123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174 |
- /* $OpenBSD: sshlogin.c,v 1.34 2019/06/28 13:35:04 deraadt Exp $ */
- /*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- * All rights reserved
- * This file performs some of the things login(1) normally does. We cannot
- * easily use something like login -p -h host -f user, because there are
- * several different logins around, and it is hard to determined what kind of
- * login the current system has. Also, we want to be able to execute commands
- * on a tty.
- *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose. Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
- *
- * Copyright (c) 1999 Theo de Raadt. All rights reserved.
- * Copyright (c) 1999 Markus Friedl. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
- #include "includes.h"
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <errno.h>
- #include <fcntl.h>
- #include <stdarg.h>
- #include <stdio.h>
- #include <string.h>
- #include <time.h>
- #include <unistd.h>
- #include <limits.h>
- #include "sshlogin.h"
- #include "ssherr.h"
- #include "loginrec.h"
- #include "log.h"
- #include "sshbuf.h"
- #include "misc.h"
- #include "servconf.h"
- extern struct sshbuf *loginmsg;
- extern ServerOptions options;
- /*
- * Returns the time when the user last logged in. Returns 0 if the
- * information is not available. This must be called before record_login.
- * The host the user logged in from will be returned in buf.
- */
- time_t
- get_last_login_time(uid_t uid, const char *logname,
- char *buf, size_t bufsize)
- {
- struct logininfo li;
- login_get_lastlog(&li, uid);
- strlcpy(buf, li.hostname, bufsize);
- return (time_t)li.tv_sec;
- }
- /*
- * Generate and store last login message. This must be done before
- * login_login() is called and lastlog is updated.
- */
- static void
- store_lastlog_message(const char *user, uid_t uid)
- {
- #ifndef NO_SSH_LASTLOG
- # ifndef CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG
- char hostname[HOST_NAME_MAX+1] = "";
- time_t last_login_time;
- # endif
- char *time_string;
- int r;
- if (!options.print_lastlog)
- return;
- # ifdef CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG
- time_string = sys_auth_get_lastlogin_msg(user, uid);
- if (time_string != NULL) {
- if ((r = sshbuf_put(loginmsg,
- time_string, strlen(time_string))) != 0)
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
- free(time_string);
- }
- # else
- last_login_time = get_last_login_time(uid, user, hostname,
- sizeof(hostname));
- if (last_login_time != 0) {
- time_string = ctime(&last_login_time);
- time_string[strcspn(time_string, "\n")] = '\0';
- if (strcmp(hostname, "") == 0)
- r = sshbuf_putf(loginmsg, "Last login: %s\r\n",
- time_string);
- else
- r = sshbuf_putf(loginmsg, "Last login: %s from %s\r\n",
- time_string, hostname);
- if (r != 0)
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
- }
- # endif /* CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG */
- #endif /* NO_SSH_LASTLOG */
- }
- /*
- * Records that the user has logged in. I wish these parts of operating
- * systems were more standardized.
- */
- void
- record_login(pid_t pid, const char *tty, const char *user, uid_t uid,
- const char *host, struct sockaddr *addr, socklen_t addrlen)
- {
- struct logininfo *li;
- /* save previous login details before writing new */
- store_lastlog_message(user, uid);
- li = login_alloc_entry(pid, user, host, tty);
- login_set_addr(li, addr, addrlen);
- login_login(li);
- login_free_entry(li);
- }
- #ifdef LOGIN_NEEDS_UTMPX
- void
- record_utmp_only(pid_t pid, const char *ttyname, const char *user,
- const char *host, struct sockaddr *addr, socklen_t addrlen)
- {
- struct logininfo *li;
- li = login_alloc_entry(pid, user, host, ttyname);
- login_set_addr(li, addr, addrlen);
- login_utmp_only(li);
- login_free_entry(li);
- }
- #endif
- /* Records that the user has logged out. */
- void
- record_logout(pid_t pid, const char *tty, const char *user)
- {
- struct logininfo *li;
- li = login_alloc_entry(pid, user, NULL, tty);
- login_logout(li);
- login_free_entry(li);
- }
|