[ViewVC] Annotation of: cvs/libptytty/README

NAME
    libptytty - OS independent and secure pty/tty and utmp/wtmp/lastlog
    handling

SYNOPSIS
       cc ... -lptytty

       #include <libptytty.h>

       // C++
       ptytty *pty = ptytty::create ();

       if (!pty->get ())
         // error allocating pty

       if (we want utmp)
         pty->login (process_pid, 0, "remote.host");
       else if (we want utmp AND wtmp/lastlog)
         pty->login (process_pid, 1, "remote.host");

       // we are done with it
       delete pty;

       // C
       PTYTTY pty = ptytty_create ();

       if (!ptytty_get (pty))
         // error allocating pty

       if (we want utmp)
         ptytty_login (pty, process_pid, 0, "remote.host");
       else if (we want utmp AND wtmp/lastlog)
         ptytty_login (pty, process_pid, 1, "remote.host");

       // we are done with it
       ptytty_delete (pty);

DESCRIPTION
    Libptytty is a small library that offers pseudo-tty management in an
    OS-independent way. It was created out of frustration over the many
    differences of pty/tty handling in different operating systems for the
    use inside "rxvt-unicode".

    In addition to offering mere pty/tty management, it also offers session
    database support (utmp and optional wtmp/lastlog updates for login
    shells).

    It also supports fork'ing after startup and dropping privileges in the
    calling process, so in case the calling process gets compromised by the
    user starting the program there is less to gain, as only the helper
    process runs with privileges (e.g. setuid/setgid), which reduces the
    area of attack immensely.

    Libptytty is written in C++, but it also offers a C-only API.

SECURITY CONSIDERATIONS
    *It is of paramount importance that you at least read the following
    paragraph!*

    If you are a typical terminal-like program that just wants one or more
    ptys, you should call the "ptytty::init ()" method (C: "ptytty_init ()"
    function) as the very first thing in your program:

       int main (int argc, char *argv[])
       {
          // do nothing here
          ptytty::init ();
          // in C: ptytty_init ();

          // initialise, parse arguments, etc.
       }

    This checks wether the program runs setuid or setgid. If yes then it
    will fork a helper process and drop privileges.

    Some programs need finer control over if and when this helper process is
    started, and if and how to drop privileges. For those programs, the
    methods "ptytty::use_helper" and "ptytty::drop_privileges" are more
    useful.

C++ INTERFACE: THE ptytty CLASS
  STATIC METHODS
    ptytty::init ()
        The default way to initialise libptytty. Must be called imemdiately
        as the first thing in the "main" function, or earlier e.g. during
        static construction time. The earlier, the better.

        This method checks wether the program runs with setuid/setgid
        permissions and, if yes, spawns a helper process for pty/tty
        management. IT then drops the privileges completely, so the actual
        program runs without setuid/setgid privileges.

    ptytty::use_helper ()
        Tries to start a helper process that retains privileges even when
        the calling process does not. This is usually called from
        "ptytty::init" when it detects that the program is running setuid or
        setgid, but can be called manually if it is inconvinient to drop
        privileges at startup, or when you are not running setuid/setgid but
        want to drop privileges (e.g. when running as a root-started
        daemon).

        This method will try not to start more than one helper process. The
        same helper process cna usually be used form the process starting it
        an all its fork'ed (not exec'ed) children

    ptytty::drop_privileges ()
        Drops privileges completely, i.e. sets real, effective and saved
        user id to the real user id. Also aborts if this cnanot be achieved.
        Useful to make sure that the process doesn't run with special
        privileges.

    bool success = ptytty::send_fd (int socket, int fd)
        Utility method to send a file descriptor over a unix domain socket.
        Returns true if successful, false otherwise. This method is only
        exposed for your convinience and is not required for normal
        operation.

    int fd = ptytty::recv_fd (int socket)
        Utility method to receive a file descriptor over a unix domain
        socket. Returns the fd if sucecssful and -1 otherwise. This method
        is only exposed for your convinience and is not required for normal
        operation.

    ptytty *pty = ptytty::create ()
        Creates new ptytty object. Creation does not yet do anything besides
        allocating the structure.

        A static method is used because the actual ptytty implementation can
        differ at runtime, so you need a dynamic object creation facility.

  DYNAMIC/SESSION-RELATED DATA MEMBERS AND METHODS
    int pty_fd = pty->pty
    int tty_fd = pty->tty
        These members contain the pty and tty file descriptors,
        respectively. They initially contain -1 until a successful to
        "ptytty::get".

    bool success = pty->get ()
        Tries to find, allocate and initialise a new pty/tty pair. Returns
        "true" when successful.

    pty->login (int cmd_pid, bool login_shell, const char *hostname)
        Creates an entry in the systems session database(s) (utmp, wtmp,
        lastlog). "cmd_pid" must be the pid of the process representing the
        session (such as the login shell), "login_shell" defines wether the
        session is associated with a login, which influences wether wtmp and
        lastlog entries are created, and "hostname" should identify the
        "hostname" the user logs in from, which often is the value of the
        "DISPLAY" variable or tty line in case of local logins.

        Calling this method is optional. A session starts at the time of the
        login call and extends until the ptytty object is destroyed.

    pty->close_tty ()
        Closes the tty. Useful after forking in the parent/pty process.

    bool success = pty->make_controlling_tty ()
        Tries to make the pty/tty pair the controlling terminal of the
        current process. Useful after forking in the child/tty process.

    pty->set_utf8_mode (bool on)
        On systems supporting special UTF-8 line disciplines (e.g. Linux),
        tries to enable it for the given pty. Can be called at any time to
        change the mode.

C INTERFACE: THE ptytty FAMILY OF FUNCTIONS
    ptytty_init ()
        See "ptytty::init ()".

    PTYTTY ptytty_create ()
        Creates a new opaque PTYTTY object and returns it. Do not try to
        access it in any way excecp by testing it for truthness (e.g. "if
        (pty) ...."). See "ptytty::create ()".

    int ptytty_pty (PTYTTY ptytty)
        Return the pty file descriptor. See "pty->pty".

    int ptytty_tty (PTYTTY ptytty)
        Return the tty file descriptor. See "pty->tty".

    void ptytty_delete (PTYTTY ptytty)
        Destroys the PTYTTY object, freeing the pty/tty pair and cleaning up
        the utmp/wtmp/lastlog databases, if initialised/used. Same as
        "delete pty" in C++.

    int ptytty_get (PTYTTY ptytty)
        See "pty->get", returns 0 in case of an error, non-zero otherwise.

    void ptytty_login (PTYTTY ptytty, int cmd_pid, bool login_shell, const
    char *hostname)
        See "pty->login".

    void ptytty_close_tty (PTYTTY ptytty)
        See "pty->close_tty".

    int ptytty_make_controlling_tty (PTYTTY ptytty)
        See "pty->make_controlling_tty".

    void ptytty_set_utf8_mode (PTYTTY ptytty, int on)
        See "pty->set_utf8_mode".

    void ptytty_drop_privileges ()
        See "ptytty::drop_privileges".

    void ptytty_use_helper ()
        See "ptytty::use_helper".

BUGS
    You kiddin'?

AUTHORS
    Emanuele Giaquinta <e.giaquinta@glauco.it>, Marc Alexander Lehmann
    <rxvt-unicode@schmorp.de>.

Revision:	1.4
Committed:	Mon Jan 23 12:37:09 2006 UTC (18 years, 4 months ago) by root
Branch:	MAIN
CVS Tags:	rel-0_1, rel-0_2
Changes since 1.3:	+47 -2 lines
Log Message:	* empty log message *
#	User	Rev	Content
1	root	1.1	NAME
2	root	1.2	libptytty - OS independent and secure pty/tty and utmp/wtmp/lastlog
3	root	1.1	handling
4
5			SYNOPSIS
6	root	1.4	cc ... -lptytty
7
8			#include <libptytty.h>
9
10			// C++
11			ptytty *pty = ptytty::create ();
12
13			if (!pty->get ())
14			// error allocating pty
15
16			if (we want utmp)
17			pty->login (process_pid, 0, "remote.host");
18			else if (we want utmp AND wtmp/lastlog)
19			pty->login (process_pid, 1, "remote.host");
20
21			// we are done with it
22			delete pty;
23
24			// C
25			PTYTTY pty = ptytty_create ();
26
27			if (!ptytty_get (pty))
28			// error allocating pty
29
30			if (we want utmp)
31			ptytty_login (pty, process_pid, 0, "remote.host");
32			else if (we want utmp AND wtmp/lastlog)
33			ptytty_login (pty, process_pid, 1, "remote.host");
34
35			// we are done with it
36			ptytty_delete (pty);
37	root	1.1
38			DESCRIPTION
39	root	1.4	Libptytty is a small library that offers pseudo-tty management in an
40			OS-independent way. It was created out of frustration over the many
41			differences of pty/tty handling in different operating systems for the
42			use inside "rxvt-unicode".
43
44			In addition to offering mere pty/tty management, it also offers session
45			database support (utmp and optional wtmp/lastlog updates for login
46			shells).
47
48			It also supports fork'ing after startup and dropping privileges in the
49			calling process, so in case the calling process gets compromised by the
50			user starting the program there is less to gain, as only the helper
51			process runs with privileges (e.g. setuid/setgid), which reduces the
52			area of attack immensely.
53
54			Libptytty is written in C++, but it also offers a C-only API.
55	root	1.3
56			SECURITY CONSIDERATIONS
57			*It is of paramount importance that you at least read the following
58			paragraph!*
59
60			If you are a typical terminal-like program that just wants one or more
61			ptys, you should call the "ptytty::init ()" method (C: "ptytty_init ()"
62			function) as the very first thing in your program:
63
64			int main (int argc, char *argv[])
65			{
66			// do nothing here
67			ptytty::init ();
68			// in C: ptytty_init ();
69
70			// initialise, parse arguments, etc.
71			}
72
73			This checks wether the program runs setuid or setgid. If yes then it
74			will fork a helper process and drop privileges.
75
76			Some programs need finer control over if and when this helper process is
77			started, and if and how to drop privileges. For those programs, the
78			methods "ptytty::use_helper" and "ptytty::drop_privileges" are more
79			useful.
80
81			C++ INTERFACE: THE ptytty CLASS
82			STATIC METHODS
83			ptytty::init ()
84			The default way to initialise libptytty. Must be called imemdiately
85			as the first thing in the "main" function, or earlier e.g. during
86			static construction time. The earlier, the better.
87
88			This method checks wether the program runs with setuid/setgid
89			permissions and, if yes, spawns a helper process for pty/tty
90			management. IT then drops the privileges completely, so the actual
91			program runs without setuid/setgid privileges.
92
93			ptytty::use_helper ()
94			Tries to start a helper process that retains privileges even when
95			the calling process does not. This is usually called from
96			"ptytty::init" when it detects that the program is running setuid or
97			setgid, but can be called manually if it is inconvinient to drop
98			privileges at startup, or when you are not running setuid/setgid but
99			want to drop privileges (e.g. when running as a root-started
100			daemon).
101
102			This method will try not to start more than one helper process. The
103			same helper process cna usually be used form the process starting it
104			an all its fork'ed (not exec'ed) children
105
106			ptytty::drop_privileges ()
107			Drops privileges completely, i.e. sets real, effective and saved
108			user id to the real user id. Also aborts if this cnanot be achieved.
109			Useful to make sure that the process doesn't run with special
110			privileges.
111
112			bool success = ptytty::send_fd (int socket, int fd)
113			Utility method to send a file descriptor over a unix domain socket.
114			Returns true if successful, false otherwise. This method is only
115			exposed for your convinience and is not required for normal
116			operation.
117
118			int fd = ptytty::recv_fd (int socket)
119			Utility method to receive a file descriptor over a unix domain
120			socket. Returns the fd if sucecssful and -1 otherwise. This method
121			is only exposed for your convinience and is not required for normal
122			operation.
123
124			ptytty *pty = ptytty::create ()
125			Creates new ptytty object. Creation does not yet do anything besides
126			allocating the structure.
127
128			A static method is used because the actual ptytty implementation can
129			differ at runtime, so you need a dynamic object creation facility.
130
131			DYNAMIC/SESSION-RELATED DATA MEMBERS AND METHODS
132			int pty_fd = pty->pty
133			int tty_fd = pty->tty
134			These members contain the pty and tty file descriptors,
135			respectively. They initially contain -1 until a successful to
136			"ptytty::get".
137
138			bool success = pty->get ()
139			Tries to find, allocate and initialise a new pty/tty pair. Returns
140			"true" when successful.
141
142			pty->login (int cmd_pid, bool login_shell, const char *hostname)
143			Creates an entry in the systems session database(s) (utmp, wtmp,
144			lastlog). "cmd_pid" must be the pid of the process representing the
145			session (such as the login shell), "login_shell" defines wether the
146			session is associated with a login, which influences wether wtmp and
147			lastlog entries are created, and "hostname" should identify the
148			"hostname" the user logs in from, which often is the value of the
149			"DISPLAY" variable or tty line in case of local logins.
150
151			Calling this method is optional. A session starts at the time of the
152			login call and extends until the ptytty object is destroyed.
153
154			pty->close_tty ()
155			Closes the tty. Useful after forking in the parent/pty process.
156
157			bool success = pty->make_controlling_tty ()
158			Tries to make the pty/tty pair the controlling terminal of the
159			current process. Useful after forking in the child/tty process.
160
161			pty->set_utf8_mode (bool on)
162			On systems supporting special UTF-8 line disciplines (e.g. Linux),
163			tries to enable it for the given pty. Can be called at any time to
164			change the mode.
165
166			C INTERFACE: THE ptytty FAMILY OF FUNCTIONS
167			ptytty_init ()
168			See "ptytty::init ()".
169
170			PTYTTY ptytty_create ()
171			Creates a new opaque PTYTTY object and returns it. Do not try to
172			access it in any way excecp by testing it for truthness (e.g. "if
173			(pty) ...."). See "ptytty::create ()".
174
175			int ptytty_pty (PTYTTY ptytty)
176			Return the pty file descriptor. See "pty->pty".
177
178			int ptytty_tty (PTYTTY ptytty)
179			Return the tty file descriptor. See "pty->tty".
180
181			void ptytty_delete (PTYTTY ptytty)
182			Destroys the PTYTTY object, freeing the pty/tty pair and cleaning up
183			the utmp/wtmp/lastlog databases, if initialised/used. Same as
184			"delete pty" in C++.
185
186			int ptytty_get (PTYTTY ptytty)
187			See "pty->get", returns 0 in case of an error, non-zero otherwise.
188
189			void ptytty_login (PTYTTY ptytty, int cmd_pid, bool login_shell, const
190			char *hostname)
191			See "pty->login".
192
193			void ptytty_close_tty (PTYTTY ptytty)
194			See "pty->close_tty".
195
196			int ptytty_make_controlling_tty (PTYTTY ptytty)
197			See "pty->make_controlling_tty".
198
199			void ptytty_set_utf8_mode (PTYTTY ptytty, int on)
200			See "pty->set_utf8_mode".
201
202			void ptytty_drop_privileges ()
203			See "ptytty::drop_privileges".
204
205			void ptytty_use_helper ()
206			See "ptytty::use_helper".
207	root	1.1
208			BUGS
209			You kiddin'?
210
211			AUTHORS
212			Emanuele Giaquinta <e.giaquinta@glauco.it>, Marc Alexander Lehmann
213			<rxvt-unicode@schmorp.de>.
214