Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 1 | /* $OpenBSD: sshlogin.c,v 1.31 2015/01/20 23:14:00 deraadt Exp $ */ |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 5 | * All rights reserved |
| 6 | * This file performs some of the things login(1) normally does. We cannot |
| 7 | * easily use something like login -p -h host -f user, because there are |
| 8 | * several different logins around, and it is hard to determined what kind of |
| 9 | * login the current system has. Also, we want to be able to execute commands |
| 10 | * on a tty. |
| 11 | * |
| 12 | * As far as I am concerned, the code I have written for this software |
| 13 | * can be used freely for any purpose. Any derived versions of this |
| 14 | * software must be clearly marked as such, and if the derived work is |
| 15 | * incompatible with the protocol description in the RFC file, it must be |
| 16 | * called by a name other than "ssh" or "Secure Shell". |
| 17 | * |
| 18 | * Copyright (c) 1999 Theo de Raadt. All rights reserved. |
| 19 | * Copyright (c) 1999 Markus Friedl. All rights reserved. |
| 20 | * |
| 21 | * Redistribution and use in source and binary forms, with or without |
| 22 | * modification, are permitted provided that the following conditions |
| 23 | * are met: |
| 24 | * 1. Redistributions of source code must retain the above copyright |
| 25 | * notice, this list of conditions and the following disclaimer. |
| 26 | * 2. Redistributions in binary form must reproduce the above copyright |
| 27 | * notice, this list of conditions and the following disclaimer in the |
| 28 | * documentation and/or other materials provided with the distribution. |
| 29 | * |
| 30 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| 31 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 32 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 33 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 34 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 35 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 36 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 37 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 38 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 39 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 40 | */ |
| 41 | |
| 42 | #include "includes.h" |
| 43 | |
| 44 | #include <sys/types.h> |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 45 | #include <sys/socket.h> |
| 46 | |
| 47 | #include <netinet/in.h> |
| 48 | |
| 49 | #include <errno.h> |
| 50 | #include <fcntl.h> |
| 51 | #include <stdarg.h> |
| 52 | #include <stdio.h> |
| 53 | #include <string.h> |
| 54 | #include <time.h> |
| 55 | #include <unistd.h> |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 56 | #include <limits.h> |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 57 | |
| 58 | #include "loginrec.h" |
| 59 | #include "log.h" |
| 60 | #include "buffer.h" |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 61 | #include "misc.h" |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 62 | #include "servconf.h" |
| 63 | |
| 64 | extern Buffer loginmsg; |
| 65 | extern ServerOptions options; |
| 66 | |
| 67 | /* |
| 68 | * Returns the time when the user last logged in. Returns 0 if the |
| 69 | * information is not available. This must be called before record_login. |
| 70 | * The host the user logged in from will be returned in buf. |
| 71 | */ |
| 72 | time_t |
| 73 | get_last_login_time(uid_t uid, const char *logname, |
| 74 | char *buf, size_t bufsize) |
| 75 | { |
| 76 | struct logininfo li; |
| 77 | |
| 78 | login_get_lastlog(&li, uid); |
| 79 | strlcpy(buf, li.hostname, bufsize); |
| 80 | return (time_t)li.tv_sec; |
| 81 | } |
| 82 | |
| 83 | /* |
| 84 | * Generate and store last login message. This must be done before |
| 85 | * login_login() is called and lastlog is updated. |
| 86 | */ |
| 87 | static void |
| 88 | store_lastlog_message(const char *user, uid_t uid) |
| 89 | { |
| 90 | #ifndef NO_SSH_LASTLOG |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 91 | char *time_string, hostname[HOST_NAME_MAX+1] = "", buf[512]; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 92 | time_t last_login_time; |
| 93 | |
| 94 | if (!options.print_lastlog) |
| 95 | return; |
| 96 | |
| 97 | # ifdef CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG |
| 98 | time_string = sys_auth_get_lastlogin_msg(user, uid); |
| 99 | if (time_string != NULL) { |
| 100 | buffer_append(&loginmsg, time_string, strlen(time_string)); |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 101 | free(time_string); |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 102 | } |
| 103 | # else |
| 104 | last_login_time = get_last_login_time(uid, user, hostname, |
| 105 | sizeof(hostname)); |
| 106 | |
| 107 | if (last_login_time != 0) { |
| 108 | time_string = ctime(&last_login_time); |
| 109 | time_string[strcspn(time_string, "\n")] = '\0'; |
| 110 | if (strcmp(hostname, "") == 0) |
| 111 | snprintf(buf, sizeof(buf), "Last login: %s\r\n", |
| 112 | time_string); |
| 113 | else |
| 114 | snprintf(buf, sizeof(buf), "Last login: %s from %s\r\n", |
| 115 | time_string, hostname); |
| 116 | buffer_append(&loginmsg, buf, strlen(buf)); |
| 117 | } |
| 118 | # endif /* CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG */ |
| 119 | #endif /* NO_SSH_LASTLOG */ |
| 120 | } |
| 121 | |
| 122 | /* |
| 123 | * Records that the user has logged in. I wish these parts of operating |
| 124 | * systems were more standardized. |
| 125 | */ |
| 126 | void |
| 127 | record_login(pid_t pid, const char *tty, const char *user, uid_t uid, |
| 128 | const char *host, struct sockaddr *addr, socklen_t addrlen) |
| 129 | { |
| 130 | struct logininfo *li; |
| 131 | |
| 132 | /* save previous login details before writing new */ |
| 133 | store_lastlog_message(user, uid); |
| 134 | |
| 135 | li = login_alloc_entry(pid, user, host, tty); |
| 136 | login_set_addr(li, addr, addrlen); |
| 137 | login_login(li); |
| 138 | login_free_entry(li); |
| 139 | } |
| 140 | |
| 141 | #ifdef LOGIN_NEEDS_UTMPX |
| 142 | void |
| 143 | record_utmp_only(pid_t pid, const char *ttyname, const char *user, |
| 144 | const char *host, struct sockaddr *addr, socklen_t addrlen) |
| 145 | { |
| 146 | struct logininfo *li; |
| 147 | |
| 148 | li = login_alloc_entry(pid, user, host, ttyname); |
| 149 | login_set_addr(li, addr, addrlen); |
| 150 | login_utmp_only(li); |
| 151 | login_free_entry(li); |
| 152 | } |
| 153 | #endif |
| 154 | |
| 155 | /* Records that the user has logged out. */ |
| 156 | void |
| 157 | record_logout(pid_t pid, const char *tty, const char *user) |
| 158 | { |
| 159 | struct logininfo *li; |
| 160 | |
| 161 | li = login_alloc_entry(pid, user, NULL, tty); |
| 162 | login_logout(li); |
| 163 | login_free_entry(li); |
| 164 | } |