1 /*- 2 * Copyright (c) 1996 by 3 * Sean Eric Fagan <sef@kithrup.com> 4 * David Nugent <davidn@blaze.net.au> 5 * All rights reserved. 6 * 7 * Portions copyright (c) 1995,1997 by 8 * Berkeley Software Design, Inc. 9 * All rights reserved. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, is permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice immediately at the beginning of the file, without modification, 16 * this list of conditions, and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. This work was done expressly for inclusion into FreeBSD. Other use 21 * is permitted provided this notation is included. 22 * 4. Absolutely no warranty of function or purpose is made by the authors. 23 * 5. Modifications may be freely made to this file providing the above 24 * conditions are met. 25 * 26 * Low-level routines relating to the user capabilities database 27 */ 28 29 #include <sys/cdefs.h> 30 #include <sys/types.h> 31 #include <sys/time.h> 32 #include <sys/resource.h> 33 #include <sys/stat.h> 34 #include <sys/param.h> 35 #include <sys/socket.h> 36 #include <sys/wait.h> 37 #include <ctype.h> 38 #include <err.h> 39 #include <errno.h> 40 #include <fcntl.h> 41 #include <libutil.h> 42 #include <limits.h> 43 #include <login_cap.h> 44 #include <paths.h> 45 #include <pwd.h> 46 #include <stdarg.h> 47 #include <stdio.h> 48 #include <stdlib.h> 49 #include <string.h> 50 #include <syslog.h> 51 #include <unistd.h> 52 53 54 /* 55 * auth_checknologin() 56 * Checks for the existence of a nologin file in the login_cap 57 * capability <lc>. If there isn't one specified, then it checks 58 * to see if this class should just ignore nologin files. Lastly, 59 * it tries to print out the default nologin file, and, if such 60 * exists, it exits. 61 */ 62 63 void 64 auth_checknologin(login_cap_t *lc) 65 { 66 const char *file; 67 68 /* Do we ignore a nologin file? */ 69 if (login_getcapbool(lc, "ignorenologin", 0)) 70 return; 71 72 /* Note that <file> will be "" if there is no nologin capability */ 73 if ((file = login_getcapstr(lc, "nologin", "", NULL)) == NULL) 74 exit(1); 75 76 /* 77 * *file is true IFF there was a "nologin" capability 78 * Note that auth_cat() returns 1 only if the specified 79 * file exists, and is readable. E.g., /.nologin exists. 80 */ 81 if ((*file && auth_cat(file)) || auth_cat(_PATH_NOLOGIN)) 82 exit(1); 83 } 84 85 86 /* 87 * auth_cat() 88 * Checks for the readability of <file>; if it can be opened for 89 * reading, it prints it out to stdout, and then exits. Otherwise, 90 * it returns 0 (meaning no nologin file). 91 */ 92 93 int 94 auth_cat(const char *file) 95 { 96 int fd, count; 97 char buf[BUFSIZ]; 98 99 if ((fd = open(file, O_RDONLY | O_CLOEXEC)) < 0) 100 return 0; 101 while ((count = read(fd, buf, sizeof(buf))) > 0) 102 (void)write(fileno(stdout), buf, count); 103 close(fd); 104 sleep(5); /* wait an arbitrary time to drain */ 105 return 1; 106 } 107