xref: /openbsd-src/usr.bin/lock/lock.c (revision a28daedfc357b214be5c701aa8ba8adb29a7f1c2) 
1 /*	$OpenBSD: lock.c,v 1.23 2006/04/26 02:35:08 deraadt Exp $	*/
2 /*	$NetBSD: lock.c,v 1.8 1996/05/07 18:32:31 jtc Exp $	*/
3 
4 /*
5  * Copyright (c) 1980, 1987, 1993
6  *	The Regents of the University of California.  All rights reserved.
7  *
8  * This code is derived from software contributed to Berkeley by
9  * Bob Toxen.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted provided that the following conditions
13  * are met:
14  * 1. Redistributions of source code must retain the above copyright
15  *    notice, this list of conditions and the following disclaimer.
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in the
18  *    documentation and/or other materials provided with the distribution.
19  * 3. Neither the name of the University nor the names of its contributors
20  *    may be used to endorse or promote products derived from this software
21  *    without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 #ifndef lint
37 static char copyright[] =
38 "@(#) Copyright (c) 1980, 1987, 1993\n\
39 	The Regents of the University of California.  All rights reserved.\n";
40 #endif /* not lint */
41 
42 #ifndef lint
43 #if 0
44 static char sccsid[] = "@(#)lock.c	8.1 (Berkeley) 6/6/93";
45 #endif
46 static char rcsid[] = "$OpenBSD: lock.c,v 1.23 2006/04/26 02:35:08 deraadt Exp $";
47 #endif /* not lint */
48 
49 /*
50  * Lock a terminal up until the given key is entered, until the root
51  * password is entered, or the given interval times out.
52  *
53  * Timeout interval is by default TIMEOUT, it can be changed with
54  * an argument of the form -time where time is in minutes
55  */
56 
57 #include <sys/param.h>
58 #include <sys/stat.h>
59 #include <sys/time.h>
60 #include <signal.h>
61 
62 #include <ctype.h>
63 #include <err.h>
64 #include <pwd.h>
65 #include <readpassphrase.h>
66 #include <stdio.h>
67 #include <stdlib.h>
68 #include <string.h>
69 #include <termios.h>
70 #include <unistd.h>
71 
72 #include <login_cap.h>
73 #include <bsd_auth.h>
74 
75 #define	TIMEOUT	15
76 
77 void bye(int);
78 void hi(int);
79 
80 struct timeval	timeout;
81 struct timeval	zerotime;
82 time_t	nexttime;			/* keep the timeout time */
83 int	no_timeout;			/* lock terminal forever */
84 
85 extern	char *__progname;
86 
87 /*ARGSUSED*/
88 int
89 main(int argc, char *argv[])
90 {
91 	char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ], date[256];
92 	char *p, *style, *nstyle, *ttynam;
93 	struct itimerval ntimer, otimer;
94 	int ch, sectimeout, usemine;
95 	const char *errstr;
96 	struct passwd *pw;
97 	struct tm *timp;
98 	time_t curtime;
99 	login_cap_t *lc;
100 
101 	sectimeout = TIMEOUT;
102 	style = NULL;
103 	usemine = 0;
104 	no_timeout = 0;
105 
106 	if (!(pw = getpwuid(getuid())))
107 		errx(1, "unknown uid %u.", getuid());
108 
109 	lc = login_getclass(pw->pw_class);
110 
111 	while ((ch = getopt(argc, argv, "a:npt:")) != -1)
112 		switch (ch) {
113 		case 'a':
114 			if (lc) {
115 				style = login_getstyle(lc, optarg, "auth-lock");
116 				if (style == NULL)
117 					errx(1,
118 					    "invalid authentication style: %s",
119 					    optarg);
120 			}
121 			usemine = 1;
122 			break;
123 		case 't':
124 			sectimeout = (int)strtonum(optarg, 1, INT_MAX, &errstr);
125 			if (errstr)
126 				errx(1, "timeout %s: %s", errstr, optarg);
127 			break;
128 		case 'p':
129 			usemine = 1;
130 			break;
131 		case 'n':
132 			no_timeout = 1;
133 			break;
134 		default:
135 			(void)fprintf(stderr,
136 			    "usage: %s [-np] [-a style] [-t timeout]\n",
137 			    __progname);
138 			exit(1);
139 	}
140 	timeout.tv_sec = sectimeout * 60;
141 
142 	gethostname(hostname, sizeof(hostname));
143 	if (!(ttynam = ttyname(STDIN_FILENO)))
144 		errx(1, "not a terminal?");
145 	curtime = time(NULL);
146 	nexttime = curtime + (sectimeout * 60);
147 	timp = localtime(&curtime);
148 	strftime(date, sizeof(date), "%c", timp);
149 
150 	if (!usemine) {
151 		/* get key and check again */
152 		if (!readpassphrase("Key: ", s, sizeof(s), RPP_ECHO_OFF) ||
153 		    *s == '\0')
154 			exit(0);
155 		/*
156 		 * Don't need EOF test here, if we get EOF, then s1 != s
157 		 * and the right things will happen.
158 		 */
159 		(void)readpassphrase("Again: ", s1, sizeof(s1), RPP_ECHO_OFF);
160 		if (strcmp(s1, s)) {
161 			warnx("\apasswords didn't match.");
162 			exit(1);
163 		}
164 		s[0] = '\0';
165 	}
166 
167 	/* set signal handlers */
168 	(void)signal(SIGINT, hi);
169 	(void)signal(SIGQUIT, hi);
170 	(void)signal(SIGTSTP, hi);
171 	(void)signal(SIGALRM, bye);
172 
173 	ntimer.it_interval = zerotime;
174 	ntimer.it_value = timeout;
175 	if (!no_timeout)
176 		setitimer(ITIMER_REAL, &ntimer, &otimer);
177 
178 	/* header info */
179 	if (no_timeout) {
180 		(void)fprintf(stderr,
181 		    "%s: %s on %s. no timeout\ntime now is %s\n",
182 		    __progname, ttynam, hostname, date);
183 	} else {
184 		(void)fprintf(stderr,
185 		    "%s: %s on %s. timeout in %d minutes\ntime now is %s\n",
186 		    __progname, ttynam, hostname, sectimeout, date);
187 	}
188 
189 	for (;;) {
190 		if (!readpassphrase("Key: ", s, sizeof(s), RPP_ECHO_OFF) ||
191 		    *s == '\0') {
192 			hi(0);
193 			continue;
194 		}
195 		if (usemine) {
196 			/*
197 			 * If user entered 's/key' or the style specified via
198 			 * the '-a' argument, auth_userokay() will prompt
199 			 * for a new password.  Otherwise, use what we have.
200 			 */
201 			if ((strcmp(s, "s/key") == 0 &&
202 			    (nstyle = login_getstyle(lc, "skey", "auth-lock")))
203 			    || ((nstyle = style) && strcmp(s, nstyle) == 0))
204 				p = NULL;
205 			else
206 				p = s;
207 			if (auth_userokay(pw->pw_name, nstyle, "auth-lock", p))
208 				break;
209 		} else if (strcmp(s, s1) == 0)
210 			break;
211 		(void)putc('\a', stderr);
212 	}
213 
214 	exit(0);
215 }
216 
217 /*ARGSUSED*/
218 void
219 hi(int signo)
220 {
221 	char buf[1024], buf2[1024];
222 	time_t now;
223 
224 	if (no_timeout)
225 		buf2[0] = '\0';
226 	else {
227 		now = time(NULL);
228 		(void)snprintf(buf2, sizeof buf2, " timeout in %d:%d minutes",
229 		    (nexttime - now) / 60, (nexttime - now) % 60);
230 	}
231 	(void)snprintf(buf, sizeof buf, "%s: type in the unlock key.%s\n",
232 	    __progname, buf2);
233 	(void) write(STDERR_FILENO, buf, strlen(buf));
234 }
235 
236 /*ARGSUSED*/
237 void
238 bye(int signo)
239 {
240 
241 	if (!no_timeout)
242 		warnx("timeout");
243 	_exit(1);
244 }
245