1 /* $OpenBSD: login_reject.c,v 1.18 2021/10/23 19:08:48 mestre Exp $ */
2
3 /*-
4 * Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. All advertising materials mentioning features or use of this software
15 * must display the following acknowledgement:
16 * This product includes software developed by Berkeley Software Design,
17 * Inc.
18 * 4. The name of Berkeley Software Design, Inc. may not be used to endorse
19 * or promote products derived from this software without specific prior
20 * written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * BSDI $From: login_reject.c,v 1.5 1996/08/22 20:43:11 prb Exp $
35 */
36
37 #include <sys/resource.h>
38
39 #include <login_cap.h>
40 #include <readpassphrase.h>
41 #include <stdio.h>
42 #include <stdlib.h>
43 #include <string.h>
44 #include <syslog.h>
45 #include <unistd.h>
46
47 int
main(int argc,char * argv[])48 main(int argc, char *argv[])
49 {
50 struct rlimit rl;
51 FILE *back;
52 char passbuf[1];
53 int mode = 0, c;
54
55 rl.rlim_cur = 0;
56 rl.rlim_max = 0;
57 (void)setrlimit(RLIMIT_CORE, &rl);
58
59 (void)setpriority(PRIO_PROCESS, 0, 0);
60
61 if (pledge("stdio rpath tty", NULL) == -1) {
62 syslog(LOG_AUTH|LOG_ERR, "pledge: %m");
63 exit(1);
64 }
65
66 openlog("login", LOG_ODELAY, LOG_AUTH);
67
68 while ((c = getopt(argc, argv, "v:s:")) != -1)
69 switch (c) {
70 case 'v':
71 break;
72 case 's': /* service */
73 if (strcmp(optarg, "login") == 0)
74 mode = 0;
75 else if (strcmp(optarg, "challenge") == 0)
76 mode = 1;
77 else if (strcmp(optarg, "response") == 0)
78 mode = 2;
79 else {
80 syslog(LOG_ERR, "%s: invalid service", optarg);
81 exit(1);
82 }
83 break;
84 default:
85 syslog(LOG_ERR, "usage error");
86 exit(1);
87 }
88
89 switch (argc - optind) {
90 case 2:
91 case 1:
92 break;
93 default:
94 syslog(LOG_ERR, "usage error");
95 exit(1);
96 }
97
98 if (!(back = fdopen(3, "r+"))) {
99 syslog(LOG_ERR, "reopening back channel: %m");
100 exit(1);
101 }
102 if (mode == 1) {
103 fprintf(back, BI_SILENT "\n");
104 exit(0);
105 }
106
107 if (mode == 2) {
108 mode = 0;
109 c = -1;
110 while (read(3, passbuf, 1) == 1) {
111 if (passbuf[0] == '\0' && ++mode == 2)
112 break;
113 }
114 if (mode < 2) {
115 syslog(LOG_ERR, "protocol error on back channel");
116 exit(1);
117 }
118 } else
119 readpassphrase("Password:", passbuf, sizeof(passbuf), 0);
120
121 crypt_checkpass("password", NULL);
122 explicit_bzero(passbuf, sizeof(passbuf));
123
124 fprintf(back, BI_REJECT "\n");
125 exit(1);
126 }
127