nologin: add new command

Currently it's maintained as distro specific (or people use impolite
/bin/false way).

Signed-off-by: Karel Zak <kzak@redhat.com>

7 files changed, 150 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index aedce561d..91b625f44 100644
--- a/.gitignore
+++ b/.gitignore
@@ -130,6 +130,7 @@ tests/run.sh.trs
 /mountpoint
 /namei
 /newgrp
+/nologin
 /nsenter
 /partx
 /pg
diff --git a/Documentation/releases/v2.24-ReleaseNotes b/Documentation/releases/v2.24-ReleaseNotes
index 1cd6eec9c..ca5b7bc85 100644
--- a/Documentation/releases/v2.24-ReleaseNotes
+++ b/Documentation/releases/v2.24-ReleaseNotes
@@ -61,6 +61,10 @@ wipefs(8):
   - supports new command line option --backup to backup erased data to
     $HOME/wipefs-<devname>-<offset>.bak
 
+nologin(8):
+  - this command has been merged into util-linux, the command politely
+    refuse a login.
+
 
 Stable maintenance releases between v2.23 and v2.24
 ---------------------------------------------------
diff --git a/configure.ac b/configure.ac
index 553228af2..098692c9f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1211,6 +1211,14 @@ AS_IF([test "x$enable_login_stat_mail" = xyes], [
 ])
 
 
+AC_ARG_ENABLE([nologin],
+  AS_HELP_STRING([--disable-nologin], [do not build nologin]),
+  [], [enable_nologin=yes]
+)
+UL_BUILD_INIT([nologin])
+AM_CONDITIONAL([BUILD_NOLOGIN], [test "x$build_nologin" = xyes])
+
+
 AC_ARG_ENABLE([sulogin],
   AS_HELP_STRING([--disable-sulogin], [do not build sulogin]),
   [], [enable_sulogin=yes]
diff --git a/include/pathnames.h b/include/pathnames.h
index e25234c45..dce98d2a4 100644
--- a/include/pathnames.h
+++ b/include/pathnames.h
@@ -31,6 +31,8 @@
 #define	_PATH_HUSHLOGIN		".hushlogin"
 #define	_PATH_HUSHLOGINS	"/etc/hushlogins"
 
+#define _PATH_NOLOGIN_TXT	"/etc/nologin.txt"
+
 #ifndef _PATH_MAILDIR
 #define	_PATH_MAILDIR		"/var/spool/mail"
 #endif
diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am
index c5e8c07ae..aca028a29 100644
--- a/login-utils/Makemodule.am
+++ b/login-utils/Makemodule.am
@@ -60,6 +60,13 @@ endif
 endif # BUILD_LOGIN
 
 
+if BUILD_NOLOGIN
+sbin_PROGRAMS += nologin
+dist_man_MANS += login-utils/nologin.8
+nologin_SOURCES = login-utils/nologin.c
+endif
+
+
 if BUILD_UTMPDUMP
 usrbin_exec_PROGRAMS += utmpdump
 dist_man_MANS += login-utils/utmpdump.1
diff --git a/login-utils/nologin.8 b/login-utils/nologin.8
new file mode 100644
index 000000000..b4e10704e
--- /dev/null
+++ b/login-utils/nologin.8
@@ -0,0 +1,53 @@
+.\" -*- nroff -*-
+.TH NOLOGIN 8 "September 2013" "util-linux" "System Administration"
+.SH NAME
+nologin \- politely refuse a login
+.SH SYNOPSIS
+.B nologin
+.RB [ \-V ]
+.RB [ \-h ]
+.SH DESCRIPTION
+.B nologin
+displays a message that an account is not available and exits non-zero.  It is
+intended as a replacement shell field to deny login access to account.
+.PP
+If the file /etc/nologin.txt exists, nologin displays its contents to the 
+user instead of the default message.
+.PP
+The exit code returned by
+.B nologin
+is always 1.
+.PP
+.SH OPTIONS
+.IP "\fB\-h, \-\-help\fP"
+Print help and exit.
+.IP "\fB-V, \-\-version"
+Print version and exit.
+.SH NOTES
+.B nologin
+is per-account way to disable login (usually used for system accounts like http or ftp).
+.BR nologin (8)
+uses /etc/nologin.txt as optional source for non-default message, the login
+access is always refused independently on the file.
+.PP
+.BR pam_nologin (8)
+PAM module usually prevents all non-root users from logging into the system.
+.BR pam_nologin (8)
+functionality is controled by /var/run/nologin or /etc/nologin file. 
+.SH AUTHORS
+.UR kzak@redhat.com
+Karel Zak
+.UE
+.SH SEE ALSO
+.BR login (1),
+.BR passwd (5),
+.BR pam_nologin (8)
+.SH HISTORY
+The
+.B nologin
+command appeared in 4.4BSD.
+.SH AVAILABILITY
+The nologin command is part of the util-linux package and is available from
+.UR ftp://\:ftp.kernel.org\:/pub\:/linux\:/utils\:/util-linux/
+Linux Kernel Archive
+.UE .
diff --git a/login-utils/nologin.c b/login-utils/nologin.c
new file mode 100644
index 000000000..a4fb82db6
--- /dev/null
+++ b/login-utils/nologin.c
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2013 Karel Zak <kzak@redhat.com>
+ */
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <string.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <getopt.h>
+
+#include "c.h"
+#include "nls.h"
+#include "pathnames.h"
+
+/*
+ * Always return EXIT_FAILURE (1), don't try to be smart!
+ */
+
+static void __attribute__((__noreturn__)) usage(FILE *out)
+{
+	fputs(USAGE_HEADER, out);
+
+	fprintf(out,
+		_(" %s [options]\n"), program_invocation_short_name);
+
+	fputs(USAGE_OPTIONS, out);
+	fputs(USAGE_HELP, out);
+	fputs(USAGE_VERSION, out);
+
+	fprintf(out, USAGE_MAN_TAIL("nologin(8)"));
+	exit(EXIT_FAILURE);
+}
+
+int main(int argc, char *argv[])
+{
+	int c, fd;
+	static const struct option longopts[] = {
+		{ "help",    0, 0, 'h' },
+		{ "version", 0, 0, 'V' },
+		{ NULL, 0, 0, 0 }
+	};
+
+	setlocale(LC_ALL, "");
+	bindtextdomain(PACKAGE, LOCALEDIR);
+	textdomain(PACKAGE);
+
+	while ((c = getopt_long(argc, argv, "hV", longopts, NULL)) != -1) {
+		switch (c) {
+		case 'h':
+			usage(stdout);
+			break;
+		case 'V':
+			printf(UTIL_LINUX_VERSION);
+			return EXIT_FAILURE;
+		default:
+			usage(stderr);
+			break;
+		}
+	}
+
+	fd = open(_PATH_NOLOGIN_TXT, O_RDONLY);
+	if (fd >= 0) {
+		char buf[BUFSIZ];
+		ssize_t rd;
+
+		while ((rd = read(fd, buf, sizeof(buf))) > 0)
+			ignore_result( write(STDOUT_FILENO, buf, rd) );
+		close(fd);
+	} else
+		fprintf(stdout, _("This account is currently not available.\n"));
+
+	return EXIT_FAILURE;
+}