Date: Wed, 10 Jul 2002 05:04:55 +0000 From: Dima Dorfman <dima@trit.org> To: Sheldon Hearn <sheldonh@starjuice.net> Cc: audit@freebsd.org Subject: Re: VT_LOCKSWITCH Message-ID: <20020710050455.E28483EFB@turbine.trit.org> In-Reply-To: <43415.1022589698@axl.seasidesoftware.co.za>; from sheldonh@starjuice.net on "Tue, 28 May 2002 14:41:38 %2B0200"
next in thread | previous in thread | raw e-mail | index | archive | help
Sheldon Hearn <sheldonh@starjuice.net> wrote:
>
>
> On Tue, 28 May 2002 08:54:20 GMT, Dima Dorfman wrote:
>
> > The attached patch adds an -S option to vidcontrol(1) that allows the
> > user to disallow vty switching. It is implemented using a new
> > VT_LOCKSWITCH ioctl.
>
> Ooo! Ooo! This is nice.
>
> If you're up to it, I'd love to see the same functionality available as
> an extension to lock(1). Imagine the convenience of being able to type
>
> lock -npS
>
> on just one terminal and not have to worry about the rest!
Sounds nice. How about the following patch? I really tried to keep
the not-directly-related changes to a minimum, but it was difficult
(lock(1) is so small and simple, but so lacking in polish!) (I did
refrain from fixing anything that I wasn't already going to change,
though, so the diff shouldn't be significantly harder to read).
Note also that lock(1) is installed setuid root (for -p), so please
review accordingly (even though none of the new code runs as root).
Thanks,
Dima.
P.S. Does anyone know what this is for:
if (ioctl(0, TIOCGETP, &ntty))
exit(1);
It's at line 232 after the patch (210 before the patch). ntty isn't
used anywhere in or after the loop the above is in, so it seems pretty
pointless. It has some bugs (you can't call exit() here; you need to
at least fix the terminal settings, and, now, maybe, unlock the vty),
so unless someone knows what it's for, I'd like to remove it.
Index: lock.1
===================================================================
RCS file: /home/ncvs/src/usr.bin/lock/lock.1,v
retrieving revision 1.7
diff -u -r1.7 lock.1
--- lock.1 20 Apr 2002 12:15:20 -0000 1.7
+++ lock.1 10 Jul 2002 04:54:50 -0000
@@ -32,7 +32,7 @@
.\" @(#)lock.1 8.1 (Berkeley) 6/6/93
.\" $FreeBSD$
.\"
-.Dd June 6, 1993
+.Dd July 10, 2002
.Dt LOCK 1
.Os
.Sh NAME
@@ -40,8 +40,7 @@
.Nd reserve a terminal
.Sh SYNOPSIS
.Nm
-.Op Fl n
-.Op Fl p
+.Op Fl npv
.Op Fl t Ar timeout
.Sh DESCRIPTION
The
@@ -65,6 +64,15 @@
The time limit (default 15 minutes) is changed to
.Ar timeout
minutes.
+.It Fl v
+Disable switching virtual terminals while this terminal is locked.
+This option is implemented in a way similar to the
+.Fl S
+option of
+.Xr vidcontrol 1 ,
+and is only available if the terminal in question is a
+.Xr syscons 4
+virtual terminal.
.El
.Sh HISTORY
The
Index: lock.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/lock/lock.c,v
retrieving revision 1.13
diff -u -r1.13 lock.c
--- lock.c 10 Jul 2002 04:05:33 -0000 1.13
+++ lock.c 10 Jul 2002 04:54:50 -0000
@@ -60,6 +60,7 @@
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/signal.h>
+#include <sys/consio.h>
#include <err.h>
#include <ctype.h>
#include <pwd.h>
@@ -83,6 +84,7 @@
struct sgttyb tty, ntty;
long nexttime; /* keep the timeout time */
int no_timeout; /* lock terminal forever */
+int vtyunlock; /* Unlock flag and code. */
/*ARGSUSED*/
int
@@ -95,7 +97,7 @@
time_t timval_sec;
struct itimerval ntimer, otimer;
struct tm *timp;
- int ch, failures, sectimeout, usemine;
+ int ch, failures, sectimeout, usemine, vtylock;
char *ap, *mypw, *ttynam, *tzn;
char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ];
@@ -105,7 +107,8 @@
mypw = NULL;
usemine = 0;
no_timeout = 0;
- while ((ch = getopt(argc, argv, "npt:")) != -1)
+ vtylock = 0;
+ while ((ch = getopt(argc, argv, "npt:v")) != -1)
switch((char)ch) {
case 't':
if ((sectimeout = atoi(optarg)) <= 0)
@@ -120,6 +123,9 @@
case 'n':
no_timeout = 1;
break;
+ case 'v':
+ vtylock = 1;
+ break;
case '?':
default:
usage();
@@ -177,15 +183,31 @@
ntimer.it_value = timeout;
if (!no_timeout)
setitimer(ITIMER_REAL, &ntimer, &otimer);
+ if (vtylock) {
+ /*
+ * If this failed, we want to err out; warn isn't good
+ * enough, since we don't want the user to think that
+ * everything is nice and locked because they got a
+ * "Key:" prompt.
+ */
+ if (ioctl(0, VT_LOCKSWITCH, &vtylock) == -1) {
+ (void)ioctl(0, TIOCSETP, &tty);
+ err(1, "locking vty");
+ }
+ vtyunlock = 0x2;
+ }
/* header info */
- if (no_timeout) {
-(void)printf("lock: %s on %s. no timeout\ntime now is %.20s%s%s",
- ttynam, hostname, ap, tzn, ap + 19);
- } else {
-(void)printf("lock: %s on %s. timeout in %d minutes\ntime now is %.20s%s%s",
- ttynam, hostname, sectimeout, ap, tzn, ap + 19);
- }
+ (void)printf("lock: %s on %s.", ttynam, hostname);
+ if (no_timeout)
+ (void)printf(" no timeout.");
+ else
+ (void)printf(" timeout in %d minute%s.", sectimeout,
+ sectimeout != 1 ? "s" : "");
+ if (vtylock)
+ (void)printf(" vty locked.");
+ (void)printf("\ntime now is %.20s%s%s", ap, tzn, ap + 19);
+
failures = 0;
for (;;) {
@@ -222,7 +244,7 @@
static void
usage()
{
- (void)fprintf(stderr, "usage: lock [-n] [-p] [-t timeout]\n");
+ (void)fprintf(stderr, "usage: lock [-npv] [-t timeout]\n");
exit(1);
}
@@ -248,6 +270,8 @@
{
(void)putchar('\n');
(void)ioctl(0, TIOCSETP, &tty);
+ if (vtyunlock)
+ (void)ioctl(0, VT_LOCKSWITCH, &vtyunlock);
exit(0);
}
@@ -256,6 +280,8 @@
{
if (!no_timeout) {
(void)ioctl(0, TIOCSETP, &tty);
+ if (vtyunlock)
+ (void)ioctl(0, VT_LOCKSWITCH, &vtyunlock);
(void)printf("lock: timeout\n");
exit(1);
}
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020710050455.E28483EFB>