rpc.rusersd(8): Silence warnings.
[dragonfly.git] / lib / libutil / login_ok.c
blob6f41be888ab7597eeee6d2ae7e9323f6891cc78b
1 /*-
2 * Copyright (c) 1996 by
3 * David Nugent <davidn@blaze.net.au>
4 * All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, is permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice immediately at the beginning of the file, without modification,
11 * this list of conditions, and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. This work was done expressly for inclusion into FreeBSD. Other use
16 * is permitted provided this notation is included.
17 * 4. Absolutely no warranty of function or purpose is made by the authors.
18 * 5. Modifications may be freely made to this file providing the above
19 * conditions are met.
21 * Support allow/deny lists in login class capabilities
23 * $FreeBSD: src/lib/libutil/login_ok.c,v 1.7.2.1 2001/01/10 21:01:30 ghelmer Exp $
24 * $DragonFly: src/lib/libutil/login_ok.c,v 1.3 2005/03/04 04:31:11 cpressey Exp $
27 #include <sys/types.h>
28 #include <sys/time.h>
29 #include <sys/resource.h>
30 #include <sys/param.h>
32 #include <errno.h>
33 #include <fnmatch.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <ttyent.h>
37 #include <unistd.h>
39 #include "login_cap.h"
41 /* -- support functions -- */
44 * login_strinlist()
45 * This function is intentionally public - reused by TAS.
46 * Returns TRUE (non-zero) if a string matches a pattern
47 * in a given array of patterns. 'flags' is passed directly
48 * to fnmatch(3).
51 int
52 login_strinlist(char **list, char const *str, int flags)
54 int rc = 0;
56 if (str != NULL && *str != '\0') {
57 int i = 0;
59 while (rc == 0 && list[i] != NULL)
60 rc = fnmatch(list[i++], str, flags) == 0;
62 return rc;
67 * login_str2inlist()
68 * Locate either or two strings in a given list
71 int
72 login_str2inlist(char **ttlst, const char *str1, const char *str2, int flags)
74 int rc = 0;
76 if (login_strinlist(ttlst, str1, flags))
77 rc = 1;
78 else if (login_strinlist(ttlst, str2, flags))
79 rc = 1;
80 return rc;
85 * login_timelist()
86 * This function is intentinoally public - reused by TAS.
87 * Returns an allocated list of time periods given an array
88 * of time periods in ascii form.
91 login_time_t *
92 login_timelist(login_cap_t *lc, char const *cap, int *ltno,
93 login_time_t **ltptr)
95 int j = 0;
96 struct login_time *lt = NULL;
97 char **tl;
99 if ((tl = login_getcaplist(lc, cap, NULL)) != NULL) {
101 while (tl[j++] != NULL)
103 if (*ltno >= j)
104 lt = *ltptr;
105 else if ((lt = realloc(*ltptr, j * sizeof(struct login_time))) != NULL) {
106 *ltno = j;
107 *ltptr = lt;
109 if (lt != NULL) {
110 int i = 0;
112 for (--j; i < j; i++)
113 lt[i] = parse_lt(tl[i]);
114 lt[i].lt_dow = LTM_NONE;
117 return lt;
122 * login_ttyok()
123 * This function is a variation of auth_ttyok(), but it checks two
124 * arbitrary capability lists not necessarily related to access.
125 * This hook is provided for the accounted/exclude accounting lists.
129 login_ttyok(login_cap_t *lc, const char *tty, const char *allowcap,
130 const char *denycap)
132 int rc = 1;
134 if (lc != NULL && tty != NULL && *tty != '\0') {
135 struct ttyent *te;
136 char *grp;
137 char **ttl;
139 te = getttynam(tty); /* Need group name */
140 grp = te ? te->ty_group : NULL;
141 ttl = login_getcaplist(lc, allowcap, NULL);
143 if (ttl != NULL && !login_str2inlist(ttl, tty, grp, 0))
144 rc = 0; /* tty or ttygroup not in allow list */
145 else {
147 ttl = login_getcaplist(lc, denycap, NULL);
148 if (ttl != NULL && login_str2inlist(ttl, tty, grp, 0))
149 rc = 0; /* tty or ttygroup in deny list */
153 return rc;
158 * auth_ttyok()
159 * Determine whether or not login on a tty is accessible for
160 * a login class
164 auth_ttyok(login_cap_t *lc, const char * tty)
166 return login_ttyok(lc, tty, "ttys.allow", "ttys.deny");
171 * login_hostok()
172 * This function is a variation of auth_hostok(), but it checks two
173 * arbitrary capability lists not necessarily related to access.
174 * This hook is provided for the accounted/exclude accounting lists.
178 login_hostok(login_cap_t *lc, const char *host, const char *ip,
179 const char *allowcap, const char *denycap)
181 int rc = 1; /* Default is ok */
183 if (lc != NULL &&
184 ((host != NULL && *host != '\0') || (ip != NULL && *ip != '\0'))) {
185 char **hl;
187 hl = login_getcaplist(lc, allowcap, NULL);
188 if (hl != NULL && !login_str2inlist(hl, host, ip, FNM_CASEFOLD))
189 rc = 0; /* host or IP not in allow list */
190 else {
192 hl = login_getcaplist(lc, denycap, NULL);
193 if (hl != NULL && login_str2inlist(hl, host, ip, FNM_CASEFOLD))
194 rc = 0; /* host or IP in deny list */
198 return rc;
203 * auth_hostok()
204 * Determine whether or not login from a host is ok
208 auth_hostok(login_cap_t *lc, const char *host, const char *ip)
210 return login_hostok(lc, host, ip, "host.allow", "host.deny");
215 * auth_timeok()
216 * Determine whether or not login is ok at a given time
220 auth_timeok(login_cap_t *lc, time_t t)
222 int rc = 1; /* Default is ok */
224 if (lc != NULL && t != (time_t)0 && t != (time_t)-1) {
225 struct tm *tptr;
227 static int ltimesno = 0;
228 static struct login_time *ltimes = NULL;
230 if ((tptr = localtime(&t)) != NULL) {
231 struct login_time *lt;
233 lt = login_timelist(lc, "times.allow", &ltimesno, &ltimes);
234 if (lt != NULL && in_ltms(lt, tptr, NULL) == -1)
235 rc = 0; /* not in allowed times list */
236 else {
238 lt = login_timelist(lc, "times.deny", &ltimesno, &ltimes);
239 if (lt != NULL && in_ltms(lt, tptr, NULL) != -1)
240 rc = 0; /* in deny times list */
242 if (ltimes) {
243 free(ltimes);
244 ltimes = NULL;
245 ltimesno = 0;
250 return rc;