Imported Upstream version 1.5

2009-01-04 23:11:58 -07:00 · 2009-01-04 23:11:58 -07:00 · 6236f92ec8
commit 6236f92ec8
8 changed files with 1467 additions and 0 deletions
--- a/8
+++ b/8
@ -0,0 +1,8 @@
+CFLAGS=-fomit-frame-pointer -m486 -O2 -s
+timeoutd:	timeoutd.c Makefile
+	$(CC) $(CFLAGS) -o timeoutd timeoutd.c
+
+install:
+	install -o root -g system -m 2111 timeoutd /usr/etc/timeoutd
+	install -o man -g info -m 444 timeoutd.8 /usr/man/man8
+	install -o man -g info -m 444 timeouts.5 /usr/man/man5
--- a/44
+++ b/44
@ -0,0 +1,44 @@
+TIMEOUTD 1.4 by Shane Alderton
+
+Timeoutd is a programme which allows you to control the following
+characteristics on a user by user and/or group by group basis for
+each tty on your system:
+
+- maximum idle time
+- maximum time per session
+- maximum time per day
+- times when people can/can't login on specific ttys
+
+To build timeoutd, you should make any changes to the makefile for
+your preferred compilation options, then simply:
+
+make
+
+The next step is to install a timeouts file in /usr/etc specifying
+the parameters for each line/user/group combination.  You can use
+the sample file provided in the distribution as a starting point
+after reading the timeoutd.8 and timeouts.5 man pages.
+
+Once you have installed the timeouts file in /usr/etc, you can type:
+
+make install
+
+to install the timeoutd binaries and man pages.
+
+Then it is just a matter of running /usr/etc/timeoutd.  You may want
+to add a line to your /etc/rc or /etc/rc.local (or whatever) to run
+timeoutd at boot time.
+
+If you wish, you can also modify your login programme to have timeoutd
+run at login time to check whether each user is allowed to login or not.
+Otherwise, users who are not allowed to login will be logged off within
+1 minute of logging in.
+
+Another (albeit less certain) way of doing this is to put the following
+line in /etc/profile near the top of the file:
+
+/usr/etc/timeoutd `whoami` `basename \`tty\`` || exit
+
+
+Please sends bugs, comments, suggestions to:
+shane@ion.apana.org.au (Shane Alderton)
--- a/1
+++ b/1
@ -0,0 +1 @@
+1.5
--- a/dump_wtmp.c
+++ b/dump_wtmp.c
@ -0,0 +1,68 @@
+#include    <stdio.h>
+#include    <utmp.h>
+#include    <time.h>
+
+main()
+{
+    FILE	*fp;
+    struct utmp	ut;
+    struct tm	*tm;
+    char	user[9];
+    char	host[17];
+    char	line[13];
+
+    if ((fp = fopen(UTMP_FILE, "r")) == NULL)
+    {
+      printf("Could not open wtmp file!");
+      exit(1);
+    }
+
+    /* Go to end of file minus one structure */
+    fseek(fp, -1L * sizeof(struct utmp), SEEK_END);
+
+    while (fread(&ut, sizeof(struct utmp), 1, fp) == 1)
+    {
+      tm = localtime(&ut.ut_time);
+
+/*
+      if (tm->tm_year != now.tm_year || tm->tm_yday != now.tm_yday)
+        break;
+*/
+
+      printf("%02d:%02d type=", tm->tm_hour,tm->tm_min);
+      switch (ut.ut_type)
+      {
+#ifndef SUNOS
+     case RUN_LVL: printf("RUN_LVL");
+     break;
+     case BOOT_TIME: printf("BOOT_TIME");
+     break;
+     case NEW_TIME: printf("NEW_TIME");
+     break;
+     case OLD_TIME: printf("OLD_TIME");
+     break;
+     case INIT_PROCESS: printf("INIT_PROCESS");
+     break;
+     case LOGIN_PROCESS: printf("LOGIN_PROCESS");
+     break;
+     case USER_PROCESS: printf("USER_PROCESS");
+     break;
+     case DEAD_PROCESS: printf("DEAD_PROCESS");
+     break;
+#endif
+     default: printf("UNKNOWN!(type=%d)", ut.ut_type);
+     }
+     strncpy(user, ut.ut_user, 8);
+     user[8] = 0;
+     strncpy(host, ut.ut_host, 16);
+     host[16] = 0;
+     strncpy(line, ut.ut_line, 12);
+     line[12] = 0;
+     printf(" line=%s host=%s user=%s\n", line, host, user);
+
+
+      /* Position the file pointer 2 structures back */
+      if (fseek(fp, -2 * sizeof(struct utmp), SEEK_CUR) < 0) break;
+    }
+    fclose(fp);
+}
--- a/timeoutd.8
+++ b/timeoutd.8
@ -0,0 +1,64 @@
+.TH TIMEOUTD 8
+.SH NAME
+timeoutd \- Enforce idle and session time restrictions
+.SH SYNOPSIS
+.B /usr/etc/timeoutd [ user tty ]
+.SH DESCRIPTION
+.I timeoutd enforces the time restrictions specified in /usr/etc/timeouts.
+When invoked in daemon mode (without any parameters) timeoutd backgrounds
+itself, then scans \fB/etc/utmp\fR every minute and checks /usr/etc/timeouts
+for an entry which matches that user, based on:
+.IP "\- The current day and time"
+.IP "\- The tty that the user is currently logged in on"
+.IP "\- The user's login ID"
+.IP "\- Any primary or secondary groups the user is in"
+.PP
+If a match is found, the limits specified for that entry are enforced by
+sending a SIGHUP (Hangup signal) to the user's login process, followed
+after 5 seconds by a SIGKILL (Sure kill signal) to ensure the user is
+logged out.
+.PP
+Where possible, timeoutd will send a warning to the user
+every minute for 5 minutes (or other time specified in /usr/etc/timeouts)
+before logging them out.  Warnings are not sent for exceeded idle limits,
+as this would count as activity on the terminal.
+.PP
+Timeoutd currently allows limits to be set on idle time as well as amount
+of time logged in per session and per day.
+.PP
+When calculating idle time, any activity on the terminal, either incoming
+(such as typing) or outgoing (such as information displayed on the screen)
+is counted as activity.  This is to prevent logoffs during file transfers.
+.PP
+Under Linux, timeoutd detects when a serial line is in SLIP mode and disables
+idle time limit checking (as the last read/write times for the tty are
+not updated).
+.PP
+Debug information, error messages and notification of users who have been
+timed out are all recorded via syslog (facility=DAEMON).
+.PP
+Timeoutd can also be invoked by login to check whether a user is allowed
+to login at that time, or whether they have exceeded their daily time limit.
+When invoked in this way, by passing a username and tty (without the leading
+/dev) on the command line, timeoutd returns one of the following exit codes:
+.IP "0 User is allowed to login
+.IP "1 Fatal error
+.IP "5 Incorrect command line format
+.IP "10 User has exceeded maximum daily connect time
+.IP "20 User not permitted to login at this time on this tty
+.IP "30 Internal error checking user name (probably invalid user name)
+.SH FILES
+.IP "/usr/etc/timeouts \- lists valid login times and idle/session time restrictions
+.IP "/etc/utmp \- current login sessions
+.IP "/usr/adm/wtmp \- for calculating total logged in time for current day
+.SH BUGS
+Sessions which end in the current day but started before midnight
+will not be considered when calculating total daily logged in time for a
+user on that day.  This will not, however, affect checking of the
+session limit, which should limit such problems.  It does
+mean that a user could conceivably exceed their maximum daily time
+by one extra session if they log on just before midnight.
+.SH "SEE ALSO"
+.BR timeouts "(5)
+.SH "WRITTEN BY"
+Shane Alderton <shane@ion.apana.org.au>
--- a/timeoutd.c
+++ b/timeoutd.c
--- a/1
+++ b/1
@ -0,0 +1 @@
+Al:*:shane:*:NOLOGIN
--- a/timeouts.5
+++ b/timeouts.5
@ -0,0 +1,98 @@
+.TH TIMEOUTS 5
+.SH NAME
+timeouts \- user login/idle/session time limits
+.SH DESCRIPTION
+The timeouts file is used by timeoutd (8) to impose limits on what times
+particular users or groups of users can login on particular
+terminals, how long a user can be idle (no activity on the terminal),
+how long a user can be logged in for in a single session and how much
+time a user can spend on a set of terminals each day.
+.PP
+The timeouts file is a plain ASCII file.  Blank lines, or lines where
+the first non blank character is a hash (#) will be ignored.  All other
+lines should be of the format:
+.PP
+TIMES:TTYS:USERS:GROUPS:MAXIDLE:MAXSESS:MAXDAY:WARN
+.PP
+OR
+.PP
+TIMES:TTYS:USERS:GROUPS:LOGINSTATUS
+.PP
+\fBTIMES\fR is a comma separated list of times for which the entry is valid.
+The entry will be ignored completely outside these times.
+The format for each element of the times field is: DD[DD...][SSSS-EEEE]
+Where:
+.IP
+DD is one of Su Mo Tu We Th Fr Sa Wk Al
+.br
+(Al = SuMoTuWeThFrSa  Wk = MoTuWeThFr)
+.IP
+SSSS and EEEE are start and end times in 24 hour notation.
+.PP
+\fBTTYS\fR is a comma separated list of ttys (without the leading /dev/)
+for which the entry is valid.  A trailing asterisk (*) will result in
+any tty which matches up to the asterisk being accepted.  An asterisk
+by itself matches all tttys.
+.PP
+\fBUSERS\fR is a comma separated list of users, with pattern matching
+as for TTYS.
+.PP
+\fBGROUPS\fR is a comma separated list of groups, with pattern matching
+as for TTYS.
+.PP
+\fBMAXIDLE\fR is the number of minutes which a user may remain idle
+without being logged off.  Idle time is defined as time during which
+no activity (no output to the tty or input from the tty) is detected.
+This is not checked under Linux if the tty is in SLIP mode.
+.PP
+\fBMAXSESS\fR is the maximum number of minutes that a user
+can be logged in for in a single session if they match that entry.
+.PP
+\fBMAXDAY\fR is the maximum number of minutes per day that a user
+can be logged in for if they match that entry.
+.PP
+\fBWARN\fR provides a facility for notifying a user that they are
+about to be logged off due to exceeding MAXSESS or MAXDAY.  WARN is
+measured in minutes with a default value of 5.  The user will receive
+a warning every minute for WARN minutes before being logged off.
+.PP
+\fBLOGINSTATUS\fR is one of either LOGIN or NOLOGIN and is used to
+limit the times during which certain people or groups of people can
+use specific terminals.
+.PP
+When searching through the timeouts file, timeoutd will use the first
+entry for which the TIMES:TTYS:USERS:GROUPS fields all match the
+user who is being checked.
+.PP
+When calculating the number of minutes for which a user has been logged
+on in the given day, timeoutd will consider logged in time on all
+ttys covered by the TTYS field for the matching entry.
+.PP
+.SH EXAMPLES
+.IP Al:*:*:*:10
+Would match all all users in any group regardless of which tty they are
+logged in on and allow an idle time of 10 minutes, with no daily or
+session time limits.
+.IP SaSu:ttyS*:*:subs:5:90:180:3
+Would match all users in group subs logged on to any dialin line (assuming
+all serial lines are dialins) over the weekend and allow them 5 minutes
+idle time, 90 minutes per session and 180 minutes per day, with a 3
+minute warning period before logoff will occur.
+.IP Wk:ttyS2,ttyS4:*:subs,other:10::60:5
+Would match all users in groups subs or other logged on to ttyS2 or ttyS4
+on a weekday
+and allow them 10 minutes idle time, no session limit and a 60 minute
+daily limit with a 5 minute warning period.  Note that this provides
+for 60 minutes per day across both ttyS2 and ttyS4, NOT 60 minutes on ttyS2
+and 60 minutes on ttyS4.
+.IP Wk2000-0700:ttyS*:*:*:NOLOGIN
+Would match all dialled in users (if all ttyS lines were modems) and
+prevent them logging in before 7am or after 8pm on weekdays.
+.SH FILES
+/usr/etc/timeouts
+.SH BUGS
+See timeoutd(8)
+.SH "SEE ALSO"
+.BR timeoutd "(8)
+.SH "WRITTEN BY"
+Shane Alderton <shane@ion.apana.org.au>