1333ee039SDag-Erling Smørgrav /* $OpenBSD: sshpty.c,v 1.26 2006/08/03 03:34:42 deraadt Exp $ */ 21e8db6e2SBrian Feldman /* 31e8db6e2SBrian Feldman * Author: Tatu Ylonen <ylo@cs.hut.fi> 41e8db6e2SBrian Feldman * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 51e8db6e2SBrian Feldman * All rights reserved 61e8db6e2SBrian Feldman * Allocating a pseudo-terminal, and making it the controlling tty. 71e8db6e2SBrian Feldman * 81e8db6e2SBrian Feldman * As far as I am concerned, the code I have written for this software 91e8db6e2SBrian Feldman * can be used freely for any purpose. Any derived versions of this 101e8db6e2SBrian Feldman * software must be clearly marked as such, and if the derived work is 111e8db6e2SBrian Feldman * incompatible with the protocol description in the RFC file, it must be 121e8db6e2SBrian Feldman * called by a name other than "ssh" or "Secure Shell". 131e8db6e2SBrian Feldman */ 141e8db6e2SBrian Feldman 151e8db6e2SBrian Feldman #include "includes.h" 161e8db6e2SBrian Feldman 17333ee039SDag-Erling Smørgrav #include <sys/types.h> 18333ee039SDag-Erling Smørgrav #include <sys/ioctl.h> 19333ee039SDag-Erling Smørgrav #include <sys/stat.h> 20333ee039SDag-Erling Smørgrav #include <signal.h> 21333ee039SDag-Erling Smørgrav 22333ee039SDag-Erling Smørgrav #include <errno.h> 23333ee039SDag-Erling Smørgrav #include <fcntl.h> 24333ee039SDag-Erling Smørgrav #include <grp.h> 25333ee039SDag-Erling Smørgrav #ifdef HAVE_PATHS_H 26333ee039SDag-Erling Smørgrav # include <paths.h> 27333ee039SDag-Erling Smørgrav #endif 28333ee039SDag-Erling Smørgrav #include <pwd.h> 29333ee039SDag-Erling Smørgrav #include <stdarg.h> 30333ee039SDag-Erling Smørgrav #include <string.h> 31333ee039SDag-Erling Smørgrav #include <termios.h> 32989dd127SDag-Erling Smørgrav #ifdef HAVE_UTIL_H 33989dd127SDag-Erling Smørgrav # include <util.h> 34333ee039SDag-Erling Smørgrav #endif 35333ee039SDag-Erling Smørgrav #include <unistd.h> 36989dd127SDag-Erling Smørgrav 371e8db6e2SBrian Feldman #include "sshpty.h" 381e8db6e2SBrian Feldman #include "log.h" 39989dd127SDag-Erling Smørgrav #include "misc.h" 401e8db6e2SBrian Feldman 41989dd127SDag-Erling Smørgrav #ifdef HAVE_PTY_H 42989dd127SDag-Erling Smørgrav # include <pty.h> 43989dd127SDag-Erling Smørgrav #endif 44989dd127SDag-Erling Smørgrav 451e8db6e2SBrian Feldman #ifndef O_NOCTTY 461e8db6e2SBrian Feldman #define O_NOCTTY 0 471e8db6e2SBrian Feldman #endif 481e8db6e2SBrian Feldman 491e8db6e2SBrian Feldman /* 501e8db6e2SBrian Feldman * Allocates and opens a pty. Returns 0 if no pty could be allocated, or 511e8db6e2SBrian Feldman * nonzero if a pty was successfully allocated. On success, open file 521e8db6e2SBrian Feldman * descriptors for the pty and tty sides and the name of the tty side are 531e8db6e2SBrian Feldman * returned (the buffer must be able to hold at least 64 characters). 541e8db6e2SBrian Feldman */ 551e8db6e2SBrian Feldman 561e8db6e2SBrian Feldman int 57333ee039SDag-Erling Smørgrav pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) 581e8db6e2SBrian Feldman { 591e8db6e2SBrian Feldman /* openpty(3) exists in OSF/1 and some other os'es */ 60989dd127SDag-Erling Smørgrav char *name; 611e8db6e2SBrian Feldman int i; 621e8db6e2SBrian Feldman 63989dd127SDag-Erling Smørgrav i = openpty(ptyfd, ttyfd, NULL, NULL, NULL); 641e8db6e2SBrian Feldman if (i < 0) { 651e8db6e2SBrian Feldman error("openpty: %.100s", strerror(errno)); 661e8db6e2SBrian Feldman return 0; 671e8db6e2SBrian Feldman } 68989dd127SDag-Erling Smørgrav name = ttyname(*ttyfd); 69989dd127SDag-Erling Smørgrav if (!name) 70989dd127SDag-Erling Smørgrav fatal("openpty returns device for which ttyname fails."); 71989dd127SDag-Erling Smørgrav 72989dd127SDag-Erling Smørgrav strlcpy(namebuf, name, namebuflen); /* possible truncation */ 731e8db6e2SBrian Feldman return 1; 741e8db6e2SBrian Feldman } 751e8db6e2SBrian Feldman 761e8db6e2SBrian Feldman /* Releases the tty. Its ownership is returned to root, and permissions to 0666. */ 771e8db6e2SBrian Feldman 781e8db6e2SBrian Feldman void 7921e764dfSDag-Erling Smørgrav pty_release(const char *tty) 801e8db6e2SBrian Feldman { 8121e764dfSDag-Erling Smørgrav if (chown(tty, (uid_t) 0, (gid_t) 0) < 0) 8221e764dfSDag-Erling Smørgrav error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno)); 8321e764dfSDag-Erling Smørgrav if (chmod(tty, (mode_t) 0666) < 0) 8421e764dfSDag-Erling Smørgrav error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno)); 851e8db6e2SBrian Feldman } 861e8db6e2SBrian Feldman 87cf2b5f3bSDag-Erling Smørgrav /* Makes the tty the process's controlling tty and sets it to sane modes. */ 881e8db6e2SBrian Feldman 891e8db6e2SBrian Feldman void 9021e764dfSDag-Erling Smørgrav pty_make_controlling_tty(int *ttyfd, const char *tty) 911e8db6e2SBrian Feldman { 921e8db6e2SBrian Feldman int fd; 93989dd127SDag-Erling Smørgrav #ifdef USE_VHANGUP 94989dd127SDag-Erling Smørgrav void *old; 95989dd127SDag-Erling Smørgrav #endif /* USE_VHANGUP */ 96989dd127SDag-Erling Smørgrav 97f388f5efSDag-Erling Smørgrav #ifdef _UNICOS 98989dd127SDag-Erling Smørgrav if (setsid() < 0) 99989dd127SDag-Erling Smørgrav error("setsid: %.100s", strerror(errno)); 100989dd127SDag-Erling Smørgrav 10121e764dfSDag-Erling Smørgrav fd = open(tty, O_RDWR|O_NOCTTY); 102989dd127SDag-Erling Smørgrav if (fd != -1) { 103cf2b5f3bSDag-Erling Smørgrav signal(SIGHUP, SIG_IGN); 104989dd127SDag-Erling Smørgrav ioctl(fd, TCVHUP, (char *)NULL); 105cf2b5f3bSDag-Erling Smørgrav signal(SIGHUP, SIG_DFL); 106989dd127SDag-Erling Smørgrav setpgid(0, 0); 107989dd127SDag-Erling Smørgrav close(fd); 108989dd127SDag-Erling Smørgrav } else { 109989dd127SDag-Erling Smørgrav error("Failed to disconnect from controlling tty."); 110989dd127SDag-Erling Smørgrav } 111989dd127SDag-Erling Smørgrav 112989dd127SDag-Erling Smørgrav debug("Setting controlling tty using TCSETCTTY."); 113989dd127SDag-Erling Smørgrav ioctl(*ttyfd, TCSETCTTY, NULL); 114989dd127SDag-Erling Smørgrav fd = open("/dev/tty", O_RDWR); 115989dd127SDag-Erling Smørgrav if (fd < 0) 11621e764dfSDag-Erling Smørgrav error("%.100s: %.100s", tty, strerror(errno)); 117989dd127SDag-Erling Smørgrav close(*ttyfd); 118989dd127SDag-Erling Smørgrav *ttyfd = fd; 119f388f5efSDag-Erling Smørgrav #else /* _UNICOS */ 1201e8db6e2SBrian Feldman 1211e8db6e2SBrian Feldman /* First disconnect from the old controlling tty. */ 1221e8db6e2SBrian Feldman #ifdef TIOCNOTTY 1231e8db6e2SBrian Feldman fd = open(_PATH_TTY, O_RDWR | O_NOCTTY); 1241e8db6e2SBrian Feldman if (fd >= 0) { 1251e8db6e2SBrian Feldman (void) ioctl(fd, TIOCNOTTY, NULL); 1261e8db6e2SBrian Feldman close(fd); 1271e8db6e2SBrian Feldman } 1281e8db6e2SBrian Feldman #endif /* TIOCNOTTY */ 1291e8db6e2SBrian Feldman if (setsid() < 0) 1301e8db6e2SBrian Feldman error("setsid: %.100s", strerror(errno)); 1311e8db6e2SBrian Feldman 1321e8db6e2SBrian Feldman /* 1331e8db6e2SBrian Feldman * Verify that we are successfully disconnected from the controlling 1341e8db6e2SBrian Feldman * tty. 1351e8db6e2SBrian Feldman */ 1361e8db6e2SBrian Feldman fd = open(_PATH_TTY, O_RDWR | O_NOCTTY); 1371e8db6e2SBrian Feldman if (fd >= 0) { 1381e8db6e2SBrian Feldman error("Failed to disconnect from controlling tty."); 1391e8db6e2SBrian Feldman close(fd); 1401e8db6e2SBrian Feldman } 1411e8db6e2SBrian Feldman /* Make it our controlling tty. */ 1421e8db6e2SBrian Feldman #ifdef TIOCSCTTY 1431e8db6e2SBrian Feldman debug("Setting controlling tty using TIOCSCTTY."); 1441e8db6e2SBrian Feldman if (ioctl(*ttyfd, TIOCSCTTY, NULL) < 0) 1451e8db6e2SBrian Feldman error("ioctl(TIOCSCTTY): %.100s", strerror(errno)); 1461e8db6e2SBrian Feldman #endif /* TIOCSCTTY */ 147d4ecd108SDag-Erling Smørgrav #ifdef NEED_SETPGRP 148989dd127SDag-Erling Smørgrav if (setpgrp(0,0) < 0) 149989dd127SDag-Erling Smørgrav error("SETPGRP %s",strerror(errno)); 150d4ecd108SDag-Erling Smørgrav #endif /* NEED_SETPGRP */ 151989dd127SDag-Erling Smørgrav #ifdef USE_VHANGUP 152cf2b5f3bSDag-Erling Smørgrav old = signal(SIGHUP, SIG_IGN); 153989dd127SDag-Erling Smørgrav vhangup(); 154cf2b5f3bSDag-Erling Smørgrav signal(SIGHUP, old); 155989dd127SDag-Erling Smørgrav #endif /* USE_VHANGUP */ 15621e764dfSDag-Erling Smørgrav fd = open(tty, O_RDWR); 157989dd127SDag-Erling Smørgrav if (fd < 0) { 15821e764dfSDag-Erling Smørgrav error("%.100s: %.100s", tty, strerror(errno)); 159989dd127SDag-Erling Smørgrav } else { 160989dd127SDag-Erling Smørgrav #ifdef USE_VHANGUP 161989dd127SDag-Erling Smørgrav close(*ttyfd); 162989dd127SDag-Erling Smørgrav *ttyfd = fd; 163989dd127SDag-Erling Smørgrav #else /* USE_VHANGUP */ 1641e8db6e2SBrian Feldman close(fd); 165989dd127SDag-Erling Smørgrav #endif /* USE_VHANGUP */ 166989dd127SDag-Erling Smørgrav } 1671e8db6e2SBrian Feldman /* Verify that we now have a controlling tty. */ 1681e8db6e2SBrian Feldman fd = open(_PATH_TTY, O_WRONLY); 1691e8db6e2SBrian Feldman if (fd < 0) 1701e8db6e2SBrian Feldman error("open /dev/tty failed - could not set controlling tty: %.100s", 1711e8db6e2SBrian Feldman strerror(errno)); 172a82e551fSDag-Erling Smørgrav else 1731e8db6e2SBrian Feldman close(fd); 174f388f5efSDag-Erling Smørgrav #endif /* _UNICOS */ 1751e8db6e2SBrian Feldman } 1761e8db6e2SBrian Feldman 1771e8db6e2SBrian Feldman /* Changes the window size associated with the pty. */ 1781e8db6e2SBrian Feldman 1791e8db6e2SBrian Feldman void 180333ee039SDag-Erling Smørgrav pty_change_window_size(int ptyfd, u_int row, u_int col, 181333ee039SDag-Erling Smørgrav u_int xpixel, u_int ypixel) 1821e8db6e2SBrian Feldman { 1831e8db6e2SBrian Feldman struct winsize w; 184a82e551fSDag-Erling Smørgrav 185333ee039SDag-Erling Smørgrav /* may truncate u_int -> u_short */ 1861e8db6e2SBrian Feldman w.ws_row = row; 1871e8db6e2SBrian Feldman w.ws_col = col; 1881e8db6e2SBrian Feldman w.ws_xpixel = xpixel; 1891e8db6e2SBrian Feldman w.ws_ypixel = ypixel; 1901e8db6e2SBrian Feldman (void) ioctl(ptyfd, TIOCSWINSZ, &w); 1911e8db6e2SBrian Feldman } 1921e8db6e2SBrian Feldman 1931e8db6e2SBrian Feldman void 19421e764dfSDag-Erling Smørgrav pty_setowner(struct passwd *pw, const char *tty) 1951e8db6e2SBrian Feldman { 1961e8db6e2SBrian Feldman struct group *grp; 1971e8db6e2SBrian Feldman gid_t gid; 1981e8db6e2SBrian Feldman mode_t mode; 1991e8db6e2SBrian Feldman struct stat st; 2001e8db6e2SBrian Feldman 2011e8db6e2SBrian Feldman /* Determine the group to make the owner of the tty. */ 2021e8db6e2SBrian Feldman grp = getgrnam("tty"); 2031e8db6e2SBrian Feldman if (grp) { 2041e8db6e2SBrian Feldman gid = grp->gr_gid; 2051e8db6e2SBrian Feldman mode = S_IRUSR | S_IWUSR | S_IWGRP; 2061e8db6e2SBrian Feldman } else { 2071e8db6e2SBrian Feldman gid = pw->pw_gid; 2081e8db6e2SBrian Feldman mode = S_IRUSR | S_IWUSR | S_IWGRP | S_IWOTH; 2091e8db6e2SBrian Feldman } 2101e8db6e2SBrian Feldman 2111e8db6e2SBrian Feldman /* 2121e8db6e2SBrian Feldman * Change owner and mode of the tty as required. 213af12a3e7SDag-Erling Smørgrav * Warn but continue if filesystem is read-only and the uids match/ 214af12a3e7SDag-Erling Smørgrav * tty is owned by root. 2151e8db6e2SBrian Feldman */ 21621e764dfSDag-Erling Smørgrav if (stat(tty, &st)) 21721e764dfSDag-Erling Smørgrav fatal("stat(%.100s) failed: %.100s", tty, 2181e8db6e2SBrian Feldman strerror(errno)); 2191e8db6e2SBrian Feldman 220333ee039SDag-Erling Smørgrav #ifdef WITH_SELINUX 221333ee039SDag-Erling Smørgrav ssh_selinux_setup_pty(pw->pw_name, tty); 222333ee039SDag-Erling Smørgrav #endif 223333ee039SDag-Erling Smørgrav 2241e8db6e2SBrian Feldman if (st.st_uid != pw->pw_uid || st.st_gid != gid) { 22521e764dfSDag-Erling Smørgrav if (chown(tty, pw->pw_uid, gid) < 0) { 226af12a3e7SDag-Erling Smørgrav if (errno == EROFS && 227af12a3e7SDag-Erling Smørgrav (st.st_uid == pw->pw_uid || st.st_uid == 0)) 228e73e9afaSDag-Erling Smørgrav debug("chown(%.100s, %u, %u) failed: %.100s", 22921e764dfSDag-Erling Smørgrav tty, (u_int)pw->pw_uid, (u_int)gid, 2301e8db6e2SBrian Feldman strerror(errno)); 2311e8db6e2SBrian Feldman else 232a82e551fSDag-Erling Smørgrav fatal("chown(%.100s, %u, %u) failed: %.100s", 23321e764dfSDag-Erling Smørgrav tty, (u_int)pw->pw_uid, (u_int)gid, 2341e8db6e2SBrian Feldman strerror(errno)); 2351e8db6e2SBrian Feldman } 2361e8db6e2SBrian Feldman } 2371e8db6e2SBrian Feldman 2381e8db6e2SBrian Feldman if ((st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != mode) { 23921e764dfSDag-Erling Smørgrav if (chmod(tty, mode) < 0) { 2401e8db6e2SBrian Feldman if (errno == EROFS && 2411e8db6e2SBrian Feldman (st.st_mode & (S_IRGRP | S_IROTH)) == 0) 242e73e9afaSDag-Erling Smørgrav debug("chmod(%.100s, 0%o) failed: %.100s", 24321e764dfSDag-Erling Smørgrav tty, (u_int)mode, strerror(errno)); 2441e8db6e2SBrian Feldman else 2451e8db6e2SBrian Feldman fatal("chmod(%.100s, 0%o) failed: %.100s", 24621e764dfSDag-Erling Smørgrav tty, (u_int)mode, strerror(errno)); 2471e8db6e2SBrian Feldman } 2481e8db6e2SBrian Feldman } 2491e8db6e2SBrian Feldman } 250