… | |
… | |
29 | |
29 | |
30 | #include "ptytty.h" |
30 | #include "ptytty.h" |
31 | |
31 | |
32 | #include <cstdlib> |
32 | #include <cstdlib> |
33 | #include <cstring> |
33 | #include <cstring> |
|
|
34 | #include <csignal> |
34 | |
35 | |
35 | #include <sys/types.h> |
36 | #include <sys/types.h> |
36 | #include <sys/socket.h> |
|
|
37 | #include <unistd.h> |
37 | #include <unistd.h> |
38 | #include <fcntl.h> |
38 | #include <fcntl.h> |
39 | |
39 | |
40 | #ifdef HAVE_SYS_IOCTL_H |
40 | #ifdef HAVE_SYS_IOCTL_H |
41 | # include <sys/ioctl.h> |
41 | # include <sys/ioctl.h> |
… | |
… | |
371 | } |
371 | } |
372 | |
372 | |
373 | return true; |
373 | return true; |
374 | } |
374 | } |
375 | |
375 | |
376 | ///////////////////////////////////////////////////////////////////////////// |
|
|
377 | // helper/proxy support |
|
|
378 | |
|
|
379 | #if PTYTTY_HELPER |
|
|
380 | |
|
|
381 | static int sock_fd = -1; |
|
|
382 | static int helper_pid, owner_pid; |
|
|
383 | |
|
|
384 | struct command |
|
|
385 | { |
|
|
386 | enum { get, login, destroy } type; |
|
|
387 | |
|
|
388 | ptytty *id; |
|
|
389 | |
|
|
390 | bool login_shell; |
|
|
391 | int cmd_pid; |
|
|
392 | char hostname[512]; // arbitrary, but should be plenty |
|
|
393 | }; |
|
|
394 | |
|
|
395 | struct ptytty_proxy : ptytty |
|
|
396 | { |
|
|
397 | ptytty *id; |
|
|
398 | |
|
|
399 | ptytty_proxy () |
|
|
400 | : id(0) |
|
|
401 | { |
|
|
402 | } |
|
|
403 | |
|
|
404 | ~ptytty_proxy (); |
|
|
405 | |
|
|
406 | bool get (); |
|
|
407 | void login (int cmd_pid, bool login_shell, const char *hostname); |
|
|
408 | }; |
|
|
409 | |
|
|
410 | bool |
|
|
411 | ptytty_proxy::get () |
|
|
412 | { |
|
|
413 | command cmd; |
|
|
414 | |
|
|
415 | cmd.type = command::get; |
|
|
416 | |
|
|
417 | write (sock_fd, &cmd, sizeof (cmd)); |
|
|
418 | |
|
|
419 | if (read (sock_fd, &id, sizeof (id)) != sizeof (id)) |
|
|
420 | ptytty_fatal ("protocol error while creating pty using helper process, aborting.\n"); |
|
|
421 | |
|
|
422 | if (!id) |
|
|
423 | return false; |
|
|
424 | |
|
|
425 | if ((pty = recv_fd (sock_fd)) < 0 |
|
|
426 | || (tty = recv_fd (sock_fd)) < 0) |
|
|
427 | ptytty_fatal ("protocol error while reading pty/tty fds from helper process, aborting.\n"); |
|
|
428 | |
|
|
429 | return true; |
|
|
430 | } |
|
|
431 | |
|
|
432 | void |
|
|
433 | ptytty_proxy::login (int cmd_pid, bool login_shell, const char *hostname) |
|
|
434 | { |
|
|
435 | command cmd; |
|
|
436 | |
|
|
437 | cmd.type = command::login; |
|
|
438 | cmd.id = id; |
|
|
439 | cmd.cmd_pid = cmd_pid; |
|
|
440 | cmd.login_shell = login_shell; |
|
|
441 | strncpy (cmd.hostname, hostname, sizeof (cmd.hostname)); |
|
|
442 | |
|
|
443 | write (sock_fd, &cmd, sizeof (cmd)); |
|
|
444 | } |
|
|
445 | |
|
|
446 | ptytty_proxy::~ptytty_proxy () |
|
|
447 | { |
|
|
448 | if (id) |
|
|
449 | { |
|
|
450 | command cmd; |
|
|
451 | |
|
|
452 | cmd.type = command::destroy; |
|
|
453 | cmd.id = id; |
|
|
454 | |
|
|
455 | write (sock_fd, &cmd, sizeof (cmd)); |
|
|
456 | } |
|
|
457 | } |
|
|
458 | |
|
|
459 | static |
|
|
460 | void serve () |
|
|
461 | { |
|
|
462 | command cmd; |
|
|
463 | vector<ptytty *> ptys; |
|
|
464 | |
|
|
465 | while (read (sock_fd, &cmd, sizeof (command)) == sizeof (command)) |
|
|
466 | { |
|
|
467 | if (cmd.type == command::get) |
|
|
468 | { |
|
|
469 | // -> id ptyfd ttyfd |
|
|
470 | cmd.id = new ptytty_unix; |
|
|
471 | |
|
|
472 | if (cmd.id->get ()) |
|
|
473 | { |
|
|
474 | write (sock_fd, &cmd.id, sizeof (cmd.id)); |
|
|
475 | ptys.push_back (cmd.id); |
|
|
476 | |
|
|
477 | ptytty::send_fd (sock_fd, cmd.id->pty); |
|
|
478 | ptytty::send_fd (sock_fd, cmd.id->tty); |
|
|
479 | } |
|
|
480 | else |
|
|
481 | { |
|
|
482 | delete cmd.id; |
|
|
483 | cmd.id = 0; |
|
|
484 | write (sock_fd, &cmd.id, sizeof (cmd.id)); |
|
|
485 | } |
|
|
486 | } |
|
|
487 | else if (cmd.type == command::login) |
|
|
488 | { |
|
|
489 | #if UTMP_SUPPORT |
|
|
490 | if (find (ptys.begin (), ptys.end (), cmd.id) != ptys.end ()) |
|
|
491 | { |
|
|
492 | cmd.hostname[sizeof (cmd.hostname) - 1] = 0; |
|
|
493 | cmd.id->login (cmd.cmd_pid, cmd.login_shell, cmd.hostname); |
|
|
494 | } |
|
|
495 | #endif |
|
|
496 | } |
|
|
497 | else if (cmd.type == command::destroy) |
|
|
498 | { |
|
|
499 | vector<ptytty *>::iterator pty = find (ptys.begin (), ptys.end (), cmd.id); |
|
|
500 | |
|
|
501 | if (pty != ptys.end ()) |
|
|
502 | { |
|
|
503 | delete *pty; |
|
|
504 | ptys.erase (pty); |
|
|
505 | } |
|
|
506 | } |
|
|
507 | else |
|
|
508 | break; |
|
|
509 | } |
|
|
510 | |
|
|
511 | // destroy all ptys |
|
|
512 | for (vector<ptytty *>::iterator i = ptys.end (); i-- > ptys.begin (); ) |
|
|
513 | delete *i; |
|
|
514 | } |
|
|
515 | |
|
|
516 | void |
|
|
517 | ptytty::use_helper () |
|
|
518 | { |
|
|
519 | int pid = getpid (); |
|
|
520 | |
|
|
521 | if (sock_fd >= 0 && pid == owner_pid) |
|
|
522 | return; |
|
|
523 | |
|
|
524 | owner_pid = pid; |
|
|
525 | |
|
|
526 | int sv[2]; |
|
|
527 | |
|
|
528 | if (socketpair (AF_UNIX, SOCK_STREAM, 0, sv)) |
|
|
529 | ptytty_fatal ("could not create socket to communicate with pty/sessiondb helper, aborting.\n"); |
|
|
530 | |
|
|
531 | helper_pid = fork (); |
|
|
532 | |
|
|
533 | if (helper_pid < 0) |
|
|
534 | ptytty_fatal ("could not create pty/sessiondb helper process, aborting.\n"); |
|
|
535 | |
|
|
536 | if (helper_pid) |
|
|
537 | { |
|
|
538 | // client, process |
|
|
539 | sock_fd = sv[0]; |
|
|
540 | close (sv[1]); |
|
|
541 | fcntl (sock_fd, F_SETFD, FD_CLOEXEC); |
|
|
542 | } |
|
|
543 | else |
|
|
544 | { |
|
|
545 | // server, pty-helper |
|
|
546 | sock_fd = sv[1]; |
|
|
547 | |
|
|
548 | chdir ("/"); |
|
|
549 | |
|
|
550 | for (int fd = 0; fd < 1023; fd++) |
|
|
551 | if (fd != sock_fd) |
|
|
552 | close (fd); |
|
|
553 | |
|
|
554 | serve (); |
|
|
555 | _exit (EXIT_SUCCESS); |
|
|
556 | } |
|
|
557 | } |
|
|
558 | |
|
|
559 | #endif |
|
|
560 | |
|
|
561 | ptytty * |
|
|
562 | ptytty::create () |
|
|
563 | { |
|
|
564 | #if PTYTTY_HELPER |
|
|
565 | if (helper_pid && getpid () == owner_pid) |
|
|
566 | // use helper process |
|
|
567 | return new ptytty_proxy; |
|
|
568 | else |
|
|
569 | #endif |
|
|
570 | return new ptytty_unix; |
|
|
571 | } |
|
|
572 | |
|
|
573 | void |
|
|
574 | ptytty::init () |
|
|
575 | { |
|
|
576 | uid_t uid = getuid (); |
|
|
577 | gid_t gid = getgid (); |
|
|
578 | |
|
|
579 | // before doing anything else, check for setuid/setgid operation, |
|
|
580 | // start the helper process and drop privileges |
|
|
581 | if (uid != geteuid () |
|
|
582 | || gid != getegid ()) |
|
|
583 | { |
|
|
584 | #if PTYTTY_HELPER |
|
|
585 | use_helper (); |
|
|
586 | #else |
|
|
587 | ptytty_warn ("running setuid/setgid without pty helper compiled in, continuing unprivileged.\n"); |
|
|
588 | #endif |
|
|
589 | |
|
|
590 | drop_privileges (); |
|
|
591 | } |
|
|
592 | } |
|
|
593 | |
|
|
594 | void |
|
|
595 | ptytty::drop_privileges () |
|
|
596 | { |
|
|
597 | uid_t uid = getuid (); |
|
|
598 | gid_t gid = getgid (); |
|
|
599 | |
|
|
600 | // drop privileges |
|
|
601 | #if HAVE_SETRESUID |
|
|
602 | setresgid (gid, gid, gid); |
|
|
603 | setresuid (uid, uid, uid); |
|
|
604 | #elif HAVE_SETREUID |
|
|
605 | setregid (gid, gid); |
|
|
606 | setreuid (uid, uid); |
|
|
607 | #elif HAVE_SETUID |
|
|
608 | setgid (gid); |
|
|
609 | setuid (uid); |
|
|
610 | #endif |
|
|
611 | |
|
|
612 | if (uid != geteuid () |
|
|
613 | || gid != getegid ()) |
|
|
614 | ptytty_fatal ("unable to drop privileges, aborting.\n"); |
|
|
615 | } |
|
|
616 | |
|
|
617 | ///////////////////////////////////////////////////////////////////////////// |
|
|
618 | // C API |
|
|
619 | |
|
|
620 | #ifndef NO_C_API |
|
|
621 | |
|
|
622 | #define DEFINE_METHOD(retval, name, args1, args2) \ |
|
|
623 | extern "C" retval ptytty_ ## name args1 \ |
|
|
624 | { return ((struct ptytty *)ptytty)->name args2; } |
|
|
625 | |
|
|
626 | DEFINE_METHOD(int,pty,(void *ptytty),) |
|
|
627 | DEFINE_METHOD(int,tty,(void *ptytty),) |
|
|
628 | DEFINE_METHOD(int,get,(void *ptytty),()) |
|
|
629 | DEFINE_METHOD(void,login,(void *ptytty, int cmd_pid, bool login_shell, const char *hostname),(cmd_pid,login_shell,hostname)) |
|
|
630 | |
|
|
631 | DEFINE_METHOD(void,close_tty,(void *ptytty),()) |
|
|
632 | DEFINE_METHOD(int,make_controlling_tty,(void *ptytty),()) |
|
|
633 | DEFINE_METHOD(void,set_utf8_mode,(void *ptytty, int on),(on)) |
|
|
634 | |
|
|
635 | #define DEFINE_STATIC(retval, name, args) \ |
|
|
636 | extern "C" retval ptytty_ ## name args \ |
|
|
637 | { return ptytty::name args; } |
|
|
638 | |
|
|
639 | DEFINE_STATIC(void,drop_privileges,()) |
|
|
640 | DEFINE_STATIC(void,use_helper,()) |
|
|
641 | |
|
|
642 | DEFINE_STATIC(void,init,()) |
|
|
643 | DEFINE_STATIC(void *,create,()) |
|
|
644 | |
|
|
645 | void ptytty_delete (void *ptytty) |
|
|
646 | { |
|
|
647 | delete (struct ptytty *)ptytty; |
|
|
648 | } |
|
|
649 | |
|
|
650 | // send_fd, recv_fd not exposed |
|
|
651 | |
|
|
652 | #endif |
|
|