Date: Fri, 4 Jan 2002 16:58:40 +0000 From: Rik <rik@spoon.pkl.net> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: Rik <freebsd-security@rikrose.net>, =?iso-8859-1?Q?=E4=CD=C9=D4=D2=C9=CA_=F0=CF=C4=CB=CF=D2=D9=D4=CF=D7?= <podkorytov@mail.ru>, freebsd-security@FreeBSD.ORG Subject: Re: nologin hole? Message-ID: <20020104165839.A17264@spoon.pkl.net> In-Reply-To: <200201041529.g04FTAG34628@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Fri, Jan 04, 2002 at 07:28:45AM -0800 References: <20020104145154.A15764@spoon.pkl.net> <200201041529.g04FTAG34628@cwsys.cwsent.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Fri, Jan 04, 2002 at 07:28:45AM -0800, Cy Schubert - ITSD Open Systems Group wrote: > Or, take a look at the no-login port in the ports collection. Without further ado, I humbly offer my replacement for /sbin/nologin. It is backwards compatible, but will send custom messages if: 1) It is called with a specific name 2) There is a special message for that user If anything fails, it default to print the same default message nologin does. The source is attached. Well, it was when I sent it, if it gets stripped off, it can also be found at http://rikrose.net/nologinmsg.c There is no pan page, because I don't know how to write them. There is, however, a plain text descriptio at the top of the code, which is good enough for a manual. I'll make it a port, if people want, and someone cares to contribute a man page. rik -- PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org Key fingerprint = 5EB1 4C63 9FAD D87B 854C 3DED 1408 ED77 D272 9A3F Public key also encoded with outguess on http://rikrose.net [-- Attachment #2 --] /* * nologinmsg.c - A slightly improved nologin that will return a configurable * message, depending on how it is called. * * This code is published under the BSD Licence, whicih can be found on * www.freebsd.org, and many many other places on ther internet. * * Manual * ----- * nologinmsg - a replacement for the standard nologin * * Under normal circumstances, this program will print "The account is * currently not available". However, if there exists a file named * /etc/nologinmsgs/$USER, then the contents of that file are printed * instead. * * If nologinmsg is called by a different name, for example, by being * symlinked to, then /etc/nologinmsgs is checked for a file of that name, * and if possible, that file's contents are printed as the message. This * form takes precedence over the other forms. * * Every time nologinmsgs is run, it logs the tty and username to syslog, * at LOG_WARNING level. Note, there is a possible proble with lines being * over 80 characters long, but you won't create usernames *that* long, * will you? * * rik */ #include <stdlib.h> #include <string.h> #include <unistd.h> #include <sysexits.h> #include <sys/types.h> #include <sys/stat.h> #include <limits.h> #include <err.h> #include <fcntl.h> #include <syslog.h> #define NOLOGINMSG_NAME "nologinmsg" #define NOLOGINMSG_MSG "This account is currently not available.\n" #define NOLOGINMSG_PATH "/etc/nologinmsgs/" /* * main - Program entry point. * Check how we are called. If it is not the way we expect, then search * the hard coded path for a file named with the name we are called with, * or, if that fails, the name of the user we are being run as, and print * that. After printing a message, quit. */ int main (void) { char messagePath[PATH_MAX]; char msgbuf[1024]; /* Arbitrary constant */ char *user, *device; int fd, nbytes; struct stat buf; user = getlogin(); if (user == NULL) user = "UNKNOWN"; device = ttyname(0); if (device == NULL) device = "UNKNOWN"; openlog( "nologinmsg", LOG_CONS, LOG_AUTH ); syslog( LOG_WARNING, "%s on %s", user, device); closelog(); if (strcmp( getprogname(), NOLOGINMSG_NAME ) == 0){ write( STDERR_FILENO, NOLOGINMSG_MSG, sizeof( NOLOGINMSG_MSG ) - 1 ); exit( EX_UNAVAILABLE ); } /* * We have been invoked by a different name. Check for there * being a specifc username message, otherwise print the default * message */ strncpy( messagePath, NOLOGINMSG_PATH, sizeof( messagePath ) ); strncat( messagePath, getprogname(), sizeof( messagePath ) - strlen( getprogname() ) ); if (stat( messagePath, &buf ) != 0){ write( STDERR_FILENO, NOLOGINMSG_MSG, sizeof( NOLOGINMSG_MSG ) - 1 ); exit( EX_UNAVAILABLE ); } fd = open( messagePath, O_RDONLY ); if (fd == -1){ /* Check username named file */ strncpy( messagePath, NOLOGINMSG_PATH, sizeof( messagePath ) ); strncat( messagePath, getlogin(), sizeof( messagePath ) - strlen( getlogin() ) ); if (stat( messagePath, &buf ) != 0){ write( STDERR_FILENO, NOLOGINMSG_MSG, sizeof( NOLOGINMSG_MSG ) - 1 ); exit( EX_UNAVAILABLE ); } fd = open( messagePath, O_RDONLY ); if (fd == -1){ write( STDERR_FILENO, NOLOGINMSG_MSG, sizeof( NOLOGINMSG_MSG ) - 1 ); exit( EX_UNAVAILABLE ); } } for (;;){ nbytes = read( fd, msgbuf, sizeof( msgbuf ) ); write( STDERR_FILENO, msgbuf, nbytes ); if (nbytes < sizeof( msgbuf )) exit( EX_UNAVAILABLE ); } }help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020104165839.A17264>