diff options
Diffstat (limited to 'lib/libutil')
32 files changed, 0 insertions, 5824 deletions
diff --git a/lib/libutil/Makefile b/lib/libutil/Makefile deleted file mode 100644 index ae0a2e8..0000000 --- a/lib/libutil/Makefile +++ /dev/null @@ -1,37 +0,0 @@ -# @(#)Makefile 8.1 (Berkeley) 6/4/93 - -LIB= util -SHLIB_MAJOR= 2 -SHLIB_MINOR= 2 -CFLAGS+=-Wall -DLIBC_SCCS -I${.CURDIR} -I${.CURDIR}/../../sys -#CFLAGS+=LOGIN_CAP_AUTH -SRCS= login.c login_tty.c logout.c logwtmp.c pty.c setproctitle.c \ - login_cap.c login_class.c login_auth.c login_times.c login_ok.c \ - _secure_path.c uucplock.c -MAN3+= login.3 login_tty.3 logout.3 logwtmp.3 pty.3 setproctitle.3 \ - login_cap.3 login_class.3 login_times.3 login_ok.3 \ - _secure_path.3 uucplock.3 -MAN5+= login.conf.5 -MLINKS+= pty.3 openpty.3 pty.3 forkpty.3 -MLINKS+=login_cap.3 login_getclassbyname.3 login_cap.3 login_close.3 \ - login_cap.3 login_getclass.3 login_cap.3 login_getuserclass.3 \ - login_cap.3 login_getcapstr.3 login_cap.3 login_getcaplist.3 \ - login_cap.3 login_getstyle.3 login_cap.3 login_getcaptime.3 \ - login_cap.3 login_getcapnum.3 login_cap.3 login_getcapsize.3 \ - login_cap.3 login_getcapbool.3 login_cap.3 login_getpath.3 -MLINKS+=login_class.3 setusercontext.3 login_class.3 setclasscontext.3 \ - login_class.3 setclassenvironment.3 login_class.3 setclassresources.3 -MLINKS+=login_times.3 parse_lt.3 login_times.3 in_ltm.3 \ - login_times.3 in_lt.3 login_times.3 in_ltms.3 \ - login_times.3 in_lts.3 -MLINKS+=login_ok.3 auth_ttyok.3 login_ok.3 auth_hostok.3 \ - login_ok.3 auth_timeok.3 -MLINKS+=uucplock.3 uu_lock.3 uucplock.3 uu_unlock.3 uucplock.3 uu_lockerr.3 - -beforeinstall: - ${INSTALL} -C -o ${BINOWN} -g ${BINGRP} -m 444 ${.CURDIR}/libutil.h \ - ${DESTDIR}/usr/include - ${INSTALL} -C -o ${BINOWN} -g ${BINGRP} -m 444 ${.CURDIR}/login_cap.h \ - ${DESTDIR}/usr/include - -.include <bsd.lib.mk> diff --git a/lib/libutil/_secure_path.3 b/lib/libutil/_secure_path.3 deleted file mode 100644 index 66fbb2c..0000000 --- a/lib/libutil/_secure_path.3 +++ /dev/null @@ -1,70 +0,0 @@ -.\" Copyright (c) 1997 David Nugent <davidn@blaze.net.au> -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, is permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice immediately at the beginning of the file, without modification, -.\" this list of conditions, and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. This work was done expressly for inclusion into FreeBSD. Other use -.\" is permitted provided this notation is included. -.\" 4. Absolutely no warranty of function or purpose is made by the author -.\" David Nugent. -.\" 5. Modifications may be freely made to this file providing the above -.\" conditions are met. -.\" -.\" $Id: _secure_path.3,v 1.1 1997/05/10 18:55:37 davidn Exp $ -.\" -.Dd May 2, 1997 -.Os FreeBSD -.Dt _SECURE_PATH 3 -.Sh NAME -.Nm _secure_path -.Nd determine if a file appears to be secure -.Sh SYNOPSIS -.Fd #include <sys/types.h> -.Fd #include <libutil.h> -.Ft int -.Fn _secure_path "const char *path" "uid_t uid" "gid_t gid" -.Pp -.Sh DESCRIPTION -This function does some basic security checking on a given path. -It is intended to be used by processes running with root privileges -in order to decide whether or not to trust the contents of a given -file. -It uses a method often used to detect system compromise. -.Pp -A file is considered 'secure' if it meets the following conditions: -.Bl -enum -.It -The file exists, and is a regular file (not a symlink, device -special or named pipe, etc.), -.It -Is not world writable. -.It -Is owned by the given uid or uid 0, if uid is not -1, -.It -Is not group wriable or it has group ownership by the given -gid, if gid is not -1. -.El -.Sh RETURN VALUES -This function returns zero if the file exists and may be -considered secure, -2 if the file does not exist, and --1 otherwise to indicate a security failure. -.Xr syslog 3 , -is used to log any failure of this function, including the -reason, at LOG_ERR priority. -.Sh BUGS -The checks carried out are rudamentary and no attempt is made -to eliminate race conditions between use of this function and -access to the file referenced. -.Sh SEE ALSO -.Xr lstat 3 , -.Xr syslog 3 . -.Sh HISTORY -Code from which this function was derived was contributed to the -FreeBSD project by Berkeley Software Design, Inc. diff --git a/lib/libutil/_secure_path.c b/lib/libutil/_secure_path.c deleted file mode 100644 index 01c29bf..0000000 --- a/lib/libutil/_secure_path.c +++ /dev/null @@ -1,72 +0,0 @@ -/*- - * Based on code copyright (c) 1995,1997 by - * Berkeley Software Design, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, is permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice immediately at the beginning of the file, without modification, - * this list of conditions, and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. This work was done expressly for inclusion into FreeBSD. Other use - * is permitted provided this notation is included. - * 4. Absolutely no warranty of function or purpose is made by the authors. - * 5. Modifications may be freely made to this file providing the above - * conditions are met. - * - * $Id: _secure_path.c,v 1.1 1997/05/10 18:55:37 davidn Exp $ - */ - - -#include <sys/types.h> -#include <sys/stat.h> -#include <syslog.h> -#include <errno.h> -#include <libutil.h> - -/* - * Check for common security problems on a given path - * It must be: - * 1. A regular file, and exists - * 2. Owned and writaable only by root (or given owner) - * 3. Group ownership is given group or is non-group writable - * - * Returns: -2 if file does not exist, - * -1 if security test failure - * 0 otherwise - */ - -int -_secure_path(const char *path, uid_t uid, gid_t gid) -{ - int r = -1; - struct stat sb; - const char *msg = NULL; - - if (lstat(path, &sb) < 0) { - if (errno == ENOENT) /* special case */ - r = -2; /* if it is just missing, skip the log entry */ - else - msg = "%s: cannot stat %s: %m"; - } - else if (!S_ISREG(sb.st_mode)) - msg = "%s: %s is not a regular file"; - else if (sb.st_mode & S_IWOTH) - msg = "%s: %s is world writable"; - else if (uid != -1 && sb.st_uid != uid && sb.st_uid != 0) { - if (uid == 0) - msg = "%s: %s is not owned by root"; - else - msg = "%s: %s is not owned by uid %d"; - } else if (gid != -1 && sb.st_gid != gid && (sb.st_mode & S_IWGRP)) - msg = "%s: %s is group writeable by non-authorised groups"; - else - r = 0; - if (msg != NULL) - syslog(LOG_ERR, msg, "_secure_path", path, uid); - return r; -} diff --git a/lib/libutil/libutil.h b/lib/libutil/libutil.h deleted file mode 100644 index 8a96284..0000000 --- a/lib/libutil/libutil.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 1995 Peter Wemm <peter@freebsd.org> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, is permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice immediately at the beginning of the file, without modification, - * this list of conditions, and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. This work was done expressly for inclusion into FreeBSD. Other use - * is permitted provided this notation is included. - * 4. Absolutely no warranty of function or purpose is made by the author - * Peter Wemm. - * 5. Modifications may be freely made to this file providing the above - * conditions are met. - * - * $Id: libutil.h,v 1.12 1997/08/31 20:09:38 brian Exp $ - */ - -#ifndef _LIBUTIL_H_ -#define _LIBUTIL_H_ - -#include <sys/cdefs.h> - -/* Avoid pulling in all the include files for no need */ -struct termios; -struct winsize; -struct utmp; - -__BEGIN_DECLS -void setproctitle __P((const char *_fmt, ...)); -void login __P((struct utmp *_ut)); -int login_tty __P((int _fd)); -int logout __P((char *_line)); -void logwtmp __P((const char *_line, const char *_name, const char *_host)); -int openpty __P((int *_amaster, int *_aslave, char *_name, - struct termios *_termp, struct winsize *_winp)); -int forkpty __P((int *_amaster, char *_name, - struct termios *_termp, struct winsize *_winp)); -const char *uu_lockerr __P((int _uu_lockresult)); -int uu_lock __P((const char *_ttyname)); -int uu_unlock __P((const char *_ttyname)); -int _secure_path __P((const char *_path, uid_t _uid, gid_t _gid)); -__END_DECLS - -#define UU_LOCK_INUSE (1) -#define UU_LOCK_OK (0) -#define UU_LOCK_OPEN_ERR (-1) -#define UU_LOCK_READ_ERR (-2) -#define UU_LOCK_CREAT_ERR (-3) -#define UU_LOCK_WRITE_ERR (-4) -#define UU_LOCK_LINK_ERR (-5) -#define UU_LOCK_TRY_ERR (-6) - -#endif /* !_LIBUTIL_H_ */ diff --git a/lib/libutil/login.3 b/lib/libutil/login.3 deleted file mode 100644 index faec5bb..0000000 --- a/lib/libutil/login.3 +++ /dev/null @@ -1,69 +0,0 @@ -.\" -.\" Copyright (c) 1996 Joerg Wunsch -.\" -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $Id$ -.\" " -.Dd December 29, 1996 -.Os -.Dt LOGIN 3 -.Sh NAME -.Nm login -.Nd "log a new login record to the utmp and wtmp files" -.Sh SYNOPSIS -.Fd #include <sys/types.h> -.Fd #include <utmp.h> -.Fd #include <libutil.h> -.Ft void -.Fn login "struct utmp *ut" -.Pp -Link with -.Va -lutil -on the -.Xr cc 1 -command line. -.Sh DESCRIPTION -The function -.Fn login -records the -.Ar ut -entry being passed into the appropriate slot of the -.Xr utmp 5 -file (according to the controlling terminal of the calling process), -and appends it to the -.Xr wtmp 5 -file. The calling process must have permission to write to both files. -.Sh RETURN VALUES -None. -.Sh SEE ALSO -.Xr logout 3 , -.Xr ttyslot 3 , -.Xr utmp 5 , -.Xr wtmp 5 -.Sh BUGS -The interface provided by -.Fn login -is rather crude. The caller must know about the details of a -.Va struct utmp . -Some better abstraction needs to be worked out. diff --git a/lib/libutil/login.c b/lib/libutil/login.c deleted file mode 100644 index 235f271..0000000 --- a/lib/libutil/login.c +++ /dev/null @@ -1,69 +0,0 @@ -/*- - * Copyright (c) 1988, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)login.c 8.1 (Berkeley) 6/4/93"; -#else -static const char rcsid[] = - "$Id$"; -#endif -#endif /* LIBC_SCCS and not lint */ - -#include <sys/types.h> - -#include <fcntl.h> -#include <unistd.h> -#include <stdlib.h> -#include <utmp.h> -#include <stdio.h> -#include <libutil.h> - -void -login(ut) - struct utmp *ut; -{ - register int fd; - int tty; - - tty = ttyslot(); - if (tty > 0 && (fd = open(_PATH_UTMP, O_WRONLY|O_CREAT, 0644)) >= 0) { - (void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), L_SET); - (void)write(fd, ut, sizeof(struct utmp)); - (void)close(fd); - } - if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) { - (void)write(fd, ut, sizeof(struct utmp)); - (void)close(fd); - } -} diff --git a/lib/libutil/login.conf.5 b/lib/libutil/login.conf.5 deleted file mode 100644 index 9bf45fe..0000000 --- a/lib/libutil/login.conf.5 +++ /dev/null @@ -1,365 +0,0 @@ -.\" Copyright (c) 1996 David Nugent <davidn@blaze.net.au> -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, is permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice immediately at the beginning of the file, without modification, -.\" this list of conditions, and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. This work was done expressly for inclusion into FreeBSD. Other use -.\" is permitted provided this notation is included. -.\" 4. Absolutely no warranty of function or purpose is made by the author -.\" David Nugent. -.\" 5. Modifications may be freely made to this file providing the above -.\" conditions are met. -.\" -.\" $Id: login.conf.5,v 1.12 1997/08/31 20:09:39 brian Exp $ -.\" -.Dd November 22, 1996 -.Dt LOGIN.CONF 5 -.Os FreeBSD -.Sh NAME -.Nm login.conf -.Nd login class capability database -.Sh SYNOPSIS -.Pa /etc/login.conf , -.Pa ~/.login_conf -.Sh DESCRIPTION -login.conf contains various attributes and capabilities of login classes. -A login class (an optional annotation against each record in the user -account database, -.Pa /etc/master.passwd ) -determines session accounting, resource limits and user environment settings. -It is used by various programs in the system to set up a user's login -environment and to enforce policy, accounting and administrative restrictions. -It also provides the means by which users are able to be -authenticated to the system and the types of authentication available. -.Pp -A special record "default" in the system user class capability database -.Pa /etc/login.conf -is used automatically for any -non-root user without a valid login class in -.Pa /etc/master.passwd . -A user with a uid of 0 without a valid login class will use the record -"root" if it exists, or "default" if not. -.Pp -In FreeBSD, users may individually create a file called -.Pa .login_conf -in their home directory using the same format, consisting of a single -entry with a record id of "me". -If present, this file is used by -.Xr login 1 -to set user-defined environment settings which override those specified -in the system login capabilities database. -Only a subset of login capabilities may be overridden, typically those -which do not involve authentication, resource limits and accounting. -.Pp -Records in a class capabilities database consist of a number of -colon-separated fields. -The first entry for each record gives one or more names that a record is -to be known by, each separated by a '|' character. -The first name is the most common abbreviation. -The last name given should be a long name that is more descriptive -of the capability entry, and all others are synonyms. -All names but the last should be in lower case and contain no blanks; -the last name may contain upper case characters and blanks for -readability. -.Pp -See -.Xr getcap 3 -for a more in-depth description of the format of a capability database. -.Sh CAPABILITIES -Fields within each record in the database follow the -.Xr getcap 3 -conventions for boolean, type string -.Ql \&= -and type numeric -.Ql \&# , -although type numeric is depreciated in favour of the string format and -either form is accepted for a numeric datum. -Values fall into the following categories: -.Bl -tag -width "program" -.It file -Path name to a data file -.It program -Path name to an executable file -.It list -A list of values (or pairs of values) separated by commas or spaces -.It path -A space or comma separated list of path names, following the usual csh -conventions (leading tilde with and without username being expanded to -home directories etc.) -.It number -A numeric value, either decimal (default), hexadecimal (with leading 0x), -or octal (with a leading 0). -With a numeric type, only one numeric value is allowed. -Numeric types may also be specified in string format (ie. the capability -tag being delimited from the value by '=' instead of '#'). -Whichever method is used, then all records in the database must use the -same method to allow values to be correctly overridden in interpolated -records. -.It size -A number which expresses a size. -The default interpretation of a value is the number of bytes, but a -suffix may specify alternate units: -.Bl -tag -offset indent -compact -width xxxx -.It b -explicitly selects 512-byte blocks -.It k -selects kilobytes (1024 bytes) -.It m -specifies a multiplier of 1 megabyte (1048576 bytes), -.It g -specifies units of gigabytes, and -.It t -represents terabytes. -.El -A size value is a numeric quantity and case of the suffix is not significant. -Concatenated values are added together. -.It time -A period of time, by default in seconds. -A prefix may specify a different unit; -.Bl -tag -offset indent -compact -width xxxx -.It y -indicates the number of 365 day years, -.It w -indicates the number of weeks, -.It d -the number of days, -.It h -the number of minutes, and -.It s -the number of seconds. -.El -Concatenated values are added together. -For example, 2 hours and 40 minutes may be written either as -9600s, 160m or 2h40m. -.El -.Pp -The usual convention to interpolate capability entries using the special -.Em tc=value -notation may be used. -.Pp -.Sh RESOURCE LIMITS -.Bl -column coredumpsize indent indent -.Sy Name Type Notes Description -.It cputime time CPU usage limit. -.It filesize size Maximum file size limit. -.It datasize size Maximum data size limit. -.It stacksize size Maximum stack size limit. -.It coredumpsize size Maximum coredump size limit. -.It memoryuse size Maximum of core memory use size limit. -.It memorylocked size Maximum locked in core memory size limit. -.It maxproc number Maximum number of processes. -.It openfiles number Maximum number of open files per process. -.El -.Pp -These resource limit entries actually specify both the maximum -and current limits (see -.Xr getrlimit 2 ). -The current (soft) limit is the one normally used, although the user is permitted -to increase the current limit to the maximum (hard) limit. -The maximum and current limits may be specified individually by appending a --max or -cur to the capability name. -.Pp -.Sh ENVIRONMENT -.Bl -column ignorenologin indent xbinxxusrxbin -.Sy Name Type Notes Description -.It charset string Set $MM_CHARSET environment variable to the specified -value. -.It hushlogin bool false Same as having a ~/.hushlogin file. -.It ignorenologin bool false Login not prevented by nologin. -.It lang string Set $LANG environment variable to the specified value. -.It manpath path Default search path for manpages. -.It nologin file If the file exists it will be displayed and -the login session will be terminated. -.It path path /bin /usr/bin Default search path. -.It priority number Initial priority (nice) level. -.It requirehome bool false Require a valid home directory to login. -.It setenv list A comma-separated list of environment variables and -values to which they are to be set. -.It shell prog Session shell to execute rather than the -shell specified in the passwd file. The SHELL environment variable will -contain the shell specified in the password file. -.It term string su Default terminal type if not able to determine from -other means. -.It timezone string Default value of $TZ environment variable. -.It umask number 022 Initial umask. Should always have a leading 0 to -ensure octal interpretation. -.It welcome file /etc/motd File containing welcome message. -.El -.Pp -.Sh AUTHENTICATION -.Bl -column minpasswordlen indent indent -.Sy Name Type Notes Description -.It minpasswordlen number 6 The minimum length a local password may be. -.\" .It approve program Program to approve login. -.It auth list passwd Allowed authentication styles. The first value is the -default style. -.It auth-<type> list Allowed authentication styles for the -authentication type 'type'. -.It copyright file File containing additional copyright information -.\".It widepasswords bool false Use the wide password format. The wide password -.\" format allows up to 128 significant characters in the password. -.It host.allow list List of remote host wildcards from which users in -the class may access. -.It host.deny list List of remote host wildcards from which users in -the class may not access. -.It times.allow list List of time periods during which -logins are allowed. -.It times.deny list List of time periods during which logins are -disallowed. -.It tty.allow list List of ttys and ttygroups which users -in the class may use for access. -.It tty.deny list List of ttys and ttygroups which users -in the class may not use for access. -.El -.Pp -These fields are intended to be used by -.Xr passwd 1 -and other programs in the login authentication system. -.Pp -Capabilities that set environment variables are scanned for both -.Ql \&~ -and -.Ql \&$ -characters, which are substituted for a user's home directory and name -respectively. -To pass these characters literally into the environment variable, escape -the character by preceding it with a backslash '\\'. -.Pp -The -.Em host.allow -and -.Em host.deny -entries are comma separated lists used for checking remote access to the system, -and consist of a list of hostnames and/or IP addresses against which remote -network logins are checked. -Items in these lists may contain wildcards in the form used by shell programs -for wildcard matching (See -.Xr fnmatch 3 -for details on the implementation). -The check on hosts is made against both the remote system's Internet address -and hostname (if available). -If both lists are empty or not specified, then logins from any remote host -are allowed. -If host.allow contains one or more hosts, then only remote systems matching -any of the items in that list are allowed to log in. -If host.deny contains one or more hosts, then a login from any matching hosts -will be disallowed. -.Pp -The -.Em times.allow -and -.Em times.deny -entries consist of a comma-separated list of time periods during which the users -in a class are allowed to be logged in. -These are expressed as one or more day codes followed by a start and end times -expressed in 24 hour format, separated by a hyphen or dash. -For example, MoThSa0200-1300 translates to Monday, Thursday and Saturday between -the hours of 2 am and 1 p.m.. -If both of these time lists are empty, users in the class are allowed access at -any time. -If -.Em times.allow -is specified, then logins are only allowed during the periods given. -If -.Em times.deny -is specified, then logins are denied during the periods given, regardless of whether -one of the periods specified in -.Em times.allow -applies. -.Pp -Note that -.Xr login 1 -enforces only that the actual login falls within periods allowed by these entries. -Further enforcement over the life of a session requires a separate daemon to -monitor transitions from an allowed period to a non-allowed one. -.Pp -The -.Em tty.allow -and -.Em tty.deny -entries contain a comma-separated list of tty devices (without the /dev/ prefix) -that a user in a class may use to access the system, and/or a list of ttygroups -(See -.Xr getttyent 3 -and -.Xr ttys 5 -for information on ttygroups). -If neither entry exists, then the choice of login device used by the user is -unrestricted. -If only -.Em tty.allow -is specified, then the user is restricted only to ttys in the given -group or device list. -If only -.Em tty.deny -is specified, then the user is prevented from using the specified devices or -devices in the group. -If both lists are given and are non-empty, the user is restricted to those -devices allowed by tty.allow that are not available by tty.deny. -.Sh ACCOUNTING LIMITS -.Bl -column passwordperiod indent indent -.Sy Name Type Notes Description -.It accounted bool false Enable session time accounting for all users -in this class. -.It autodelete time Time after expiry when account is auto-deleted. -.It bootfull bool false Enable 'boot only if ttygroup is full' strategy -when terminating sessions. -.It daytime time Maximum login time per day. -.It expireperiod time Time for expiry allocation. -.It graceexpire time Grace days for expired account. -.It gracetime time Additional grace login time allowed. -.It host.accounted list List of remote host wildcards from which -login sessions will be accounted. -.It host.exempt list List of remote host wildcards from which -login session accounting is exempted. -.It idletime time Maximum idle time before logout. -.It monthtime time Maximum login time per month. -.It passwordtime time Time for password expiry. -.It refreshtime time New time allowed on account refresh. -.It refreshperiod str How often account time is refreshed. -.It sessiontime time Maximum login time per session. -.It sessionlimit number Maximum number of concurrent -login sessions on ttys in any group. -.It tty.accounted list List of ttys and ttygroups for which -login accounting is active. -.It tty.exempt list List of ttys and ttygroups for which login accounting -is exempt. -.It warnexpire time Advance notice for pending account expiry. -.It warnpassword time Advance notice for pending password expiry. -.It warntime time Advance notice for pending out-of-time. -.It weektime time Maximum login time per week. -.El -.Pp -These fields are used by the time accounting system, which regulates, -controls and records user login access. -.Pp -The -.Em ttys.accounted -and -.Em ttys.exempt -fields operate in a similar manner to -.Em ttys.allow -and -.Em ttys.deny -as explained -above. -Similarly with the -.Em host.accounted -and -.Em host.exempt -lists. -.Sh SEE ALSO -.Xr login 1 , -.Xr getcap 3 , -.Xr getttyent 3 , -.Xr login_cap 3 , -.Xr login_class 3 , -.Xr passwd 5 , -.Xr ttys 5 diff --git a/lib/libutil/login_auth.3 b/lib/libutil/login_auth.3 deleted file mode 100644 index 14a2a63..0000000 --- a/lib/libutil/login_auth.3 +++ /dev/null @@ -1,71 +0,0 @@ -.\" Copyright (c) 1995 David Nugent <davidn@blaze.net.au> -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, is permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice immediately at the beginning of the file, without modification, -.\" this list of conditions, and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. This work was done expressly for inclusion into FreeBSD. Other use -.\" is permitted provided this notation is included. -.\" 4. Absolutely no warranty of function or purpose is made by the author -.\" David Nugent. -.\" 5. Modifications may be freely made to this file providing the above -.\" conditions are met. -.\" -.\" $Id$ -.\" -.Dd December 29, 1996 -.Os FreeBSD -.Dt LOGIN_AUTH 3 -.Sh NAME -.Nm authenticate -.Nm auth_script -.Nm auth_env -.Nm auth_scan -.Nm auth_rmfiles -.Nm auth_checknologin -.Nm auth_cat -.Nm auth_ttyok -.Nm auth_hostok -.Nm auth_timesok -.Nd Authentication style support library for login class capabilities database. -.Sh SYNOPSIS -.Fd #include <sys/types.h> -.Fd #include <login_cap.h> -.Ft int -.Fn authenticate "const char *name" "const char *classname" "const char *style" "const char *service" -.Ft int -.Fn auth_script "const char * path" ... -.Ft int -.Fn auth_env "void" -.Ft int -.Fn auth_scan "int ok" -.Ft int -.Fn auth_rmfiles "void" -.Ft int -.Fn auth_checknologin "login_cap_t *lc" -.Ft int -.Fn auth_cat "const char *file" -.Ft int -.Fn auth_ttyok "login_cap_t *lc" "const char *tty" -.Ft int -.Fn auth_hostok "login_cap_t *lc" "const char *hostname" "char const *ip" -.Ft int -.Fn auth_timesok "login_cap_t *lc" "time_t now" -.Sh DESCRIPTION -This set of functions support the login class authorisation style interface provided -by -.Xr login.conf 5 . - -.Sh RETURN VALUES -.Sh SEE ALSO -.Xr getcap 3 , -.Xr login_cap 3 , -.Xr login_class 3 , -.Xr login.conf 5 , -.Xr termcap 5 diff --git a/lib/libutil/login_auth.c b/lib/libutil/login_auth.c deleted file mode 100644 index 1bd6c13..0000000 --- a/lib/libutil/login_auth.c +++ /dev/null @@ -1,671 +0,0 @@ -/*- - * Copyright (c) 1996 by - * Sean Eric Fagan <sef@kithrup.com> - * David Nugent <davidn@blaze.net.au> - * All rights reserved. - * - * Portions copyright (c) 1995,1997 by - * Berkeley Software Design, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, is permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice immediately at the beginning of the file, without modification, - * this list of conditions, and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. This work was done expressly for inclusion into FreeBSD. Other use - * is permitted provided this notation is included. - * 4. Absolutely no warranty of function or purpose is made by the authors. - * 5. Modifications may be freely made to this file providing the above - * conditions are met. - * - * Low-level routines relating to the user capabilities database - * - * $Id: login_auth.c,v 1.7 1997/05/10 18:55:37 davidn Exp $ - */ - -#include <sys/types.h> -#include <sys/time.h> -#include <sys/resource.h> -#include <sys/stat.h> -#include <sys/param.h> -#include <errno.h> -#include <fcntl.h> -#include <limits.h> -#include <stdio.h> -#include <ctype.h> -#include <pwd.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <unistd.h> -#include <login_cap.h> -#include <stdarg.h> -#include <paths.h> -#include <sys/socket.h> -#include <sys/wait.h> -#include <err.h> -#include <libutil.h> - -#ifdef LOGIN_CAP_AUTH -/* - * Comment from BSDI's authenticate.c module: - * NOTE: THIS MODULE IS TO BE DEPRECATED. FUTURE VERSIONS OF BSD/OS WILL - * HAVE AN UPDATED API, THOUGH THESE FUNCTIONS WILL CONTINUE TO BE AVAILABLE - * FOR BACKWARDS COMPATABILITY - */ - - -#define AUTHMAXSPOOL (8 * 1024) /* Max size of authentication data */ -#define AUTHCOMM_FD 3 /* Handle used to read/write auth data */ - -struct rmfiles { - struct rmfiles *next; - char file[1]; -}; - -struct authopts { - struct authopts *next; - char opt[1]; -}; - -static char *spoolbuf = NULL; -static int spoolidx = 0; -static struct rmfiles *rmfirst = NULL; -static struct authopts *optfirst = NULL; - - -/* - * Setup a known environment for all authentication scripts. - */ - -static char *auth_environ[] = { - "PATH=" _PATH_DEFPATH, - "SHELL=" _PATH_BSHELL, - NULL, -}; - - - -/* - * nextline() - * Get the next line from the data buffer collected from - * the authentication program. This function relies on the - * fact that lines are nul terminated. - */ - -static char * -nextline(int *idx) -{ - char *ptr = NULL; - - if (spoolbuf != NULL && *idx < spoolidx) { - ptr = spoolbuf + *idx; - *idx += strlen(ptr) + 1; - } - return ptr; -} - - -/* - * spooldata() - * Read data returned on authentication backchannel and - * stuff it into our spool buffer. We also replace \n with nul - * to make parsing easier later. - */ - -static int -spooldata(int fd) -{ - - if (spoolbuf) - free(spoolbuf); - spoolidx = 0; - - if (spoolbuf == NULL && (spoolbuf = malloc(AUTHMAXSPOOL)) == NULL) - syslog(LOG_ERR, "authbuffer malloc: %m"); - - else while (spoolidx < sizeof(spoolbuf) - 1) { - int r = read(fd, spoolbuf + spoolidx, sizeof(spoolbuf)-spoolidx); - char *b; - - if (r <= 0) { - spoolbuf[spoolidx] = '\0'; - return 0; - } - /* - * Convert newlines into NULs to allow - * easier scanning of the file. - */ - while ((b = memchr(spoolbuf + spoolidx, '\n', r)) != NULL) - *b = '\0'; - spoolidx += r; - } - return -1; -} - - -/* - * auth_check() - * Starts an auth_script() for the given <user>, with a class <class>, - * style <style>, and service <service>. <style> is necessary, - * as are <user> and <class>, but <service> is optional -- it defaults - * to "login". - * Since auth_script() expects an execl'able program name, authenticate() - * also concatenates <style> to _PATH_AUTHPROG. - * Lastly, calls auth_scan(0) to see if there are any "reject" statements, - * or lack of "auth" statements. - * Returns -1 on error, 0 on rejection, and >0 on success. - * (See AUTH_* for the return values.) - * - */ - -int -auth_check(const char *name, const char *clss, const char *style, - const char *service, int *status) -{ - int _status; - - if (status == NULL) - status = &_status; - *status = 0; - - if (style != NULL) { - char path[MAXPATHLEN]; - - if (service == NULL) - service = LOGIN_DEFSERVICE; - - snprintf(path, sizeof(path), _PATH_AUTHPROG "%s", style); - if (auth_script(path, style, "-s", service, name, clss, 0)) - status = 0; - else - *status = auth_scan(0); - - return *status & AUTH_ALLOW; - } - return -1; -} - - -int -auth_response(const char *name, const char *class, const char *style, - const char *service, int *status, - const char *challenge, const char *response) -{ - int _status; - - if (status == NULL) - status = &_status; - *status = 0; - - if (style != NULL) { - int datalen; - char *data; - - if (service == NULL) - service = LOGIN_DEFSERVICE; - - datalen = strlen(challenge) + strlen(response) + 2; - - if ((data = malloc(datalen)) == NULL) { - syslog(LOG_ERR, "auth_response: %m"); - warnx("internal resource failure"); - } else { - char path[MAXPATHLEN]; - - snprintf(data, datalen, "%s%c%s", challenge, 0, response); - snprintf(path, sizeof(path), _PATH_AUTHPROG "%s", style); - if (auth_script_data(data, datalen, path, style, "-s", service, - name, class, 0)) - *status = 0; - else - *status = auth_scan(0); - free(data); - return (*status & AUTH_ALLOW); - } - } - return -1; -} - - -int -auth_approve(login_cap_t *lc, const char *name, const char *service) -{ - int r = -1; - char path[MAXPATHLEN]; - - if (lc == NULL) { - if (strlen(name) > MAXPATHLEN) { - syslog(LOG_ERR, "%s: username too long", name); - warnx("username too long"); - } else { - struct passwd *pwd; - char *p; - - pwd = getpwnam(name); - if (pwd == NULL && (p = strchr(name, '.')) != NULL) { - int i = p - name; - - if (i >= MAXPATHLEN) - i = MAXPATHLEN - 1; - strncpy(path, name, i); - path[i] = '\0'; - pwd = getpwnam(path); /* Fixed bug in BSDI code... */ - } - if ((lc = login_getpwclass(pwd ? pwd->pw_class : NULL)) == NULL) - warnx("unable to classify user '%s'", name); - } - } - - if (lc != NULL) { - char *approve; - char *s; - - if (service != NULL) - service = LOGIN_DEFSERVICE; - - snprintf(path, sizeof(path), "approve-%s", service); - - if ((approve = login_getcapstr(lc, s = path, NULL, NULL)) == NULL && - (approve = login_getcapstr(lc, s = "approve", NULL, NULL)) == NULL) - r = AUTH_OKAY; - else { - - if (approve[0] != '/') { - syslog(LOG_ERR, "Invalid %s script: %s", s, approve); - warnx("invalid path to approval script"); - } else { - char *s; - - s = strrchr(approve, '/') + 1; - if (auth_script(approve, s, name, - lc->lc_class, service, 0) == 0 && - (r = auth_scan(AUTH_OKAY) & AUTH_ALLOW) != 0) - auth_env(); - } - } - } - return r; -} - - -void -auth_env(void) -{ - int idx = 0; - char *line; - - while ((line = nextline(&idx)) != NULL) { - if (!strncasecmp(line, BI_SETENV, sizeof(BI_SETENV)-1)) { - line += sizeof(BI_SETENV) - 1; - if (*line && isspace(*line)) { - char *name; - char ch, *p; - - while (*line && isspace(*line)) - ++line; - name = line; - while (*line && !isspace(*line)) - ++line; - ch = *(p = line); - if (*line) - ++line; - if (setenv(name, line, 1)) - warn("setenv(%s, %s)", name, line); - *p = ch; - } - } - } -} - - -char * -auth_value(const char *what) -{ - int idx = 0; - char *line; - - while ((line = nextline(&idx)) != NULL) { - if (!strncasecmp(line, BI_VALUE, sizeof(BI_VALUE)-1)) { - char *name; - - line += sizeof(BI_VALUE) - 1; - while (*line && isspace(*line)) - ++line; - name = line; - if (*line) { - int i; - char ch, *p; - - ch = *(p = line); - *line++ = '\0'; - i = strcmp(name, what); - *p = ch; - if (i == 0) - return auth_mkvalue(line); - } - } - } - return NULL; -} - -char * -auth_mkvalue(const char *value) -{ - char *big, *p; - - big = malloc(strlen(value) * 4 + 1); - if (big != NULL) { - for (p = big; *value; ++value) { - switch (*value) { - case '\r': - *p++ = '\\'; - *p++ = 'r'; - break; - case '\n': - *p++ = '\\'; - *p++ = 'n'; - break; - case '\\': - *p++ = '\\'; - *p++ = *value; - break; - case '\t': - case ' ': - if (p == big) - *p++ = '\\'; - *p++ = *value; - break; - default: - if (!isprint(*value)) { - *p++ = '\\'; - *p++ = ((*value >> 6) & 0x3) + '0'; - *p++ = ((*value >> 3) & 0x7) + '0'; - *p++ = ((*value ) & 0x7) + '0'; - } else - *p++ = *value; - break; - } - } - *p = '\0'; - big = realloc(big, strlen(big) + 1); - } - return big; -} - - -#define NARGC 63 -static int -_auth_script(const char *data, int nbytes, const char *path, va_list ap) -{ - int r, argc, status; - int pfd[2]; - pid_t pid; - struct authopts *e; - char *argv[NARGC+1]; - - r = -1; - argc = 0; - for (e = optfirst; argc < (NARGC - 1) && e != NULL; e = e->next) { - argv[argc++] = "-v"; - argv[argc++] = e->opt; - } - while (argc < NARGC && (argv[argc] = va_arg(ap, char *)) != NULL) - ++argc; - argv[argc] = NULL; - - if (argc >= NARGC && va_arg(ap, char *)) - syslog(LOG_ERR, "too many arguments"); - else if (_secure_path(path, 0, 0) < 0) { - syslog(LOG_ERR, "%s: path not secure", path); - warnx("invalid script: %s", path); - } else if (socketpair(PF_LOCAL, SOCK_STREAM, 0, pfd) < 0) { - syslog(LOG_ERR, "unable to create backchannel %m"); - warnx("internal resource failure"); - } else switch (pid = fork()) { - case -1: /* fork() failure */ - close(pfd[0]); - close(pfd[1]); - syslog(LOG_ERR, "fork %s: %m", path); - warnx("internal resource failure"); - break; - case 0: /* child process */ - close(pfd[0]); - if (pfd[1] != AUTHCOMM_FD) { - if (dup2(pfd[1], AUTHCOMM_FD) < 0) - err(1, "dup backchannel"); - close(pfd[1]); - } - for (r = getdtablesize(); --r > AUTHCOMM_FD; ) - close(r); - execve(path, argv, auth_environ); - syslog(LOG_ERR, "exec %s: %m", path); - err(1, path); - default: /* parent */ - close(pfd[1]); - if (data && nbytes) - write(pfd[0], data, nbytes); - r = spooldata(pfd[0]); - close(pfd[0]); - if (waitpid(pid, &status, 0) < 0) { - syslog(LOG_ERR, "%s: waitpid: %m", path); - warnx("internal failure"); - r = -1; - } else { - if (r != 0 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) - r = -1; - } - /* kill the buffer if it is of no use */ - if (r != 0) { - free(spoolbuf); - spoolbuf = NULL; - spoolidx = 0; - } - break; - } - return r; -} - - - -/* - * auth_script() - * Runs an authentication program with specified arguments. - * It sets up file descriptor 3 for the program to write to; - * it stashes the output somewhere. The output of the program - * consists of statements: - * reject [challenge|silent] - * authorize [root|secure] - * setenv <name> [<value>] - * remove <file> - * - * Terribly exciting, isn't it? - * Output cannot exceed AUTHMAXSPOOL characters. - */ - -int -auth_script(const char *path, ...) -{ - int r; - va_list ap; - - va_start(ap, path); - r = _auth_script(NULL, 0, path, ap); - va_end(ap); - return r; -} - - -int -auth_script_data(const char *data, int nbytes, const char *path, ...) -{ - int r; - va_list ap; - - va_start(ap, path); - r = _auth_script(data, nbytes, path, ap); - va_end(ap); - return r; -} - - -static void -add_rmlist(const char *file) -{ - struct rmfiles *rm; - - if ((rm = malloc(sizeof(struct rmfiles) + strlen(file) + 1)) == NULL) - syslog(LOG_ERR, "add_rmfile malloc: %m"); - else { - strcpy(rm->file, file); - rm->next = rmfirst; - rmfirst = rm; - } -} - - -int -auth_scan(int okay) -{ - int idx = 0; - char *line; - - while ((line = nextline(&idx)) != NULL) { - if (!strncasecmp(line, BI_REJECT, sizeof(BI_REJECT)-1)) { - line += sizeof(BI_REJECT) - 1; - while (*line && isspace(*line)) - ++line; - if (*line) { - if (!strcasecmp(line, "silent")) - return AUTH_SILENT; - if (!strcasecmp(line, "challenge")) - return AUTH_CHALLENGE; - } - return 0; - } else if (!strncasecmp(line, BI_AUTH, sizeof(BI_AUTH)-1)) { - line += sizeof(BI_AUTH) - 1; - while (*line && isspace(*line)) - ++line; - if (*line == '\0') - okay |= AUTH_OKAY; - else if (!strcasecmp(line, "root")) - okay |= AUTH_ROOTOKAY; - else if (!strcasecmp(line, "secure")) - okay |= AUTH_SECURE; - } - else if (!strncasecmp(line, BI_REMOVE, sizeof(BI_REMOVE)-1)) { - line += sizeof(BI_REMOVE) - 1; - while (*line && isspace(*line)) - ++line; - if (*line) - add_rmlist(line); - } - } - - return okay; -} - - -int -auth_setopt(const char *n, const char *v) -{ - int r; - struct authopts *e; - - if ((e = malloc(sizeof(*e) + strlen(n) + strlen(v) + 1)) == NULL) - r = -1; - else { - sprintf(e->opt, "%s=%s", n, v); - e->next = optfirst; - optfirst = e; - r = 0; - } - return r; -} - - -void -auth_clropts(void) -{ - struct authopts *e; - - while ((e = optfirst) != NULL) { - optfirst = e->next; - free(e); - } -} - - -void -auth_rmfiles(void) -{ - struct rmfiles *rm; - - while ((rm = rmfirst) != NULL) { - unlink(rm->file); - rmfirst = rm->next; - free(rm); - } -} - -#endif - - -/* - * auth_checknologin() - * Checks for the existance of a nologin file in the login_cap - * capability <lc>. If there isn't one specified, then it checks - * to see if this class should just ignore nologin files. Lastly, - * it tries to print out the default nologin file, and, if such - * exists, it exits. - */ - -void -auth_checknologin(login_cap_t *lc) -{ - char *file; - - /* Do we ignore a nologin file? */ - if (login_getcapbool(lc, "ignorenologin", 0)) - return; - - /* Note that <file> will be "" if there is no nologin capability */ - if ((file = login_getcapstr(lc, "nologin", "", NULL)) == NULL) - exit(1); - - /* - * *file is true IFF there was a "nologin" capability - * Note that auth_cat() returns 1 only if the specified - * file exists, and is readable. E.g., /.nologin exists. - */ - if ((*file && auth_cat(file)) || auth_cat(_PATH_NOLOGIN)) - exit(1); -} - - -/* - * auth_cat() - * Checks for the readability of <file>; if it can be opened for - * reading, it prints it out to stdout, and then exits. Otherwise, - * it returns 0 (meaning no nologin file). - */ - -int -auth_cat(const char *file) -{ - int fd, count; - char buf[BUFSIZ]; - - if ((fd = open(file, O_RDONLY)) < 0) - return 0; - while ((count = read(fd, buf, sizeof(buf))) > 0) - (void)write(fileno(stdout), buf, count); - close(fd); - sleep(5); /* wait an arbitrary time to drain */ - return 1; -} diff --git a/lib/libutil/login_cap.3 b/lib/libutil/login_cap.3 deleted file mode 100644 index c998d23..0000000 --- a/lib/libutil/login_cap.3 +++ /dev/null @@ -1,392 +0,0 @@ -.\" Copyright (c) 1995 David Nugent <davidn@blaze.net.au> -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, is permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice immediately at the beginning of the file, without modification, -.\" this list of conditions, and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. This work was done expressly for inclusion into FreeBSD. Other use -.\" is permitted provided this notation is included. -.\" 4. Absolutely no warranty of function or purpose is made by the author -.\" David Nugent. -.\" 5. Modifications may be freely made to this file providing the above -.\" conditions are met. -.\" -.\" $Id: login_cap.3,v 1.7 1997/05/18 09:14:11 davidn Exp $ -.\" -.Dd December 27, 1996 -.Os FreeBSD -.Dt LOGIN_CAP 3 -.Sh NAME -.Nm login_getclassbyname , -.Nm login_close , -.Nm login_getclass , -.Nm login_getpwclass , -.Nm login_getuserclass , -.Nm login_getcapstr , -.Nm login_getcaplist , -.Nm login_getcaptime , -.Nm login_getcapnum , -.Nm login_getcapsize , -.Nm login_getcapbool , -.Nm login_getstyle -.Nd functions for accessing the login class capabilities database. -.Sh SYNOPSIS -.Fd #include <sys/types.h> -.Fd #include <login_cap.h> -.Ft void -.Fn login_close "login_cap_t * lc" -.Ft login_cap_t * -.Fn login_getclassbyname "const char *nam" "const struct passwd *pwd" -.Ft login_cap_t * -.Fn login_getclass "const char *nam" -.Ft login_cap_t * -.Fn login_getpwclass "const struct passwd *pwd" -.Ft login_cap_t * -.Fn login_getuserclass "const struct passwd *pwd" -.Ft char * -.Fn login_getcapstr "login_cap_t *lc" "const char *cap" "char *def" "char *error" -.Ft char ** -.Fn login_getcaplist "login_cap_t *lc" "const char *cap" "const char *chars" -.Ft char * -.Fn login_getpath "login_cap_t *lc" "const char *cap" "char *error" -.Ft rlim_t -.Fn login_getcaptime "login_cap_t *lc" "const char *cap" "rlim_t def" "rlim_t error" -.Ft rlim_t -.Fn login_getcapnum "login_cap_t *lc" "const char *cap" "rlim_t def" "rlim_t error" -.Ft rlim_t -.Fn login_getcapsize "login_cap_t *lc" "const char *cap" "rlim_t def" "rlim_t error" -.Ft int -.Fn login_getcapbool "login_cap_t *lc" "const char *cap" "int def" -.Ft char * -.Fn login_getstyle "login_cap_t *lc" "char *style" "const char *auth" -.Pp -.Sh DESCRIPTION -These functions represent a programming interface to the login -classes database provided in -.Xr login.conf 5 . -This database contains capabilities, attributes and default environment -and accounting settings for users and programs running as specific users, -as determined by the login class field within entries in -.Pa /etc/master.passwd . -.Pp -Entries in -.Xr login.conf 5 -consist of colon -.Ql \&: -separated fields, the first field in each record being one or more -identifiers for the record which must be unique for the entire database -each separated by a '|' and may optionally include a description as -the last 'name'. -Remaining fields in the record consist of keyword/data pairs. -Long lines may be continued with a backslash within empty entries -with the second and subsequent lines optionally indented for readability. -This is similar to the format used in -.Xr termcap 5 -except that keywords are not limited to two significant characters, -and are usually longer for improved readability. -As with termcap entries, multiple records can be linked together -(one record including another) using a field containing tc=<recordid>, -the result is that the entire record referenced by <recordid> replaces -the tc= field at the point at which it occurs. -See -.Xr getcap 3 -for further details on the format and use of a capabilities database. -.Pp -The -.Nm login_cap -interface provides a convenient means of retrieving login class -records with all tc= references expanded. -A program will typically call one of -.Fn login_getclass , -.Fn login_getpwclass , -.Fn login_getuserclass -or -.Fn login_getclassbyname -according to its requirements. -Each of these functions returns a login capabilities structure, -.Ft login_cap_t -which may subsequently be used to interrogate the database for -specific values using the rest of the API. -Once the login_cap_t is of no further use, the -.Fn login_close -function should be called to free all resources used. -.Pp -The structure of login_cap_t is defined in login_cap.h, as: -.Bd -literal -offset indent -typedef struct { - char *lc_class; - char *lc_cap; - char *lc_style; -} login_cap_t; -.Ed -.Pp -The -.Ar lc_class -member contains a pointer to the name of the login class -retrieved. -This may not necessarily be the same as the one requested, -either directly via -.Fn login_getclassbyname , -indirectly via a user's login record using -.Fn login_getpwclass , -by class name using -.Fn login_getclass -or -.Fn login_getuserclass . -If the referenced user has no login class specified in -.Pa /etc/master.passwd , -the class name is NULL or an empty string, or if the class -specified does not exist in the database, each of these -functions will search for a record with an id of "default", -with that name returned in the -.Ar lc_class -field. -.Pp -The -.Ar lc_cap -field is used internally by the library to contain the -expanded login capabilities record. -Programs with unusual requirements may wish to use this -with the lower-level -.Fn getcap -style functions to access the record directly. -.Pp -The -.Ar lc_style -field is set by the -.Fn login_getstyle -function to the authorisation style according to the requirements -of the program handling a login itself. -.Pp -As noted above, the -.Fn get*class -functions return a login_cap_t object which is used to access -the matching or default record in the capabilities database. -.Fn getclassbyname -accepts two arguments: the first one is the record identifier of the -record to be retrieved, the second being an optional directory name. -If the first -.Ar name -argument is NULL, an empty string, or a class that does not exist -in the supplimental or system login class database, then the system -.Em default -record is returned instead. -If the second -.Ar dir -parameter is NULL, then only the system login class database is -used, but when not NULL, the named directory is searched for -a login database file called ".login_conf", and capability records -contained within it may override the system defaults. -This scheme allows users to override some login settings from -those in the system login class database by creating class records -for their own private class with a record id of `me'. -In the context of a -.Em login , -it should be noted that some options cannot by overridden by -users for two reasons; many options, such as resource settings -and deafult process priorities, require root privileges -in order to take effect, and other fields in the user's file are -not be consulted at all during the early phases of login for -security or administrative reasons. -See -.Xr login.conf 5 -for more information on which settings a user is able to override. -Typically, these are limited purely to the user's default login -environment which might otherwise have been overridden in shell -startup scripts in any case. -The user's -.Pa .login_conf -merely provides a convenient way for a user to set up their preferred -login environment before the shell is invoked on login. -.Pp -If the specified record is NULL, empty or does not exist, and the -system has no "default" record available to fallback, there is a -memory allocation error or for some reason -.Xr cgetent 3 -is unable to access the login capabilities database, this function -returns NULL. -.Pp -The functions -.Fn login_getpwclass , -.Fn login_getclass -and -.Fn login_getuserclass -retrieve the applicable login class record for the user's passwd -entry or class name by calling -.Fn login_getclassbyname . -On failure, NULL is returned. -The difference between these functions is that -.Fn login_getuserclass -includes the user's overriding -.Pa .login_conf -that exists in the user's home directory, -.Fn login_getpwclass, -and -.Fn login_getclass -restricts loookup only to the system login class database in -.Pa /etc/login.conf . -.Fn login_getpwclass -only differs from -.Fn login_getclass -in that it allows the default class for user 'root' as "root" -if none has been specified in the password database. -Otherwise, if the passwd pointer is NULL, or the user record -has no login class, then the system "default" entry is retrieved. -.Pp -Once a program no longer wishes to use a login_cap_t object, -.Fn login_close -may be called to free all resources used by the login class. -.Fn login_close -may be passed a NULL pointer with no harmful side-effects. -.Pp -The remaining functions may be used to retrieve individual -capability records. -Each function takes a login_cap_t object as its first parameter, -a capability tag as the second, and remaining parameters being -default and error values that are returned if the capability is -not found. -The type of the additional parameters passed and returned depend -on the -.Em type -of capability each deals with, be it a simple string, a list, -a time value, a file or memory size value, a path (consisting of -a colon-separated list of directories) or a boolean flag. -The manpage for -.Xr login.conf 5 -deals in specific tags and their type. -.Pp -Note that with all functions in this group, you should not call -.Xr free 3 -on any pointers returned. -Memory allocated during retrieval or processing of capability -tags is automatically reused by subsequent calls to functions -in this group, or deallocated on calling -.Fn login_close . -.Bl -tag -width "login_getcaplist()" -.It Fn login_getcapstr -This function returns a simple string capability. -If the string is not found, then the value in -.Ar def -is returned as the default value, or if an error -occurs, the value in the -.Ar error -parameter is returned. -.It Fn login_getcaplist -This function returns the value corresponding to the named -capability tag as a list of values in a NULL terminated -array. -Within the login class database, some tags are of type -.Em list , -which consist of one or more comma- or space separated -values. -Usually, this function is not called directly from an -application, but is used indirectly via -.Fn login_getstyle . -.It Fn login_getpath -This function returns a list of directories separated by colons -.Ql &: . -Capability tags for which this function is called consist of a list of -directories separated by spaces. -.It Fn login_getcaptime -This function returns a -.Em time value -associated with a particular capability tag with the value expressed -in seconds (the default), minutes, hours, days, weeks or (365 day) -years or any combination of these. -A suffix determines the units used: S for seconds, M for minutes, -H for hours, D for days, W for weeks and Y for 365 day years. -Case of the units suffix is ignored. -.Pp -Time values are normally used for setting resource, accounting and -session limits. -If supported by the operating system and compiler (which is true of -FreeBSD), the value returned is a quad (long long), of type -.Em rlim_t . -A value "inf" or "infinity" may be used to express an infinite -value, in which case RLIM_INFINITY is returned. -.It Fn login_getcapnum -This function returns a numeric value for a tag, expressed either as -tag=<value> or the standard -.Fn cgetnum -format tag#<value>. -The first format should be used in preference to the second, the -second format is provided for compatibility and consistency with the -.Xr getcap 3 -database format where numeric types use the -.Ql \&# -as the delimiter for numeric values. -If in the first format, then the value given may be "inf" or -"infinity" which results in a return value of RLIM_INFINITY. -If the given capability tag cannot be found, the -.Ar def -parameter is returned, and if an error occurs, the -.Ar error -parameter is returned. -.It Fn login_getcapsize -.Fn login_getcapsize -returns a value representing a size (typicially, file or memory) -which may be expressed as bytes (the default), 512 byte blocks, -kilobytes, megabytes, gigabytes, and on systems that support the -.Ar long long -type, terrabytes. -The suffix used determines the units, and multiple values and -units may be used in combination (e.g. 1m500k = 1.5 megabytes). -A value with no suffix is interpreted as bytes, B as 512-byte -blocks, K as kilobytes, M as megabytes, G as gigabytes and T as -terrabytes. -Case is ignored. -The error value is returned if there is a login capabilities database -error, if an invalid suffix is used, or if a numeric value cannot be -interpreted. -.It Fn login_getcapbool -This function returns a boolean value tied to a particular flag. -It returns 0 if the given capability tag is not present or is -negated by the presence of a "tag@" (See -.Xr getcap 3 -for more information on boolean flags), and returns 1 if the tag -is found. -.It Fn login_getstyle -This function is used by the login authorisation system to determine -the style of login available in a particular case. -The function accepts three parameters, the login_cap entry itself and -two optional parameters, and authorisation type 'auth' and 'style', and -applies these to determine the authorisation style that best suites -these rules. -.Bl -bullet -indent offset -.It -If 'auth' is neither NULL nor an empty string, look for a tag of type -"auth-<auth>" in the capability record. -If not present, then look for the default default tag "auth=". -.It -If no valid authorisation list was found from the previous step, then -default to "passwd" as the authorisation list. -.It -If 'style' is not NULL or empty, look for it in the list of authorisation -methods found from the pprevious step. -If 'style' is NULL or an empty string, then default to "passwd" -authorisation. -.It -If 'style' is found in the chosen list of authorisation methods, then -return that, otherwise return NULL. -.El -.Pp -This scheme allows the administrator to determine the types of -authorisation methods accepted by the system, depending on the -means by which the access occurs. -For example, the administrator may require skey or kerberos as -the authentication method used for access to the system via the -network, and standard methods via direct dialup or console -logins, significantly reducing the risk of password discovery -by "snooping" network packets. -.El -.Sh SEE ALSO -.Xr getcap 3 , -.Xr login_class 3 , -.Xr login.conf 5 , -.Xr termcap 5 diff --git a/lib/libutil/login_cap.c b/lib/libutil/login_cap.c deleted file mode 100644 index 0369907..0000000 --- a/lib/libutil/login_cap.c +++ /dev/null @@ -1,780 +0,0 @@ -/*- - * Copyright (c) 1996 by - * Sean Eric Fagan <sef@kithrup.com> - * David Nugent <davidn@blaze.net.au> - * All rights reserved. - * - * Portions copyright (c) 1995,1997 - * Berkeley Software Design, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, is permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice immediately at the beginning of the file, without modification, - * this list of conditions, and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. This work was done expressly for inclusion into FreeBSD. Other use - * is permitted provided this notation is included. - * 4. Absolutely no warranty of function or purpose is made by the authors. - * 5. Modifications may be freely made to this file providing the above - * conditions are met. - * - * Low-level routines relating to the user capabilities database - * - * $Id: login_cap.c,v 1.13 1997/05/11 08:07:29 davidn Exp $ - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <errno.h> -#include <fcntl.h> -#include <unistd.h> - -#include <sys/types.h> -#include <sys/time.h> -#include <sys/resource.h> -#include <sys/param.h> -#include <pwd.h> -#include <libutil.h> -#include <syslog.h> -#include <login_cap.h> - -/* - * allocstr() - * Manage a single static pointer for handling a local char* buffer, - * resizing as necessary to contain the string. - * - * allocarray() - * Manage a static array for handling a group of strings, resizing - * when necessary. - */ - -static int lc_object_count = 0; - -static size_t internal_stringsz = 0; -static char * internal_string = NULL; -static size_t internal_arraysz = 0; -static char ** internal_array = NULL; - -static char * -allocstr(char *str) -{ - char *p; - - size_t sz = strlen(str) + 1; /* realloc() only if necessary */ - if (sz <= internal_stringsz) - p = strcpy(internal_string, str); - else if ((p = realloc(internal_string, sz)) != NULL) { - internal_stringsz = sz; - internal_string = strcpy(p, str); - } - return p; -} - - -static char ** -allocarray(size_t sz) -{ - char **p; - - if (sz <= internal_arraysz) - p = internal_array; - else if ((p = realloc(internal_array, sz * sizeof(char*))) != NULL) { - internal_arraysz = sz; - internal_array = p; - } - return p; -} - - -/* - * arrayize() - * Turn a simple string <str> seperated by any of - * the set of <chars> into an array. The last element - * of the array will be NULL, as is proper. - * Free using freearraystr() - */ - -static char ** -arrayize(char *str, const char *chars, int *size) -{ - int i; - char *ptr; - char **res = NULL; - - /* count the sub-strings */ - for (i = 0, ptr = str; *ptr; i++) { - int count = strcspn(ptr, chars); - ptr += count; - if (*ptr) - ++ptr; - } - - /* alloc the array */ - if ((ptr = allocstr(str)) != NULL) { - if ((res = allocarray(++i)) == NULL) - free(str); - else { - /* now split the string */ - i = 0; - while (*ptr) { - int count = strcspn(ptr, chars); - res[i++] = ptr; - ptr += count; - if (*ptr) - *ptr++ = '\0'; - } - res[i] = NULL; - } - } - - if (size) - *size = i; - - return res; -} - - -/* - * login_close() - * Frees up all resources relating to a login class - * - */ - -void -login_close(login_cap_t * lc) -{ - if (lc) { - free(lc->lc_style); - free(lc->lc_class); - free(lc); - if (--lc_object_count == 0) { - free(internal_string); - free(internal_array); - internal_array = NULL; - internal_arraysz = 0; - internal_string = NULL; - internal_stringsz = 0; - cgetclose(); - } - } -} - - -/* - * login_getclassbyname() get the login class by its name. - * If the name given is NULL or empty, the default class - * LOGIN_DEFCLASS (ie. "default") is fetched. If the - * 'dir' argument contains a non-NULL non-empty string, - * then the file _FILE_LOGIN_CONF is picked up from that - * directory instead of the system login database. - * Return a filled-out login_cap_t structure, including - * class name, and the capability record buffer. - */ - -login_cap_t * -login_getclassbyname(char const *name, const struct passwd *pwd) -{ - login_cap_t *lc; - - if ((lc = malloc(sizeof(login_cap_t))) != NULL) { - int r, i = 0; - const char *msg = NULL; - const char *dir = (pwd == NULL) ? NULL : pwd->pw_dir; - char userpath[MAXPATHLEN]; - - static char *login_dbarray[] = { NULL, NULL, NULL }; - - if (dir && snprintf(userpath, MAXPATHLEN, "%s/%s", dir, - _FILE_LOGIN_CONF) < MAXPATHLEN) { - login_dbarray[i] = userpath; - if (_secure_path(userpath, pwd->pw_uid, pwd->pw_gid) != -1) - i++; /* only use 'secure' data */ - } - if (_secure_path(_PATH_LOGIN_CONF, 0, 0) != -1) - login_dbarray[i++] = _PATH_LOGIN_CONF; - login_dbarray[i] = NULL; - - memset(lc, 0, sizeof(login_cap_t)); - lc->lc_cap = lc->lc_class = lc->lc_style = NULL; - - if (name == NULL || *name == '\0') - name = LOGIN_DEFCLASS; - - switch (cgetent(&lc->lc_cap, login_dbarray, (char*)name)) { - case -1: /* Failed, entry does not exist */ - if (strcmp(name, LOGIN_MECLASS) == 0) - break; /* Don't retry default on 'me' */ - if (i == 0) - r = -1; - else if ((r = open(login_dbarray[0], O_RDONLY)) >= 0) - close(r); - /* - * If there's at least one login class database, - * and we aren't searching for a default class - * then complain about a non-existent class. - */ - if (r >= 0 || strcmp(name, LOGIN_DEFCLASS) != 0) - syslog(LOG_ERR, "login_getclass: unknown class '%s'", name); - /* fall-back to default class */ - name = LOGIN_DEFCLASS; - msg = "%s: no default/fallback class '%s'"; - if (cgetent(&lc->lc_cap, login_dbarray, (char*)name) != 0 && r >= 0) - break; - /* Fallthru - just return system defaults */ - case 0: /* success! */ - if ((lc->lc_class = strdup(name)) != NULL) { - ++lc_object_count; - return lc; - } - msg = "%s: strdup: %m"; - break; - case -2: - msg = "%s: retrieving class information: %m"; - break; - case -3: - msg = "%s: 'tc=' reference loop '%s'"; - break; - case 1: - msg = "couldn't resolve 'tc=' reference in '%s'"; - break; - default: - msg = "%s: unexpected cgetent() error '%s': %m"; - break; - } - if (msg != NULL) - syslog(LOG_ERR, msg, "login_getclass", name); - free(lc); - } - - return NULL; -} - - - -/* - * login_getclass() - * Get the login class for the system (only) login class database. - * Return a filled-out login_cap_t structure, including - * class name, and the capability record buffer. - */ - -login_cap_t * -login_getclass(const char *cls) -{ - return login_getclassbyname(cls, NULL); -} - - -/* - * login_getclass() - * Get the login class for a given password entry from - * the system (only) login class database. - * If the password entry's class field is not set, or - * the class specified does not exist, then use the - * default of LOGIN_DEFCLASS (ie. "default"). - * Return a filled-out login_cap_t structure, including - * class name, and the capability record buffer. - */ - -login_cap_t * -login_getpwclass(const struct passwd *pwd) -{ - const char *cls = NULL; - - if (pwd != NULL) { - cls = pwd->pw_class; - if (cls == NULL || *cls == '\0') - cls = (pwd->pw_uid == 0) ? LOGIN_DEFROOTCLASS : LOGIN_DEFCLASS; - } - return login_getclassbyname(cls, pwd); -} - - -/* - * login_getuserclass() - * Get the login class for a given password entry, allowing user - * overrides via ~/.login_conf. - */ - -login_cap_t * -login_getuserclass(const struct passwd *pwd) -{ - return login_getclassbyname(LOGIN_MECLASS, pwd); -} - - - -/* - * login_getcapstr() - * Given a login_cap entry, and a capability name, return the - * value defined for that capability, a defualt if not found, or - * an error string on error. - */ - -char * -login_getcapstr(login_cap_t *lc, const char *cap, char *def, char *error) -{ - char *res; - int ret; - - if (lc == NULL || cap == NULL || lc->lc_cap == NULL || *cap == '\0') - return def; - - if ((ret = cgetstr(lc->lc_cap, (char *)cap, &res)) == -1) - return def; - return (ret >= 0) ? res : error; -} - - -/* - * login_getcaplist() - * Given a login_cap entry, and a capability name, return the - * value defined for that capability split into an array of - * strings. - */ - -char ** -login_getcaplist(login_cap_t *lc, const char *cap, const char *chars) -{ - char *lstring; - - if (chars == NULL) - chars = ", \t"; - if ((lstring = login_getcapstr(lc, (char*)cap, NULL, NULL)) != NULL) - return arrayize(lstring, chars, NULL); - return NULL; -} - - -/* - * login_getpath() - * From the login_cap_t <lc>, get the capability <cap> which is - * formatted as either a space or comma delimited list of paths - * and append them all into a string and separate by semicolons. - * If there is an error of any kind, return <error>. - */ - -char * -login_getpath(login_cap_t *lc, const char *cap, char * error) -{ - char *str; - - if ((str = login_getcapstr(lc, (char*)cap, NULL, NULL)) == NULL) - str = error; - else { - char *ptr = str; - - while (*ptr) { - int count = strcspn(ptr, ", \t"); - ptr += count; - if (*ptr) - *ptr++ = ':'; - } - } - return str; -} - - -static int -isinfinite(const char *s) -{ - static const char *infs[] = { - "infinity", - "inf", - "unlimited", - "unlimit", - "-1", - NULL - }; - const char **i = &infs[0]; - - while (*i != NULL) { - if (strcasecmp(s, *i) == 0) - return 1; - ++i; - } - return 0; -} - - -static u_quad_t -rmultiply(u_quad_t n1, u_quad_t n2) -{ - u_quad_t m, r; - int b1, b2; - - static int bpw = 0; - - /* Handle simple cases */ - if (n1 == 0 || n2 == 0) - return 0; - if (n1 == 1) - return n2; - if (n2 == 1) - return n1; - - /* - * sizeof() returns number of bytes needed for storage. - * This may be different from the actual number of useful bits. - */ - if (!bpw) { - bpw = sizeof(u_quad_t) * 8; - while (((u_quad_t)1 << (bpw-1)) == 0) - --bpw; - } - - /* - * First check the magnitude of each number. If the sum of the - * magnatude is way to high, reject the number. (If this test - * is not done then the first multiply below may overflow.) - */ - for (b1 = bpw; (((u_quad_t)1 << (b1-1)) & n1) == 0; --b1) - ; - for (b2 = bpw; (((u_quad_t)1 << (b2-1)) & n2) == 0; --b2) - ; - if (b1 + b2 - 2 > bpw) { - errno = ERANGE; - return (UQUAD_MAX); - } - - /* - * Decompose the multiplication to be: - * h1 = n1 & ~1 - * h2 = n2 & ~1 - * l1 = n1 & 1 - * l2 = n2 & 1 - * (h1 + l1) * (h2 + l2) - * (h1 * h2) + (h1 * l2) + (l1 * h2) + (l1 * l2) - * - * Since h1 && h2 do not have the low bit set, we can then say: - * - * (h1>>1 * h2>>1 * 4) + ... - * - * So if (h1>>1 * h2>>1) > (1<<(bpw - 2)) then the result will - * overflow. - * - * Finally, if MAX - ((h1 * l2) + (l1 * h2) + (l1 * l2)) < (h1*h2) - * then adding in residual amout will cause an overflow. - */ - - m = (n1 >> 1) * (n2 >> 1); - if (m >= ((u_quad_t)1 << (bpw-2))) { - errno = ERANGE; - return (UQUAD_MAX); - } - m *= 4; - - r = (n1 & n2 & 1) - + (n2 & 1) * (n1 & ~(u_quad_t)1) - + (n1 & 1) * (n2 & ~(u_quad_t)1); - - if ((u_quad_t)(m + r) < m) { - errno = ERANGE; - return (UQUAD_MAX); - } - m += r; - - return (m); -} - - -/* - * login_getcaptime() - * From the login_cap_t <lc>, get the capability <cap>, which is - * formatted as a time (e.g., "<cap>=10h3m2s"). If <cap> is not - * present in <lc>, return <def>; if there is an error of some kind, - * return <error>. - */ - -rlim_t -login_getcaptime(login_cap_t *lc, const char *cap, rlim_t def, rlim_t error) -{ - char *res, *ep, *oval; - int r; - rlim_t tot; - - errno = 0; - if (lc == NULL || lc->lc_cap == NULL) - return def; - - /* - * Look for <cap> in lc_cap. - * If it's not there (-1), return <def>. - * If there's an error, return <error>. - */ - - if ((r = cgetstr(lc->lc_cap, (char *)cap, &res)) == -1) - return def; - else if (r < 0) { - errno = ERANGE; - return error; - } - - /* "inf" and "infinity" are special cases */ - if (isinfinite(res)) - return RLIM_INFINITY; - - /* - * Now go through the string, turning something like 1h2m3s into - * an integral value. Whee. - */ - - errno = 0; - tot = 0; - oval = res; - while (*res) { - rlim_t tim = strtoq(res, &ep, 0); - rlim_t mult = 1; - - if (ep == NULL || ep == res || errno != 0) { - invalid: - syslog(LOG_WARNING, "login_getcaptime: class '%s' bad value %s=%s", - lc->lc_class, cap, oval); - errno = ERANGE; - return error; - } - /* Look for suffixes */ - switch (*ep++) { - case 0: - ep--; - break; /* end of string */ - case 's': case 'S': /* seconds */ - break; - case 'm': case 'M': /* minutes */ - mult = 60; - break; - case 'h': case 'H': /* hours */ - mult = 60L * 60L; - break; - case 'd': case 'D': /* days */ - mult = 60L * 60L * 24L; - break; - case 'w': case 'W': /* weeks */ - mult = 60L * 60L * 24L * 7L; - break; - case 'y': case 'Y': /* 365-day years */ - mult = 60L * 60L * 24L * 365L; - break; - default: - goto invalid; - } - res = ep; - tot += rmultiply(tim, mult); - if (errno) - goto invalid; - } - - return tot; -} - - -/* - * login_getcapnum() - * From the login_cap_t <lc>, extract the numerical value <cap>. - * If it is not present, return <def> for a default, and return - * <error> if there is an error. - * Like login_getcaptime(), only it only converts to a number, not - * to a time; "infinity" and "inf" are 'special.' - */ - -rlim_t -login_getcapnum(login_cap_t *lc, const char *cap, rlim_t def, rlim_t error) -{ - char *ep, *res; - int r; - rlim_t val; - - if (lc == NULL || lc->lc_cap == NULL) - return def; - - /* - * For BSDI compatibility, try for the tag=<val> first - */ - if ((r = cgetstr(lc->lc_cap, (char *)cap, &res)) == -1) { - long lval; - /* string capability not present, so try for tag#<val> as numeric */ - if ((r = cgetnum(lc->lc_cap, (char *)cap, &lval)) == -1) - return def; /* Not there, so return default */ - else if (r >= 0) - return (rlim_t)lval; - } - - if (r < 0) { - errno = ERANGE; - return error; - } - - if (isinfinite(res)) - return RLIM_INFINITY; - - errno = 0; - val = strtoq(res, &ep, 0); - if (ep == NULL || ep == res || errno != 0) { - syslog(LOG_WARNING, "login_getcapnum: class '%s' bad value %s=%s", - lc->lc_class, cap, res); - errno = ERANGE; - return error; - } - - return val; -} - - - -/* - * login_getcapsize() - * From the login_cap_t <lc>, extract the capability <cap>, which is - * formatted as a size (e.g., "<cap>=10M"); it can also be "infinity". - * If not present, return <def>, or <error> if there is an error of - * some sort. - */ - -rlim_t -login_getcapsize(login_cap_t *lc, const char *cap, rlim_t def, rlim_t error) -{ - char *ep, *res, *oval; - int r; - rlim_t tot; - - if (lc == NULL || lc->lc_cap == NULL) - return def; - - if ((r = cgetstr(lc->lc_cap, (char *)cap, &res)) == -1) - return def; - else if (r < 0) { - errno = ERANGE; - return error; - } - - if (isinfinite(res)) - return RLIM_INFINITY; - - errno = 0; - tot = 0; - oval = res; - while (*res) { - rlim_t siz = strtoq(res, &ep, 0); - rlim_t mult = 1; - - if (ep == NULL || ep == res || errno != 0) { - invalid: - syslog(LOG_WARNING, "login_getcapsize: class '%s' bad value %s=%s", - lc->lc_class, cap, oval); - errno = ERANGE; - return error; - } - switch (*ep++) { - case 0: /* end of string */ - ep--; - break; - case 'b': case 'B': /* 512-byte blocks */ - mult = 512; - break; - case 'k': case 'K': /* 1024-byte Kilobytes */ - mult = 1024; - break; - case 'm': case 'M': /* 1024-k kbytes */ - mult = 1024 * 1024; - break; - case 'g': case 'G': /* 1Gbyte */ - mult = 1024 * 1024 * 1024; - break; - case 't': case 'T': /* 1TBte */ - mult = 1024LL * 1024LL * 1024LL * 1024LL; - break; - default: - goto invalid; - } - res = ep; - tot += rmultiply(siz, mult); - if (errno) - goto invalid; - } - - return tot; -} - - -/* - * login_getcapbool() - * From the login_cap_t <lc>, check for the existance of the capability - * of <cap>. Return <def> if <lc>->lc_cap is NULL, otherwise return - * the whether or not <cap> exists there. - */ - -int -login_getcapbool(login_cap_t *lc, const char *cap, int def) -{ - if (lc == NULL || lc->lc_cap == NULL) - return def; - return (cgetcap(lc->lc_cap, (char *)cap, ':') != NULL); -} - - -/* - * login_getstyle() - * Given a login_cap entry <lc>, and optionally a type of auth <auth>, - * and optionally a style <style>, find the style that best suits these - * rules: - * 1. If <auth> is non-null, look for an "auth-<auth>=" string - * in the capability; if not present, default to "auth=". - * 2. If there is no auth list found from (1), default to - * "passwd" as an authorization list. - * 3. If <style> is non-null, look for <style> in the list of - * authorization methods found from (2); if <style> is NULL, default - * to LOGIN_DEFSTYLE ("passwd"). - * 4. If the chosen style is found in the chosen list of authorization - * methods, return that; otherwise, return NULL. - * E.g.: - * login_getstyle(lc, NULL, "ftp"); - * login_getstyle(lc, "login", NULL); - * login_getstyle(lc, "skey", "network"); - */ - -char * -login_getstyle(login_cap_t *lc, char *style, const char *auth) -{ - int i; - char **authtypes = NULL; - char *auths= NULL; - char realauth[64]; - - static char *defauthtypes[] = { LOGIN_DEFSTYLE, NULL }; - - if (auth != NULL && *auth != '\0') { - if (snprintf(realauth, sizeof realauth, "auth-%s", auth) < sizeof realauth) - authtypes = login_getcaplist(lc, realauth, NULL); - } - - if (authtypes == NULL) - authtypes = login_getcaplist(lc, "auth", NULL); - - if (authtypes == NULL) - authtypes = defauthtypes; - - /* - * We have at least one authtype now; auths is a comma-seperated - * (or space-separated) list of authentication types. We have to - * convert from this to an array of char*'s; authtypes then gets this. - */ - i = 0; - if (style != NULL && *style != '\0') { - while (authtypes[i] != NULL && strcmp(style, authtypes[i]) != 0) - i++; - } - - lc->lc_style = NULL; - if (authtypes[i] != NULL && (auths = strdup(authtypes[i])) != NULL) - lc->lc_style = auths; - - if (lc->lc_style != NULL) - lc->lc_style = strdup(lc->lc_style); - - return lc->lc_style; -} diff --git a/lib/libutil/login_cap.h b/lib/libutil/login_cap.h deleted file mode 100644 index f380936..0000000 --- a/lib/libutil/login_cap.h +++ /dev/null @@ -1,156 +0,0 @@ -/*- - * Copyright (c) 1996 by - * Sean Eric Fagan <sef@kithrup.com> - * David Nugent <davidn@blaze.net.au> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, is permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice immediately at the beginning of the file, without modification, - * this list of conditions, and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. This work was done expressly for inclusion into FreeBSD. Other use - * is permitted provided this notation is included. - * 4. Absolutely no warranty of function or purpose is made by the authors. - * 5. Modifications may be freely made to this file providing the above - * conditions are met. - * - * Low-level routines relating to the user capabilities database - * - * Was login_cap.h,v 1.9 1997/05/07 20:00:01 eivind Exp - * $Id: login_cap.h,v 1.1 1997/05/10 12:49:30 davidn Exp $ - */ - -#ifndef _LOGIN_CAP_H_ -#define _LOGIN_CAP_H_ - -#define LOGIN_DEFCLASS "default" -#define LOGIN_DEFROOTCLASS "root" -#define LOGIN_MECLASS "me" -#define LOGIN_DEFSTYLE "passwd" -#define LOGIN_DEFSERVICE "login" -#define LOGIN_DEFUMASK 022 -#define LOGIN_DEFPRI 0 -#define _PATH_LOGIN_CONF "/etc/login.conf" -#define _FILE_LOGIN_CONF ".login_conf" -#define _PATH_AUTHPROG "/usr/libexec/login_" - -#define LOGIN_SETGROUP 0x0001 /* set group */ -#define LOGIN_SETLOGIN 0x0002 /* set login (via setlogin) */ -#define LOGIN_SETPATH 0x0004 /* set path */ -#define LOGIN_SETPRIORITY 0x0008 /* set priority */ -#define LOGIN_SETRESOURCES 0x0010 /* set resources (cputime, etc.) */ -#define LOGIN_SETUMASK 0x0020 /* set umask, obviously */ -#define LOGIN_SETUSER 0x0040 /* set user (via setuid) */ -#define LOGIN_SETENV 0x0080 /* set user environment */ -#define LOGIN_SETALL 0x00ff /* set everything */ - -#define BI_AUTH "authorize" /* accepted authentication */ -#define BI_REJECT "reject" /* rejected authentication */ -#define BI_CHALLENG "reject challenge" /* reject with a challenge */ -#define BI_SILENT "reject silent" /* reject silently */ -#define BI_REMOVE "remove" /* remove file on error */ -#define BI_ROOTOKAY "authorize root" /* root authenticated */ -#define BI_SECURE "authorize secure" /* okay on non-secure line */ -#define BI_SETENV "setenv" /* set environment variable */ -#define BI_VALUE "value" /* set local variable */ - -#define AUTH_OKAY 0x01 /* user authenticated */ -#define AUTH_ROOTOKAY 0x02 /* root login okay */ -#define AUTH_SECURE 0x04 /* secure login */ -#define AUTH_SILENT 0x08 /* silent rejection */ -#define AUTH_CHALLENGE 0x10 /* a chellenge was given */ - -#define AUTH_ALLOW (AUTH_OKAY | AUTH_ROOTOKAY | AUTH_SECURE) - -typedef struct login_cap { - char *lc_class; - char *lc_cap; - char *lc_style; -} login_cap_t; - -typedef struct login_time { - u_short lt_start; /* Start time */ - u_short lt_end; /* End time */ -#define LTM_NONE 0x00 -#define LTM_SUN 0x01 -#define LTM_MON 0x02 -#define LTM_TUE 0x04 -#define LTM_WED 0x08 -#define LTM_THU 0x10 -#define LTM_FRI 0x20 -#define LTM_SAT 0x40 -#define LTM_ANY 0x7F -#define LTM_WK 0x3E -#define LTM_WD 0x41 - u_char lt_dow; /* Days of week */ -} login_time_t; - -#define LC_MAXTIMES 64 - -#include <sys/cdefs.h> -__BEGIN_DECLS -struct passwd; - -void login_close __P((login_cap_t *)); -login_cap_t *login_getclassbyname __P((const char *, const struct passwd *)); -login_cap_t *login_getclass __P((const char *)); -login_cap_t *login_getpwclass __P((const struct passwd *)); -login_cap_t *login_getuserclass __P((const struct passwd *)); - -char *login_getcapstr __P((login_cap_t*, const char *, char *, char *)); -char **login_getcaplist __P((login_cap_t *, const char *, const char *)); -char *login_getstyle __P((login_cap_t *, char *, const char *)); -rlim_t login_getcaptime __P((login_cap_t *, const char *, rlim_t, rlim_t)); -rlim_t login_getcapnum __P((login_cap_t *, const char *, rlim_t, rlim_t)); -rlim_t login_getcapsize __P((login_cap_t *, const char *, rlim_t, rlim_t)); -char *login_getpath __P((login_cap_t *, const char *, char *)); -int login_getcapbool __P((login_cap_t *, const char *, int)); - -int setclasscontext __P((const char*, unsigned int)); -int setusercontext __P((login_cap_t*, const struct passwd*, uid_t, unsigned int)); -void setclassresources __P((login_cap_t *)); -void setclassenvironment __P((login_cap_t *, const struct passwd *, int)); - -/* Most of these functions are deprecated */ -int auth_approve __P((login_cap_t*, const char*, const char*)); -int auth_check __P((const char *, const char *, const char *, const char *, int *)); -void auth_env __P((void)); -char *auth_mkvalue __P((const char *n)); -int auth_response __P((const char *, const char *, const char *, const char *, int *, const char *, const char *)); -void auth_rmfiles __P((void)); -int auth_scan __P((int)); -int auth_script __P((const char*, ...)); -int auth_script_data __P((const char *, int, const char *, ...)); -char *auth_valud __P((const char *)); -int auth_setopt __P((const char *, const char *)); -void auth_clropts __P((void)); - -void auth_checknologin __P((login_cap_t*)); -int auth_cat __P((const char*)); - -int auth_ttyok __P((login_cap_t*, const char *)); -int auth_hostok __P((login_cap_t*, const char *, char const *)); -int auth_timeok __P((login_cap_t*, time_t)); - -struct tm; - -login_time_t parse_lt __P((const char *)); -int in_ltm __P((const login_time_t *, struct tm *, time_t *)); -int in_ltms __P((const login_time_t *, struct tm *, time_t *)); - -/* helper functions */ - -int login_strinlist __P((char **, char const *, int)); -int login_str2inlist __P((char **, const char *, const char *, int)); -login_time_t * login_timelist __P((login_cap_t *, char const *, int *, login_time_t **)); -int login_ttyok __P((login_cap_t *, const char *, const char *, const char *)); -int login_hostok __P((login_cap_t *, const char *, const char *, const char *, const char *)); - -__END_DECLS - -#endif /* _LOGIN_CAP_H_ */ diff --git a/lib/libutil/login_class.3 b/lib/libutil/login_class.3 deleted file mode 100644 index f74803c..0000000 --- a/lib/libutil/login_class.3 +++ /dev/null @@ -1,187 +0,0 @@ -.\" Copyright (c) 1995 David Nugent <davidn@blaze.net.au> -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, is permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice immediately at the beginning of the file, without modification, -.\" this list of conditions, and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. This work was done expressly for inclusion into FreeBSD. Other use -.\" is permitted provided this notation is included. -.\" 4. Absolutely no warranty of function or purpose is made by the author -.\" David Nugent. -.\" 5. Modifications may be freely made to this file providing the above -.\" conditions are met. -.\" -.\" $Id: login_class.3,v 1.4 1997/02/22 15:08:20 peter Exp $ -.\" -.Dd December 28, 1996 -.Os FreeBSD -.Dt LOGIN_CLASS 3 -.Sh NAME -.Nm setclasscontext , -.Nm setusercontext , -.Nm setclassresources , -.Nm setclassenvironment -.Nd functions for using the login class capabilities database. -.Sh SYNOPSIS -.Fd #include <sys/types.h> -.Fd #include <login_cap.h> -.Ft int -.Fn setclasscontext "const char *classname" "unsigned int flags" -.Ft int -.Fn setusercontext "login_cap_t *lc" "const struct passwd *pwd" "uid_t uid" "unsigned int flags" -.Ft void -.Fn setclassresources "login_cap_t *lc" -.Ft void -.Fn setclassenvironment "login_cap_t *lc" "const struct passwd *pwd" "int paths" -.Pp -.Sh DESCRIPTION -These functions provide a higher level interface to the login class -database than those documented in -.Xr login_cap 3 . -These functions are used to set resource limits, environment and -accounting settings for users on logging into the system and when -selecting an appropriate set of environment and resource settings -for system daemons based on login classes. -These functions may only be called if the current process is -running with root priviledges. -If the LOGIN_SETLOGIN flag is used this function calls -.Xr setlogin 2 , -and due care must be taken as detailed in the manpage for that -function and this affects all processes running in the same session -and not just the current process. -.Pp -.Fn setclasscontext -sets various class context values (resource limits, umask and -process priorities) based on values for a specific named class. -.Pp -The function -.Fn setusercontext -sets class context values based on a given login_cap_t -object, a specific passwd record (if login_cap_t is NULL), -sets the current session's login and the current process -user and group ownership. -Each of these functions is selectable via bit-flags passed -in the -.Ar flags -parameter, which is comprised of one or more of the following: -.Bl -tag -width LOGIN_SETRESOURCES -.It LOGIN_SETLOGIN -Set the login associated with the current session to the user -specified in the passwd structure. -.Xr setlogin 2 . -The -.Ar pwd -parameter must not be NULL if this option is used. -.It LOGIN_SETUSER -Set ownship of the current process to the uid specified in the -.Ar uid -parameter using -.Xr setuid 2 . -.It LOGIN_SETGROUP -Set group ownership of the current process to the group id -specified in the passwd structure using -.Xr setgid 2 , -and calls -.Xr initgroups 3 -to set up the group access list for the current process. -The -.Ar pwd -parameter must not be NULL if this option is used. -.It LOGIN_SETRESOURCES -Set resource limits for the current process based on values -specified in the system login class database. -Class capability tags used, with and without -cur (soft limit) -or -max (hard limit) suffixes and the corresponding resource -setting: -.Bd -literal -cputime RLIMIT_CPU -filesize RLIMIT_FSIZE -datasize RLIMIT_DATA -stacksize RLIMIT_STACK -coredumpsize RLIMIT_CORE -memoryuse RLIMIT_RSS -memorylocked RLIMIT_MEMLOCK -maxproc RLIMIT_NPROC -openfiles RLIMIT_NOFILE -.Ed -.It LOGIN_SETPRIORITY -Set the scheduling priority for the current process based on the -value specified in the system login class database. -Class capability tags used: -.Bd -literal -priority -.Ed -.It LOGIN_SETUMASK -Set the umask for the current process to a value in the user or -system login class database. -Class capability tags used: -.Bd -literal -umask -.Ed -.It LOGIN_SETPATH -Set the "path" and "manpath" environment variables based on values -in the user or system login class database. -Class capability tags used with the corresponding environment -variables set: -.Bd -literal -path PATH -manpath MANPATH -.Ed -.It LOGIN_SETENV -Set various environment variables based on values in the user or -system login class database. -Class capability tags used with the corresponding environment -variables set: -.Bd -literal -lang LANG -charset MM_CHARSET -timezone TZ -term TERM -.Ed -.Pp -Additional environment variables may be set using the list type -capability "setenv=var1 val1,var2 val2..,varN valN". -.It LOGIN_SETALL -Enables all of the above settings. -.El -.Pp -Note that when setting environment variables and a valid passwd -pointer is provided in the -.Ar pwd -parameter, the characters -.Ql \&~ -and -.Ql \&$ -are substituted for the user's home directory and login name -respectively. -.Pp -The -.Fn setclassresources -and -.Fn setclassenvironment -functions are subsets of the setcontext functions above, but may -be useful in isolation. -.Sh RETURN VALUES -.Fn setclasscontext -and -.Fn setusercontext -return -1 if an error occured, or 0 on success. -If an error occurs when attempting to set the user, login, group -or resources, a message is reported to -.Xr syslog 3 , -with LOG_ERR priority and directed to the currently active facility. -.Sh SEE ALSO -.Xr setgid 2 , -.Xr setlogin 2 , -.Xr setuid 2 , -.Xr getcap 3 , -.Xr initgroups 3 , -.Xr login_cap 3 , -.Xr login.conf 5 , -.Xr termcap 5 diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c deleted file mode 100644 index 73190e9..0000000 --- a/lib/libutil/login_class.c +++ /dev/null @@ -1,387 +0,0 @@ -/*- - * Copyright (c) 1996 by - * Sean Eric Fagan <sef@kithrup.com> - * David Nugent <davidn@blaze.net.au> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, is permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice immediately at the beginning of the file, without modification, - * this list of conditions, and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. This work was done expressly for inclusion into FreeBSD. Other use - * is permitted provided this notation is included. - * 4. Absolutely no warranty of function or purpose is made by the authors. - * 5. Modifications may be freely made to this file providing the above - * conditions are met. - * - * High-level routines relating to use of the user capabilities database - * - * $Id: login_class.c,v 1.5 1997/02/22 15:08:22 peter Exp $ - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <errno.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/time.h> -#include <sys/resource.h> -#include <fcntl.h> -#include <pwd.h> -#include <syslog.h> -#include <login_cap.h> -#include <paths.h> - - -#undef UNKNOWN -#define UNKNOWN "su" - - -static struct login_res { - const char *what; - rlim_t (*who)(login_cap_t *, const char *, rlim_t, rlim_t); - int why; -} resources[] = { - { "cputime", login_getcaptime, RLIMIT_CPU }, - { "filesize", login_getcapsize, RLIMIT_FSIZE }, - { "datasize", login_getcapsize, RLIMIT_DATA }, - { "stacksize", login_getcapsize, RLIMIT_STACK }, - { "memoryuse", login_getcapsize, RLIMIT_RSS }, - { "memorylocked", login_getcapsize, RLIMIT_MEMLOCK }, - { "maxproc", login_getcapnum, RLIMIT_NPROC }, - { "openfiles", login_getcapnum, RLIMIT_NOFILE }, - { "coredumpsize", login_getcapsize, RLIMIT_CORE }, - { NULL, 0, 0 } -}; - - -void -setclassresources(login_cap_t *lc) -{ - struct login_res *lr; - - if (lc == NULL) - return; - - for (lr = resources; lr->what != NULL; ++lr) { - struct rlimit rlim; - - /* - * The login.conf file can have <limit>, <limit>-max, and - * <limit>-cur entries. - * What we do is get the current current- and maximum- limits. - * Then, we try to get an entry for <limit> from the capability, - * using the current and max limits we just got as the - * default/error values. - * *Then*, we try looking for <limit>-cur and <limit>-max, - * again using the appropriate values as the default/error - * conditions. - */ - - if (getrlimit(lr->why, &rlim) != 0) - syslog(LOG_ERR, "getting %s resource limit: %m", lr->what); - else { - char name_cur[40]; - char name_max[40]; - rlim_t rcur = rlim.rlim_cur; - rlim_t rmax = rlim.rlim_max; - - sprintf(name_cur, "%s-cur", lr->what); - sprintf(name_max, "%s-max", lr->what); - - rcur = (*lr->who)(lc, lr->what, rcur, rcur); - rmax = (*lr->who)(lc, lr->what, rmax, rmax); - rlim.rlim_cur = (*lr->who)(lc, name_cur, rcur, rcur); - rlim.rlim_max = (*lr->who)(lc, name_max, rmax, rmax); - - if (setrlimit(lr->why, &rlim) == -1) - syslog(LOG_WARNING, "set class '%s' resource limit %s: %m", lc->lc_class, lr->what); - } - } -} - - - -static struct login_vars { - const char *tag; - const char *var; - const char *def; -} pathvars[] = { - { "path", "PATH", NULL }, - { "cdpath", "CDPATH", NULL }, - { "manpath", "MANPATH", NULL }, - { NULL, NULL, NULL } -}, envars[] = { - { "lang", "LANG", NULL }, - { "charset", "MM_CHARSET", NULL }, - { "timezone", "TZ", NULL }, - { "term", "TERM", UNKNOWN }, - { NULL, NULL, NULL } -}; - -static char * -substvar(char * var, const struct passwd * pwd, int hlen, int pch, int nlen) -{ - char *np = NULL; - - if (var != NULL) { - int tildes = 0; - int dollas = 0; - char *p; - - if (pwd != NULL) { - /* Count the number of ~'s in var to substitute */ - p = var; - for (p = var; (p = strchr(p, '~')) != NULL; p++) - ++tildes; - /* Count the number of $'s in var to substitute */ - p = var; - for (p = var; (p = strchr(p, '$')) != NULL; p++) - ++dollas; - } - - np = malloc(strlen(var) + (dollas * nlen) - - dollas + (tildes * (pch+hlen)) - - tildes + 1); - - if (np != NULL) { - p = strcpy(np, var); - - if (pwd != NULL) { - /* - * This loop does user username and homedir substitutions - * for unescaped $ (username) and ~ (homedir) - */ - while (*(p += strcspn(p, "~$")) != '\0') { - int l = strlen(p); - - if (p > var && *(p-1) == '\\') /* Escaped: */ - memmove(p - 1, p, l + 1); /* Slide-out the backslash */ - else if (*p == '~') { - int v = pch && *(p+1) != '/'; /* Avoid double // */ - memmove(p + hlen + v, p + 1, l); /* Subst homedir */ - memmove(p, pwd->pw_dir, hlen); - if (v) - p[hlen] = '/'; - p += hlen + v; - } - else /* if (*p == '$') */ { - memmove(p + nlen, p + 1, l); /* Subst username */ - memmove(p, pwd->pw_name, nlen); - p += nlen; - } - } - } - } - } - - return np; -} - - -void -setclassenvironment(login_cap_t *lc, const struct passwd * pwd, int paths) -{ - struct login_vars *vars = paths ? pathvars : envars; - int hlen = pwd ? strlen(pwd->pw_dir) : 0; - int nlen = pwd ? strlen(pwd->pw_name) : 0; - char pch = 0; - - if (hlen && pwd->pw_dir[hlen-1] != '/') - ++pch; - - while (vars->tag != NULL) { - char * var = paths ? login_getpath(lc, vars->tag, NULL) - : login_getcapstr(lc, vars->tag, NULL, NULL); - - char * np = substvar(var, pwd, hlen, pch, nlen); - - if (np != NULL) { - setenv(vars->var, np, 1); - free(np); - } else if (vars->def != NULL) { - setenv(vars->var, vars->def, 0); - } - ++vars; - } - - /* - * If we're not processing paths, then see if there is a setenv list by - * which the admin and/or user may set an arbitrary set of env vars. - */ - if (!paths) { - char **set_env = login_getcaplist(lc, "setenv", ","); - - if (set_env != NULL) { - while (*set_env != NULL) { - char *p = strchr(*set_env, '='); - - if (p != NULL) { /* Discard invalid entries */ - char *np; - - *p++ = '\0'; - if ((np = substvar(p, pwd, hlen, pch, nlen)) != NULL) { - setenv(*set_env, np, 1); - free(np); - } - } - ++set_env; - } - } - } -} - - -/* - * setclasscontext() - * - * For the login class <class>, set various class context values - * (limits, mainly) to the values for that class. Which values are - * set are controlled by <flags> -- see <login_class.h> for the - * possible values. - * - * setclasscontext() can only set resources, priority, and umask. - */ - -int -setclasscontext(const char *classname, unsigned int flags) -{ - int rc; - login_cap_t *lc; - - lc = login_getclassbyname(classname, NULL); - - flags &= LOGIN_SETRESOURCES | LOGIN_SETPRIORITY | - LOGIN_SETUMASK | LOGIN_SETPATH; - - rc = lc ? setusercontext(lc, NULL, 0, flags) : -1; - login_close(lc); - return rc; -} - - - -/* - * Private functionw which takes care of processing - */ - -static mode_t -setlogincontext(login_cap_t *lc, const struct passwd *pwd, - mode_t mymask, unsigned long flags) -{ - if (lc) { - /* Set resources */ - if (flags & LOGIN_SETRESOURCES) - setclassresources(lc); - /* See if there's a umask override */ - if (flags & LOGIN_SETUMASK) - mymask = (mode_t)login_getcapnum(lc, "umask", mymask, mymask); - /* Set paths */ - if (flags & LOGIN_SETPATH) - setclassenvironment(lc, pwd, 1); - /* Set environment */ - if (flags & LOGIN_SETENV) - setclassenvironment(lc, pwd, 0); - } - return mymask; -} - - - -/* - * setusercontext() - * - * Given a login class <lc> and a user in <pwd>, with a uid <uid>, - * set the context as in setclasscontext(). <flags> controls which - * values are set. - * - * The difference between setclasscontext() and setusercontext() is - * that the former sets things up for an already-existing process, - * while the latter sets things up from a root context. Such as might - * be called from login(1). - * - */ - -int -setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned int flags) -{ - quad_t p; - mode_t mymask; - login_cap_t *llc = NULL; - - if (lc == NULL) { - if (pwd != NULL && (lc = login_getpwclass(pwd)) != NULL) - llc = lc; /* free this when we're done */ - } - - if (flags & LOGIN_SETPATH) - pathvars[0].def = uid ? _PATH_DEFPATH : _PATH_STDPATH; - - /* we need a passwd entry to set these */ - if (pwd == NULL) - flags &= ~(LOGIN_SETGROUP | LOGIN_SETLOGIN); - - /* Set the process priority */ - if (flags & LOGIN_SETPRIORITY) { - p = login_getcapnum(lc, "priority", LOGIN_DEFPRI, LOGIN_DEFPRI); - - p = (p < PRIO_MIN || p > PRIO_MAX) ? LOGIN_DEFPRI : p; - if (setpriority(PRIO_PROCESS, 0, (int)p) != 0) - syslog(LOG_WARNING, "setpriority '%s' (%s): %m", - pwd->pw_name, lc ? lc->lc_class : LOGIN_DEFCLASS); - } - - /* Setup the user's group permissions */ - if (flags & LOGIN_SETGROUP) { - if (setgid(pwd->pw_gid) != 0) { - syslog(LOG_ERR, "setgid(%ld): %m", (long)pwd->pw_gid); - login_close(llc); - return -1; - } - if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) { - syslog(LOG_ERR, "initgroups(%s,%ld): %m", pwd->pw_name, - pwd->pw_gid); - login_close(llc); - return -1; - } - } - - /* Set the sessions login */ - if ((flags & LOGIN_SETLOGIN) && setlogin(pwd->pw_name) != 0) { - syslog(LOG_ERR, "setlogin(%s): %m", pwd->pw_name); - login_close(llc); - return -1; - } - - mymask = (flags & LOGIN_SETUMASK) ? umask(LOGIN_DEFUMASK) : 0; - mymask = setlogincontext(lc, pwd, mymask, flags); - login_close(llc); - - /* This needs to be done after anything that needs root privs */ - if ((flags & LOGIN_SETUSER) && setuid(uid) != 0) { - syslog(LOG_ERR, "setuid(%ld): %m", uid); - return -1; /* Paranoia again */ - } - - /* - * Now, we repeat some of the above for the user's private entries - */ - if ((lc = login_getuserclass(pwd)) != NULL) { - mymask = setlogincontext(lc, pwd, mymask, flags); - login_close(lc); - } - - /* Finally, set any umask we've found */ - if (flags & LOGIN_SETUMASK) - umask(mymask); - - return 0; -} - diff --git a/lib/libutil/login_ok.3 b/lib/libutil/login_ok.3 deleted file mode 100644 index f90710f..0000000 --- a/lib/libutil/login_ok.3 +++ /dev/null @@ -1,138 +0,0 @@ -.\" Copyright (c) 1995 David Nugent <davidn@blaze.net.au> -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, is permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice immediately at the beginning of the file, without modification, -.\" this list of conditions, and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. This work was done expressly for inclusion into FreeBSD. Other use -.\" is permitted provided this notation is included. -.\" 4. Absolutely no warranty of function or purpose is made by the author -.\" David Nugent. -.\" 5. Modifications may be freely made to this file providing the above -.\" conditions are met. -.\" -.\" $Id$ -.\" -.Dd January 2, 1997 -.Os FreeBSD -.Dt LOGIN_OK 3 -.Sh NAME -.Nm auth_ttyok -.Nm auth_hostok -.Nm auth_timeok -.Nd Functions for checking login class based login restrictions -.Sh SYNOPSIS -.Fd #include <sys/types.h> -.Fd #include <time.h> -.Fd #include <login_cap.h> -.Ft int -.Fn auth_ttyok "login_cap_t *lc" "const char *tty" -.Ft int -.Fn auth_hostok "login_cap_t *lc" "const char *host" "char const *ip" -.Ft int -.Fn auth_timeok "login_cap_t *lc" "time_t t" -.Sh DESCRIPTION -This set of functions checks to see if login is allowed based on login -class capability entries in the login database, -.Xr login.conf 5 . -.Pp -.Fn auth_ttyok -checks to see if the named tty is available to users of a specific -class, and is either in the -.Em ttys.allow -access list, and not in -the -.Em ttys.deny -access list. -An empty -.Em ttys.allow -list (or if no such capability exists for -the give login class) logins via any tty device are allowed unless -the -.Em ttys.deny -list exists and is non-empty, and the device or its -tty group (see -.Xr ttys 5 ) -is not in the list. -Access to ttys may be allowed or restricted specifically by tty device -name, a device name which includes a wildcard (e.g. ttyD* or cuaD*), -or may name a ttygroup, when group=<name> tags have been assigned in -.Pa /etc/ttys . -Matching of ttys and ttygroups is case sensitive. -Passing a -.Dv NULL -or empty string as the -.Ar tty -parameter causes the function to return a non-zero value. -.Pp -.Fn auth_hostok -checks for any host restrictions for remote logins. -The function checks on both a host name and IP address (given in its -text form, typically n.n.n.n) against the -.Em host.allow -and -.Em host.deny -login class capabilities. -As with ttys and their groups, wildcards and character classes may be -used in the host allow and deny capability records. -The -.Xr fnmatch 3 -function is used for matching, and the matching on hostnames is case -insensitive. -Note that this function expects that the hostname is fully expanded -(i.e. the local domain name added if necessary) and the IP address -is in its canonical form. -No hostname or address lookups are attempted. -.Pp -It is possible to call this function with either the hostname or -the IP address missing (i.e. -.Dv NULL ) -and matching will be performed -only on the basis of the parameter given. -Passing -.Dv NULL -or empty strings in both parameters will result in -a non-zero return value. -.Pp -The -.Fn auth_timeok -function checks to see that a given time value is within the -.Em times.allow -login class capability and not within the -.Em times.deny -access lists. -An empty or non-existent -.Em times.allow -list allows access at any -time, except if a given time is falls within a period in the -.Em times.deny -list. -The format of time period records contained in both -.Em times.allow -and -.Em times.deny -capability fields is explained in detail in the -.Xr login_times 3 -manual page. -.Sh RETURN VALUES -A non-zero return value from any of these functions indicates that -login access is granted. -A zero return value means either that the item being tested is not -in the -.Em allow -access list, or is within the -.Em deny -access list. -.Sh SEE ALSO -.Xr getcap 3 , -.Xr login_cap 3 , -.Xr login_class 3 , -.Xr login_times 3 , -.Xr login.conf 5 , -.Xr termcap 5 diff --git a/lib/libutil/login_ok.c b/lib/libutil/login_ok.c deleted file mode 100644 index 1bfcd2f..0000000 --- a/lib/libutil/login_ok.c +++ /dev/null @@ -1,251 +0,0 @@ -/*- - * Copyright (c) 1996 by - * David Nugent <davidn@blaze.net.au> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, is permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice immediately at the beginning of the file, without modification, - * this list of conditions, and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. This work was done expressly for inclusion into FreeBSD. Other use - * is permitted provided this notation is included. - * 4. Absolutely no warranty of function or purpose is made by the authors. - * 5. Modifications may be freely made to this file providing the above - * conditions are met. - * - * Support allow/deny lists in login class capabilities - * - * $Id: login_ok.c,v 1.4 1997/05/10 18:55:38 davidn Exp $ - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <errno.h> -#include <unistd.h> -#include <ttyent.h> -#include <fnmatch.h> - -#include <sys/types.h> -#include <sys/time.h> -#include <sys/resource.h> -#include <sys/param.h> -#include <login_cap.h> - - -/* -- support functions -- */ - -/* - * login_strinlist() - * This function is intentionally public - reused by TAS. - * Returns TRUE (non-zero) if a string matches a pattern - * in a given array of patterns. 'flags' is passed directly - * to fnmatch(3). - */ - -int -login_strinlist(char **list, char const *str, int flags) -{ - int rc = 0; - - if (str != NULL && *str != '\0') { - int i = 0; - - while (rc == 0 && list[i] != NULL) - rc = fnmatch(list[i++], str, flags) == 0; - } - return rc; -} - - -/* - * login_str2inlist() - * Locate either or two strings in a given list - */ - -int -login_str2inlist(char **ttlst, const char *str1, const char *str2, int flags) -{ - int rc = 0; - - if (login_strinlist(ttlst, str1, flags)) - rc = 1; - else if (login_strinlist(ttlst, str2, flags)) - rc = 1; - return rc; -} - - -/* - * login_timelist() - * This function is intentinoally public - reused by TAS. - * Returns an allocated list of time periods given an array - * of time periods in ascii form. - */ - -login_time_t * -login_timelist(login_cap_t *lc, char const *cap, int *ltno, - login_time_t **ltptr) -{ - int j = 0; - struct login_time *lt = NULL; - char **tl; - - if ((tl = login_getcaplist(lc, cap, NULL)) != NULL) { - - while (tl[j++] != NULL) - ; - if (*ltno >= j) - lt = *ltptr; - else if ((lt = realloc(*ltptr, j)) != NULL) { - *ltno = j; - *ltptr = lt; - } - if (lt != NULL) { - int i = 0; - - for (--j; i < j; i++) - lt[i] = parse_lt(tl[i]); - lt[i].lt_dow = LTM_NONE; - } - } - return lt; -} - - -/* - * login_ttyok() - * This function is a variation of auth_ttyok(), but it checks two - * arbitrary capability lists not necessarily related to access. - * This hook is provided for the accounted/exclude accounting lists. - */ - -int -login_ttyok(login_cap_t *lc, const char *tty, const char *allowcap, - const char *denycap) -{ - int rc = 1; - - if (lc != NULL && tty != NULL && *tty != '\0') { - struct ttyent *te; - char *grp; - char **ttl; - - te = getttynam(tty); /* Need group name */ - grp = te ? te->ty_group : NULL; - ttl = login_getcaplist(lc, allowcap, NULL); - - if (ttl != NULL && !login_str2inlist(ttl, tty, grp, 0)) - rc = 0; /* tty or ttygroup not in allow list */ - else { - - ttl = login_getcaplist(lc, denycap, NULL); - if (ttl != NULL && login_str2inlist(ttl, tty, grp, 0)) - rc = 0; /* tty or ttygroup in deny list */ - } - } - - return rc; -} - - -/* - * auth_ttyok() - * Determine whether or not login on a tty is accessible for - * a login class - */ - -int -auth_ttyok(login_cap_t *lc, const char * tty) -{ - return login_ttyok(lc, tty, "ttys.allow", "ttys.deny"); -} - - -/* - * login_hostok() - * This function is a variation of auth_hostok(), but it checks two - * arbitrary capability lists not necessarily related to access. - * This hook is provided for the accounted/exclude accounting lists. - */ - -int -login_hostok(login_cap_t *lc, const char *host, const char *ip, - const char *allowcap, const char *denycap) -{ - int rc = 1; /* Default is ok */ - - if (lc != NULL && - ((host != NULL && *host != '\0') || (ip != NULL && *ip != '\0'))) { - char **hl; - - hl = login_getcaplist(lc, allowcap, NULL); - if (hl != NULL && !login_str2inlist(hl, host, ip, FNM_CASEFOLD)) - rc = 0; /* host or IP not in allow list */ - else { - - hl = login_getcaplist(lc, "host.deny", NULL); - if (hl != NULL && login_str2inlist(hl, host, ip, FNM_CASEFOLD)) - rc = 0; /* host or IP in deny list */ - } - } - - return rc; -} - - -/* - * auth_hostok() - * Determine whether or not login from a host is ok - */ - -int -auth_hostok(login_cap_t *lc, const char *host, const char *ip) -{ - return login_hostok(lc, host, ip, "host.allow", "host.deny"); -} - - -/* - * auth_timeok() - * Determine whether or not login is ok at a given time - */ - -int -auth_timeok(login_cap_t *lc, time_t t) -{ - int rc = 1; /* Default is ok */ - - if (lc != NULL && t != (time_t)0 && t != (time_t)-1) { - struct tm *tptr; - - static int ltimesno = 0; - static struct login_time *ltimes = NULL; - - if ((tptr = localtime(&t)) != NULL) { - struct login_time *lt; - - lt = login_timelist(lc, "times.allow", <imesno, <imes); - if (lt != NULL && in_ltms(lt, tptr, NULL) == -1) - rc = 0; /* not in allowed times list */ - else { - - lt = login_timelist(lc, "times.deny", <imesno, <imes); - if (lt != NULL && in_ltms(lt, tptr, NULL) != -1) - rc = 0; /* in deny times list */ - } - if (ltimes) { - free(ltimes); - ltimes = NULL; - ltimesno = 0; - } - } - } - - return rc; -} diff --git a/lib/libutil/login_times.3 b/lib/libutil/login_times.3 deleted file mode 100644 index e2e7a3f..0000000 --- a/lib/libutil/login_times.3 +++ /dev/null @@ -1,155 +0,0 @@ -.\" Copyright (c) 1995 David Nugent <davidn@blaze.net.au> -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, is permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice immediately at the beginning of the file, without modification, -.\" this list of conditions, and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. This work was done expressly for inclusion into FreeBSD. Other use -.\" is permitted provided this notation is included. -.\" 4. Absolutely no warranty of function or purpose is made by the author -.\" David Nugent. -.\" 5. Modifications may be freely made to this file providing the above -.\" conditions are met. -.\" -.\" $Id$ -.\" -.Dd January 2, 1997 -.Os FreeBSD -.Dt LOGIN_TIMES 3 -.Sh NAME -.Nm parse_lt -.Nm in_ltm -.Nm in_ltms -.Nd Functions for parsing and checking login time periods -.Sh SYNOPSIS -.Fd #include <sys/types.h> -.Fd #include <time.h> -.Fd #include <login_cap.h> -.Ft login_time_t -.Fn parse_lt "const char *str" -.Ft int -.Fn in_ltm "const login_time_t *lt" "struct tm *t" "time_t *ends" -.Ft int -.Fn in_ltms "const login_time_t *lt" "struct tm *t" "time_t *ends" -.Sh DESCRIPTION -This set of functions may be used for parsing and checking login and -session times against a predefined list of allowed login times as -used in -.Xr login.conf 5 . -.Pp -The format of allowed and disallowed session times specified in the -.Ar times.allow -and -.Ar times.deny -capability fields in a login class are comprised of a prefix which -specifies one or more 2- or 3-character day codes, followed by -a start and end time in 24 hour format separated by a hyphen. -Day codes may be concatenated together to select specific days, or -the special mnemonics "Any" and "All" (for any/all days of the week), -"Wk" for any day of the week (excluding Saturdays and Sundays) and -"Wd" for any weekend day may be used. -.Pp -For example, the following time period: -.Dl MoThFrSa1400-2200 -is interpreted as Monday, Thursday through Saturday between the hours -of 2pm and 10pm. -.Dl Wd0600-1800 -means Saturday and Sunday, between the hours of 6am through 6pm, and -.Dl Any0400-1600 -means any day of the week, between 4am and 4pm. -.Pp -Note that all time periods reference system local time. -.Pp -The -.Fn parse_lt -function converts the ascii representation of a time period into -a structure of type -.Ft login_time_t . -This is defined as: -.Bd -literal -typedef struct login_time -{ - u_short lt_start; /* Start time */ - u_short lt_end; /* End time */ - u_char lt_dow; /* Days of week */ -} login_time_t; -.Ed -.Pp -The -.Ar lt_start -and -.Ar lt_end -fields contain the number of minutes past midnight at which the -described period begins and ends. -The -.Ar lt_dow -field is a bit field, containing one bit for each day of the week -and one bit unused. -A series -.Em LTM_* -macros may be used for testing bits individually and in combination. -If no bits are set in this field - ie. it contains the value -.Em LTM_NONE - -then the entire period is assumed invalid. -This is used as a convention to mark the termination of an array -of login_time_t values. -If -.Fn parse_lt -returns a -.Ar login_time_t -with -.Ar lt_dow -equal to -.Em LTM_NONE -then a parsing error was encountered. -.Pp -The remaining functions provide the ability to test a given time_t or -struct tm value against a specific time period or array of time -periods. -.Fn in_ltm -determines whether the given time described by the struct tm -passed as the second parameter falls within the period described -by the first parameter. -A boolean value is returned, indicating whether or not the time -specified falls within the period. -If the time does fall within the time period, and the third -parameter to the function is not NULL, the time at which the -period ends relative to the time passed is returned. -.Pp -The -.Fn in_ltms -function is similar to -.Fn in_ltm -except that the first parameter must be a pointer to an array -of login_time_t objects, which is up to LC_MAXTIMES (64) -elements in length, and terminated by an element with its -.Ar lt_dow -field set to -.Em LTM_NONE. -.Sh RETURN VALUES -.Fn parse_lt -returns a filled in structure of type login_time_t containing the -parsed time period. -If a parsing error occurs, the lt_dow field is set to -.Em LTM_NONE -(i.e. 0). -.Pp -.Fn in_ltm -returns non-zero if the given time falls within the period described -by the login_time_t passed as the first parameter. -.Pp -.Fn in_ltms -returns the index of the first time period found in which the given -time falls, or -1 if none of them apply. -.Sh SEE ALSO -.Xr getcap 3 , -.Xr login_cap 3 , -.Xr login_class 3 , -.Xr login.conf 5 , -.Xr termcap 5 diff --git a/lib/libutil/login_times.c b/lib/libutil/login_times.c deleted file mode 100644 index 598592b..0000000 --- a/lib/libutil/login_times.c +++ /dev/null @@ -1,162 +0,0 @@ -/*- - * Copyright (c) 1996 by - * David Nugent <davidn@blaze.net.au> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, is permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice immediately at the beginning of the file, without modification, - * this list of conditions, and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. This work was done expressly for inclusion into FreeBSD. Other use - * is permitted provided this notation is included. - * 4. Absolutely no warranty of function or purpose is made by the authors. - * 5. Modifications may be freely made to this file providing the above - * conditions are met. - * - * Login period parsing and comparison functions. - * - * $Id: login_times.c,v 1.4 1997/02/22 15:08:27 peter Exp $ - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <time.h> -#include <ctype.h> - -#include <sys/types.h> -#include <login_cap.h> - -static struct -{ - const char *dw; - u_char cn; - u_char fl; -} dws[] = -{ - { "su", 2, LTM_SUN }, { "mo", 2, LTM_MON }, { "tu", 2, LTM_TUE }, - { "we", 2, LTM_WED }, { "th", 2, LTM_THU }, { "fr", 2, LTM_FRI }, - { "sa", 2, LTM_SAT }, { "any",3, LTM_ANY }, { "all",3, LTM_ANY }, - { "wk", 2, LTM_WK }, { "wd", 2, LTM_WD }, { NULL, 0, 0 } -}; - -static char * -parse_time(char * ptr, u_short * t) -{ - u_short val; - - for (val = 0; *ptr && isdigit(*ptr); ptr++) - val = (u_short)(val * 10 + (*ptr - '0')); - - *t = (u_short)((val / 100) * 60 + (val % 100)); - - return ptr; -} - - -login_time_t -parse_lt(const char * str) -{ - login_time_t t; - - memset(&t, 0, sizeof t); - t.lt_dow = LTM_NONE; - if (str && *str && strcmp(str, "Never") != 0 && strcmp(str, "None") != 0) { - int i; - login_time_t m = t; - char *p; - char buf[64]; - - /* Make local copy and force lowercase to simplify parsing */ - p = strncpy(buf, str, sizeof buf); - buf[sizeof buf - 1] = '\0'; - for (i = 0; buf[i]; i++) - buf[i] = (char)tolower(buf[i]); - - while (isalpha(*p)) { - - i = 0; - while (dws[i].dw && strncmp(p, dws[i].dw, dws[i].cn) != 0) - i++; - if (dws[i].dw == NULL) - break; - m.lt_dow |= dws[i].fl; - p += dws[i].cn; - } - - if (m.lt_dow == LTM_NONE) /* No (valid) prefix, assume any */ - m.lt_dow |= LTM_ANY; - - if (isdigit(*p)) - p = parse_time(p, &m.lt_start); - else - m.lt_start = 0; - if (*p == '-') - p = parse_time(++p, &m.lt_end); - else - m.lt_end = 1440; - - t = m; - } - return t; -} - - -int -in_ltm(const login_time_t * ltm, struct tm * tt, time_t * ends) -{ - int rc = 0; - - if (tt != NULL) { - /* First, examine the day of the week */ - if ((u_char)(0x01 << tt->tm_wday) & ltm->lt_dow) { - /* Convert `current' time to minute of the day */ - u_short now = (u_short)((tt->tm_hour * 60) + tt->tm_min); - - if (tt->tm_sec > 30) - ++now; - if (now >= ltm->lt_start && now < ltm->lt_end) { - rc = 2; - if (ends != NULL) { - /* If requested, return ending time for this period */ - tt->tm_hour = (int)(ltm->lt_end / 60); - tt->tm_min = (int)(ltm->lt_end % 60); - *ends = mktime(tt); - } - } - } - } - return rc; -} - - -int -in_lt(const login_time_t * ltm, time_t * t) -{ - return in_ltm(ltm, localtime(t), t); -} - -int -in_ltms(const login_time_t * ltm, struct tm * tm, time_t * t) -{ - int i = 0; - - while (i < LC_MAXTIMES && ltm[i].lt_dow != LTM_NONE) { - if (in_ltm(ltm + i, tm, t)) - return i; - i++; - } - return -1; -} - -int -in_lts(const login_time_t * ltm, time_t * t) -{ - return in_ltms(ltm, localtime(t), t); -} - diff --git a/lib/libutil/login_tty.3 b/lib/libutil/login_tty.3 deleted file mode 100644 index 8a4c8fe..0000000 --- a/lib/libutil/login_tty.3 +++ /dev/null @@ -1,66 +0,0 @@ -.\" -.\" Copyright (c) 1996 Joerg Wunsch -.\" -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $Id$ -.\" " -.Dd December 29, 1996 -.Os -.Dt LOGIN_TTY 3 -.Sh NAME -.Nm login_tty -.Nd prepare a tty for a new login session -.Sh SYNOPSIS -.Fd #include <libutil.h> -.Ft int -.Fn login_tty "int fd" -.Pp -Link with -.Va -lutil -on the -.Xr cc 1 -command line. -.Sh DESCRIPTION -The function -.Fn login_tty -prepares a terminal for a new login session. The file descriptor -.Ar fd -passed to -.Fn login_tty -must be opened for reading and writing on a terminal device. It will be -made the controlling terminal for the calling process, after allocating -a new session with -.Xr setsid 2 . -This terminal device will also be made the standard input, standard output, -and standard error output of the calling process. -.Sh RETURN VALUES -.Fn Login_tty -returns -1 if it could not make the device referenced by -.Ar fd -the controlling terminal of the calling process, and 0 otherwise. -.Sh SEE ALSO -.Xr dup2 2 , -.Xr ioctl 2 , -.Xr setsid 2 , -.Xr tty 4 diff --git a/lib/libutil/login_tty.c b/lib/libutil/login_tty.c deleted file mode 100644 index 06072f0..0000000 --- a/lib/libutil/login_tty.c +++ /dev/null @@ -1,63 +0,0 @@ -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)login_tty.c 8.1 (Berkeley) 6/4/93"; -#else -static const char rcsid[] = - "$Id$"; -#endif -#endif /* LIBC_SCCS and not lint */ - -#include <sys/param.h> -#include <sys/ioctl.h> - -#include <unistd.h> -#include <stdlib.h> -#include <libutil.h> - -int -login_tty(fd) - int fd; -{ - (void) setsid(); - if (ioctl(fd, TIOCSCTTY, (char *)NULL) == -1) - return (-1); - (void) dup2(fd, 0); - (void) dup2(fd, 1); - (void) dup2(fd, 2); - if (fd > 2) - (void) close(fd); - return (0); -} diff --git a/lib/libutil/logout.3 b/lib/libutil/logout.3 deleted file mode 100644 index 7127e8a..0000000 --- a/lib/libutil/logout.3 +++ /dev/null @@ -1,71 +0,0 @@ -.\" -.\" Copyright (c) 1996 Joerg Wunsch -.\" -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $Id: logout.3,v 1.4 1997/02/22 15:08:28 peter Exp $ -.\" " -.Dd December 29, 1996 -.Os -.Dt LOGOUT 3 -.Sh NAME -.Nm logout -.Nd remove an entry from the utmp file -.Sh SYNOPSIS -.Fd #include <sys/types.h> -.Fd #include <libutil.h> -.Ft int -.Fn logout "char *line" -.Pp -Link with -.Va -lutil -on the -.Xr cc 1 -command line. -.Sh DESCRIPTION -The function -.Fn logout -searches the -.Xr utmp 5 -file for the slot described by -.Ar line -(usually a tty name). If such a slot could be found, it will be updated -with a record where the -.Em name -and -.Em host -fields are empty, and the time stamp field is updated to the current time. -.Sh RETURN VALUES -.Fn Logout -returns 1 if the slot described by -.Ar line -has been found and updated, 0 otherwise. -.Sh SEE ALSO -.Xr login 3 , -.Xr utmp 5 , -.Xr wtmp 5 -.Sh BUGS -The calling interface of -.Fn logout -is inconsistent with that of -.Xr login 3 . diff --git a/lib/libutil/logout.c b/lib/libutil/logout.c deleted file mode 100644 index 0d3bf05..0000000 --- a/lib/libutil/logout.c +++ /dev/null @@ -1,78 +0,0 @@ -/*- - * Copyright (c) 1988, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)logout.c 8.1 (Berkeley) 6/4/93"; -#else -static const char rcsid[] = - "$Id$"; -#endif -#endif /* LIBC_SCCS and not lint */ - -#include <sys/types.h> -#include <sys/time.h> - -#include <fcntl.h> -#include <utmp.h> -#include <unistd.h> -#include <stdlib.h> -#include <string.h> -#include <libutil.h> - -typedef struct utmp UTMP; - -int -logout(line) - register char *line; -{ - register int fd; - UTMP ut; - int rval; - - if ((fd = open(_PATH_UTMP, O_RDWR, 0)) < 0) - return(0); - rval = 0; - while (read(fd, &ut, sizeof(UTMP)) == sizeof(UTMP)) { - if (!ut.ut_name[0] || strncmp(ut.ut_line, line, UT_LINESIZE)) - continue; - bzero(ut.ut_name, UT_NAMESIZE); - bzero(ut.ut_host, UT_HOSTSIZE); - (void)time(&ut.ut_time); - (void)lseek(fd, -(off_t)sizeof(UTMP), L_INCR); - (void)write(fd, &ut, sizeof(UTMP)); - rval = 1; - } - (void)close(fd); - return(rval); -} diff --git a/lib/libutil/logwtmp.3 b/lib/libutil/logwtmp.3 deleted file mode 100644 index 765fdde..0000000 --- a/lib/libutil/logwtmp.3 +++ /dev/null @@ -1,73 +0,0 @@ -.\" -.\" Copyright (c) 1996 Joerg Wunsch -.\" -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $Id: logwtmp.3,v 1.4 1997/02/22 15:08:30 peter Exp $ -.\" " -.Dd December 29, 1996 -.Os -.Dt LOGWTMP 3 -.Sh NAME -.Nm logwtmp -.Nd append a new record to the wtmp file -.Sh SYNOPSIS -.Fd #include <sys/types.h> -.Fd #include <libutil.h> -.Ft void -.Fn logwtmp "char *line" "char *name" "char *host" -.Pp -Link with -.Va -lutil -on the -.Xr cc 1 -command line. -.Sh DESCRIPTION -The function -.Fn logwtmp -tries to append a new record to the -.Xr wtmp 5 -file, using the provided arguments -.Ar line , -.Ar name , -and -.Ar host , -and the current time. -.Pp -If the length of the hostname string -.Ar host -is longer than what would fit into the hostname field of the -.Xr wtmp 5 -file, it will first be attempted to convert it into a numerical IP -address using -.Xr gethostbyname 3 . -Failing this, the hostname will be recorded as -.Qq invalid hostname . -.Pp -The calling process must have permission to write to both files. -.Sh RETURN VALUES -None. -.Sh SEE ALSO -.Xr gethostbyname 3 , -.Xr login 3 , -.Xr wtmp 5 diff --git a/lib/libutil/logwtmp.c b/lib/libutil/logwtmp.c deleted file mode 100644 index de3c5d6..0000000 --- a/lib/libutil/logwtmp.c +++ /dev/null @@ -1,90 +0,0 @@ -/*- - * Copyright (c) 1988, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)logwtmp.c 8.1 (Berkeley) 6/4/93"; -#else -static const char rcsid[] = - "$Id: logwtmp.c,v 1.4 1997/08/13 20:42:18 steve Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - -#include <sys/types.h> -#include <sys/file.h> -#include <sys/stat.h> -#include <netinet/in.h> -#include <arpa/inet.h> - -#include <libutil.h> -#include <netdb.h> -#include <string.h> -#include <time.h> -#include <unistd.h> -#include <utmp.h> - -void -logwtmp(line, name, host) - const char *line; - const char *name; - const char *host; -{ - struct utmp ut; - struct stat buf; - int fd; - - if (strlen(host) > UT_HOSTSIZE) { - struct hostent *hp = gethostbyname(host); - - if (hp != NULL) { - struct in_addr in; - - memmove(&in, hp->h_addr, sizeof(in)); - host = inet_ntoa(in); - } else - host = "invalid hostname"; - } - - if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) < 0) - return; - if (fstat(fd, &buf) == 0) { - (void) strncpy(ut.ut_line, line, sizeof(ut.ut_line)); - (void) strncpy(ut.ut_name, name, sizeof(ut.ut_name)); - (void) strncpy(ut.ut_host, host, sizeof(ut.ut_host)); - (void) time(&ut.ut_time); - if (write(fd, (char *)&ut, sizeof(struct utmp)) != - sizeof(struct utmp)) - (void) ftruncate(fd, buf.st_size); - } - (void) close(fd); -} diff --git a/lib/libutil/pty.3 b/lib/libutil/pty.3 deleted file mode 100644 index 74c8f97..0000000 --- a/lib/libutil/pty.3 +++ /dev/null @@ -1,144 +0,0 @@ -.\" -.\" Copyright (c) 1996 Joerg Wunsch -.\" -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $Id$ -.\" " -.Dd December 29, 1996 -.Os -.Dt PTY 3 -.Sh NAME -.Nm openpty , -.Nm forkpty -.Nd auxiliary functions to obtain a pseudo-terminal -.Sh SYNOPSIS -.Fd #include <sys/types.h> -.Fd #include <sys/ioctl.h> -.Fd #include <termios.h> -.Fd #include <libutil.h> -.Ft int -.Fn openpty "int *amaster" "int *aslave" "char *name" "struct termios *termp" "struct winsize *winp" -.Ft int -.Fn forkpty "int *amaster" "char *name" "struct termios *termp" "struct winsize *winp" -.Pp -Link with -.Va -lutil -on the -.Xr cc 1 -command line. -.Sh DESCRIPTION -The function -.Fn openpty -attempts to obtain the next available pseudo-terminal from the system (see -.Xr pty 4 ) . -If it successfully finds one, it subsequently tries to change the -ownership of the slave device to the real UID of the current process, -the group membership to the group -.Dq tty -(if such a group exists in the system), the access permissions for -reading and writing by the owner, and for writing by the group, and to -invalidate any current use of the line by calling -.Xr revoke 2 . -.Pp -If the argument -.Fa name -is not -.Dv NULL , -.Fn openpty -copies the pathname of the slave pty to this area. The caller is -responsible for allocating the required space in this array. -.Pp -If the arguments -.Fa termp -or -.Fa winp -are not -.Dv NULL , -.Fn openpty -initializes the termios and window size settings from the structures -these arguments point to, respectively. -.Pp -Upon return, the open file descriptors for the master and slave side -of the pty are returned in the locations pointed to by -.Fa amaster -and -.Fa aslave , -respectively. -.Pp -.Fn Forkpty -first calls -.Fn openpty -to obtain the next available pseudo-terminal from the system. Upon success, -it forks off a new process. In the child process, it closes the descriptor -for the master side of the pty, and calls -.Xr login_tty 3 -for the slave pty. In the parent process, it closes the descriptor for the -slave side of the pty. The arguments -.Fa amaster , -.Fa name , -.Fa termp , -and -.Fa winp -have the same meaning as described for -.Fn openpty . -.Sh RETURN VALUES -.Fn Openpty -returns 0 on success, or -1 on failure. -.Pp -.Fn Forkpty -returns -1 on failure, 0 in the slave process, and the process ID of the -slave process in the parent process. -.Sh ERRORS -On failure, -.Fn openpty -will set the global variable -.Dv errno -to -.Er ENOENT . -.Pp -In addition to this, -.Fn forkpty -may set it to any value as described for -.Xr fork 2 . -.Sh SEE ALSO -.Xr chmod 2 , -.Xr chown 2 , -.Xr fork 2 , -.Xr getuid 2 , -.Xr open 2 , -.Xr revoke 2 , -.Xr login_tty 3 , -.Xr termios 3 , -.Xr pty 4 , -.Xr group 5 -.Sh BUGS -The calling process must have an effective UID of super-user in order -to perform all the intended actions. No notification will occur if -.Fn openpty -or -.Fn forkpty -failed to proceed with one of the described steps, as long as they could -at least allocate the pty at all (and create the new process in the case -of -.Fn forkpty ) . diff --git a/lib/libutil/pty.c b/lib/libutil/pty.c deleted file mode 100644 index 57e684c..0000000 --- a/lib/libutil/pty.c +++ /dev/null @@ -1,136 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)pty.c 8.3 (Berkeley) 5/16/94"; -#else -static const char rcsid[] = - "$Id$"; -#endif -#endif /* LIBC_SCCS and not lint */ - -#include <sys/types.h> -#include <sys/ioctl.h> -#include <sys/stat.h> - -#include <errno.h> -#include <fcntl.h> -#include <grp.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <termios.h> -#include <unistd.h> -#include <libutil.h> - -int -openpty(amaster, aslave, name, termp, winp) - int *amaster, *aslave; - char *name; - struct termios *termp; - struct winsize *winp; -{ - static char line[] = "/dev/ptyXX"; - register const char *cp1, *cp2; - register int master, slave, ttygid; - struct group *gr; - - if ((gr = getgrnam("tty")) != NULL) - ttygid = gr->gr_gid; - else - ttygid = -1; - - for (cp1 = "pqrsPQRS"; *cp1; cp1++) { - line[8] = *cp1; - for (cp2 = "0123456789abcdefghijklmnopqrstuv"; *cp2; cp2++) { - line[5] = 'p'; - line[9] = *cp2; - if ((master = open(line, O_RDWR, 0)) == -1) { - if (errno == ENOENT) - return (-1); /* out of ptys */ - } else { - line[5] = 't'; - (void) chown(line, getuid(), ttygid); - (void) chmod(line, S_IRUSR|S_IWUSR|S_IWGRP); - (void) revoke(line); - if ((slave = open(line, O_RDWR, 0)) != -1) { - *amaster = master; - *aslave = slave; - if (name) - strcpy(name, line); - if (termp) - (void) tcsetattr(slave, - TCSAFLUSH, termp); - if (winp) - (void) ioctl(slave, TIOCSWINSZ, - (char *)winp); - return (0); - } - (void) close(master); - } - } - } - errno = ENOENT; /* out of ptys */ - return (-1); -} - -int -forkpty(amaster, name, termp, winp) - int *amaster; - char *name; - struct termios *termp; - struct winsize *winp; -{ - int master, slave, pid; - - if (openpty(&master, &slave, name, termp, winp) == -1) - return (-1); - switch (pid = fork()) { - case -1: - return (-1); - case 0: - /* - * child - */ - (void) close(master); - login_tty(slave); - return (0); - } - /* - * parent - */ - *amaster = master; - (void) close(slave); - return (pid); -} diff --git a/lib/libutil/pw_util.c b/lib/libutil/pw_util.c deleted file mode 100644 index b6f6719..0000000 --- a/lib/libutil/pw_util.c +++ /dev/null @@ -1,237 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef lint -#if 0 -static const char sccsid[] = "@(#)pw_util.c 8.3 (Berkeley) 4/2/94"; -#endif -static const char rcsid[] = - "$Id$"; -#endif /* not lint */ - -/* - * This file is used by all the "password" programs; vipw(8), chpass(1), - * and passwd(1). - */ - -#include <sys/param.h> -#include <sys/time.h> -#include <sys/resource.h> -#include <sys/stat.h> -#include <sys/wait.h> - -#include <err.h> -#include <fcntl.h> -#include <paths.h> -#include <pwd.h> -#include <signal.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -#include "pw_util.h" - -extern char *tempname; -static pid_t editpid = -1; -static int lockfd; - -void -pw_cont(sig) - int sig; -{ - - if (editpid != -1) - kill(editpid, sig); -} - -void -pw_init() -{ - struct rlimit rlim; - - /* Unlimited resource limits. */ - rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY; - (void)setrlimit(RLIMIT_CPU, &rlim); - (void)setrlimit(RLIMIT_FSIZE, &rlim); - (void)setrlimit(RLIMIT_STACK, &rlim); - (void)setrlimit(RLIMIT_DATA, &rlim); - (void)setrlimit(RLIMIT_RSS, &rlim); - - /* Don't drop core (not really necessary, but GP's). */ - rlim.rlim_cur = rlim.rlim_max = 0; - (void)setrlimit(RLIMIT_CORE, &rlim); - - /* Turn off signals. */ - (void)signal(SIGALRM, SIG_IGN); - (void)signal(SIGHUP, SIG_IGN); - (void)signal(SIGINT, SIG_IGN); - (void)signal(SIGPIPE, SIG_IGN); - (void)signal(SIGQUIT, SIG_IGN); - (void)signal(SIGTERM, SIG_IGN); - (void)signal(SIGCONT, pw_cont); - - /* Create with exact permissions. */ - (void)umask(0); -} - -int -pw_lock() -{ - /* - * If the master password file doesn't exist, the system is hosed. - * Might as well try to build one. Set the close-on-exec bit so - * that users can't get at the encrypted passwords while editing. - * Open should allow flock'ing the file; see 4.4BSD. XXX - */ - lockfd = open(_PATH_MASTERPASSWD, O_RDONLY, 0); - if (lockfd < 0 || fcntl(lockfd, F_SETFD, 1) == -1) - err(1, "%s", _PATH_MASTERPASSWD); - if (flock(lockfd, LOCK_EX|LOCK_NB)) - errx(1, "the password db file is busy"); - return (lockfd); -} - -int -pw_tmp() -{ - static char path[MAXPATHLEN] = _PATH_MASTERPASSWD; - int fd; - char *p; - - if ((p = strrchr(path, '/'))) - ++p; - else - p = path; - strcpy(p, "pw.XXXXXX"); - if ((fd = mkstemp(path)) == -1) - err(1, "%s", path); - tempname = path; - return (fd); -} - -int -pw_mkdb(username) -char *username; -{ - int pstat; - pid_t pid; - - (void)fflush(stderr); - if (!(pid = vfork())) { - if(!username) { - warnx("rebuilding the database..."); - execl(_PATH_PWD_MKDB, "pwd_mkdb", "-p", tempname, NULL); - } else { - warnx("updating the database..."); - execl(_PATH_PWD_MKDB, "pwd_mkdb", "-p", "-u", - username, tempname, NULL); - } - pw_error(_PATH_PWD_MKDB, 1, 1); - } - pid = waitpid(pid, &pstat, 0); - if (pid == -1 || !WIFEXITED(pstat) || WEXITSTATUS(pstat) != 0) - return (0); - warnx("done"); - return (1); -} - -void -pw_edit(notsetuid) - int notsetuid; -{ - int pstat; - char *p, *editor; - - if (!(editor = getenv("EDITOR"))) - editor = _PATH_VI; - if ((p = strrchr(editor, '/'))) - ++p; - else - p = editor; - - if (!(editpid = vfork())) { - if (notsetuid) { - (void)setgid(getgid()); - (void)setuid(getuid()); - } - execlp(editor, p, tempname, NULL); - _exit(1); - } - for (;;) { - editpid = waitpid(editpid, (int *)&pstat, WUNTRACED); - if (editpid == -1) - pw_error(editor, 1, 1); - else if (WIFSTOPPED(pstat)) - raise(WSTOPSIG(pstat)); - else if (WIFEXITED(pstat) && WEXITSTATUS(pstat) == 0) - break; - else - pw_error(editor, 1, 1); - } - editpid = -1; -} - -void -pw_prompt() -{ - int c, first; - - (void)printf("re-edit the password file? [y]: "); - (void)fflush(stdout); - first = c = getchar(); - while (c != '\n' && c != EOF) - c = getchar(); - if (first == 'n') - pw_error(NULL, 0, 0); -} - -void -pw_error(name, err, eval) - char *name; - int err, eval; -{ -#ifdef YP - extern int _use_yp; -#endif /* YP */ - if (err) - warn(name); -#ifdef YP - if (_use_yp) - warnx("NIS information unchanged"); - else -#endif /* YP */ - warnx("%s: unchanged", _PATH_MASTERPASSWD); - (void)unlink(tempname); - exit(eval); -} diff --git a/lib/libutil/setproctitle.3 b/lib/libutil/setproctitle.3 deleted file mode 100644 index c3f2031..0000000 --- a/lib/libutil/setproctitle.3 +++ /dev/null @@ -1,113 +0,0 @@ -.\" Copyright (c) 1995 Peter Wemm <peter@freebsd.org> -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, is permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice immediately at the beginning of the file, without modification, -.\" this list of conditions, and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. This work was done expressly for inclusion into FreeBSD. Other use -.\" is permitted provided this notation is included. -.\" 4. Absolutely no warranty of function or purpose is made by the author -.\" Peter Wemm. -.\" 5. Modifications may be freely made to this file providing the above -.\" conditions are met. -.\" -.\" $Id: setproctitle.3,v 1.8 1997/04/17 23:31:47 danny Exp $ -.\" -.\" The following requests are required for all man pages. -.Dd December 16, 1995 -.Os FreeBSD -.Dt SETPROCTITLE 3 -.Sh NAME -.Nm setproctitle -.Nd set the process title for -.Xr ps 1 -.Sh SYNOPSIS -.Fd #include <sys/types.h> -.Fd #include <libutil.h> -.Ft void -.Fn setproctitle "const char *fmt" "..." -.Pp -Link with -.Va -lutil -on the -.Xr cc 1 -command line. -.Sh DESCRIPTION -The -.Fn setproctitle -library routine sets the process title that appears on the -.Xr ps 1 -command. -.Pp -The title is set from the executable's name, followed by the -result of a -.Xr printf 3 -style expansion of the arguments as specified by the -.Va fmt -argument. -.Pp -If -.Va fmt -is NULL, the process title is reset to simply the name of the executable. -.\" The following requests should be uncommented and used where appropriate. -.\" This next request is for sections 2 and 3 function return values only. -.\" .Sh RETURN VALUES -.\" This next request is for sections 1, 6, 7 & 8 only -.\" .Sh ENVIRONMENT -.\" .Sh FILES -.Sh EXAMPLES -To set the title on a daemon to indicate its activity: -.Bd -literal -offset indent -setproctitle("talking to %s", inet_ntoa(addr)); -.Ed -.\" This next request is for sections 1, 6, 7 & 8 only -.\" (command return values (to shell) and fprintf/stderr type diagnostics) -.\" .Sh DIAGNOSTICS -.\" The next request is for sections 2 and 3 error and signal handling only. -.\" .Sh ERRORS -.Sh SEE ALSO -.Xr ps 1 , -.Xr w 1 , -.Xr kvm 3 , -.Xr kvm_getargv 3 , -.Xr printf 3 -.Sh STANDARDS -.Fn setproctitle -is implicitly non-standard. Other methods of causing the -.Xr ps 1 -command line to change, including copying over the argv[0] string are -also implicitly non-portable. It is preferable to use an operating system -supplied -.Fn setproctitle -if present. -.Pp -Unfortunately, it is possible that there are other calling conventions -to other versions of -.Fn setproctitle , -although none have been found by the author as yet. This is believed to be -the predominant convention. -.Pp -It is thought that the implementation is compatible with other systems, -including -.Tn NetBSD -and -.Tn BSD/OS . -.Sh HISTORY -.Fn setproctitle -first appeared in -.Fx 2.2 . -Other operating systems have -similar functions. -.Sh AUTHORS -.Sy "Peter Wemm <peter@FreeBSD.org>" -stole the idea from the -.Sy "Sendmail 8.7.3" -source code by -.Sy "Eric Allman <eric@sendmail.org>" . -.\" .Sh BUGS diff --git a/lib/libutil/setproctitle.c b/lib/libutil/setproctitle.c deleted file mode 100644 index ba21d1c..0000000 --- a/lib/libutil/setproctitle.c +++ /dev/null @@ -1,125 +0,0 @@ -/* - * Copyright (c) 1995 Peter Wemm <peter@freebsd.org> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, is permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice immediately at the beginning of the file, without modification, - * this list of conditions, and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Absolutely no warranty of function or purpose is made by the author - * Peter Wemm. - * - * $Id$ - */ - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/exec.h> -#include <sys/sysctl.h> - -#include <vm/vm.h> -#include <vm/vm_param.h> -#include <vm/pmap.h> - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> - -/* - * Older FreeBSD 2.0, 2.1 and 2.2 had different ps_strings structures and - * in different locations. - * 1: old_ps_strings at the very top of the stack. - * 2: old_ps_strings at SPARE_USRSPACE below the top of the stack. - * 3: ps_strings at the very top of the stack. - * This attempts to support a kernel built in the #2 and #3 era. - */ - -struct old_ps_strings { - char *old_ps_argvstr; - int old_ps_nargvstr; - char *old_ps_envstr; - int old_ps_nenvstr; -}; -#define OLD_PS_STRINGS ((struct old_ps_strings *) \ - (USRSTACK - SPARE_USRSPACE - sizeof(struct old_ps_strings))) - -#if defined(__STDC__) /* from other parts of sendmail */ -#include <stdarg.h> -#else -#include <varargs.h> -#endif - - -#define SPT_BUFSIZE 2048 /* from other parts of sendmail */ -extern char * __progname; /* is this defined in a .h anywhere? */ - -void -#if defined(__STDC__) -setproctitle(const char *fmt, ...) -#else -setproctitle(fmt, va_alist) - const char *fmt; - va_dcl -#endif -{ - static char buf[SPT_BUFSIZE]; - static char *ps_argv[2]; - va_list ap; - int mib[2]; - struct ps_strings *ps_strings; - size_t len; - -#if defined(__STDC__) - va_start(ap, fmt); -#else - va_start(ap); -#endif - - buf[sizeof(buf) - 1] = '\0'; - if (fmt) { - - /* print program name heading for grep */ - (void) snprintf(buf, sizeof(buf) - 1, "%s: ", __progname); - - /* - * can't use return from sprintf, as that is the count of how - * much it wanted to write, not how much it actually did. - */ - - len = strlen(buf); - - /* print the argument string */ - (void) vsnprintf(buf + len, sizeof(buf) - 1 - len, fmt, ap); - } else { - /* Idea from NetBSD - reset the title on fmt == NULL */ - strncpy(buf, __progname, sizeof(buf) - 1); - } - - va_end(ap); - - ps_strings = NULL; - mib[0] = CTL_KERN; - mib[1] = KERN_PS_STRINGS; - len = sizeof(ps_strings); - if (sysctl(mib, 2, &ps_strings, &len, NULL, 0) < 0 || - ps_strings == NULL) - ps_strings = PS_STRINGS; - - /* PS_STRINGS points to zeroed memory on a style #2 kernel */ - if (ps_strings->ps_argvstr) { - /* style #3 */ - ps_argv[0] = buf; - ps_argv[1] = NULL; - ps_strings->ps_nargvstr = 1; - ps_strings->ps_argvstr = ps_argv; - } else { - /* style #2 */ - OLD_PS_STRINGS->old_ps_nargvstr = 1; - OLD_PS_STRINGS->old_ps_argvstr = buf; - } -} diff --git a/lib/libutil/stat_flags.c b/lib/libutil/stat_flags.c deleted file mode 100644 index 1f22f5a..0000000 --- a/lib/libutil/stat_flags.c +++ /dev/null @@ -1,174 +0,0 @@ -/*- - * Copyright (c) 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef lint -#if 0 -static char sccsid[] = "@(#)stat_flags.c 8.1 (Berkeley) 5/31/93"; -#else -static const char rcsid[] = - "$Id: stat_flags.c,v 1.8 1997/08/07 22:28:25 steve Exp $"; -#endif -#endif /* not lint */ - -#include <sys/types.h> -#include <sys/stat.h> - -#include <stddef.h> -#include <string.h> - -#define SAPPEND(s) { \ - if (prefix != NULL) \ - (void)strcat(string, prefix); \ - (void)strcat(string, s); \ - prefix = ","; \ -} - -/* - * flags_to_string -- - * Convert stat flags to a comma-separated string. If no flags - * are set, return the default string. - */ -char * -flags_to_string(flags, def) - u_long flags; - char *def; -{ - static char string[128]; - char *prefix; - - string[0] = '\0'; - prefix = NULL; - if (flags & UF_APPEND) - SAPPEND("uappnd"); - if (flags & UF_IMMUTABLE) - SAPPEND("uchg"); -#ifdef UF_NOUNLINK - if (flags & UF_NOUNLINK) - SAPPEND("uunlnk"); -#endif - if (flags & UF_NODUMP) - SAPPEND("nodump"); - if (flags & UF_OPAQUE) - SAPPEND("opaque"); - if (flags & SF_APPEND) - SAPPEND("sappnd"); - if (flags & SF_ARCHIVED) - SAPPEND("arch"); - if (flags & SF_IMMUTABLE) - SAPPEND("schg"); -#ifdef SF_NOUNLINK - if (flags & SF_NOUNLINK) - SAPPEND("sunlnk"); -#endif - return (prefix == NULL && def != NULL ? def : string); -} - -#define TEST(a, b, f) { \ - if (!memcmp(a, b, sizeof(b))) { \ - if (clear) { \ - if (clrp) \ - *clrp |= (f); \ - } else if (setp) \ - *setp |= (f); \ - break; \ - } \ -} - -/* - * string_to_flags -- - * Take string of arguments and return stat flags. Return 0 on - * success, 1 on failure. On failure, stringp is set to point - * to the offending token. - */ -int -string_to_flags(stringp, setp, clrp) - char **stringp; - u_long *setp, *clrp; -{ - int clear; - char *string, *p; - - clear = 0; - if (setp) - *setp = 0; - if (clrp) - *clrp = 0; - string = *stringp; - while ((p = strsep(&string, "\t ,")) != NULL) { - *stringp = p; - if (*p == '\0') - continue; - if (p[0] == 'n' && p[1] == 'o') { - clear = 1; - p += 2; - } - switch (p[0]) { - case 'a': - TEST(p, "arch", SF_ARCHIVED); - TEST(p, "archived", SF_ARCHIVED); - return (1); - case 'd': - clear = !clear; - TEST(p, "dump", UF_NODUMP); - return (1); - case 'o': - TEST(p, "opaque", UF_OPAQUE); - return (1); - case 's': - TEST(p, "sappnd", SF_APPEND); - TEST(p, "sappend", SF_APPEND); - TEST(p, "schg", SF_IMMUTABLE); - TEST(p, "schange", SF_IMMUTABLE); - TEST(p, "simmutable", SF_IMMUTABLE); -#ifdef SF_NOUNLINK - TEST(p, "sunlnk", SF_NOUNLINK); - TEST(p, "sunlink", SF_NOUNLINK); -#endif - return (1); - case 'u': - TEST(p, "uappnd", UF_APPEND); - TEST(p, "uappend", UF_APPEND); - TEST(p, "uchg", UF_IMMUTABLE); - TEST(p, "uchange", UF_IMMUTABLE); - TEST(p, "uimmutable", UF_IMMUTABLE); -#ifdef UF_NOUNLINK - TEST(p, "uunlnk", UF_NOUNLINK); - TEST(p, "uunlink", UF_NOUNLINK); -#endif - /* FALLTHROUGH */ - default: - return (1); - } - } - return (0); -} diff --git a/lib/libutil/uucplock.3 b/lib/libutil/uucplock.3 deleted file mode 100644 index c920e4a..0000000 --- a/lib/libutil/uucplock.3 +++ /dev/null @@ -1,162 +0,0 @@ -.\" -.\" Copyright (c) 1996 Brian Somers <brian@awfulhak.demon.co.uk> -.\" -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $Id: uucplock.3,v 1.9 1997/09/29 19:11:25 wosch Exp $ -.\" " -.Dd March 30, 1997 -.Os -.Dt uucplock 3 -.Sh NAME -.Nm uu_lock , -.Nm uu_unlock , -.Nm uu_lockerr -.Nd acquire and release control of a serial device -.Sh SYNOPSIS -.Fd #include <sys/types.h> -.Fd #include <libutil.h> -.Ft int -.Fn uu_lock "const char *ttyname" -.Ft int -.Fn uu_unlock "const char *ttyname" -.Ft const char * -.Fn uu_lockerr "int uu_lockresult" -.Pp -Link with -.Va -lutil -on the -.Xr cc 1 -command line. -.Sh DESCRIPTION -The -.Fn uu_lock -function attempts to create a lock file called -.Pa /var/spool/lock/LCK.. -with a suffix given by the passed -.Fa ttyname . -If the file already exists, it is expected to contain the process -id of the locking program. -.Pp -If the file does not already exist, or the owning process given by -the process id found in the lock file is no longer running, -.Fn uu_lock -will write its own process id into the file and return success. -.Pp -.Fn uu_unlock -removes the lockfile created by -.Fn uu_lock -for the given -.Fa ttyname . -Care should be taken that -.Fn uu_lock -was successful before calling -.Fn uu_unlock . -.Pp -.Fn uu_lockerr -returns an error string representing the error -.Fa uu_lockresult , -as returned from -.Fn uu_lock . -.Sh RETURN VALUES -.Fn uu_unlock -returns 0 on success and -1 on failure. -.Pp -.Fn uu_lock -may return any of the following values: -.Pp -.Dv UU_LOCK_INUSE: -The lock is in use by another process. -.Pp -.Dv UU_LOCK_OK: -The lock was successfully created. -.Pp -.Dv UU_LOCK_OPEN_ERR: -The lock file could not be opened via -.Xr open 2 . -.Pp -.Dv UU_LOCK_READ_ERR: -The lock file could not be read via -.Xr read 2 . -.Pp -.Dv UU_LOCK_CREAT_ERR: -Can't create temporary lock file via -.Xr creat 2 . -.Pp -.Dv UU_LOCK_WRITE_ERR: -The current process id could not be written to the lock file via a call to -.Xr write 2 . -.Pp -.Dv UU_LOCK_LINK_ERR: -Can't link temporary lock file via -.Xr link 2 . -.Pp -.Dv UU_LOCK_TRY_ERR: -Locking attempts are failed after 5 tries. -.Pp -If a value of -.Dv UU_LOCK_OK -is passed to -.Fn uu_lockerr , -an empty string is returned. -Otherwise, a string specifying -the reason for failure is returned. -.Fn uu_lockerr -uses the current value of -.Va errno -to determine the exact error. Care should be made not to allow -.Va errno -to be changed between calls to -.Fn uu_lock -and -.Fn uu_lockerr . -.Sh ERRORS -If -.Fn uu_lock -returns one of the four error values above, the global value -.Va errno -can be used to determine the cause. Refer to the respective manual pages -for further details. -.Pp -.Fn uu_unlock -will set the global variable -.Va errno -to reflect the reason that the lock file could not be removed. -Refer to the description of -.Xr unlink 2 -for further details. -.Sh SEE ALSO -.Xr lseek 2 , -.Xr open 2 , -.Xr read 2 , -.Xr write 2 -.Sh BUGS -It is possible that a stale lock is not recognised as such if a new -processes is assigned the same processes id as the program that left -the stale lock. -.Pp -The calling process must have write permissions to the -.Pa /var/spool/lock -directory. There is no mechanism in place to ensure that the -permissions of this directory are the same as those of the -serial devices that might be locked. diff --git a/lib/libutil/uucplock.c b/lib/libutil/uucplock.c deleted file mode 100644 index 8e037e4..0000000 --- a/lib/libutil/uucplock.c +++ /dev/null @@ -1,201 +0,0 @@ -/* - * Copyright (c) 1988, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $Id: uucplock.c,v 1.7 1997/08/05 12:58:02 ache Exp $ - * - */ - -#ifndef lint -static const char sccsid[] = "@(#)uucplock.c 8.1 (Berkeley) 6/6/93"; -#endif /* not lint */ - -#include <sys/types.h> -#include <sys/file.h> -#include <dirent.h> -#include <errno.h> -#include <unistd.h> -#include <signal.h> -#include <stdio.h> -#include <stdlib.h> -#include <paths.h> -#include <string.h> -#include "libutil.h" - -#define MAXTRIES 5 - -#define LOCKTMP "LCKTMP..%d" -#define LOCKFMT "LCK..%s" - -#define GORET(level, val) { err = errno; uuerr = (val); \ - goto __CONCAT(ret, level); } - -/* Forward declarations */ -static int put_pid (int fd, pid_t pid); -static pid_t get_pid (int fd,int *err); - -/* - * uucp style locking routines - */ - -int uu_lock (const char *ttyname) -{ - int fd, tmpfd, i; - pid_t pid; - char lckname[sizeof(_PATH_UUCPLOCK) + MAXNAMLEN], - lcktmpname[sizeof(_PATH_UUCPLOCK) + MAXNAMLEN]; - int err, uuerr; - - pid = getpid(); - (void)snprintf(lcktmpname, sizeof(lcktmpname), _PATH_UUCPLOCK LOCKTMP, - pid); - (void)snprintf(lckname, sizeof(lckname), _PATH_UUCPLOCK LOCKFMT, - ttyname); - if ((tmpfd = creat(lcktmpname, 0664)) < 0) - GORET(0, UU_LOCK_CREAT_ERR); - - for (i = 0; i < MAXTRIES; i++) { - if (link (lcktmpname, lckname) < 0) { - if (errno != EEXIST) - GORET(1, UU_LOCK_LINK_ERR); - /* - * file is already locked - * check to see if the process holding the lock - * still exists - */ - if ((fd = open(lckname, O_RDONLY)) < 0) - GORET(1, UU_LOCK_OPEN_ERR); - - if ((pid = get_pid (fd, &err)) == -1) - GORET(2, UU_LOCK_READ_ERR); - - close(fd); - - if (kill(pid, 0) == 0 || errno != ESRCH) - GORET(1, UU_LOCK_INUSE); - /* - * The process that locked the file isn't running, so - * we'll lock it ourselves - */ - (void)unlink(lckname); - } else { - if (!put_pid (tmpfd, pid)) - GORET(3, UU_LOCK_WRITE_ERR); - break; - } - } - GORET(1, (i >= MAXTRIES) ? UU_LOCK_TRY_ERR : UU_LOCK_OK); - -ret3: - (void)unlink(lckname); - goto ret1; -ret2: - (void)close(fd); -ret1: - (void)close(tmpfd); - (void)unlink(lcktmpname); -ret0: - errno = err; - return uuerr; -} - -int uu_unlock (const char *ttyname) -{ - char tbuf[sizeof(_PATH_UUCPLOCK) + MAXNAMLEN]; - - (void)snprintf(tbuf, sizeof(tbuf), _PATH_UUCPLOCK LOCKFMT, ttyname); - return unlink(tbuf); -} - -const char *uu_lockerr (int uu_lockresult) -{ - static char errbuf[128]; - char *fmt; - - switch (uu_lockresult) { - case UU_LOCK_INUSE: - return "device in use"; - case UU_LOCK_OK: - return ""; - case UU_LOCK_OPEN_ERR: - fmt = "open error: %s"; - break; - case UU_LOCK_READ_ERR: - fmt = "read error: %s"; - break; - case UU_LOCK_CREAT_ERR: - fmt = "creat error: %s"; - break; - case UU_LOCK_WRITE_ERR: - fmt = "write error: %s"; - break; - case UU_LOCK_LINK_ERR: - fmt = "link error: %s"; - break; - case UU_LOCK_TRY_ERR: - fmt = "too many tries: %s"; - break; - default: - fmt = "undefined error: %s"; - break; - } - - (void)snprintf(errbuf, sizeof(errbuf), fmt, strerror(errno)); - return errbuf; -} - -static int put_pid (int fd, pid_t pid) -{ - char buf[32]; - int len; - - len = sprintf (buf, "%10d\n", pid); - return write (fd, buf, len) == len; -} - -static pid_t get_pid (int fd, int *err) -{ - int bytes_read; - char buf[32]; - pid_t pid; - - bytes_read = read (fd, buf, sizeof (buf) - 1); - if (bytes_read > 0) { - buf[bytes_read] = '\0'; - pid = strtol (buf, (char **) NULL, 10); - } else { - pid = -1; - *err = bytes_read ? errno : EINVAL; - } - return pid; -} - -/* end of uucplock.c */ |