1/* $OpenBSD: sshlogin.c,v 1.35 2020/10/18 11:32:02 djm Exp $ */
2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 *                    All rights reserved
6 * This file performs some of the things login(1) normally does.  We cannot
7 * easily use something like login -p -h host -f user, because there are
8 * several different logins around, and it is hard to determined what kind of
9 * login the current system has.  Also, we want to be able to execute commands
10 * on a tty.
11 *
12 * As far as I am concerned, the code I have written for this software
13 * can be used freely for any purpose.  Any derived versions of this
14 * software must be clearly marked as such, and if the derived work is
15 * incompatible with the protocol description in the RFC file, it must be
16 * called by a name other than "ssh" or "Secure Shell".
17 *
18 * Copyright (c) 1999 Theo de Raadt.  All rights reserved.
19 * Copyright (c) 1999 Markus Friedl.  All rights reserved.
20 *
21 * Redistribution and use in source and binary forms, with or without
22 * modification, are permitted provided that the following conditions
23 * are met:
24 * 1. Redistributions of source code must retain the above copyright
25 *    notice, this list of conditions and the following disclaimer.
26 * 2. Redistributions in binary form must reproduce the above copyright
27 *    notice, this list of conditions and the following disclaimer in the
28 *    documentation and/or other materials provided with the distribution.
29 *
30 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
31 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
32 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
33 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
34 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
35 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
36 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
37 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
38 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
39 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
40 */
41
42#include "includes.h"
43
44#include <sys/types.h>
45#include <sys/socket.h>
46
47#include <netinet/in.h>
48
49#include <errno.h>
50#include <fcntl.h>
51#include <stdarg.h>
52#include <stdio.h>
53#include <stdlib.h>
54#include <string.h>
55#include <time.h>
56#include <unistd.h>
57#include <limits.h>
58
59#include "sshlogin.h"
60#include "ssherr.h"
61#include "loginrec.h"
62#include "log.h"
63#include "sshbuf.h"
64#include "misc.h"
65#include "servconf.h"
66
67extern struct sshbuf *loginmsg;
68extern ServerOptions options;
69
70/*
71 * Returns the time when the user last logged in.  Returns 0 if the
72 * information is not available.  This must be called before record_login.
73 * The host the user logged in from will be returned in buf.
74 */
75time_t
76get_last_login_time(uid_t uid, const char *logname,
77    char *buf, size_t bufsize)
78{
79	struct logininfo li;
80
81	login_get_lastlog(&li, uid);
82	strlcpy(buf, li.hostname, bufsize);
83	return (time_t)li.tv_sec;
84}
85
86/*
87 * Generate and store last login message.  This must be done before
88 * login_login() is called and lastlog is updated.
89 */
90static void
91store_lastlog_message(const char *user, uid_t uid)
92{
93#ifndef NO_SSH_LASTLOG
94# ifndef CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG
95	char hostname[HOST_NAME_MAX+1] = "";
96	time_t last_login_time;
97# endif
98	char *time_string;
99	int r;
100
101	if (!options.print_lastlog)
102		return;
103
104# ifdef CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG
105	time_string = sys_auth_get_lastlogin_msg(user, uid);
106	if (time_string != NULL) {
107		if ((r = sshbuf_put(loginmsg,
108		    time_string, strlen(time_string))) != 0)
109			fatal("%s: buffer error: %s", __func__, ssh_err(r));
110		free(time_string);
111	}
112# else
113	last_login_time = get_last_login_time(uid, user, hostname,
114	    sizeof(hostname));
115
116	if (last_login_time != 0) {
117		time_string = ctime(&last_login_time);
118		time_string[strcspn(time_string, "\n")] = '\0';
119		if (strcmp(hostname, "") == 0)
120			r = sshbuf_putf(loginmsg, "Last login: %s\r\n",
121			    time_string);
122		else
123			r = sshbuf_putf(loginmsg, "Last login: %s from %s\r\n",
124			    time_string, hostname);
125		if (r != 0)
126			fatal_fr(r, "sshbuf_putf");
127	}
128# endif /* CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG */
129#endif /* NO_SSH_LASTLOG */
130}
131
132/*
133 * Records that the user has logged in.  I wish these parts of operating
134 * systems were more standardized.
135 */
136void
137record_login(pid_t pid, const char *tty, const char *user, uid_t uid,
138    const char *host, struct sockaddr *addr, socklen_t addrlen)
139{
140	struct logininfo *li;
141
142	/* save previous login details before writing new */
143	store_lastlog_message(user, uid);
144
145	li = login_alloc_entry(pid, user, host, tty);
146	login_set_addr(li, addr, addrlen);
147	login_login(li);
148	login_free_entry(li);
149}
150
151#ifdef LOGIN_NEEDS_UTMPX
152void
153record_utmp_only(pid_t pid, const char *ttyname, const char *user,
154		 const char *host, struct sockaddr *addr, socklen_t addrlen)
155{
156	struct logininfo *li;
157
158	li = login_alloc_entry(pid, user, host, ttyname);
159	login_set_addr(li, addr, addrlen);
160	login_utmp_only(li);
161	login_free_entry(li);
162}
163#endif
164
165/* Records that the user has logged out. */
166void
167record_logout(pid_t pid, const char *tty, const char *user)
168{
169	struct logininfo *li;
170
171	li = login_alloc_entry(pid, user, NULL, tty);
172	login_logout(li);
173	login_free_entry(li);
174}
175