Date: Mon, 15 Jul 2002 02:34:56 +0000 From: Dima Dorfman <dima@trit.org> To: audit@freebsd.org Subject: lock(1) -v (was: VT_LOCKSWITCH) Message-ID: <20020715023456.483403E1A@turbine.trit.org>
next in thread | raw e-mail | index | archive | help
Anybody care to review this patch? I'd rather not commit unreviewed changes to a setuid root program. Thanks. I wrote: > Sheldon Hearn <sheldonh@starjuice.net> wrote: > > > > > > On Tue, 28 May 2002 08:54:20 GMT, Dima Dorfman wrote: > > > > > The attached patch adds an -S option to vidcontrol(1) that allows the > > > user to disallow vty switching. It is implemented using a new > > > VT_LOCKSWITCH ioctl. > > > > Ooo! Ooo! This is nice. > > > > If you're up to it, I'd love to see the same functionality available as > > an extension to lock(1). Imagine the convenience of being able to type > > > > lock -npS > > > > on just one terminal and not have to worry about the rest! > > Sounds nice. How about the following patch? I really tried to keep > the not-directly-related changes to a minimum, but it was difficult > (lock(1) is so small and simple, but so lacking in polish!) (I did > refrain from fixing anything that I wasn't already going to change, > though, so the diff shouldn't be significantly harder to read). > > Note also that lock(1) is installed setuid root (for -p), so please > review accordingly (even though none of the new code runs as root). > > Thanks, > > Dima. Index: lock.1 =================================================================== RCS file: /home/ncvs/src/usr.bin/lock/lock.1,v retrieving revision 1.7 diff -u -r1.7 lock.1 --- lock.1 20 Apr 2002 12:15:20 -0000 1.7 +++ lock.1 10 Jul 2002 04:54:50 -0000 @@ -32,7 +32,7 @@ .\" @(#)lock.1 8.1 (Berkeley) 6/6/93 .\" $FreeBSD$ .\" -.Dd June 6, 1993 +.Dd July 10, 2002 .Dt LOCK 1 .Os .Sh NAME @@ -40,8 +40,7 @@ .Nd reserve a terminal .Sh SYNOPSIS .Nm -.Op Fl n -.Op Fl p +.Op Fl npv .Op Fl t Ar timeout .Sh DESCRIPTION The @@ -65,6 +64,15 @@ The time limit (default 15 minutes) is changed to .Ar timeout minutes. +.It Fl v +Disable switching virtual terminals while this terminal is locked. +This option is implemented in a way similar to the +.Fl S +option of +.Xr vidcontrol 1 , +and is only available if the terminal in question is a +.Xr syscons 4 +virtual terminal. .El .Sh HISTORY The Index: lock.c =================================================================== RCS file: /home/ncvs/src/usr.bin/lock/lock.c,v retrieving revision 1.13 diff -u -r1.13 lock.c --- lock.c 10 Jul 2002 04:05:33 -0000 1.13 +++ lock.c 10 Jul 2002 04:54:50 -0000 @@ -60,6 +60,7 @@ #include <sys/stat.h> #include <sys/time.h> #include <sys/signal.h> +#include <sys/consio.h> #include <err.h> #include <ctype.h> #include <pwd.h> @@ -83,6 +84,7 @@ struct sgttyb tty, ntty; long nexttime; /* keep the timeout time */ int no_timeout; /* lock terminal forever */ +int vtyunlock; /* Unlock flag and code. */ /*ARGSUSED*/ int @@ -95,7 +97,7 @@ time_t timval_sec; struct itimerval ntimer, otimer; struct tm *timp; - int ch, failures, sectimeout, usemine; + int ch, failures, sectimeout, usemine, vtylock; char *ap, *mypw, *ttynam, *tzn; char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ]; @@ -105,7 +107,8 @@ mypw = NULL; usemine = 0; no_timeout = 0; - while ((ch = getopt(argc, argv, "npt:")) != -1) + vtylock = 0; + while ((ch = getopt(argc, argv, "npt:v")) != -1) switch((char)ch) { case 't': if ((sectimeout = atoi(optarg)) <= 0) @@ -120,6 +123,9 @@ case 'n': no_timeout = 1; break; + case 'v': + vtylock = 1; + break; case '?': default: usage(); @@ -177,15 +183,31 @@ ntimer.it_value = timeout; if (!no_timeout) setitimer(ITIMER_REAL, &ntimer, &otimer); + if (vtylock) { + /* + * If this failed, we want to err out; warn isn't good + * enough, since we don't want the user to think that + * everything is nice and locked because they got a + * "Key:" prompt. + */ + if (ioctl(0, VT_LOCKSWITCH, &vtylock) == -1) { + (void)ioctl(0, TIOCSETP, &tty); + err(1, "locking vty"); + } + vtyunlock = 0x2; + } /* header info */ - if (no_timeout) { -(void)printf("lock: %s on %s. no timeout\ntime now is %.20s%s%s", - ttynam, hostname, ap, tzn, ap + 19); - } else { -(void)printf("lock: %s on %s. timeout in %d minutes\ntime now is %.20s%s%s", - ttynam, hostname, sectimeout, ap, tzn, ap + 19); - } + (void)printf("lock: %s on %s.", ttynam, hostname); + if (no_timeout) + (void)printf(" no timeout."); + else + (void)printf(" timeout in %d minute%s.", sectimeout, + sectimeout != 1 ? "s" : ""); + if (vtylock) + (void)printf(" vty locked."); + (void)printf("\ntime now is %.20s%s%s", ap, tzn, ap + 19); + failures = 0; for (;;) { @@ -222,7 +244,7 @@ static void usage() { - (void)fprintf(stderr, "usage: lock [-n] [-p] [-t timeout]\n"); + (void)fprintf(stderr, "usage: lock [-npv] [-t timeout]\n"); exit(1); } @@ -248,6 +270,8 @@ { (void)putchar('\n'); (void)ioctl(0, TIOCSETP, &tty); + if (vtyunlock) + (void)ioctl(0, VT_LOCKSWITCH, &vtyunlock); exit(0); } @@ -256,6 +280,8 @@ { if (!no_timeout) { (void)ioctl(0, TIOCSETP, &tty); + if (vtyunlock) + (void)ioctl(0, VT_LOCKSWITCH, &vtyunlock); (void)printf("lock: timeout\n"); exit(1); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020715023456.483403E1A>