Implemnet fbtab ala SunOS (thanks to WZV, see login_fbtab.c)

Reviewed by:
Submitted by:	guido

5 files changed, 163 insertions, 5 deletions

diff --git a/usr.bin/login/Makefile b/usr.bin/login/Makefile
index 8b8c35f..3a5cd33 100644
--- a/usr.bin/login/Makefile
+++ b/usr.bin/login/Makefile
@@ -4,7 +4,7 @@
 PROG=	login
 MAN1=	login.1
 MAN5=	login.access.5
-SRCS=	login.c login_access.c login_skey.c
+SRCS=	login.c login_access.c login_skey.c login_fbtab.c
 #klogin.c
 DPADD=	${LIBUTIL} ${LIBSKEY}
 #${LIBKRB} ${LIBDES}
diff --git a/usr.bin/login/login.1 b/usr.bin/login/login.1
index db59c1a..5ae5dba 100644
--- a/usr.bin/login/login.1
+++ b/usr.bin/login/login.1
@@ -88,6 +88,13 @@ This is used by
 .Xr shutdown  8
 to prevent users from logging in when the system is about to go down.
 .Pp
+If the file
+.Pa /etc/fbtab
+exists,
+.Nm login
+changes the protection and ownership of certain devices specified in this
+file.
+.Pp
 Immediately after logging a user in,
 .Nm login
 displays the system copyright notice, the date and time the user last
@@ -119,6 +126,8 @@ do not fork before executing the
 utility.
 .Sh FILES
 .Bl -tag -width /var/mail/userXXX -compact
+.It Pa /etc/fbtab
+changes device protections
 .It Pa /etc/motd
 message-of-the-day
 .It Pa /etc/nologin
@@ -137,8 +146,9 @@ makes login quieter
 .Xr passwd 1 ,
 .Xr rlogin 1 ,
 .Xr getpass 3 ,
+.Xr fbtab 5 ,
 .Xr utmp 5 ,
-.Xr environ 7 ,
+.Xr environ 7
 .Sh HISTORY
 A
 .Nm login
diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c
index ef75733..324c742 100644
--- a/usr.bin/login/login.c
+++ b/usr.bin/login/login.c
@@ -80,6 +80,7 @@ void	 sigint __P((int));
 void	 sleepexit __P((int));
 char	*stypeof __P((char *));
 void	 timedout __P((int));
+void     login_fbtab __P((char *, uid_t, gid_t));
 #ifdef KERBEROS
 int	 klogin __P((struct passwd *, char *, char *, char *));
 #endif
@@ -344,6 +345,13 @@ main(argc, argv)
 
 	dolastlog(quietlog);
 
+	/*
+	 * Set device protections, depending on what terminal the
+	 * user is logged in. This feature is used on Suns to give
+	 * console users better privacy.
+	 */
+	login_fbtab(tty, pwd->pw_uid, pwd->pw_gid);
+
 	(void)chown(ttyn, pwd->pw_uid,
 	    (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
 	(void)setgid(pwd->pw_gid);
diff --git a/usr.bin/login/login_fbtab.c b/usr.bin/login/login_fbtab.c
new file mode 100644
index 0000000..5427223
--- /dev/null
+++ b/usr.bin/login/login_fbtab.c
@@ -0,0 +1,138 @@
+/*
+    SYNOPSIS
+	void login_fbtab(tty, uid, gid)
+	char *tty;
+	uid_t uid;
+	gid_t gid;
+
+    DESCRIPTION
+	This module implements device security as described in the
+	SunOS 4.1.x fbtab(5) and SunOS 5.x logindevperm(4) manual
+	pages. The program first looks for /etc/fbtab. If that file
+	cannot be opened it attempts to process /etc/logindevperm.
+	We expect entries with the folowing format:
+
+	    Comments start with a # and extend to the end of the line.
+
+	    Blank lines or lines with only a comment are ignored.
+
+	    All other lines consist of three fields delimited by
+	    whitespace: a login device (/dev/console), an octal
+	    permission number (0600), and a ":"-delimited list of
+	    devices (/dev/kbd:/dev/mouse). All device names are
+	    absolute paths. A path that ends in "/*" refers to all
+	    directory entries except "." and "..".
+
+	    If the tty argument (relative path) matches a login device
+	    name (absolute path), the permissions of the devices in the
+	    ":"-delimited list are set as specified in the second
+	    field, and their ownership is changed to that of the uid
+	    and gid arguments.
+
+    DIAGNOSTICS
+	Problems are reported via the syslog daemon with severity
+	LOG_ERR.
+
+    BUGS
+	This module uses strtok(3), which may cause conflicts with other
+	uses of that same routine.
+
+    AUTHOR
+	Wietse Venema (wietse@wzv.win.tue.nl)
+	Eindhoven University of Technology
+	The Netherlands
+ */
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <syslog.h>
+#include <string.h>
+#include <errno.h>
+#include <dirent.h>
+#include "pathnames.h"
+
+void	login_protect	__P((char *, char *, int, uid_t, gid_t));
+void	login_fbtab	__P((char *tty, uid_t uid, gid_t gid));
+
+#define	WSPACE		" \t\n"
+
+/* login_fbtab - apply protections specified in /etc/fbtab or logindevperm */
+
+void
+login_fbtab(tty, uid, gid)
+char   *tty;
+uid_t   uid;
+gid_t   gid;
+{
+    FILE   *fp;
+    char    buf[BUFSIZ];
+    char   *devname;
+    char   *cp;
+    int     prot;
+    char *table;
+
+    if ((fp = fopen(table = _PATH_FBTAB, "r")) == 0
+    && (fp = fopen(table = _PATH_LOGINDEVPERM, "r")) == 0)
+	return;
+
+    while (fgets(buf, sizeof(buf), fp)) {
+	if (cp = strchr(buf, '#'))
+	    *cp = 0;				/* strip comment */
+	if ((cp = devname = strtok(buf, WSPACE)) == 0)
+	    continue;				/* empty or comment */
+	if (strncmp(devname, "/dev/", 5) != 0
+	       || (cp = strtok((char *) 0, WSPACE)) == 0
+	       || *cp != '0'
+	       || sscanf(cp, "%o", &prot) == 0
+	       || prot == 0
+	       || (prot & 0777) != prot
+	       || (cp = strtok((char *) 0, WSPACE)) == 0) {
+	    syslog(LOG_ERR, "%s: bad entry: %s", table, cp ? cp : "(null)");
+	    continue;
+	}
+	if (strcmp(devname + 5, tty) == 0) {
+	    for (cp = strtok(cp, ":"); cp; cp = strtok((char *) 0, ":")) {
+		login_protect(table, cp, prot, uid, gid);
+	    }
+	}
+    }
+    fclose(fp);
+}
+
+/* login_protect - protect one device entry */
+
+void
+login_protect(table, path, mask, uid, gid)
+char *table;
+char *path;
+int mask;
+uid_t uid;
+gid_t gid;
+{
+    char    buf[BUFSIZ];
+    int     pathlen = strlen(path);
+    struct dirent *ent;
+    DIR    *dir;
+
+    if (strcmp("/*", path + pathlen - 2) != 0) {
+	if (chmod(path, mask) && errno != ENOENT)
+	    syslog(LOG_ERR, "%s: chmod(%s): %m", table, path);
+	if (chown(path, uid, gid) && errno != ENOENT)
+	    syslog(LOG_ERR, "%s: chown(%s): %m", table, path);
+    } else {
+	strcpy(buf, path);
+	buf[pathlen - 1] = 0;
+	if ((dir = opendir(buf)) == 0) {
+	    syslog(LOG_ERR, "%s: opendir(%s): %m", table, path);
+	} else {
+	    while ((ent = readdir(dir)) != 0) {
+		if (strcmp(ent->d_name, ".") != 0
+		    && strcmp(ent->d_name, "..") != 0) {
+		    strcpy(buf + pathlen - 1, ent->d_name);
+		    login_protect(table, buf, mask, uid, gid);
+		}
+	    }
+	    closedir(dir);
+	}
+    }
+}
diff --git a/usr.bin/login/pathnames.h b/usr.bin/login/pathnames.h
index a9f5c1a..ca85739 100644
--- a/usr.bin/login/pathnames.h
+++ b/usr.bin/login/pathnames.h
@@ -35,6 +35,8 @@
 
 #include <paths.h>
 
-#define	_PATH_HUSHLOGIN	".hushlogin"
-#define	_PATH_MOTDFILE	"/etc/motd"
-#define _PATH_LOGACCESS	"/etc/login.access"
+#define	_PATH_HUSHLOGIN		".hushlogin"
+#define	_PATH_MOTDFILE		"/etc/motd"
+#define _PATH_LOGACCESS		"/etc/login.access"
+#define _PATH_FBTAB		"/etc/fbtab"
+#define _PATH_LOGINDEVPERM	"/etc/logindevperm"