Remove building with NOCRYPTO option
[minix3.git] / usr.bin / lock / lock.c
blob58601ba14017a2019374c58e6b71f43afe0f78f4
1 /* $NetBSD: lock.c,v 1.33 2013/10/18 20:47:06 christos Exp $ */
3 /*
4 * Copyright (c) 1980, 1987, 1993
5 * The Regents of the University of California. All rights reserved.
7 * This code is derived from software contributed to Berkeley by
8 * Bob Toxen.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
35 #include <sys/cdefs.h>
36 #ifndef lint
37 __COPYRIGHT("@(#) Copyright (c) 1980, 1987, 1993\
38 The Regents of the University of California. All rights reserved.");
39 #endif /* not lint */
41 #ifndef lint
42 #if 0
43 static char sccsid[] = "@(#)lock.c 8.1 (Berkeley) 6/6/93";
44 #endif
45 __RCSID("$NetBSD: lock.c,v 1.33 2013/10/18 20:47:06 christos Exp $");
46 #endif /* not lint */
49 * Lock a terminal up until the given key is entered, until the root
50 * password is entered, or the given interval times out.
52 * Timeout interval is by default TIMEOUT, it can be changed with
53 * an argument of the form -time where time is in minutes
56 #include <sys/param.h>
57 #include <sys/stat.h>
58 #include <sys/time.h>
59 #include <signal.h>
61 #include <err.h>
62 #include <pwd.h>
63 #include <errno.h>
64 #include <stdio.h>
65 #include <stdlib.h>
66 #include <string.h>
67 #include <termios.h>
68 #include <time.h>
69 #include <unistd.h>
71 #ifdef USE_PAM
72 #include <security/pam_appl.h>
73 #include <security/openpam.h> /* for openpam_ttyconv() */
74 #endif
76 #ifdef SKEY
77 #include <skey.h>
78 #endif
81 #define TIMEOUT 15
83 int main(int, char **);
85 static void bye(int) __dead;
86 static void hi(int);
87 static void quit(int) __dead;
88 #ifdef SKEY
89 static int skey_auth(const char *);
90 #endif
92 static struct timeval timeout;
93 static struct timeval zerotime;
94 static struct termios tty, ntty;
95 static int notimeout; /* no timeout at all */
96 static long nexttime; /* keep the timeout time */
98 int
99 main(int argc, char **argv)
101 struct passwd *pw;
102 struct timeval timval;
103 struct itimerval ntimer, otimer;
104 struct tm *timp;
105 time_t curtime;
106 int ch, usemine;
107 long sectimeout;
108 char *ap, *ttynam;
109 const char *tzn;
110 uid_t uid = getuid();
111 char hostname[MAXHOSTNAMELEN + 1], s[BUFSIZ], s1[BUFSIZ];
112 #ifdef USE_PAM
113 pam_handle_t *pamh = NULL;
114 static const struct pam_conv pamc = { &openpam_ttyconv, NULL };
115 int pam_err;
116 #else
117 char *mypw = NULL;
118 #endif
120 if ((pw = getpwuid(getuid())) == NULL)
121 errx(1, "unknown uid %lu.", (u_long)uid);
123 notimeout = 0;
124 sectimeout = TIMEOUT;
125 usemine = 0;
127 while ((ch = getopt(argc, argv, "npt:")) != -1)
128 switch ((char)ch) {
129 case 'n':
130 notimeout = 1;
131 break;
132 case 't':
133 errno = 0;
134 if (((sectimeout = strtol(optarg, &ap, 0)) == LONG_MAX
135 || sectimeout == LONG_MIN)
136 && errno == ERANGE)
137 err(1, "illegal timeout value: %s", optarg);
138 if (optarg == ap || *ap || sectimeout <= 0)
139 errx(1, "illegal timeout value: %s", optarg);
140 if (sectimeout >= INT_MAX / 60)
141 errx(1, "too large timeout value: %ld",
142 sectimeout);
143 break;
144 case 'p':
145 usemine = 1;
146 #ifndef USE_PAM
147 mypw = strdup(pw->pw_passwd);
148 if (!mypw)
149 err(1, "strdup");
150 #endif
151 break;
152 case '?':
153 default:
154 (void)fprintf(stderr,
155 "usage: %s [-np] [-t timeout]\n", getprogname());
156 exit(1);
159 #if defined(USE_PAM) || defined(SKEY)
160 if (! usemine) { /* -p with PAM or S/key needs privs */
161 #endif
162 if (setuid(uid) == -1) /* discard privs */
163 err(1, "setuid failed");
164 #if defined(USE_PAM) || defined(SKEY)
166 #endif
168 timeout.tv_sec = (int)sectimeout * 60;
170 if (tcgetattr(STDIN_FILENO, &tty) < 0) /* get information for header */
171 err(1, "tcgetattr failed");
172 gethostname(hostname, sizeof(hostname));
173 hostname[sizeof(hostname) - 1] = '\0';
174 if (!(ttynam = ttyname(STDIN_FILENO)))
175 err(1, "ttyname failed");
176 if (gettimeofday(&timval, NULL) == -1)
177 err(1, "gettimeofday failed");
178 curtime = timval.tv_sec;
179 nexttime = timval.tv_sec + ((int)sectimeout * 60);
180 timp = localtime(&curtime);
181 ap = asctime(timp);
182 #ifdef __SVR4
183 tzn = tzname[0];
184 #else
185 tzn = timp->tm_zone;
186 #endif
188 if (signal(SIGINT, quit) == SIG_ERR)
189 err(1, "signal failed");
190 if (signal(SIGQUIT, quit) == SIG_ERR)
191 err(1, "signal failed");
192 ntty = tty; ntty.c_lflag &= ~ECHO;
193 if (tcsetattr(STDIN_FILENO, TCSADRAIN, &ntty) == -1)
194 err(1, "tcsetattr");
196 if (!usemine) {
197 /* get key and check again */
198 (void)printf("Key: ");
199 if (!fgets(s, sizeof(s), stdin) || *s == '\n')
200 quit(0);
201 (void)printf("\nAgain: ");
203 * Don't need EOF test here, if we get EOF, then s1 != s
204 * and the right things will happen.
206 (void)fgets(s1, sizeof(s1), stdin);
207 (void)putchar('\n');
208 if (strcmp(s1, s)) {
209 (void)printf("\alock: passwords didn't match.\n");
210 (void)tcsetattr(STDIN_FILENO, TCSADRAIN, &tty);
211 exit(1);
213 s[0] = '\0';
214 #ifndef USE_PAM
215 mypw = s1;
216 #endif
218 #ifdef USE_PAM
219 if (usemine) {
220 pam_err = pam_start("lock", pw->pw_name, &pamc, &pamh);
221 if (pam_err != PAM_SUCCESS)
222 err(1, "pam_start: %s", pam_strerror(NULL, pam_err));
224 #endif
226 /* set signal handlers */
227 if (signal(SIGINT, hi) == SIG_ERR)
228 err(1, "signal failed");
229 if (signal(SIGQUIT, hi) == SIG_ERR)
230 err(1, "signal failed");
231 if (signal(SIGTSTP, hi) == SIG_ERR)
232 err(1, "signal failed");
234 if (notimeout) {
235 if (signal(SIGALRM, hi) == SIG_ERR)
236 err(1, "signal failed");
237 (void)printf("lock: %s on %s. no timeout.\n"
238 "time now is %.20s%s%s",
239 ttynam, hostname, ap, tzn, ap + 19);
241 else {
242 if (signal(SIGALRM, bye) == SIG_ERR)
243 err(1, "signal failed");
245 ntimer.it_interval = zerotime;
246 ntimer.it_value = timeout;
247 if (setitimer(ITIMER_REAL, &ntimer, &otimer) == -1)
248 err(1, "setitimer failed");
250 /* header info */
251 (void)printf("lock: %s on %s. timeout in %ld minutes\n"
252 "time now is %.20s%s%s",
253 ttynam, hostname, sectimeout, ap, tzn, ap + 19);
256 for (;;) {
257 #ifdef USE_PAM
258 if (usemine) {
259 pam_err = pam_authenticate(pamh, 0);
260 if (pam_err == PAM_SUCCESS)
261 break;
262 goto tryagain;
264 #endif
265 (void)printf("Key: ");
266 if (!fgets(s, sizeof(s), stdin)) {
267 clearerr(stdin);
268 hi(0);
269 goto tryagain;
271 #ifndef USE_PAM
272 if (usemine) {
273 s[strlen(s) - 1] = '\0';
274 #ifdef SKEY
275 if (strcasecmp(s, "s/key") == 0) {
276 if (skey_auth(pw->pw_name))
277 break;
279 #endif
280 if (!strcmp(mypw, crypt(s, mypw)))
281 break;
283 else
284 #endif
285 if (!strcmp(s, s1))
286 break;
287 (void)printf("\a\n");
288 tryagain:
289 if (tcsetattr(STDIN_FILENO, TCSADRAIN, &ntty) == -1
290 && errno != EINTR)
291 err(1, "tcsetattr failed");
293 #ifdef USE_PAM
294 if (usemine) {
295 (void)pam_end(pamh, pam_err);
297 #endif
298 quit(0);
299 /* NOTREACHED */
300 return 0;
303 #ifdef SKEY
305 * We can't use libskey's skey_authenticate() since it
306 * handles signals in a way that's inappropriate
307 * for our needs. Instead we roll our own.
309 static int
310 skey_auth(const char *user)
312 char s[128];
313 const char *ask;
314 int ret = 0;
316 if (!skey_haskey(user) && (ask = skey_keyinfo(user))) {
317 (void)printf("\n[%s]\nResponse: ", ask);
318 if (!fgets(s, sizeof(s), stdin) || *s == '\n')
319 clearerr(stdin);
320 else {
321 s[strlen(s) - 1] = '\0';
322 if (skey_passcheck(user, s) != -1)
323 ret = 1;
325 } else
326 (void)printf("Sorry, you have no s/key.\n");
327 return ret;
329 #endif
331 static void
332 hi(int dummy)
334 struct timeval timval;
336 if (notimeout)
337 (void)printf("lock: type in the unlock key.\n");
338 else {
339 if (gettimeofday(&timval, NULL) == -1)
340 err(1, "gettimeofday failed");
341 (void)printf("lock: type in the unlock key. "
342 "timeout in %lld:%lld minutes\n",
343 (long long)(nexttime - timval.tv_sec) / 60,
344 (long long)(nexttime - timval.tv_sec) % 60);
348 static void
349 quit(int dummy)
351 (void)putchar('\n');
352 (void)tcsetattr(STDIN_FILENO, TCSADRAIN, &tty);
353 exit(0);
356 static void
357 bye(int dummy)
359 (void)tcsetattr(STDIN_FILENO, TCSADRAIN, &tty);
360 (void)printf("lock: timeout\n");
361 exit(1);