|
|
1 | // This file is part of libptytty. Do not make local modifications. |
|
|
2 | // http://software.schmorp.de/pkg/libptytty |
|
|
3 | |
1 | /*--------------------------------*-C-*---------------------------------* |
4 | /*----------------------------------------------------------------------* |
2 | * File: ptytty.C |
5 | * File: ptytty.C |
3 | *----------------------------------------------------------------------* |
6 | *----------------------------------------------------------------------* |
4 | * |
7 | * |
5 | * All portions of code are copyright by their respective author/s. |
8 | * All portions of code are copyright by their respective author/s. |
6 | * Copyright (c) 1999-2001 Geoff Wing <gcw@pobox.com> |
9 | * Copyright (c) 1999-2001 Geoff Wing <gcw@pobox.com> |
7 | * Copyright (c) 2004-2006 Marc Lehmann <pcg@goof.com> |
10 | * Copyright (c) 2004-2006 Marc Lehmann <pcg@goof.com> |
|
|
11 | * Copyright (c) 2006 Emanuele Giaquinta <e.giaquinta@glauco.it> |
8 | * |
12 | * |
9 | * This program is free software; you can redistribute it and/or modify |
13 | * This program is free software; you can redistribute it and/or modify |
10 | * it under the terms of the GNU General Public License as published by |
14 | * it under the terms of the GNU General Public License as published by |
11 | * the Free Software Foundation; either version 2 of the License, or |
15 | * the Free Software Foundation; either version 2 of the License, or |
12 | * (at your option) any later version. |
16 | * (at your option) any later version. |
… | |
… | |
19 | * You should have received a copy of the GNU General Public License |
23 | * You should have received a copy of the GNU General Public License |
20 | * along with this program; if not, write to the Free Software |
24 | * along with this program; if not, write to the Free Software |
21 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
25 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
22 | *---------------------------------------------------------------------*/ |
26 | *---------------------------------------------------------------------*/ |
23 | |
27 | |
24 | #include "../config.h" /* NECESSARY */ |
28 | #include "../config.h" |
25 | |
29 | |
26 | #include "fdpass.h" |
|
|
27 | #include "ptytty.h" |
30 | #include "ptytty.h" |
28 | |
31 | |
29 | #include <cstdlib> |
32 | #include <cstdlib> |
30 | #include <cstring> |
33 | #include <cstring> |
31 | |
34 | |
… | |
… | |
232 | |
235 | |
233 | ioctl (fd_tty, TIOCSCTTY, NULL); |
236 | ioctl (fd_tty, TIOCSCTTY, NULL); |
234 | |
237 | |
235 | int fd = open ("/dev/tty", O_WRONLY); |
238 | int fd = open ("/dev/tty", O_WRONLY); |
236 | if (fd < 0) |
239 | if (fd < 0) |
237 | return -1; /* fatal */ |
240 | return -1; /* fatal */ |
238 | |
241 | |
239 | close (fd); |
242 | close (fd); |
240 | |
243 | |
241 | return 0; |
244 | return 0; |
242 | } |
245 | } |
243 | |
246 | |
244 | void |
247 | void |
245 | rxvt_ptytty::close_tty () |
248 | ptytty::close_tty () |
246 | { |
249 | { |
247 | if (tty < 0) |
250 | if (tty < 0) |
248 | return; |
251 | return; |
249 | |
252 | |
250 | close (tty); |
253 | close (tty); |
251 | tty = -1; |
254 | tty = -1; |
252 | } |
255 | } |
253 | |
256 | |
254 | bool |
257 | bool |
255 | rxvt_ptytty::make_controlling_tty () |
258 | ptytty::make_controlling_tty () |
256 | { |
259 | { |
257 | return control_tty (tty) >= 0; |
260 | return control_tty (tty) >= 0; |
258 | } |
261 | } |
259 | |
262 | |
260 | void |
263 | void |
261 | rxvt_ptytty::set_utf8_mode (bool on) |
264 | ptytty::set_utf8_mode (bool on) |
262 | { |
265 | { |
263 | #ifdef IUTF8 |
266 | #ifdef IUTF8 |
264 | if (pty < 0) |
267 | if (pty < 0) |
265 | return; |
268 | return; |
266 | |
269 | |
… | |
… | |
305 | gid = 0; |
308 | gid = 0; |
306 | } |
309 | } |
307 | } |
310 | } |
308 | } ttyconf; |
311 | } ttyconf; |
309 | |
312 | |
310 | rxvt_ptytty_unix::rxvt_ptytty_unix () |
313 | ptytty_unix::ptytty_unix () |
311 | { |
314 | { |
312 | name = 0; |
315 | name = 0; |
313 | #if UTMP_SUPPORT |
316 | #if UTMP_SUPPORT |
314 | cmd_pid = 0; |
317 | cmd_pid = 0; |
315 | #endif |
318 | #endif |
316 | } |
319 | } |
317 | |
320 | |
318 | rxvt_ptytty_unix::~rxvt_ptytty_unix () |
321 | ptytty_unix::~ptytty_unix () |
319 | { |
322 | { |
320 | #if UTMP_SUPPORT |
323 | #if UTMP_SUPPORT |
321 | logout (); |
324 | logout (); |
322 | #endif |
325 | #endif |
323 | put (); |
326 | put (); |
324 | } |
327 | } |
325 | |
328 | |
326 | void |
329 | void |
327 | rxvt_ptytty_unix::put () |
330 | ptytty_unix::put () |
328 | { |
331 | { |
329 | chmod (name, RESTORE_TTY_MODE); |
332 | chmod (name, RESTORE_TTY_MODE); |
330 | chown (name, 0, ttyconf.gid); |
333 | chown (name, 0, ttyconf.gid); |
331 | |
334 | |
332 | close_tty (); |
335 | close_tty (); |
… | |
… | |
339 | pty = tty = -1; |
342 | pty = tty = -1; |
340 | name = 0; |
343 | name = 0; |
341 | } |
344 | } |
342 | |
345 | |
343 | bool |
346 | bool |
344 | rxvt_ptytty_unix::get () |
347 | ptytty_unix::get () |
345 | { |
348 | { |
346 | /* get master (pty) */ |
349 | /* get master (pty) */ |
347 | if ((pty = get_pty (&tty, &name)) < 0) |
350 | if ((pty = get_pty (&tty, &name)) < 0) |
348 | return false; |
351 | return false; |
349 | |
352 | |
… | |
… | |
368 | } |
371 | } |
369 | |
372 | |
370 | return true; |
373 | return true; |
371 | } |
374 | } |
372 | |
375 | |
|
|
376 | ///////////////////////////////////////////////////////////////////////////// |
|
|
377 | // helper/proxy support |
|
|
378 | |
373 | #if PTYTTY_HELPER |
379 | #if PTYTTY_HELPER |
374 | |
380 | |
375 | static int sock_fd; |
381 | static int sock_fd = -1; |
376 | static int pid; |
382 | static int helper_pid, owner_pid; |
377 | |
383 | |
378 | struct command |
384 | struct command |
379 | { |
385 | { |
380 | enum { get, login, destroy } type; |
386 | enum { get, login, destroy } type; |
381 | |
387 | |
382 | rxvt_ptytty *id; |
388 | ptytty *id; |
383 | |
389 | |
384 | bool login_shell; |
390 | bool login_shell; |
385 | int cmd_pid; |
391 | int cmd_pid; |
386 | char hostname[512]; // arbitrary, but should be plenty |
392 | char hostname[512]; // arbitrary, but should be plenty |
387 | }; |
393 | }; |
388 | |
394 | |
389 | struct rxvt_ptytty_proxy : zero_initialized, rxvt_ptytty |
395 | struct ptytty_proxy : ptytty |
390 | { |
396 | { |
391 | rxvt_ptytty *id; |
397 | ptytty *id; |
392 | |
398 | |
|
|
399 | ptytty_proxy () |
|
|
400 | : id(0) |
|
|
401 | { |
|
|
402 | } |
|
|
403 | |
393 | ~rxvt_ptytty_proxy (); |
404 | ~ptytty_proxy (); |
394 | |
405 | |
395 | bool get (); |
406 | bool get (); |
396 | void login (int cmd_pid, bool login_shell, const char *hostname); |
407 | void login (int cmd_pid, bool login_shell, const char *hostname); |
397 | }; |
408 | }; |
398 | |
409 | |
399 | bool |
410 | bool |
400 | rxvt_ptytty_proxy::get () |
411 | ptytty_proxy::get () |
401 | { |
412 | { |
402 | command cmd; |
413 | command cmd; |
403 | |
414 | |
404 | cmd.type = command::get; |
415 | cmd.type = command::get; |
405 | |
416 | |
406 | write (sock_fd, &cmd, sizeof (cmd)); |
417 | write (sock_fd, &cmd, sizeof (cmd)); |
407 | |
418 | |
408 | if (read (sock_fd, &id, sizeof (id)) != sizeof (id)) |
419 | if (read (sock_fd, &id, sizeof (id)) != sizeof (id)) |
409 | rxvt_fatal ("protocol error while creating pty using helper process, aborting.\n"); |
420 | ptytty_fatal ("protocol error while creating pty using helper process, aborting.\n"); |
410 | |
421 | |
411 | if (!id) |
422 | if (!id) |
412 | return false; |
423 | return false; |
413 | |
424 | |
414 | if ((pty = rxvt_recv_fd (sock_fd)) < 0 |
425 | if ((pty = recv_fd (sock_fd)) < 0 |
415 | || (tty = rxvt_recv_fd (sock_fd)) < 0) |
426 | || (tty = recv_fd (sock_fd)) < 0) |
416 | rxvt_fatal ("protocol error while reading pty/tty fds from helper process, aborting.\n"); |
427 | ptytty_fatal ("protocol error while reading pty/tty fds from helper process, aborting.\n"); |
417 | |
428 | |
418 | return true; |
429 | return true; |
419 | } |
430 | } |
420 | |
431 | |
421 | void |
432 | void |
422 | rxvt_ptytty_proxy::login (int cmd_pid, bool login_shell, const char *hostname) |
433 | ptytty_proxy::login (int cmd_pid, bool login_shell, const char *hostname) |
423 | { |
434 | { |
424 | command cmd; |
435 | command cmd; |
425 | |
436 | |
426 | cmd.type = command::login; |
437 | cmd.type = command::login; |
427 | cmd.id = id; |
438 | cmd.id = id; |
… | |
… | |
430 | strncpy (cmd.hostname, hostname, sizeof (cmd.hostname)); |
441 | strncpy (cmd.hostname, hostname, sizeof (cmd.hostname)); |
431 | |
442 | |
432 | write (sock_fd, &cmd, sizeof (cmd)); |
443 | write (sock_fd, &cmd, sizeof (cmd)); |
433 | } |
444 | } |
434 | |
445 | |
435 | rxvt_ptytty_proxy::~rxvt_ptytty_proxy () |
446 | ptytty_proxy::~ptytty_proxy () |
436 | { |
447 | { |
|
|
448 | if (id) |
|
|
449 | { |
437 | command cmd; |
450 | command cmd; |
438 | |
451 | |
439 | cmd.type = command::destroy; |
452 | cmd.type = command::destroy; |
440 | cmd.id = id; |
453 | cmd.id = id; |
441 | |
454 | |
442 | write (sock_fd, &cmd, sizeof (cmd)); |
455 | write (sock_fd, &cmd, sizeof (cmd)); |
|
|
456 | } |
443 | } |
457 | } |
444 | |
458 | |
445 | static |
459 | static |
446 | void serve () |
460 | void serve () |
447 | { |
461 | { |
448 | command cmd; |
462 | command cmd; |
449 | vector<rxvt_ptytty *> ptys; |
463 | vector<ptytty *> ptys; |
450 | |
464 | |
451 | while (read (sock_fd, &cmd, sizeof (command)) == sizeof (command)) |
465 | while (read (sock_fd, &cmd, sizeof (command)) == sizeof (command)) |
452 | { |
466 | { |
453 | if (cmd.type == command::get) |
467 | if (cmd.type == command::get) |
454 | { |
468 | { |
455 | // -> id ptyfd ttyfd |
469 | // -> id ptyfd ttyfd |
456 | cmd.id = new rxvt_ptytty_unix; |
470 | cmd.id = new ptytty_unix; |
457 | |
471 | |
458 | if (cmd.id->get ()) |
472 | if (cmd.id->get ()) |
459 | { |
473 | { |
460 | write (sock_fd, &cmd.id, sizeof (cmd.id)); |
474 | write (sock_fd, &cmd.id, sizeof (cmd.id)); |
461 | ptys.push_back (cmd.id); |
475 | ptys.push_back (cmd.id); |
462 | |
476 | |
463 | rxvt_send_fd (sock_fd, cmd.id->pty); |
477 | ptytty::send_fd (sock_fd, cmd.id->pty); |
464 | rxvt_send_fd (sock_fd, cmd.id->tty); |
478 | ptytty::send_fd (sock_fd, cmd.id->tty); |
465 | } |
479 | } |
466 | else |
480 | else |
467 | { |
481 | { |
468 | delete cmd.id; |
482 | delete cmd.id; |
469 | cmd.id = 0; |
483 | cmd.id = 0; |
… | |
… | |
471 | } |
485 | } |
472 | } |
486 | } |
473 | else if (cmd.type == command::login) |
487 | else if (cmd.type == command::login) |
474 | { |
488 | { |
475 | #if UTMP_SUPPORT |
489 | #if UTMP_SUPPORT |
476 | if (find (ptys.begin (), ptys.end (), cmd.id)) |
490 | if (find (ptys.begin (), ptys.end (), cmd.id) != ptys.end ()) |
477 | { |
491 | { |
478 | cmd.hostname[sizeof (cmd.hostname) - 1] = 0; |
492 | cmd.hostname[sizeof (cmd.hostname) - 1] = 0; |
479 | cmd.id->login (cmd.cmd_pid, cmd.login_shell, cmd.hostname); |
493 | cmd.id->login (cmd.cmd_pid, cmd.login_shell, cmd.hostname); |
480 | } |
494 | } |
481 | #endif |
495 | #endif |
482 | } |
496 | } |
483 | else if (cmd.type == command::destroy) |
497 | else if (cmd.type == command::destroy) |
484 | { |
498 | { |
485 | rxvt_ptytty **pty = find (ptys.begin (), ptys.end (), cmd.id); |
499 | vector<ptytty *>::iterator pty = find (ptys.begin (), ptys.end (), cmd.id); |
486 | |
500 | |
487 | if (pty) |
501 | if (pty != ptys.end ()) |
488 | { |
502 | { |
489 | delete *pty; |
503 | delete *pty; |
490 | ptys.erase (pty); |
504 | ptys.erase (pty); |
491 | } |
505 | } |
492 | } |
506 | } |
493 | else |
507 | else |
494 | break; |
508 | break; |
495 | } |
509 | } |
496 | |
510 | |
497 | // destroy all ptys |
511 | // destroy all ptys |
498 | for (rxvt_ptytty **i = ptys.end (); i-- > ptys.begin (); ) |
512 | for (vector<ptytty *>::iterator i = ptys.end (); i-- > ptys.begin (); ) |
499 | delete *i; |
513 | delete *i; |
500 | } |
514 | } |
501 | |
515 | |
502 | void rxvt_ptytty_server () |
516 | void |
|
|
517 | ptytty::use_helper () |
503 | { |
518 | { |
|
|
519 | int pid = getpid (); |
|
|
520 | |
|
|
521 | if (sock_fd >= 0 && pid == owner_pid) |
|
|
522 | return; |
|
|
523 | |
|
|
524 | owner_pid = pid; |
|
|
525 | |
504 | int sv[2]; |
526 | int sv[2]; |
505 | |
527 | |
506 | if (socketpair (AF_UNIX, SOCK_STREAM, 0, sv)) |
528 | if (socketpair (AF_UNIX, SOCK_STREAM, 0, sv)) |
507 | rxvt_fatal ("could not create socket to communicate with pty/sessiondb helper, aborting.\n"); |
529 | ptytty_fatal ("could not create socket to communicate with pty/sessiondb helper, aborting.\n"); |
508 | |
530 | |
509 | pid = fork (); |
531 | helper_pid = fork (); |
510 | |
532 | |
511 | if (pid < 0) |
533 | if (helper_pid < 0) |
512 | rxvt_fatal ("could not create pty/sessiondb helper process, aborting.\n"); |
534 | ptytty_fatal ("could not create pty/sessiondb helper process, aborting.\n"); |
513 | |
535 | |
514 | if (pid) |
536 | if (helper_pid) |
515 | { |
537 | { |
516 | // client, urxvt |
538 | // client, process |
517 | sock_fd = sv[0]; |
539 | sock_fd = sv[0]; |
518 | close (sv[1]); |
540 | close (sv[1]); |
519 | fcntl (sock_fd, F_SETFD, FD_CLOEXEC); |
541 | fcntl (sock_fd, F_SETFD, FD_CLOEXEC); |
520 | } |
542 | } |
521 | else |
543 | else |
522 | { |
544 | { |
523 | // server, pty-helper |
545 | // server, pty-helper |
524 | sock_fd = sv[1]; |
546 | sock_fd = sv[1]; |
525 | |
547 | |
|
|
548 | chdir ("/"); |
|
|
549 | |
526 | for (int fd = 0; fd < 1023; fd++) |
550 | for (int fd = 0; fd < 1023; fd++) |
527 | if (fd != sock_fd) |
551 | if (fd != sock_fd) |
528 | close (fd); |
552 | close (fd); |
529 | |
553 | |
530 | serve (); |
554 | serve (); |
… | |
… | |
532 | } |
556 | } |
533 | } |
557 | } |
534 | |
558 | |
535 | #endif |
559 | #endif |
536 | |
560 | |
537 | // a "factory" *g* |
|
|
538 | rxvt_ptytty * |
561 | ptytty * |
539 | rxvt_new_ptytty () |
562 | ptytty::create () |
540 | { |
563 | { |
541 | #if PTYTTY_HELPER |
564 | #if PTYTTY_HELPER |
542 | if (pid > 0) |
565 | if (helper_pid && getpid () == owner_pid) |
543 | // use helper process |
566 | // use helper process |
544 | return new rxvt_ptytty_proxy; |
567 | return new ptytty_proxy; |
545 | else |
568 | else |
546 | #endif |
569 | #endif |
547 | return new rxvt_ptytty_unix; |
570 | return new ptytty_unix; |
548 | } |
571 | } |
549 | |
572 | |
550 | /*----------------------- end-of-file (C source) -----------------------*/ |
573 | void |
|
|
574 | ptytty::init () |
|
|
575 | { |
|
|
576 | uid_t uid = getuid (); |
|
|
577 | gid_t gid = getgid (); |
|
|
578 | |
|
|
579 | // before doing anything else, check for setuid/setgid operation, |
|
|
580 | // start the helper process and drop privileges |
|
|
581 | if (uid != geteuid () |
|
|
582 | || gid != getegid ()) |
|
|
583 | { |
|
|
584 | #if PTYTTY_HELPER |
|
|
585 | use_helper (); |
|
|
586 | #else |
|
|
587 | ptytty_warn ("running setuid/setgid without pty helper compiled in, continuing unprivileged.\n"); |
|
|
588 | #endif |
551 | |
589 | |
|
|
590 | drop_privileges (); |
|
|
591 | } |
|
|
592 | } |
|
|
593 | |
|
|
594 | void |
|
|
595 | ptytty::drop_privileges () |
|
|
596 | { |
|
|
597 | uid_t uid = getuid (); |
|
|
598 | gid_t gid = getgid (); |
|
|
599 | |
|
|
600 | // drop privileges |
|
|
601 | #if HAVE_SETRESUID |
|
|
602 | setresgid (gid, gid, gid); |
|
|
603 | setresuid (uid, uid, uid); |
|
|
604 | #elif HAVE_SETREUID |
|
|
605 | setregid (gid, gid); |
|
|
606 | setreuid (uid, uid); |
|
|
607 | #elif HAVE_SETUID |
|
|
608 | setgid (gid); |
|
|
609 | setuid (uid); |
|
|
610 | #endif |
|
|
611 | |
|
|
612 | if (uid != geteuid () |
|
|
613 | || gid != getegid ()) |
|
|
614 | ptytty_fatal ("unable to drop privileges, aborting.\n"); |
|
|
615 | } |
|
|
616 | |
|
|
617 | ///////////////////////////////////////////////////////////////////////////// |
|
|
618 | // C API |
|
|
619 | |
|
|
620 | #ifndef NO_C_API |
|
|
621 | |
|
|
622 | #define DEFINE_METHOD(retval, name, args1, args2) \ |
|
|
623 | extern "C" retval ptytty_ ## name args1 \ |
|
|
624 | { return ((struct ptytty *)ptytty)->name args2; } |
|
|
625 | |
|
|
626 | DEFINE_METHOD(int,pty,(void *ptytty),) |
|
|
627 | DEFINE_METHOD(int,tty,(void *ptytty),) |
|
|
628 | DEFINE_METHOD(int,get,(void *ptytty),()) |
|
|
629 | DEFINE_METHOD(void,login,(void *ptytty, int cmd_pid, bool login_shell, const char *hostname),(cmd_pid,login_shell,hostname)) |
|
|
630 | |
|
|
631 | DEFINE_METHOD(void,close_tty,(void *ptytty),()) |
|
|
632 | DEFINE_METHOD(int,make_controlling_tty,(void *ptytty),()) |
|
|
633 | DEFINE_METHOD(void,set_utf8_mode,(void *ptytty, int on),(on)) |
|
|
634 | |
|
|
635 | #define DEFINE_STATIC(retval, name, args) \ |
|
|
636 | retval ptytty_ ## name args \ |
|
|
637 | { return ptytty::name args; } |
|
|
638 | |
|
|
639 | DEFINE_STATIC(void,drop_privileges,()) |
|
|
640 | DEFINE_STATIC(void,use_helper,()) |
|
|
641 | DEFINE_STATIC(void,init,()) |
|
|
642 | |
|
|
643 | DEFINE_STATIC(void *,create,()) |
|
|
644 | |
|
|
645 | void ptytty_delete (void *ptytty) |
|
|
646 | { |
|
|
647 | delete (struct ptytty *)ptytty; |
|
|
648 | } |
|
|
649 | |
|
|
650 | // send_fd, recv_fd not exposed |
|
|
651 | |
|
|
652 | #endif |