[ViewVC] Contents of: cvs/libptytty/README

NAME
    libptytty - OS independent and secure pty/tty and utmp/wtmp/lastlog
    handling

SYNOPSIS
       cc ... -lptytty

       #include <libptytty.h>

       // C++
       ptytty *pty = ptytty::create ();

       if (!pty->get ())
         // error allocating pty

       if (we want utmp)
         pty->login (process_pid, 0, "remote.host");
       else if (we want utmp AND wtmp/lastlog)
         pty->login (process_pid, 1, "remote.host");

       // we are done with it
       delete pty;

       // C
       PTYTTY pty = ptytty_create ();

       if (!ptytty_get (pty))
         // error allocating pty

       if (we want utmp)
         ptytty_login (pty, process_pid, 0, "remote.host");
       else if (we want utmp AND wtmp/lastlog)
         ptytty_login (pty, process_pid, 1, "remote.host");

       // we are done with it
       ptytty_delete (pty);

DESCRIPTION
    Libptytty is a small library that offers pseudo-tty management in an
    OS-independent way. It was created out of frustration over the many
    differences of pty/tty handling in different operating systems for the
    use inside "rxvt-unicode".

    In addition to offering mere pty/tty management, it also offers session
    database support (utmp and optional wtmp/lastlog updates for login
    shells).

    It also supports fork'ing after startup and dropping privileges in the
    calling process, so in case the calling process gets compromised by the
    user starting the program there is less to gain, as only the helper
    process runs with privileges (e.g. setuid/setgid), which reduces the
    area of attack immensely.

    Libptytty is written in C++, but it also offers a C-only API.

SECURITY CONSIDERATIONS
    *It is of paramount importance that you at least read the following
    paragraph!*

    If you are a typical terminal-like program that just wants one or more
    ptys, you should call the "ptytty::init ()" method (C: "ptytty_init ()"
    function) as the very first thing in your program:

       int main (int argc, char *argv[])
       {
          // do nothing here
          ptytty::init ();
          // in C: ptytty_init ();

          // initialise, parse arguments, etc.
       }

    This checks wether the program runs setuid or setgid. If yes then it
    will fork a helper process and drop privileges.

    Some programs need finer control over if and when this helper process is
    started, and if and how to drop privileges. For those programs, the
    methods "ptytty::use_helper" and "ptytty::drop_privileges" are more
    useful.

C++ INTERFACE: THE ptytty CLASS
  STATIC METHODS
    ptytty::init ()
        The default way to initialise libptytty. Must be called imemdiately
        as the first thing in the "main" function, or earlier e.g. during
        static construction time. The earlier, the better.

        This method checks wether the program runs with setuid/setgid
        permissions and, if yes, spawns a helper process for pty/tty
        management. IT then drops the privileges completely, so the actual
        program runs without setuid/setgid privileges.

    ptytty::use_helper ()
        Tries to start a helper process that retains privileges even when
        the calling process does not. This is usually called from
        "ptytty::init" when it detects that the program is running setuid or
        setgid, but can be called manually if it is inconvinient to drop
        privileges at startup, or when you are not running setuid/setgid but
        want to drop privileges (e.g. when running as a root-started
        daemon).

        This method will try not to start more than one helper process. The
        same helper process cna usually be used form the process starting it
        an all its fork'ed (not exec'ed) children

    ptytty::drop_privileges ()
        Drops privileges completely, i.e. sets real, effective and saved
        user id to the real user id. Also aborts if this cnanot be achieved.
        Useful to make sure that the process doesn't run with special
        privileges.

    bool success = ptytty::send_fd (int socket, int fd)
        Utility method to send a file descriptor over a unix domain socket.
        Returns true if successful, false otherwise. This method is only
        exposed for your convinience and is not required for normal
        operation.

    int fd = ptytty::recv_fd (int socket)
        Utility method to receive a file descriptor over a unix domain
        socket. Returns the fd if sucecssful and -1 otherwise. This method
        is only exposed for your convinience and is not required for normal
        operation.

    ptytty *pty = ptytty::create ()
        Creates new ptytty object. Creation does not yet do anything besides
        allocating the structure.

        A static method is used because the actual ptytty implementation can
        differ at runtime, so you need a dynamic object creation facility.

  DYNAMIC/SESSION-RELATED DATA MEMBERS AND METHODS
    int pty_fd = pty->pty
    int tty_fd = pty->tty
        These members contain the pty and tty file descriptors,
        respectively. They initially contain -1 until a successful to
        "ptytty::get".

    bool success = pty->get ()
        Tries to find, allocate and initialise a new pty/tty pair. Returns
        "true" when successful.

    pty->login (int cmd_pid, bool login_shell, const char *hostname)
        Creates an entry in the systems session database(s) (utmp, wtmp,
        lastlog). "cmd_pid" must be the pid of the process representing the
        session (such as the login shell), "login_shell" defines wether the
        session is associated with a login, which influences wether wtmp and
        lastlog entries are created, and "hostname" should identify the
        "hostname" the user logs in from, which often is the value of the
        "DISPLAY" variable or tty line in case of local logins.

        Calling this method is optional. A session starts at the time of the
        login call and extends until the ptytty object is destroyed.

    pty->close_tty ()
        Closes the tty. Useful after forking in the parent/pty process.

    bool success = pty->make_controlling_tty ()
        Tries to make the pty/tty pair the controlling terminal of the
        current process. Useful after forking in the child/tty process.

    pty->set_utf8_mode (bool on)
        On systems supporting special UTF-8 line disciplines (e.g. Linux),
        tries to enable it for the given pty. Can be called at any time to
        change the mode.

C INTERFACE: THE ptytty FAMILY OF FUNCTIONS
    ptytty_init ()
        See "ptytty::init ()".

    PTYTTY ptytty_create ()
        Creates a new opaque PTYTTY object and returns it. Do not try to
        access it in any way excecp by testing it for truthness (e.g. "if
        (pty) ...."). See "ptytty::create ()".

    int ptytty_pty (PTYTTY ptytty)
        Return the pty file descriptor. See "pty->pty".

    int ptytty_tty (PTYTTY ptytty)
        Return the tty file descriptor. See "pty->tty".

    void ptytty_delete (PTYTTY ptytty)
        Destroys the PTYTTY object, freeing the pty/tty pair and cleaning up
        the utmp/wtmp/lastlog databases, if initialised/used. Same as
        "delete pty" in C++.

    int ptytty_get (PTYTTY ptytty)
        See "pty->get", returns 0 in case of an error, non-zero otherwise.

    void ptytty_login (PTYTTY ptytty, int cmd_pid, bool login_shell, const
    char *hostname)
        See "pty->login".

    void ptytty_close_tty (PTYTTY ptytty)
        See "pty->close_tty".

    int ptytty_make_controlling_tty (PTYTTY ptytty)
        See "pty->make_controlling_tty".

    void ptytty_set_utf8_mode (PTYTTY ptytty, int on)
        See "pty->set_utf8_mode".

    void ptytty_drop_privileges ()
        See "ptytty::drop_privileges".

    void ptytty_use_helper ()
        See "ptytty::use_helper".

BUGS
    You kiddin'?

AUTHORS
    Emanuele Giaquinta <e.giaquinta@glauco.it>, Marc Alexander Lehmann
    <rxvt-unicode@schmorp.de>.

Revision:	1.4
Committed:	Mon Jan 23 12:37:09 2006 UTC (18 years, 3 months ago) by root
Branch:	MAIN
CVS Tags:	rel-0_1, rel-0_2
Changes since 1.3:	+47 -2 lines
Log Message:	* empty log message *
#	Content
1	NAME
2	libptytty - OS independent and secure pty/tty and utmp/wtmp/lastlog
3	handling
4
5	SYNOPSIS
6	cc ... -lptytty
7
8	#include <libptytty.h>
9
10	// C++
11	ptytty *pty = ptytty::create ();
12
13	if (!pty->get ())
14	// error allocating pty
15
16	if (we want utmp)
17	pty->login (process_pid, 0, "remote.host");
18	else if (we want utmp AND wtmp/lastlog)
19	pty->login (process_pid, 1, "remote.host");
20
21	// we are done with it
22	delete pty;
23
24	// C
25	PTYTTY pty = ptytty_create ();
26
27	if (!ptytty_get (pty))
28	// error allocating pty
29
30	if (we want utmp)
31	ptytty_login (pty, process_pid, 0, "remote.host");
32	else if (we want utmp AND wtmp/lastlog)
33	ptytty_login (pty, process_pid, 1, "remote.host");
34
35	// we are done with it
36	ptytty_delete (pty);
37
38	DESCRIPTION
39	Libptytty is a small library that offers pseudo-tty management in an
40	OS-independent way. It was created out of frustration over the many
41	differences of pty/tty handling in different operating systems for the
42	use inside "rxvt-unicode".
43
44	In addition to offering mere pty/tty management, it also offers session
45	database support (utmp and optional wtmp/lastlog updates for login
46	shells).
47
48	It also supports fork'ing after startup and dropping privileges in the
49	calling process, so in case the calling process gets compromised by the
50	user starting the program there is less to gain, as only the helper
51	process runs with privileges (e.g. setuid/setgid), which reduces the
52	area of attack immensely.
53
54	Libptytty is written in C++, but it also offers a C-only API.
55
56	SECURITY CONSIDERATIONS
57	*It is of paramount importance that you at least read the following
58	paragraph!*
59
60	If you are a typical terminal-like program that just wants one or more
61	ptys, you should call the "ptytty::init ()" method (C: "ptytty_init ()"
62	function) as the very first thing in your program:
63
64	int main (int argc, char *argv[])
65	{
66	// do nothing here
67	ptytty::init ();
68	// in C: ptytty_init ();
69
70	// initialise, parse arguments, etc.
71	}
72
73	This checks wether the program runs setuid or setgid. If yes then it
74	will fork a helper process and drop privileges.
75
76	Some programs need finer control over if and when this helper process is
77	started, and if and how to drop privileges. For those programs, the
78	methods "ptytty::use_helper" and "ptytty::drop_privileges" are more
79	useful.
80
81	C++ INTERFACE: THE ptytty CLASS
82	STATIC METHODS
83	ptytty::init ()
84	The default way to initialise libptytty. Must be called imemdiately
85	as the first thing in the "main" function, or earlier e.g. during
86	static construction time. The earlier, the better.
87
88	This method checks wether the program runs with setuid/setgid
89	permissions and, if yes, spawns a helper process for pty/tty
90	management. IT then drops the privileges completely, so the actual
91	program runs without setuid/setgid privileges.
92
93	ptytty::use_helper ()
94	Tries to start a helper process that retains privileges even when
95	the calling process does not. This is usually called from
96	"ptytty::init" when it detects that the program is running setuid or
97	setgid, but can be called manually if it is inconvinient to drop
98	privileges at startup, or when you are not running setuid/setgid but
99	want to drop privileges (e.g. when running as a root-started
100	daemon).
101
102	This method will try not to start more than one helper process. The
103	same helper process cna usually be used form the process starting it
104	an all its fork'ed (not exec'ed) children
105
106	ptytty::drop_privileges ()
107	Drops privileges completely, i.e. sets real, effective and saved
108	user id to the real user id. Also aborts if this cnanot be achieved.
109	Useful to make sure that the process doesn't run with special
110	privileges.
111
112	bool success = ptytty::send_fd (int socket, int fd)
113	Utility method to send a file descriptor over a unix domain socket.
114	Returns true if successful, false otherwise. This method is only
115	exposed for your convinience and is not required for normal
116	operation.
117
118	int fd = ptytty::recv_fd (int socket)
119	Utility method to receive a file descriptor over a unix domain
120	socket. Returns the fd if sucecssful and -1 otherwise. This method
121	is only exposed for your convinience and is not required for normal
122	operation.
123
124	ptytty *pty = ptytty::create ()
125	Creates new ptytty object. Creation does not yet do anything besides
126	allocating the structure.
127
128	A static method is used because the actual ptytty implementation can
129	differ at runtime, so you need a dynamic object creation facility.
130
131	DYNAMIC/SESSION-RELATED DATA MEMBERS AND METHODS
132	int pty_fd = pty->pty
133	int tty_fd = pty->tty
134	These members contain the pty and tty file descriptors,
135	respectively. They initially contain -1 until a successful to
136	"ptytty::get".
137
138	bool success = pty->get ()
139	Tries to find, allocate and initialise a new pty/tty pair. Returns
140	"true" when successful.
141
142	pty->login (int cmd_pid, bool login_shell, const char *hostname)
143	Creates an entry in the systems session database(s) (utmp, wtmp,
144	lastlog). "cmd_pid" must be the pid of the process representing the
145	session (such as the login shell), "login_shell" defines wether the
146	session is associated with a login, which influences wether wtmp and
147	lastlog entries are created, and "hostname" should identify the
148	"hostname" the user logs in from, which often is the value of the
149	"DISPLAY" variable or tty line in case of local logins.
150
151	Calling this method is optional. A session starts at the time of the
152	login call and extends until the ptytty object is destroyed.
153
154	pty->close_tty ()
155	Closes the tty. Useful after forking in the parent/pty process.
156
157	bool success = pty->make_controlling_tty ()
158	Tries to make the pty/tty pair the controlling terminal of the
159	current process. Useful after forking in the child/tty process.
160
161	pty->set_utf8_mode (bool on)
162	On systems supporting special UTF-8 line disciplines (e.g. Linux),
163	tries to enable it for the given pty. Can be called at any time to
164	change the mode.
165
166	C INTERFACE: THE ptytty FAMILY OF FUNCTIONS
167	ptytty_init ()
168	See "ptytty::init ()".
169
170	PTYTTY ptytty_create ()
171	Creates a new opaque PTYTTY object and returns it. Do not try to
172	access it in any way excecp by testing it for truthness (e.g. "if
173	(pty) ...."). See "ptytty::create ()".
174
175	int ptytty_pty (PTYTTY ptytty)
176	Return the pty file descriptor. See "pty->pty".
177
178	int ptytty_tty (PTYTTY ptytty)
179	Return the tty file descriptor. See "pty->tty".
180
181	void ptytty_delete (PTYTTY ptytty)
182	Destroys the PTYTTY object, freeing the pty/tty pair and cleaning up
183	the utmp/wtmp/lastlog databases, if initialised/used. Same as
184	"delete pty" in C++.
185
186	int ptytty_get (PTYTTY ptytty)
187	See "pty->get", returns 0 in case of an error, non-zero otherwise.
188
189	void ptytty_login (PTYTTY ptytty, int cmd_pid, bool login_shell, const
190	char *hostname)
191	See "pty->login".
192
193	void ptytty_close_tty (PTYTTY ptytty)
194	See "pty->close_tty".
195
196	int ptytty_make_controlling_tty (PTYTTY ptytty)
197	See "pty->make_controlling_tty".
198
199	void ptytty_set_utf8_mode (PTYTTY ptytty, int on)
200	See "pty->set_utf8_mode".
201
202	void ptytty_drop_privileges ()
203	See "ptytty::drop_privileges".
204
205	void ptytty_use_helper ()
206	See "ptytty::use_helper".
207
208	BUGS
209	You kiddin'?
210
211	AUTHORS
212	Emanuele Giaquinta <e.giaquinta@glauco.it>, Marc Alexander Lehmann
213	<rxvt-unicode@schmorp.de>.
214