptime(login_cap_t *, const char *, rlim_t, rlim_t);
|
|
rlim_t login_getcapnum(login_cap_t *, const char *, rlim_t, rlim_t);
|
|
rlim_t login_getcapsize(login_cap_t *, const char *, rlim_t, rlim_t);
|
|
const char *login_getpath(login_cap_t *, const char *, const char *);
|
|
int login_getcapbool(login_cap_t *, const char *, int);
|
|
const char *login_setcryptfmt(login_cap_t *, const char *, const char *);
|
|
|
|
int setclasscontext(const char*, unsigned int);
|
|
int setusercontext(login_cap_t*, const struct passwd*, uid_t, unsigned int);
|
|
void setclassresources(login_cap_t *);
|
|
void setclassenvironment(login_cap_t *, const struct passwd *, int);
|
|
|
|
/* Most of these functions are deprecated */
|
|
int auth_approve(login_cap_t*, const char*, const char*);
|
|
int auth_check(const char *, const char *, const char *, const char *, int *);
|
|
void auth_env(void);
|
|
char *auth_mkvalue(const char *n);
|
|
int auth_response(const char *, const char *, const char *, const char *, int *, const char *, const char *);
|
|
void auth_rmfiles(void);
|
|
int auth_scan(int);
|
|
int auth_script(const char*, ...);
|
|
int auth_script_data(const char *, int, const char *, ...);
|
|
char *auth_valud(const char *);
|
|
int auth_setopt(const char *, const char *);
|
|
void auth_clropts(void);
|
|
|
|
void auth_checknologin(login_cap_t*);
|
|
int auth_cat(const char*);
|
|
|
|
int auth_ttyok(login_cap_t*, const char *);
|
|
int auth_hostok(login_cap_t*, const char *, char const *);
|
|
int auth_timeok(login_cap_t*, time_t);
|
|
|
|
struct tm;
|
|
|
|
login_time_t parse_lt(const char *);
|
|
int in_ltm(const login_time_t *, struct tm *, time_t *);
|
|
int in_ltms(const login_time_t *, struct tm *, time_t *);
|
|
|
|
/* helper functions */
|
|
|
|
int login_strinlist(char **, char const *, int);
|
|
int login_str2inlist(char **, const char *, const char *, int);
|
|
login_time_t * login_timelist(login_cap_t *, char const *, int *, login_time_t **);
|
|
int login_ttyok(login_cap_t *, const char *, const char *, const char *);
|
|
int login_hostok(login_cap_t *, const char *, const char *, const char *, const char *);
|
|
|
|
__END_DECLS
|
|
|
|
#endif /* _LOGIN_CAP_H_ */
|