diff options
Diffstat (limited to 'sshlogin.c')
-rw-r--r-- | sshlogin.c | 173 |
1 files changed, 173 insertions, 0 deletions
diff --git a/sshlogin.c b/sshlogin.c new file mode 100644 index 0000000..08d2600 --- /dev/null +++ b/sshlogin.c @@ -0,0 +1,173 @@ +/* $OpenBSD: sshlogin.c,v 1.34 2019/06/28 13:35:04 deraadt Exp $ */ +/* + * Author: Tatu Ylonen <ylo@cs.hut.fi> + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland + * All rights reserved + * This file performs some of the things login(1) normally does. We cannot + * easily use something like login -p -h host -f user, because there are + * several different logins around, and it is hard to determined what kind of + * login the current system has. Also, we want to be able to execute commands + * on a tty. + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + * + * Copyright (c) 1999 Theo de Raadt. All rights reserved. + * Copyright (c) 1999 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include <sys/types.h> +#include <sys/socket.h> + +#include <netinet/in.h> + +#include <errno.h> +#include <fcntl.h> +#include <stdarg.h> +#include <stdio.h> +#include <string.h> +#include <time.h> +#include <unistd.h> +#include <limits.h> + +#include "sshlogin.h" +#include "ssherr.h" +#include "loginrec.h" +#include "log.h" +#include "sshbuf.h" +#include "misc.h" +#include "servconf.h" + +extern struct sshbuf *loginmsg; +extern ServerOptions options; + +/* + * Returns the time when the user last logged in. Returns 0 if the + * information is not available. This must be called before record_login. + * The host the user logged in from will be returned in buf. + */ +time_t +get_last_login_time(uid_t uid, const char *logname, + char *buf, size_t bufsize) +{ + struct logininfo li; + + login_get_lastlog(&li, uid); + strlcpy(buf, li.hostname, bufsize); + return (time_t)li.tv_sec; +} + +/* + * Generate and store last login message. This must be done before + * login_login() is called and lastlog is updated. + */ +static void +store_lastlog_message(const char *user, uid_t uid) +{ +#ifndef NO_SSH_LASTLOG +# ifndef CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG + char hostname[HOST_NAME_MAX+1] = ""; + time_t last_login_time; +# endif + char *time_string; + int r; + + if (!options.print_lastlog) + return; + +# ifdef CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG + time_string = sys_auth_get_lastlogin_msg(user, uid); + if (time_string != NULL) { + if ((r = sshbuf_put(loginmsg, + time_string, strlen(time_string))) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + free(time_string); + } +# else + last_login_time = get_last_login_time(uid, user, hostname, + sizeof(hostname)); + + if (last_login_time != 0) { + time_string = ctime(&last_login_time); + time_string[strcspn(time_string, "\n")] = '\0'; + if (strcmp(hostname, "") == 0) + r = sshbuf_putf(loginmsg, "Last login: %s\r\n", + time_string); + else + r = sshbuf_putf(loginmsg, "Last login: %s from %s\r\n", + time_string, hostname); + if (r != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + } +# endif /* CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG */ +#endif /* NO_SSH_LASTLOG */ +} + +/* + * Records that the user has logged in. I wish these parts of operating + * systems were more standardized. + */ +void +record_login(pid_t pid, const char *tty, const char *user, uid_t uid, + const char *host, struct sockaddr *addr, socklen_t addrlen) +{ + struct logininfo *li; + + /* save previous login details before writing new */ + store_lastlog_message(user, uid); + + li = login_alloc_entry(pid, user, host, tty); + login_set_addr(li, addr, addrlen); + login_login(li); + login_free_entry(li); +} + +#ifdef LOGIN_NEEDS_UTMPX +void +record_utmp_only(pid_t pid, const char *ttyname, const char *user, + const char *host, struct sockaddr *addr, socklen_t addrlen) +{ + struct logininfo *li; + + li = login_alloc_entry(pid, user, host, ttyname); + login_set_addr(li, addr, addrlen); + login_utmp_only(li); + login_free_entry(li); +} +#endif + +/* Records that the user has logged out. */ +void +record_logout(pid_t pid, const char *tty, const char *user) +{ + struct logininfo *li; + + li = login_alloc_entry(pid, user, NULL, tty); + login_logout(li); + login_free_entry(li); +} |