1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software contributed to Berkeley by 8 * Jef Poskanzer and Craig Leres of the Lawrence Berkeley Laboratory. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 #ifndef lint 36 static const char copyright[] = 37 "@(#) Copyright (c) 1989, 1993\n\ 38 The Regents of the University of California. All rights reserved.\n"; 39 #endif 40 41 #if 0 42 #ifndef lint 43 static char sccsid[] = "@(#)write.c 8.1 (Berkeley) 6/6/93"; 44 #endif 45 #endif 46 47 #include <sys/cdefs.h> 48 __FBSDID("$FreeBSD$"); 49 50 #include <sys/param.h> 51 #include <sys/capsicum.h> 52 #include <sys/filio.h> 53 #include <sys/signal.h> 54 #include <sys/stat.h> 55 #include <sys/time.h> 56 57 #include <capsicum_helpers.h> 58 #include <ctype.h> 59 #include <err.h> 60 #include <errno.h> 61 #include <locale.h> 62 #include <paths.h> 63 #include <pwd.h> 64 #include <stdio.h> 65 #include <stdlib.h> 66 #include <string.h> 67 #include <unistd.h> 68 #include <utmpx.h> 69 #include <wchar.h> 70 #include <wctype.h> 71 72 void done(int); 73 void do_write(int, char *, char *, const char *); 74 static void usage(void) __dead2; 75 int term_chk(int, char *, int *, time_t *, int); 76 void wr_fputs(wchar_t *s); 77 void search_utmp(int, char *, char *, char *, uid_t); 78 int utmp_chk(char *, char *); 79 80 int 81 main(int argc, char **argv) 82 { 83 unsigned long cmds[] = { TIOCGETA, TIOCGWINSZ, FIODGNAME }; 84 cap_rights_t rights; 85 struct passwd *pwd; 86 time_t atime; 87 uid_t myuid; 88 int msgsok, myttyfd; 89 char tty[MAXPATHLEN], *mytty; 90 const char *login; 91 int devfd; 92 93 (void)setlocale(LC_CTYPE, ""); 94 95 devfd = open(_PATH_DEV, O_RDONLY); 96 if (devfd < 0) 97 err(1, "open(/dev)"); 98 cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_IOCTL, CAP_LOOKUP, 99 CAP_PWRITE); 100 if (caph_rights_limit(devfd, &rights) < 0) 101 err(1, "can't limit devfd rights"); 102 103 /* 104 * Can't use capsicum helpers here because we need the additional 105 * FIODGNAME ioctl. 106 */ 107 cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_IOCTL, CAP_READ, 108 CAP_WRITE); 109 if (caph_rights_limit(STDIN_FILENO, &rights) < 0 || 110 caph_rights_limit(STDOUT_FILENO, &rights) < 0 || 111 caph_rights_limit(STDERR_FILENO, &rights) < 0 || 112 caph_ioctls_limit(STDIN_FILENO, cmds, nitems(cmds)) < 0 || 113 caph_ioctls_limit(STDOUT_FILENO, cmds, nitems(cmds)) < 0 || 114 caph_ioctls_limit(STDERR_FILENO, cmds, nitems(cmds)) < 0 || 115 caph_fcntls_limit(STDIN_FILENO, CAP_FCNTL_GETFL) < 0 || 116 caph_fcntls_limit(STDOUT_FILENO, CAP_FCNTL_GETFL) < 0 || 117 caph_fcntls_limit(STDERR_FILENO, CAP_FCNTL_GETFL) < 0) 118 err(1, "can't limit stdio rights"); 119 120 caph_cache_catpages(); 121 caph_cache_tzdata(); 122 123 /* 124 * Cache UTX database fds. 125 */ 126 setutxent(); 127 128 /* 129 * Determine our login name before we reopen() stdout 130 * and before entering capability sandbox. 131 */ 132 myuid = getuid(); 133 if ((login = getlogin()) == NULL) { 134 if ((pwd = getpwuid(myuid))) 135 login = pwd->pw_name; 136 else 137 login = "???"; 138 } 139 140 if (caph_enter() < 0) 141 err(1, "cap_enter"); 142 143 while (getopt(argc, argv, "") != -1) 144 usage(); 145 argc -= optind; 146 argv += optind; 147 148 /* check that sender has write enabled */ 149 if (isatty(fileno(stdin))) 150 myttyfd = fileno(stdin); 151 else if (isatty(fileno(stdout))) 152 myttyfd = fileno(stdout); 153 else if (isatty(fileno(stderr))) 154 myttyfd = fileno(stderr); 155 else 156 errx(1, "can't find your tty"); 157 if (!(mytty = ttyname(myttyfd))) 158 errx(1, "can't find your tty's name"); 159 if (!strncmp(mytty, _PATH_DEV, strlen(_PATH_DEV))) 160 mytty += strlen(_PATH_DEV); 161 if (term_chk(devfd, mytty, &msgsok, &atime, 1)) 162 exit(1); 163 if (!msgsok) 164 errx(1, "you have write permission turned off"); 165 166 /* check args */ 167 switch (argc) { 168 case 1: 169 search_utmp(devfd, argv[0], tty, mytty, myuid); 170 do_write(devfd, tty, mytty, login); 171 break; 172 case 2: 173 if (!strncmp(argv[1], _PATH_DEV, strlen(_PATH_DEV))) 174 argv[1] += strlen(_PATH_DEV); 175 if (utmp_chk(argv[0], argv[1])) 176 errx(1, "%s is not logged in on %s", argv[0], argv[1]); 177 if (term_chk(devfd, argv[1], &msgsok, &atime, 1)) 178 exit(1); 179 if (myuid && !msgsok) 180 errx(1, "%s has messages disabled on %s", argv[0], argv[1]); 181 do_write(devfd, argv[1], mytty, login); 182 break; 183 default: 184 usage(); 185 } 186 done(0); 187 return (0); 188 } 189 190 static void 191 usage(void) 192 { 193 (void)fprintf(stderr, "usage: write user [tty]\n"); 194 exit(1); 195 } 196 197 /* 198 * utmp_chk - checks that the given user is actually logged in on 199 * the given tty 200 */ 201 int 202 utmp_chk(char *user, char *tty) 203 { 204 struct utmpx lu, *u; 205 206 strncpy(lu.ut_line, tty, sizeof lu.ut_line); 207 while ((u = getutxline(&lu)) != NULL) 208 if (u->ut_type == USER_PROCESS && 209 strcmp(user, u->ut_user) == 0) { 210 endutxent(); 211 return(0); 212 } 213 endutxent(); 214 return(1); 215 } 216 217 /* 218 * search_utmp - search utmp for the "best" terminal to write to 219 * 220 * Ignores terminals with messages disabled, and of the rest, returns 221 * the one with the most recent access time. Returns as value the number 222 * of the user's terminals with messages enabled, or -1 if the user is 223 * not logged in at all. 224 * 225 * Special case for writing to yourself - ignore the terminal you're 226 * writing from, unless that's the only terminal with messages enabled. 227 */ 228 void 229 search_utmp(int devfd, char *user, char *tty, char *mytty, uid_t myuid) 230 { 231 struct utmpx *u; 232 time_t bestatime, atime; 233 int nloggedttys, nttys, msgsok, user_is_me; 234 235 nloggedttys = nttys = 0; 236 bestatime = 0; 237 user_is_me = 0; 238 239 while ((u = getutxent()) != NULL) 240 if (u->ut_type == USER_PROCESS && 241 strcmp(user, u->ut_user) == 0) { 242 ++nloggedttys; 243 if (term_chk(devfd, u->ut_line, &msgsok, &atime, 0)) 244 continue; /* bad term? skip */ 245 if (myuid && !msgsok) 246 continue; /* skip ttys with msgs off */ 247 if (strcmp(u->ut_line, mytty) == 0) { 248 user_is_me = 1; 249 continue; /* don't write to yourself */ 250 } 251 ++nttys; 252 if (atime > bestatime) { 253 bestatime = atime; 254 (void)strlcpy(tty, u->ut_line, MAXPATHLEN); 255 } 256 } 257 endutxent(); 258 259 if (nloggedttys == 0) 260 errx(1, "%s is not logged in", user); 261 if (nttys == 0) { 262 if (user_is_me) { /* ok, so write to yourself! */ 263 (void)strlcpy(tty, mytty, MAXPATHLEN); 264 return; 265 } 266 errx(1, "%s has messages disabled", user); 267 } else if (nttys > 1) { 268 warnx("%s is logged in more than once; writing to %s", user, tty); 269 } 270 } 271 272 /* 273 * term_chk - check that a terminal exists, and get the message bit 274 * and the access time 275 */ 276 int 277 term_chk(int devfd, char *tty, int *msgsokP, time_t *atimeP, int showerror) 278 { 279 struct stat s; 280 281 if (fstatat(devfd, tty, &s, 0) < 0) { 282 if (showerror) 283 warn("%s%s", _PATH_DEV, tty); 284 return(1); 285 } 286 *msgsokP = (s.st_mode & (S_IWRITE >> 3)) != 0; /* group write bit */ 287 *atimeP = s.st_atime; 288 return(0); 289 } 290 291 /* 292 * do_write - actually make the connection 293 */ 294 void 295 do_write(int devfd, char *tty, char *mytty, const char *login) 296 { 297 char *nows; 298 time_t now; 299 char host[MAXHOSTNAMELEN]; 300 wchar_t line[512]; 301 int fd; 302 303 fd = openat(devfd, tty, O_WRONLY); 304 if (fd < 0) 305 err(1, "openat(%s%s)", _PATH_DEV, tty); 306 fclose(stdout); 307 stdout = fdopen(fd, "w"); 308 if (stdout == NULL) 309 err(1, "%s%s", _PATH_DEV, tty); 310 311 (void)signal(SIGINT, done); 312 (void)signal(SIGHUP, done); 313 314 /* print greeting */ 315 if (gethostname(host, sizeof(host)) < 0) 316 (void)strcpy(host, "???"); 317 now = time((time_t *)NULL); 318 nows = ctime(&now); 319 nows[16] = '\0'; 320 (void)printf("\r\n\007\007\007Message from %s@%s on %s at %s ...\r\n", 321 login, host, mytty, nows + 11); 322 323 while (fgetws(line, sizeof(line)/sizeof(wchar_t), stdin) != NULL) 324 wr_fputs(line); 325 } 326 327 /* 328 * done - cleanup and exit 329 */ 330 void 331 done(int n __unused) 332 { 333 (void)printf("EOF\r\n"); 334 exit(0); 335 } 336 337 /* 338 * wr_fputs - like fputs(), but makes control characters visible and 339 * turns \n into \r\n 340 */ 341 void 342 wr_fputs(wchar_t *s) 343 { 344 345 #define PUTC(c) if (putwchar(c) == WEOF) err(1, NULL); 346 347 for (; *s != L'\0'; ++s) { 348 if (*s == L'\n') { 349 PUTC(L'\r'); 350 PUTC(L'\n'); 351 } else if (iswprint(*s) || iswspace(*s)) { 352 PUTC(*s); 353 } else { 354 wprintf(L"<0x%X>", *s); 355 } 356 } 357 return; 358 #undef PUTC 359 } 360