Re: Keyboard-Locking

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Eric W. Biederman: "Re: arca-vm-8 [Re: [patch] arca-vm-6, killed kswapd [Re: [patch] new-vm , improvement , [Re: 2.2.0 B"
• Previous message: Robert Kiesling: "Re: "System is too big. Try using bzImage or modules.""

Caveats:
1. Anyone sitting at an unlocked console can lock it with the password
of their choice.
2. Sitting right before sysrq, gpm can still paste. The easy fix is kill
gpm beforehand, or clear the screen and gpm buffer.
3. On the x86 platform anyway, alt still gets "stuck" on a sysrq so
afterwards you will have to switch vts and back to fix it.

The newest version, (actually I don't think there will be any newer
versions, ) can be found at (http|ftp)://lilo.ddns.org/pub/kernel/

I still enjoy feedback so feel free to email me with [dis]likes etc.

It(attached) applies cleanly to 2.2.0-pre4. Enjoy, and gutes gl\"uck :)

- Chris
-----------------------------------------------------------------------------
Chris Atenasio <chrisa@ultranet.com> - Friends don't let friends use Windows.
Send me mail subject "send pgp key" or "word of the day" for auto-response.

<apply virtual scissors here>

diff -ur linux-2.2.0-pre4/Documentation/Configure.help linux/Documentation/Configure.help
--- linux-2.2.0-pre4/Documentation/Configure.help Wed Jan 6 00:51:53 1999
+++ linux/Documentation/Configure.help Wed Jan 6 22:35:57 1999
@@ -9274,6 +9274,17 @@
keys are documented in Documentation/sysrq.txt. Don't say Y unless
you really know what this hack does.

+Console locking
+CONFIG_LOCK_CONSOLE
+ This is a SysRq addon which allows password protection of the console.
+ Having been conceived when SysRq made vlock obsolete, it intervenes
+ directly before SysRq keys and therefore keeps untrusted persons from
+ gaining control of the console.
+
+Maximum password length
+CONFIG_LOCK_CONSOLE_PLEN
+ The maximum allowable length of a console locking password.
+
ISDN subsystem
CONFIG_ISDN
ISDN ("Integrated Services Digital Networks", called RNIS in France)
diff -ur linux-2.2.0-pre4/Documentation/sysrq.txt linux/Documentation/sysrq.txt
--- linux-2.2.0-pre4/Documentation/sysrq.txt Wed Jan 6 00:49:41 1999
+++ linux/Documentation/sysrq.txt Wed Jan 6 22:35:57 1999
@@ -35,6 +35,10 @@

'o' - Will shut your system off via APM (if configured and supported).

+'c' - Will lock and password protect the console.
+
+'n' - Allow the user to pick a new locking password.
+
's' - Will attempt to sync all mounted filesystems.

'u' - Will attempt to remount all mounted filesystems read-only.
diff -ur linux-2.2.0-pre4/arch/i386/config.in linux/arch/i386/config.in
--- linux-2.2.0-pre4/arch/i386/config.in Wed Jan 6 00:51:53 1999
+++ linux/arch/i386/config.in Wed Jan 6 22:39:13 1999
@@ -186,5 +186,11 @@

#bool 'Debug kmalloc/kfree' CONFIG_DEBUG_MALLOC
bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ
+if [ "$CONFIG_MAGIC_SYSRQ" = "y" ]; then
+ bool ' Console locking' CONFIG_LOCK_CONSOLE
+ if [ "$CONFIG_LOCK_CONSOLE" = "y" ]; then
+ int ' Maximum password length' CONFIG_LOCK_CONSOLE_PLEN 64
+ fi
+fi
endmenu

diff -ur linux-2.2.0-pre4/drivers/char/keyboard.c linux/drivers/char/keyboard.c
--- linux-2.2.0-pre4/drivers/char/keyboard.c Wed Jan 6 00:50:34 1999
+++ linux/drivers/char/keyboard.c Wed Jan 6 22:35:57 1999
@@ -20,6 +20,7 @@
* parts by Geert Uytterhoeven, May 1997
*
* 27-05-97: Added support for the Magic SysRq Key (Martin Mares)
+ * 04-08-98: Console locking by Chris Atenasio (chrisa@ultranet.com)
* 30-07-98: Dead keys redone, aeb@cwi.nl.
*/

@@ -190,6 +191,8 @@
return kbd_getkeycode(scancode);
}

+extern int console_locked;
+
void handle_scancode(unsigned char scancode)
{
unsigned char keycode;
@@ -240,6 +243,16 @@
rep = test_and_set_bit(keycode, key_down);

#ifdef CONFIG_MAGIC_SYSRQ /* Handle the SysRq Hack */
+
+#ifdef CONFIG_LOCK_CONSOLE
+ if (console_locked) {
+ if (!up_flag) {
+ sysrq_check_password(keycode);
+ }
+ sysrq_pressed = 0;
+ return;
+ }
+#endif
if (keycode == SYSRQ_KEY) {
sysrq_pressed = !up_flag;
return;
diff -ur linux-2.2.0-pre4/drivers/char/sysrq.c linux/drivers/char/sysrq.c
--- linux-2.2.0-pre4/drivers/char/sysrq.c Wed Jan 6 00:50:16 1999
+++ linux/drivers/char/sysrq.c Wed Jan 6 22:41:51 1999
@@ -6,6 +6,8 @@
*
* (c) 1997 Martin Mares <mj@atrey.karlin.mff.cuni.cz>
* based on ideas by Pavel Machek <pavel@atrey.karlin.mff.cuni.cz>
+ *
+ * 04-08-98: Console locking by Chris Atenasio (chrisa@ultranet.com)
*/

#include <linux/config.h>
@@ -33,6 +35,13 @@
extern int console_loglevel;
extern struct vfsmount *vfsmntlist;

+#ifdef CONFIG_LOCK_CONSOLE
+int console_locked;
+char console_password[CONFIG_LOCK_CONSOLE_PLEN];
+int console_password_length = 0;
+#endif
+
+
/* Send a signal to all user processes */

static void send_sig_all(int sig, int even_init)
@@ -88,6 +97,21 @@
apm_power_off();
break;
#endif
+#ifdef CONFIG_LOCK_CONSOLE
+ case 'c': /* C -- lock console */
+ printk("Lock Console\n");
+ if (console_password_length == 0) {
+ sysrq_check_password(0);
+ } else {
+ console_locked = 3;
+ }
+ break;
+ case 'n': /* N -- new password */
+ printk("New Password\n");
+ console_locked = 0;
+ sysrq_check_password(0);
+ break;
+#endif
case 's': /* S -- emergency sync */
printk("Emergency Sync\n");
emergency_sync_scheduled = EMERG_SYNC;
@@ -141,6 +165,9 @@
#ifdef CONFIG_APM
"Off "
#endif
+#ifdef CONFIG_LOCK_CONSOLE
+ "lockConsole Newpassword "
+#endif
"Sync Unmount showPc showTasks showMem loglevel0-8 tErm kIll killalL\n");
/* Don't use 'A' as it's handled specially on the Sparc */
}
@@ -254,3 +281,81 @@
unlock_kernel();
printk(KERN_INFO "Done.\n");
}
+
+#ifdef CONFIG_LOCK_CONSOLE
+void sysrq_check_password(unsigned char keycode)
+{
+ static unsigned char buf[CONFIG_LOCK_CONSOLE_PLEN];
+ static int buflen;
+ int orig_loglevel = console_loglevel;
+ console_loglevel = 7;
+
+ switch(console_locked) {
+ case 0:
+ buflen = 0;
+ printk(KERN_INFO "Enter password:\n");
+ console_locked = 1;
+ return;
+ case 1:
+ if (keycode == 28) {
+ strncpy(console_password, buf, buflen);
+ console_password_length = buflen;
+ buflen = 0;
+ console_locked = 2;
+ printk(KERN_INFO "Re-enter password:\n");
+ break;
+ }
+ buflen++;
+ if (buflen > CONFIG_LOCK_CONSOLE_PLEN) {
+ printk(KERN_INFO "Password too long.\n");
+ console_locked = 0;
+ sysrq_check_password(0);
+ break;
+ }
+ buf[buflen-1] = keycode;
+ break;
+ case 2:
+ if (keycode == 28) {
+ if(buflen == console_password_length &&
+ strncmp(console_password, buf, buflen)) {
+ printk(KERN_INFO "Passwords don't match.\n");
+ console_locked = 0;
+ sysrq_check_password(0);
+ break;
+ }
+ console_locked = 3;
+ buflen=0;
+ printk(KERN_INFO "Console locked.\n");
+ break;
+ }
+ buflen++;
+ if (buflen > CONFIG_LOCK_CONSOLE_PLEN) {
+ printk(KERN_INFO "Password too long.\n");
+ console_locked = 0;
+ sysrq_check_password(0);
+ break;
+ }
+ buf[buflen-1] = keycode;
+ break;
+ case 3:
+ if (keycode == 28) {
+ if(buflen == console_password_length &&
+ !strncmp(console_password, buf, buflen)) {
+ printk(KERN_INFO "Console unlocked.\n");
+ console_locked = 0;
+ }
+ buflen = 0;
+ break;
+ }
+ buflen++;
+ if (buflen > CONFIG_LOCK_CONSOLE_PLEN) {
+ buflen = 0;
+ break;
+ }
+ buf[buflen-1] = keycode;
+ break;
+
+ }
+ console_loglevel = orig_loglevel;
+}
+#endif
diff -ur linux-2.2.0-pre4/include/linux/sysrq.h linux/include/linux/sysrq.h
--- linux-2.2.0-pre4/include/linux/sysrq.h Wed Jan 6 00:53:53 1999
+++ linux/include/linux/sysrq.h Wed Jan 6 22:35:57 1999
@@ -20,6 +20,8 @@

void handle_sysrq(int, struct pt_regs *, struct kbd_struct *, struct tty_struct *);

+void sysrq_check_password(unsigned char keycode);
+
/* Deferred actions */

extern int emergency_sync_scheduled;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Eric W. Biederman: "Re: arca-vm-8 [Re: [patch] arca-vm-6, killed kswapd [Re: [patch] new-vm , improvement , [Re: 2.2.0 B"
• Previous message: Robert Kiesling: "Re: "System is too big. Try using bzImage or modules.""