[ViewVC] Annotation of: cvs/libptytty/README

NAME
    libptytty - OS independent and secure pty/tty and utmp/wtmp/lastlog
    handling

SYNOPSIS
       cc ... -lptytty

       #include <libptytty.h>

       // C++
       ptytty *pty = ptytty::create ();

       if (!pty->get ())
         // error allocating pty

       if (we want utmp)
         pty->login (process_pid, 0, "remote.host");
       else if (we want utmp AND wtmp/lastlog)
         pty->login (process_pid, 1, "remote.host");

       // we are done with it
       delete pty;

       // C
       PTYTTY pty = ptytty_create ();

       if (!ptytty_get (pty))
         // error allocating pty

       if (we want utmp)
         ptytty_login (pty, process_pid, 0, "remote.host");
       else if (we want utmp AND wtmp/lastlog)
         ptytty_login (pty, process_pid, 1, "remote.host");

       // we are done with it
       ptytty_delete (pty);

    See also the eg/ directory, which currently contains the c-sample.c file
    that spawns a loginshell from C using libptytty.

DESCRIPTION
    Libptytty is a small library that offers pseudo-tty management in an
    OS-independent way. It was created out of frustration over the many
    differences of pty/tty handling in different operating systems for the
    use inside "rxvt-unicode".

    In addition to offering mere pty/tty management, it also offers session
    database support (utmp and optional wtmp/lastlog updates for login
    shells).

    It also supports fork'ing after startup and dropping privileges in the
    calling process, so in case the calling process gets compromised by the
    user starting the program there is less to gain, as only the helper
    process runs with privileges (e.g. setuid/setgid), which reduces the
    area of attack immensely.

    Libptytty is written in C++, but it also offers a C-only API.

SECURITY CONSIDERATIONS
    *It is of paramount importance that you at least read the following
    paragraph!*

    If you are a typical terminal-like program that just wants one or more
    ptys, you should call the "ptytty::init ()" method (C: "ptytty_init ()"
    function) as the very first thing in your program:

       int main (int argc, char *argv[])
       {
          // do nothing here
          ptytty::init ();
          // in C: ptytty_init ();

          // initialise, parse arguments, etc.
       }

    This checks wether the program runs setuid or setgid. If yes then it
    will fork a helper process and drop privileges.

    Some programs need finer control over if and when this helper process is
    started, and if and how to drop privileges. For those programs, the
    methods "ptytty::use_helper" and "ptytty::drop_privileges" are more
    useful.

C++ INTERFACE: THE ptytty CLASS
  STATIC METHODS
    ptytty::init ()
        The default way to initialise libptytty. Must be called imemdiately
        as the first thing in the "main" function, or earlier e.g. during
        static construction time. The earlier, the better.

        This method checks wether the program runs with setuid/setgid
        permissions and, if yes, spawns a helper process for pty/tty
        management. It then drops the privileges completely, so the actual
        program runs without setuid/setgid privileges.

    ptytty::use_helper ()
        Tries to start a helper process that retains privileges even when
        the calling process does not. This is usually called from
        "ptytty::init" when it detects that the program is running setuid or
        setgid, but can be called manually if it is inconvinient to drop
        privileges at startup, or when you are not running setuid/setgid but
        want to drop privileges (e.g. when running as a root-started
        daemon).

        This method will try not to start more than one helper process. The
        same helper process can usually be used both from the process
        starting it and all its fork'ed (not exec'ed) children.

    ptytty::drop_privileges ()
        Drops privileges completely, i.e. sets real, effective and saved
        user id to the real user id. Also aborts if this cannot be achieved.
        Useful to make sure that the process doesn't run with special
        privileges.

    bool success = ptytty::send_fd (int socket, int fd)
        Utility method to send a file descriptor over a unix domain socket.
        Returns true if successful, false otherwise. This method is only
        exposed for your convinience and is not required for normal
        operation.

    int fd = ptytty::recv_fd (int socket)
        Utility method to receive a file descriptor over a unix domain
        socket. Returns the fd if sucecssful and -1 otherwise. This method
        is only exposed for your convinience and is not required for normal
        operation.

    ptytty *pty = ptytty::create ()
        Creates new ptytty object. Creation does not yet do anything besides
        allocating the structure.

        A static method is used because the actual ptytty implementation can
        differ at runtime, so you need a dynamic object creation facility.

  DYNAMIC/SESSION-RELATED DATA MEMBERS AND METHODS
    int pty_fd = pty->pty
    int tty_fd = pty->tty
        These members contain the pty and tty file descriptors,
        respectively. They initially contain -1 until a successful to
        "ptytty::get".

    bool success = pty->get ()
        Tries to find, allocate and initialise a new pty/tty pair. Returns
        "true" when successful.

    pty->login (int cmd_pid, bool login_shell, const char *hostname)
        Creates an entry in the systems session database(s) (utmp, wtmp,
        lastlog). "cmd_pid" must be the pid of the process representing the
        session (such as the login shell), "login_shell" defines wether the
        session is associated with a login, which influences wether wtmp and
        lastlog entries are created, and "hostname" should identify the
        "hostname" the user logs in from, which often is the value of the
        "DISPLAY" variable or tty line in case of local logins.

        Calling this method is optional. A session starts at the time of the
        login call and extends until the ptytty object is destroyed.

    pty->close_tty ()
        Closes the tty. Useful after forking in the parent/pty process.

    bool success = pty->make_controlling_tty ()
        Tries to make the pty/tty pair the controlling terminal of the
        current process. Useful after forking in the child/tty process.

    pty->set_utf8_mode (bool on)
        On systems supporting special UTF-8 line disciplines (e.g. Linux),
        this tries to enable this discipline for the given pty. Can be
        called at any time to change the mode.

C INTERFACE: THE ptytty FAMILY OF FUNCTIONS
    ptytty_init ()
        See "ptytty::init ()".

    PTYTTY ptytty_create ()
        Creates a new opaque PTYTTY object and returns it. Do not try to
        access it in any way except by testing it for truthness (e.g. "if
        (pty) ...."). See "ptytty::create ()".

    int ptytty_pty (PTYTTY ptytty)
        Return the pty file descriptor. See "pty->pty".

    int ptytty_tty (PTYTTY ptytty)
        Return the tty file descriptor. See "pty->tty".

    void ptytty_delete (PTYTTY ptytty)
        Destroys the PTYTTY object, freeing the pty/tty pair and cleaning up
        the utmp/wtmp/lastlog databases, if initialised/used. Same as
        "delete pty" in C++.

    int ptytty_get (PTYTTY ptytty)
        See "pty->get", returns 0 in case of an error, non-zero otherwise.

    void ptytty_login (PTYTTY ptytty, int cmd_pid, bool login_shell, const
    char *hostname)
        See "pty->login".

    void ptytty_close_tty (PTYTTY ptytty)
        See "pty->close_tty".

    int ptytty_make_controlling_tty (PTYTTY ptytty)
        See "pty->make_controlling_tty".

    void ptytty_set_utf8_mode (PTYTTY ptytty, int on)
        See "pty->set_utf8_mode".

    void ptytty_drop_privileges ()
        See "ptytty::drop_privileges".

    void ptytty_use_helper ()
        See "ptytty::use_helper".

BUGS
    You kiddin'?

AUTHORS
    Emanuele Giaquinta <e.giaquinta@glauco.it>, Marc Alexander Lehmann
    <rxvt-unicode@schmorp.de>.

Revision:	1.5
Committed:	Wed Aug 30 17:36:31 2006 UTC (17 years, 9 months ago) by root
Branch:	MAIN
Changes since 1.4:	+10 -7 lines
Log Message:	preliminary sockpuppet support :)
#	User	Rev	Content
1	root	1.1	NAME
2	root	1.2	libptytty - OS independent and secure pty/tty and utmp/wtmp/lastlog
3	root	1.1	handling
4
5			SYNOPSIS
6	root	1.4	cc ... -lptytty
7
8			#include <libptytty.h>
9
10			// C++
11			ptytty *pty = ptytty::create ();
12
13			if (!pty->get ())
14			// error allocating pty
15
16			if (we want utmp)
17			pty->login (process_pid, 0, "remote.host");
18			else if (we want utmp AND wtmp/lastlog)
19			pty->login (process_pid, 1, "remote.host");
20
21			// we are done with it
22			delete pty;
23
24			// C
25			PTYTTY pty = ptytty_create ();
26
27			if (!ptytty_get (pty))
28			// error allocating pty
29
30			if (we want utmp)
31			ptytty_login (pty, process_pid, 0, "remote.host");
32			else if (we want utmp AND wtmp/lastlog)
33			ptytty_login (pty, process_pid, 1, "remote.host");
34
35			// we are done with it
36			ptytty_delete (pty);
37	root	1.1
38	root	1.5	See also the eg/ directory, which currently contains the c-sample.c file
39			that spawns a loginshell from C using libptytty.
40
41	root	1.1	DESCRIPTION
42	root	1.4	Libptytty is a small library that offers pseudo-tty management in an
43			OS-independent way. It was created out of frustration over the many
44			differences of pty/tty handling in different operating systems for the
45			use inside "rxvt-unicode".
46
47			In addition to offering mere pty/tty management, it also offers session
48			database support (utmp and optional wtmp/lastlog updates for login
49			shells).
50
51			It also supports fork'ing after startup and dropping privileges in the
52			calling process, so in case the calling process gets compromised by the
53			user starting the program there is less to gain, as only the helper
54			process runs with privileges (e.g. setuid/setgid), which reduces the
55			area of attack immensely.
56
57			Libptytty is written in C++, but it also offers a C-only API.
58	root	1.3
59			SECURITY CONSIDERATIONS
60			*It is of paramount importance that you at least read the following
61			paragraph!*
62
63			If you are a typical terminal-like program that just wants one or more
64			ptys, you should call the "ptytty::init ()" method (C: "ptytty_init ()"
65			function) as the very first thing in your program:
66
67			int main (int argc, char *argv[])
68			{
69			// do nothing here
70			ptytty::init ();
71			// in C: ptytty_init ();
72
73			// initialise, parse arguments, etc.
74			}
75
76			This checks wether the program runs setuid or setgid. If yes then it
77			will fork a helper process and drop privileges.
78
79			Some programs need finer control over if and when this helper process is
80			started, and if and how to drop privileges. For those programs, the
81			methods "ptytty::use_helper" and "ptytty::drop_privileges" are more
82			useful.
83
84			C++ INTERFACE: THE ptytty CLASS
85			STATIC METHODS
86			ptytty::init ()
87			The default way to initialise libptytty. Must be called imemdiately
88			as the first thing in the "main" function, or earlier e.g. during
89			static construction time. The earlier, the better.
90
91			This method checks wether the program runs with setuid/setgid
92			permissions and, if yes, spawns a helper process for pty/tty
93	root	1.5	management. It then drops the privileges completely, so the actual
94	root	1.3	program runs without setuid/setgid privileges.
95
96			ptytty::use_helper ()
97			Tries to start a helper process that retains privileges even when
98			the calling process does not. This is usually called from
99			"ptytty::init" when it detects that the program is running setuid or
100			setgid, but can be called manually if it is inconvinient to drop
101			privileges at startup, or when you are not running setuid/setgid but
102			want to drop privileges (e.g. when running as a root-started
103			daemon).
104
105			This method will try not to start more than one helper process. The
106	root	1.5	same helper process can usually be used both from the process
107			starting it and all its fork'ed (not exec'ed) children.
108	root	1.3
109			ptytty::drop_privileges ()
110			Drops privileges completely, i.e. sets real, effective and saved
111	root	1.5	user id to the real user id. Also aborts if this cannot be achieved.
112	root	1.3	Useful to make sure that the process doesn't run with special
113			privileges.
114
115			bool success = ptytty::send_fd (int socket, int fd)
116			Utility method to send a file descriptor over a unix domain socket.
117			Returns true if successful, false otherwise. This method is only
118			exposed for your convinience and is not required for normal
119			operation.
120
121			int fd = ptytty::recv_fd (int socket)
122			Utility method to receive a file descriptor over a unix domain
123			socket. Returns the fd if sucecssful and -1 otherwise. This method
124			is only exposed for your convinience and is not required for normal
125			operation.
126
127			ptytty *pty = ptytty::create ()
128			Creates new ptytty object. Creation does not yet do anything besides
129			allocating the structure.
130
131			A static method is used because the actual ptytty implementation can
132			differ at runtime, so you need a dynamic object creation facility.
133
134			DYNAMIC/SESSION-RELATED DATA MEMBERS AND METHODS
135			int pty_fd = pty->pty
136			int tty_fd = pty->tty
137			These members contain the pty and tty file descriptors,
138			respectively. They initially contain -1 until a successful to
139			"ptytty::get".
140
141			bool success = pty->get ()
142			Tries to find, allocate and initialise a new pty/tty pair. Returns
143			"true" when successful.
144
145			pty->login (int cmd_pid, bool login_shell, const char *hostname)
146			Creates an entry in the systems session database(s) (utmp, wtmp,
147			lastlog). "cmd_pid" must be the pid of the process representing the
148			session (such as the login shell), "login_shell" defines wether the
149			session is associated with a login, which influences wether wtmp and
150			lastlog entries are created, and "hostname" should identify the
151			"hostname" the user logs in from, which often is the value of the
152			"DISPLAY" variable or tty line in case of local logins.
153
154			Calling this method is optional. A session starts at the time of the
155			login call and extends until the ptytty object is destroyed.
156
157			pty->close_tty ()
158			Closes the tty. Useful after forking in the parent/pty process.
159
160			bool success = pty->make_controlling_tty ()
161			Tries to make the pty/tty pair the controlling terminal of the
162			current process. Useful after forking in the child/tty process.
163
164			pty->set_utf8_mode (bool on)
165			On systems supporting special UTF-8 line disciplines (e.g. Linux),
166	root	1.5	this tries to enable this discipline for the given pty. Can be
167			called at any time to change the mode.
168	root	1.3
169			C INTERFACE: THE ptytty FAMILY OF FUNCTIONS
170			ptytty_init ()
171			See "ptytty::init ()".
172
173			PTYTTY ptytty_create ()
174			Creates a new opaque PTYTTY object and returns it. Do not try to
175	root	1.5	access it in any way except by testing it for truthness (e.g. "if
176	root	1.3	(pty) ...."). See "ptytty::create ()".
177
178			int ptytty_pty (PTYTTY ptytty)
179			Return the pty file descriptor. See "pty->pty".
180
181			int ptytty_tty (PTYTTY ptytty)
182			Return the tty file descriptor. See "pty->tty".
183
184			void ptytty_delete (PTYTTY ptytty)
185			Destroys the PTYTTY object, freeing the pty/tty pair and cleaning up
186			the utmp/wtmp/lastlog databases, if initialised/used. Same as
187			"delete pty" in C++.
188
189			int ptytty_get (PTYTTY ptytty)
190			See "pty->get", returns 0 in case of an error, non-zero otherwise.
191
192			void ptytty_login (PTYTTY ptytty, int cmd_pid, bool login_shell, const
193			char *hostname)
194			See "pty->login".
195
196			void ptytty_close_tty (PTYTTY ptytty)
197			See "pty->close_tty".
198
199			int ptytty_make_controlling_tty (PTYTTY ptytty)
200			See "pty->make_controlling_tty".
201
202			void ptytty_set_utf8_mode (PTYTTY ptytty, int on)
203			See "pty->set_utf8_mode".
204
205			void ptytty_drop_privileges ()
206			See "ptytty::drop_privileges".
207
208			void ptytty_use_helper ()
209			See "ptytty::use_helper".
210	root	1.1
211			BUGS
212			You kiddin'?
213
214			AUTHORS
215			Emanuele Giaquinta <e.giaquinta@glauco.it>, Marc Alexander Lehmann
216			<rxvt-unicode@schmorp.de>.
217