/* /usr/local/sbin/no_shell
   friendly restricted shell for my mail server with optional password change
   version v3.1 
*/

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <syslog.h>

int main(void) {
    const char *username = getenv("USER");
    if (!username || !*username)
        username = "(unknown)";

    fputs("No-no-no, no shell for you\n", stdout);
    fputs("For shell access contact lain@lainmail.xyz\n\n", stdout);
    printf("Would you like to change your password, %s? [y/N]: ", username);
    fflush(stdout);

    char choice = 0;
    scanf(" %c", &choice);

    openlog("no_shell", LOG_PID | LOG_NDELAY, LOG_AUTHPRIV);
    syslog(LOG_NOTICE, "login attempt for %s", username);
    closelog();

    if (choice == 'y' || choice == 'Y') {
        printf("\nStarting password change for %s...\n\n", username);
        fflush(stdout);
        setenv("PATH", "/usr/bin:/bin", 1);
        unsetenv("IFS");
        unsetenv("LD_PRELOAD");
        unsetenv("LD_LIBRARY_PATH");
        unsetenv("LD_AUDIT");
        unsetenv("LD_DEBUG");
        unsetenv("LD_ORIGIN_PATH");
        unsetenv("LD_PROFILE");
        unsetenv("LD_USE_LOAD_BIAS");
        unsetenv("DYLD_INSERT_LIBRARIES");
        unsetenv("DYLD_LIBRARY_PATH");
        execl("/usr/bin/passwd", "passwd", username, (char *)NULL);
        perror("execl");
        exit(1);
    }

    printf("\nOkay, goodbye!\n");
    fflush(stdout);
    return 2;
}