xref: /freebsd/crypto/openssh/sshlogin.c (revision 38a52bd3b5cac3da6f7f6eef3dd050e6aa08ebb3) 
119261079SEd Maste /* $OpenBSD: sshlogin.c,v 1.35 2020/10/18 11:32:02 djm Exp $ */
21e8db6e2SBrian Feldman /*
31e8db6e2SBrian Feldman  * Author: Tatu Ylonen <ylo@cs.hut.fi>
41e8db6e2SBrian Feldman  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
51e8db6e2SBrian Feldman  *                    All rights reserved
61e8db6e2SBrian Feldman  * This file performs some of the things login(1) normally does.  We cannot
71e8db6e2SBrian Feldman  * easily use something like login -p -h host -f user, because there are
81e8db6e2SBrian Feldman  * several different logins around, and it is hard to determined what kind of
91e8db6e2SBrian Feldman  * login the current system has.  Also, we want to be able to execute commands
101e8db6e2SBrian Feldman  * on a tty.
111e8db6e2SBrian Feldman  *
121e8db6e2SBrian Feldman  * As far as I am concerned, the code I have written for this software
131e8db6e2SBrian Feldman  * can be used freely for any purpose.  Any derived versions of this
141e8db6e2SBrian Feldman  * software must be clearly marked as such, and if the derived work is
151e8db6e2SBrian Feldman  * incompatible with the protocol description in the RFC file, it must be
161e8db6e2SBrian Feldman  * called by a name other than "ssh" or "Secure Shell".
171e8db6e2SBrian Feldman  *
181e8db6e2SBrian Feldman  * Copyright (c) 1999 Theo de Raadt.  All rights reserved.
191e8db6e2SBrian Feldman  * Copyright (c) 1999 Markus Friedl.  All rights reserved.
201e8db6e2SBrian Feldman  *
211e8db6e2SBrian Feldman  * Redistribution and use in source and binary forms, with or without
221e8db6e2SBrian Feldman  * modification, are permitted provided that the following conditions
231e8db6e2SBrian Feldman  * are met:
241e8db6e2SBrian Feldman  * 1. Redistributions of source code must retain the above copyright
251e8db6e2SBrian Feldman  *    notice, this list of conditions and the following disclaimer.
261e8db6e2SBrian Feldman  * 2. Redistributions in binary form must reproduce the above copyright
271e8db6e2SBrian Feldman  *    notice, this list of conditions and the following disclaimer in the
281e8db6e2SBrian Feldman  *    documentation and/or other materials provided with the distribution.
291e8db6e2SBrian Feldman  *
301e8db6e2SBrian Feldman  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
311e8db6e2SBrian Feldman  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
321e8db6e2SBrian Feldman  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
331e8db6e2SBrian Feldman  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
341e8db6e2SBrian Feldman  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
351e8db6e2SBrian Feldman  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
361e8db6e2SBrian Feldman  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
371e8db6e2SBrian Feldman  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
381e8db6e2SBrian Feldman  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
391e8db6e2SBrian Feldman  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
401e8db6e2SBrian Feldman  */
411e8db6e2SBrian Feldman 
421e8db6e2SBrian Feldman #include "includes.h"
43333ee039SDag-Erling Smørgrav 
44333ee039SDag-Erling Smørgrav #include <sys/types.h>
45333ee039SDag-Erling Smørgrav #include <sys/socket.h>
46333ee039SDag-Erling Smørgrav 
47333ee039SDag-Erling Smørgrav #include <netinet/in.h>
48333ee039SDag-Erling Smørgrav 
49333ee039SDag-Erling Smørgrav #include <errno.h>
50333ee039SDag-Erling Smørgrav #include <fcntl.h>
51333ee039SDag-Erling Smørgrav #include <stdarg.h>
52333ee039SDag-Erling Smørgrav #include <stdio.h>
53*38a52bd3SEd Maste #include <stdlib.h>
54333ee039SDag-Erling Smørgrav #include <string.h>
55333ee039SDag-Erling Smørgrav #include <time.h>
56333ee039SDag-Erling Smørgrav #include <unistd.h>
57bc5531deSDag-Erling Smørgrav #include <limits.h>
581e8db6e2SBrian Feldman 
59190cef3dSDag-Erling Smørgrav #include "sshlogin.h"
60190cef3dSDag-Erling Smørgrav #include "ssherr.h"
61989dd127SDag-Erling Smørgrav #include "loginrec.h"
6221e764dfSDag-Erling Smørgrav #include "log.h"
63190cef3dSDag-Erling Smørgrav #include "sshbuf.h"
64a0ee8cc6SDag-Erling Smørgrav #include "misc.h"
6521e764dfSDag-Erling Smørgrav #include "servconf.h"
6621e764dfSDag-Erling Smørgrav 
67190cef3dSDag-Erling Smørgrav extern struct sshbuf *loginmsg;
6821e764dfSDag-Erling Smørgrav extern ServerOptions options;
691e8db6e2SBrian Feldman 
701e8db6e2SBrian Feldman /*
711e8db6e2SBrian Feldman  * Returns the time when the user last logged in.  Returns 0 if the
721e8db6e2SBrian Feldman  * information is not available.  This must be called before record_login.
731e8db6e2SBrian Feldman  * The host the user logged in from will be returned in buf.
741e8db6e2SBrian Feldman  */
75333ee039SDag-Erling Smørgrav time_t
get_last_login_time(uid_t uid,const char * logname,char * buf,size_t bufsize)761e8db6e2SBrian Feldman get_last_login_time(uid_t uid, const char *logname,
77333ee039SDag-Erling Smørgrav     char *buf, size_t bufsize)
781e8db6e2SBrian Feldman {
79989dd127SDag-Erling Smørgrav 	struct logininfo li;
801e8db6e2SBrian Feldman 
81989dd127SDag-Erling Smørgrav 	login_get_lastlog(&li, uid);
82989dd127SDag-Erling Smørgrav 	strlcpy(buf, li.hostname, bufsize);
83333ee039SDag-Erling Smørgrav 	return (time_t)li.tv_sec;
841e8db6e2SBrian Feldman }
851e8db6e2SBrian Feldman 
861e8db6e2SBrian Feldman /*
8721e764dfSDag-Erling Smørgrav  * Generate and store last login message.  This must be done before
8821e764dfSDag-Erling Smørgrav  * login_login() is called and lastlog is updated.
8921e764dfSDag-Erling Smørgrav  */
9021e764dfSDag-Erling Smørgrav static void
store_lastlog_message(const char * user,uid_t uid)9121e764dfSDag-Erling Smørgrav store_lastlog_message(const char *user, uid_t uid)
9221e764dfSDag-Erling Smørgrav {
937aee6ffeSDag-Erling Smørgrav #ifndef NO_SSH_LASTLOG
9419261079SEd Maste # ifndef CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG
9519261079SEd Maste 	char hostname[HOST_NAME_MAX+1] = "";
9621e764dfSDag-Erling Smørgrav 	time_t last_login_time;
9719261079SEd Maste # endif
9819261079SEd Maste 	char *time_string;
99190cef3dSDag-Erling Smørgrav 	int r;
10021e764dfSDag-Erling Smørgrav 
10121e764dfSDag-Erling Smørgrav 	if (!options.print_lastlog)
10221e764dfSDag-Erling Smørgrav 		return;
10321e764dfSDag-Erling Smørgrav 
1047aee6ffeSDag-Erling Smørgrav # ifdef CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG
1057aee6ffeSDag-Erling Smørgrav 	time_string = sys_auth_get_lastlogin_msg(user, uid);
1067aee6ffeSDag-Erling Smørgrav 	if (time_string != NULL) {
107190cef3dSDag-Erling Smørgrav 		if ((r = sshbuf_put(loginmsg,
108190cef3dSDag-Erling Smørgrav 		    time_string, strlen(time_string))) != 0)
109190cef3dSDag-Erling Smørgrav 			fatal("%s: buffer error: %s", __func__, ssh_err(r));
110e4a9863fSDag-Erling Smørgrav 		free(time_string);
1117aee6ffeSDag-Erling Smørgrav 	}
1127aee6ffeSDag-Erling Smørgrav # else
11321e764dfSDag-Erling Smørgrav 	last_login_time = get_last_login_time(uid, user, hostname,
11421e764dfSDag-Erling Smørgrav 	    sizeof(hostname));
11521e764dfSDag-Erling Smørgrav 
11621e764dfSDag-Erling Smørgrav 	if (last_login_time != 0) {
11721e764dfSDag-Erling Smørgrav 		time_string = ctime(&last_login_time);
118d4af9e69SDag-Erling Smørgrav 		time_string[strcspn(time_string, "\n")] = '\0';
11921e764dfSDag-Erling Smørgrav 		if (strcmp(hostname, "") == 0)
120190cef3dSDag-Erling Smørgrav 			r = sshbuf_putf(loginmsg, "Last login: %s\r\n",
12121e764dfSDag-Erling Smørgrav 			    time_string);
12221e764dfSDag-Erling Smørgrav 		else
123190cef3dSDag-Erling Smørgrav 			r = sshbuf_putf(loginmsg, "Last login: %s from %s\r\n",
12421e764dfSDag-Erling Smørgrav 			    time_string, hostname);
125190cef3dSDag-Erling Smørgrav 		if (r != 0)
12619261079SEd Maste 			fatal_fr(r, "sshbuf_putf");
12721e764dfSDag-Erling Smørgrav 	}
1287aee6ffeSDag-Erling Smørgrav # endif /* CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG */
12921e764dfSDag-Erling Smørgrav #endif /* NO_SSH_LASTLOG */
13021e764dfSDag-Erling Smørgrav }
13121e764dfSDag-Erling Smørgrav 
13221e764dfSDag-Erling Smørgrav /*
133cf2b5f3bSDag-Erling Smørgrav  * Records that the user has logged in.  I wish these parts of operating
134cf2b5f3bSDag-Erling Smørgrav  * systems were more standardized.
1351e8db6e2SBrian Feldman  */
1361e8db6e2SBrian Feldman void
record_login(pid_t pid,const char * tty,const char * user,uid_t uid,const char * host,struct sockaddr * addr,socklen_t addrlen)13721e764dfSDag-Erling Smørgrav record_login(pid_t pid, const char *tty, const char *user, uid_t uid,
1387ac32603SHajimu UMEMOTO     const char *host, struct sockaddr *addr, socklen_t addrlen)
1391e8db6e2SBrian Feldman {
140989dd127SDag-Erling Smørgrav 	struct logininfo *li;
1411e8db6e2SBrian Feldman 
14221e764dfSDag-Erling Smørgrav 	/* save previous login details before writing new */
14321e764dfSDag-Erling Smørgrav 	store_lastlog_message(user, uid);
14421e764dfSDag-Erling Smørgrav 
14521e764dfSDag-Erling Smørgrav 	li = login_alloc_entry(pid, user, host, tty);
1467ac32603SHajimu UMEMOTO 	login_set_addr(li, addr, addrlen);
147989dd127SDag-Erling Smørgrav 	login_login(li);
148989dd127SDag-Erling Smørgrav 	login_free_entry(li);
1491e8db6e2SBrian Feldman }
150989dd127SDag-Erling Smørgrav 
151989dd127SDag-Erling Smørgrav #ifdef LOGIN_NEEDS_UTMPX
152989dd127SDag-Erling Smørgrav void
record_utmp_only(pid_t pid,const char * ttyname,const char * user,const char * host,struct sockaddr * addr,socklen_t addrlen)153989dd127SDag-Erling Smørgrav record_utmp_only(pid_t pid, const char *ttyname, const char *user,
1547ac32603SHajimu UMEMOTO 		 const char *host, struct sockaddr *addr, socklen_t addrlen)
155989dd127SDag-Erling Smørgrav {
156989dd127SDag-Erling Smørgrav 	struct logininfo *li;
157989dd127SDag-Erling Smørgrav 
158989dd127SDag-Erling Smørgrav 	li = login_alloc_entry(pid, user, host, ttyname);
1597ac32603SHajimu UMEMOTO 	login_set_addr(li, addr, addrlen);
160989dd127SDag-Erling Smørgrav 	login_utmp_only(li);
161989dd127SDag-Erling Smørgrav 	login_free_entry(li);
1621e8db6e2SBrian Feldman }
163989dd127SDag-Erling Smørgrav #endif
1641e8db6e2SBrian Feldman 
1651e8db6e2SBrian Feldman /* Records that the user has logged out. */
1661e8db6e2SBrian Feldman void
record_logout(pid_t pid,const char * tty,const char * user)16721e764dfSDag-Erling Smørgrav record_logout(pid_t pid, const char *tty, const char *user)
1681e8db6e2SBrian Feldman {
169989dd127SDag-Erling Smørgrav 	struct logininfo *li;
170989dd127SDag-Erling Smørgrav 
17121e764dfSDag-Erling Smørgrav 	li = login_alloc_entry(pid, user, NULL, tty);
172989dd127SDag-Erling Smørgrav 	login_logout(li);
173989dd127SDag-Erling Smørgrav 	login_free_entry(li);
1741e8db6e2SBrian Feldman }
175