Package: timeoutd Version: 1.5-10moh Severity: wishlist Tags: patch
-- System Information: Debian Release: 3.1 APT prefers testing APT policy: (400, 'testing'), (300, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.13 Locale: LANG=en_GB, LC_CTYPE=iso_8859_1 (charmap=ISO-8859-1) (ignored: LC_ALL set to en_GB) Versions of packages timeoutd depends on: ii libc6 2.3.5-6 GNU C Library: Shared libraries an ii libx11-6 4.3.0.dfsg.1-14sarge1 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-14sarge1 X Window System miscellaneous exte ii libxss1 6.8.2.dfsg.1-11 X Screen Saver client-side library ii xlibs 6.8.2.dfsg.1-7 X Window System client libraries m -- no debconf information I have added a new lockout feature to timeoutd optionally to prevent immediate login after a full session. The length of the rest period is configurable from the configfile. Also I have completed the custom messages implementation. Messages can be read from the configfile or from a file specified there. So that custom message files could stored together in, say, /etc/timeoutd/messages I have moved /etc/timeouts to /etc/timeoutd/timeouts. Is this is controversial? New preinst script to copy existing conffile attached. There are no custom messages for the warnings at preset. Would that be useful? The xmessage popups now have a default button which allows them to be cancelled by keystroke. Fixed compilation without -DTIMEOUTDX11 if anyone wants to do it. I have been running this for a month and it works well for me. Hope it is useful. Mark
diff -ur ./debian/changelog /usr/src/timeoutd-1.5/debian/changelog
--- ./debian/changelog 2006-02-23 11:40:37.000000000 +0000
+++ /usr/src/timeoutd-1.5/debian/changelog 2006-03-03 09:53:52.000000000
+0000
@@ -1,3 +1,17 @@
+timeoutd (1.5-10moh) unstable; urgency=low
+
+ * Added optional lockout to prevent immediate login after full session
+ * Finish custom messages implementation
+ - Can either be read from timeouts or read from another file
+ - Moved timeouts to /etc/timeoutd/ so messages files
+ can also be placed there and not clutter /etc
+ * timeouts.5: document custom messages and lockout
+ * Under X, make button on popup the default so window can be cleared
+ by pressing <RETURN>
+ * Fix #ifdefs for compilation without -DTIMEOUTDX11
+
+ -- Mark Hindley <[EMAIL PROTECTED]> Thu, 23 Feb 2006 11:56:45 +0000
+
timeoutd (1.5-10) unstable; urgency=low
* Updating build depencies due to xlibs-dev: Closes: #346924
Only in /usr/src/timeoutd-1.5/debian: changelog.orig
diff -ur ./debian/control /usr/src/timeoutd-1.5/debian/control
--- ./debian/control 2006-02-23 11:40:37.000000000 +0000
+++ /usr/src/timeoutd-1.5/debian/control 2006-02-25 12:23:18.000000000
+0000
@@ -12,8 +12,8 @@
Description: Flexible user timeout daemon with X11 support
timeoutd enforces the time restrictions specified for each or all users.
.
- timeoutd scans /var/run/utmp every minute and checks /etc/timeouts for
- an entry which matches a restricted user, based on:
+ timeoutd scans /var/run/utmp every minute and checks /etc/timeoutd/timeouts
+ for an entry which matches a restricted user, based on:
.
- The current day and time
- The tty that the user is currently logged in on
Only in /usr/src/timeoutd-1.5/debian: files
Only in /usr/src/timeoutd-1.5/debian: timeoutd
diff -ur ./debian/timeoutd.install /usr/src/timeoutd-1.5/debian/timeoutd.install
--- ./debian/timeoutd.install 2006-02-23 11:40:37.000000000 +0000
+++ /usr/src/timeoutd-1.5/debian/timeoutd.install 2006-02-25
12:23:18.000000000 +0000
@@ -1,2 +1,2 @@
timeoutd usr/sbin
-timeouts etc
+timeouts etc/timeoutd
Only in /usr/src/timeoutd-1.5/debian: timeoutd.postinst.debhelper
Only in /usr/src/timeoutd-1.5/debian: timeoutd.postrm.debhelper
Only in /usr/src/timeoutd-1.5/debian: timeoutd.prerm.debhelper
Only in /usr/src/timeoutd-1.5/debian: timeoutd.substvars
Only in /usr/src/timeoutd-1.5: .gdbinit
Only in /usr/src/timeoutd-1.5: timeoutd
diff -ur ./timeoutd.8 /usr/src/timeoutd-1.5/timeoutd.8
--- ./timeoutd.8 2006-02-23 11:40:37.000000000 +0000
+++ /usr/src/timeoutd-1.5/timeoutd.8 2006-02-25 12:23:18.000000000 +0000
@@ -6,9 +6,9 @@
.SH DESCRIPTION
.B timeoutd
enforces the time restrictions specified in
-.IR /etc/timeouts .
+.IR /etc/timeoutd/timeouts .
When invoked in daemon mode (without any parameters) timeoutd backgrounds
-itself, then scans \fB/var/run/utmp\fR every minute and checks
\fB/etc/timeouts\fR
+itself, then scans \fB/var/run/utmp\fR every minute and checks
\fB/etc/timeoutd/timeouts\fR
for an entry which matches that user, based on:
.IP "\- The current day and time"
.IP "\- The tty that the user is currently logged in on"
@@ -28,7 +28,7 @@
.B timeoutd
will send a warning to the user
every minute for 5 minutes (or other time specified in
-.IR /etc/timeouts )
+.IR /etc/timeoutd/timeouts )
before logging them out. Warnings are not sent for exceeded idle limits,
as this would count as activity on the terminal.
.PP
@@ -62,7 +62,7 @@
.IP "20 User not permitted to login at this time on this tty
.IP "30 Internal error checking user name (probably invalid user name)
.SH FILES
-.IP "/etc/timeouts \- lists valid login times and idle/session time
restrictions
+.IP "/etc/timeoutd/timeouts \- lists valid login times and idle/session time
restrictions
.IP "/var/run/utmp \- current login sessions
.IP "/var/log/wtmp \- for calculating total logged in time for current day
.SH BUGS
@@ -75,5 +75,5 @@
.SH "SEE ALSO"
.BR timeouts "(5)
.SH "WRITTEN BY"
-Orginally written by Shane Alderton <[EMAIL PROTECTED]>, updated by
+Originally written by Shane Alderton <[EMAIL PROTECTED]>, updated by
Dennis Stampfer <[EMAIL PROTECTED]>.
diff -ur ./timeoutd.c /usr/src/timeoutd-1.5/timeoutd.c
--- ./timeoutd.c 2006-02-23 11:40:37.000000000 +0000
+++ /usr/src/timeoutd-1.5/timeoutd.c 2006-03-03 09:57:52.000000000 +0000
@@ -109,7 +109,7 @@
#endif
#ifndef CONFIG
-#define CONFIG "/etc/timeouts"
+#define CONFIG "/etc/timeoutd/timeouts"
#endif
#define MAXLINES 512
@@ -120,11 +120,13 @@
#define SESSMAX 3
#define DAYMAX 4
#define NOLOGIN 5
-/*#define XSESSION 6*/
+#define LOCKOUT 6
+/*#define XSESSION 7*/
#define IDLEMSG 0
#define SESSMSG 1
#define DAYMSG 2
-#define NOLOGINMSG 3
+#define LOCKOUTMSG 3
+#define NOLOGINMSG 4
#define KWAIT 5 /* Time to wait after sending a kill signal */
@@ -148,8 +150,8 @@
void logoff_msg();
void killit();
int getdisc();
-int chk_xsession(); /* seppy: is it a X-Session? */
-void killit_xsession(); /* seppy: kill the X-Session*/
+void get_day_time(char*);
+int get_rest_time(char*,int);
int chk_ssh(pid_t pid); /* seppy: check if user is logged in via ssh
(we have to
handle that different... ;( */
char *getusr(pid_t pid); /*seppy: get the owner of a running process */
@@ -159,6 +161,8 @@
#ifdef TIMEOUTDX11
Time get_xidle(); /* seppy: how long is user idle? (user,display)*/
+int chk_xsession(); /* seppy: is it a X-Session? */
+void killit_xsession(); /* seppy: kill the X-Session*/
#endif
@@ -186,7 +190,8 @@
int sessmax;
int daymax;
int warntime;
- char *messages[10];
+ int lockout;
+ char *messages[NOLOGINMSG + 1];
};
struct config_ent *config[MAXLINES + 1];
@@ -331,6 +336,15 @@
*/
logoff_msg(1);
exit(20);
+ case LOCKOUT:
+ openlog("timeoutd", OPENLOG_FLAGS, LOG_DAEMON);
+ syslog(LOG_NOTICE,
+ "User %s has not had a long enough rest to login on %s
at this time. Login check failed.",
+ argv[1], argv[2]);
+ closelog();
+ logoff_msg(1);
+ exit(20);
+
case ACTIVE:
#ifdef DEBUG
openlog("timeoutd", OPENLOG_FLAGS, LOG_DAEMON);
@@ -625,9 +639,11 @@
config[i]->sessmax = -1;
config[i]->daymax = -1;
config[i]->warntime = 5;
+ config[i]->lockout = -1;
config[i]->messages[IDLEMSG] = NULL;
config[i]->messages[SESSMSG] = NULL;
config[i]->messages[DAYMSG] = NULL;
+ config[i]->messages[LOCKOUTMSG] = NULL;
config[i]->messages[NOLOGINMSG] = NULL;
if ((tok = strsep(&lstart, ":")) != NULL)
store_times(&config[i]->times, tok);
if ((tok = strsep(&lstart, ":")) != NULL) alloc_cp(&config[i]->ttys,
tok);
@@ -663,6 +679,11 @@
{
config[i]->warntime = atoi(tok);
}
+ if ((tok = strsep(&lstart, ":")) != NULL)
+ {
+ config[i]->lockout = atoi(tok);
+ if ((p = strchr(tok, ';')) != NULL)
alloc_cp(&config[i]->messages[LOCKOUTMSG], p+1);
+ }
}
if (!config[i]->times || !config[i]->ttys ||
!config[i]->users || !config[i]->groups)
@@ -691,7 +712,7 @@
printf("%d(%d-%d):", config[i]->times[j].days,
config[i]->times[j].starttime,
config[i]->times[j].endtime),j++;
- printf("%s:%s:%s:%s:%d;%s:%d;%s:%d;%s:%d\n",
+ printf("%s:%s:%s:%s:%d;%s:%d;%s:%d;%s:%d:%d;%s\n",
config[i]->ttys,
config[i]->users,
config[i]->groups,
@@ -702,7 +723,9 @@
config[i]->messages[SESSMSG] ==
NULL?"builtin":config[i]->messages[SESSMSG],
config[i]->daymax,
config[i]->messages[DAYMSG] ==
NULL?"builtin":config[i]->messages[DAYMSG],
- config[i]->warntime
+ config[i]->warntime,
+ config[i]->lockout,
+ config[i]->messages[LOCKOUTMSG] ==
NULL?"builtin":config[i]->messages[LOCKOUTMSG]
),i++;
}
printf("End debug output.\n");
@@ -839,6 +862,66 @@
return;
}
+/* Return the number of minutes since user has logged out of a session of
length min
+ * on any of the ttys specified in config[configline] during the current day.
+ */
+
+int get_rest_time(user,min)
+char *user;
+int min;
+{
+ struct ut_list *login_p = NULL;
+ struct ut_list *logout_p = NULL;
+ struct ut_list *prev_p = NULL;
+ struct ut_list *test_login_p, *test_logout_p;
+
+ test_login_p = wtmplist;
+ while (test_login_p)
+ {
+ /* Find most recent login on a matching tty */
+ if (
+#ifndef SUNOS
+ test_login_p->elem.ut_type == USER_PROCESS &&
+#endif
+ !strncmp(test_login_p->elem.ut_user, user, 8) &&
+ chkmatch(test_login_p->elem.ut_line, config[configline]->ttys) &&
+ (login_p == NULL || test_login_p->elem.ut_time >=
login_p->elem.ut_time))
+ {
+ prev_p = test_login_p;
+ test_logout_p=test_login_p->next;
+ /* Search from next to find the matching logout */
+ while (test_logout_p)
+ {
+ /* Ignore sessions that are less than the given length.*/
+ if ( (test_logout_p->elem.ut_time -
test_login_p->elem.ut_time)/60 < min)
+ break;
+#ifndef SUNOS
+ if (test_logout_p->elem.ut_type == BOOT_TIME)
+ {
+ logout_p = prev_p;
+ break;
+ }
+#endif
+ if (/*test_logout_p->elem.ut_type == DEAD_PROCESS &&*/
+ !strcmp(test_login_p->elem.ut_line,
test_logout_p->elem.ut_line)) /* match */
+ {
+ login_p = test_login_p;
+ logout_p = test_logout_p;
+ break;
+ } else { /* no match */
+ prev_p = test_logout_p;
+ test_logout_p = test_logout_p->next;
+ }
+ }
+ }
+ test_login_p = test_login_p->next;
+ }
+ if (logout_p)
+ return (time_now - logout_p->elem.ut_time)/60;
+ else
+ return -1;
+}
+
void warnpending(tty, time_remaining, user, host)
char *tty;
int time_remaining;
@@ -847,7 +930,9 @@
{
int fd;
FILE *ttyf;
+#ifdef TIMEOUTDX11
char cmdbuf[1024];
+#endif
#ifdef DEBUG
openlog("timeoutd", OPENLOG_FLAGS, LOG_DAEMON);
@@ -855,7 +940,7 @@
user, host, tty, time_remaining);
closelog();
#endif
-
+#ifdef TIMEOUTDX11
if(chk_xsession(tty, host)) {
openlog("timeoutd", OPENLOG_FLAGS, LOG_DAEMON);
syslog(SYSLOG_DEBUG, "Warning %s running X on %s for pending logout!
(%d min%s left)", user, tty, time_remaining, time_remaining==1?"":"s");
@@ -863,17 +948,17 @@
/* then send the message using xmessage */
/* well, this is not really clean: */
- sprintf(cmdbuf, "su %s -c \"xmessage -display %s -center 'WARNING: You
will be logged out in %d minute%s when your %s limit expires.'&\"", user, tty,
time_remaining, time_remaining==1?"":"s", limit_names[limit_type]);
- system(cmdbuf);
- /*#ifdef DEBUG*/
- openlog("timeoutd", OPENLOG_FLAGS, LOG_DAEMON);
- syslog(LOG_DEBUG, "cmdbuf=%s", cmdbuf);
- closelog();
- /*#endif*/
+ sprintf(cmdbuf, "su %s -c \"xmessage -default okay -display %s -center
'WARNING: You will be logged out in %d minute%s when your %s limit
expires.'&\"", user, tty, time_remaining, time_remaining==1?"":"s",
limit_names[limit_type]);
+ system(cmdbuf);
+#ifdef DEBUG
+ openlog("timeoutd", OPENLOG_FLAGS, LOG_DAEMON);
+ syslog(LOG_DEBUG, "cmdbuf=%s", cmdbuf);
+ closelog();
+#endif
sleep(KWAIT); /* and give the user some time to read the message ;) */
return;
}
-
+#endif
if ((fd = open(tty, O_WRONLY|O_NOCTTY|O_NONBLOCK)) < 0 ||
(ttyf = fdopen(fd, "w")) == NULL)
{
@@ -985,6 +1070,18 @@
if (config[configline]->daymax > 0 && daytime >=
config[configline]->daymax)
return DAYMAX;
+ limit_type = LOCKOUTMSG;
+ if (config[configline]->lockout > 0 && config[configline]->sessmax >
0)
+ {
+ /* Treat sessions that logout during the warntime period as full
length.
+ * This might be a bit tough, but it picks up people who logout
just before the
+ * session expires in the hope they can login immediately
+ */
+ int rested = get_rest_time(user,config[configline]->sessmax -
config[configline]->warntime);
+ if (rested > -1 && rested < config[configline]->lockout)
+ return LOCKOUT;
+ }
+
/* If none of those have been exceeded, then warn users of upcoming logouts */
limit_type = DAYMSG;
if (config[configline]->daymax > 0 && daytime >=
config[configline]->daymax - config[configline]->warntime)
@@ -1047,8 +1144,11 @@
host[sizeof(host) - 1] = '\0';
strncpy(dev, utmpp->ut_line, sizeof(dev) - 1); /* get device name */
dev[sizeof(dev) - 1] = '\0';
- if (stat(dev, pstat) && !chk_xsession(dev, host) ==
TIMEOUTD_XSESSION_LOCAL) /* if can't get status for
- port && if it's not a local Xsession*/
+ if (stat(dev, pstat) /* if can't get status for port */
+#ifdef TIMEOUTDX11
+ && !chk_xsession(dev, host) == TIMEOUTD_XSESSION_LOCAL /* && if it's
not a local Xsession */
+#endif
+ )
{
sprintf(errmsg, "Can't get status of user %s's terminal (%s)\n",
user, dev);
@@ -1115,6 +1215,16 @@
closelog();
killit(utmpp->ut_pid, user, dev, host);
break;
+ case LOCKOUT:
+ openlog("timeoutd", OPENLOG_FLAGS, LOG_DAEMON);
+ #ifdef DEBUG
+ syslog(LOG_NOTICE, "User [EMAIL PROTECTED] logged in during
LOCKOUT period. (pid %d)", user, host, utmpp->ut_pid);
+ #else
+ syslog(LOG_NOTICE, "User %s logged in from %s during LOCKOUT
period.", user, host);
+ #endif
+ closelog();
+ killit(utmpp->ut_pid, user, dev, host);
+ break;
default:
openlog("timeoutd", OPENLOG_FLAGS, LOG_DAEMON);
syslog(LOG_ERR, "Internal error - unexpected return from
chk_timeout");
@@ -1158,22 +1268,31 @@
int cnt;
if (config[configline]->messages[limit_type])
+ {
msgfile = fopen(config[configline]->messages[limit_type], "r");
-
- if (msgfile)
- {
- while ((cnt = read(tty, msgbuf, 1024)) > 0)
- write(tty, msgbuf, cnt);
- fclose(msgfile);
- }
- else
- {
- if (limit_type == NOLOGINMSG)
- sprintf(msgbuf, "\r\n\r\nLogins not allowed at this time. Please
try again later.\r\n");
- else
- sprintf(msgbuf, "\r\n\r\nYou have exceeded your %s time limit.
Logging you off now.\r\n\r\n", limit_names[limit_type]);
- write(tty, msgbuf, strlen(msgbuf));
+ if (msgfile)
+ {
+ while ((cnt = read(fileno(msgfile), msgbuf, sizeof(msgbuf))) > 0)
+ write(tty, msgbuf, cnt);
+ fclose(msgfile);
+ return;
+ } else {
+ snprintf(msgbuf, sizeof(msgbuf), "\r\n%s\r\n",
config[configline]->messages[limit_type]);
+ }
+ } else {
+ switch (limit_type)
+ {
+ case NOLOGINMSG:
+ sprintf(msgbuf, "\r\n\r\nLogins not allowed at this time. Please
try again later.\r\n");
+ break;
+ case LOCKOUTMSG:
+ sprintf(msgbuf, "\r\n\r\nYou have logged in during your lockout
time. Logging you off now.\r\n\r\n");
+ break;
+ default:
+ sprintf(msgbuf, "\r\n\r\nYou have exceeded your %s time limit.
Logging you off now.\r\n\r\n", limit_names[limit_type]);
+ }
}
+ write(tty, msgbuf, strlen(msgbuf));
}
/* terminate process using SIGHUP, then SIGKILL */
@@ -1188,11 +1307,12 @@
#ifdef SUNOS
struct passwd *pw;
#endif
-
+#ifdef TIMEOUTDX11
if(chk_xsession(dev, host) && !chk_xterm(dev, host)) {
killit_xsession(utmpp->ut_pid, user, dev);
return;
}
+#endif
/* Tell user which limit they have exceeded and that they will be logged off */
if ((tty = open(dev, O_WRONLY|O_NOCTTY|O_NONBLOCK)) < 0)
{
@@ -1293,6 +1413,7 @@
if (config[i]->messages[IDLEMSG])
free(config[i]->messages[IDLEMSG]);
if (config[i]->messages[DAYMSG]) free(config[i]->messages[DAYMSG]);
if (config[i]->messages[SESSMSG])
free(config[i]->messages[SESSMSG]);
+ if (config[i]->messages[LOCKOUTMSG])
free(config[i]->messages[LOCKOUTMSG]);
if (config[i]->messages[NOLOGINMSG])
free(config[i]->messages[NOLOGINMSG]);
free(config[i]);
i++;
@@ -1319,7 +1440,11 @@
int disc;
#ifdef linux
- if(chk_xsession(d, host) || chk_xterm(d, host))
+ if(
+#ifdef TIMEOUTDX11
+ chk_xsession(d, host) ||
+#endif
+ chk_xterm(d, host))
return N_TTY;
if ((fd = open(d, O_RDONLY|O_NONBLOCK|O_NOCTTY)) < 0)
@@ -1353,6 +1478,7 @@
#endif
}
+#ifdef TIMEOUTDX11
int chk_xsession(dev, host) /* returns TIMEOUTD_XSESSION_{REMOTE,LOCAL,NONE}
when dev and host seem to be a xSession. */
char *dev,*host;
{
@@ -1401,6 +1527,7 @@
return TIMEOUTD_XSESSION_NONE;
}
}
+#endif
/* We have to handle Xterms(pts/?) and Xsessions (:0) different:
- Check Xsession for idle, but not a XTERM
@@ -1423,29 +1550,48 @@
return 0;
} /* chk_xterm(dev,host) */
-
+#ifdef TIMEOUTDX11
void killit_xsession(pid, user, dev) /* returns 1 when dev and host seem to be
a xSession. */
int pid;
char *dev, *user;
{
+ FILE *msgfile = NULL;
char msgbuf[1024], cmdbuf[1024];
/* first, get the message into msgbuf */
- if (limit_type == NOLOGINMSG) {
- sprintf(msgbuf, "Logins not allowed at this time. Please try again
later.");
- } else {
- sprintf(msgbuf, "You have exceeded your %s time limit. Logging you
off now.", limit_names[limit_type]);
- }
-
- /* then send the message using xmessage */
- /* well, this is not really clean: */
- sprintf(cmdbuf, "su %s -c \"xmessage -display %s -center '%s'&\"", user,
dev, msgbuf);
- system(cmdbuf);
- #ifdef DEBUG
- openlog("timeoutd", OPENLOG_FLAGS, LOG_DAEMON);
- syslog(LOG_DEBUG, "cmdbuf=%s", cmdbuf);
- closelog();
- #endif
- sleep(KWAIT); /* and give the user some time to read the message ;) */
+ if (config[configline]->messages[limit_type])
+ {
+ msgfile = fopen(config[configline]->messages[limit_type], "r");
+ if (msgfile)
+ {
+ fclose(msgfile);
+ snprintf(msgbuf, sizeof(msgbuf), "-file '%s'",
config[configline]->messages[limit_type]);
+ }
+ else
+ snprintf(msgbuf, sizeof(msgbuf), "'%s'",
config[configline]->messages[limit_type]);
+ }
+ else {
+ switch (limit_type)
+ {
+ case NOLOGINMSG:
+ sprintf(msgbuf, "'Logins not allowed at this time. Please try again
later.'");
+ break;
+ case LOCKOUTMSG:
+ sprintf(msgbuf, "'You have logged in during your lockout time.
Logging you off now.'");
+ break;
+ default:
+ sprintf(msgbuf, "'You have exceeded your %s time limit. Logging you
off now.'", limit_names[limit_type]);
+ }
+ }
+ /* then send the message using xmessage */
+ /* well, this is not really clean: */
+ snprintf(cmdbuf, sizeof(cmdbuf), "su %s -c \"xmessage -default okay
-display %s -center %s&\"", user, dev, msgbuf);
+ system(cmdbuf);
+ #ifdef DEBUG
+ openlog("timeoutd", OPENLOG_FLAGS, LOG_DAEMON);
+ syslog(LOG_DEBUG, "cmdbuf=%s", cmdbuf);
+ closelog();
+ #endif
+ sleep(KWAIT); /* and give the user some time to read the message ;) */
#ifndef DEBUG
@@ -1468,7 +1614,7 @@
closelog();
#endif
}
-
+#endif
int chk_ssh(pid)/* seppy; returns true if pid is sshd, otherwise it returns
false */
@@ -1532,7 +1678,7 @@
#ifdef DEBUG
openlog("timeoutd", OPENLOG_FLAGS, LOG_DAEMON);
- syslog(LOG_DEBUG, "su-ing to %s(%d) and connecting to X", user,
pwEntry->pw_uid);
+ syslog(LOG_DEBUG, "Changing to user %s(%d) and connecting to X", user,
pwEntry->pw_uid);
closelog();
#endif
@@ -1613,3 +1759,47 @@
return 0; /* no child found */
} /* getchild(ppid) */
+
+#ifdef TESTING
+int system_user(user, cmd)
+char *user;
+char *cmd;
+{
+ uid_t oldeuid;
+ char homedir[50];
+ char oldhomedir[50];
+ struct passwd *pwEntry;
+ int retval;
+
+ /* save to restore */
+ oldeuid=getuid();
+ sprintf(oldhomedir, "HOME=%s", getenv("HOME"));
+ /*become user*/
+ pwEntry = getpwnam(user);
+ if(!pwEntry) {
+ openlog("timeoutd", OPENLOG_FLAGS, LOG_DAEMON);
+ syslog(LOG_ERR, "Could not get passwd-entry for user %s", user);
+ closelog();
+ }
+ if(seteuid(pwEntry->pw_uid) == -1) {
+ openlog("timeoutd", OPENLOG_FLAGS, LOG_DAEMON);
+ syslog(LOG_ERR, "Could not seteuid(%d).", pwEntry->pw_uid);
+ closelog();
+ }
+ sprintf(homedir, "HOME=%s", pwEntry->pw_dir);
+ putenv(homedir);
+
+ retval = system(cmd);
+
+ putenv(oldhomedir);
+ setuid(oldeuid);
+
+#ifdef DEBUG
+ openlog("timeoutd", OPENLOG_FLAGS, LOG_DAEMON);
+ syslog(LOG_DEBUG, "cmd=%s", cmd);
+ closelog();
+#endif
+
+ return retval;
+}
+#endif
Only in /usr/src/timeoutd-1.5: timeoutd.o
diff -ur ./timeouts /usr/src/timeoutd-1.5/timeouts
--- ./timeouts 2006-02-23 11:40:37.000000000 +0000
+++ /usr/src/timeoutd-1.5/timeouts 2006-02-26 14:03:50.000000000 +0000
@@ -1,19 +1,19 @@
-# /etc/timeouts: user login/idle/session time limits. See timeouts(5).
+# /etc/timeoutd/timeouts: user login/idle/session time limits. See
timeouts(5).
#
-# Format: TIMES:TTYS:USERS:GROUPS:MAXIDLE:MAXSESS:MAXDAY:WARN
-# or: TIMES:TTYS:USERS:GROUPS:LOGINSTATUS
+# Format:
TIMES:TTYS:USERS:GROUPS:MAXIDLE[;MESSAGE]:MAXSESS[;MESSAGE]:MAXDAY[;MESSAGE]:WARN:LOCKOUT[;MESSAGE]
+# or: TIMES:TTYS:USERS:GROUPS:LOGINSTATUS[;MESSAGE]
#
# Some examples:
#
-# dopey is not allowed to login
-#Al:*:dopey:*:NOLOGIN
+# dopey is not allowed to login. Custom message read from a file
+#Al:*:dopey:*:NOLOGIN;/etc/timeoutd/messages/nologin
#
# cas gets unlimited use
#Al:*:cas:*:0:0:0:0
#
-# fred is allowed 20 minutes idle, 240 mins per session, and 480 mins per day
+# fred is allowed 20 minutes idle, 240 mins per session, and 480 mins per day
and must rest for 20 minutes after a full session
# on ttyS3
-#Al:ttyS3:fred:*:20:240:480:10
+#Al:ttyS3:fred:*:20:240:480:10:20
#
# everyone else is allowed only 120min/session, 240/day
#Al:ttyS3:*:*:20:120:240:5
diff -ur ./timeouts.5 /usr/src/timeoutd-1.5/timeouts.5
--- ./timeouts.5 2006-02-23 11:40:37.000000000 +0000
+++ /usr/src/timeoutd-1.5/timeouts.5 2006-02-26 14:03:05.000000000 +0000
@@ -12,11 +12,11 @@
the first non blank character is a hash (#) will be ignored. All other
lines should be of the format:
.PP
-TIMES:TTYS:USERS:GROUPS:MAXIDLE:MAXSESS:MAXDAY:WARN
+TIMES:TTYS:USERS:GROUPS:MAXIDLE[;MESSAGE]:MAXSESS[;MESSAGE]:MAXDAY[;MESSAGE]:WARN:LOCKOUT[;MESSAGE]
.PP
OR
.PP
-TIMES:TTYS:USERS:GROUPS:LOGINSTATUS
+TIMES:TTYS:USERS:GROUPS:LOGINSTATUS[;MESSAGE]
.PP
\fBTIMES\fR is a comma separated list of times for which the entry is valid.
The entry will be ignored completely outside these times.
@@ -32,7 +32,7 @@
\fBTTYS\fR is a comma separated list of ttys (without the leading /dev/)
for which the entry is valid. A trailing asterisk (*) will result in
any tty which matches up to the asterisk being accepted. An asterisk
-by itself matches all tttys.
+by itself matches all ttys.
.PP
\fBUSERS\fR is a comma separated list of users, with pattern matching
as for TTYS.
@@ -56,6 +56,9 @@
measured in minutes with a default value of 5. The user will receive
a warning every minute for WARN minutes before being logged off.
.PP
+\fBLOCKOUT\fR is the number of minutes that must elapse after a
+(MAXSESS - WARN) length session before a user can login again.
+.PP
\fBLOGINSTATUS\fR is one of either LOGIN or NOLOGIN and is used to
limit the times during which certain people or groups of people can
use specific terminals.
@@ -68,11 +71,21 @@
on in the given day, timeoutd will consider logged in time on all
ttys covered by the TTYS field for the matching entry.
.PP
+.SH MESSAGES
+The MAXIDLE, MAXSESSION, MAXDAY, LOCKOUT and NOLOGIN fields can
+optionally be follwed by semicolon and a string which provides a
+custom message to be used in the event of that limit being
+exceeded. The string can be either the message itself or a fully
+qualified path to a file containing the text required.
+.BR
+If these are not specified, built-in defaults are used.
+.PP
.SH EXAMPLES
-.IP Al:*:*:*:10
-Would match all all users in any group regardless of which tty they are
-logged in on and allow an idle time of 10 minutes, with no daily or
-session time limits.
+.IP Al:*:*:*:10;/etc/timeoutd/messages/idle
+Would match all all users in any group regardless of which tty they
+are logged in on and allow an idle time of 10 minutes, with no daily
+or session time limits. A custom message would be used from the file
+specified to inform the user what is happening.
.IP SaSu:ttyS*:*:subs:5:90:180:3
Would match all users in group subs logged on to any dialin line (assuming
all serial lines are dialins) over the weekend and allow them 5 minutes
@@ -89,7 +102,7 @@
Would match all dialled in users (if all ttyS lines were modems) and
prevent them logging in before 7am or after 8pm on weekdays.
.SH FILES
-/etc/timeouts
+/etc/timeoutd/timeouts
.SH BUGS
See timeoutd(8)
.SH "SEE ALSO"
--- /dev/null 2005-08-30 22:06:24.000000000 +0100
+++ /usr/src/timeoutd-1.5/debian/timeoutd.preinst 2006-03-03
10:42:21.000000000 +0000
@@ -0,0 +1,11 @@
+#!/bin/sh
+set -e
+
+# If upgrading from < 1.5-10 copy existing configfile from /etc to
/etc/timeoutd
+if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt-nl "1.5-10"; then
+ if [ -e /etc/timeouts -a ! -e /etc/timeoutd/timeouts ]; then
+ mkdir -p /etc/timeoutd/timeouts
+ cp /etc/timeouts /etc/timeoutd
+echo "$THIS_PACKAGE $THIS_SCRIPT: Copying existing configfile /etc/timeouts to
/etc/timeoutd/timeouts"
+ fi
+fi
timeoutd.preinst
Description: application/shellscript
