1*19261079SEd Maste /* $OpenBSD: sshlogin.c,v 1.35 2020/10/18 11:32:02 djm Exp $ */ 21e8db6e2SBrian Feldman /* 31e8db6e2SBrian Feldman * Author: Tatu Ylonen <ylo@cs.hut.fi> 41e8db6e2SBrian Feldman * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 51e8db6e2SBrian Feldman * All rights reserved 61e8db6e2SBrian Feldman * This file performs some of the things login(1) normally does. We cannot 71e8db6e2SBrian Feldman * easily use something like login -p -h host -f user, because there are 81e8db6e2SBrian Feldman * several different logins around, and it is hard to determined what kind of 91e8db6e2SBrian Feldman * login the current system has. Also, we want to be able to execute commands 101e8db6e2SBrian Feldman * on a tty. 111e8db6e2SBrian Feldman * 121e8db6e2SBrian Feldman * As far as I am concerned, the code I have written for this software 131e8db6e2SBrian Feldman * can be used freely for any purpose. Any derived versions of this 141e8db6e2SBrian Feldman * software must be clearly marked as such, and if the derived work is 151e8db6e2SBrian Feldman * incompatible with the protocol description in the RFC file, it must be 161e8db6e2SBrian Feldman * called by a name other than "ssh" or "Secure Shell". 171e8db6e2SBrian Feldman * 181e8db6e2SBrian Feldman * Copyright (c) 1999 Theo de Raadt. All rights reserved. 191e8db6e2SBrian Feldman * Copyright (c) 1999 Markus Friedl. All rights reserved. 201e8db6e2SBrian Feldman * 211e8db6e2SBrian Feldman * Redistribution and use in source and binary forms, with or without 221e8db6e2SBrian Feldman * modification, are permitted provided that the following conditions 231e8db6e2SBrian Feldman * are met: 241e8db6e2SBrian Feldman * 1. Redistributions of source code must retain the above copyright 251e8db6e2SBrian Feldman * notice, this list of conditions and the following disclaimer. 261e8db6e2SBrian Feldman * 2. Redistributions in binary form must reproduce the above copyright 271e8db6e2SBrian Feldman * notice, this list of conditions and the following disclaimer in the 281e8db6e2SBrian Feldman * documentation and/or other materials provided with the distribution. 291e8db6e2SBrian Feldman * 301e8db6e2SBrian Feldman * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 311e8db6e2SBrian Feldman * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 321e8db6e2SBrian Feldman * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 331e8db6e2SBrian Feldman * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 341e8db6e2SBrian Feldman * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 351e8db6e2SBrian Feldman * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 361e8db6e2SBrian Feldman * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 371e8db6e2SBrian Feldman * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 381e8db6e2SBrian Feldman * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 391e8db6e2SBrian Feldman * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 401e8db6e2SBrian Feldman */ 411e8db6e2SBrian Feldman 421e8db6e2SBrian Feldman #include "includes.h" 43333ee039SDag-Erling Smørgrav 44333ee039SDag-Erling Smørgrav #include <sys/types.h> 45333ee039SDag-Erling Smørgrav #include <sys/socket.h> 46333ee039SDag-Erling Smørgrav 47333ee039SDag-Erling Smørgrav #include <netinet/in.h> 48333ee039SDag-Erling Smørgrav 49333ee039SDag-Erling Smørgrav #include <errno.h> 50333ee039SDag-Erling Smørgrav #include <fcntl.h> 51333ee039SDag-Erling Smørgrav #include <stdarg.h> 52333ee039SDag-Erling Smørgrav #include <stdio.h> 53333ee039SDag-Erling Smørgrav #include <string.h> 54333ee039SDag-Erling Smørgrav #include <time.h> 55333ee039SDag-Erling Smørgrav #include <unistd.h> 56bc5531deSDag-Erling Smørgrav #include <limits.h> 571e8db6e2SBrian Feldman 58190cef3dSDag-Erling Smørgrav #include "sshlogin.h" 59190cef3dSDag-Erling Smørgrav #include "ssherr.h" 60989dd127SDag-Erling Smørgrav #include "loginrec.h" 6121e764dfSDag-Erling Smørgrav #include "log.h" 62190cef3dSDag-Erling Smørgrav #include "sshbuf.h" 63a0ee8cc6SDag-Erling Smørgrav #include "misc.h" 6421e764dfSDag-Erling Smørgrav #include "servconf.h" 6521e764dfSDag-Erling Smørgrav 66190cef3dSDag-Erling Smørgrav extern struct sshbuf *loginmsg; 6721e764dfSDag-Erling Smørgrav extern ServerOptions options; 681e8db6e2SBrian Feldman 691e8db6e2SBrian Feldman /* 701e8db6e2SBrian Feldman * Returns the time when the user last logged in. Returns 0 if the 711e8db6e2SBrian Feldman * information is not available. This must be called before record_login. 721e8db6e2SBrian Feldman * The host the user logged in from will be returned in buf. 731e8db6e2SBrian Feldman */ 74333ee039SDag-Erling Smørgrav time_t 751e8db6e2SBrian Feldman get_last_login_time(uid_t uid, const char *logname, 76333ee039SDag-Erling Smørgrav char *buf, size_t bufsize) 771e8db6e2SBrian Feldman { 78989dd127SDag-Erling Smørgrav struct logininfo li; 791e8db6e2SBrian Feldman 80989dd127SDag-Erling Smørgrav login_get_lastlog(&li, uid); 81989dd127SDag-Erling Smørgrav strlcpy(buf, li.hostname, bufsize); 82333ee039SDag-Erling Smørgrav return (time_t)li.tv_sec; 831e8db6e2SBrian Feldman } 841e8db6e2SBrian Feldman 851e8db6e2SBrian Feldman /* 8621e764dfSDag-Erling Smørgrav * Generate and store last login message. This must be done before 8721e764dfSDag-Erling Smørgrav * login_login() is called and lastlog is updated. 8821e764dfSDag-Erling Smørgrav */ 8921e764dfSDag-Erling Smørgrav static void 9021e764dfSDag-Erling Smørgrav store_lastlog_message(const char *user, uid_t uid) 9121e764dfSDag-Erling Smørgrav { 927aee6ffeSDag-Erling Smørgrav #ifndef NO_SSH_LASTLOG 93*19261079SEd Maste # ifndef CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG 94*19261079SEd Maste char hostname[HOST_NAME_MAX+1] = ""; 9521e764dfSDag-Erling Smørgrav time_t last_login_time; 96*19261079SEd Maste # endif 97*19261079SEd Maste char *time_string; 98190cef3dSDag-Erling Smørgrav int r; 9921e764dfSDag-Erling Smørgrav 10021e764dfSDag-Erling Smørgrav if (!options.print_lastlog) 10121e764dfSDag-Erling Smørgrav return; 10221e764dfSDag-Erling Smørgrav 1037aee6ffeSDag-Erling Smørgrav # ifdef CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG 1047aee6ffeSDag-Erling Smørgrav time_string = sys_auth_get_lastlogin_msg(user, uid); 1057aee6ffeSDag-Erling Smørgrav if (time_string != NULL) { 106190cef3dSDag-Erling Smørgrav if ((r = sshbuf_put(loginmsg, 107190cef3dSDag-Erling Smørgrav time_string, strlen(time_string))) != 0) 108190cef3dSDag-Erling Smørgrav fatal("%s: buffer error: %s", __func__, ssh_err(r)); 109e4a9863fSDag-Erling Smørgrav free(time_string); 1107aee6ffeSDag-Erling Smørgrav } 1117aee6ffeSDag-Erling Smørgrav # else 11221e764dfSDag-Erling Smørgrav last_login_time = get_last_login_time(uid, user, hostname, 11321e764dfSDag-Erling Smørgrav sizeof(hostname)); 11421e764dfSDag-Erling Smørgrav 11521e764dfSDag-Erling Smørgrav if (last_login_time != 0) { 11621e764dfSDag-Erling Smørgrav time_string = ctime(&last_login_time); 117d4af9e69SDag-Erling Smørgrav time_string[strcspn(time_string, "\n")] = '\0'; 11821e764dfSDag-Erling Smørgrav if (strcmp(hostname, "") == 0) 119190cef3dSDag-Erling Smørgrav r = sshbuf_putf(loginmsg, "Last login: %s\r\n", 12021e764dfSDag-Erling Smørgrav time_string); 12121e764dfSDag-Erling Smørgrav else 122190cef3dSDag-Erling Smørgrav r = sshbuf_putf(loginmsg, "Last login: %s from %s\r\n", 12321e764dfSDag-Erling Smørgrav time_string, hostname); 124190cef3dSDag-Erling Smørgrav if (r != 0) 125*19261079SEd Maste fatal_fr(r, "sshbuf_putf"); 12621e764dfSDag-Erling Smørgrav } 1277aee6ffeSDag-Erling Smørgrav # endif /* CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG */ 12821e764dfSDag-Erling Smørgrav #endif /* NO_SSH_LASTLOG */ 12921e764dfSDag-Erling Smørgrav } 13021e764dfSDag-Erling Smørgrav 13121e764dfSDag-Erling Smørgrav /* 132cf2b5f3bSDag-Erling Smørgrav * Records that the user has logged in. I wish these parts of operating 133cf2b5f3bSDag-Erling Smørgrav * systems were more standardized. 1341e8db6e2SBrian Feldman */ 1351e8db6e2SBrian Feldman void 13621e764dfSDag-Erling Smørgrav record_login(pid_t pid, const char *tty, const char *user, uid_t uid, 1377ac32603SHajimu UMEMOTO const char *host, struct sockaddr *addr, socklen_t addrlen) 1381e8db6e2SBrian Feldman { 139989dd127SDag-Erling Smørgrav struct logininfo *li; 1401e8db6e2SBrian Feldman 14121e764dfSDag-Erling Smørgrav /* save previous login details before writing new */ 14221e764dfSDag-Erling Smørgrav store_lastlog_message(user, uid); 14321e764dfSDag-Erling Smørgrav 14421e764dfSDag-Erling Smørgrav li = login_alloc_entry(pid, user, host, tty); 1457ac32603SHajimu UMEMOTO login_set_addr(li, addr, addrlen); 146989dd127SDag-Erling Smørgrav login_login(li); 147989dd127SDag-Erling Smørgrav login_free_entry(li); 1481e8db6e2SBrian Feldman } 149989dd127SDag-Erling Smørgrav 150989dd127SDag-Erling Smørgrav #ifdef LOGIN_NEEDS_UTMPX 151989dd127SDag-Erling Smørgrav void 152989dd127SDag-Erling Smørgrav record_utmp_only(pid_t pid, const char *ttyname, const char *user, 1537ac32603SHajimu UMEMOTO const char *host, struct sockaddr *addr, socklen_t addrlen) 154989dd127SDag-Erling Smørgrav { 155989dd127SDag-Erling Smørgrav struct logininfo *li; 156989dd127SDag-Erling Smørgrav 157989dd127SDag-Erling Smørgrav li = login_alloc_entry(pid, user, host, ttyname); 1587ac32603SHajimu UMEMOTO login_set_addr(li, addr, addrlen); 159989dd127SDag-Erling Smørgrav login_utmp_only(li); 160989dd127SDag-Erling Smørgrav login_free_entry(li); 1611e8db6e2SBrian Feldman } 162989dd127SDag-Erling Smørgrav #endif 1631e8db6e2SBrian Feldman 1641e8db6e2SBrian Feldman /* Records that the user has logged out. */ 1651e8db6e2SBrian Feldman void 16621e764dfSDag-Erling Smørgrav record_logout(pid_t pid, const char *tty, const char *user) 1671e8db6e2SBrian Feldman { 168989dd127SDag-Erling Smørgrav struct logininfo *li; 169989dd127SDag-Erling Smørgrav 17021e764dfSDag-Erling Smørgrav li = login_alloc_entry(pid, user, NULL, tty); 171989dd127SDag-Erling Smørgrav login_logout(li); 172989dd127SDag-Erling Smørgrav login_free_entry(li); 1731e8db6e2SBrian Feldman } 174