login_auth.c revision 94202 
18197Sjkh/*-
28197Sjkh * Copyright (c) 1996 by
38197Sjkh * Sean Eric Fagan <sef@kithrup.com>
48153Sphk * David Nugent <davidn@blaze.net.au>
58197Sjkh * All rights reserved.
68264Sphk *
78197Sjkh * Portions copyright (c) 1995,1997 by
88197Sjkh * Berkeley Software Design, Inc.
98197Sjkh * All rights reserved.
1014657Speter *
118179Sphk * Redistribution and use in source and binary forms, with or without
128197Sjkh * modification, is permitted provided that the following conditions
138197Sjkh * are met:
148233Sphk * 1. Redistributions of source code must retain the above copyright
158153Sphk *    notice immediately at the beginning of the file, without modification,
168404Sphk *    this list of conditions, and the following disclaimer.
178178Sphk * 2. Redistributions in binary form must reproduce the above copyright
188178Sphk *    notice, this list of conditions and the following disclaimer in the
198178Sphk *    documentation and/or other materials provided with the distribution.
208178Sphk * 3. This work was done expressly for inclusion into FreeBSD.  Other use
218197Sjkh *    is permitted provided this notation is included.
228178Sphk * 4. Absolutely no warranty of function or purpose is made by the authors.
238233Sphk * 5. Modifications may be freely made to this file providing the above
248233Sphk *    conditions are met.
25 *
26 * Low-level routines relating to the user capabilities database
27 */
28
29#include <sys/cdefs.h>
30__FBSDID("$FreeBSD: head/lib/libutil/login_auth.c 94202 2002-04-08 11:04:56Z ru $");
31
32#include <sys/types.h>
33#include <sys/time.h>
34#include <sys/resource.h>
35#include <sys/stat.h>
36#include <sys/param.h>
37#include <errno.h>
38#include <fcntl.h>
39#include <limits.h>
40#include <stdio.h>
41#include <ctype.h>
42#include <pwd.h>
43#include <stdlib.h>
44#include <string.h>
45#include <syslog.h>
46#include <unistd.h>
47#include <login_cap.h>
48#include <stdarg.h>
49#include <paths.h>
50#include <sys/socket.h>
51#include <sys/wait.h>
52#include <err.h>
53#include <libutil.h>
54
55
56/*
57 * auth_checknologin()
58 * Checks for the existance of a nologin file in the login_cap
59 * capability <lc>.  If there isn't one specified, then it checks
60 * to see if this class should just ignore nologin files.  Lastly,
61 * it tries to print out the default nologin file, and, if such
62 * exists, it exits.
63 */
64
65void
66auth_checknologin(login_cap_t *lc)
67{
68  const char *file;
69
70  /* Do we ignore a nologin file? */
71  if (login_getcapbool(lc, "ignorenologin", 0))
72    return;
73
74  /* Note that <file> will be "" if there is no nologin capability */
75  if ((file = login_getcapstr(lc, "nologin", "", NULL)) == NULL)
76    exit(1);
77
78  /*
79   * *file is true IFF there was a "nologin" capability
80   * Note that auth_cat() returns 1 only if the specified
81   * file exists, and is readable.  E.g., /.nologin exists.
82   */
83  if ((*file && auth_cat(file)) || auth_cat(_PATH_NOLOGIN))
84    exit(1);
85}
86
87
88/*
89 * auth_cat()
90 * Checks for the readability of <file>; if it can be opened for
91 * reading, it prints it out to stdout, and then exits.  Otherwise,
92 * it returns 0 (meaning no nologin file).
93 */
94
95int
96auth_cat(const char *file)
97{
98  int fd, count;
99  char buf[BUFSIZ];
100
101  if ((fd = open(file, O_RDONLY)) < 0)
102    return 0;
103  while ((count = read(fd, buf, sizeof(buf))) > 0)
104    (void)write(fileno(stdout), buf, count);
105  close(fd);
106  sleep(5);	/* wait an arbitrary time to drain */
107  return 1;
108}
109