1 /* 2 * Copyright (c) 1980, 1987, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from software contributed to Berkeley by 6 * Bob Toxen. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 4. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #ifndef lint 34 static const char copyright[] = 35 "@(#) Copyright (c) 1980, 1987, 1993\n\ 36 The Regents of the University of California. All rights reserved.\n"; 37 #endif /* not lint */ 38 39 #ifndef lint 40 #if 0 41 static char sccsid[] = "@(#)lock.c 8.1 (Berkeley) 6/6/93"; 42 #endif 43 #endif /* not lint */ 44 #include <sys/cdefs.h> 45 __FBSDID("$FreeBSD$"); 46 47 /* 48 * Lock a terminal up until the given key is entered or the given 49 * interval times out. 50 * 51 * Timeout interval is by default TIMEOUT, it can be changed with 52 * an argument of the form -time where time is in minutes 53 */ 54 55 #include <sys/param.h> 56 #include <sys/stat.h> 57 #include <sys/signal.h> 58 #include <sys/consio.h> 59 60 #include <err.h> 61 #include <ctype.h> 62 #include <errno.h> 63 #include <paths.h> 64 #include <pwd.h> 65 #include <stdint.h> 66 #include <stdio.h> 67 #include <stdlib.h> 68 #include <string.h> 69 #include <syslog.h> 70 #include <termios.h> 71 #include <time.h> 72 #include <unistd.h> 73 74 #define TIMEOUT 15 75 76 static void quit(int); 77 static void bye(int); 78 static void hi(int); 79 static void usage(void); 80 81 static struct timeval timeout; 82 static struct timeval zerotime; 83 static struct termios tty, ntty; 84 static long nexttime; /* keep the timeout time */ 85 static int no_timeout; /* lock terminal forever */ 86 static int vtyunlock; /* Unlock flag and code. */ 87 88 /*ARGSUSED*/ 89 int 90 main(int argc, char **argv) 91 { 92 struct passwd *pw; 93 struct itimerval ntimer, otimer; 94 struct tm *timp; 95 time_t timval; 96 int ch, failures, sectimeout, usemine, vtylock; 97 char *ap, *cryptpw, *mypw, *ttynam, *tzn; 98 char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ]; 99 100 openlog("lock", LOG_ODELAY, LOG_AUTH); 101 102 sectimeout = TIMEOUT; 103 pw = NULL; 104 mypw = NULL; 105 usemine = 0; 106 no_timeout = 0; 107 vtylock = 0; 108 while ((ch = getopt(argc, argv, "npt:v")) != -1) 109 switch((char)ch) { 110 case 't': 111 if ((sectimeout = atoi(optarg)) <= 0) 112 errx(1, "illegal timeout value"); 113 break; 114 case 'p': 115 usemine = 1; 116 if (!(pw = getpwuid(getuid()))) 117 errx(1, "unknown uid %d", getuid()); 118 mypw = strdup(pw->pw_passwd); 119 break; 120 case 'n': 121 no_timeout = 1; 122 break; 123 case 'v': 124 vtylock = 1; 125 break; 126 case '?': 127 default: 128 usage(); 129 } 130 timeout.tv_sec = sectimeout * 60; 131 132 setuid(getuid()); /* discard privs */ 133 134 if (tcgetattr(0, &tty)) /* get information for header */ 135 exit(1); 136 gethostname(hostname, sizeof(hostname)); 137 if (!(ttynam = ttyname(0))) 138 errx(1, "not a terminal?"); 139 if (strncmp(ttynam, _PATH_DEV, strlen(_PATH_DEV)) == 0) 140 ttynam += strlen(_PATH_DEV); 141 timval = time(NULL); 142 nexttime = timval + (sectimeout * 60); 143 timp = localtime(&timval); 144 ap = asctime(timp); 145 tzn = timp->tm_zone; 146 147 (void)signal(SIGINT, quit); 148 (void)signal(SIGQUIT, quit); 149 ntty = tty; ntty.c_lflag &= ~ECHO; 150 (void)tcsetattr(0, TCSADRAIN|TCSASOFT, &ntty); 151 152 if (!mypw) { 153 /* get key and check again */ 154 (void)printf("Key: "); 155 if (!fgets(s, sizeof(s), stdin) || *s == '\n') 156 quit(0); 157 (void)printf("\nAgain: "); 158 /* 159 * Don't need EOF test here, if we get EOF, then s1 != s 160 * and the right things will happen. 161 */ 162 (void)fgets(s1, sizeof(s1), stdin); 163 (void)putchar('\n'); 164 if (strcmp(s1, s)) { 165 (void)printf("\07lock: passwords didn't match.\n"); 166 (void)tcsetattr(0, TCSADRAIN|TCSASOFT, &tty); 167 exit(1); 168 } 169 s[0] = '\0'; 170 mypw = s1; 171 } 172 173 /* set signal handlers */ 174 (void)signal(SIGINT, hi); 175 (void)signal(SIGQUIT, hi); 176 (void)signal(SIGTSTP, hi); 177 (void)signal(SIGALRM, bye); 178 179 ntimer.it_interval = zerotime; 180 ntimer.it_value = timeout; 181 if (!no_timeout) 182 setitimer(ITIMER_REAL, &ntimer, &otimer); 183 if (vtylock) { 184 /* 185 * If this failed, we want to err out; warn isn't good 186 * enough, since we don't want the user to think that 187 * everything is nice and locked because they got a 188 * "Key:" prompt. 189 */ 190 if (ioctl(0, VT_LOCKSWITCH, &vtylock) == -1) { 191 (void)tcsetattr(0, TCSADRAIN|TCSASOFT, &tty); 192 err(1, "locking vty"); 193 } 194 vtyunlock = 0x2; 195 } 196 197 /* header info */ 198 if (pw != NULL) 199 (void)printf("lock: %s using %s on %s.", pw->pw_name, 200 ttynam, hostname); 201 else 202 (void)printf("lock: %s on %s.", ttynam, hostname); 203 if (no_timeout) 204 (void)printf(" no timeout."); 205 else 206 (void)printf(" timeout in %d minute%s.", sectimeout, 207 sectimeout != 1 ? "s" : ""); 208 if (vtylock) 209 (void)printf(" vty locked."); 210 (void)printf("\ntime now is %.20s%s%s", ap, tzn, ap + 19); 211 212 failures = 0; 213 214 for (;;) { 215 (void)printf("Key: "); 216 if (!fgets(s, sizeof(s), stdin)) { 217 clearerr(stdin); 218 hi(0); 219 goto tryagain; 220 } 221 if (usemine) { 222 s[strlen(s) - 1] = '\0'; 223 cryptpw = crypt(s, mypw); 224 if (cryptpw == NULL || !strcmp(mypw, cryptpw)) 225 break; 226 } 227 else if (!strcmp(s, s1)) 228 break; 229 (void)printf("\07\n"); 230 failures++; 231 if (getuid() == 0) 232 syslog(LOG_NOTICE, "%d ROOT UNLOCK FAILURE%s (%s on %s)", 233 failures, failures > 1 ? "S": "", ttynam, hostname); 234 tryagain: 235 if (tcgetattr(0, &ntty) && (errno != EINTR)) 236 exit(1); 237 sleep(1); /* to discourage guessing */ 238 } 239 if (getuid() == 0) 240 syslog(LOG_NOTICE, "ROOT UNLOCK ON hostname %s port %s", 241 hostname, ttynam); 242 quit(0); 243 return(0); /* not reached */ 244 } 245 246 247 static void 248 usage(void) 249 { 250 (void)fprintf(stderr, "usage: lock [-npv] [-t timeout]\n"); 251 exit(1); 252 } 253 254 static void 255 hi(int signo __unused) 256 { 257 time_t timval; 258 259 timval = time(NULL); 260 (void)printf("lock: type in the unlock key. "); 261 if (no_timeout) { 262 (void)putchar('\n'); 263 } else { 264 (void)printf("timeout in %jd:%jd minutes\n", 265 (intmax_t)(nexttime - timval) / 60, 266 (intmax_t)(nexttime - timval) % 60); 267 } 268 } 269 270 static void 271 quit(int signo __unused) 272 { 273 (void)putchar('\n'); 274 (void)tcsetattr(0, TCSADRAIN|TCSASOFT, &tty); 275 if (vtyunlock) 276 (void)ioctl(0, VT_LOCKSWITCH, &vtyunlock); 277 exit(0); 278 } 279 280 static void 281 bye(int signo __unused) 282 { 283 if (!no_timeout) { 284 (void)tcsetattr(0, TCSADRAIN|TCSASOFT, &tty); 285 if (vtyunlock) 286 (void)ioctl(0, VT_LOCKSWITCH, &vtyunlock); 287 (void)printf("lock: timeout\n"); 288 exit(1); 289 } 290 } 291