loginrec.c 42 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730
  1. /*
  2. * Copyright (c) 2000 Andre Lucas. All rights reserved.
  3. * Portions copyright (c) 1998 Todd C. Miller
  4. * Portions copyright (c) 1996 Jason Downs
  5. * Portions copyright (c) 1996 Theo de Raadt
  6. *
  7. * Redistribution and use in source and binary forms, with or without
  8. * modification, are permitted provided that the following conditions
  9. * are met:
  10. * 1. Redistributions of source code must retain the above copyright
  11. * notice, this list of conditions and the following disclaimer.
  12. * 2. Redistributions in binary form must reproduce the above copyright
  13. * notice, this list of conditions and the following disclaimer in the
  14. * documentation and/or other materials provided with the distribution.
  15. *
  16. * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  17. * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  18. * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  19. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  20. * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  21. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  22. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  23. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  25. * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26. */
  27. /*
  28. * The btmp logging code is derived from login.c from util-linux and is under
  29. * the the following license:
  30. *
  31. * Copyright (c) 1980, 1987, 1988 The Regents of the University of California.
  32. * All rights reserved.
  33. *
  34. * Redistribution and use in source and binary forms are permitted
  35. * provided that the above copyright notice and this paragraph are
  36. * duplicated in all such forms and that any documentation,
  37. * advertising materials, and other materials related to such
  38. * distribution and use acknowledge that the software was developed
  39. * by the University of California, Berkeley. The name of the
  40. * University may not be used to endorse or promote products derived
  41. * from this software without specific prior written permission.
  42. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  43. * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  44. * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  45. */
  46. /**
  47. ** loginrec.c: platform-independent login recording and lastlog retrieval
  48. **/
  49. /*
  50. * The new login code explained
  51. * ============================
  52. *
  53. * This code attempts to provide a common interface to login recording
  54. * (utmp and friends) and last login time retrieval.
  55. *
  56. * Its primary means of achieving this is to use 'struct logininfo', a
  57. * union of all the useful fields in the various different types of
  58. * system login record structures one finds on UNIX variants.
  59. *
  60. * We depend on autoconf to define which recording methods are to be
  61. * used, and which fields are contained in the relevant data structures
  62. * on the local system. Many C preprocessor symbols affect which code
  63. * gets compiled here.
  64. *
  65. * The code is designed to make it easy to modify a particular
  66. * recording method, without affecting other methods nor requiring so
  67. * many nested conditional compilation blocks as were commonplace in
  68. * the old code.
  69. *
  70. * For login recording, we try to use the local system's libraries as
  71. * these are clearly most likely to work correctly. For utmp systems
  72. * this usually means login() and logout() or setutent() etc., probably
  73. * in libutil, along with logwtmp() etc. On these systems, we fall back
  74. * to writing the files directly if we have to, though this method
  75. * requires very thorough testing so we do not corrupt local auditing
  76. * information. These files and their access methods are very system
  77. * specific indeed.
  78. *
  79. * For utmpx systems, the corresponding library functions are
  80. * setutxent() etc. To the author's knowledge, all utmpx systems have
  81. * these library functions and so no direct write is attempted. If such
  82. * a system exists and needs support, direct analogues of the [uw]tmp
  83. * code should suffice.
  84. *
  85. * Retrieving the time of last login ('lastlog') is in some ways even
  86. * more problemmatic than login recording. Some systems provide a
  87. * simple table of all users which we seek based on uid and retrieve a
  88. * relatively standard structure. Others record the same information in
  89. * a directory with a separate file, and others don't record the
  90. * information separately at all. For systems in the latter category,
  91. * we look backwards in the wtmp or wtmpx file for the last login entry
  92. * for our user. Naturally this is slower and on busy systems could
  93. * incur a significant performance penalty.
  94. *
  95. * Calling the new code
  96. * --------------------
  97. *
  98. * In OpenSSH all login recording and retrieval is performed in
  99. * login.c. Here you'll find working examples. Also, in the logintest.c
  100. * program there are more examples.
  101. *
  102. * Internal handler calling method
  103. * -------------------------------
  104. *
  105. * When a call is made to login_login() or login_logout(), both
  106. * routines set a struct logininfo flag defining which action (log in,
  107. * or log out) is to be taken. They both then call login_write(), which
  108. * calls whichever of the many structure-specific handlers autoconf
  109. * selects for the local system.
  110. *
  111. * The handlers themselves handle system data structure specifics. Both
  112. * struct utmp and struct utmpx have utility functions (see
  113. * construct_utmp*()) to try to make it simpler to add extra systems
  114. * that introduce new features to either structure.
  115. *
  116. * While it may seem terribly wasteful to replicate so much similar
  117. * code for each method, experience has shown that maintaining code to
  118. * write both struct utmp and utmpx in one function, whilst maintaining
  119. * support for all systems whether they have library support or not, is
  120. * a difficult and time-consuming task.
  121. *
  122. * Lastlog support proceeds similarly. Functions login_get_lastlog()
  123. * (and its OpenSSH-tuned friend login_get_lastlog_time()) call
  124. * getlast_entry(), which tries one of three methods to find the last
  125. * login time. It uses local system lastlog support if it can,
  126. * otherwise it tries wtmp or wtmpx before giving up and returning 0,
  127. * meaning "tilt".
  128. *
  129. * Maintenance
  130. * -----------
  131. *
  132. * In many cases it's possible to tweak autoconf to select the correct
  133. * methods for a particular platform, either by improving the detection
  134. * code (best), or by presetting DISABLE_<method> or CONF_<method>_FILE
  135. * symbols for the platform.
  136. *
  137. * Use logintest to check which symbols are defined before modifying
  138. * configure.ac and loginrec.c. (You have to build logintest yourself
  139. * with 'make logintest' as it's not built by default.)
  140. *
  141. * Otherwise, patches to the specific method(s) are very helpful!
  142. */
  143. #include "includes.h"
  144. #include <sys/types.h>
  145. #include <sys/stat.h>
  146. #include <sys/socket.h>
  147. #ifdef HAVE_SYS_TIME_H
  148. # include <sys/time.h>
  149. #endif
  150. #include <netinet/in.h>
  151. #include <stdlib.h>
  152. #include <errno.h>
  153. #include <fcntl.h>
  154. #ifdef HAVE_PATHS_H
  155. # include <paths.h>
  156. #endif
  157. #include <pwd.h>
  158. #include <stdarg.h>
  159. #include <stdio.h>
  160. #include <string.h>
  161. #include <time.h>
  162. #include <unistd.h>
  163. #include "xmalloc.h"
  164. #include "sshkey.h"
  165. #include "hostfile.h"
  166. #include "ssh.h"
  167. #include "loginrec.h"
  168. #include "log.h"
  169. #include "atomicio.h"
  170. #include "packet.h"
  171. #include "canohost.h"
  172. #include "auth.h"
  173. #include "sshbuf.h"
  174. #include "ssherr.h"
  175. #ifdef HAVE_UTIL_H
  176. # include <util.h>
  177. #endif
  178. /**
  179. ** prototypes for helper functions in this file
  180. **/
  181. #if HAVE_UTMP_H
  182. void set_utmp_time(struct logininfo *li, struct utmp *ut);
  183. void construct_utmp(struct logininfo *li, struct utmp *ut);
  184. #endif
  185. #ifdef HAVE_UTMPX_H
  186. void set_utmpx_time(struct logininfo *li, struct utmpx *ut);
  187. void construct_utmpx(struct logininfo *li, struct utmpx *ut);
  188. #endif
  189. int utmp_write_entry(struct logininfo *li);
  190. int utmpx_write_entry(struct logininfo *li);
  191. int wtmp_write_entry(struct logininfo *li);
  192. int wtmpx_write_entry(struct logininfo *li);
  193. int lastlog_write_entry(struct logininfo *li);
  194. int syslogin_write_entry(struct logininfo *li);
  195. int getlast_entry(struct logininfo *li);
  196. int lastlog_get_entry(struct logininfo *li);
  197. int utmpx_get_entry(struct logininfo *li);
  198. int wtmp_get_entry(struct logininfo *li);
  199. int wtmpx_get_entry(struct logininfo *li);
  200. extern struct sshbuf *loginmsg;
  201. /* pick the shortest string */
  202. #define MIN_SIZEOF(s1,s2) (sizeof(s1) < sizeof(s2) ? sizeof(s1) : sizeof(s2))
  203. /**
  204. ** platform-independent login functions
  205. **/
  206. /*
  207. * login_login(struct logininfo *) - Record a login
  208. *
  209. * Call with a pointer to a struct logininfo initialised with
  210. * login_init_entry() or login_alloc_entry()
  211. *
  212. * Returns:
  213. * >0 if successful
  214. * 0 on failure (will use OpenSSH's logging facilities for diagnostics)
  215. */
  216. int
  217. login_login(struct logininfo *li)
  218. {
  219. li->type = LTYPE_LOGIN;
  220. return (login_write(li));
  221. }
  222. /*
  223. * login_logout(struct logininfo *) - Record a logout
  224. *
  225. * Call as with login_login()
  226. *
  227. * Returns:
  228. * >0 if successful
  229. * 0 on failure (will use OpenSSH's logging facilities for diagnostics)
  230. */
  231. int
  232. login_logout(struct logininfo *li)
  233. {
  234. li->type = LTYPE_LOGOUT;
  235. return (login_write(li));
  236. }
  237. /*
  238. * login_get_lastlog_time(int) - Retrieve the last login time
  239. *
  240. * Retrieve the last login time for the given uid. Will try to use the
  241. * system lastlog facilities if they are available, but will fall back
  242. * to looking in wtmp/wtmpx if necessary
  243. *
  244. * Returns:
  245. * 0 on failure, or if user has never logged in
  246. * Time in seconds from the epoch if successful
  247. *
  248. * Useful preprocessor symbols:
  249. * DISABLE_LASTLOG: If set, *never* even try to retrieve lastlog
  250. * info
  251. * USE_LASTLOG: If set, indicates the presence of system lastlog
  252. * facilities. If this and DISABLE_LASTLOG are not set,
  253. * try to retrieve lastlog information from wtmp/wtmpx.
  254. */
  255. unsigned int
  256. login_get_lastlog_time(const uid_t uid)
  257. {
  258. struct logininfo li;
  259. if (login_get_lastlog(&li, uid))
  260. return (li.tv_sec);
  261. else
  262. return (0);
  263. }
  264. /*
  265. * login_get_lastlog(struct logininfo *, int) - Retrieve a lastlog entry
  266. *
  267. * Retrieve a logininfo structure populated (only partially) with
  268. * information from the system lastlog data, or from wtmp/wtmpx if no
  269. * system lastlog information exists.
  270. *
  271. * Note this routine must be given a pre-allocated logininfo.
  272. *
  273. * Returns:
  274. * >0: A pointer to your struct logininfo if successful
  275. * 0 on failure (will use OpenSSH's logging facilities for diagnostics)
  276. */
  277. struct logininfo *
  278. login_get_lastlog(struct logininfo *li, const uid_t uid)
  279. {
  280. struct passwd *pw;
  281. memset(li, '\0', sizeof(*li));
  282. li->uid = uid;
  283. /*
  284. * If we don't have a 'real' lastlog, we need the username to
  285. * reliably search wtmp(x) for the last login (see
  286. * wtmp_get_entry().)
  287. */
  288. pw = getpwuid(uid);
  289. if (pw == NULL)
  290. fatal("%s: Cannot find account for uid %ld", __func__,
  291. (long)uid);
  292. if (strlcpy(li->username, pw->pw_name, sizeof(li->username)) >=
  293. sizeof(li->username)) {
  294. error("%s: username too long (%lu > max %lu)", __func__,
  295. (unsigned long)strlen(pw->pw_name),
  296. (unsigned long)sizeof(li->username) - 1);
  297. return NULL;
  298. }
  299. if (getlast_entry(li))
  300. return (li);
  301. else
  302. return (NULL);
  303. }
  304. /*
  305. * login_alloc_entry(int, char*, char*, char*) - Allocate and initialise
  306. * a logininfo structure
  307. *
  308. * This function creates a new struct logininfo, a data structure
  309. * meant to carry the information required to portably record login info.
  310. *
  311. * Returns a pointer to a newly created struct logininfo. If memory
  312. * allocation fails, the program halts.
  313. */
  314. struct
  315. logininfo *login_alloc_entry(pid_t pid, const char *username,
  316. const char *hostname, const char *line)
  317. {
  318. struct logininfo *newli;
  319. newli = xmalloc(sizeof(*newli));
  320. login_init_entry(newli, pid, username, hostname, line);
  321. return (newli);
  322. }
  323. /* login_free_entry(struct logininfo *) - free struct memory */
  324. void
  325. login_free_entry(struct logininfo *li)
  326. {
  327. free(li);
  328. }
  329. /* login_init_entry(struct logininfo *, int, char*, char*, char*)
  330. * - initialise a struct logininfo
  331. *
  332. * Populates a new struct logininfo, a data structure meant to carry
  333. * the information required to portably record login info.
  334. *
  335. * Returns: 1
  336. */
  337. int
  338. login_init_entry(struct logininfo *li, pid_t pid, const char *username,
  339. const char *hostname, const char *line)
  340. {
  341. struct passwd *pw;
  342. memset(li, 0, sizeof(*li));
  343. li->pid = pid;
  344. /* set the line information */
  345. if (line)
  346. line_fullname(li->line, line, sizeof(li->line));
  347. if (username) {
  348. strlcpy(li->username, username, sizeof(li->username));
  349. pw = getpwnam(li->username);
  350. if (pw == NULL) {
  351. fatal("%s: Cannot find user \"%s\"", __func__,
  352. li->username);
  353. }
  354. li->uid = pw->pw_uid;
  355. }
  356. if (hostname)
  357. strlcpy(li->hostname, hostname, sizeof(li->hostname));
  358. return (1);
  359. }
  360. /*
  361. * login_set_current_time(struct logininfo *) - set the current time
  362. *
  363. * Set the current time in a logininfo structure. This function is
  364. * meant to eliminate the need to deal with system dependencies for
  365. * time handling.
  366. */
  367. void
  368. login_set_current_time(struct logininfo *li)
  369. {
  370. struct timeval tv;
  371. gettimeofday(&tv, NULL);
  372. li->tv_sec = tv.tv_sec;
  373. li->tv_usec = tv.tv_usec;
  374. }
  375. /* copy a sockaddr_* into our logininfo */
  376. void
  377. login_set_addr(struct logininfo *li, const struct sockaddr *sa,
  378. const unsigned int sa_size)
  379. {
  380. unsigned int bufsize = sa_size;
  381. /* make sure we don't overrun our union */
  382. if (sizeof(li->hostaddr) < sa_size)
  383. bufsize = sizeof(li->hostaddr);
  384. memcpy(&li->hostaddr.sa, sa, bufsize);
  385. }
  386. /**
  387. ** login_write: Call low-level recording functions based on autoconf
  388. ** results
  389. **/
  390. int
  391. login_write(struct logininfo *li)
  392. {
  393. #ifndef HAVE_CYGWIN
  394. if (geteuid() != 0) {
  395. logit("Attempt to write login records by non-root user (aborting)");
  396. return (1);
  397. }
  398. #endif
  399. /* set the timestamp */
  400. login_set_current_time(li);
  401. #ifdef USE_LOGIN
  402. syslogin_write_entry(li);
  403. #endif
  404. #ifdef USE_LASTLOG
  405. if (li->type == LTYPE_LOGIN)
  406. lastlog_write_entry(li);
  407. #endif
  408. #ifdef USE_UTMP
  409. utmp_write_entry(li);
  410. #endif
  411. #ifdef USE_WTMP
  412. wtmp_write_entry(li);
  413. #endif
  414. #ifdef USE_UTMPX
  415. utmpx_write_entry(li);
  416. #endif
  417. #ifdef USE_WTMPX
  418. wtmpx_write_entry(li);
  419. #endif
  420. #ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN
  421. if (li->type == LTYPE_LOGIN &&
  422. !sys_auth_record_login(li->username,li->hostname,li->line,
  423. loginmsg))
  424. logit("Writing login record failed for %s", li->username);
  425. #endif
  426. #ifdef SSH_AUDIT_EVENTS
  427. if (li->type == LTYPE_LOGIN)
  428. audit_session_open(li);
  429. else if (li->type == LTYPE_LOGOUT)
  430. audit_session_close(li);
  431. #endif
  432. return (0);
  433. }
  434. #ifdef LOGIN_NEEDS_UTMPX
  435. int
  436. login_utmp_only(struct logininfo *li)
  437. {
  438. li->type = LTYPE_LOGIN;
  439. login_set_current_time(li);
  440. # ifdef USE_UTMP
  441. utmp_write_entry(li);
  442. # endif
  443. # ifdef USE_WTMP
  444. wtmp_write_entry(li);
  445. # endif
  446. # ifdef USE_UTMPX
  447. utmpx_write_entry(li);
  448. # endif
  449. # ifdef USE_WTMPX
  450. wtmpx_write_entry(li);
  451. # endif
  452. return (0);
  453. }
  454. #endif
  455. /**
  456. ** getlast_entry: Call low-level functions to retrieve the last login
  457. ** time.
  458. **/
  459. /* take the uid in li and return the last login time */
  460. int
  461. getlast_entry(struct logininfo *li)
  462. {
  463. #ifdef USE_LASTLOG
  464. return(lastlog_get_entry(li));
  465. #else /* !USE_LASTLOG */
  466. #if defined(USE_UTMPX) && defined(HAVE_SETUTXDB) && \
  467. defined(UTXDB_LASTLOGIN) && defined(HAVE_GETUTXUSER)
  468. return (utmpx_get_entry(li));
  469. #endif
  470. #if defined(DISABLE_LASTLOG)
  471. /* On some systems we shouldn't even try to obtain last login
  472. * time, e.g. AIX */
  473. return (0);
  474. # elif defined(USE_WTMP) && \
  475. (defined(HAVE_TIME_IN_UTMP) || defined(HAVE_TV_IN_UTMP))
  476. /* retrieve last login time from utmp */
  477. return (wtmp_get_entry(li));
  478. # elif defined(USE_WTMPX) && \
  479. (defined(HAVE_TIME_IN_UTMPX) || defined(HAVE_TV_IN_UTMPX))
  480. /* If wtmp isn't available, try wtmpx */
  481. return (wtmpx_get_entry(li));
  482. # else
  483. /* Give up: No means of retrieving last login time */
  484. return (0);
  485. # endif /* DISABLE_LASTLOG */
  486. #endif /* USE_LASTLOG */
  487. }
  488. /*
  489. * 'line' string utility functions
  490. *
  491. * These functions process the 'line' string into one of three forms:
  492. *
  493. * 1. The full filename (including '/dev')
  494. * 2. The stripped name (excluding '/dev')
  495. * 3. The abbreviated name (e.g. /dev/ttyp00 -> yp00
  496. * /dev/pts/1 -> ts/1 )
  497. *
  498. * Form 3 is used on some systems to identify a .tmp.? entry when
  499. * attempting to remove it. Typically both addition and removal is
  500. * performed by one application - say, sshd - so as long as the choice
  501. * uniquely identifies a terminal it's ok.
  502. */
  503. /*
  504. * line_fullname(): add the leading '/dev/' if it doesn't exist make
  505. * sure dst has enough space, if not just copy src (ugh)
  506. */
  507. char *
  508. line_fullname(char *dst, const char *src, u_int dstsize)
  509. {
  510. memset(dst, '\0', dstsize);
  511. if ((strncmp(src, "/dev/", 5) == 0) || (dstsize < (strlen(src) + 5)))
  512. strlcpy(dst, src, dstsize);
  513. else {
  514. strlcpy(dst, "/dev/", dstsize);
  515. strlcat(dst, src, dstsize);
  516. }
  517. return (dst);
  518. }
  519. /* line_stripname(): strip the leading '/dev' if it exists, return dst */
  520. char *
  521. line_stripname(char *dst, const char *src, int dstsize)
  522. {
  523. memset(dst, '\0', dstsize);
  524. if (strncmp(src, "/dev/", 5) == 0)
  525. strlcpy(dst, src + 5, dstsize);
  526. else
  527. strlcpy(dst, src, dstsize);
  528. return (dst);
  529. }
  530. /*
  531. * line_abbrevname(): Return the abbreviated (usually four-character)
  532. * form of the line (Just use the last <dstsize> characters of the
  533. * full name.)
  534. *
  535. * NOTE: use strncpy because we do NOT necessarily want zero
  536. * termination
  537. */
  538. char *
  539. line_abbrevname(char *dst, const char *src, int dstsize)
  540. {
  541. size_t len;
  542. memset(dst, '\0', dstsize);
  543. /* Always skip prefix if present */
  544. if (strncmp(src, "/dev/", 5) == 0)
  545. src += 5;
  546. #ifdef WITH_ABBREV_NO_TTY
  547. if (strncmp(src, "tty", 3) == 0)
  548. src += 3;
  549. #endif
  550. len = strlen(src);
  551. if (len > 0) {
  552. if (((int)len - dstsize) > 0)
  553. src += ((int)len - dstsize);
  554. /* note: _don't_ change this to strlcpy */
  555. strncpy(dst, src, (size_t)dstsize);
  556. }
  557. return (dst);
  558. }
  559. /**
  560. ** utmp utility functions
  561. **
  562. ** These functions manipulate struct utmp, taking system differences
  563. ** into account.
  564. **/
  565. #if defined(USE_UTMP) || defined (USE_WTMP) || defined (USE_LOGIN)
  566. /* build the utmp structure */
  567. void
  568. set_utmp_time(struct logininfo *li, struct utmp *ut)
  569. {
  570. # if defined(HAVE_TV_IN_UTMP)
  571. ut->ut_tv.tv_sec = li->tv_sec;
  572. ut->ut_tv.tv_usec = li->tv_usec;
  573. # elif defined(HAVE_TIME_IN_UTMP)
  574. ut->ut_time = li->tv_sec;
  575. # endif
  576. }
  577. void
  578. construct_utmp(struct logininfo *li,
  579. struct utmp *ut)
  580. {
  581. # ifdef HAVE_ADDR_V6_IN_UTMP
  582. struct sockaddr_in6 *sa6;
  583. # endif
  584. memset(ut, '\0', sizeof(*ut));
  585. /* First fill out fields used for both logins and logouts */
  586. # ifdef HAVE_ID_IN_UTMP
  587. line_abbrevname(ut->ut_id, li->line, sizeof(ut->ut_id));
  588. # endif
  589. # ifdef HAVE_TYPE_IN_UTMP
  590. /* This is done here to keep utmp constants out of struct logininfo */
  591. switch (li->type) {
  592. case LTYPE_LOGIN:
  593. ut->ut_type = USER_PROCESS;
  594. break;
  595. case LTYPE_LOGOUT:
  596. ut->ut_type = DEAD_PROCESS;
  597. break;
  598. }
  599. # endif
  600. set_utmp_time(li, ut);
  601. line_stripname(ut->ut_line, li->line, sizeof(ut->ut_line));
  602. # ifdef HAVE_PID_IN_UTMP
  603. ut->ut_pid = li->pid;
  604. # endif
  605. /* If we're logging out, leave all other fields blank */
  606. if (li->type == LTYPE_LOGOUT)
  607. return;
  608. /*
  609. * These fields are only used when logging in, and are blank
  610. * for logouts.
  611. */
  612. /* Use strncpy because we don't necessarily want null termination */
  613. strncpy(ut->ut_name, li->username,
  614. MIN_SIZEOF(ut->ut_name, li->username));
  615. # ifdef HAVE_HOST_IN_UTMP
  616. strncpy(ut->ut_host, li->hostname,
  617. MIN_SIZEOF(ut->ut_host, li->hostname));
  618. # endif
  619. # ifdef HAVE_ADDR_IN_UTMP
  620. /* this is just a 32-bit IP address */
  621. if (li->hostaddr.sa.sa_family == AF_INET)
  622. ut->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr;
  623. # endif
  624. # ifdef HAVE_ADDR_V6_IN_UTMP
  625. /* this is just a 128-bit IPv6 address */
  626. if (li->hostaddr.sa.sa_family == AF_INET6) {
  627. sa6 = ((struct sockaddr_in6 *)&li->hostaddr.sa);
  628. memcpy(ut->ut_addr_v6, sa6->sin6_addr.s6_addr, 16);
  629. if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) {
  630. ut->ut_addr_v6[0] = ut->ut_addr_v6[3];
  631. ut->ut_addr_v6[1] = 0;
  632. ut->ut_addr_v6[2] = 0;
  633. ut->ut_addr_v6[3] = 0;
  634. }
  635. }
  636. # endif
  637. }
  638. #endif /* USE_UTMP || USE_WTMP || USE_LOGIN */
  639. /**
  640. ** utmpx utility functions
  641. **
  642. ** These functions manipulate struct utmpx, accounting for system
  643. ** variations.
  644. **/
  645. #if defined(USE_UTMPX) || defined (USE_WTMPX)
  646. /* build the utmpx structure */
  647. void
  648. set_utmpx_time(struct logininfo *li, struct utmpx *utx)
  649. {
  650. # if defined(HAVE_TV_IN_UTMPX)
  651. utx->ut_tv.tv_sec = li->tv_sec;
  652. utx->ut_tv.tv_usec = li->tv_usec;
  653. # elif defined(HAVE_TIME_IN_UTMPX)
  654. utx->ut_time = li->tv_sec;
  655. # endif
  656. }
  657. void
  658. construct_utmpx(struct logininfo *li, struct utmpx *utx)
  659. {
  660. # ifdef HAVE_ADDR_V6_IN_UTMP
  661. struct sockaddr_in6 *sa6;
  662. # endif
  663. memset(utx, '\0', sizeof(*utx));
  664. # ifdef HAVE_ID_IN_UTMPX
  665. line_abbrevname(utx->ut_id, li->line, sizeof(utx->ut_id));
  666. # endif
  667. /* this is done here to keep utmp constants out of loginrec.h */
  668. switch (li->type) {
  669. case LTYPE_LOGIN:
  670. utx->ut_type = USER_PROCESS;
  671. break;
  672. case LTYPE_LOGOUT:
  673. utx->ut_type = DEAD_PROCESS;
  674. break;
  675. }
  676. line_stripname(utx->ut_line, li->line, sizeof(utx->ut_line));
  677. set_utmpx_time(li, utx);
  678. utx->ut_pid = li->pid;
  679. /* strncpy(): Don't necessarily want null termination */
  680. strncpy(utx->ut_user, li->username,
  681. MIN_SIZEOF(utx->ut_user, li->username));
  682. if (li->type == LTYPE_LOGOUT)
  683. return;
  684. /*
  685. * These fields are only used when logging in, and are blank
  686. * for logouts.
  687. */
  688. # ifdef HAVE_HOST_IN_UTMPX
  689. strncpy(utx->ut_host, li->hostname,
  690. MIN_SIZEOF(utx->ut_host, li->hostname));
  691. # endif
  692. # ifdef HAVE_SS_IN_UTMPX
  693. utx->ut_ss = li->hostaddr.sa_storage;
  694. # endif
  695. # ifdef HAVE_ADDR_IN_UTMPX
  696. /* this is just a 32-bit IP address */
  697. if (li->hostaddr.sa.sa_family == AF_INET)
  698. utx->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr;
  699. # endif
  700. # ifdef HAVE_ADDR_V6_IN_UTMP
  701. /* this is just a 128-bit IPv6 address */
  702. if (li->hostaddr.sa.sa_family == AF_INET6) {
  703. sa6 = ((struct sockaddr_in6 *)&li->hostaddr.sa);
  704. memcpy(utx->ut_addr_v6, sa6->sin6_addr.s6_addr, 16);
  705. if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) {
  706. utx->ut_addr_v6[0] = utx->ut_addr_v6[3];
  707. utx->ut_addr_v6[1] = 0;
  708. utx->ut_addr_v6[2] = 0;
  709. utx->ut_addr_v6[3] = 0;
  710. }
  711. }
  712. # endif
  713. # ifdef HAVE_SYSLEN_IN_UTMPX
  714. /* ut_syslen is the length of the utx_host string */
  715. utx->ut_syslen = MIN(strlen(li->hostname), sizeof(utx->ut_host));
  716. # endif
  717. }
  718. #endif /* USE_UTMPX || USE_WTMPX */
  719. /**
  720. ** Low-level utmp functions
  721. **/
  722. /* FIXME: (ATL) utmp_write_direct needs testing */
  723. #ifdef USE_UTMP
  724. /* if we can, use pututline() etc. */
  725. # if !defined(DISABLE_PUTUTLINE) && defined(HAVE_SETUTENT) && \
  726. defined(HAVE_PUTUTLINE)
  727. # define UTMP_USE_LIBRARY
  728. # endif
  729. /* write a utmp entry with the system's help (pututline() and pals) */
  730. # ifdef UTMP_USE_LIBRARY
  731. static int
  732. utmp_write_library(struct logininfo *li, struct utmp *ut)
  733. {
  734. setutent();
  735. pututline(ut);
  736. # ifdef HAVE_ENDUTENT
  737. endutent();
  738. # endif
  739. return (1);
  740. }
  741. # else /* UTMP_USE_LIBRARY */
  742. /*
  743. * Write a utmp entry direct to the file
  744. * This is a slightly modification of code in OpenBSD's login.c
  745. */
  746. static int
  747. utmp_write_direct(struct logininfo *li, struct utmp *ut)
  748. {
  749. struct utmp old_ut;
  750. register int fd;
  751. int tty;
  752. /* FIXME: (ATL) ttyslot() needs local implementation */
  753. #if defined(HAVE_GETTTYENT)
  754. struct ttyent *ty;
  755. tty=0;
  756. setttyent();
  757. while (NULL != (ty = getttyent())) {
  758. tty++;
  759. if (!strncmp(ty->ty_name, ut->ut_line, sizeof(ut->ut_line)))
  760. break;
  761. }
  762. endttyent();
  763. if (NULL == ty) {
  764. logit("%s: tty not found", __func__);
  765. return (0);
  766. }
  767. #else /* FIXME */
  768. tty = ttyslot(); /* seems only to work for /dev/ttyp? style names */
  769. #endif /* HAVE_GETTTYENT */
  770. if (tty > 0 && (fd = open(UTMP_FILE, O_RDWR|O_CREAT, 0644)) >= 0) {
  771. off_t pos, ret;
  772. pos = (off_t)tty * sizeof(struct utmp);
  773. if ((ret = lseek(fd, pos, SEEK_SET)) == -1) {
  774. logit("%s: lseek: %s", __func__, strerror(errno));
  775. close(fd);
  776. return (0);
  777. }
  778. if (ret != pos) {
  779. logit("%s: Couldn't seek to tty %d slot in %s",
  780. __func__, tty, UTMP_FILE);
  781. close(fd);
  782. return (0);
  783. }
  784. /*
  785. * Prevent luser from zero'ing out ut_host.
  786. * If the new ut_line is empty but the old one is not
  787. * and ut_line and ut_name match, preserve the old ut_line.
  788. */
  789. if (atomicio(read, fd, &old_ut, sizeof(old_ut)) == sizeof(old_ut) &&
  790. (ut->ut_host[0] == '\0') && (old_ut.ut_host[0] != '\0') &&
  791. (strncmp(old_ut.ut_line, ut->ut_line, sizeof(ut->ut_line)) == 0) &&
  792. (strncmp(old_ut.ut_name, ut->ut_name, sizeof(ut->ut_name)) == 0))
  793. memcpy(ut->ut_host, old_ut.ut_host, sizeof(ut->ut_host));
  794. if ((ret = lseek(fd, pos, SEEK_SET)) == -1) {
  795. logit("%s: lseek: %s", __func__, strerror(errno));
  796. close(fd);
  797. return (0);
  798. }
  799. if (ret != pos) {
  800. logit("%s: Couldn't seek to tty %d slot in %s",
  801. __func__, tty, UTMP_FILE);
  802. close(fd);
  803. return (0);
  804. }
  805. if (atomicio(vwrite, fd, ut, sizeof(*ut)) != sizeof(*ut)) {
  806. logit("%s: error writing %s: %s", __func__,
  807. UTMP_FILE, strerror(errno));
  808. close(fd);
  809. return (0);
  810. }
  811. close(fd);
  812. return (1);
  813. } else {
  814. return (0);
  815. }
  816. }
  817. # endif /* UTMP_USE_LIBRARY */
  818. static int
  819. utmp_perform_login(struct logininfo *li)
  820. {
  821. struct utmp ut;
  822. construct_utmp(li, &ut);
  823. # ifdef UTMP_USE_LIBRARY
  824. if (!utmp_write_library(li, &ut)) {
  825. logit("%s: utmp_write_library() failed", __func__);
  826. return (0);
  827. }
  828. # else
  829. if (!utmp_write_direct(li, &ut)) {
  830. logit("%s: utmp_write_direct() failed", __func__);
  831. return (0);
  832. }
  833. # endif
  834. return (1);
  835. }
  836. static int
  837. utmp_perform_logout(struct logininfo *li)
  838. {
  839. struct utmp ut;
  840. construct_utmp(li, &ut);
  841. # ifdef UTMP_USE_LIBRARY
  842. if (!utmp_write_library(li, &ut)) {
  843. logit("%s: utmp_write_library() failed", __func__);
  844. return (0);
  845. }
  846. # else
  847. if (!utmp_write_direct(li, &ut)) {
  848. logit("%s: utmp_write_direct() failed", __func__);
  849. return (0);
  850. }
  851. # endif
  852. return (1);
  853. }
  854. int
  855. utmp_write_entry(struct logininfo *li)
  856. {
  857. switch(li->type) {
  858. case LTYPE_LOGIN:
  859. return (utmp_perform_login(li));
  860. case LTYPE_LOGOUT:
  861. return (utmp_perform_logout(li));
  862. default:
  863. logit("%s: invalid type field", __func__);
  864. return (0);
  865. }
  866. }
  867. #endif /* USE_UTMP */
  868. /**
  869. ** Low-level utmpx functions
  870. **/
  871. /* not much point if we don't want utmpx entries */
  872. #ifdef USE_UTMPX
  873. /* if we have the wherewithall, use pututxline etc. */
  874. # if !defined(DISABLE_PUTUTXLINE) && defined(HAVE_SETUTXENT) && \
  875. defined(HAVE_PUTUTXLINE)
  876. # define UTMPX_USE_LIBRARY
  877. # endif
  878. /* write a utmpx entry with the system's help (pututxline() and pals) */
  879. # ifdef UTMPX_USE_LIBRARY
  880. static int
  881. utmpx_write_library(struct logininfo *li, struct utmpx *utx)
  882. {
  883. setutxent();
  884. pututxline(utx);
  885. # ifdef HAVE_ENDUTXENT
  886. endutxent();
  887. # endif
  888. return (1);
  889. }
  890. # else /* UTMPX_USE_LIBRARY */
  891. /* write a utmp entry direct to the file */
  892. static int
  893. utmpx_write_direct(struct logininfo *li, struct utmpx *utx)
  894. {
  895. logit("%s: not implemented!", __func__);
  896. return (0);
  897. }
  898. # endif /* UTMPX_USE_LIBRARY */
  899. static int
  900. utmpx_perform_login(struct logininfo *li)
  901. {
  902. struct utmpx utx;
  903. construct_utmpx(li, &utx);
  904. # ifdef UTMPX_USE_LIBRARY
  905. if (!utmpx_write_library(li, &utx)) {
  906. logit("%s: utmp_write_library() failed", __func__);
  907. return (0);
  908. }
  909. # else
  910. if (!utmpx_write_direct(li, &ut)) {
  911. logit("%s: utmp_write_direct() failed", __func__);
  912. return (0);
  913. }
  914. # endif
  915. return (1);
  916. }
  917. static int
  918. utmpx_perform_logout(struct logininfo *li)
  919. {
  920. struct utmpx utx;
  921. construct_utmpx(li, &utx);
  922. # ifdef HAVE_ID_IN_UTMPX
  923. line_abbrevname(utx.ut_id, li->line, sizeof(utx.ut_id));
  924. # endif
  925. # ifdef HAVE_TYPE_IN_UTMPX
  926. utx.ut_type = DEAD_PROCESS;
  927. # endif
  928. # ifdef UTMPX_USE_LIBRARY
  929. utmpx_write_library(li, &utx);
  930. # else
  931. utmpx_write_direct(li, &utx);
  932. # endif
  933. return (1);
  934. }
  935. int
  936. utmpx_write_entry(struct logininfo *li)
  937. {
  938. switch(li->type) {
  939. case LTYPE_LOGIN:
  940. return (utmpx_perform_login(li));
  941. case LTYPE_LOGOUT:
  942. return (utmpx_perform_logout(li));
  943. default:
  944. logit("%s: invalid type field", __func__);
  945. return (0);
  946. }
  947. }
  948. #endif /* USE_UTMPX */
  949. /**
  950. ** Low-level wtmp functions
  951. **/
  952. #ifdef USE_WTMP
  953. /*
  954. * Write a wtmp entry direct to the end of the file
  955. * This is a slight modification of code in OpenBSD's logwtmp.c
  956. */
  957. static int
  958. wtmp_write(struct logininfo *li, struct utmp *ut)
  959. {
  960. struct stat buf;
  961. int fd, ret = 1;
  962. if ((fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0) {
  963. logit("%s: problem writing %s: %s", __func__,
  964. WTMP_FILE, strerror(errno));
  965. return (0);
  966. }
  967. if (fstat(fd, &buf) == 0)
  968. if (atomicio(vwrite, fd, ut, sizeof(*ut)) != sizeof(*ut)) {
  969. ftruncate(fd, buf.st_size);
  970. logit("%s: problem writing %s: %s", __func__,
  971. WTMP_FILE, strerror(errno));
  972. ret = 0;
  973. }
  974. close(fd);
  975. return (ret);
  976. }
  977. static int
  978. wtmp_perform_login(struct logininfo *li)
  979. {
  980. struct utmp ut;
  981. construct_utmp(li, &ut);
  982. return (wtmp_write(li, &ut));
  983. }
  984. static int
  985. wtmp_perform_logout(struct logininfo *li)
  986. {
  987. struct utmp ut;
  988. construct_utmp(li, &ut);
  989. return (wtmp_write(li, &ut));
  990. }
  991. int
  992. wtmp_write_entry(struct logininfo *li)
  993. {
  994. switch(li->type) {
  995. case LTYPE_LOGIN:
  996. return (wtmp_perform_login(li));
  997. case LTYPE_LOGOUT:
  998. return (wtmp_perform_logout(li));
  999. default:
  1000. logit("%s: invalid type field", __func__);
  1001. return (0);
  1002. }
  1003. }
  1004. /*
  1005. * Notes on fetching login data from wtmp/wtmpx
  1006. *
  1007. * Logouts are usually recorded with (amongst other things) a blank
  1008. * username on a given tty line. However, some systems (HP-UX is one)
  1009. * leave all fields set, but change the ut_type field to DEAD_PROCESS.
  1010. *
  1011. * Since we're only looking for logins here, we know that the username
  1012. * must be set correctly. On systems that leave it in, we check for
  1013. * ut_type==USER_PROCESS (indicating a login.)
  1014. *
  1015. * Portability: Some systems may set something other than USER_PROCESS
  1016. * to indicate a login process. I don't know of any as I write. Also,
  1017. * it's possible that some systems may both leave the username in
  1018. * place and not have ut_type.
  1019. */
  1020. /* return true if this wtmp entry indicates a login */
  1021. static int
  1022. wtmp_islogin(struct logininfo *li, struct utmp *ut)
  1023. {
  1024. if (strncmp(li->username, ut->ut_name,
  1025. MIN_SIZEOF(li->username, ut->ut_name)) == 0) {
  1026. # ifdef HAVE_TYPE_IN_UTMP
  1027. if (ut->ut_type & USER_PROCESS)
  1028. return (1);
  1029. # else
  1030. return (1);
  1031. # endif
  1032. }
  1033. return (0);
  1034. }
  1035. int
  1036. wtmp_get_entry(struct logininfo *li)
  1037. {
  1038. struct stat st;
  1039. struct utmp ut;
  1040. int fd, found = 0;
  1041. /* Clear the time entries in our logininfo */
  1042. li->tv_sec = li->tv_usec = 0;
  1043. if ((fd = open(WTMP_FILE, O_RDONLY)) < 0) {
  1044. logit("%s: problem opening %s: %s", __func__,
  1045. WTMP_FILE, strerror(errno));
  1046. return (0);
  1047. }
  1048. if (fstat(fd, &st) != 0) {
  1049. logit("%s: couldn't stat %s: %s", __func__,
  1050. WTMP_FILE, strerror(errno));
  1051. close(fd);
  1052. return (0);
  1053. }
  1054. /* Seek to the start of the last struct utmp */
  1055. if (lseek(fd, -(off_t)sizeof(struct utmp), SEEK_END) == -1) {
  1056. /* Looks like we've got a fresh wtmp file */
  1057. close(fd);
  1058. return (0);
  1059. }
  1060. while (!found) {
  1061. if (atomicio(read, fd, &ut, sizeof(ut)) != sizeof(ut)) {
  1062. logit("%s: read of %s failed: %s", __func__,
  1063. WTMP_FILE, strerror(errno));
  1064. close (fd);
  1065. return (0);
  1066. }
  1067. if (wtmp_islogin(li, &ut) ) {
  1068. found = 1;
  1069. /*
  1070. * We've already checked for a time in struct
  1071. * utmp, in login_getlast()
  1072. */
  1073. # ifdef HAVE_TIME_IN_UTMP
  1074. li->tv_sec = ut.ut_time;
  1075. # else
  1076. # if HAVE_TV_IN_UTMP
  1077. li->tv_sec = ut.ut_tv.tv_sec;
  1078. # endif
  1079. # endif
  1080. line_fullname(li->line, ut.ut_line,
  1081. MIN_SIZEOF(li->line, ut.ut_line));
  1082. # ifdef HAVE_HOST_IN_UTMP
  1083. strlcpy(li->hostname, ut.ut_host,
  1084. MIN_SIZEOF(li->hostname, ut.ut_host));
  1085. # endif
  1086. continue;
  1087. }
  1088. /* Seek back 2 x struct utmp */
  1089. if (lseek(fd, -(off_t)(2 * sizeof(struct utmp)), SEEK_CUR) == -1) {
  1090. /* We've found the start of the file, so quit */
  1091. close(fd);
  1092. return (0);
  1093. }
  1094. }
  1095. /* We found an entry. Tidy up and return */
  1096. close(fd);
  1097. return (1);
  1098. }
  1099. # endif /* USE_WTMP */
  1100. /**
  1101. ** Low-level wtmpx functions
  1102. **/
  1103. #ifdef USE_WTMPX
  1104. /*
  1105. * Write a wtmpx entry direct to the end of the file
  1106. * This is a slight modification of code in OpenBSD's logwtmp.c
  1107. */
  1108. static int
  1109. wtmpx_write(struct logininfo *li, struct utmpx *utx)
  1110. {
  1111. #ifndef HAVE_UPDWTMPX
  1112. struct stat buf;
  1113. int fd, ret = 1;
  1114. if ((fd = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0)) < 0) {
  1115. logit("%s: problem opening %s: %s", __func__,
  1116. WTMPX_FILE, strerror(errno));
  1117. return (0);
  1118. }
  1119. if (fstat(fd, &buf) == 0)
  1120. if (atomicio(vwrite, fd, utx, sizeof(*utx)) != sizeof(*utx)) {
  1121. ftruncate(fd, buf.st_size);
  1122. logit("%s: problem writing %s: %s", __func__,
  1123. WTMPX_FILE, strerror(errno));
  1124. ret = 0;
  1125. }
  1126. close(fd);
  1127. return (ret);
  1128. #else
  1129. updwtmpx(WTMPX_FILE, utx);
  1130. return (1);
  1131. #endif
  1132. }
  1133. static int
  1134. wtmpx_perform_login(struct logininfo *li)
  1135. {
  1136. struct utmpx utx;
  1137. construct_utmpx(li, &utx);
  1138. return (wtmpx_write(li, &utx));
  1139. }
  1140. static int
  1141. wtmpx_perform_logout(struct logininfo *li)
  1142. {
  1143. struct utmpx utx;
  1144. construct_utmpx(li, &utx);
  1145. return (wtmpx_write(li, &utx));
  1146. }
  1147. int
  1148. wtmpx_write_entry(struct logininfo *li)
  1149. {
  1150. switch(li->type) {
  1151. case LTYPE_LOGIN:
  1152. return (wtmpx_perform_login(li));
  1153. case LTYPE_LOGOUT:
  1154. return (wtmpx_perform_logout(li));
  1155. default:
  1156. logit("%s: invalid type field", __func__);
  1157. return (0);
  1158. }
  1159. }
  1160. /* Please see the notes above wtmp_islogin() for information about the
  1161. next two functions */
  1162. /* Return true if this wtmpx entry indicates a login */
  1163. static int
  1164. wtmpx_islogin(struct logininfo *li, struct utmpx *utx)
  1165. {
  1166. if (strncmp(li->username, utx->ut_user,
  1167. MIN_SIZEOF(li->username, utx->ut_user)) == 0 ) {
  1168. # ifdef HAVE_TYPE_IN_UTMPX
  1169. if (utx->ut_type == USER_PROCESS)
  1170. return (1);
  1171. # else
  1172. return (1);
  1173. # endif
  1174. }
  1175. return (0);
  1176. }
  1177. int
  1178. wtmpx_get_entry(struct logininfo *li)
  1179. {
  1180. struct stat st;
  1181. struct utmpx utx;
  1182. int fd, found=0;
  1183. /* Clear the time entries */
  1184. li->tv_sec = li->tv_usec = 0;
  1185. if ((fd = open(WTMPX_FILE, O_RDONLY)) < 0) {
  1186. logit("%s: problem opening %s: %s", __func__,
  1187. WTMPX_FILE, strerror(errno));
  1188. return (0);
  1189. }
  1190. if (fstat(fd, &st) != 0) {
  1191. logit("%s: couldn't stat %s: %s", __func__,
  1192. WTMPX_FILE, strerror(errno));
  1193. close(fd);
  1194. return (0);
  1195. }
  1196. /* Seek to the start of the last struct utmpx */
  1197. if (lseek(fd, -(off_t)sizeof(struct utmpx), SEEK_END) == -1 ) {
  1198. /* probably a newly rotated wtmpx file */
  1199. close(fd);
  1200. return (0);
  1201. }
  1202. while (!found) {
  1203. if (atomicio(read, fd, &utx, sizeof(utx)) != sizeof(utx)) {
  1204. logit("%s: read of %s failed: %s", __func__,
  1205. WTMPX_FILE, strerror(errno));
  1206. close (fd);
  1207. return (0);
  1208. }
  1209. /*
  1210. * Logouts are recorded as a blank username on a particular
  1211. * line. So, we just need to find the username in struct utmpx
  1212. */
  1213. if (wtmpx_islogin(li, &utx)) {
  1214. found = 1;
  1215. # if defined(HAVE_TV_IN_UTMPX)
  1216. li->tv_sec = utx.ut_tv.tv_sec;
  1217. # elif defined(HAVE_TIME_IN_UTMPX)
  1218. li->tv_sec = utx.ut_time;
  1219. # endif
  1220. line_fullname(li->line, utx.ut_line, sizeof(li->line));
  1221. # if defined(HAVE_HOST_IN_UTMPX)
  1222. strlcpy(li->hostname, utx.ut_host,
  1223. MIN_SIZEOF(li->hostname, utx.ut_host));
  1224. # endif
  1225. continue;
  1226. }
  1227. if (lseek(fd, -(off_t)(2 * sizeof(struct utmpx)), SEEK_CUR) == -1) {
  1228. close(fd);
  1229. return (0);
  1230. }
  1231. }
  1232. close(fd);
  1233. return (1);
  1234. }
  1235. #endif /* USE_WTMPX */
  1236. /**
  1237. ** Low-level libutil login() functions
  1238. **/
  1239. #ifdef USE_LOGIN
  1240. static int
  1241. syslogin_perform_login(struct logininfo *li)
  1242. {
  1243. struct utmp *ut;
  1244. ut = xmalloc(sizeof(*ut));
  1245. construct_utmp(li, ut);
  1246. login(ut);
  1247. free(ut);
  1248. return (1);
  1249. }
  1250. static int
  1251. syslogin_perform_logout(struct logininfo *li)
  1252. {
  1253. # ifdef HAVE_LOGOUT
  1254. char line[UT_LINESIZE];
  1255. (void)line_stripname(line, li->line, sizeof(line));
  1256. if (!logout(line))
  1257. logit("%s: logout() returned an error", __func__);
  1258. # ifdef HAVE_LOGWTMP
  1259. else
  1260. logwtmp(line, "", "");
  1261. # endif
  1262. /* FIXME: (ATL - if the need arises) What to do if we have
  1263. * login, but no logout? what if logout but no logwtmp? All
  1264. * routines are in libutil so they should all be there,
  1265. * but... */
  1266. # endif
  1267. return (1);
  1268. }
  1269. int
  1270. syslogin_write_entry(struct logininfo *li)
  1271. {
  1272. switch (li->type) {
  1273. case LTYPE_LOGIN:
  1274. return (syslogin_perform_login(li));
  1275. case LTYPE_LOGOUT:
  1276. return (syslogin_perform_logout(li));
  1277. default:
  1278. logit("%s: Invalid type field", __func__);
  1279. return (0);
  1280. }
  1281. }
  1282. #endif /* USE_LOGIN */
  1283. /* end of file log-syslogin.c */
  1284. /**
  1285. ** Low-level lastlog functions
  1286. **/
  1287. #ifdef USE_LASTLOG
  1288. #if !defined(LASTLOG_WRITE_PUTUTXLINE) || !defined(HAVE_GETLASTLOGXBYNAME)
  1289. /* open the file (using filemode) and seek to the login entry */
  1290. static int
  1291. lastlog_openseek(struct logininfo *li, int *fd, int filemode)
  1292. {
  1293. off_t offset;
  1294. char lastlog_file[1024];
  1295. struct stat st;
  1296. if (stat(LASTLOG_FILE, &st) != 0) {
  1297. logit("%s: Couldn't stat %s: %s", __func__,
  1298. LASTLOG_FILE, strerror(errno));
  1299. return (0);
  1300. }
  1301. if (S_ISDIR(st.st_mode)) {
  1302. snprintf(lastlog_file, sizeof(lastlog_file), "%s/%s",
  1303. LASTLOG_FILE, li->username);
  1304. } else if (S_ISREG(st.st_mode)) {
  1305. strlcpy(lastlog_file, LASTLOG_FILE, sizeof(lastlog_file));
  1306. } else {
  1307. logit("%s: %.100s is not a file or directory!", __func__,
  1308. LASTLOG_FILE);
  1309. return (0);
  1310. }
  1311. *fd = open(lastlog_file, filemode, 0600);
  1312. if (*fd < 0) {
  1313. debug("%s: Couldn't open %s: %s", __func__,
  1314. lastlog_file, strerror(errno));
  1315. return (0);
  1316. }
  1317. if (S_ISREG(st.st_mode)) {
  1318. /* find this uid's offset in the lastlog file */
  1319. offset = (off_t) ((u_long)li->uid * sizeof(struct lastlog));
  1320. if (lseek(*fd, offset, SEEK_SET) != offset) {
  1321. logit("%s: %s->lseek(): %s", __func__,
  1322. lastlog_file, strerror(errno));
  1323. close(*fd);
  1324. return (0);
  1325. }
  1326. }
  1327. return (1);
  1328. }
  1329. #endif /* !LASTLOG_WRITE_PUTUTXLINE || !HAVE_GETLASTLOGXBYNAME */
  1330. #ifdef LASTLOG_WRITE_PUTUTXLINE
  1331. int
  1332. lastlog_write_entry(struct logininfo *li)
  1333. {
  1334. switch(li->type) {
  1335. case LTYPE_LOGIN:
  1336. return 1; /* lastlog written by pututxline */
  1337. default:
  1338. logit("lastlog_write_entry: Invalid type field");
  1339. return 0;
  1340. }
  1341. }
  1342. #else /* LASTLOG_WRITE_PUTUTXLINE */
  1343. int
  1344. lastlog_write_entry(struct logininfo *li)
  1345. {
  1346. struct lastlog last;
  1347. int fd;
  1348. switch(li->type) {
  1349. case LTYPE_LOGIN:
  1350. /* create our struct lastlog */
  1351. memset(&last, '\0', sizeof(last));
  1352. line_stripname(last.ll_line, li->line, sizeof(last.ll_line));
  1353. strlcpy(last.ll_host, li->hostname,
  1354. MIN_SIZEOF(last.ll_host, li->hostname));
  1355. last.ll_time = li->tv_sec;
  1356. if (!lastlog_openseek(li, &fd, O_RDWR|O_CREAT))
  1357. return (0);
  1358. /* write the entry */
  1359. if (atomicio(vwrite, fd, &last, sizeof(last)) != sizeof(last)) {
  1360. close(fd);
  1361. logit("%s: Error writing to %s: %s", __func__,
  1362. LASTLOG_FILE, strerror(errno));
  1363. return (0);
  1364. }
  1365. close(fd);
  1366. return (1);
  1367. default:
  1368. logit("%s: Invalid type field", __func__);
  1369. return (0);
  1370. }
  1371. }
  1372. #endif /* LASTLOG_WRITE_PUTUTXLINE */
  1373. #ifdef HAVE_GETLASTLOGXBYNAME
  1374. int
  1375. lastlog_get_entry(struct logininfo *li)
  1376. {
  1377. struct lastlogx l, *ll;
  1378. if ((ll = getlastlogxbyname(li->username, &l)) == NULL) {
  1379. memset(&l, '\0', sizeof(l));
  1380. ll = &l;
  1381. }
  1382. line_fullname(li->line, ll->ll_line, sizeof(li->line));
  1383. strlcpy(li->hostname, ll->ll_host,
  1384. MIN_SIZEOF(li->hostname, ll->ll_host));
  1385. li->tv_sec = ll->ll_tv.tv_sec;
  1386. li->tv_usec = ll->ll_tv.tv_usec;
  1387. return (1);
  1388. }
  1389. #else /* HAVE_GETLASTLOGXBYNAME */
  1390. int
  1391. lastlog_get_entry(struct logininfo *li)
  1392. {
  1393. struct lastlog last;
  1394. int fd, ret;
  1395. if (!lastlog_openseek(li, &fd, O_RDONLY))
  1396. return (0);
  1397. ret = atomicio(read, fd, &last, sizeof(last));
  1398. close(fd);
  1399. switch (ret) {
  1400. case 0:
  1401. memset(&last, '\0', sizeof(last));
  1402. /* FALLTHRU */
  1403. case sizeof(last):
  1404. line_fullname(li->line, last.ll_line, sizeof(li->line));
  1405. strlcpy(li->hostname, last.ll_host,
  1406. MIN_SIZEOF(li->hostname, last.ll_host));
  1407. li->tv_sec = last.ll_time;
  1408. return (1);
  1409. case -1:
  1410. error("%s: Error reading from %s: %s", __func__,
  1411. LASTLOG_FILE, strerror(errno));
  1412. return (0);
  1413. default:
  1414. error("%s: Error reading from %s: Expecting %d, got %d",
  1415. __func__, LASTLOG_FILE, (int)sizeof(last), ret);
  1416. return (0);
  1417. }
  1418. /* NOTREACHED */
  1419. return (0);
  1420. }
  1421. #endif /* HAVE_GETLASTLOGXBYNAME */
  1422. #endif /* USE_LASTLOG */
  1423. #if defined(USE_UTMPX) && defined(HAVE_SETUTXDB) && \
  1424. defined(UTXDB_LASTLOGIN) && defined(HAVE_GETUTXUSER)
  1425. int
  1426. utmpx_get_entry(struct logininfo *li)
  1427. {
  1428. struct utmpx *utx;
  1429. if (setutxdb(UTXDB_LASTLOGIN, NULL) != 0)
  1430. return (0);
  1431. utx = getutxuser(li->username);
  1432. if (utx == NULL) {
  1433. endutxent();
  1434. return (0);
  1435. }
  1436. line_fullname(li->line, utx->ut_line,
  1437. MIN_SIZEOF(li->line, utx->ut_line));
  1438. strlcpy(li->hostname, utx->ut_host,
  1439. MIN_SIZEOF(li->hostname, utx->ut_host));
  1440. li->tv_sec = utx->ut_tv.tv_sec;
  1441. li->tv_usec = utx->ut_tv.tv_usec;
  1442. endutxent();
  1443. return (1);
  1444. }
  1445. #endif /* USE_UTMPX && HAVE_SETUTXDB && UTXDB_LASTLOGIN && HAVE_GETUTXUSER */
  1446. #ifdef USE_BTMP
  1447. /*
  1448. * Logs failed login attempts in _PATH_BTMP if that exists.
  1449. * The most common login failure is to give password instead of username.
  1450. * So the _PATH_BTMP file checked for the correct permission, so that
  1451. * only root can read it.
  1452. */
  1453. void
  1454. record_failed_login(struct ssh *ssh, const char *username, const char *hostname,
  1455. const char *ttyn)
  1456. {
  1457. int fd;
  1458. struct utmp ut;
  1459. struct sockaddr_storage from;
  1460. socklen_t fromlen = sizeof(from);
  1461. struct sockaddr_in *a4;
  1462. struct sockaddr_in6 *a6;
  1463. time_t t;
  1464. struct stat fst;
  1465. if (geteuid() != 0)
  1466. return;
  1467. if ((fd = open(_PATH_BTMP, O_WRONLY | O_APPEND)) < 0) {
  1468. debug("Unable to open the btmp file %s: %s", _PATH_BTMP,
  1469. strerror(errno));
  1470. return;
  1471. }
  1472. if (fstat(fd, &fst) < 0) {
  1473. logit("%s: fstat of %s failed: %s", __func__, _PATH_BTMP,
  1474. strerror(errno));
  1475. goto out;
  1476. }
  1477. if((fst.st_mode & (S_IXGRP | S_IRWXO)) || (fst.st_uid != 0)){
  1478. logit("Excess permission or bad ownership on file %s",
  1479. _PATH_BTMP);
  1480. goto out;
  1481. }
  1482. memset(&ut, 0, sizeof(ut));
  1483. /* strncpy because we don't necessarily want nul termination */
  1484. strncpy(ut.ut_user, username, sizeof(ut.ut_user));
  1485. strlcpy(ut.ut_line, "ssh:notty", sizeof(ut.ut_line));
  1486. time(&t);
  1487. ut.ut_time = t; /* ut_time is not always a time_t */
  1488. ut.ut_type = LOGIN_PROCESS;
  1489. ut.ut_pid = getpid();
  1490. /* strncpy because we don't necessarily want nul termination */
  1491. strncpy(ut.ut_host, hostname, sizeof(ut.ut_host));
  1492. if (ssh_packet_connection_is_on_socket(ssh) &&
  1493. getpeername(ssh_packet_get_connection_in(ssh),
  1494. (struct sockaddr *)&from, &fromlen) == 0) {
  1495. ipv64_normalise_mapped(&from, &fromlen);
  1496. if (from.ss_family == AF_INET) {
  1497. a4 = (struct sockaddr_in *)&from;
  1498. memcpy(&ut.ut_addr, &(a4->sin_addr),
  1499. MIN_SIZEOF(ut.ut_addr, a4->sin_addr));
  1500. }
  1501. #ifdef HAVE_ADDR_V6_IN_UTMP
  1502. if (from.ss_family == AF_INET6) {
  1503. a6 = (struct sockaddr_in6 *)&from;
  1504. memcpy(&ut.ut_addr_v6, &(a6->sin6_addr),
  1505. MIN_SIZEOF(ut.ut_addr_v6, a6->sin6_addr));
  1506. }
  1507. #endif
  1508. }
  1509. if (atomicio(vwrite, fd, &ut, sizeof(ut)) != sizeof(ut))
  1510. error("Failed to write to %s: %s", _PATH_BTMP,
  1511. strerror(errno));
  1512. out:
  1513. close(fd);
  1514. }
  1515. #endif /* USE_BTMP */