|
|
1 | // This file is part of libptytty. Do not make local modifications. |
|
|
2 | // http://software.schmorp.de/pkg/libptytty |
|
|
3 | |
1 | /*--------------------------------*-C-*---------------------------------* |
4 | /*----------------------------------------------------------------------* |
2 | * File: ptytty.C |
5 | * File: ptytty.C |
3 | *----------------------------------------------------------------------* |
6 | *----------------------------------------------------------------------* |
4 | * |
7 | * |
5 | * All portions of code are copyright by their respective author/s. |
8 | * All portions of code are copyright by their respective author/s. |
6 | * Copyright (c) 1999-2001 Geoff Wing <gcw@pobox.com> |
9 | * Copyright (c) 1999-2001 Geoff Wing <gcw@pobox.com> |
7 | * Copyright (c) 2004-2006 Marc Lehmann <pcg@goof.com> |
10 | * Copyright (c) 2004-2006 Marc Lehmann <pcg@goof.com> |
|
|
11 | * Copyright (c) 2006 Emanuele Giaquinta <e.giaquinta@glauco.it> |
8 | * |
12 | * |
9 | * This program is free software; you can redistribute it and/or modify |
13 | * This program is free software; you can redistribute it and/or modify |
10 | * it under the terms of the GNU General Public License as published by |
14 | * it under the terms of the GNU General Public License as published by |
11 | * the Free Software Foundation; either version 2 of the License, or |
15 | * the Free Software Foundation; either version 2 of the License, or |
12 | * (at your option) any later version. |
16 | * (at your option) any later version. |
… | |
… | |
19 | * You should have received a copy of the GNU General Public License |
23 | * You should have received a copy of the GNU General Public License |
20 | * along with this program; if not, write to the Free Software |
24 | * along with this program; if not, write to the Free Software |
21 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
25 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
22 | *---------------------------------------------------------------------*/ |
26 | *---------------------------------------------------------------------*/ |
23 | |
27 | |
24 | #include "../config.h" /* NECESSARY */ |
28 | #include "../config.h" |
25 | |
29 | |
26 | #include "fdpass.h" |
|
|
27 | #include "ptytty.h" |
30 | #include "ptytty.h" |
28 | |
31 | |
29 | #include <cstdlib> |
32 | #include <cstdlib> |
30 | #include <cstring> |
33 | #include <cstring> |
31 | |
34 | |
… | |
… | |
232 | |
235 | |
233 | ioctl (fd_tty, TIOCSCTTY, NULL); |
236 | ioctl (fd_tty, TIOCSCTTY, NULL); |
234 | |
237 | |
235 | int fd = open ("/dev/tty", O_WRONLY); |
238 | int fd = open ("/dev/tty", O_WRONLY); |
236 | if (fd < 0) |
239 | if (fd < 0) |
237 | return -1; /* fatal */ |
240 | return -1; /* fatal */ |
238 | |
241 | |
239 | close (fd); |
242 | close (fd); |
240 | |
243 | |
241 | return 0; |
244 | return 0; |
242 | } |
245 | } |
… | |
… | |
370 | return true; |
373 | return true; |
371 | } |
374 | } |
372 | |
375 | |
373 | #if PTYTTY_HELPER |
376 | #if PTYTTY_HELPER |
374 | |
377 | |
375 | static int sock_fd; |
378 | static int sock_fd = -1; |
376 | static int pid; |
379 | static int helper_pid, owner_pid; |
377 | |
380 | |
378 | struct command |
381 | struct command |
379 | { |
382 | { |
380 | enum { get, login, destroy } type; |
383 | enum { get, login, destroy } type; |
381 | |
384 | |
… | |
… | |
409 | cmd.type = command::get; |
412 | cmd.type = command::get; |
410 | |
413 | |
411 | write (sock_fd, &cmd, sizeof (cmd)); |
414 | write (sock_fd, &cmd, sizeof (cmd)); |
412 | |
415 | |
413 | if (read (sock_fd, &id, sizeof (id)) != sizeof (id)) |
416 | if (read (sock_fd, &id, sizeof (id)) != sizeof (id)) |
414 | fatal ("protocol error while creating pty using helper process, aborting.\n"); |
417 | ptytty_fatal ("protocol error while creating pty using helper process, aborting.\n"); |
415 | |
418 | |
416 | if (!id) |
419 | if (!id) |
417 | return false; |
420 | return false; |
418 | |
421 | |
419 | if ((pty = ptytty_recv_fd (sock_fd)) < 0 |
422 | if ((pty = recv_fd (sock_fd)) < 0 |
420 | || (tty = ptytty_recv_fd (sock_fd)) < 0) |
423 | || (tty = recv_fd (sock_fd)) < 0) |
421 | fatal ("protocol error while reading pty/tty fds from helper process, aborting.\n"); |
424 | ptytty_fatal ("protocol error while reading pty/tty fds from helper process, aborting.\n"); |
422 | |
425 | |
423 | return true; |
426 | return true; |
424 | } |
427 | } |
425 | |
428 | |
426 | void |
429 | void |
… | |
… | |
466 | if (cmd.id->get ()) |
469 | if (cmd.id->get ()) |
467 | { |
470 | { |
468 | write (sock_fd, &cmd.id, sizeof (cmd.id)); |
471 | write (sock_fd, &cmd.id, sizeof (cmd.id)); |
469 | ptys.push_back (cmd.id); |
472 | ptys.push_back (cmd.id); |
470 | |
473 | |
471 | ptytty_send_fd (sock_fd, cmd.id->pty); |
474 | ptytty::send_fd (sock_fd, cmd.id->pty); |
472 | ptytty_send_fd (sock_fd, cmd.id->tty); |
475 | ptytty::send_fd (sock_fd, cmd.id->tty); |
473 | } |
476 | } |
474 | else |
477 | else |
475 | { |
478 | { |
476 | delete cmd.id; |
479 | delete cmd.id; |
477 | cmd.id = 0; |
480 | cmd.id = 0; |
… | |
… | |
488 | } |
491 | } |
489 | #endif |
492 | #endif |
490 | } |
493 | } |
491 | else if (cmd.type == command::destroy) |
494 | else if (cmd.type == command::destroy) |
492 | { |
495 | { |
493 | ptytty **pty = find (ptys.begin (), ptys.end (), cmd.id); |
496 | vector<ptytty *>::iterator pty = find (ptys.begin (), ptys.end (), cmd.id); |
494 | |
497 | |
495 | if (pty) |
498 | if (pty != ptys.end ()) |
496 | { |
499 | { |
497 | delete *pty; |
500 | delete *pty; |
498 | ptys.erase (pty); |
501 | ptys.erase (pty); |
499 | } |
502 | } |
500 | } |
503 | } |
501 | else |
504 | else |
502 | break; |
505 | break; |
503 | } |
506 | } |
504 | |
507 | |
505 | // destroy all ptys |
508 | // destroy all ptys |
506 | for (ptytty **i = ptys.end (); i-- > ptys.begin (); ) |
509 | for (vector<ptytty *>::iterator i = ptys.end (); i-- > ptys.begin (); ) |
507 | delete *i; |
510 | delete *i; |
508 | } |
511 | } |
509 | |
512 | |
510 | void ptytty_server () |
513 | void |
|
|
514 | ptytty::use_helper () |
511 | { |
515 | { |
|
|
516 | int pid = getpid (); |
|
|
517 | |
|
|
518 | if (sock_fd >= 0 && pid == owner_pid) |
|
|
519 | return; |
|
|
520 | |
|
|
521 | owner_pid = pid; |
|
|
522 | |
512 | int sv[2]; |
523 | int sv[2]; |
513 | |
524 | |
514 | if (socketpair (AF_UNIX, SOCK_STREAM, 0, sv)) |
525 | if (socketpair (AF_UNIX, SOCK_STREAM, 0, sv)) |
515 | fatal ("could not create socket to communicate with pty/sessiondb helper, aborting.\n"); |
526 | ptytty_fatal ("could not create socket to communicate with pty/sessiondb helper, aborting.\n"); |
516 | |
527 | |
517 | pid = fork (); |
528 | helper_pid = fork (); |
518 | |
529 | |
519 | if (pid < 0) |
530 | if (helper_pid < 0) |
520 | fatal ("could not create pty/sessiondb helper process, aborting.\n"); |
531 | ptytty_fatal ("could not create pty/sessiondb helper process, aborting.\n"); |
521 | |
532 | |
522 | if (pid) |
533 | if (helper_pid) |
523 | { |
534 | { |
524 | // client, process |
535 | // client, process |
525 | sock_fd = sv[0]; |
536 | sock_fd = sv[0]; |
526 | close (sv[1]); |
537 | close (sv[1]); |
527 | fcntl (sock_fd, F_SETFD, FD_CLOEXEC); |
538 | fcntl (sock_fd, F_SETFD, FD_CLOEXEC); |
… | |
… | |
529 | else |
540 | else |
530 | { |
541 | { |
531 | // server, pty-helper |
542 | // server, pty-helper |
532 | sock_fd = sv[1]; |
543 | sock_fd = sv[1]; |
533 | |
544 | |
|
|
545 | chdir ("/"); |
|
|
546 | |
534 | for (int fd = 0; fd < 1023; fd++) |
547 | for (int fd = 0; fd < 1023; fd++) |
535 | if (fd != sock_fd) |
548 | if (fd != sock_fd) |
536 | close (fd); |
549 | close (fd); |
537 | |
550 | |
538 | serve (); |
551 | serve (); |
… | |
… | |
540 | } |
553 | } |
541 | } |
554 | } |
542 | |
555 | |
543 | #endif |
556 | #endif |
544 | |
557 | |
545 | // a "factory" *g* |
|
|
546 | ptytty * |
558 | ptytty * |
547 | new_ptytty () |
559 | ptytty::create () |
548 | { |
560 | { |
549 | #if PTYTTY_HELPER |
561 | #if PTYTTY_HELPER |
550 | if (pid > 0) |
562 | if (helper_pid && getpid () == owner_pid) |
551 | // use helper process |
563 | // use helper process |
552 | return new ptytty_proxy; |
564 | return new ptytty_proxy; |
553 | else |
565 | else |
554 | #endif |
566 | #endif |
555 | return new ptytty_unix; |
567 | return new ptytty_unix; |
556 | } |
568 | } |
557 | |
569 | |
558 | /*----------------------- end-of-file (C source) -----------------------*/ |
570 | void |
|
|
571 | ptytty::init () |
|
|
572 | { |
|
|
573 | uid_t uid = getuid (); |
|
|
574 | gid_t gid = getgid (); |
|
|
575 | |
|
|
576 | // before doing anything else, check for setuid/setgid operation, |
|
|
577 | // start the helper process and drop privileges |
|
|
578 | if (uid != geteuid () |
|
|
579 | || gid != getegid ()) |
|
|
580 | { |
|
|
581 | #if PTYTTY_HELPER |
|
|
582 | use_helper (); |
|
|
583 | #else |
|
|
584 | ptytty_warn ("running setuid/setgid without pty helper compiled in, continuing unprivileged.\n"); |
|
|
585 | #endif |
559 | |
586 | |
|
|
587 | drop_privileges (); |
|
|
588 | } |
|
|
589 | } |
|
|
590 | |
|
|
591 | void |
|
|
592 | ptytty::drop_privileges () |
|
|
593 | { |
|
|
594 | uid_t uid = getuid (); |
|
|
595 | gid_t gid = getgid (); |
|
|
596 | |
|
|
597 | // drop privileges |
|
|
598 | #if HAVE_SETRESUID |
|
|
599 | setresgid (gid, gid, gid); |
|
|
600 | setresuid (uid, uid, uid); |
|
|
601 | #elif HAVE_SETREUID |
|
|
602 | setregid (gid, gid); |
|
|
603 | setreuid (uid, uid); |
|
|
604 | #elif HAVE_SETUID |
|
|
605 | setgid (gid); |
|
|
606 | setuid (uid); |
|
|
607 | #endif |
|
|
608 | |
|
|
609 | if (uid != geteuid () |
|
|
610 | || gid != getegid ()) |
|
|
611 | ptytty_fatal ("unable to drop privileges, aborting.\n"); |
|
|
612 | } |
|
|
613 | |