#ifndef CFGFILE_H #define CFGFILE_H 1 #include "tac_plus.h" #include "utils.h" #include "cfgeval.h" /* Configurable: */ #define DEFAULT_USERNAME "DEFAULT" #define DEFAULT_GROUPNAME "DEFAULT" #define TAC_PLUS_RECURSE 1 #define TAC_PLUS_NORECURSE 0 /* Node types */ #define N_arg 50 #define N_optarg 51 #define N_svc_exec 52 #define N_svc_slip 53 #define N_svc_ppp 54 #define N_svc_arap 55 #define N_svc_cmd 56 #define N_permit 57 #define N_deny 58 #define N_svc 59 typedef struct node NODE; /* A parse tree node */ struct node { int type; /* node type (arg, svc, proto) */ NODE *next; /* pointer to next node in chain */ void *value; /* node value */ void *value1; /* node value */ int dflt; /* default value for node */ int line; /* line number declared on */ struct expr *when; /* conditions needed to respect this NODE */ }; union v { int intval; void *pval; }; typedef union v VALUE; /* A user, host or group definition The first 2 fields (name and hash) are used by the hash table routines to hash this structure into a table. Move them at your peril */ struct entity { char *name; /* username/groupname/hostname */ void *hash; /* hash table next pointer */ int line; /* line number defined on */ int type; /* set to S_user, S_host or S_group */ char *full_name; /* users full name */ char *login; /* Login password */ int nopasswd; /* user requires no password */ char *global; /* password to use if none set */ char *expires; /* expiration date */ char *arap; /* our arap secret */ char *pap; /* our pap secret */ char *opap; /* our outbound pap secret */ char *chap; /* our chap secret */ #ifdef MSCHAP char *mschap; /* our mschap secret */ #endif /* MSCHAP */ char *msg; /* a message for this user */ char *before_author; /* command to run before authorization */ char *after_author; /* command to run after authorization */ char *key; /* host spesific key (N/A for S_user) */ int svc_dflt; /* default authorization behaviour for svc or * cmd */ /* =S_permit, S_deny or S_default */ NODE *svcs; /* pointer to svc nodes */ #ifdef MAXSESS int maxsess; /* Max sessions/user */ #endif /* MAXSESS */ char *time; /* Timestamp */ struct tac_list to_parent_membership_list; /* ordered list of memberships to groups owning us: */ struct tac_list to_child_membership_list; /* ordered list of memberships to entities in this group: */ unsigned to_child_membership_num; /* # of 'to_child_membership_list' items */ struct { unsigned seq; /* corresponds to global request_scan_seq */ enum eval_result belongs; /* whether this ENTITY 'belongs' */ } request_scan; /* cfg_request() scanning */ struct { unsigned seq; /* corresponds to global value_scan_seq */ unsigned seen:1; struct membership *from; /* from which we got to this one or NULL */ } value_scan; /* cfg_get_value() scanning, many per request_scan */ struct { unsigned seq; /* corresponds to global eval_scan_seq */ struct tac_list notify_expr_list; /* contains expr.u.waiting_expr_node */ /* may be from any of: eval_{want,solved,destroy}_entity_list: */ struct tac_list_node pending_entity_node; /* we are interested in this entity */ /* child memberships which are not yet check_eval-ed are NOT present here, * although when check_eval-entity finishes, all will be added here. * List refilling driven by check_eval_scan_entity(), * although each unsolved_child_node is added in check_eval_scan_membership(). */ unsigned unsolved_to_child_membership_num; /* when 0, we know we are ER_FALSE */ struct membership *unsolved_to_child_membership_first; } eval_scan; /* expr_eval() scanning, many per value_scan */ }; #define PENDING_ENTITY_NODE_TO_ENTITY(pending_entity_node_) \ (&TAC_MEMBER_STRUCT(ENTITY, (pending_entity_node_), eval_scan.pending_entity_node)) struct identity; extern const char *cfg_nodestring TAC_ARGS((int type)); extern void cfg_clean_config TAC_ARGS((void)); extern int cfg_get_intvalue TAC_ARGS((int type, const char *name, int attr, int recurse)); extern const char *cfg_get_pvalue TAC_ARGS((int type, const char *name, int attr, int recurse)); extern int cfg_read_config TAC_ARGS((const char *cfile)); extern int cfg_user_exists TAC_ARGS((const char *username)); extern const char *cfg_get_expires TAC_ARGS((const char *username, int recurse)); extern const char *cfg_get_timestamp TAC_ARGS((const char *username, int recurse)); extern const char *cfg_get_login_secret TAC_ARGS((const char *user, int recurse)); extern int cfg_get_user_nopasswd TAC_ARGS((const char *user, int recurse)); extern const char *cfg_get_arap_secret TAC_ARGS((const char *user, int recurse)); extern const char *cfg_get_chap_secret TAC_ARGS((const char *user, int recurse)); #ifdef MSCHAP extern const char *cfg_get_mschap_secret TAC_ARGS((const char *user, int recurse)); #endif /* MSCHAP */ extern const char *cfg_get_pap_secret TAC_ARGS((const char *user, int recurse)); extern const char *cfg_get_opap_secret TAC_ARGS((const char *user, int recurse)); extern const char *cfg_get_global_secret TAC_ARGS((const char *user, int recurse)); #ifdef USE_PAM extern const char *cfg_get_pam_service TAC_ARGS((const char *user, int recurse)); #endif /* PAM */ extern int cfg_get_svc_node TAC_ARGS((const char *username, int svctype, const char *protocol, const char *svcname, int recurse, NODE **nodep)); extern char **cfg_get_svc_attrs TAC_ARGS((NODE *svcnode, int *denyp)); extern int cfg_no_user_permitted TAC_ARGS((void)); extern const char *cfg_get_authen_default TAC_ARGS((void)); extern int cfg_get_authen_default_method TAC_ARGS((void)); extern const char *cfg_get_host_key TAC_ARGS((const char *host)); extern void cfg_request_scan_begin TAC_ARGS((void)); extern void cfg_request_identity TAC_ARGS((const struct identity *identity)); extern enum eval_result cfg_authorize_cmd TAC_ARGS((const char *username, const char *cmd, const char *args)); /* for use by cfgeval.c: */ extern ENTITY *new_entity TAC_ARGS((int type, char *name, int line)); extern const char *entity_type_to_string TAC_ARGS((int entity_type)); extern void scan_invalidate_entities TAC_ARGS((enum invalidate_scan what)); extern ENTITY *entity_lookup TAC_ARGS((int type, const char *name)); #endif /* CFGFILE_H */