1 /* $NetBSD: lock.c,v 1.20 2002/11/16 15:59:28 itojun Exp $ */ 2 3 /* 4 * Copyright (c) 1980, 1987, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software contributed to Berkeley by 8 * Bob Toxen. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed by the University of 21 * California, Berkeley and its contributors. 22 * 4. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 */ 38 39 #include <sys/cdefs.h> 40 #ifndef lint 41 __COPYRIGHT("@(#) Copyright (c) 1980, 1987, 1993\n\ 42 The Regents of the University of California. All rights reserved.\n"); 43 #endif /* not lint */ 44 45 #ifndef lint 46 #if 0 47 static char sccsid[] = "@(#)lock.c 8.1 (Berkeley) 6/6/93"; 48 #endif 49 __RCSID("$NetBSD: lock.c,v 1.20 2002/11/16 15:59:28 itojun Exp $"); 50 #endif /* not lint */ 51 52 /* 53 * Lock a terminal up until the given key is entered, until the root 54 * password is entered, or the given interval times out. 55 * 56 * Timeout interval is by default TIMEOUT, it can be changed with 57 * an argument of the form -time where time is in minutes 58 */ 59 60 #include <sys/param.h> 61 #include <sys/stat.h> 62 #include <sys/time.h> 63 #include <signal.h> 64 65 #include <ctype.h> 66 #include <err.h> 67 #include <pwd.h> 68 #include <stdio.h> 69 #include <stdlib.h> 70 #include <string.h> 71 #include <termios.h> 72 #include <time.h> 73 #include <unistd.h> 74 #ifdef SKEY 75 #include <skey.h> 76 #endif 77 78 #define TIMEOUT 15 79 80 void bye __P((int)); 81 void hi __P((int)); 82 int main __P((int, char **)); 83 void quit __P((int)); 84 #ifdef SKEY 85 int skey_auth __P((const char *)); 86 #endif 87 88 struct timeval timeout; 89 struct timeval zerotime; 90 struct termios tty, ntty; 91 int notimeout; /* no timeout at all */ 92 long nexttime; /* keep the timeout time */ 93 94 int 95 main(argc, argv) 96 int argc; 97 char **argv; 98 { 99 struct passwd *pw; 100 struct timeval timval; 101 struct itimerval ntimer, otimer; 102 struct tm *timp; 103 time_t curtime; 104 int ch, sectimeout, usemine; 105 char *ap, *mypw, *ttynam; 106 const char *tzn; 107 char hostname[MAXHOSTNAMELEN + 1], s[BUFSIZ], s1[BUFSIZ]; 108 109 if (!(pw = getpwuid(getuid()))) 110 errx(1, "unknown uid %ld.", (u_long) getuid()); 111 112 setuid(getuid()); /* discard privs */ 113 114 notimeout = 0; 115 sectimeout = TIMEOUT; 116 mypw = NULL; 117 usemine = 0; 118 119 while ((ch = getopt(argc, argv, "npt:")) != -1) 120 switch ((char)ch) { 121 case 'n': 122 notimeout = 1; 123 break; 124 case 't': 125 if ((sectimeout = atoi(optarg)) <= 0) 126 errx(1, "illegal timeout value: %s", optarg); 127 break; 128 case 'p': 129 usemine = 1; 130 mypw = strdup(pw->pw_passwd); 131 if (!mypw) 132 err(1, "strdup"); 133 break; 134 case '?': 135 default: 136 (void)fprintf(stderr, 137 "usage: lock [-p] [-t timeout]\n"); 138 exit(1); 139 } 140 timeout.tv_sec = sectimeout * 60; 141 142 if (tcgetattr(0, &tty) < 0) /* get information for header */ 143 exit(1); 144 gethostname(hostname, sizeof(hostname)); 145 hostname[sizeof(hostname) - 1] = '\0'; 146 if (!(ttynam = ttyname(0))) 147 errx(1, "not a terminal?"); 148 if (gettimeofday(&timval, (struct timezone *)NULL)) 149 err(1, "gettimeofday"); 150 curtime = timval.tv_sec; 151 nexttime = timval.tv_sec + (sectimeout * 60); 152 timp = localtime(&curtime); 153 ap = asctime(timp); 154 #ifdef __SVR4 155 tzn = tzname[0]; 156 #else 157 tzn = timp->tm_zone; 158 #endif 159 160 (void)signal(SIGINT, quit); 161 (void)signal(SIGQUIT, quit); 162 ntty = tty; ntty.c_lflag &= ~ECHO; 163 (void)tcsetattr(0, TCSADRAIN, &ntty); 164 165 if (!mypw) { 166 /* get key and check again */ 167 (void)printf("Key: "); 168 if (!fgets(s, sizeof(s), stdin) || *s == '\n') 169 quit(0); 170 (void)printf("\nAgain: "); 171 /* 172 * Don't need EOF test here, if we get EOF, then s1 != s 173 * and the right things will happen. 174 */ 175 (void)fgets(s1, sizeof(s1), stdin); 176 (void)putchar('\n'); 177 if (strcmp(s1, s)) { 178 (void)printf("\alock: passwords didn't match.\n"); 179 (void)tcsetattr(0, TCSADRAIN, &tty); 180 exit(1); 181 } 182 s[0] = '\0'; 183 mypw = s1; 184 } 185 186 /* set signal handlers */ 187 (void)signal(SIGINT, hi); 188 (void)signal(SIGQUIT, hi); 189 (void)signal(SIGTSTP, hi); 190 191 if (notimeout) { 192 (void)signal(SIGALRM, hi); 193 (void)printf("lock: %s on %s. no timeout.\ntime now is %.20s%s%s", 194 ttynam, hostname, ap, tzn, ap + 19); 195 } 196 else { 197 (void)signal(SIGALRM, bye); 198 199 ntimer.it_interval = zerotime; 200 ntimer.it_value = timeout; 201 setitimer(ITIMER_REAL, &ntimer, &otimer); 202 203 /* header info */ 204 (void)printf("lock: %s on %s. timeout in %d minutes\ntime now is %.20s%s%s", 205 ttynam, hostname, sectimeout, ap, tzn, ap + 19); 206 } 207 208 for (;;) { 209 (void)printf("Key: "); 210 if (!fgets(s, sizeof(s), stdin)) { 211 clearerr(stdin); 212 hi(0); 213 continue; 214 } 215 if (usemine) { 216 s[strlen(s) - 1] = '\0'; 217 #ifdef SKEY 218 if (strcasecmp(s, "s/key") == 0) { 219 if (skey_auth(pw->pw_name)) 220 break; 221 } 222 #endif 223 if (!strcmp(mypw, crypt(s, mypw))) 224 break; 225 } 226 else if (!strcmp(s, s1)) 227 break; 228 (void)printf("\a\n"); 229 if (tcsetattr(0, TCSADRAIN, &ntty) < 0) 230 exit(1); 231 } 232 quit(0); 233 /* NOTREACHED */ 234 return (0); 235 } 236 237 #ifdef SKEY 238 /* 239 * We can't use libskey's skey_authenticate() since it 240 * handles signals in a way that's inappropriate 241 * for our needs. Instead we roll our own. 242 */ 243 int 244 skey_auth(user) 245 const char *user; 246 { 247 char s[128]; 248 const char *ask; 249 int ret = 0; 250 251 if (!skey_haskey(user) && (ask = skey_keyinfo(user))) { 252 printf("\n[%s]\nResponse: ", ask); 253 if (!fgets(s, sizeof(s), stdin) || *s == '\n') 254 clearerr(stdin); 255 else { 256 s[strlen(s) - 1] = '\0'; 257 if (skey_passcheck(user, s) != -1) 258 ret = 1; 259 } 260 } else 261 printf("Sorry, you have no s/key.\n"); 262 return ret; 263 } 264 #endif 265 266 void 267 hi(dummy) 268 int dummy; 269 { 270 struct timeval timval; 271 272 if (notimeout) 273 (void)printf("lock: type in the unlock key.\n"); 274 else if (!gettimeofday(&timval, (struct timezone *)NULL)) 275 (void)printf("lock: type in the unlock key. timeout in %ld:%ld minutes\n", 276 (nexttime - timval.tv_sec) / 60, (nexttime - timval.tv_sec) % 60); 277 } 278 279 void 280 quit(dummy) 281 int dummy; 282 { 283 (void)putchar('\n'); 284 (void)tcsetattr(0, TCSADRAIN, &tty); 285 exit(0); 286 } 287 288 void 289 bye(dummy) 290 int dummy; 291 { 292 (void)tcsetattr(0, TCSADRAIN, &tty); 293 (void)printf("lock: timeout\n"); 294 exit(1); 295 } 296