summaryrefslogtreecommitdiffstats
path: root/sshlogin.c
diff options
context:
space:
mode:
Diffstat (limited to 'sshlogin.c')
-rw-r--r--sshlogin.c173
1 files changed, 173 insertions, 0 deletions
diff --git a/sshlogin.c b/sshlogin.c
new file mode 100644
index 0000000..08d2600
--- /dev/null
+++ b/sshlogin.c
@@ -0,0 +1,173 @@
+/* $OpenBSD: sshlogin.c,v 1.34 2019/06/28 13:35:04 deraadt Exp $ */
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ * This file performs some of the things login(1) normally does. We cannot
+ * easily use something like login -p -h host -f user, because there are
+ * several different logins around, and it is hard to determined what kind of
+ * login the current system has. Also, we want to be able to execute commands
+ * on a tty.
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ *
+ * Copyright (c) 1999 Theo de Raadt. All rights reserved.
+ * Copyright (c) 1999 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include <netinet/in.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+#include <limits.h>
+
+#include "sshlogin.h"
+#include "ssherr.h"
+#include "loginrec.h"
+#include "log.h"
+#include "sshbuf.h"
+#include "misc.h"
+#include "servconf.h"
+
+extern struct sshbuf *loginmsg;
+extern ServerOptions options;
+
+/*
+ * Returns the time when the user last logged in. Returns 0 if the
+ * information is not available. This must be called before record_login.
+ * The host the user logged in from will be returned in buf.
+ */
+time_t
+get_last_login_time(uid_t uid, const char *logname,
+ char *buf, size_t bufsize)
+{
+ struct logininfo li;
+
+ login_get_lastlog(&li, uid);
+ strlcpy(buf, li.hostname, bufsize);
+ return (time_t)li.tv_sec;
+}
+
+/*
+ * Generate and store last login message. This must be done before
+ * login_login() is called and lastlog is updated.
+ */
+static void
+store_lastlog_message(const char *user, uid_t uid)
+{
+#ifndef NO_SSH_LASTLOG
+# ifndef CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG
+ char hostname[HOST_NAME_MAX+1] = "";
+ time_t last_login_time;
+# endif
+ char *time_string;
+ int r;
+
+ if (!options.print_lastlog)
+ return;
+
+# ifdef CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG
+ time_string = sys_auth_get_lastlogin_msg(user, uid);
+ if (time_string != NULL) {
+ if ((r = sshbuf_put(loginmsg,
+ time_string, strlen(time_string))) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ free(time_string);
+ }
+# else
+ last_login_time = get_last_login_time(uid, user, hostname,
+ sizeof(hostname));
+
+ if (last_login_time != 0) {
+ time_string = ctime(&last_login_time);
+ time_string[strcspn(time_string, "\n")] = '\0';
+ if (strcmp(hostname, "") == 0)
+ r = sshbuf_putf(loginmsg, "Last login: %s\r\n",
+ time_string);
+ else
+ r = sshbuf_putf(loginmsg, "Last login: %s from %s\r\n",
+ time_string, hostname);
+ if (r != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ }
+# endif /* CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG */
+#endif /* NO_SSH_LASTLOG */
+}
+
+/*
+ * Records that the user has logged in. I wish these parts of operating
+ * systems were more standardized.
+ */
+void
+record_login(pid_t pid, const char *tty, const char *user, uid_t uid,
+ const char *host, struct sockaddr *addr, socklen_t addrlen)
+{
+ struct logininfo *li;
+
+ /* save previous login details before writing new */
+ store_lastlog_message(user, uid);
+
+ li = login_alloc_entry(pid, user, host, tty);
+ login_set_addr(li, addr, addrlen);
+ login_login(li);
+ login_free_entry(li);
+}
+
+#ifdef LOGIN_NEEDS_UTMPX
+void
+record_utmp_only(pid_t pid, const char *ttyname, const char *user,
+ const char *host, struct sockaddr *addr, socklen_t addrlen)
+{
+ struct logininfo *li;
+
+ li = login_alloc_entry(pid, user, host, ttyname);
+ login_set_addr(li, addr, addrlen);
+ login_utmp_only(li);
+ login_free_entry(li);
+}
+#endif
+
+/* Records that the user has logged out. */
+void
+record_logout(pid_t pid, const char *tty, const char *user)
+{
+ struct logininfo *li;
+
+ li = login_alloc_entry(pid, user, NULL, tty);
+ login_logout(li);
+ login_free_entry(li);
+}