2 * Pseudo-tty backend for pterm.
4 * Unlike the other backends, data for this one is not neatly
5 * encapsulated into a data structure, because it wouldn't make
6 * sense to do so - the utmp stuff has to be done before a backend
7 * is initialised, and starting a second pterm from the same
8 * process would therefore be infeasible because privileges would
9 * already have been dropped. Hence, I haven't bothered to keep the
10 * data dynamically allocated: instead, the backend handle is just
11 * a null pointer and ignored everywhere.
14 #define _XOPEN_SOURCE 600
15 #define _XOPEN_SOURCE_EXTENDED
29 #include <sys/types.h>
32 #include <sys/ioctl.h>
45 #define UTMP_FILE "/var/run/utmp"
48 #define WTMP_FILE "/var/log/wtmp"
52 #define LASTLOG_FILE _PATH_LASTLOG
54 #define LASTLOG_FILE "/var/log/lastlog"
59 * Set up a default for vaguely sane systems. The idea is that if
60 * OMIT_UTMP is not defined, then at least one of the symbols which
61 * enable particular forms of utmp processing should be, if only so
62 * that a link error can warn you that you should have defined
63 * OMIT_UTMP if you didn't want any. Currently HAVE_PUTUTLINE is
64 * the only such symbol.
67 #if !defined HAVE_PUTUTLINE
68 #define HAVE_PUTUTLINE
72 static Config pty_cfg
;
73 static int pty_master_fd
, pty_slave_fd
;
74 static void *pty_frontend
;
75 static char pty_name
[FILENAME_MAX
];
76 static int pty_signal_pipe
[2];
77 static int pty_child_pid
;
78 static int pty_term_width
, pty_term_height
;
79 static int pty_child_dead
, pty_finished
;
80 static int pty_exit_code
;
82 int use_pty_argv
= TRUE
;
84 static void pty_close(void);
87 static int pty_utmp_helper_pid
, pty_utmp_helper_pipe
;
88 static int pty_stamped_utmp
= 0;
89 static struct utmp utmp_entry
;
91 static void setup_utmp(char *ttyname
, char *location
)
94 struct lastlog lastlog_entry
;
101 pw
= getpwuid(getuid());
102 memset(&utmp_entry
, 0, sizeof(utmp_entry
));
103 utmp_entry
.ut_type
= USER_PROCESS
;
104 utmp_entry
.ut_pid
= getpid();
105 strncpy(utmp_entry
.ut_line
, ttyname
+5, lenof(utmp_entry
.ut_line
));
106 strncpy(utmp_entry
.ut_id
, ttyname
+8, lenof(utmp_entry
.ut_id
));
107 strncpy(utmp_entry
.ut_user
, pw
->pw_name
, lenof(utmp_entry
.ut_user
));
108 strncpy(utmp_entry
.ut_host
, location
, lenof(utmp_entry
.ut_host
));
109 /* Apparently there are some architectures where (struct utmp).ut_time
110 * is not essentially time_t (e.g. Linux amd64). Hence the temporary. */
112 utmp_entry
.ut_time
= uttime
; /* may truncate */
114 #if defined HAVE_PUTUTLINE
117 pututline(&utmp_entry
);
121 if ((wtmp
= fopen(WTMP_FILE
, "a")) != NULL
) {
122 fwrite(&utmp_entry
, 1, sizeof(utmp_entry
), wtmp
);
127 memset(&lastlog_entry
, 0, sizeof(lastlog_entry
));
128 strncpy(lastlog_entry
.ll_line
, ttyname
+5, lenof(lastlog_entry
.ll_line
));
129 strncpy(lastlog_entry
.ll_host
, location
, lenof(lastlog_entry
.ll_host
));
130 time(&lastlog_entry
.ll_time
);
131 if ((lastlog
= fopen(LASTLOG_FILE
, "r+")) != NULL
) {
132 fseek(lastlog
, sizeof(lastlog_entry
) * getuid(), SEEK_SET
);
133 fwrite(&lastlog_entry
, 1, sizeof(lastlog_entry
), lastlog
);
138 pty_stamped_utmp
= 1;
142 static void cleanup_utmp(void)
147 if (!pty_stamped_utmp
)
150 utmp_entry
.ut_type
= DEAD_PROCESS
;
151 memset(utmp_entry
.ut_user
, 0, lenof(utmp_entry
.ut_user
));
153 utmp_entry
.ut_time
= uttime
;
155 if ((wtmp
= fopen(WTMP_FILE
, "a")) != NULL
) {
156 fwrite(&utmp_entry
, 1, sizeof(utmp_entry
), wtmp
);
160 memset(utmp_entry
.ut_line
, 0, lenof(utmp_entry
.ut_line
));
161 utmp_entry
.ut_time
= 0;
163 #if defined HAVE_PUTUTLINE
166 pututline(&utmp_entry
);
170 pty_stamped_utmp
= 0; /* ensure we never double-cleanup */
174 static void sigchld_handler(int signum
)
176 write(pty_signal_pipe
[1], "x", 1);
180 static void fatal_sig_handler(int signum
)
182 putty_signal(signum
, SIG_DFL
);
189 static int pty_open_slave(void)
191 if (pty_slave_fd
< 0)
192 pty_slave_fd
= open(pty_name
, O_RDWR
);
197 static void pty_open_master(void)
200 const char chars1
[] = "pqrstuvwxyz";
201 const char chars2
[] = "0123456789abcdef";
203 char master_name
[20];
206 for (p1
= chars1
; *p1
; p1
++)
207 for (p2
= chars2
; *p2
; p2
++) {
208 sprintf(master_name
, "/dev/pty%c%c", *p1
, *p2
);
209 pty_master_fd
= open(master_name
, O_RDWR
);
210 if (pty_master_fd
>= 0) {
211 if (geteuid() == 0 ||
212 access(master_name
, R_OK
| W_OK
) == 0) {
214 * We must also check at this point that we are
215 * able to open the slave side of the pty. We
216 * wouldn't want to allocate the wrong master,
217 * get all the way down to forking, and _then_
218 * find we're unable to open the slave.
220 strcpy(pty_name
, master_name
);
221 pty_name
[5] = 't'; /* /dev/ptyXX -> /dev/ttyXX */
223 if (pty_open_slave() >= 0 &&
224 access(pty_name
, R_OK
| W_OK
) == 0)
226 if (pty_slave_fd
> 0)
230 close(pty_master_fd
);
234 /* If we get here, we couldn't get a tty at all. */
235 fprintf(stderr
, "pterm: unable to open a pseudo-terminal device\n");
240 /* We need to chown/chmod the /dev/ttyXX device. */
241 gp
= getgrnam("tty");
242 chown(pty_name
, getuid(), gp ? gp
->gr_gid
: -1);
243 chmod(pty_name
, 0600);
245 pty_master_fd
= open("/dev/ptmx", O_RDWR
);
247 if (pty_master_fd
< 0) {
248 perror("/dev/ptmx: open");
252 if (grantpt(pty_master_fd
) < 0) {
257 if (unlockpt(pty_master_fd
) < 0) {
262 pty_name
[FILENAME_MAX
-1] = '\0';
263 strncpy(pty_name
, ptsname(pty_master_fd
), FILENAME_MAX
-1);
268 * Pre-initialisation. This is here to get around the fact that GTK
269 * doesn't like being run in setuid/setgid programs (probably
270 * sensibly). So before we initialise GTK - and therefore before we
271 * even process the command line - we check to see if we're running
272 * set[ug]id. If so, we open our pty master _now_, chown it as
273 * necessary, and drop privileges. We can always close it again
274 * later. If we're potentially going to be doing utmp as well, we
275 * also fork off a utmp helper process and communicate with it by
276 * means of a pipe; the utmp helper will keep privileges in order
277 * to clean up utmp when we exit (i.e. when its end of our pipe
280 void pty_pre_init(void)
287 /* set the child signal handler straight away; it needs to be set
288 * before we ever fork. */
289 putty_signal(SIGCHLD
, sigchld_handler
);
290 pty_master_fd
= pty_slave_fd
= -1;
292 if (geteuid() != getuid() || getegid() != getgid()) {
298 * Fork off the utmp helper.
300 if (pipe(pipefd
) < 0) {
301 perror("pterm: pipe");
306 perror("pterm: fork");
308 } else if (pid
== 0) {
309 char display
[128], buffer
[128];
314 * Now sit here until we receive a display name from the
315 * other end of the pipe, and then stamp utmp. Unstamp utmp
316 * again, and exit, when the pipe closes.
322 ret
= read(pipefd
[0], buffer
, lenof(buffer
));
326 } else if (!pty_stamped_utmp
) {
327 if (dlen
< lenof(display
))
328 memcpy(display
+dlen
, buffer
,
329 min(ret
, lenof(display
)-dlen
));
330 if (buffer
[ret
-1] == '\0') {
332 * Now we have a display name. NUL-terminate
333 * it, and stamp utmp.
335 display
[lenof(display
)-1] = '\0';
337 * Trap as many fatal signals as we can in the
338 * hope of having the best possible chance to
339 * clean up utmp before termination. We are
340 * unfortunately unprotected against SIGKILL,
343 putty_signal(SIGHUP
, fatal_sig_handler
);
344 putty_signal(SIGINT
, fatal_sig_handler
);
345 putty_signal(SIGQUIT
, fatal_sig_handler
);
346 putty_signal(SIGILL
, fatal_sig_handler
);
347 putty_signal(SIGABRT
, fatal_sig_handler
);
348 putty_signal(SIGFPE
, fatal_sig_handler
);
349 putty_signal(SIGPIPE
, fatal_sig_handler
);
350 putty_signal(SIGALRM
, fatal_sig_handler
);
351 putty_signal(SIGTERM
, fatal_sig_handler
);
352 putty_signal(SIGSEGV
, fatal_sig_handler
);
353 putty_signal(SIGUSR1
, fatal_sig_handler
);
354 putty_signal(SIGUSR2
, fatal_sig_handler
);
356 putty_signal(SIGBUS
, fatal_sig_handler
);
359 putty_signal(SIGPOLL
, fatal_sig_handler
);
362 putty_signal(SIGPROF
, fatal_sig_handler
);
365 putty_signal(SIGSYS
, fatal_sig_handler
);
368 putty_signal(SIGTRAP
, fatal_sig_handler
);
371 putty_signal(SIGVTALRM
, fatal_sig_handler
);
374 putty_signal(SIGXCPU
, fatal_sig_handler
);
377 putty_signal(SIGXFSZ
, fatal_sig_handler
);
380 putty_signal(SIGIO
, fatal_sig_handler
);
382 setup_utmp(pty_name
, display
);
388 pty_utmp_helper_pid
= pid
;
389 pty_utmp_helper_pipe
= pipefd
[1];
395 #ifndef HAVE_NO_SETRESUID
396 int gid
= getgid(), uid
= getuid();
397 int setresgid(gid_t
, gid_t
, gid_t
);
398 int setresuid(uid_t
, uid_t
, uid_t
);
399 setresgid(gid
, gid
, gid
);
400 setresuid(uid
, uid
, uid
);
408 int pty_select_result(int fd
, int event
)
412 int finished
= FALSE
;
414 if (fd
== pty_master_fd
&& event
== 1) {
416 ret
= read(pty_master_fd
, buf
, sizeof(buf
));
419 * Clean termination condition is that either ret == 0, or ret
420 * < 0 and errno == EIO. Not sure why the latter, but it seems
423 if (ret
== 0 || (ret
< 0 && errno
== EIO
)) {
425 * We assume a clean exit if the pty has closed but the
426 * actual child process hasn't. The only way I can
427 * imagine this happening is if it detaches itself from
428 * the pty and goes daemonic - in which case the
429 * expected usage model would precisely _not_ be for
430 * the pterm window to hang around!
435 } else if (ret
< 0) {
436 perror("read pty master");
438 } else if (ret
> 0) {
439 from_backend(pty_frontend
, 0, buf
, ret
);
441 } else if (fd
== pty_signal_pipe
[0]) {
446 read(pty_signal_pipe
[0], c
, 1); /* ignore its value; it'll be `x' */
449 pid
= waitpid(-1, &status
, WNOHANG
);
450 if (pid
== pty_child_pid
&&
451 (WIFEXITED(status
) || WIFSIGNALED(status
))) {
453 * The primary child process died. We could keep
454 * the terminal open for remaining subprocesses to
455 * output to, but conventional wisdom seems to feel
456 * that that's the Wrong Thing for an xterm-alike,
457 * so we bail out now (though we don't necessarily
458 * _close_ the window, depending on the state of
459 * Close On Exit). This would be easy enough to
460 * change or make configurable if necessary.
462 pty_exit_code
= status
;
463 pty_child_dead
= TRUE
;
469 if (finished
&& !pty_finished
) {
470 uxsel_del(pty_master_fd
);
477 * This is a slight layering-violation sort of hack: only
478 * if we're not closing on exit (COE is set to Never, or to
479 * Only On Clean and it wasn't a clean exit) do we output a
480 * `terminated' message.
482 if (pty_cfg
.close_on_exit
== FORCE_OFF
||
483 (pty_cfg
.close_on_exit
== AUTO
&& pty_exit_code
!= 0)) {
485 if (WIFEXITED(pty_exit_code
))
486 sprintf(message
, "\r\n[pterm: process terminated with exit"
487 " code %d]\r\n", WEXITSTATUS(pty_exit_code
));
488 else if (WIFSIGNALED(pty_exit_code
))
489 #ifdef HAVE_NO_STRSIGNAL
490 sprintf(message
, "\r\n[pterm: process terminated on signal"
491 " %d]\r\n", WTERMSIG(pty_exit_code
));
493 sprintf(message
, "\r\n[pterm: process terminated on signal"
494 " %d (%.400s)]\r\n", WTERMSIG(pty_exit_code
),
495 strsignal(WTERMSIG(pty_exit_code
)));
497 from_backend(pty_frontend
, 0, message
, strlen(message
));
500 notify_remote_exit(pty_frontend
);
505 static void pty_uxsel_setup(void)
507 uxsel_set(pty_master_fd
, 1, pty_select_result
);
508 uxsel_set(pty_signal_pipe
[0], 1, pty_select_result
);
512 * Called to set up the pty.
514 * Returns an error message, or NULL on success.
516 * Also places the canonical host name into `realhost'. It must be
517 * freed by the caller.
519 static const char *pty_init(void *frontend
, void **backend_handle
, Config
*cfg
,
520 char *host
, int port
, char **realhost
, int nodelay
,
527 pty_frontend
= frontend
;
528 *backend_handle
= NULL
; /* we can't sensibly use this, sadly */
530 pty_cfg
= *cfg
; /* structure copy */
531 pty_term_width
= cfg
->width
;
532 pty_term_height
= cfg
->height
;
534 if (pty_master_fd
< 0)
538 * Set the backspace character to be whichever of ^H and ^? is
539 * specified by bksp_is_delete.
542 struct termios attrs
;
543 tcgetattr(pty_master_fd
, &attrs
);
544 attrs
.c_cc
[VERASE
] = cfg
->bksp_is_delete ?
'\177' : '\010';
545 tcsetattr(pty_master_fd
, TCSANOW
, &attrs
);
550 * Stamp utmp (that is, tell the utmp helper process to do so),
553 if (!cfg
->stamp_utmp
) {
554 close(pty_utmp_helper_pipe
); /* just let the child process die */
555 pty_utmp_helper_pipe
= -1;
557 char *location
= get_x_display(pty_frontend
);
558 int len
= strlen(location
)+1, pos
= 0; /* +1 to include NUL */
560 int ret
= write(pty_utmp_helper_pipe
, location
+pos
, len
- pos
);
562 perror("pterm: writing to utmp helper process");
563 close(pty_utmp_helper_pipe
); /* arrgh, just give up */
564 pty_utmp_helper_pipe
= -1;
572 windowid
= get_windowid(pty_frontend
);
575 * Fork and execute the command.
589 slavefd
= pty_open_slave();
591 perror("slave pty: open");
595 close(pty_master_fd
);
596 fcntl(slavefd
, F_SETFD
, 0); /* don't close on exec */
601 ioctl(slavefd
, TIOCSCTTY
, 1);
603 tcsetpgrp(slavefd
, pgrp
);
605 close(open(pty_name
, O_WRONLY
, 0));
607 /* Close everything _else_, for tidiness. */
608 for (i
= 3; i
< 1024; i
++)
611 char term_env_var
[10 + sizeof(cfg
->termtype
)];
612 sprintf(term_env_var
, "TERM=%s", cfg
->termtype
);
613 putenv(term_env_var
);
616 char windowid_env_var
[40];
617 sprintf(windowid_env_var
, "WINDOWID=%ld", windowid
);
618 putenv(windowid_env_var
);
621 char *e
= cfg
->environmt
;
622 char *var
, *varend
, *val
, *varval
;
625 while (*e
&& *e
!= '\t') e
++;
632 varval
= dupprintf("%.*s=%s", varend
-var
, var
, val
);
635 * We must not free varval, since putenv links it
636 * into the environment _in place_. Weird, but
637 * there we go. Memory usage will be rationalised
638 * as soon as we exec anyway.
644 * SIGINT and SIGQUIT may have been set to ignored by our
645 * parent, particularly by things like sh -c 'pterm &' and
646 * some window managers. SIGCHLD, meanwhile, was blocked
647 * during pt_main() startup. Reverse all this for our child
650 putty_signal(SIGINT
, SIG_DFL
);
651 putty_signal(SIGQUIT
, SIG_DFL
);
652 block_signal(SIGCHLD
, 0);
654 execvp(pty_argv
[0], pty_argv
);
656 char *shell
= getenv("SHELL");
658 if (cfg
->login_shell
) {
659 char *p
= strrchr(shell
, '/');
660 shellname
= snewn(2+strlen(shell
), char);
662 sprintf(shellname
, "-%s", p
);
665 execl(getenv("SHELL"), shellname
, NULL
);
669 * If we're here, exec has gone badly foom.
675 pty_child_dead
= FALSE
;
676 pty_finished
= FALSE
;
677 if (pty_slave_fd
> 0)
681 if (pipe(pty_signal_pipe
) < 0) {
690 static void pty_reconfig(void *handle
, Config
*cfg
)
693 * We don't have much need to reconfigure this backend, but
694 * unfortunately we do need to pick up the setting of Close On
695 * Exit so we know whether to give a `terminated' message.
697 pty_cfg
= *cfg
; /* structure copy */
701 * Stub routine (never called in pterm).
703 static void pty_free(void *handle
)
708 * Called to send data down the pty.
710 static int pty_send(void *handle
, char *buf
, int len
)
712 if (pty_master_fd
< 0)
713 return 0; /* ignore all writes if fd closed */
716 int ret
= write(pty_master_fd
, buf
, len
);
718 perror("write pty master");
727 static void pty_close(void)
729 if (pty_master_fd
>= 0) {
730 close(pty_master_fd
);
734 if (pty_utmp_helper_pipe
>= 0) {
735 close(pty_utmp_helper_pipe
); /* this causes utmp to be cleaned up */
736 pty_utmp_helper_pipe
= -1;
742 * Called to query the current socket sendability status.
744 static int pty_sendbuffer(void *handle
)
750 * Called to set the size of the window
752 static void pty_size(void *handle
, int width
, int height
)
756 pty_term_width
= width
;
757 pty_term_height
= height
;
759 size
.ws_row
= (unsigned short)pty_term_height
;
760 size
.ws_col
= (unsigned short)pty_term_width
;
761 size
.ws_xpixel
= (unsigned short) pty_term_width
*
762 font_dimension(pty_frontend
, 0);
763 size
.ws_ypixel
= (unsigned short) pty_term_height
*
764 font_dimension(pty_frontend
, 1);
765 ioctl(pty_master_fd
, TIOCSWINSZ
, (void *)&size
);
770 * Send special codes.
772 static void pty_special(void *handle
, Telnet_Special code
)
779 * Return a list of the special codes that make sense in this
782 static const struct telnet_special
*pty_get_specials(void *handle
)
785 * Hmm. When I get round to having this actually usable, it
786 * might be quite nice to have the ability to deliver a few
787 * well chosen signals to the child process - SIGINT, SIGTERM,
793 static Socket
pty_socket(void *handle
)
795 return NULL
; /* shouldn't ever be needed */
798 static int pty_sendok(void *handle
)
803 static void pty_unthrottle(void *handle
, int backlog
)
808 static int pty_ldisc(void *handle
, int option
)
810 return 0; /* neither editing nor echoing */
813 static void pty_provide_ldisc(void *handle
, void *ldisc
)
815 /* This is a stub. */
818 static void pty_provide_logctx(void *handle
, void *logctx
)
820 /* This is a stub. */
823 static int pty_exitcode(void *handle
)
826 return -1; /* not dead yet */
828 return pty_exit_code
;
831 static int pty_cfg_info(void *handle
)
836 Backend pty_backend
= {