121288Sdavidn/*- 221288Sdavidn * Copyright (c) 1996 by 321288Sdavidn * Sean Eric Fagan <sef@kithrup.com> 421288Sdavidn * David Nugent <davidn@blaze.net.au> 521288Sdavidn * All rights reserved. 621288Sdavidn * 725670Sdavidn * Portions copyright (c) 1995,1997 by 825670Sdavidn * Berkeley Software Design, Inc. 925670Sdavidn * All rights reserved. 1025670Sdavidn * 1121288Sdavidn * Redistribution and use in source and binary forms, with or without 1221288Sdavidn * modification, is permitted provided that the following conditions 1321288Sdavidn * are met: 1421288Sdavidn * 1. Redistributions of source code must retain the above copyright 1521288Sdavidn * notice immediately at the beginning of the file, without modification, 1621288Sdavidn * this list of conditions, and the following disclaimer. 1721288Sdavidn * 2. Redistributions in binary form must reproduce the above copyright 1821288Sdavidn * notice, this list of conditions and the following disclaimer in the 1921288Sdavidn * documentation and/or other materials provided with the distribution. 2021288Sdavidn * 3. This work was done expressly for inclusion into FreeBSD. Other use 2121288Sdavidn * is permitted provided this notation is included. 2221288Sdavidn * 4. Absolutely no warranty of function or purpose is made by the authors. 2321288Sdavidn * 5. Modifications may be freely made to this file providing the above 2421288Sdavidn * conditions are met. 2521288Sdavidn * 2621288Sdavidn * Low-level routines relating to the user capabilities database 2721288Sdavidn */ 2821288Sdavidn 2984225Sdillon#include <sys/cdefs.h> 3084225Sdillon__FBSDID("$FreeBSD$"); 3184225Sdillon 3221288Sdavidn#include <sys/types.h> 3321288Sdavidn#include <sys/time.h> 3421288Sdavidn#include <sys/resource.h> 3521288Sdavidn#include <sys/stat.h> 3625670Sdavidn#include <sys/param.h> 37116344Smarkm#include <sys/socket.h> 38116344Smarkm#include <sys/wait.h> 39116344Smarkm#include <ctype.h> 40116344Smarkm#include <err.h> 4121288Sdavidn#include <errno.h> 4221288Sdavidn#include <fcntl.h> 43116344Smarkm#include <libutil.h> 4421288Sdavidn#include <limits.h> 45116344Smarkm#include <login_cap.h> 46116344Smarkm#include <paths.h> 47116344Smarkm#include <pwd.h> 48116344Smarkm#include <stdarg.h> 4921288Sdavidn#include <stdio.h> 5021288Sdavidn#include <stdlib.h> 5121288Sdavidn#include <string.h> 5221288Sdavidn#include <syslog.h> 5321288Sdavidn#include <unistd.h> 5421288Sdavidn 5521288Sdavidn 5621288Sdavidn/* 5721288Sdavidn * auth_checknologin() 5821288Sdavidn * Checks for the existance of a nologin file in the login_cap 5921288Sdavidn * capability <lc>. If there isn't one specified, then it checks 6021288Sdavidn * to see if this class should just ignore nologin files. Lastly, 6121288Sdavidn * it tries to print out the default nologin file, and, if such 6221288Sdavidn * exists, it exits. 6321288Sdavidn */ 6421288Sdavidn 6521288Sdavidnvoid 6621288Sdavidnauth_checknologin(login_cap_t *lc) 6721288Sdavidn{ 6894202Sru const char *file; 6921288Sdavidn 7021288Sdavidn /* Do we ignore a nologin file? */ 7121288Sdavidn if (login_getcapbool(lc, "ignorenologin", 0)) 7221288Sdavidn return; 7321288Sdavidn 7421288Sdavidn /* Note that <file> will be "" if there is no nologin capability */ 7521288Sdavidn if ((file = login_getcapstr(lc, "nologin", "", NULL)) == NULL) 7621288Sdavidn exit(1); 7721288Sdavidn 7821288Sdavidn /* 7921288Sdavidn * *file is true IFF there was a "nologin" capability 8021288Sdavidn * Note that auth_cat() returns 1 only if the specified 8121288Sdavidn * file exists, and is readable. E.g., /.nologin exists. 8221288Sdavidn */ 8321288Sdavidn if ((*file && auth_cat(file)) || auth_cat(_PATH_NOLOGIN)) 8421288Sdavidn exit(1); 8521288Sdavidn} 8621288Sdavidn 8721288Sdavidn 8821288Sdavidn/* 8921288Sdavidn * auth_cat() 9021288Sdavidn * Checks for the readability of <file>; if it can be opened for 9121288Sdavidn * reading, it prints it out to stdout, and then exits. Otherwise, 9221288Sdavidn * it returns 0 (meaning no nologin file). 9321288Sdavidn */ 9425670Sdavidn 9521288Sdavidnint 9621288Sdavidnauth_cat(const char *file) 9721288Sdavidn{ 9821288Sdavidn int fd, count; 9921288Sdavidn char buf[BUFSIZ]; 10021288Sdavidn 101255007Sjilles if ((fd = open(file, O_RDONLY | O_CLOEXEC)) < 0) 10221288Sdavidn return 0; 10321288Sdavidn while ((count = read(fd, buf, sizeof(buf))) > 0) 10425670Sdavidn (void)write(fileno(stdout), buf, count); 10521288Sdavidn close(fd); 10627524Sdavidn sleep(5); /* wait an arbitrary time to drain */ 10721288Sdavidn return 1; 10821288Sdavidn} 109