2 * Copyright (c) 1980, 1987, 1993
3 * The Regents of the University of California. All rights reserved.
5 * This code is derived from software contributed to Berkeley by
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 4. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * @(#) Copyright (c) 1980, 1987, 1993 The Regents of the University of California. All rights reserved.
33 * @(#)lock.c 8.1 (Berkeley) 6/6/93
34 * $FreeBSD: src/usr.bin/lock/lock.c,v 1.8.2.1 2002/09/15 22:32:56 dd Exp $
38 * Lock a terminal up until the given key is entered or the given
41 * Timeout interval is by default TIMEOUT, it can be changed with
42 * an argument of the form -time where time is in minutes
45 #include <sys/param.h>
47 #include <sys/consio.h>
63 static void quit(int);
66 static void usage(void);
68 static struct timeval timeout;
69 static struct timeval zerotime;
70 static struct termios tty, ntty;
71 static long nexttime; /* keep the timeout time */
72 static int no_timeout; /* lock terminal forever */
73 static int vtyunlock; /* Unlock flag and code. */
77 main(int argc, char **argv)
81 struct itimerval ntimer, otimer;
83 int ch, failures, sectimeout, usemine, vtylock;
85 char *ap, *ep, *mypw, *cryptpw, *ttynam, *tzn;
86 char hostname[MAXHOSTNAMELEN + 1], s[BUFSIZ], s1[BUFSIZ];
88 openlog("lock", LOG_ODELAY, LOG_AUTH);
96 while ((ch = getopt(argc, argv, "npt:v")) != -1)
99 tmp = strtol(optarg, &ep, 10);
100 if (*ep != '\0' || tmp > INT_MAX || tmp < INT_MIN)
101 errx(1, "illegal timeout value");
102 sectimeout = (int)tmp;
106 if (!(pw = getpwuid(getuid())))
107 errx(1, "unknown uid %d", getuid());
108 mypw = strdup(pw->pw_passwd);
120 timeout.tv_sec = sectimeout * 60;
122 if (setuid(getuid()) != 0) /* discard privs */
123 errx(1, "setuid failed");
125 if (tcgetattr(STDIN_FILENO, &tty)) /* get information for header */
126 err(1, "tcgetattr failed");
128 gethostname(hostname, sizeof(hostname));
129 if (!(ttynam = ttyname(STDIN_FILENO)))
130 errx(1, "not a terminal?");
132 nexttime = timval + (sectimeout * 60);
133 timp = localtime(&timval);
137 signal(SIGINT, quit);
138 signal(SIGQUIT, quit);
139 ntty = tty; ntty.c_lflag &= ~ECHO;
140 tcsetattr(STDIN_FILENO, TCSADRAIN|TCSASOFT, &ntty);
143 /* get key and check again */
145 if (!fgets(s, sizeof(s), stdin) || *s == '\n')
149 * Don't need EOF test here, if we get EOF, then s1 != s
150 * and the right things will happen.
152 fgets(s1, sizeof(s1), stdin);
155 printf("\07lock: passwords didn't match.\n");
156 tcsetattr(STDIN_FILENO, TCSADRAIN|TCSASOFT, &tty);
163 /* set signal handlers */
167 signal(SIGALRM, bye);
169 ntimer.it_interval = zerotime;
170 ntimer.it_value = timeout;
172 setitimer(ITIMER_REAL, &ntimer, &otimer);
175 * If this failed, we want to err out; warn isn't good
176 * enough, since we don't want the user to think that
177 * everything is nice and locked because they got a
180 if (ioctl(STDIN_FILENO, VT_LOCKSWITCH, &vtylock) == -1) {
181 tcsetattr(0, TCSADRAIN|TCSASOFT, &tty);
182 err(1, "locking vty");
189 printf("lock: %s using %s on %s.", pw->pw_name,
192 printf("lock: %s on %s.", ttynam, hostname);
194 printf(" no timeout.");
196 printf(" timeout in %d minute%s.", sectimeout,
197 sectimeout != 1 ? "s" : "");
199 printf(" vty locked.");
200 printf("\ntime now is %.20s%s%s", ap, tzn, ap + 19);
206 if (!fgets(s, sizeof(s), stdin)) {
212 s[strlen(s) - 1] = '\0';
213 cryptpw = crypt(s, mypw);
214 if (cryptpw == NULL || !strcmp(mypw, cryptpw))
217 else if (!strcmp(s, s1))
222 syslog(LOG_NOTICE, "%d ROOT UNLOCK FAILURE%s (%s on %s)",
223 failures, failures > 1 ? "S": "", ttynam, hostname);
225 if (tcgetattr(0, &ntty) && (errno != EINTR))
227 sleep(1); /* to discourage guessing */
230 syslog(LOG_NOTICE, "ROOT UNLOCK ON hostname %s port %s",
233 return(0); /* not reached */
240 fprintf(stderr, "usage: lock [-npv] [-t timeout]\n");
245 hi(int signo __unused)
249 if ((timval = time(NULL)) != (time_t)-1) {
250 printf("lock: type in the unlock key. ");
254 printf("timeout in %jd:%jd minutes\n",
255 (intmax_t)(nexttime - timval) / 60,
256 (intmax_t)(nexttime - timval) % 60);
262 quit(int signo __unused)
265 tcsetattr(STDIN_FILENO, TCSADRAIN|TCSASOFT, &tty);
267 ioctl(STDIN_FILENO, VT_LOCKSWITCH, &vtyunlock);
272 bye(int signo __unused)
275 tcsetattr(STDIN_FILENO, TCSADRAIN|TCSASOFT, &tty);
277 ioctl(STDIN_FILENO, VT_LOCKSWITCH, &vtyunlock);
278 printf("lock: timeout\n");
projects / dragonfly.git / blob