1/* $OpenBSD: login_reject.c,v 1.18 2021/10/23 19:08:48 mestre Exp $ */ 2 3/*- 4 * Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. All advertising materials mentioning features or use of this software 15 * must display the following acknowledgement: 16 * This product includes software developed by Berkeley Software Design, 17 * Inc. 18 * 4. The name of Berkeley Software Design, Inc. may not be used to endorse 19 * or promote products derived from this software without specific prior 20 * written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * BSDI $From: login_reject.c,v 1.5 1996/08/22 20:43:11 prb Exp $ 35 */ 36 37#include <sys/resource.h> 38 39#include <login_cap.h> 40#include <readpassphrase.h> 41#include <stdio.h> 42#include <stdlib.h> 43#include <string.h> 44#include <syslog.h> 45#include <unistd.h> 46 47int 48main(int argc, char *argv[]) 49{ 50 struct rlimit rl; 51 FILE *back; 52 char passbuf[1]; 53 int mode = 0, c; 54 55 rl.rlim_cur = 0; 56 rl.rlim_max = 0; 57 (void)setrlimit(RLIMIT_CORE, &rl); 58 59 (void)setpriority(PRIO_PROCESS, 0, 0); 60 61 if (pledge("stdio rpath tty", NULL) == -1) { 62 syslog(LOG_AUTH|LOG_ERR, "pledge: %m"); 63 exit(1); 64 } 65 66 openlog("login", LOG_ODELAY, LOG_AUTH); 67 68 while ((c = getopt(argc, argv, "v:s:")) != -1) 69 switch (c) { 70 case 'v': 71 break; 72 case 's': /* service */ 73 if (strcmp(optarg, "login") == 0) 74 mode = 0; 75 else if (strcmp(optarg, "challenge") == 0) 76 mode = 1; 77 else if (strcmp(optarg, "response") == 0) 78 mode = 2; 79 else { 80 syslog(LOG_ERR, "%s: invalid service", optarg); 81 exit(1); 82 } 83 break; 84 default: 85 syslog(LOG_ERR, "usage error"); 86 exit(1); 87 } 88 89 switch (argc - optind) { 90 case 2: 91 case 1: 92 break; 93 default: 94 syslog(LOG_ERR, "usage error"); 95 exit(1); 96 } 97 98 if (!(back = fdopen(3, "r+"))) { 99 syslog(LOG_ERR, "reopening back channel: %m"); 100 exit(1); 101 } 102 if (mode == 1) { 103 fprintf(back, BI_SILENT "\n"); 104 exit(0); 105 } 106 107 if (mode == 2) { 108 mode = 0; 109 c = -1; 110 while (read(3, passbuf, 1) == 1) { 111 if (passbuf[0] == '\0' && ++mode == 2) 112 break; 113 } 114 if (mode < 2) { 115 syslog(LOG_ERR, "protocol error on back channel"); 116 exit(1); 117 } 118 } else 119 readpassphrase("Password:", passbuf, sizeof(passbuf), 0); 120 121 crypt_checkpass("password", NULL); 122 explicit_bzero(passbuf, sizeof(passbuf)); 123 124 fprintf(back, BI_REJECT "\n"); 125 exit(1); 126} 127