diff options
| -rw-r--r-- | shells/Makefile | 1 | ||||
| -rw-r--r-- | shells/nologinmsg/Makefile | 36 | ||||
| -rw-r--r-- | shells/nologinmsg/pkg-comment | 1 | ||||
| -rw-r--r-- | shells/nologinmsg/pkg-descr | 2 | ||||
| -rw-r--r-- | shells/nologinmsg/pkg-plist | 3 | ||||
| -rw-r--r-- | shells/nologinmsg/src/Makefile | 10 | ||||
| -rw-r--r-- | shells/nologinmsg/src/nologinmsg.8 | 73 | ||||
| -rw-r--r-- | shells/nologinmsg/src/nologinmsg.c | 120 | ||||
| -rw-r--r-- | shells/nologinmsg/src/pathnames.h | 7 |
9 files changed, 253 insertions, 0 deletions
diff --git a/shells/Makefile b/shells/Makefile index 10d320431ac2..794e47deeb1a 100644 --- a/shells/Makefile +++ b/shells/Makefile @@ -10,6 +10,7 @@ SUBDIR += flash SUBDIR += ksh93 SUBDIR += mudsh + SUBDIR += nologinmsg SUBDIR += osh SUBDIR += pash SUBDIR += pdksh diff --git a/shells/nologinmsg/Makefile b/shells/nologinmsg/Makefile new file mode 100644 index 000000000000..411a39847f57 --- /dev/null +++ b/shells/nologinmsg/Makefile @@ -0,0 +1,36 @@ +# Ports collection makefile for: nologinmsg +# Whom: Richard Rose <freebsd-security@rikrose.net> +# Date created: 20020710 +# +# $FreeBSD$ +# +# The port is self contained in the src directory + +PORTNAME= nologinmsg +PORTVERSION= 1.0 +CATEGORIES= shells sysutils +MASTER_SITES= # none +DISTFILES= # none + +MAINTAINER= freebsd-security@rikrose.net + +USE_REINPLACE= yes + +MAN8= nologinmsg.8 +MANCOMPRESSED= yes + +do-extract: + @${MKDIR} ${WRKSRC} + @${CP} ${.CURDIR}/src/* ${WRKSRC} + +post-patch: + @${REINPLACE_CMD} -e 's|/usr/local|${PREFIX}|g' ${WRKSRC}/nologinmsg.8 \ + ${WRKSRC}/pathnames.h + +pre-install: + ${MKDIR} ${PREFIX}/etc/nologinmsgs + +post-install: + ${STRIP_CMD} ${PREFIX}/bin/nologinmsg + +.include <bsd.port.mk> diff --git a/shells/nologinmsg/pkg-comment b/shells/nologinmsg/pkg-comment new file mode 100644 index 000000000000..3b4056c2b089 --- /dev/null +++ b/shells/nologinmsg/pkg-comment @@ -0,0 +1 @@ +More functional native binary replacement for /sbin/nologin diff --git a/shells/nologinmsg/pkg-descr b/shells/nologinmsg/pkg-descr new file mode 100644 index 000000000000..0e25f472f147 --- /dev/null +++ b/shells/nologinmsg/pkg-descr @@ -0,0 +1,2 @@ +Slightly more functional replacement for /sbin/nologin. Adds per-user +messages, and group messages (of a form). diff --git a/shells/nologinmsg/pkg-plist b/shells/nologinmsg/pkg-plist new file mode 100644 index 000000000000..2226637c4231 --- /dev/null +++ b/shells/nologinmsg/pkg-plist @@ -0,0 +1,3 @@ +bin/nologinmsg +@exec mkdir %D/etc/nologinmsgs +@dirrm etc/nologinmsgs diff --git a/shells/nologinmsg/src/Makefile b/shells/nologinmsg/src/Makefile new file mode 100644 index 000000000000..814a190d719d --- /dev/null +++ b/shells/nologinmsg/src/Makefile @@ -0,0 +1,10 @@ +# $FreeBSD$ +PROG= nologinmsg +SRCS= nologinmsg.c +BINDIR= ${PREFIX}/bin +MANDIR= ${PREFIX}/man/man +MAN8= nologinmsg.8 + +CFLAGS+= -g + +.include <bsd.prog.mk> diff --git a/shells/nologinmsg/src/nologinmsg.8 b/shells/nologinmsg/src/nologinmsg.8 new file mode 100644 index 000000000000..1d89489b455c --- /dev/null +++ b/shells/nologinmsg/src/nologinmsg.8 @@ -0,0 +1,73 @@ +.\" Copyright (c) 2002 +.\" Richard Rose. All Rights Reserved +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.Dd July 8, 2002 +.Dt NOLOGINMSG 8 +.Os +.Sh NAME +.Nm nologinmsg +.Nd politely refuse a login +.Sh SYNOPSIS +.Nm +.Sh DESCRIPTION +.Nm Nologinmsg +displays a message that an account is not availavle and +exits non-zero. +It is intended as a replacement shell field for accounts that +have been disabled. +It can also print per-user messages, or special messages, +depending on how it is called, or whether it can find a better +message to print. +.Pp +To create a per-user message, put the text of the message in +.Pa /usr/local/etc/nologinmsgs/USER +file. Its contents will be printed if the user names USER logs +in. +.Pp +To create a message that can be used for a group of users, +create a symbolic link to a new name for the binary, and use +that name. In the +.Pa /usr/local/etc/nologinmsgs/ +directory, place a text file of the same name, with the text +you want printed when a user with this shell name logs in. +.Pp +If the program name is not nologinmsg, then that file name +is checked, and printed if that exists. If it does not, then +the standard error is printed. +If the program name is nologinmsg, and a user named file exists +then that file is printed if possible, if not, the standard +error message exists. +In all other cases, the standard message is printed. +.Pp +To disable all logins, +investigage +.Xr nologin 5 . +.Sh SEE ALSO +.Xr login 1 +.Xr nologin 5 +.Xr nologin 8 +.Sh HISTORY +The +.Nm +command was written by Richard Rose and contributed to the FreeBSD Project +This man page needs looking at and checking. diff --git a/shells/nologinmsg/src/nologinmsg.c b/shells/nologinmsg/src/nologinmsg.c new file mode 100644 index 000000000000..91da8693a5ef --- /dev/null +++ b/shells/nologinmsg/src/nologinmsg.c @@ -0,0 +1,120 @@ +/* + * nologinmsg.c - A slightly improved nologin that will return a configurable + * message, depending on how it is called. + * + * Copyright (c) 2002 + * Richard Rose. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN + * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * $Id: nologinmsg.c,v 1.1 2002/07/10 16:39:35 rik Exp $ + * + * rik + */ + +#include <sys/types.h> +#include <sys/stat.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sysexits.h> +#include <limits.h> +#include <err.h> +#include <fcntl.h> +#include <syslog.h> + +#include "pathnames.h" + +#define NOLOGINMSG_NAME "nologinmsg" +#define NOLOGINMSG_MSG "This account is currently not available.\n" + +/* + * main - Program entry point. + * Check how we are called. If it is not the way we expect, then search + * the hard coded path for a file named with the name we are called with, + * or, if that fails, the name of the user we are being run as, and print + * that. After printing a message, quit. + */ +int main (void) +{ + char messagePath[PATH_MAX]; + char msgbuf[1024]; /* Arbitrary constant */ + char *user, *device; + int fd, nbytes; + struct stat buf; + + user = getlogin(); + if (user == NULL) + user = "UNKNOWN"; + + device = ttyname(0); + if (device == NULL) + device = "UNKNOWN"; + + openlog( "nologinmsg", LOG_CONS, LOG_AUTH ); + syslog( LOG_WARNING, "%.35s on %.35s", user, device); + closelog(); + + strlcpy( messagePath, NOLOGINMSG_PATH, sizeof( messagePath ) ); + if (strcmp( getprogname(), NOLOGINMSG_NAME ) == 0){ + /* + * Check for a user names message. If it exists and we can read it, + * then print that, otherwise print the standard message + */ + if (strlcat( messagePath, getlogin(), sizeof( messagePath ) ) > + sizeof( messagePath ) ) + goto printStandard; + } else { + /* + * We have been invoked by a different name. Check for a specific + * message to print, and print it if we can, else print the standard + * message + */ + if (strlcat( messagePath, getprogname(), sizeof( messagePath ) ) > + sizeof( messagePath ) ) + goto printStandard; + } + + if (stat( messagePath, &buf ) != 0) + goto printStandard; + + if ((buf.st_mode & S_IFREG) == 0) + goto printStandard; + + fd = open( messagePath, O_RDONLY ); + if (fd == -1) + goto printStandard; + + for (;;){ + nbytes = read( fd, msgbuf, sizeof( msgbuf ) ); + if (nbytes == -1) + goto printStandard; + + write( STDERR_FILENO, msgbuf, nbytes ); + if (nbytes < sizeof( msgbuf )) + exit( EX_UNAVAILABLE ); + } + +printStandard: + write( STDERR_FILENO, NOLOGINMSG_MSG, sizeof( NOLOGINMSG_MSG ) - 1 ); + exit( EX_UNAVAILABLE ); +} + diff --git a/shells/nologinmsg/src/pathnames.h b/shells/nologinmsg/src/pathnames.h new file mode 100644 index 000000000000..1bcdbefebaa8 --- /dev/null +++ b/shells/nologinmsg/src/pathnames.h @@ -0,0 +1,7 @@ +/* + * For licence, see nologinmsg.c + * + * $Id: pathnames.h,v 1.1 2002/07/10 16:39:35 rik Exp $ + */ + +#define NOLOGINMSG_PATH "/usr/local/etc/nologinmsgs/" |