mclosson · November 11, 2015 23:03
diff --git a/timeout.c b/timeout.c
 /*
 *  timeout - application to check a list of users against the current time
 *  and return a message on whether each user is authorized to login to the
 *  system during this time on a FreeBSD system.
 *
 *  These time frames are configured in the /etc/login.conf or the user's
 *  ~/login.conf files for their class of user.  The login application will
 *  check these allowed or denied time lists and prevent the user from logging
 *  in during unauthorized times however users whom are already logged in will
 *  be able to remain logged in regardless of the time.
 *
 *  This program may be used to identify users who are currently logged in and
 *  should not be due to time restrictions so you may send them a message or
 *  boot them off the system.
 *
 *  Here we add a class of users who can login weekdays from 8:00am-5:30pm
 *  % sudo vim /etc/login.conf
 *
 *  authpf_users:\
 *      :accounted:\
 *      :times.allow=MoTuWeThFr0800-1730:\
 *      :tc=default:
 *
 *  Next add a user to the login class
 *  % sudo pw usermod test1 -L authpf_users
 *
 *  Example: list the allowed statuses based on time for all logged in users
 *
 *  % date
 *  Wed Nov 11 01:51:54 UTC 2015
 *  % users | xargs timeout
 *  freebsd: ok
 *  root: ok
 *  test1: unauthorized
 *
 *  Example: find users who are logged in outside of their allowed times and
 *  terminate their sessions.
 *
 *  % users | xargs timeout | grep unauthorized | cut -d ":" -f1 | \
 *    xargs -n1 killall -u
 *
 *  How to build:
 *  % cc -o timeout timeout.c -lutil
 *
 *  Basic usage:
 *  % users | xargs timeout
 */

 #include <sys/types.h>

 #include <libutil.h>
 #include <login_cap.h>
 #include <pwd.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>

 int main(int argc, char *argv[])
 {
  char *message;
  int i, ok;
  login_cap_t *login_class;
  struct passwd *pwd;

  for (i = 1; i < argc; i++) {
    pwd = getpwnam(argv[i]);

    if (pwd) {
      login_class = login_getpwclass(pwd);
      ok = auth_timeok(login_class, time(NULL));
      message = ok ? "ok" : "unauthorized";
    } else {
      message = "user not found";
    }

    printf("%s: %s\n", argv[i], message);
  }

  exit(EXIT_SUCCESS);
 }
	/*
	* timeout - application to check a list of users against the current time
	* and return a message on whether each user is authorized to login to the
	* system during this time on a FreeBSD system.
	*
	* These time frames are configured in the /etc/login.conf or the user's
	* ~/login.conf files for their class of user. The login application will
	* check these allowed or denied time lists and prevent the user from logging
	* in during unauthorized times however users whom are already logged in will
	* be able to remain logged in regardless of the time.
	*
	* This program may be used to identify users who are currently logged in and
	* should not be due to time restrictions so you may send them a message or
	* boot them off the system.
	*
	* Here we add a class of users who can login weekdays from 8:00am-5:30pm
	* % sudo vim /etc/login.conf
	*
	* authpf_users:\
	* :accounted:\
	* :times.allow=MoTuWeThFr0800-1730:\
	* :tc=default:
	*
	* Next add a user to the login class
	* % sudo pw usermod test1 -L authpf_users
	*
	* Example: list the allowed statuses based on time for all logged in users
	*
	* % date
	* Wed Nov 11 01:51:54 UTC 2015
	* % users \| xargs timeout
	* freebsd: ok
	* root: ok
	* test1: unauthorized
	*
	* Example: find users who are logged in outside of their allowed times and
	* terminate their sessions.
	*
	* % users \| xargs timeout \| grep unauthorized \| cut -d ":" -f1 \| \
	* xargs -n1 killall -u
	*
	* How to build:
	* % cc -o timeout timeout.c -lutil
	*
	* Basic usage:
	* % users \| xargs timeout
	*/

	#include <sys/types.h>

	#include <libutil.h>
	#include <login_cap.h>
	#include <pwd.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <time.h>

	int main(int argc, char *argv[])
	{
	char *message;
	int i, ok;
	login_cap_t *login_class;
	struct passwd *pwd;

	for (i = 1; i < argc; i++) {
	pwd = getpwnam(argv[i]);

	if (pwd) {
	login_class = login_getpwclass(pwd);
	ok = auth_timeok(login_class, time(NULL));
	message = ok ? "ok" : "unauthorized";
	} else {
	message = "user not found";
	}

	printf("%s: %s\n", argv[i], message);
	}

	exit(EXIT_SUCCESS);
	}