1  /*
       2   * Copyright (c) 2022 Tomas Mraz <tm@t8m.info>
       3   * Copyright (c) 2022 Iker Pedrosa <ipedrosa@redhat.com>
       4   *
       5   * Redistribution and use in source and binary forms, with or without
       6   * modification, are permitted provided that the following conditions
       7   * are met:
       8   * 1. Redistributions of source code must retain the above copyright
       9   *    notice, and the entire permission notice in its entirety,
      10   *    including the disclaimer of warranties.
      11   * 2. Redistributions in binary form must reproduce the above copyright
      12   *    notice, this list of conditions and the following disclaimer in the
      13   *    documentation and/or other materials provided with the distribution.
      14   * 3. The name of the author may not be used to endorse or promote
      15   *    products derived from this software without specific prior
      16   *    written permission.
      17   *
      18   * ALTERNATIVELY, this product may be distributed under the terms of
      19   * the GNU Public License, in which case the provisions of the GPL are
      20   * required INSTEAD OF the above restrictions.  (This clause is
      21   * necessary due to a potential bad interaction between the GPL and
      22   * the restrictions contained in a BSD-style copyright.)
      23   *
      24   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
      25   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
      26   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
      27   * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
      28   * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
      29   * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
      30   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
      31   * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
      32   * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
      33   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
      34   * OF THE POSSIBILITY OF SUCH DAMAGE.
      35   */
      36  
      37  /*
      38   * faillock_config.h - load configuration options from file
      39   *
      40   */
      41  
      42  #ifndef _FAILLOCK_CONFIG_H
      43  #define _FAILLOCK_CONFIG_H
      44  
      45  #include <limits.h>
      46  #include <stdint.h>
      47  #include <sys/types.h>
      48  
      49  #include <security/pam_ext.h>
      50  
      51  #define FAILLOCK_FLAG_DENY_ROOT		0x1
      52  #define FAILLOCK_FLAG_AUDIT			0x2
      53  #define FAILLOCK_FLAG_SILENT		0x4
      54  #define FAILLOCK_FLAG_NO_LOG_INFO	0x8
      55  #define FAILLOCK_FLAG_UNLOCKED		0x10
      56  #define FAILLOCK_FLAG_LOCAL_ONLY	0x20
      57  #define FAILLOCK_FLAG_NO_DELAY		0x40
      58  
      59  #define FAILLOCK_CONF_MAX_LINELEN 	1023
      60  #define MAX_TIME_INTERVAL			604800 /* 7 days */
      61  
      62  struct options {
      63  	unsigned int action;
      64  	unsigned int flags;
      65  	unsigned short deny;
      66  	unsigned int fail_interval;
      67  	unsigned int unlock_time;
      68  	unsigned int root_unlock_time;
      69  	char *dir;
      70  	const char *user;
      71  	char *admin_group;
      72  	int failures;
      73  	uint64_t latest_time;
      74  	uid_t uid;
      75  	int is_admin;
      76  	uint64_t now;
      77  	int fatal_error;
      78  
      79  	unsigned int reset;
      80  	const char *progname;
      81  	int legacy_output; /* show failure info in pam_tally2 style */
      82  };
      83  
      84  int read_config_file(pam_handle_t *pamh, struct options *opts,
      85  					 const char *cfgfile);
      86  void set_conf_opt(pam_handle_t *pamh, struct options *opts, const char *name,
      87  		  const char *value);
      88  const char *get_tally_dir(const struct options *opts);
      89  
      90  #endif /* _FAILLOCK_CONFIG_H */