Annotation of src/usr.bin/lock/lock.c, Revision 1.13
1.13 ! millert 1: /* $OpenBSD: lock.c,v 1.12 1999/03/06 20:27:40 millert Exp $ */
1.2 deraadt 2: /* $NetBSD: lock.c,v 1.8 1996/05/07 18:32:31 jtc Exp $ */
1.1 deraadt 3:
4: /*
5: * Copyright (c) 1980, 1987, 1993
6: * The Regents of the University of California. All rights reserved.
7: *
8: * This code is derived from software contributed to Berkeley by
9: * Bob Toxen.
10: *
11: * Redistribution and use in source and binary forms, with or without
12: * modification, are permitted provided that the following conditions
13: * are met:
14: * 1. Redistributions of source code must retain the above copyright
15: * notice, this list of conditions and the following disclaimer.
16: * 2. Redistributions in binary form must reproduce the above copyright
17: * notice, this list of conditions and the following disclaimer in the
18: * documentation and/or other materials provided with the distribution.
19: * 3. All advertising materials mentioning features or use of this software
20: * must display the following acknowledgement:
21: * This product includes software developed by the University of
22: * California, Berkeley and its contributors.
23: * 4. Neither the name of the University nor the names of its contributors
24: * may be used to endorse or promote products derived from this software
25: * without specific prior written permission.
26: *
27: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
28: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
31: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37: * SUCH DAMAGE.
38: */
39:
40: #ifndef lint
41: static char copyright[] =
42: "@(#) Copyright (c) 1980, 1987, 1993\n\
43: The Regents of the University of California. All rights reserved.\n";
44: #endif /* not lint */
45:
46: #ifndef lint
47: #if 0
48: static char sccsid[] = "@(#)lock.c 8.1 (Berkeley) 6/6/93";
49: #endif
1.13 ! millert 50: static char rcsid[] = "$OpenBSD: lock.c,v 1.12 1999/03/06 20:27:40 millert Exp $";
1.1 deraadt 51: #endif /* not lint */
52:
53: /*
54: * Lock a terminal up until the given key is entered, until the root
55: * password is entered, or the given interval times out.
56: *
57: * Timeout interval is by default TIMEOUT, it can be changed with
58: * an argument of the form -time where time is in minutes
59: */
60:
61: #include <sys/param.h>
62: #include <sys/stat.h>
63: #include <sys/time.h>
64: #include <signal.h>
65:
66: #include <ctype.h>
67: #include <err.h>
68: #include <pwd.h>
1.13 ! millert 69: #include <readpassphrase.h>
1.1 deraadt 70: #include <stdio.h>
1.2 deraadt 71: #include <stdlib.h>
1.1 deraadt 72: #include <string.h>
73: #include <termios.h>
1.2 deraadt 74: #include <unistd.h>
1.1 deraadt 75:
1.13 ! millert 76: #include <login_cap.h>
! 77: #include <bsd_auth.h>
1.7 millert 78:
1.1 deraadt 79: #define TIMEOUT 15
80:
1.10 millert 81: void bye __P((int));
82: void hi __P((int));
1.1 deraadt 83:
84: struct timeval timeout;
85: struct timeval zerotime;
1.13 ! millert 86: time_t nexttime; /* keep the timeout time */
1.9 millert 87: int no_timeout; /* lock terminal forever */
1.1 deraadt 88:
1.13 ! millert 89: extern char *__progname;
! 90:
1.1 deraadt 91: /*ARGSUSED*/
1.9 millert 92: int
1.1 deraadt 93: main(argc, argv)
94: int argc;
95: char **argv;
96: {
97: struct passwd *pw;
98: struct itimerval ntimer, otimer;
99: struct tm *timp;
100: time_t curtime;
101: int ch, sectimeout, usemine;
1.13 ! millert 102: char *p, *style, *nstyle, *ttynam;
! 103: char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ], date[256];
! 104: login_cap_t *lc;
1.1 deraadt 105:
106: sectimeout = TIMEOUT;
1.13 ! millert 107: style = NULL;
1.1 deraadt 108: usemine = 0;
1.6 downsj 109: no_timeout = 0;
1.1 deraadt 110:
111: if (!(pw = getpwuid(getuid())))
112: errx(1, "unknown uid %d.", getuid());
1.13 ! millert 113:
! 114: lc = login_getclass(pw->pw_class);
1.1 deraadt 115:
1.13 ! millert 116: while ((ch = getopt(argc, argv, "a:npt:")) != -1)
! 117: switch(ch) {
! 118: case 'a':
! 119: if (lc) {
! 120: style = login_getstyle(lc, optarg, "auth-lock");
! 121: if (style == NULL)
! 122: errx(1,
! 123: "invalid authentication style: %s",
! 124: optarg);
! 125: }
! 126: usemine = 1;
! 127: break;
1.1 deraadt 128: case 't':
129: if ((sectimeout = atoi(optarg)) <= 0)
130: errx(1, "illegal timeout value: %s", optarg);
131: break;
132: case 'p':
133: usemine = 1;
134: break;
1.6 downsj 135: case 'n':
136: no_timeout = 1;
137: break;
1.1 deraadt 138: case '?':
139: default:
1.10 millert 140: (void)fprintf(stderr,
1.13 ! millert 141: "usage: %s [-n] [-p] [-a style] [-t timeout]\n",
! 142: __progname);
1.1 deraadt 143: exit(1);
144: }
145: timeout.tv_sec = sectimeout * 60;
146:
147: gethostname(hostname, sizeof(hostname));
1.13 ! millert 148: if (!(ttynam = ttyname(STDIN_FILENO)))
1.1 deraadt 149: errx(1, "not a terminal?");
1.13 ! millert 150: curtime = time(NULL);
! 151: nexttime = curtime + (sectimeout * 60);
1.1 deraadt 152: timp = localtime(&curtime);
1.13 ! millert 153: strftime(date, sizeof(date), "%c", timp);
1.1 deraadt 154:
1.13 ! millert 155: if (!usemine) {
1.1 deraadt 156: /* get key and check again */
1.13 ! millert 157: if (!readpassphrase("Key: ", s, sizeof(s), RPP_ECHO_OFF) ||
! 158: *s == '\0')
! 159: exit(0);
1.1 deraadt 160: /*
161: * Don't need EOF test here, if we get EOF, then s1 != s
162: * and the right things will happen.
163: */
1.13 ! millert 164: (void)readpassphrase("Again: ", s1, sizeof(s1), RPP_ECHO_OFF);
1.1 deraadt 165: if (strcmp(s1, s)) {
1.13 ! millert 166: warnx("\apasswords didn't match.");
1.1 deraadt 167: exit(1);
168: }
1.5 deraadt 169: s[0] = '\0';
1.1 deraadt 170: }
171:
172: /* set signal handlers */
173: (void)signal(SIGINT, hi);
174: (void)signal(SIGQUIT, hi);
175: (void)signal(SIGTSTP, hi);
176: (void)signal(SIGALRM, bye);
177:
178: ntimer.it_interval = zerotime;
179: ntimer.it_value = timeout;
1.6 downsj 180: if (!no_timeout)
181: setitimer(ITIMER_REAL, &ntimer, &otimer);
1.1 deraadt 182:
183: /* header info */
1.6 downsj 184: if (no_timeout) {
1.13 ! millert 185: (void)fprintf(stderr,
! 186: "%s: %s on %s. no timeout\ntime now is %s\n",
! 187: __progname, ttynam, hostname, date);
1.6 downsj 188: } else {
1.13 ! millert 189: (void)fprintf(stderr,
! 190: "%s: %s on %s. timeout in %d minutes\ntime now is %s\n",
! 191: __progname, ttynam, hostname, sectimeout, date);
1.6 downsj 192: }
1.1 deraadt 193:
194: for (;;) {
1.13 ! millert 195: if (!readpassphrase("Key: ", s, sizeof(s), RPP_ECHO_OFF) ||
! 196: *s == '\0') {
1.9 millert 197: hi(0);
1.1 deraadt 198: continue;
199: }
200: if (usemine) {
1.13 ! millert 201: /*
! 202: * If user entered 's/key' or the style specified via
! 203: * the '-a' argument, auth_userokay() will prompt
! 204: * for a new password. Otherwise, use what we have.
! 205: */
! 206: if ((strcmp(s, "s/key") == 0 &&
! 207: (nstyle = login_getstyle(lc, "skey", "auth-lock")))
! 208: || ((nstyle = style) && strcmp(s, nstyle) == 0))
! 209: p = NULL;
! 210: else
! 211: p = s;
! 212: if (auth_userokay(pw->pw_name, nstyle, "auth-lock", p))
1.1 deraadt 213: break;
1.13 ! millert 214: } else if (strcmp(s, s1) == 0)
1.1 deraadt 215: break;
1.13 ! millert 216: (void)putc('\a', stderr);
1.1 deraadt 217: }
1.9 millert 218:
1.13 ! millert 219: exit(0);
1.1 deraadt 220: }
221:
222: void
1.9 millert 223: hi(dummy)
224: int dummy;
1.1 deraadt 225: {
1.13 ! millert 226: time_t now;
1.1 deraadt 227:
1.13 ! millert 228: (void)fprintf(stderr, "%s: type in the unlock key.", __progname);
! 229: if (!no_timeout) {
! 230: now = time(NULL);
! 231: (void)fprintf(stderr, " timeout in %d:%d minutes",
! 232: (nexttime - now) / 60,
! 233: (nexttime - now) % 60);
1.6 downsj 234: }
1.13 ! millert 235: putc('\n', stderr);
1.1 deraadt 236: }
237:
238: void
1.13 ! millert 239: bye(dummy)
1.9 millert 240: int dummy;
1.1 deraadt 241: {
242:
1.13 ! millert 243: if (!no_timeout)
! 244: errx(1, "timeout");
1.1 deraadt 245: }