121288Sdavidn/*-
221288Sdavidn * Copyright (c) 1996 by
321288Sdavidn * Sean Eric Fagan <sef@kithrup.com>
421288Sdavidn * David Nugent <davidn@blaze.net.au>
521288Sdavidn * All rights reserved.
621288Sdavidn *
725670Sdavidn * Portions copyright (c) 1995,1997 by
825670Sdavidn * Berkeley Software Design, Inc.
925670Sdavidn * All rights reserved.
1025670Sdavidn *
1121288Sdavidn * Redistribution and use in source and binary forms, with or without
1221288Sdavidn * modification, is permitted provided that the following conditions
1321288Sdavidn * are met:
1421288Sdavidn * 1. Redistributions of source code must retain the above copyright
1521288Sdavidn *    notice immediately at the beginning of the file, without modification,
1621288Sdavidn *    this list of conditions, and the following disclaimer.
1721288Sdavidn * 2. Redistributions in binary form must reproduce the above copyright
1821288Sdavidn *    notice, this list of conditions and the following disclaimer in the
1921288Sdavidn *    documentation and/or other materials provided with the distribution.
2021288Sdavidn * 3. This work was done expressly for inclusion into FreeBSD.  Other use
2121288Sdavidn *    is permitted provided this notation is included.
2221288Sdavidn * 4. Absolutely no warranty of function or purpose is made by the authors.
2321288Sdavidn * 5. Modifications may be freely made to this file providing the above
2421288Sdavidn *    conditions are met.
2521288Sdavidn *
2621288Sdavidn * Low-level routines relating to the user capabilities database
2721288Sdavidn */
2821288Sdavidn
2984225Sdillon#include <sys/cdefs.h>
3084225Sdillon__FBSDID("$FreeBSD$");
3184225Sdillon
3221288Sdavidn#include <sys/types.h>
3321288Sdavidn#include <sys/time.h>
3421288Sdavidn#include <sys/resource.h>
3521288Sdavidn#include <sys/stat.h>
3625670Sdavidn#include <sys/param.h>
37116344Smarkm#include <sys/socket.h>
38116344Smarkm#include <sys/wait.h>
39116344Smarkm#include <ctype.h>
40116344Smarkm#include <err.h>
4121288Sdavidn#include <errno.h>
4221288Sdavidn#include <fcntl.h>
43116344Smarkm#include <libutil.h>
4421288Sdavidn#include <limits.h>
45116344Smarkm#include <login_cap.h>
46116344Smarkm#include <paths.h>
47116344Smarkm#include <pwd.h>
48116344Smarkm#include <stdarg.h>
4921288Sdavidn#include <stdio.h>
5021288Sdavidn#include <stdlib.h>
5121288Sdavidn#include <string.h>
5221288Sdavidn#include <syslog.h>
5321288Sdavidn#include <unistd.h>
5421288Sdavidn
5521288Sdavidn
5621288Sdavidn/*
5721288Sdavidn * auth_checknologin()
5821288Sdavidn * Checks for the existance of a nologin file in the login_cap
5921288Sdavidn * capability <lc>.  If there isn't one specified, then it checks
6021288Sdavidn * to see if this class should just ignore nologin files.  Lastly,
6121288Sdavidn * it tries to print out the default nologin file, and, if such
6221288Sdavidn * exists, it exits.
6321288Sdavidn */
6421288Sdavidn
6521288Sdavidnvoid
6621288Sdavidnauth_checknologin(login_cap_t *lc)
6721288Sdavidn{
6894202Sru  const char *file;
6921288Sdavidn
7021288Sdavidn  /* Do we ignore a nologin file? */
7121288Sdavidn  if (login_getcapbool(lc, "ignorenologin", 0))
7221288Sdavidn    return;
7321288Sdavidn
7421288Sdavidn  /* Note that <file> will be "" if there is no nologin capability */
7521288Sdavidn  if ((file = login_getcapstr(lc, "nologin", "", NULL)) == NULL)
7621288Sdavidn    exit(1);
7721288Sdavidn
7821288Sdavidn  /*
7921288Sdavidn   * *file is true IFF there was a "nologin" capability
8021288Sdavidn   * Note that auth_cat() returns 1 only if the specified
8121288Sdavidn   * file exists, and is readable.  E.g., /.nologin exists.
8221288Sdavidn   */
8321288Sdavidn  if ((*file && auth_cat(file)) || auth_cat(_PATH_NOLOGIN))
8421288Sdavidn    exit(1);
8521288Sdavidn}
8621288Sdavidn
8721288Sdavidn
8821288Sdavidn/*
8921288Sdavidn * auth_cat()
9021288Sdavidn * Checks for the readability of <file>; if it can be opened for
9121288Sdavidn * reading, it prints it out to stdout, and then exits.  Otherwise,
9221288Sdavidn * it returns 0 (meaning no nologin file).
9321288Sdavidn */
9425670Sdavidn
9521288Sdavidnint
9621288Sdavidnauth_cat(const char *file)
9721288Sdavidn{
9821288Sdavidn  int fd, count;
9921288Sdavidn  char buf[BUFSIZ];
10021288Sdavidn
101255007Sjilles  if ((fd = open(file, O_RDONLY | O_CLOEXEC)) < 0)
10221288Sdavidn    return 0;
10321288Sdavidn  while ((count = read(fd, buf, sizeof(buf))) > 0)
10425670Sdavidn    (void)write(fileno(stdout), buf, count);
10521288Sdavidn  close(fd);
10627524Sdavidn  sleep(5);	/* wait an arbitrary time to drain */
10721288Sdavidn  return 1;
10821288Sdavidn}
109