… | |
… | |
6 | *----------------------------------------------------------------------* |
6 | *----------------------------------------------------------------------* |
7 | * |
7 | * |
8 | * All portions of code are copyright by their respective author/s. |
8 | * All portions of code are copyright by their respective author/s. |
9 | * Copyright (c) 1999-2001 Geoff Wing <gcw@pobox.com> |
9 | * Copyright (c) 1999-2001 Geoff Wing <gcw@pobox.com> |
10 | * Copyright (c) 2004-2006 Marc Lehmann <pcg@goof.com> |
10 | * Copyright (c) 2004-2006 Marc Lehmann <pcg@goof.com> |
|
|
11 | * Copyright (c) 2006 Emanuele Giaquinta <e.giaquinta@glauco.it> |
11 | * |
12 | * |
12 | * This program is free software; you can redistribute it and/or modify |
13 | * This program is free software; you can redistribute it and/or modify |
13 | * it under the terms of the GNU General Public License as published by |
14 | * it under the terms of the GNU General Public License as published by |
14 | * the Free Software Foundation; either version 2 of the License, or |
15 | * the Free Software Foundation; either version 2 of the License, or |
15 | * (at your option) any later version. |
16 | * (at your option) any later version. |
… | |
… | |
234 | |
235 | |
235 | ioctl (fd_tty, TIOCSCTTY, NULL); |
236 | ioctl (fd_tty, TIOCSCTTY, NULL); |
236 | |
237 | |
237 | int fd = open ("/dev/tty", O_WRONLY); |
238 | int fd = open ("/dev/tty", O_WRONLY); |
238 | if (fd < 0) |
239 | if (fd < 0) |
239 | return -1; /* fatal */ |
240 | return -1; /* fatal */ |
240 | |
241 | |
241 | close (fd); |
242 | close (fd); |
242 | |
243 | |
243 | return 0; |
244 | return 0; |
244 | } |
245 | } |
… | |
… | |
370 | } |
371 | } |
371 | |
372 | |
372 | return true; |
373 | return true; |
373 | } |
374 | } |
374 | |
375 | |
|
|
376 | ///////////////////////////////////////////////////////////////////////////// |
|
|
377 | // helper/proxy support |
|
|
378 | |
375 | #if PTYTTY_HELPER |
379 | #if PTYTTY_HELPER |
376 | |
380 | |
377 | static int sock_fd = -1; |
381 | static int sock_fd = -1; |
378 | static int helper_pid, owner_pid; |
382 | static int helper_pid, owner_pid; |
379 | |
383 | |
… | |
… | |
411 | cmd.type = command::get; |
415 | cmd.type = command::get; |
412 | |
416 | |
413 | write (sock_fd, &cmd, sizeof (cmd)); |
417 | write (sock_fd, &cmd, sizeof (cmd)); |
414 | |
418 | |
415 | if (read (sock_fd, &id, sizeof (id)) != sizeof (id)) |
419 | if (read (sock_fd, &id, sizeof (id)) != sizeof (id)) |
416 | fatal ("protocol error while creating pty using helper process, aborting.\n"); |
420 | ptytty_fatal ("protocol error while creating pty using helper process, aborting.\n"); |
417 | |
421 | |
418 | if (!id) |
422 | if (!id) |
419 | return false; |
423 | return false; |
420 | |
424 | |
421 | if ((pty = recv_fd (sock_fd)) < 0 |
425 | if ((pty = recv_fd (sock_fd)) < 0 |
422 | || (tty = recv_fd (sock_fd)) < 0) |
426 | || (tty = recv_fd (sock_fd)) < 0) |
423 | fatal ("protocol error while reading pty/tty fds from helper process, aborting.\n"); |
427 | ptytty_fatal ("protocol error while reading pty/tty fds from helper process, aborting.\n"); |
424 | |
428 | |
425 | return true; |
429 | return true; |
426 | } |
430 | } |
427 | |
431 | |
428 | void |
432 | void |
… | |
… | |
481 | } |
485 | } |
482 | } |
486 | } |
483 | else if (cmd.type == command::login) |
487 | else if (cmd.type == command::login) |
484 | { |
488 | { |
485 | #if UTMP_SUPPORT |
489 | #if UTMP_SUPPORT |
486 | if (find (ptys.begin (), ptys.end (), cmd.id)) |
490 | if (find (ptys.begin (), ptys.end (), cmd.id) != ptys.end ()) |
487 | { |
491 | { |
488 | cmd.hostname[sizeof (cmd.hostname) - 1] = 0; |
492 | cmd.hostname[sizeof (cmd.hostname) - 1] = 0; |
489 | cmd.id->login (cmd.cmd_pid, cmd.login_shell, cmd.hostname); |
493 | cmd.id->login (cmd.cmd_pid, cmd.login_shell, cmd.hostname); |
490 | } |
494 | } |
491 | #endif |
495 | #endif |
… | |
… | |
520 | owner_pid = pid; |
524 | owner_pid = pid; |
521 | |
525 | |
522 | int sv[2]; |
526 | int sv[2]; |
523 | |
527 | |
524 | if (socketpair (AF_UNIX, SOCK_STREAM, 0, sv)) |
528 | if (socketpair (AF_UNIX, SOCK_STREAM, 0, sv)) |
525 | fatal ("could not create socket to communicate with pty/sessiondb helper, aborting.\n"); |
529 | ptytty_fatal ("could not create socket to communicate with pty/sessiondb helper, aborting.\n"); |
526 | |
530 | |
527 | helper_pid = fork (); |
531 | helper_pid = fork (); |
528 | |
532 | |
529 | if (helper_pid < 0) |
533 | if (helper_pid < 0) |
530 | fatal ("could not create pty/sessiondb helper process, aborting.\n"); |
534 | ptytty_fatal ("could not create pty/sessiondb helper process, aborting.\n"); |
531 | |
535 | |
532 | if (helper_pid) |
536 | if (helper_pid) |
533 | { |
537 | { |
534 | // client, process |
538 | // client, process |
535 | sock_fd = sv[0]; |
539 | sock_fd = sv[0]; |
… | |
… | |
564 | else |
568 | else |
565 | #endif |
569 | #endif |
566 | return new ptytty_unix; |
570 | return new ptytty_unix; |
567 | } |
571 | } |
568 | |
572 | |
|
|
573 | void |
|
|
574 | ptytty::init () |
|
|
575 | { |
|
|
576 | uid_t uid = getuid (); |
|
|
577 | gid_t gid = getgid (); |
|
|
578 | |
|
|
579 | // before doing anything else, check for setuid/setgid operation, |
|
|
580 | // start the helper process and drop privileges |
|
|
581 | if (uid != geteuid () |
|
|
582 | || gid != getegid ()) |
|
|
583 | { |
|
|
584 | #if PTYTTY_HELPER |
|
|
585 | use_helper (); |
|
|
586 | #else |
|
|
587 | ptytty_warn ("running setuid/setgid without pty helper compiled in, continuing unprivileged.\n"); |
|
|
588 | #endif |
569 | |
589 | |
|
|
590 | drop_privileges (); |
|
|
591 | } |
|
|
592 | } |
|
|
593 | |
|
|
594 | void |
|
|
595 | ptytty::drop_privileges () |
|
|
596 | { |
|
|
597 | uid_t uid = getuid (); |
|
|
598 | gid_t gid = getgid (); |
|
|
599 | |
|
|
600 | // drop privileges |
|
|
601 | #if HAVE_SETRESUID |
|
|
602 | setresgid (gid, gid, gid); |
|
|
603 | setresuid (uid, uid, uid); |
|
|
604 | #elif HAVE_SETREUID |
|
|
605 | setregid (gid, gid); |
|
|
606 | setreuid (uid, uid); |
|
|
607 | #elif HAVE_SETUID |
|
|
608 | setgid (gid); |
|
|
609 | setuid (uid); |
|
|
610 | #endif |
|
|
611 | |
|
|
612 | if (uid != geteuid () |
|
|
613 | || gid != getegid ()) |
|
|
614 | ptytty_fatal ("unable to drop privileges, aborting.\n"); |
|
|
615 | } |
|
|
616 | |
|
|
617 | ///////////////////////////////////////////////////////////////////////////// |
|
|
618 | // C API |
|
|
619 | |
|
|
620 | #ifndef NO_C_API |
|
|
621 | |
|
|
622 | #define DEFINE_METHOD(retval, name, args1, args2) \ |
|
|
623 | extern "C" retval ptytty_ ## name args1 \ |
|
|
624 | { return ((struct ptytty *)ptytty)->name args2; } |
|
|
625 | |
|
|
626 | DEFINE_METHOD(int,pty,(void *ptytty),) |
|
|
627 | DEFINE_METHOD(int,tty,(void *ptytty),) |
|
|
628 | DEFINE_METHOD(int,get,(void *ptytty),()) |
|
|
629 | DEFINE_METHOD(void,login,(void *ptytty, int cmd_pid, bool login_shell, const char *hostname),(cmd_pid,login_shell,hostname)) |
|
|
630 | |
|
|
631 | DEFINE_METHOD(void,close_tty,(void *ptytty),()) |
|
|
632 | DEFINE_METHOD(int,make_controlling_tty,(void *ptytty),()) |
|
|
633 | DEFINE_METHOD(void,set_utf8_mode,(void *ptytty, int on),(on)) |
|
|
634 | |
|
|
635 | #define DEFINE_STATIC(retval, name, args) \ |
|
|
636 | retval ptytty_ ## name args \ |
|
|
637 | { return ptytty::name args; } |
|
|
638 | |
|
|
639 | DEFINE_STATIC(void,drop_privileges,()) |
|
|
640 | DEFINE_STATIC(void,use_helper,()) |
|
|
641 | DEFINE_STATIC(void,init,()) |
|
|
642 | |
|
|
643 | DEFINE_STATIC(void *,create,()) |
|
|
644 | |
|
|
645 | void ptytty_delete (void *ptytty) |
|
|
646 | { |
|
|
647 | delete (struct ptytty *)ptytty; |
|
|
648 | } |
|
|
649 | |
|
|
650 | // send_fd, recv_fd not exposed |
|
|
651 | |
|
|
652 | #endif |