Add nologinmsg 1.0, more functional native binary replacement for

/sbin/nologin.

Submitted by:	Richard Rose <freebsd-security@rikrose.net>

shells/Makefile

@@ -10,6 +10,7 @@
     SUBDIR += flash
     SUBDIR += ksh93
     SUBDIR += mudsh
+    SUBDIR += nologinmsg
     SUBDIR += osh
     SUBDIR += pash
     SUBDIR += pdksh

shells/nologinmsg/Makefile

@@ -0,0 +1,36 @@
+# Ports collection makefile for:   nologinmsg
+# Whom:                            Richard Rose <freebsd-security@rikrose.net>
+# Date created:                    20020710
+#
+# $FreeBSD$
+#
+# The port is self contained in the src directory
+
+PORTNAME=	nologinmsg
+PORTVERSION=	1.0
+CATEGORIES=	shells sysutils
+MASTER_SITES=	# none
+DISTFILES=	# none
+
+MAINTAINER=	freebsd-security@rikrose.net
+
+USE_REINPLACE=	yes
+
+MAN8=		nologinmsg.8
+MANCOMPRESSED=	yes
+
+do-extract:
+	@${MKDIR} ${WRKSRC}
+	@${CP} ${.CURDIR}/src/* ${WRKSRC}
+
+post-patch:
+	@${REINPLACE_CMD} -e 's|/usr/local|${PREFIX}|g' ${WRKSRC}/nologinmsg.8 \
+		${WRKSRC}/pathnames.h
+
+pre-install:
+	${MKDIR} ${PREFIX}/etc/nologinmsgs
+
+post-install:
+	${STRIP_CMD} ${PREFIX}/bin/nologinmsg
+
+.include <bsd.port.mk>

shells/nologinmsg/pkg-comment

@@ -0,0 +1 @@
+More functional native binary replacement for /sbin/nologin

shells/nologinmsg/pkg-descr

@@ -0,0 +1,2 @@
+Slightly more functional replacement for /sbin/nologin. Adds per-user
+messages, and group messages (of a form).

shells/nologinmsg/pkg-plist

@@ -0,0 +1,3 @@
+bin/nologinmsg
+@exec mkdir %D/etc/nologinmsgs
+@dirrm etc/nologinmsgs

shells/nologinmsg/src/Makefile

@@ -0,0 +1,10 @@
+# $FreeBSD$
+PROG=	nologinmsg
+SRCS=	nologinmsg.c
+BINDIR=	${PREFIX}/bin
+MANDIR=	${PREFIX}/man/man
+MAN8=	nologinmsg.8
+
+CFLAGS+=	-g
+
+.include <bsd.prog.mk>

shells/nologinmsg/src/nologinmsg.8

@@ -0,0 +1,73 @@
+.\" Copyright (c) 2002
+.\" Richard Rose. All Rights Reserved
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.Dd July 8, 2002
+.Dt NOLOGINMSG 8
+.Os
+.Sh NAME
+.Nm nologinmsg
+.Nd politely refuse a login
+.Sh SYNOPSIS
+.Nm
+.Sh DESCRIPTION
+.Nm Nologinmsg
+displays a message that an account is not availavle and
+exits non-zero.
+It is intended as a replacement shell field for accounts that
+have been disabled.
+It can also print per-user messages, or special messages,
+depending on how it is called, or whether it can find a better
+message to print.
+.Pp
+To create a per-user message, put the text of the message in
+.Pa /usr/local/etc/nologinmsgs/USER
+file. Its contents will be printed if the user names USER logs
+in.
+.Pp
+To create a message that can be used for a group of users,
+create a symbolic link to a new name for the binary, and use
+that name. In the
+.Pa /usr/local/etc/nologinmsgs/
+directory, place a text file of the same name, with the text
+you want printed when a user with this shell name logs in.
+.Pp
+If the program name is not nologinmsg, then that file name
+is checked, and printed if that exists. If it does not, then
+the standard error is printed.
+If the program name is nologinmsg, and a user named file exists
+then that file is printed if possible, if not, the standard
+error message exists.
+In all other cases, the standard message is printed.
+.Pp
+To disable all logins,
+investigage
+.Xr nologin 5 .
+.Sh SEE ALSO
+.Xr login 1
+.Xr nologin 5
+.Xr nologin 8
+.Sh HISTORY
+The
+.Nm
+command was written by Richard Rose and contributed to the FreeBSD Project
+This man page needs looking at and checking.

shells/nologinmsg/src/nologinmsg.c

@@ -0,0 +1,120 @@
+/*
+ * nologinmsg.c - A slightly improved nologin that will return a configurable
+ * message, depending on how it is called.
+ *
+ * Copyright (c) 2002
+ *  Richard Rose.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN
+ * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $Id: nologinmsg.c,v 1.1 2002/07/10 16:39:35 rik Exp $
+ * 
+ * rik
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sysexits.h>
+#include <limits.h>
+#include <err.h>
+#include <fcntl.h>
+#include <syslog.h>
+
+#include "pathnames.h"
+
+#define NOLOGINMSG_NAME "nologinmsg"
+#define NOLOGINMSG_MSG "This account is currently not available.\n"
+
+/* 
+ * main - Program entry point.
+ * Check how we are called. If it is not the way we expect, then search
+ * the hard coded path for a file named with the name we are called with,
+ * or, if that fails, the name of the user we are being run as, and print
+ * that. After printing a message, quit.
+ */
+int main (void)
+{
+    char messagePath[PATH_MAX];
+    char msgbuf[1024]; /* Arbitrary constant */
+    char *user, *device;
+    int fd, nbytes;
+    struct stat buf;
+
+    user = getlogin();
+    if (user == NULL)
+        user = "UNKNOWN";
+
+    device = ttyname(0);
+    if (device == NULL)
+        device = "UNKNOWN";
+
+    openlog( "nologinmsg", LOG_CONS, LOG_AUTH );
+    syslog( LOG_WARNING, "%.35s on %.35s", user, device);
+    closelog();
+
+    strlcpy( messagePath, NOLOGINMSG_PATH, sizeof( messagePath ) );
+    if (strcmp( getprogname(), NOLOGINMSG_NAME ) == 0){
+        /*
+         * Check for a user names message. If it exists and we can read it,
+         * then print that, otherwise print the standard message
+         */
+        if (strlcat( messagePath, getlogin(), sizeof( messagePath ) ) >
+                sizeof( messagePath ) )
+            goto printStandard;
+    } else {
+        /*
+         * We have been invoked by a different name. Check for a specific
+         * message to print, and print it if we can, else print the standard
+         * message
+         */
+        if (strlcat( messagePath, getprogname(), sizeof( messagePath ) ) >
+                sizeof( messagePath ) )
+            goto printStandard;
+    }
+
+    if (stat( messagePath, &buf ) != 0)
+        goto printStandard;
+
+    if ((buf.st_mode & S_IFREG) == 0)
+        goto printStandard;
+
+    fd = open( messagePath, O_RDONLY );
+    if (fd == -1)
+        goto printStandard;
+
+    for (;;){
+        nbytes = read( fd, msgbuf, sizeof( msgbuf ) );
+        if (nbytes == -1)
+            goto printStandard;
+
+        write( STDERR_FILENO, msgbuf, nbytes );
+        if (nbytes < sizeof( msgbuf ))
+            exit( EX_UNAVAILABLE );
+    }
+
+printStandard:
+    write( STDERR_FILENO, NOLOGINMSG_MSG, sizeof( NOLOGINMSG_MSG ) - 1 );
+    exit( EX_UNAVAILABLE );
+}
+

shells/nologinmsg/src/pathnames.h

@@ -0,0 +1,7 @@
+/*
+ * For licence, see nologinmsg.c
+ *
+ * $Id: pathnames.h,v 1.1 2002/07/10 16:39:35 rik Exp $
+ */
+
+#define NOLOGINMSG_PATH "/usr/local/etc/nologinmsgs/"