From 17817530cc606af86a988e9b3e271fa1f5708f8e Mon Sep 17 00:00:00 2001 From: root Date: Sun, 22 Jan 2006 04:01:52 +0000 Subject: [PATCH] *** empty log message *** --- src/logging.C | 12 +++++- src/main.C | 33 +--------------- src/ptytty.C | 96 +++++++++++++++++++++++++++++++++++------------ src/ptytty.h | 2 + src/ptytty_conf.h | 6 ++- src/rxvtc.C | 12 +++--- src/rxvtd.C | 12 +++--- 7 files changed, 102 insertions(+), 71 deletions(-) diff --git a/src/logging.C b/src/logging.C index 4f1dbf6c..a31d46c2 100644 --- a/src/logging.C +++ b/src/logging.C @@ -36,6 +36,14 @@ #include "../config.h" +#include + +#include +#include +#include +#include +#include + #include "ptytty.h" #if UTMP_SUPPORT @@ -89,7 +97,7 @@ ptytty_unix::login (int cmd_pid, bool login_shell, const char *hostname) sprintf (ut_id, "vt%02x", (i & 0xff)); /* sysv naming */ else if (strncmp (pty, "pty", 3) && strncmp (pty, "tty", 3)) { - warn ("can't parse tty name \"%s\", not adding utmp entry.\n", pty); + ptytty_warn ("can't parse tty name \"%s\", not adding utmp entry.\n", pty); return; } #endif @@ -419,7 +427,7 @@ update_lastlog (const char *fname, const char *pty, const char *host) pwent = getpwuid (getuid ()); if (!pwent) { - warn ("no entry in password file, not updating lastlog.\n"); + ptytty_warn ("no entry in password file, not updating lastlog.\n"); return; } diff --git a/src/main.C b/src/main.C index 56c72d27..c5f25834 100644 --- a/src/main.C +++ b/src/main.C @@ -476,7 +476,7 @@ rxvt_term::init (int argc, const char *const *argv, stringvec *envv) scrollBar.setIdle (); /* set existence for size calculations */ #endif - pty = ptytty_new (); + pty = ptytty::create (); create_windows (argc, argv); @@ -552,36 +552,7 @@ char **rxvt_environ; // startup environment void rxvt_init () { - uid_t uid = getuid (); - gid_t gid = getgid (); - - // before doing anything else, check for setuid/setgid operation, - // start the helper process and drop privileges - if (uid != geteuid () - || gid != getegid ()) - { -#if PTYTTY_HELPER - ptytty_server (); -#else - rxvt_warn ("running setuid/setgid without pty helper compiled in, continuing unprivileged.\n"); -#endif - - // drop privileges -#if HAVE_SETRESUID - setresgid (gid, gid, gid); - setresuid (uid, uid, uid); -#elif HAVE_SETREUID - setregid (gid, gid); - setreuid (uid, uid); -#elif HAVE_SETUID - setgid (gid); - setuid (uid); -#endif - - if (uid != geteuid () - || gid != getegid ()) - rxvt_fatal ("unable to drop privileges, aborting.\n"); - } + ptytty::init (); rxvt_environ = environ; diff --git a/src/ptytty.C b/src/ptytty.C index 1c2cb7e5..c4580f31 100644 --- a/src/ptytty.C +++ b/src/ptytty.C @@ -26,7 +26,6 @@ #include "../config.h" -#include "fdpass.h" #include "ptytty.h" #include @@ -237,7 +236,7 @@ control_tty (int fd_tty) int fd = open ("/dev/tty", O_WRONLY); if (fd < 0) - return -1; /* fatal */ + return -1; /* fatal */ close (fd); @@ -375,8 +374,8 @@ ptytty_unix::get () #if PTYTTY_HELPER -static int sock_fd; -static int pid; +static int sock_fd = -1; +static int helper_pid, owner_pid; struct command { @@ -414,14 +413,14 @@ ptytty_proxy::get () write (sock_fd, &cmd, sizeof (cmd)); if (read (sock_fd, &id, sizeof (id)) != sizeof (id)) - fatal ("protocol error while creating pty using helper process, aborting.\n"); + ptytty_fatal ("protocol error while creating pty using helper process, aborting.\n"); if (!id) return false; - if ((pty = ptytty_recv_fd (sock_fd)) < 0 - || (tty = ptytty_recv_fd (sock_fd)) < 0) - fatal ("protocol error while reading pty/tty fds from helper process, aborting.\n"); + if ((pty = recv_fd (sock_fd)) < 0 + || (tty = recv_fd (sock_fd)) < 0) + ptytty_fatal ("protocol error while reading pty/tty fds from helper process, aborting.\n"); return true; } @@ -471,8 +470,8 @@ void serve () write (sock_fd, &cmd.id, sizeof (cmd.id)); ptys.push_back (cmd.id); - ptytty_send_fd (sock_fd, cmd.id->pty); - ptytty_send_fd (sock_fd, cmd.id->tty); + ptytty::send_fd (sock_fd, cmd.id->pty); + ptytty::send_fd (sock_fd, cmd.id->tty); } else { @@ -493,9 +492,9 @@ void serve () } else if (cmd.type == command::destroy) { - ptytty **pty = find (ptys.begin (), ptys.end (), cmd.id); + vector::iterator pty = find (ptys.begin (), ptys.end (), cmd.id); - if (pty) + if (pty != ptys.end ()) { delete *pty; ptys.erase (pty); @@ -506,23 +505,31 @@ void serve () } // destroy all ptys - for (ptytty **i = ptys.end (); i-- > ptys.begin (); ) + for (vector::iterator i = ptys.end (); i-- > ptys.begin (); ) delete *i; } -void ptytty_server () +void +ptytty::use_helper () { + int pid = getpid (); + + if (sock_fd >= 0 && pid == owner_pid) + return; + + owner_pid = pid; + int sv[2]; if (socketpair (AF_UNIX, SOCK_STREAM, 0, sv)) - fatal ("could not create socket to communicate with pty/sessiondb helper, aborting.\n"); + ptytty_fatal ("could not create socket to communicate with pty/sessiondb helper, aborting.\n"); - pid = fork (); + helper_pid = fork (); - if (pid < 0) - fatal ("could not create pty/sessiondb helper process, aborting.\n"); + if (helper_pid < 0) + ptytty_fatal ("could not create pty/sessiondb helper process, aborting.\n"); - if (pid) + if (helper_pid) { // client, process sock_fd = sv[0]; @@ -534,6 +541,8 @@ void ptytty_server () // server, pty-helper sock_fd = sv[1]; + chdir ("/"); + for (int fd = 0; fd < 1023; fd++) if (fd != sock_fd) close (fd); @@ -545,12 +554,11 @@ void ptytty_server () #endif -// a "factory" *g* ptytty * -new_ptytty () +ptytty::create () { #if PTYTTY_HELPER - if (pid > 0) + if (helper_pid && getpid () == owner_pid) // use helper process return new ptytty_proxy; else @@ -558,5 +566,47 @@ new_ptytty () return new ptytty_unix; } -/*----------------------- end-of-file (C source) -----------------------*/ +void +ptytty::init () +{ + uid_t uid = getuid (); + gid_t gid = getgid (); + + // before doing anything else, check for setuid/setgid operation, + // start the helper process and drop privileges + if (uid != geteuid () + || gid != getegid ()) + { +#if PTYTTY_HELPER + use_helper (); +#else + ptytty_warn ("running setuid/setgid without pty helper compiled in, continuing unprivileged.\n"); +#endif + + drop_privileges (); + } +} + +void +ptytty::drop_privileges () +{ + uid_t uid = getuid (); + gid_t gid = getgid (); + + // drop privileges +#if HAVE_SETRESUID + setresgid (gid, gid, gid); + setresuid (uid, uid, uid); +#elif HAVE_SETREUID + setregid (gid, gid); + setreuid (uid, uid); +#elif HAVE_SETUID + setgid (gid); + setuid (uid); +#endif + + if (uid != geteuid () + || gid != getegid ()) + ptytty_fatal ("unable to drop privileges, aborting.\n"); +} diff --git a/src/ptytty.h b/src/ptytty.h index ff58306f..651e3222 100644 --- a/src/ptytty.h +++ b/src/ptytty.h @@ -49,6 +49,8 @@ #endif +#define fatal(msg) do { write (2, msg, sizeof (msg) - 1); _exit (255); } while (0) + struct ptytty_unix : ptytty { char *name; diff --git a/src/ptytty_conf.h b/src/ptytty_conf.h index 05b4ba19..e74c9f97 100644 --- a/src/ptytty_conf.h +++ b/src/ptytty_conf.h @@ -1,3 +1,5 @@ -#include "rxvtutil.h" -#include "feature.h" +#include "rxvt.h" + +#define ptytty_fatal rxvt_fatal +#define ptytty_warn rxvt_warn diff --git a/src/rxvtc.C b/src/rxvtc.C index 31a7ff4c..417a8551 100644 --- a/src/rxvtc.C +++ b/src/rxvtc.C @@ -21,11 +21,6 @@ *----------------------------------------------------------------------*/ #include "../config.h" -#include "rxvtdaemon.h" -#include "fdpass.h" - -#include "rxvt.h" - #include #include #include @@ -35,6 +30,11 @@ #include #include +#include "rxvtdaemon.h" +#include "libptytty.h" + +#include "rxvt.h" + struct client : rxvt_connection { client (); }; @@ -112,7 +112,7 @@ main (int argc, const char *const *argv) fprintf (stderr, "%s", (const char *)tok); else if (!strcmp (tok, "GETFD") && c.recv (cint)) { - if (rxvt_send_fd (c.fd, cint) < 0) + if (ptytty::send_fd (c.fd, cint) < 0) { fprintf (stderr, "unable to send fd %d: ", cint); perror (0); exit (EXIT_FAILURE); diff --git a/src/rxvtd.C b/src/rxvtd.C index 4758132d..cdb6bd73 100644 --- a/src/rxvtd.C +++ b/src/rxvtd.C @@ -21,11 +21,6 @@ *----------------------------------------------------------------------*/ #include "../config.h" -#include "rxvt.h" -#include "rxvtdaemon.h" -#include "fdpass.h" -#include "iom.h" - #include #include #include @@ -40,7 +35,10 @@ #include -extern char **environ; +#include "rxvt.h" +#include "rxvtdaemon.h" +#include "libptytty.h" +#include "iom.h" struct server : rxvt_connection { log_callback log_cb; @@ -122,7 +120,7 @@ int server::getfd (int remote_fd) { send ("GETFD"); send (remote_fd); - return rxvt_recv_fd (fd); + return ptytty::recv_fd (fd); } void server::log_msg (const char *msg) -- 2.34.1