freebsd-nq/lib/libutil/login_cap.h

158 lines
6.1 KiB
C
Raw Normal View History

/*-
* Copyright (c) 1996 by
* Sean Eric Fagan <sef@kithrup.com>
* David Nugent <davidn@blaze.net.au>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, is permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice immediately at the beginning of the file, without modification,
* this list of conditions, and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. This work was done expressly for inclusion into FreeBSD. Other use
* is permitted provided this notation is included.
* 4. Absolutely no warranty of function or purpose is made by the authors.
* 5. Modifications may be freely made to this file providing the above
* conditions are met.
*
* Low-level routines relating to the user capabilities database
*
* Was login_cap.h,v 1.9 1997/05/07 20:00:01 eivind Exp
1999-08-28 00:22:10 +00:00
* $FreeBSD$
*/
#ifndef _LOGIN_CAP_H_
#define _LOGIN_CAP_H_
#define LOGIN_DEFCLASS "default"
Summary of login.conf support changes: o Incorporated BSDI code and enhancements, better logging for error checking (which has been shown to be a problem, and is therefore justified, imho); also some minor things we were missing, including better quad_t math, which checks for under/overflows. o setusercontext() now allows user resource limit overrides, but does this AFTER dropping root privs, to restrict the user to droping hard limits and set soft limits within the kernel's allowed user limits. o umask() only set once, and only if requested. o add _secure_path(), and use in login.conf to guard against symlinks etc. and non-root owned or non-user owned files being used. Derived from BSDI contributed code. o revamped authentication code to BSDI's latest api, which includes deleting authenticate() and adding auth_check() and a few other functions. This is still marked as depecated in BSDI, but is included for completeness. No other source in the tree uses this anyway, so it is now bracketed with #ifdef LOGIN_CAP_AUTH which is by default not defined. Only auth_checknologin() and auth_cat() are actually used in module login_auth.c. o AUTH_NONE definition removed (collided with other includes in the tree). [bde] o BSDI's login_getclass() now accepts a char *classname parameter rather than struct passwd *pwd. We now do likewise, but added login_getpwclass() for (sort of) backwards compatiblity, namely because we handle root as a special case for the default class. This will require quite a few changes elsewhere in the source tree. o We no longer pretend to support rlim_t as a long type. o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
#define LOGIN_DEFROOTCLASS "root"
#define LOGIN_MECLASS "me"
#define LOGIN_DEFSTYLE "passwd"
#define LOGIN_DEFSERVICE "login"
#define LOGIN_DEFUMASK 022
#define LOGIN_DEFPRI 0
#define _PATH_LOGIN_CONF "/etc/login.conf"
#define _FILE_LOGIN_CONF ".login_conf"
#define _PATH_AUTHPROG "/usr/libexec/login_"
Summary of login.conf support changes: o Incorporated BSDI code and enhancements, better logging for error checking (which has been shown to be a problem, and is therefore justified, imho); also some minor things we were missing, including better quad_t math, which checks for under/overflows. o setusercontext() now allows user resource limit overrides, but does this AFTER dropping root privs, to restrict the user to droping hard limits and set soft limits within the kernel's allowed user limits. o umask() only set once, and only if requested. o add _secure_path(), and use in login.conf to guard against symlinks etc. and non-root owned or non-user owned files being used. Derived from BSDI contributed code. o revamped authentication code to BSDI's latest api, which includes deleting authenticate() and adding auth_check() and a few other functions. This is still marked as depecated in BSDI, but is included for completeness. No other source in the tree uses this anyway, so it is now bracketed with #ifdef LOGIN_CAP_AUTH which is by default not defined. Only auth_checknologin() and auth_cat() are actually used in module login_auth.c. o AUTH_NONE definition removed (collided with other includes in the tree). [bde] o BSDI's login_getclass() now accepts a char *classname parameter rather than struct passwd *pwd. We now do likewise, but added login_getpwclass() for (sort of) backwards compatiblity, namely because we handle root as a special case for the default class. This will require quite a few changes elsewhere in the source tree. o We no longer pretend to support rlim_t as a long type. o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
#define LOGIN_SETGROUP 0x0001 /* set group */
#define LOGIN_SETLOGIN 0x0002 /* set login (via setlogin) */
#define LOGIN_SETPATH 0x0004 /* set path */
#define LOGIN_SETPRIORITY 0x0008 /* set priority */
#define LOGIN_SETRESOURCES 0x0010 /* set resources (cputime, etc.) */
#define LOGIN_SETUMASK 0x0020 /* set umask, obviously */
#define LOGIN_SETUSER 0x0040 /* set user (via setuid) */
#define LOGIN_SETENV 0x0080 /* set user environment */
#define LOGIN_SETALL 0x00ff /* set everything */
#define BI_AUTH "authorize" /* accepted authentication */
#define BI_REJECT "reject" /* rejected authentication */
#define BI_CHALLENG "reject challenge" /* reject with a challenge */
#define BI_SILENT "reject silent" /* reject silently */
#define BI_REMOVE "remove" /* remove file on error */
#define BI_ROOTOKAY "authorize root" /* root authenticated */
#define BI_SECURE "authorize secure" /* okay on non-secure line */
#define BI_SETENV "setenv" /* set environment variable */
#define BI_VALUE "value" /* set local variable */
#define AUTH_OKAY 0x01 /* user authenticated */
#define AUTH_ROOTOKAY 0x02 /* root login okay */
#define AUTH_SECURE 0x04 /* secure login */
#define AUTH_SILENT 0x08 /* silent rejection */
#define AUTH_CHALLENGE 0x10 /* a chellenge was given */
#define AUTH_ALLOW (AUTH_OKAY | AUTH_ROOTOKAY | AUTH_SECURE)
typedef struct login_cap {
Summary of login.conf support changes: o Incorporated BSDI code and enhancements, better logging for error checking (which has been shown to be a problem, and is therefore justified, imho); also some minor things we were missing, including better quad_t math, which checks for under/overflows. o setusercontext() now allows user resource limit overrides, but does this AFTER dropping root privs, to restrict the user to droping hard limits and set soft limits within the kernel's allowed user limits. o umask() only set once, and only if requested. o add _secure_path(), and use in login.conf to guard against symlinks etc. and non-root owned or non-user owned files being used. Derived from BSDI contributed code. o revamped authentication code to BSDI's latest api, which includes deleting authenticate() and adding auth_check() and a few other functions. This is still marked as depecated in BSDI, but is included for completeness. No other source in the tree uses this anyway, so it is now bracketed with #ifdef LOGIN_CAP_AUTH which is by default not defined. Only auth_checknologin() and auth_cat() are actually used in module login_auth.c. o AUTH_NONE definition removed (collided with other includes in the tree). [bde] o BSDI's login_getclass() now accepts a char *classname parameter rather than struct passwd *pwd. We now do likewise, but added login_getpwclass() for (sort of) backwards compatiblity, namely because we handle root as a special case for the default class. This will require quite a few changes elsewhere in the source tree. o We no longer pretend to support rlim_t as a long type. o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
char *lc_class;
char *lc_cap;
char *lc_style;
} login_cap_t;
typedef struct login_time {
Summary of login.conf support changes: o Incorporated BSDI code and enhancements, better logging for error checking (which has been shown to be a problem, and is therefore justified, imho); also some minor things we were missing, including better quad_t math, which checks for under/overflows. o setusercontext() now allows user resource limit overrides, but does this AFTER dropping root privs, to restrict the user to droping hard limits and set soft limits within the kernel's allowed user limits. o umask() only set once, and only if requested. o add _secure_path(), and use in login.conf to guard against symlinks etc. and non-root owned or non-user owned files being used. Derived from BSDI contributed code. o revamped authentication code to BSDI's latest api, which includes deleting authenticate() and adding auth_check() and a few other functions. This is still marked as depecated in BSDI, but is included for completeness. No other source in the tree uses this anyway, so it is now bracketed with #ifdef LOGIN_CAP_AUTH which is by default not defined. Only auth_checknologin() and auth_cat() are actually used in module login_auth.c. o AUTH_NONE definition removed (collided with other includes in the tree). [bde] o BSDI's login_getclass() now accepts a char *classname parameter rather than struct passwd *pwd. We now do likewise, but added login_getpwclass() for (sort of) backwards compatiblity, namely because we handle root as a special case for the default class. This will require quite a few changes elsewhere in the source tree. o We no longer pretend to support rlim_t as a long type. o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
u_short lt_start; /* Start time */
u_short lt_end; /* End time */
#define LTM_NONE 0x00
#define LTM_SUN 0x01
#define LTM_MON 0x02
#define LTM_TUE 0x04
#define LTM_WED 0x08
#define LTM_THU 0x10
#define LTM_FRI 0x20
#define LTM_SAT 0x40
#define LTM_ANY 0x7F
#define LTM_WK 0x3E
#define LTM_WD 0x41
u_char lt_dow; /* Days of week */
} login_time_t;
Summary of login.conf support changes: o Incorporated BSDI code and enhancements, better logging for error checking (which has been shown to be a problem, and is therefore justified, imho); also some minor things we were missing, including better quad_t math, which checks for under/overflows. o setusercontext() now allows user resource limit overrides, but does this AFTER dropping root privs, to restrict the user to droping hard limits and set soft limits within the kernel's allowed user limits. o umask() only set once, and only if requested. o add _secure_path(), and use in login.conf to guard against symlinks etc. and non-root owned or non-user owned files being used. Derived from BSDI contributed code. o revamped authentication code to BSDI's latest api, which includes deleting authenticate() and adding auth_check() and a few other functions. This is still marked as depecated in BSDI, but is included for completeness. No other source in the tree uses this anyway, so it is now bracketed with #ifdef LOGIN_CAP_AUTH which is by default not defined. Only auth_checknologin() and auth_cat() are actually used in module login_auth.c. o AUTH_NONE definition removed (collided with other includes in the tree). [bde] o BSDI's login_getclass() now accepts a char *classname parameter rather than struct passwd *pwd. We now do likewise, but added login_getpwclass() for (sort of) backwards compatiblity, namely because we handle root as a special case for the default class. This will require quite a few changes elsewhere in the source tree. o We no longer pretend to support rlim_t as a long type. o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
#define LC_MAXTIMES 64
#include <sys/cdefs.h>
__BEGIN_DECLS
struct passwd;
void login_close __P((login_cap_t *));
Summary of login.conf support changes: o Incorporated BSDI code and enhancements, better logging for error checking (which has been shown to be a problem, and is therefore justified, imho); also some minor things we were missing, including better quad_t math, which checks for under/overflows. o setusercontext() now allows user resource limit overrides, but does this AFTER dropping root privs, to restrict the user to droping hard limits and set soft limits within the kernel's allowed user limits. o umask() only set once, and only if requested. o add _secure_path(), and use in login.conf to guard against symlinks etc. and non-root owned or non-user owned files being used. Derived from BSDI contributed code. o revamped authentication code to BSDI's latest api, which includes deleting authenticate() and adding auth_check() and a few other functions. This is still marked as depecated in BSDI, but is included for completeness. No other source in the tree uses this anyway, so it is now bracketed with #ifdef LOGIN_CAP_AUTH which is by default not defined. Only auth_checknologin() and auth_cat() are actually used in module login_auth.c. o AUTH_NONE definition removed (collided with other includes in the tree). [bde] o BSDI's login_getclass() now accepts a char *classname parameter rather than struct passwd *pwd. We now do likewise, but added login_getpwclass() for (sort of) backwards compatiblity, namely because we handle root as a special case for the default class. This will require quite a few changes elsewhere in the source tree. o We no longer pretend to support rlim_t as a long type. o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
login_cap_t *login_getclassbyname __P((const char *, const struct passwd *));
login_cap_t *login_getclass __P((const char *));
login_cap_t *login_getpwclass __P((const struct passwd *));
login_cap_t *login_getuserclass __P((const struct passwd *));
char *login_getcapstr __P((login_cap_t*, const char *, char *, char *));
char **login_getcaplist __P((login_cap_t *, const char *, const char *));
char *login_getstyle __P((login_cap_t *, char *, const char *));
rlim_t login_getcaptime __P((login_cap_t *, const char *, rlim_t, rlim_t));
rlim_t login_getcapnum __P((login_cap_t *, const char *, rlim_t, rlim_t));
rlim_t login_getcapsize __P((login_cap_t *, const char *, rlim_t, rlim_t));
char *login_getpath __P((login_cap_t *, const char *, char *));
int login_getcapbool __P((login_cap_t *, const char *, int));
const char *login_setcryptfmt __P((login_cap_t *, const char *, const char *));
int setclasscontext __P((const char*, unsigned int));
int setusercontext __P((login_cap_t*, const struct passwd*, uid_t, unsigned int));
void setclassresources __P((login_cap_t *));
void setclassenvironment __P((login_cap_t *, const struct passwd *, int));
Summary of login.conf support changes: o Incorporated BSDI code and enhancements, better logging for error checking (which has been shown to be a problem, and is therefore justified, imho); also some minor things we were missing, including better quad_t math, which checks for under/overflows. o setusercontext() now allows user resource limit overrides, but does this AFTER dropping root privs, to restrict the user to droping hard limits and set soft limits within the kernel's allowed user limits. o umask() only set once, and only if requested. o add _secure_path(), and use in login.conf to guard against symlinks etc. and non-root owned or non-user owned files being used. Derived from BSDI contributed code. o revamped authentication code to BSDI's latest api, which includes deleting authenticate() and adding auth_check() and a few other functions. This is still marked as depecated in BSDI, but is included for completeness. No other source in the tree uses this anyway, so it is now bracketed with #ifdef LOGIN_CAP_AUTH which is by default not defined. Only auth_checknologin() and auth_cat() are actually used in module login_auth.c. o AUTH_NONE definition removed (collided with other includes in the tree). [bde] o BSDI's login_getclass() now accepts a char *classname parameter rather than struct passwd *pwd. We now do likewise, but added login_getpwclass() for (sort of) backwards compatiblity, namely because we handle root as a special case for the default class. This will require quite a few changes elsewhere in the source tree. o We no longer pretend to support rlim_t as a long type. o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
/* Most of these functions are deprecated */
int auth_approve __P((login_cap_t*, const char*, const char*));
int auth_check __P((const char *, const char *, const char *, const char *, int *));
void auth_env __P((void));
char *auth_mkvalue __P((const char *n));
int auth_response __P((const char *, const char *, const char *, const char *, int *, const char *, const char *));
void auth_rmfiles __P((void));
int auth_scan __P((int));
Summary of login.conf support changes: o Incorporated BSDI code and enhancements, better logging for error checking (which has been shown to be a problem, and is therefore justified, imho); also some minor things we were missing, including better quad_t math, which checks for under/overflows. o setusercontext() now allows user resource limit overrides, but does this AFTER dropping root privs, to restrict the user to droping hard limits and set soft limits within the kernel's allowed user limits. o umask() only set once, and only if requested. o add _secure_path(), and use in login.conf to guard against symlinks etc. and non-root owned or non-user owned files being used. Derived from BSDI contributed code. o revamped authentication code to BSDI's latest api, which includes deleting authenticate() and adding auth_check() and a few other functions. This is still marked as depecated in BSDI, but is included for completeness. No other source in the tree uses this anyway, so it is now bracketed with #ifdef LOGIN_CAP_AUTH which is by default not defined. Only auth_checknologin() and auth_cat() are actually used in module login_auth.c. o AUTH_NONE definition removed (collided with other includes in the tree). [bde] o BSDI's login_getclass() now accepts a char *classname parameter rather than struct passwd *pwd. We now do likewise, but added login_getpwclass() for (sort of) backwards compatiblity, namely because we handle root as a special case for the default class. This will require quite a few changes elsewhere in the source tree. o We no longer pretend to support rlim_t as a long type. o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
int auth_script __P((const char*, ...));
int auth_script_data __P((const char *, int, const char *, ...));
char *auth_valud __P((const char *));
int auth_setopt __P((const char *, const char *));
void auth_clropts __P((void));
void auth_checknologin __P((login_cap_t*));
int auth_cat __P((const char*));
int auth_ttyok __P((login_cap_t*, const char *));
int auth_hostok __P((login_cap_t*, const char *, char const *));
int auth_timeok __P((login_cap_t*, time_t));
struct tm;
login_time_t parse_lt __P((const char *));
int in_ltm __P((const login_time_t *, struct tm *, time_t *));
int in_ltms __P((const login_time_t *, struct tm *, time_t *));
Summary of login.conf support changes: o Incorporated BSDI code and enhancements, better logging for error checking (which has been shown to be a problem, and is therefore justified, imho); also some minor things we were missing, including better quad_t math, which checks for under/overflows. o setusercontext() now allows user resource limit overrides, but does this AFTER dropping root privs, to restrict the user to droping hard limits and set soft limits within the kernel's allowed user limits. o umask() only set once, and only if requested. o add _secure_path(), and use in login.conf to guard against symlinks etc. and non-root owned or non-user owned files being used. Derived from BSDI contributed code. o revamped authentication code to BSDI's latest api, which includes deleting authenticate() and adding auth_check() and a few other functions. This is still marked as depecated in BSDI, but is included for completeness. No other source in the tree uses this anyway, so it is now bracketed with #ifdef LOGIN_CAP_AUTH which is by default not defined. Only auth_checknologin() and auth_cat() are actually used in module login_auth.c. o AUTH_NONE definition removed (collided with other includes in the tree). [bde] o BSDI's login_getclass() now accepts a char *classname parameter rather than struct passwd *pwd. We now do likewise, but added login_getpwclass() for (sort of) backwards compatiblity, namely because we handle root as a special case for the default class. This will require quite a few changes elsewhere in the source tree. o We no longer pretend to support rlim_t as a long type. o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
/* helper functions */
int login_strinlist __P((char **, char const *, int));
int login_str2inlist __P((char **, const char *, const char *, int));
login_time_t * login_timelist __P((login_cap_t *, char const *, int *, login_time_t **));
int login_ttyok __P((login_cap_t *, const char *, const char *, const char *));
int login_hostok __P((login_cap_t *, const char *, const char *, const char *, const char *));
__END_DECLS
#endif /* _LOGIN_CAP_H_ */