xref: /freebsd/lib/libutil/login_auth.c (revision a2f733abcff64628b7771a47089628b7327a88bd) 
168bbf3adSDavid Nugent /*-
268bbf3adSDavid Nugent  * Copyright (c) 1996 by
368bbf3adSDavid Nugent  * Sean Eric Fagan <sef@kithrup.com>
468bbf3adSDavid Nugent  * David Nugent <davidn@blaze.net.au>
568bbf3adSDavid Nugent  * All rights reserved.
668bbf3adSDavid Nugent  *
756c04344SDavid Nugent  * Portions copyright (c) 1995,1997 by
856c04344SDavid Nugent  * Berkeley Software Design, Inc.
956c04344SDavid Nugent  * All rights reserved.
1056c04344SDavid Nugent  *
1168bbf3adSDavid Nugent  * Redistribution and use in source and binary forms, with or without
1268bbf3adSDavid Nugent  * modification, is permitted provided that the following conditions
1368bbf3adSDavid Nugent  * are met:
1468bbf3adSDavid Nugent  * 1. Redistributions of source code must retain the above copyright
1568bbf3adSDavid Nugent  *    notice immediately at the beginning of the file, without modification,
1668bbf3adSDavid Nugent  *    this list of conditions, and the following disclaimer.
1768bbf3adSDavid Nugent  * 2. Redistributions in binary form must reproduce the above copyright
1868bbf3adSDavid Nugent  *    notice, this list of conditions and the following disclaimer in the
1968bbf3adSDavid Nugent  *    documentation and/or other materials provided with the distribution.
2068bbf3adSDavid Nugent  * 3. This work was done expressly for inclusion into FreeBSD.  Other use
2168bbf3adSDavid Nugent  *    is permitted provided this notation is included.
2268bbf3adSDavid Nugent  * 4. Absolutely no warranty of function or purpose is made by the authors.
2368bbf3adSDavid Nugent  * 5. Modifications may be freely made to this file providing the above
2468bbf3adSDavid Nugent  *    conditions are met.
2568bbf3adSDavid Nugent  *
2668bbf3adSDavid Nugent  * Low-level routines relating to the user capabilities database
2768bbf3adSDavid Nugent  */
2868bbf3adSDavid Nugent 
2968bbf3adSDavid Nugent #include <sys/types.h>
3068bbf3adSDavid Nugent #include <sys/time.h>
3168bbf3adSDavid Nugent #include <sys/resource.h>
3268bbf3adSDavid Nugent #include <sys/stat.h>
3356c04344SDavid Nugent #include <sys/param.h>
340ebec5d3SMark Murray #include <sys/socket.h>
350ebec5d3SMark Murray #include <sys/wait.h>
360ebec5d3SMark Murray #include <ctype.h>
370ebec5d3SMark Murray #include <err.h>
3868bbf3adSDavid Nugent #include <errno.h>
3968bbf3adSDavid Nugent #include <fcntl.h>
400ebec5d3SMark Murray #include <libutil.h>
4168bbf3adSDavid Nugent #include <limits.h>
420ebec5d3SMark Murray #include <login_cap.h>
430ebec5d3SMark Murray #include <paths.h>
4468bbf3adSDavid Nugent #include <pwd.h>
450ebec5d3SMark Murray #include <stdarg.h>
460ebec5d3SMark Murray #include <stdio.h>
4768bbf3adSDavid Nugent #include <stdlib.h>
4868bbf3adSDavid Nugent #include <string.h>
4968bbf3adSDavid Nugent #include <syslog.h>
5068bbf3adSDavid Nugent #include <unistd.h>
5168bbf3adSDavid Nugent 
5268bbf3adSDavid Nugent 
5368bbf3adSDavid Nugent /*
5468bbf3adSDavid Nugent  * auth_checknologin()
55*872a3a62SPedro F. Giffuni  * Checks for the existence of a nologin file in the login_cap
5668bbf3adSDavid Nugent  * capability <lc>.  If there isn't one specified, then it checks
5768bbf3adSDavid Nugent  * to see if this class should just ignore nologin files.  Lastly,
5868bbf3adSDavid Nugent  * it tries to print out the default nologin file, and, if such
5968bbf3adSDavid Nugent  * exists, it exits.
6068bbf3adSDavid Nugent  */
6168bbf3adSDavid Nugent 
6268bbf3adSDavid Nugent void
auth_checknologin(login_cap_t * lc)6368bbf3adSDavid Nugent auth_checknologin(login_cap_t *lc)
6468bbf3adSDavid Nugent {
65b00ba4ccSRuslan Ermilov   const char *file;
6668bbf3adSDavid Nugent 
6768bbf3adSDavid Nugent   /* Do we ignore a nologin file? */
6868bbf3adSDavid Nugent   if (login_getcapbool(lc, "ignorenologin", 0))
6968bbf3adSDavid Nugent     return;
7068bbf3adSDavid Nugent 
7168bbf3adSDavid Nugent   /* Note that <file> will be "" if there is no nologin capability */
7268bbf3adSDavid Nugent   if ((file = login_getcapstr(lc, "nologin", "", NULL)) == NULL)
7368bbf3adSDavid Nugent     exit(1);
7468bbf3adSDavid Nugent 
7568bbf3adSDavid Nugent   /*
7668bbf3adSDavid Nugent    * *file is true IFF there was a "nologin" capability
7768bbf3adSDavid Nugent    * Note that auth_cat() returns 1 only if the specified
7868bbf3adSDavid Nugent    * file exists, and is readable.  E.g., /.nologin exists.
7968bbf3adSDavid Nugent    */
8068bbf3adSDavid Nugent   if ((*file && auth_cat(file)) || auth_cat(_PATH_NOLOGIN))
8168bbf3adSDavid Nugent     exit(1);
8268bbf3adSDavid Nugent }
8368bbf3adSDavid Nugent 
8468bbf3adSDavid Nugent 
8568bbf3adSDavid Nugent /*
8668bbf3adSDavid Nugent  * auth_cat()
8768bbf3adSDavid Nugent  * Checks for the readability of <file>; if it can be opened for
8868bbf3adSDavid Nugent  * reading, it prints it out to stdout, and then exits.  Otherwise,
8968bbf3adSDavid Nugent  * it returns 0 (meaning no nologin file).
9068bbf3adSDavid Nugent  */
9156c04344SDavid Nugent 
9268bbf3adSDavid Nugent int
auth_cat(const char * file)9368bbf3adSDavid Nugent auth_cat(const char *file)
9468bbf3adSDavid Nugent {
9568bbf3adSDavid Nugent   int fd, count;
9668bbf3adSDavid Nugent   char buf[BUFSIZ];
9768bbf3adSDavid Nugent 
98d1d4d952SJilles Tjoelker   if ((fd = open(file, O_RDONLY | O_CLOEXEC)) < 0)
9968bbf3adSDavid Nugent     return 0;
10068bbf3adSDavid Nugent   while ((count = read(fd, buf, sizeof(buf))) > 0)
10156c04344SDavid Nugent     (void)write(fileno(stdout), buf, count);
10268bbf3adSDavid Nugent   close(fd);
10378e4c024SDavid Nugent   sleep(5);	/* wait an arbitrary time to drain */
10468bbf3adSDavid Nugent   return 1;
10568bbf3adSDavid Nugent }
106