1bc5531deSDag-Erling Smørgrav /* $OpenBSD: sshpty.c,v 1.29 2014/09/03 18:55:07 djm Exp $ */ 21e8db6e2SBrian Feldman /* 31e8db6e2SBrian Feldman * Author: Tatu Ylonen <ylo@cs.hut.fi> 41e8db6e2SBrian Feldman * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 51e8db6e2SBrian Feldman * All rights reserved 61e8db6e2SBrian Feldman * Allocating a pseudo-terminal, and making it the controlling tty. 71e8db6e2SBrian Feldman * 81e8db6e2SBrian Feldman * As far as I am concerned, the code I have written for this software 91e8db6e2SBrian Feldman * can be used freely for any purpose. Any derived versions of this 101e8db6e2SBrian Feldman * software must be clearly marked as such, and if the derived work is 111e8db6e2SBrian Feldman * incompatible with the protocol description in the RFC file, it must be 121e8db6e2SBrian Feldman * called by a name other than "ssh" or "Secure Shell". 131e8db6e2SBrian Feldman */ 141e8db6e2SBrian Feldman 151e8db6e2SBrian Feldman #include "includes.h" 161e8db6e2SBrian Feldman 17333ee039SDag-Erling Smørgrav #include <sys/types.h> 18333ee039SDag-Erling Smørgrav #include <sys/ioctl.h> 19333ee039SDag-Erling Smørgrav #include <sys/stat.h> 20333ee039SDag-Erling Smørgrav #include <signal.h> 21333ee039SDag-Erling Smørgrav 22333ee039SDag-Erling Smørgrav #include <errno.h> 23333ee039SDag-Erling Smørgrav #include <fcntl.h> 24333ee039SDag-Erling Smørgrav #include <grp.h> 25333ee039SDag-Erling Smørgrav #ifdef HAVE_PATHS_H 26333ee039SDag-Erling Smørgrav # include <paths.h> 27333ee039SDag-Erling Smørgrav #endif 28333ee039SDag-Erling Smørgrav #include <pwd.h> 29333ee039SDag-Erling Smørgrav #include <stdarg.h> 30333ee039SDag-Erling Smørgrav #include <string.h> 31333ee039SDag-Erling Smørgrav #include <termios.h> 32989dd127SDag-Erling Smørgrav #ifdef HAVE_UTIL_H 33989dd127SDag-Erling Smørgrav # include <util.h> 34333ee039SDag-Erling Smørgrav #endif 35333ee039SDag-Erling Smørgrav #include <unistd.h> 36989dd127SDag-Erling Smørgrav 371e8db6e2SBrian Feldman #include "sshpty.h" 381e8db6e2SBrian Feldman #include "log.h" 39989dd127SDag-Erling Smørgrav #include "misc.h" 401e8db6e2SBrian Feldman 41989dd127SDag-Erling Smørgrav #ifdef HAVE_PTY_H 42989dd127SDag-Erling Smørgrav # include <pty.h> 43989dd127SDag-Erling Smørgrav #endif 44989dd127SDag-Erling Smørgrav 451e8db6e2SBrian Feldman #ifndef O_NOCTTY 461e8db6e2SBrian Feldman #define O_NOCTTY 0 471e8db6e2SBrian Feldman #endif 481e8db6e2SBrian Feldman 49cce7d346SDag-Erling Smørgrav #ifdef __APPLE__ 50cce7d346SDag-Erling Smørgrav # include <AvailabilityMacros.h> 51cce7d346SDag-Erling Smørgrav # if (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_5) 52cce7d346SDag-Erling Smørgrav # define __APPLE_PRIVPTY__ 53cce7d346SDag-Erling Smørgrav # endif 54cce7d346SDag-Erling Smørgrav #endif 55cce7d346SDag-Erling Smørgrav 561e8db6e2SBrian Feldman /* 571e8db6e2SBrian Feldman * Allocates and opens a pty. Returns 0 if no pty could be allocated, or 581e8db6e2SBrian Feldman * nonzero if a pty was successfully allocated. On success, open file 591e8db6e2SBrian Feldman * descriptors for the pty and tty sides and the name of the tty side are 601e8db6e2SBrian Feldman * returned (the buffer must be able to hold at least 64 characters). 611e8db6e2SBrian Feldman */ 621e8db6e2SBrian Feldman 631e8db6e2SBrian Feldman int 64333ee039SDag-Erling Smørgrav pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) 651e8db6e2SBrian Feldman { 661e8db6e2SBrian Feldman /* openpty(3) exists in OSF/1 and some other os'es */ 67989dd127SDag-Erling Smørgrav char *name; 681e8db6e2SBrian Feldman int i; 691e8db6e2SBrian Feldman 70989dd127SDag-Erling Smørgrav i = openpty(ptyfd, ttyfd, NULL, NULL, NULL); 711e8db6e2SBrian Feldman if (i < 0) { 721e8db6e2SBrian Feldman error("openpty: %.100s", strerror(errno)); 731e8db6e2SBrian Feldman return 0; 741e8db6e2SBrian Feldman } 75989dd127SDag-Erling Smørgrav name = ttyname(*ttyfd); 76989dd127SDag-Erling Smørgrav if (!name) 77989dd127SDag-Erling Smørgrav fatal("openpty returns device for which ttyname fails."); 78989dd127SDag-Erling Smørgrav 79989dd127SDag-Erling Smørgrav strlcpy(namebuf, name, namebuflen); /* possible truncation */ 801e8db6e2SBrian Feldman return 1; 811e8db6e2SBrian Feldman } 821e8db6e2SBrian Feldman 831e8db6e2SBrian Feldman /* Releases the tty. Its ownership is returned to root, and permissions to 0666. */ 841e8db6e2SBrian Feldman 851e8db6e2SBrian Feldman void 8621e764dfSDag-Erling Smørgrav pty_release(const char *tty) 871e8db6e2SBrian Feldman { 88*557f75e5SDag-Erling Smørgrav #if !defined(__APPLE_PRIVPTY__) && !defined(HAVE_OPENPTY) 8921e764dfSDag-Erling Smørgrav if (chown(tty, (uid_t) 0, (gid_t) 0) < 0) 9021e764dfSDag-Erling Smørgrav error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno)); 9121e764dfSDag-Erling Smørgrav if (chmod(tty, (mode_t) 0666) < 0) 9221e764dfSDag-Erling Smørgrav error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno)); 93*557f75e5SDag-Erling Smørgrav #endif /* !__APPLE_PRIVPTY__ && !HAVE_OPENPTY */ 941e8db6e2SBrian Feldman } 951e8db6e2SBrian Feldman 96cf2b5f3bSDag-Erling Smørgrav /* Makes the tty the process's controlling tty and sets it to sane modes. */ 971e8db6e2SBrian Feldman 981e8db6e2SBrian Feldman void 9921e764dfSDag-Erling Smørgrav pty_make_controlling_tty(int *ttyfd, const char *tty) 1001e8db6e2SBrian Feldman { 1011e8db6e2SBrian Feldman int fd; 102989dd127SDag-Erling Smørgrav 103f388f5efSDag-Erling Smørgrav #ifdef _UNICOS 104989dd127SDag-Erling Smørgrav if (setsid() < 0) 105989dd127SDag-Erling Smørgrav error("setsid: %.100s", strerror(errno)); 106989dd127SDag-Erling Smørgrav 10721e764dfSDag-Erling Smørgrav fd = open(tty, O_RDWR|O_NOCTTY); 108989dd127SDag-Erling Smørgrav if (fd != -1) { 109cf2b5f3bSDag-Erling Smørgrav signal(SIGHUP, SIG_IGN); 110989dd127SDag-Erling Smørgrav ioctl(fd, TCVHUP, (char *)NULL); 111cf2b5f3bSDag-Erling Smørgrav signal(SIGHUP, SIG_DFL); 112989dd127SDag-Erling Smørgrav setpgid(0, 0); 113989dd127SDag-Erling Smørgrav close(fd); 114989dd127SDag-Erling Smørgrav } else { 115989dd127SDag-Erling Smørgrav error("Failed to disconnect from controlling tty."); 116989dd127SDag-Erling Smørgrav } 117989dd127SDag-Erling Smørgrav 118989dd127SDag-Erling Smørgrav debug("Setting controlling tty using TCSETCTTY."); 119989dd127SDag-Erling Smørgrav ioctl(*ttyfd, TCSETCTTY, NULL); 120989dd127SDag-Erling Smørgrav fd = open("/dev/tty", O_RDWR); 121989dd127SDag-Erling Smørgrav if (fd < 0) 12221e764dfSDag-Erling Smørgrav error("%.100s: %.100s", tty, strerror(errno)); 123989dd127SDag-Erling Smørgrav close(*ttyfd); 124989dd127SDag-Erling Smørgrav *ttyfd = fd; 125f388f5efSDag-Erling Smørgrav #else /* _UNICOS */ 1261e8db6e2SBrian Feldman 1271e8db6e2SBrian Feldman /* First disconnect from the old controlling tty. */ 1281e8db6e2SBrian Feldman #ifdef TIOCNOTTY 1291e8db6e2SBrian Feldman fd = open(_PATH_TTY, O_RDWR | O_NOCTTY); 1301e8db6e2SBrian Feldman if (fd >= 0) { 1311e8db6e2SBrian Feldman (void) ioctl(fd, TIOCNOTTY, NULL); 1321e8db6e2SBrian Feldman close(fd); 1331e8db6e2SBrian Feldman } 1341e8db6e2SBrian Feldman #endif /* TIOCNOTTY */ 1351e8db6e2SBrian Feldman if (setsid() < 0) 1361e8db6e2SBrian Feldman error("setsid: %.100s", strerror(errno)); 1371e8db6e2SBrian Feldman 1381e8db6e2SBrian Feldman /* 1391e8db6e2SBrian Feldman * Verify that we are successfully disconnected from the controlling 1401e8db6e2SBrian Feldman * tty. 1411e8db6e2SBrian Feldman */ 1421e8db6e2SBrian Feldman fd = open(_PATH_TTY, O_RDWR | O_NOCTTY); 1431e8db6e2SBrian Feldman if (fd >= 0) { 1441e8db6e2SBrian Feldman error("Failed to disconnect from controlling tty."); 1451e8db6e2SBrian Feldman close(fd); 1461e8db6e2SBrian Feldman } 1471e8db6e2SBrian Feldman /* Make it our controlling tty. */ 1481e8db6e2SBrian Feldman #ifdef TIOCSCTTY 1491e8db6e2SBrian Feldman debug("Setting controlling tty using TIOCSCTTY."); 1501e8db6e2SBrian Feldman if (ioctl(*ttyfd, TIOCSCTTY, NULL) < 0) 1511e8db6e2SBrian Feldman error("ioctl(TIOCSCTTY): %.100s", strerror(errno)); 1521e8db6e2SBrian Feldman #endif /* TIOCSCTTY */ 153d4ecd108SDag-Erling Smørgrav #ifdef NEED_SETPGRP 154989dd127SDag-Erling Smørgrav if (setpgrp(0,0) < 0) 155989dd127SDag-Erling Smørgrav error("SETPGRP %s",strerror(errno)); 156d4ecd108SDag-Erling Smørgrav #endif /* NEED_SETPGRP */ 15721e764dfSDag-Erling Smørgrav fd = open(tty, O_RDWR); 158989dd127SDag-Erling Smørgrav if (fd < 0) { 15921e764dfSDag-Erling Smørgrav error("%.100s: %.100s", tty, strerror(errno)); 160989dd127SDag-Erling Smørgrav } else { 1611e8db6e2SBrian Feldman close(fd); 162989dd127SDag-Erling Smørgrav } 1631e8db6e2SBrian Feldman /* Verify that we now have a controlling tty. */ 1641e8db6e2SBrian Feldman fd = open(_PATH_TTY, O_WRONLY); 1651e8db6e2SBrian Feldman if (fd < 0) 1661e8db6e2SBrian Feldman error("open /dev/tty failed - could not set controlling tty: %.100s", 1671e8db6e2SBrian Feldman strerror(errno)); 168a82e551fSDag-Erling Smørgrav else 1691e8db6e2SBrian Feldman close(fd); 170f388f5efSDag-Erling Smørgrav #endif /* _UNICOS */ 1711e8db6e2SBrian Feldman } 1721e8db6e2SBrian Feldman 1731e8db6e2SBrian Feldman /* Changes the window size associated with the pty. */ 1741e8db6e2SBrian Feldman 1751e8db6e2SBrian Feldman void 176333ee039SDag-Erling Smørgrav pty_change_window_size(int ptyfd, u_int row, u_int col, 177333ee039SDag-Erling Smørgrav u_int xpixel, u_int ypixel) 1781e8db6e2SBrian Feldman { 1791e8db6e2SBrian Feldman struct winsize w; 180a82e551fSDag-Erling Smørgrav 181333ee039SDag-Erling Smørgrav /* may truncate u_int -> u_short */ 1821e8db6e2SBrian Feldman w.ws_row = row; 1831e8db6e2SBrian Feldman w.ws_col = col; 1841e8db6e2SBrian Feldman w.ws_xpixel = xpixel; 1851e8db6e2SBrian Feldman w.ws_ypixel = ypixel; 1861e8db6e2SBrian Feldman (void) ioctl(ptyfd, TIOCSWINSZ, &w); 1871e8db6e2SBrian Feldman } 1881e8db6e2SBrian Feldman 1891e8db6e2SBrian Feldman void 19021e764dfSDag-Erling Smørgrav pty_setowner(struct passwd *pw, const char *tty) 1911e8db6e2SBrian Feldman { 1921e8db6e2SBrian Feldman struct group *grp; 1931e8db6e2SBrian Feldman gid_t gid; 1941e8db6e2SBrian Feldman mode_t mode; 1951e8db6e2SBrian Feldman struct stat st; 1961e8db6e2SBrian Feldman 1971e8db6e2SBrian Feldman /* Determine the group to make the owner of the tty. */ 1981e8db6e2SBrian Feldman grp = getgrnam("tty"); 199bc5531deSDag-Erling Smørgrav gid = (grp != NULL) ? grp->gr_gid : pw->pw_gid; 200bc5531deSDag-Erling Smørgrav mode = (grp != NULL) ? 0622 : 0600; 2011e8db6e2SBrian Feldman 2021e8db6e2SBrian Feldman /* 2031e8db6e2SBrian Feldman * Change owner and mode of the tty as required. 204af12a3e7SDag-Erling Smørgrav * Warn but continue if filesystem is read-only and the uids match/ 205af12a3e7SDag-Erling Smørgrav * tty is owned by root. 2061e8db6e2SBrian Feldman */ 20721e764dfSDag-Erling Smørgrav if (stat(tty, &st)) 20821e764dfSDag-Erling Smørgrav fatal("stat(%.100s) failed: %.100s", tty, 2091e8db6e2SBrian Feldman strerror(errno)); 2101e8db6e2SBrian Feldman 211333ee039SDag-Erling Smørgrav #ifdef WITH_SELINUX 212333ee039SDag-Erling Smørgrav ssh_selinux_setup_pty(pw->pw_name, tty); 213333ee039SDag-Erling Smørgrav #endif 214333ee039SDag-Erling Smørgrav 2151e8db6e2SBrian Feldman if (st.st_uid != pw->pw_uid || st.st_gid != gid) { 21621e764dfSDag-Erling Smørgrav if (chown(tty, pw->pw_uid, gid) < 0) { 217af12a3e7SDag-Erling Smørgrav if (errno == EROFS && 218af12a3e7SDag-Erling Smørgrav (st.st_uid == pw->pw_uid || st.st_uid == 0)) 219e73e9afaSDag-Erling Smørgrav debug("chown(%.100s, %u, %u) failed: %.100s", 22021e764dfSDag-Erling Smørgrav tty, (u_int)pw->pw_uid, (u_int)gid, 2211e8db6e2SBrian Feldman strerror(errno)); 2221e8db6e2SBrian Feldman else 223a82e551fSDag-Erling Smørgrav fatal("chown(%.100s, %u, %u) failed: %.100s", 22421e764dfSDag-Erling Smørgrav tty, (u_int)pw->pw_uid, (u_int)gid, 2251e8db6e2SBrian Feldman strerror(errno)); 2261e8db6e2SBrian Feldman } 2271e8db6e2SBrian Feldman } 2281e8db6e2SBrian Feldman 2291e8db6e2SBrian Feldman if ((st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != mode) { 23021e764dfSDag-Erling Smørgrav if (chmod(tty, mode) < 0) { 2311e8db6e2SBrian Feldman if (errno == EROFS && 2321e8db6e2SBrian Feldman (st.st_mode & (S_IRGRP | S_IROTH)) == 0) 233e73e9afaSDag-Erling Smørgrav debug("chmod(%.100s, 0%o) failed: %.100s", 23421e764dfSDag-Erling Smørgrav tty, (u_int)mode, strerror(errno)); 2351e8db6e2SBrian Feldman else 2361e8db6e2SBrian Feldman fatal("chmod(%.100s, 0%o) failed: %.100s", 23721e764dfSDag-Erling Smørgrav tty, (u_int)mode, strerror(errno)); 2381e8db6e2SBrian Feldman } 2391e8db6e2SBrian Feldman } 2401e8db6e2SBrian Feldman } 241