lock.c revision 1.21
1 /* $NetBSD: lock.c,v 1.21 2003/08/07 11:14:22 agc Exp $ */ 2 3 /* 4 * Copyright (c) 1980, 1987, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software contributed to Berkeley by 8 * Bob Toxen. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 #include <sys/cdefs.h> 36 #ifndef lint 37 __COPYRIGHT("@(#) Copyright (c) 1980, 1987, 1993\n\ 38 The Regents of the University of California. All rights reserved.\n"); 39 #endif /* not lint */ 40 41 #ifndef lint 42 #if 0 43 static char sccsid[] = "@(#)lock.c 8.1 (Berkeley) 6/6/93"; 44 #endif 45 __RCSID("$NetBSD: lock.c,v 1.21 2003/08/07 11:14:22 agc Exp $"); 46 #endif /* not lint */ 47 48 /* 49 * Lock a terminal up until the given key is entered, until the root 50 * password is entered, or the given interval times out. 51 * 52 * Timeout interval is by default TIMEOUT, it can be changed with 53 * an argument of the form -time where time is in minutes 54 */ 55 56 #include <sys/param.h> 57 #include <sys/stat.h> 58 #include <sys/time.h> 59 #include <signal.h> 60 61 #include <ctype.h> 62 #include <err.h> 63 #include <pwd.h> 64 #include <stdio.h> 65 #include <stdlib.h> 66 #include <string.h> 67 #include <termios.h> 68 #include <time.h> 69 #include <unistd.h> 70 #ifdef SKEY 71 #include <skey.h> 72 #endif 73 74 #define TIMEOUT 15 75 76 void bye __P((int)); 77 void hi __P((int)); 78 int main __P((int, char **)); 79 void quit __P((int)); 80 #ifdef SKEY 81 int skey_auth __P((const char *)); 82 #endif 83 84 struct timeval timeout; 85 struct timeval zerotime; 86 struct termios tty, ntty; 87 int notimeout; /* no timeout at all */ 88 long nexttime; /* keep the timeout time */ 89 90 int 91 main(argc, argv) 92 int argc; 93 char **argv; 94 { 95 struct passwd *pw; 96 struct timeval timval; 97 struct itimerval ntimer, otimer; 98 struct tm *timp; 99 time_t curtime; 100 int ch, sectimeout, usemine; 101 char *ap, *mypw, *ttynam; 102 const char *tzn; 103 char hostname[MAXHOSTNAMELEN + 1], s[BUFSIZ], s1[BUFSIZ]; 104 105 if (!(pw = getpwuid(getuid()))) 106 errx(1, "unknown uid %ld.", (u_long) getuid()); 107 108 setuid(getuid()); /* discard privs */ 109 110 notimeout = 0; 111 sectimeout = TIMEOUT; 112 mypw = NULL; 113 usemine = 0; 114 115 while ((ch = getopt(argc, argv, "npt:")) != -1) 116 switch ((char)ch) { 117 case 'n': 118 notimeout = 1; 119 break; 120 case 't': 121 if ((sectimeout = atoi(optarg)) <= 0) 122 errx(1, "illegal timeout value: %s", optarg); 123 break; 124 case 'p': 125 usemine = 1; 126 mypw = strdup(pw->pw_passwd); 127 if (!mypw) 128 err(1, "strdup"); 129 break; 130 case '?': 131 default: 132 (void)fprintf(stderr, 133 "usage: lock [-p] [-t timeout]\n"); 134 exit(1); 135 } 136 timeout.tv_sec = sectimeout * 60; 137 138 if (tcgetattr(0, &tty) < 0) /* get information for header */ 139 exit(1); 140 gethostname(hostname, sizeof(hostname)); 141 hostname[sizeof(hostname) - 1] = '\0'; 142 if (!(ttynam = ttyname(0))) 143 errx(1, "not a terminal?"); 144 if (gettimeofday(&timval, (struct timezone *)NULL)) 145 err(1, "gettimeofday"); 146 curtime = timval.tv_sec; 147 nexttime = timval.tv_sec + (sectimeout * 60); 148 timp = localtime(&curtime); 149 ap = asctime(timp); 150 #ifdef __SVR4 151 tzn = tzname[0]; 152 #else 153 tzn = timp->tm_zone; 154 #endif 155 156 (void)signal(SIGINT, quit); 157 (void)signal(SIGQUIT, quit); 158 ntty = tty; ntty.c_lflag &= ~ECHO; 159 (void)tcsetattr(0, TCSADRAIN, &ntty); 160 161 if (!mypw) { 162 /* get key and check again */ 163 (void)printf("Key: "); 164 if (!fgets(s, sizeof(s), stdin) || *s == '\n') 165 quit(0); 166 (void)printf("\nAgain: "); 167 /* 168 * Don't need EOF test here, if we get EOF, then s1 != s 169 * and the right things will happen. 170 */ 171 (void)fgets(s1, sizeof(s1), stdin); 172 (void)putchar('\n'); 173 if (strcmp(s1, s)) { 174 (void)printf("\alock: passwords didn't match.\n"); 175 (void)tcsetattr(0, TCSADRAIN, &tty); 176 exit(1); 177 } 178 s[0] = '\0'; 179 mypw = s1; 180 } 181 182 /* set signal handlers */ 183 (void)signal(SIGINT, hi); 184 (void)signal(SIGQUIT, hi); 185 (void)signal(SIGTSTP, hi); 186 187 if (notimeout) { 188 (void)signal(SIGALRM, hi); 189 (void)printf("lock: %s on %s. no timeout.\ntime now is %.20s%s%s", 190 ttynam, hostname, ap, tzn, ap + 19); 191 } 192 else { 193 (void)signal(SIGALRM, bye); 194 195 ntimer.it_interval = zerotime; 196 ntimer.it_value = timeout; 197 setitimer(ITIMER_REAL, &ntimer, &otimer); 198 199 /* header info */ 200 (void)printf("lock: %s on %s. timeout in %d minutes\ntime now is %.20s%s%s", 201 ttynam, hostname, sectimeout, ap, tzn, ap + 19); 202 } 203 204 for (;;) { 205 (void)printf("Key: "); 206 if (!fgets(s, sizeof(s), stdin)) { 207 clearerr(stdin); 208 hi(0); 209 continue; 210 } 211 if (usemine) { 212 s[strlen(s) - 1] = '\0'; 213 #ifdef SKEY 214 if (strcasecmp(s, "s/key") == 0) { 215 if (skey_auth(pw->pw_name)) 216 break; 217 } 218 #endif 219 if (!strcmp(mypw, crypt(s, mypw))) 220 break; 221 } 222 else if (!strcmp(s, s1)) 223 break; 224 (void)printf("\a\n"); 225 if (tcsetattr(0, TCSADRAIN, &ntty) < 0) 226 exit(1); 227 } 228 quit(0); 229 /* NOTREACHED */ 230 return (0); 231 } 232 233 #ifdef SKEY 234 /* 235 * We can't use libskey's skey_authenticate() since it 236 * handles signals in a way that's inappropriate 237 * for our needs. Instead we roll our own. 238 */ 239 int 240 skey_auth(user) 241 const char *user; 242 { 243 char s[128]; 244 const char *ask; 245 int ret = 0; 246 247 if (!skey_haskey(user) && (ask = skey_keyinfo(user))) { 248 printf("\n[%s]\nResponse: ", ask); 249 if (!fgets(s, sizeof(s), stdin) || *s == '\n') 250 clearerr(stdin); 251 else { 252 s[strlen(s) - 1] = '\0'; 253 if (skey_passcheck(user, s) != -1) 254 ret = 1; 255 } 256 } else 257 printf("Sorry, you have no s/key.\n"); 258 return ret; 259 } 260 #endif 261 262 void 263 hi(dummy) 264 int dummy; 265 { 266 struct timeval timval; 267 268 if (notimeout) 269 (void)printf("lock: type in the unlock key.\n"); 270 else if (!gettimeofday(&timval, (struct timezone *)NULL)) 271 (void)printf("lock: type in the unlock key. timeout in %ld:%ld minutes\n", 272 (nexttime - timval.tv_sec) / 60, (nexttime - timval.tv_sec) % 60); 273 } 274 275 void 276 quit(dummy) 277 int dummy; 278 { 279 (void)putchar('\n'); 280 (void)tcsetattr(0, TCSADRAIN, &tty); 281 exit(0); 282 } 283 284 void 285 bye(dummy) 286 int dummy; 287 { 288 (void)tcsetattr(0, TCSADRAIN, &tty); 289 (void)printf("lock: timeout\n"); 290 exit(1); 291 } 292
Indexes created Fri Sep 26 08:10:20 GMT 2025