13 #define DEFAULT_USERNAME "DEFAULT"
14 #define DEFAULT_GROUPNAME "DEFAULT"
17 #define TAC_PLUS_RECURSE 1
18 #define TAC_PLUS_NORECURSE 0
33 typedef struct node NODE;
35 /* A parse tree node */
37 int type; /* node type (arg, svc, proto) */
38 NODE *next; /* pointer to next node in chain */
39 void *value; /* node value */
40 void *value1; /* node value */
41 int dflt; /* default value for node */
42 int line; /* line number declared on */
43 struct expr *when; /* conditions needed to respect this NODE */
51 typedef union v VALUE;
53 /* A user, host or group definition
55 The first 2 fields (name and hash) are used by the hash table
56 routines to hash this structure into a table. Move them at your
61 char *name; /* username/groupname/hostname */
62 void *hash; /* hash table next pointer */
63 int line; /* line number defined on */
64 int type; /* set to S_user, S_host or S_group */
66 char *full_name; /* users full name */
67 char *login; /* Login password */
68 int nopasswd; /* user requires no password */
69 char *global; /* password to use if none set */
70 char *expires; /* expiration date */
71 char *arap; /* our arap secret */
72 char *pap; /* our pap secret */
73 char *opap; /* our outbound pap secret */
74 char *chap; /* our chap secret */
76 char *mschap; /* our mschap secret */
78 char *msg; /* a message for this user */
79 char *before_author; /* command to run before authorization */
80 char *after_author; /* command to run after authorization */
81 char *key; /* host spesific key (N/A for S_user) */
82 int svc_dflt; /* default authorization behaviour for svc or
84 /* =S_permit, S_deny or S_default */
85 NODE *svcs; /* pointer to svc nodes */
87 int maxsess; /* Max sessions/user */
89 char *time; /* Timestamp */
91 struct tac_list to_parent_membership_list; /* ordered list of memberships to groups owning us: */
92 struct tac_list to_child_membership_list; /* ordered list of memberships to entities in this group: */
93 unsigned to_child_membership_num; /* # of 'to_child_membership_list' items */
96 unsigned seq; /* corresponds to global request_scan_seq */
97 enum eval_result belongs; /* whether this ENTITY 'belongs' */
98 } request_scan; /* cfg_request() scanning */
101 unsigned seq; /* corresponds to global value_scan_seq */
103 struct membership *from; /* from which we got to this one or NULL */
104 } value_scan; /* cfg_get_value() scanning, many per request_scan */
107 unsigned seq; /* corresponds to global eval_scan_seq */
108 struct tac_list notify_expr_list; /* contains expr.u.waiting_expr_node */
109 /* may be from any of: eval_{want,solved,destroy}_entity_list: */
110 struct tac_list_node pending_entity_node; /* we are interested in this entity */
111 /* child memberships which are not yet check_eval-ed are NOT present here,
112 * although when check_eval-entity finishes, all will be added here.
113 * List refilling driven by check_eval_scan_entity(),
114 * although each unsolved_child_node is added in check_eval_scan_membership().
116 unsigned unsolved_to_child_membership_num; /* when 0, we know we are ER_FALSE */
117 struct membership *unsolved_to_child_membership_first;
118 } eval_scan; /* expr_eval() scanning, many per value_scan */
120 #define PENDING_ENTITY_NODE_TO_ENTITY(pending_entity_node_) \
121 (&TAC_MEMBER_STRUCT(ENTITY, (pending_entity_node_), eval_scan.pending_entity_node))
126 extern const char *cfg_nodestring TAC_ARGS((int type));
127 extern void cfg_clean_config TAC_ARGS((void));
128 extern int cfg_get_intvalue TAC_ARGS((int type, const char *name, int attr, int recurse));
129 extern const char *cfg_get_pvalue TAC_ARGS((int type, const char *name, int attr, int recurse));
130 extern int cfg_read_config TAC_ARGS((const char *cfile));
131 extern int cfg_user_exists TAC_ARGS((const char *username));
132 extern const char *cfg_get_expires TAC_ARGS((const char *username, int recurse));
133 extern const char *cfg_get_timestamp TAC_ARGS((const char *username, int recurse));
134 extern const char *cfg_get_login_secret TAC_ARGS((const char *user, int recurse));
135 extern int cfg_get_user_nopasswd TAC_ARGS((const char *user, int recurse));
136 extern const char *cfg_get_arap_secret TAC_ARGS((const char *user, int recurse));
137 extern const char *cfg_get_chap_secret TAC_ARGS((const char *user, int recurse));
139 extern const char *cfg_get_mschap_secret TAC_ARGS((const char *user, int recurse));
141 extern const char *cfg_get_pap_secret TAC_ARGS((const char *user, int recurse));
142 extern const char *cfg_get_opap_secret TAC_ARGS((const char *user, int recurse));
143 extern const char *cfg_get_global_secret TAC_ARGS((const char *user, int recurse));
145 extern const char *cfg_get_pam_service TAC_ARGS((const char *user, int recurse));
147 extern int cfg_get_svc_node TAC_ARGS((const char *username, int svctype, const char *protocol, const char *svcname, int recurse, NODE **nodep));
148 extern char **cfg_get_svc_attrs TAC_ARGS((NODE *svcnode, int *denyp));
149 extern int cfg_no_user_permitted TAC_ARGS((void));
150 extern const char *cfg_get_authen_default TAC_ARGS((void));
151 extern int cfg_get_authen_default_method TAC_ARGS((void));
152 extern const char *cfg_get_host_key TAC_ARGS((const char *host));
153 extern void cfg_request_scan_begin TAC_ARGS((void));
154 extern void cfg_request_identity TAC_ARGS((const struct identity *identity));
155 extern enum eval_result cfg_authorize_cmd TAC_ARGS((const char *username, const char *cmd, const char *args));
157 /* for use by cfgeval.c: */
158 extern const char *entity_type_to_string TAC_ARGS((int entity_type));
159 extern void scan_invalidate_entities TAC_ARGS((enum invalidate_scan what));
160 extern ENTITY *entity_lookup TAC_ARGS((int type, const char *name));
163 #endif /* CFGFILE_H */