lib/libutil/login_auth.c

   1 /*-
   2  * Copyright (c) 1996 by
   3  * Sean Eric Fagan <sef@kithrup.com>
   4  * David Nugent <davidn@blaze.net.au>
   5  * All rights reserved.
   6  *
   7  * Portions copyright (c) 1995,1997 by
   8  * Berkeley Software Design, Inc.
   9  * All rights reserved.
  10  *
  11  * Redistribution and use in source and binary forms, with or without
  12  * modification, is permitted provided that the following conditions
  13  * are met:
  14  * 1. Redistributions of source code must retain the above copyright
  15  *    notice immediately at the beginning of the file, without modification,
  16  *    this list of conditions, and the following disclaimer.
  17  * 2. Redistributions in binary form must reproduce the above copyright
  18  *    notice, this list of conditions and the following disclaimer in the
  19  *    documentation and/or other materials provided with the distribution.
  20  * 3. This work was done expressly for inclusion into FreeBSD.  Other use
  21  *    is permitted provided this notation is included.
  22  * 4. Absolutely no warranty of function or purpose is made by the authors.
  23  * 5. Modifications may be freely made to this file providing the above
  24  *    conditions are met.
  25  *
  26  * Low-level routines relating to the user capabilities database
  27  *
  28  * $FreeBSD: head/lib/libutil/login_auth.c 255007 2013-08-28 21:10:37Z jilles $
  29  */
  30
  31 #include <sys/types.h>
  32
  33 #include <fcntl.h>
  34 #include <login_cap.h>
  35 #include <paths.h>
  36 #include <stdio.h>
  37 #include <stdlib.h>
  38 #include <unistd.h>
  39
  40
  41 /*
  42  * auth_checknologin()
  43  * Checks for the existance of a nologin file in the login_cap
  44  * capability <lc>.  If there isn't one specified, then it checks
  45  * to see if this class should just ignore nologin files.  Lastly,
  46  * it tries to print out the default nologin file, and, if such
  47  * exists, it exits.
  48  */
  49
  50 void
  51 auth_checknologin(login_cap_t *lc)
  52 {
  53   const char *file;
  54
  55   /* Do we ignore a nologin file? */
  56   if (login_getcapbool(lc, "ignorenologin", 0))
  57     return;
  58
  59   /* Note that <file> will be "" if there is no nologin capability */
  60   if ((file = login_getcapstr(lc, "nologin", "", NULL)) == NULL)
  61     exit(1);
  62
  63   /*
  64    * *file is true IFF there was a "nologin" capability
  65    * Note that auth_cat() returns 1 only if the specified
  66    * file exists, and is readable.  E.g., /.nologin exists.
  67    */
  68   if ((*file && auth_cat(file)) || auth_cat(_PATH_NOLOGIN))
  69     exit(1);
  70 }
  71
  72
  73 /*
  74  * auth_cat()
  75  * Checks for the readability of <file>; if it can be opened for
  76  * reading, it prints it out to stdout, and then exits.  Otherwise,
  77  * it returns 0 (meaning no nologin file).
  78  */
  79
  80 int
  81 auth_cat(const char *file)
  82 {
  83   int fd, count;
  84   char buf[BUFSIZ];
  85
  86   if ((fd = open(file, O_RDONLY | O_CLOEXEC)) < 0)
  87     return 0;
  88   while ((count = read(fd, buf, sizeof(buf))) > 0)
  89     (void)write(fileno(stdout), buf, count);
  90   close(fd);
  91   sleep(5);     /* wait an arbitrary time to drain */
  92   return 1;
  93 }