1/*	$OpenBSD: lock.c,v 1.46 2019/07/24 20:23:09 schwarze Exp $	*/
2/*	$NetBSD: lock.c,v 1.8 1996/05/07 18:32:31 jtc Exp $	*/
3
4/*
5 * Copyright (c) 1980, 1987, 1993
6 *	The Regents of the University of California.  All rights reserved.
7 *
8 * This code is derived from software contributed to Berkeley by
9 * Bob Toxen.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 *    notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 *    notice, this list of conditions and the following disclaimer in the
18 *    documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the University nor the names of its contributors
20 *    may be used to endorse or promote products derived from this software
21 *    without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36/*
37 * Lock a terminal up until the given key or user password is entered,
38 * or the given interval times out.
39 */
40
41#include <sys/stat.h>
42#include <sys/time.h>
43#include <signal.h>
44
45#include <ctype.h>
46#include <err.h>
47#include <pwd.h>
48#include <readpassphrase.h>
49#include <stdio.h>
50#include <stdlib.h>
51#include <string.h>
52#include <termios.h>
53#include <unistd.h>
54#include <limits.h>
55
56#include <login_cap.h>
57#include <bsd_auth.h>
58
59void bye(int);
60void hi(int);
61void usage(void);
62
63int	no_timeout = 0;			/* lock terminal forever */
64
65int
66main(int argc, char *argv[])
67{
68	char hostname[HOST_NAME_MAX+1], s[BUFSIZ], s1[BUFSIZ], date[256];
69	char hash[_PASSWORD_LEN];
70	char *p, *style, *nstyle, *ttynam;
71	struct itimerval ntimer, otimer;
72	struct timeval timeout;
73	int ch, sectimeout, usemine, cnt, tries = 10, backoff = 3;
74	const char *errstr;
75	struct passwd *pw;
76	struct tm *timp;
77	time_t curtime;
78	login_cap_t *lc;
79
80	sectimeout = 0;
81	style = NULL;
82	usemine = 0;
83	memset(&timeout, 0, sizeof(timeout));
84
85	if (pledge("stdio rpath wpath getpw tty proc exec", NULL) == -1)
86		err(1, "pledge");
87
88	if (!(pw = getpwuid(getuid())))
89		errx(1, "unknown uid %u.", getuid());
90
91	lc = login_getclass(pw->pw_class);
92	if (lc != NULL) {
93		/*
94		 * We allow "login-tries" attempts to login but start
95		 * slowing down after "login-backoff" attempts.
96		 */
97		tries = login_getcapnum(lc, "login-tries", 10, 10);
98		backoff = login_getcapnum(lc, "login-backoff", 3, 3);
99	}
100
101	while ((ch = getopt(argc, argv, "a:npt:")) != -1) {
102		switch (ch) {
103		case 'a':
104			if (lc) {
105				style = login_getstyle(lc, optarg, "auth-lock");
106				if (style == NULL)
107					errx(1,
108					    "invalid authentication style: %s",
109					    optarg);
110			}
111			usemine = 1;
112			break;
113		case 't':
114			sectimeout = strtonum(optarg, 1, INT_MAX, &errstr);
115			if (errstr)
116				errx(1, "timeout %s: %s", errstr, optarg);
117			break;
118		case 'p':
119			usemine = 1;
120			break;
121		case 'n':
122			no_timeout = 1;
123			break;
124		default:
125			usage();
126		}
127	}
128	if (sectimeout == 0)
129		no_timeout = 1;
130
131	gethostname(hostname, sizeof(hostname));
132	if (usemine && lc == NULL)
133		errx(1, "login class not found");
134	if (!(ttynam = ttyname(STDIN_FILENO)))
135		errx(1, "not a terminal?");
136	curtime = time(NULL);
137	timp = localtime(&curtime);
138	strftime(date, sizeof(date), "%c", timp);
139
140	if (!usemine) {
141		/* get key and check again */
142		if (!readpassphrase("Key: ", s, sizeof(s), RPP_ECHO_OFF) ||
143		    *s == '\0')
144			exit(0);
145		/*
146		 * Don't need EOF test here, if we get EOF, then s1 != s
147		 * and the right things will happen.
148		 */
149		readpassphrase("Again: ", s1, sizeof(s1), RPP_ECHO_OFF);
150		if (strcmp(s1, s)) {
151			warnx("\apasswords didn't match.");
152			exit(1);
153		}
154		crypt_newhash(s, "bcrypt", hash, sizeof(hash));
155		explicit_bzero(s, sizeof(s));
156		explicit_bzero(s1, sizeof(s1));
157	}
158
159	/* set signal handlers */
160	signal(SIGINT, hi);
161	signal(SIGQUIT, hi);
162	signal(SIGTSTP, hi);
163	signal(SIGALRM, bye);
164
165	if (!no_timeout) {
166		timeout.tv_sec = (time_t)sectimeout * 60;
167		memset(&ntimer, 0, sizeof(ntimer));
168		ntimer.it_value = timeout;
169		setitimer(ITIMER_REAL, &ntimer, &otimer);
170	}
171
172	/* header info */
173	if (no_timeout) {
174		fprintf(stderr,
175		    "%s: %s on %s. no timeout\ntime now is %s\n",
176		    getprogname(), ttynam, hostname, date);
177	} else {
178		fprintf(stderr,
179		    "%s: %s on %s. timeout in %d minutes\ntime now is %s\n",
180		    getprogname(), ttynam, hostname, sectimeout, date);
181	}
182
183	for (cnt = 0;;) {
184		if (!readpassphrase("Key: ", s, sizeof(s), RPP_ECHO_OFF))
185			continue;
186		if (strlen(s) == 0) {
187			hi(0);
188			continue;
189		}
190		if (usemine) {
191			/*
192			 * If user entered 's/key' or the style specified via
193			 * the '-a' argument, auth_userokay() will prompt
194			 * for a new password.  Otherwise, use what we have.
195			 */
196			if ((strcmp(s, "s/key") == 0 &&
197			    (nstyle = login_getstyle(lc, "skey", "auth-lock")))
198			    || ((nstyle = style) && strcmp(s, nstyle) == 0))
199				p = NULL;
200			else
201				p = s;
202			if (auth_userokay(pw->pw_name, nstyle, "auth-lock",
203			    p)) {
204				explicit_bzero(s, sizeof(s));
205				break;
206			}
207		} else if (crypt_checkpass(s, hash) == 0) {
208			explicit_bzero(s, sizeof(s));
209			explicit_bzero(hash, sizeof(hash));
210			break;
211		}
212		putc('\a', stderr);
213		cnt %= tries;
214		if (++cnt > backoff) {
215			sigset_t set, oset;
216			sigfillset(&set);
217			sigprocmask(SIG_BLOCK, &set, &oset);
218			sleep((u_int)((cnt - backoff) * tries / 2));
219			sigprocmask(SIG_SETMASK, &oset, NULL);
220		}
221	}
222
223	exit(0);
224}
225
226void
227hi(int signo)
228{
229	struct itimerval left;
230
231	dprintf(STDERR_FILENO, "%s: type in the unlock key.",
232	    getprogname());
233	if (!no_timeout) {
234		getitimer(ITIMER_REAL, &left);
235		dprintf(STDERR_FILENO, " timeout in %lld:%02d minutes",
236		    (long long)(left.it_value.tv_sec / 60),
237		    (int)(left.it_value.tv_sec % 60));
238	}
239	dprintf(STDERR_FILENO, "\n");
240}
241
242void
243bye(int signo)
244{
245
246	if (!no_timeout)
247		warnx("timeout");
248	_exit(1);
249}
250
251void
252usage(void)
253{
254	fprintf(stderr, "usage: %s [-np] [-a style] [-t timeout]\n",
255	    getprogname());
256	exit(1);
257}
258