1 /*-
2 * Copyright (c) 1996 by
3 * Sean Eric Fagan <sef@kithrup.com>
4 * David Nugent <davidn@blaze.net.au>
5 * All rights reserved.
6 *
7 * Portions copyright (c) 1995,1997 by
8 * Berkeley Software Design, Inc.
9 * All rights reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, is permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice immediately at the beginning of the file, without modification,
16 * this list of conditions, and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. This work was done expressly for inclusion into FreeBSD. Other use
21 * is permitted provided this notation is included.
22 * 4. Absolutely no warranty of function or purpose is made by the authors.
23 * 5. Modifications may be freely made to this file providing the above
24 * conditions are met.
25 *
26 * Low-level routines relating to the user capabilities database
27 */
28
29 #include <sys/types.h>
30 #include <sys/time.h>
31 #include <sys/resource.h>
32 #include <sys/stat.h>
33 #include <sys/param.h>
34 #include <sys/socket.h>
35 #include <sys/wait.h>
36 #include <ctype.h>
37 #include <err.h>
38 #include <errno.h>
39 #include <fcntl.h>
40 #include <libutil.h>
41 #include <limits.h>
42 #include <login_cap.h>
43 #include <paths.h>
44 #include <pwd.h>
45 #include <stdarg.h>
46 #include <stdio.h>
47 #include <stdlib.h>
48 #include <string.h>
49 #include <syslog.h>
50 #include <unistd.h>
51
52
53 /*
54 * auth_checknologin()
55 * Checks for the existence of a nologin file in the login_cap
56 * capability <lc>. If there isn't one specified, then it checks
57 * to see if this class should just ignore nologin files. Lastly,
58 * it tries to print out the default nologin file, and, if such
59 * exists, it exits.
60 */
61
62 void
auth_checknologin(login_cap_t * lc)63 auth_checknologin(login_cap_t *lc)
64 {
65 const char *file;
66
67 /* Do we ignore a nologin file? */
68 if (login_getcapbool(lc, "ignorenologin", 0))
69 return;
70
71 /* Note that <file> will be "" if there is no nologin capability */
72 if ((file = login_getcapstr(lc, "nologin", "", NULL)) == NULL)
73 exit(1);
74
75 /*
76 * *file is true IFF there was a "nologin" capability
77 * Note that auth_cat() returns 1 only if the specified
78 * file exists, and is readable. E.g., /.nologin exists.
79 */
80 if ((*file && auth_cat(file)) || auth_cat(_PATH_NOLOGIN))
81 exit(1);
82 }
83
84
85 /*
86 * auth_cat()
87 * Checks for the readability of <file>; if it can be opened for
88 * reading, it prints it out to stdout, and then exits. Otherwise,
89 * it returns 0 (meaning no nologin file).
90 */
91
92 int
auth_cat(const char * file)93 auth_cat(const char *file)
94 {
95 int fd, count;
96 char buf[BUFSIZ];
97
98 if ((fd = open(file, O_RDONLY | O_CLOEXEC)) < 0)
99 return 0;
100 while ((count = read(fd, buf, sizeof(buf))) > 0)
101 (void)write(fileno(stdout), buf, count);
102 close(fd);
103 sleep(5); /* wait an arbitrary time to drain */
104 return 1;
105 }
106