===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/lock/lock.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -c -r1.12 -r1.13
*** src/usr.bin/lock/lock.c	1999/03/06 20:27:40	1.12
--- src/usr.bin/lock/lock.c	2001/05/29 21:38:15	1.13
***************
*** 1,4 ****
! /*	$OpenBSD: lock.c,v 1.12 1999/03/06 20:27:40 millert Exp $	*/
  /*	$NetBSD: lock.c,v 1.8 1996/05/07 18:32:31 jtc Exp $	*/
  
  /*
--- 1,4 ----
! /*	$OpenBSD: lock.c,v 1.13 2001/05/29 21:38:15 millert Exp $	*/
  /*	$NetBSD: lock.c,v 1.8 1996/05/07 18:32:31 jtc Exp $	*/
  
  /*
***************
*** 47,53 ****
  #if 0
  static char sccsid[] = "@(#)lock.c	8.1 (Berkeley) 6/6/93";
  #endif
! static char rcsid[] = "$OpenBSD: lock.c,v 1.12 1999/03/06 20:27:40 millert Exp $";
  #endif /* not lint */
  
  /*
--- 47,53 ----
  #if 0
  static char sccsid[] = "@(#)lock.c	8.1 (Berkeley) 6/6/93";
  #endif
! static char rcsid[] = "$OpenBSD: lock.c,v 1.13 2001/05/29 21:38:15 millert Exp $";
  #endif /* not lint */
  
  /*
***************
*** 66,94 ****
  #include <ctype.h>
  #include <err.h>
  #include <pwd.h>
  #include <stdio.h>
  #include <stdlib.h>
  #include <string.h>
  #include <termios.h>
  #include <unistd.h>
  
! #ifdef SKEY
! #include <skey.h>
! #endif
  
  #define	TIMEOUT	15
  
  void bye	__P((int));
  void hi		__P((int));
- void quit	__P((int));
- int skey_auth	__P((char *));
  
  struct timeval	timeout;
  struct timeval	zerotime;
! struct termios	tty, ntty;
! long	nexttime;			/* keep the timeout time */
  int	no_timeout;			/* lock terminal forever */
  
  /*ARGSUSED*/
  int
  main(argc, argv)
--- 66,93 ----
  #include <ctype.h>
  #include <err.h>
  #include <pwd.h>
+ #include <readpassphrase.h>
  #include <stdio.h>
  #include <stdlib.h>
  #include <string.h>
  #include <termios.h>
  #include <unistd.h>
  
! #include <login_cap.h>
! #include <bsd_auth.h>
  
  #define	TIMEOUT	15
  
  void bye	__P((int));
  void hi		__P((int));
  
  struct timeval	timeout;
  struct timeval	zerotime;
! time_t	nexttime;			/* keep the timeout time */
  int	no_timeout;			/* lock terminal forever */
  
+ extern	char *__progname;
+ 
  /*ARGSUSED*/
  int
  main(argc, argv)
***************
*** 96,126 ****
  	char **argv;
  {
  	struct passwd *pw;
- 	struct timeval timval;
  	struct itimerval ntimer, otimer;
  	struct tm *timp;
  	time_t curtime;
  	int ch, sectimeout, usemine;
! 	char *ap, *mypw, *ttynam, *tzn;
! 	char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ];
  
  	sectimeout = TIMEOUT;
! 	mypw = NULL;
  	usemine = 0;
  	no_timeout = 0;
  
  	if (!(pw = getpwuid(getuid())))
  		errx(1, "unknown uid %d.", getuid());
  	
! 	while ((ch = getopt(argc, argv, "npt:")) != -1)
! 		switch((char)ch) {
  		case 't':
  			if ((sectimeout = atoi(optarg)) <= 0)
  				errx(1, "illegal timeout value: %s", optarg);
  			break;
  		case 'p':
  			usemine = 1;
- 			mypw = strdup(pw->pw_passwd);
  			break;
  		case 'n':
  			no_timeout = 1;
--- 95,136 ----
  	char **argv;
  {
  	struct passwd *pw;
  	struct itimerval ntimer, otimer;
  	struct tm *timp;
  	time_t curtime;
  	int ch, sectimeout, usemine;
! 	char *p, *style, *nstyle, *ttynam;
! 	char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ], date[256];
! 	login_cap_t *lc;
  
  	sectimeout = TIMEOUT;
! 	style = NULL;
  	usemine = 0;
  	no_timeout = 0;
  
  	if (!(pw = getpwuid(getuid())))
  		errx(1, "unknown uid %d.", getuid());
+ 
+ 	lc = login_getclass(pw->pw_class);
  	
! 	while ((ch = getopt(argc, argv, "a:npt:")) != -1)
! 		switch(ch) {
! 		case 'a':
! 			if (lc) {
! 				style = login_getstyle(lc, optarg, "auth-lock");
! 				if (style == NULL)
! 					errx(1,
! 					    "invalid authentication style: %s",
! 					    optarg);
! 			}
! 			usemine = 1;
! 			break;
  		case 't':
  			if ((sectimeout = atoi(optarg)) <= 0)
  				errx(1, "illegal timeout value: %s", optarg);
  			break;
  		case 'p':
  			usemine = 1;
  			break;
  		case 'n':
  			no_timeout = 1;
***************
*** 128,177 ****
  		case '?':
  		default:
  			(void)fprintf(stderr,
! 			    "usage: lock [-n] [-p] [-t timeout]\n");
  			exit(1);
  	}
  	timeout.tv_sec = sectimeout * 60;
  
- 	seteuid(getuid());		/* discard what privs we can */
- 
- 	if (tcgetattr(0, &tty) < 0)	/* get information for header */
- 		exit(1);
  	gethostname(hostname, sizeof(hostname));
! 	if (!(ttynam = ttyname(0)))
  		errx(1, "not a terminal?");
! 	if (gettimeofday(&timval, (struct timezone *)NULL))
! 		err(1, "gettimeofday");
! 	curtime = timval.tv_sec;
! 	nexttime = timval.tv_sec + (sectimeout * 60);
  	timp = localtime(&curtime);
! 	ap = asctime(timp);
! 	tzn = timp->tm_zone;
  
! 	(void)signal(SIGINT, quit);
! 	(void)signal(SIGQUIT, quit);
! 	ntty = tty; ntty.c_lflag &= ~ECHO;
! 	(void)tcsetattr(0, TCSADRAIN, &ntty);
! 
! 	if (!mypw) {
  		/* get key and check again */
! 		(void)fputs("Key: ", stdout);
! 		if (!fgets(s, sizeof(s), stdin) || *s == '\n')
! 			quit(0);
! 		(void)fputs("\nAgain: ", stdout);
  		/*
  		 * Don't need EOF test here, if we get EOF, then s1 != s
  		 * and the right things will happen.
  		 */
! 		(void)fgets(s1, sizeof(s1), stdin);
! 		(void)putchar('\n');
  		if (strcmp(s1, s)) {
! 			(void)puts("\alock: passwords didn't match.");
! 			(void)tcsetattr(0, TCSADRAIN, &tty);
  			exit(1);
  		}
  		s[0] = '\0';
- 		mypw = s1;
  	}
  
  	/* set signal handlers */
--- 138,172 ----
  		case '?':
  		default:
  			(void)fprintf(stderr,
! 			    "usage: %s [-n] [-p] [-a style] [-t timeout]\n",
! 			    __progname);
  			exit(1);
  	}
  	timeout.tv_sec = sectimeout * 60;
  
  	gethostname(hostname, sizeof(hostname));
! 	if (!(ttynam = ttyname(STDIN_FILENO)))
  		errx(1, "not a terminal?");
! 	curtime = time(NULL);
! 	nexttime = curtime + (sectimeout * 60);
  	timp = localtime(&curtime);
! 	strftime(date, sizeof(date), "%c", timp);
  
! 	if (!usemine) {
  		/* get key and check again */
! 		if (!readpassphrase("Key: ", s, sizeof(s), RPP_ECHO_OFF) ||
! 		    *s == '\0')
! 			exit(0);
  		/*
  		 * Don't need EOF test here, if we get EOF, then s1 != s
  		 * and the right things will happen.
  		 */
! 		(void)readpassphrase("Again: ", s1, sizeof(s1), RPP_ECHO_OFF);
  		if (strcmp(s1, s)) {
! 			warnx("\apasswords didn't match.");
  			exit(1);
  		}
  		s[0] = '\0';
  	}
  
  	/* set signal handlers */
***************
*** 187,294 ****
  
  	/* header info */
  	if (no_timeout) {
! 		(void)printf("lock: %s on %s. no timeout\ntime now is %.20s%s%s",
! 		    ttynam, hostname, ap, tzn, ap + 19);
  	} else {
! 		(void)printf("lock: %s on %s. timeout in %d minutes\ntime now is %.20s%s%s",
! 		    ttynam, hostname, sectimeout, ap, tzn, ap + 19);
  	}
  
  	for (;;) {
! 		(void)fputs("Key: ", stdout);
! 		if (!fgets(s, sizeof(s), stdin)) {
! 			clearerr(stdin);
  			hi(0);
  			continue;
  		}
  		if (usemine) {
! 			s[strlen(s) - 1] = '\0';
! #ifdef SKEY
! 			if (strcasecmp(s, "s/key") == 0) {
! 				/* S/Key lookup needs to be done as root */
! 				seteuid(0);
! 				ch = skey_auth(pw->pw_name);
! 				seteuid(getuid());
! 				if (ch)
! 					break;
! 			}
! #endif
! 			if (!strcmp(mypw, crypt(s, mypw)))
  				break;
! 		}
! 		else if (!strcmp(s, s1))
  			break;
! 		(void)puts("\a");
! 		if (tcsetattr(0, TCSADRAIN, &ntty) < 0)
! 			exit(1);
  	}
  
! 	quit(0);
! 	exit(0);			/*NOTREACHED*/
  }
  
- #ifdef SKEY
- /*
-  * We can't use libskey's skey_authenticate() since it
-  * handles signals in a way that's inappropriate
-  * for our needs. Instead we roll our own.
-  */
- int
- skey_auth(user)
- 	char *user;
- {
- 	char s[256], *ask;
- 	int ret = 0;
- 
- 	if (!skey_haskey(user) && (ask = skey_keyinfo(user))) {
- 		(void)printf("\n%s\nResponse: ", ask);		
- 		if (!fgets(s, sizeof(s), stdin) || *s == '\n')
- 			clearerr(stdin);
- 		else {
- 			rip(s);
- 			if (skey_passcheck(user, s) != -1)
- 				ret = 1;
- 		}
- 	} else
- 		(void)printf("Sorry, you have no s/key.\n");
- 	return(ret);
- }
- #endif
- 
  void
  hi(dummy)
  	int dummy;
  {
! 	struct timeval timval;
  
! 	if (!gettimeofday(&timval, (struct timezone *)NULL)) {
! 		(void)printf("lock: type in the unlock key. ");
! 		if (no_timeout) {
! 			putchar('\n');
! 		} else {
! 			(void)printf("timeout in %ld:%ld minutes\n",
! 			    (nexttime - timval.tv_sec) / 60,
! 			    (nexttime - timval.tv_sec) % 60);
! 		}
  	}
  }
  
  void
- quit(dummy)
- 	int dummy;
- {
- 	putchar('\n');
- 	(void)tcsetattr(0, TCSADRAIN, &tty);
- 	exit(0);
- }
- 
- void
  bye(dummy)
  	int dummy;
  {
! 	if (!no_timeout) {
! 		(void)tcsetattr(0, TCSADRAIN, &tty);
! 		(void)puts("lock: timeout");
! 		exit(1);
! 	}
  }
--- 182,245 ----
  
  	/* header info */
  	if (no_timeout) {
! 		(void)fprintf(stderr,
! 		    "%s: %s on %s. no timeout\ntime now is %s\n",
! 		    __progname, ttynam, hostname, date);
  	} else {
! 		(void)fprintf(stderr,
! 		    "%s: %s on %s. timeout in %d minutes\ntime now is %s\n",
! 		    __progname, ttynam, hostname, sectimeout, date);
  	}
  
  	for (;;) {
! 		if (!readpassphrase("Key: ", s, sizeof(s), RPP_ECHO_OFF) ||
! 		    *s == '\0') {
  			hi(0);
  			continue;
  		}
  		if (usemine) {
! 			/*
! 			 * If user entered 's/key' or the style specified via
! 			 * the '-a' argument, auth_userokay() will prompt
! 			 * for a new password.  Otherwise, use what we have.
! 			 */
! 			if ((strcmp(s, "s/key") == 0 &&
! 			    (nstyle = login_getstyle(lc, "skey", "auth-lock")))
! 			    || ((nstyle = style) && strcmp(s, nstyle) == 0))
! 				p = NULL;
! 			else
! 				p = s;
! 			if (auth_userokay(pw->pw_name, nstyle, "auth-lock", p))
  				break;
! 		} else if (strcmp(s, s1) == 0)
  			break;
! 		(void)putc('\a', stderr);
  	}
  
! 	exit(0);
  }
  
  void
  hi(dummy)
  	int dummy;
  {
! 	time_t now;
  
! 	(void)fprintf(stderr, "%s: type in the unlock key.", __progname);
! 	if (!no_timeout) {
! 		now = time(NULL);
! 		(void)fprintf(stderr, " timeout in %d:%d minutes",
! 		    (nexttime - now) / 60,
! 		    (nexttime - now) % 60);
  	}
+ 	putc('\n', stderr);
  }
  
  void
  bye(dummy)
  	int dummy;
  {
! 
! 	if (!no_timeout)
! 		errx(1, "timeout");
  }