2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1980, 1987, 1993
5 * The Regents of the University of California. All rights reserved.
7 * This code is derived from software contributed to Berkeley by
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 static const char copyright[] =
37 "@(#) Copyright (c) 1980, 1987, 1993\n\
38 The Regents of the University of California. All rights reserved.\n";
43 static char sccsid[] = "@(#)lock.c 8.1 (Berkeley) 6/6/93";
46 #include <sys/cdefs.h>
47 __FBSDID("$FreeBSD$");
50 * Lock a terminal up until the given key is entered or the given
53 * Timeout interval is by default TIMEOUT, it can be changed with
54 * an argument of the form -time where time is in minutes
57 #include <sys/param.h>
59 #include <sys/signal.h>
60 #include <sys/consio.h>
78 static void quit(int);
81 static void usage(void);
83 static struct timeval timeout;
84 static struct timeval zerotime;
85 static struct termios tty, ntty;
86 static long nexttime; /* keep the timeout time */
87 static int no_timeout; /* lock terminal forever */
88 static int vtyunlock; /* Unlock flag and code. */
92 main(int argc, char **argv)
95 struct itimerval ntimer, otimer;
98 int ch, failures, sectimeout, usemine, vtylock;
99 char *ap, *cryptpw, *mypw, *ttynam, *tzn;
100 char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ];
102 openlog("lock", 0, LOG_AUTH);
104 sectimeout = TIMEOUT;
110 while ((ch = getopt(argc, argv, "npt:v")) != -1)
113 if ((sectimeout = atoi(optarg)) <= 0)
114 errx(1, "illegal timeout value");
118 if (!(pw = getpwuid(getuid())))
119 errx(1, "unknown uid %d", getuid());
120 mypw = strdup(pw->pw_passwd);
132 timeout.tv_sec = sectimeout * 60;
135 if (setuid(getuid()) != 0)
136 errx(1, "setuid failed");
138 if (tcgetattr(0, &tty)) /* get information for header */
140 gethostname(hostname, sizeof(hostname));
141 if (!(ttynam = ttyname(0)))
142 errx(1, "not a terminal?");
143 if (strncmp(ttynam, _PATH_DEV, strlen(_PATH_DEV)) == 0)
144 ttynam += strlen(_PATH_DEV);
146 nexttime = timval + (sectimeout * 60);
147 timp = localtime(&timval);
151 (void)signal(SIGINT, quit);
152 (void)signal(SIGQUIT, quit);
153 ntty = tty; ntty.c_lflag &= ~ECHO;
154 (void)tcsetattr(0, TCSADRAIN|TCSASOFT, &ntty);
157 /* get key and check again */
158 (void)printf("Key: ");
159 if (!fgets(s, sizeof(s), stdin) || *s == '\n')
161 (void)printf("\nAgain: ");
163 * Don't need EOF test here, if we get EOF, then s1 != s
164 * and the right things will happen.
166 (void)fgets(s1, sizeof(s1), stdin);
169 (void)printf("\07lock: passwords didn't match.\n");
170 (void)tcsetattr(0, TCSADRAIN|TCSASOFT, &tty);
177 /* set signal handlers */
178 (void)signal(SIGINT, hi);
179 (void)signal(SIGQUIT, hi);
180 (void)signal(SIGTSTP, hi);
181 (void)signal(SIGALRM, bye);
183 ntimer.it_interval = zerotime;
184 ntimer.it_value = timeout;
186 setitimer(ITIMER_REAL, &ntimer, &otimer);
189 * If this failed, we want to err out; warn isn't good
190 * enough, since we don't want the user to think that
191 * everything is nice and locked because they got a
194 if (ioctl(0, VT_LOCKSWITCH, &vtylock) == -1) {
195 (void)tcsetattr(0, TCSADRAIN|TCSASOFT, &tty);
196 err(1, "locking vty");
203 (void)printf("lock: %s using %s on %s.", pw->pw_name,
206 (void)printf("lock: %s on %s.", ttynam, hostname);
208 (void)printf(" no timeout.");
210 (void)printf(" timeout in %d minute%s.", sectimeout,
211 sectimeout != 1 ? "s" : "");
213 (void)printf(" vty locked.");
214 (void)printf("\ntime now is %.20s%s%s", ap, tzn, ap + 19);
219 (void)printf("Key: ");
220 if (!fgets(s, sizeof(s), stdin)) {
226 s[strlen(s) - 1] = '\0';
227 cryptpw = crypt(s, mypw);
228 if (cryptpw != NULL && !strcmp(mypw, cryptpw))
231 else if (!strcmp(s, s1))
233 (void)printf("\07\n");
236 syslog(LOG_NOTICE, "%d ROOT UNLOCK FAILURE%s (%s on %s)",
237 failures, failures > 1 ? "S": "", ttynam, hostname);
239 if (tcgetattr(0, &ntty) && (errno != EINTR))
241 sleep(1); /* to discourage guessing */
244 syslog(LOG_NOTICE, "ROOT UNLOCK ON hostname %s port %s",
247 return(0); /* not reached */
254 (void)fprintf(stderr, "usage: lock [-npv] [-t timeout]\n");
259 hi(int signo __unused)
264 (void)printf("lock: type in the unlock key. ");
268 (void)printf("timeout in %jd:%jd minutes\n",
269 (intmax_t)(nexttime - timval) / 60,
270 (intmax_t)(nexttime - timval) % 60);
275 quit(int signo __unused)
278 (void)tcsetattr(0, TCSADRAIN|TCSASOFT, &tty);
280 (void)ioctl(0, VT_LOCKSWITCH, &vtyunlock);
285 bye(int signo __unused)
288 (void)tcsetattr(0, TCSADRAIN|TCSASOFT, &tty);
290 (void)ioctl(0, VT_LOCKSWITCH, &vtyunlock);
291 (void)printf("lock: timeout\n");