| blob | be7ef146b36a426126f447326154b20a001a6ed4 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
26 /*
27 * utmp_update - Update the /var/log/utmpx file
28 *
29 * As of on28, the utmp interface is obsolete,
30 * so we only handle updating the utmpx file now.
31 * The utmpx routines in libc "simulate" calls
32 * to manipulate utmp entries.
33 *
34 * This program runs set uid root on behalf of
35 * non-privileged user programs. Normal programs cannot
36 * write to /var/log/utmpx. Non-root callers of pututxline
37 * will invoke this program to write the utmpx entry.
38 */
40 /*
41 * Header files
42 */
43 #include <stdio.h>
44 #include <sys/param.h>
45 #include <sys/types.h>
46 #include <sys/stat.h>
47 #include <utmpx.h>
48 #include <errno.h>
49 #include <fcntl.h>
50 #include <string.h>
51 #include <stdlib.h>
52 #include <unistd.h>
53 #include <pwd.h>
54 #include <ctype.h>
55 #include <stropts.h>
56 #include <syslog.h>
58 /*
59 * Invocation argument definitions
60 */
62 #define UTMPX_NARGS 14
64 /*
65 * Return codes
66 */
67 #define NORMAL_EXIT 0
68 #define BAD_ARGS 1
69 #define PUTUTXLINE_FAILURE 2
70 #define FORK_FAILURE 3
71 #define SETSID_FAILURE 4
72 #define ALREADY_DEAD 5
73 #define ENTRY_NOTFOUND 6
74 #define ILLEGAL_ARGUMENT 7
75 #define DEVICE_ERROR 8
77 /*
78 * Sizes
79 */
82 #define BUF_SIZE 256
84 /*
85 * Other defines
86 */
87 #define ROOT_UID 0
88 /*
89 * Debugging support
90 */
91 #ifdef DEBUG
92 #define dprintf printf
93 #define dprintf3 printf
96 #define dprintf(x, y)
97 #define dprintf3(w, x, y, z)
98 #endif
100 /*
101 * Local functions
102 */
114 int
116 {
121 #ifdef DEBUG
124 /* Uncomment the following for attaching with dbx(1) */
125 /* while (debugger) ; */
129 /*
130 * We will always be called by pututxline, so simply
131 * verify the correct number of args
132 */
137 }
138 /*
139 * we should never be called by root the code in libc already
140 * updates the file for root so no need to do it here. This
141 * assumption simpilfies the rest of code since we nolonger
142 * have to do special processing for the case when we are called
143 * by root
144 *
145 */
149 }
150 /*
151 * Search for matching entry by line name before put operation
152 * (scan over the whole file using getutxent(3C) to ensure
153 * that the line name is the same. We can not use getutline(3C)
154 * because that will return LOGIN_PROCESS and USER_PROCESS
155 * records. Also check that the entry is for either a dead
156 * process or a current process that is valid (see
157 * invalid_utmpx() for details of validation criteria).
158 *
159 * Match entries using the inode number of the device file.
160 */
166 }
172 }
190 }
191 }
196 }
200 }
202 }
204 static int
206 {
216 /* NOTREACHED */
217 }
220 /*
221 * load_utmpx_struct - Load up the utmpx structure with information supplied
222 * as arguments in argv.
223 */
225 static void
227 {
264 /*
265 * Here's where we stamp the exit field of a USER_PROCESS
266 * record so that we know it was written by a normal user.
267 */
290 }
292 /*
293 * usage - There's no need to say more. This program isn't supposed to
294 * be executed by normal users directly.
295 */
297 static void
299 {
301 }
303 /*
304 * check_utmpx - Verify the utmpx structure
305 */
307 static void
309 {
329 /*
330 * We nolonger permit the UID of the caller to be different
331 * the UID to be written to the utmp file. This was thought
332 * necessary to allow the utmp file to be updated when
333 * logging out from an xterm(1) window after running
334 * exec login. Instead we now rely upon utmpd(1) to update
335 * the utmp file for us.
336 *
337 */
343 }
348 }
350 /*
351 * Only USER_PROCESS and DEAD_PROCESS entries may be updated
352 */
357 }
359 /*
360 * Verify that the pid of the entry field is the same pid as our
361 * parent, who should be the guy writing the entry. This is commented
362 * out for now because this restriction is overkill.
363 */
364 #ifdef VERIFY_PID
368 }
374 }
381 }
386 }
388 }
390 /*
391 * bad_hostname - Previously returned an error if a non alpha numeric
392 * was in the host field, but now just clears those so
393 * cmdtool entries will work.
394 */
396 static int
398 {
403 /*
404 * Scan for non-alpha numerics
405 * Per utmpx.h, len includes the nul character.
406 */
411 }
413 /*
414 * Workaround until the window system gets fixed. Look for id's with
415 * a '/' in them. That means they are probably from libxview.
416 * Then create a new id that is unique using the last 4 chars in the line.
417 */
419 static void
421 {
427 len--;
430 }
431 }
434 /*
435 * The function invalid_utmpx() enforces the requirement that the record
436 * being updating in the utmpx file can not have been created by login(1)
437 * or friends. Also that the id and username of the record to be written match
438 * those found in the utmpx file. We need this both for security and to ensure
439 * that pututxline(3C) will NOT reposition the file pointer in the utmpx file,
440 * so that the record is updated in place.
441 *
442 */
443 static int
445 {
446 #define SUTMPX_ID (sizeof (eutmpx->ut_id))
447 #define SUTMPX_USER (sizeof (eutmpx->ut_user))
452 }
454 static int
456 {
460 /*
461 * The line field must be a device file that we can write to,
462 * it should live under /dev which is enforced by requiring
463 * its name not to contain "../" and opening it as the user for
464 * writing.
465 */
469 }
471 /*
472 * It has to be a tty. It can't be a bogus file, e.g. ../tmp/bogus.
473 */
477 /*
478 * We need to open the line without blocking so that it does not hang
479 */
483 }
485 /*
486 * Check that fd is a tty, if this fails all is not lost see below
487 */
489 /*
490 * It really is a tty, so return success
491 */
496 }
498 /*
499 * Check that the line refers to a character
500 * special device.
501 */
506 }
508 /*
509 * Check that the line refers to a streams device
510 */
515 }
517 /*
518 * if isatty(3C) failed above we assume that the ptem module has
519 * been popped already and that caused the failure, so we push it
520 * and try again
521 */
526 }
532 }
538 }
547 }
549 #ifdef DEBUG
551 /*
552 * display_args - This code prints out invocation arguments
553 * This is helpful since the program is called with
554 * up to 15 argumments.
555 */
557 static void
561 {
566 i++;
567 }
568 }
571 {
580 }