Bugzilla – Attachment 676 Details for
Bug 463
PrintLastLog doesn't work in privsep mode
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Simpler OpenBSD patch based on feedback from Markus
openbsd-loginmsg2.patch (text/plain), 8.47 KB, created by
Darren Tucker
on 2004-07-03 15:19:17 AEST
(
hide
)
Description:
Simpler OpenBSD patch based on feedback from Markus
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2004-07-03 15:19:17 AEST
Size:
8.47 KB
patch
obsolete
> >This is an update of the previous patch, based on feedback from >Markus. It's simpler: it eliminates the extra monitor call, instead it >sends the message back as an addition message with mm_answer_pty(). > >It also skips reading lastlog if PrintLastLog=no. > >This also means it can't double-up login messages if 2 sessions are >created in parallel. > >To test: >$ sudo chmod 600 /var/log/lastlog >$ ssh -MS ~/.ssh/ctl localhost >$ ssh -S ~/.ssh/ctl localhost > >Without this patch, as a non-root user you won't get "Last login..." >messages in either the master or slave. Test OK with and without privsep. > >Previous patch: 9 files changed, 97 insertions(+), 20 deletions(-) >This patch: 6 files changed, 79 insertions(+), 25 deletions(-) > >Index: monitor.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/monitor.c,v >retrieving revision 1.60 >diff -u -p -r1.60 monitor.c >--- monitor.c 22 Jun 2004 05:05:45 -0000 1.60 >+++ monitor.c 3 Jul 2004 04:42:57 -0000 >@@ -73,6 +73,7 @@ extern u_char session_id[]; > extern Buffer input, output; > extern Buffer auth_debug; > extern int auth_debug_init; >+extern Buffer loginmsg; > > /* State exported from the child */ > >@@ -1051,10 +1052,6 @@ mm_answer_pty(int sock, Buffer *m) > > buffer_put_int(m, 1); > buffer_put_cstring(m, s->tty); >- mm_request_send(sock, MONITOR_ANS_PTY, m); >- >- mm_send_fd(sock, s->ptyfd); >- mm_send_fd(sock, s->ttyfd); > > /* We need to trick ttyslot */ > if (dup2(s->ttyfd, 0) == -1) >@@ -1064,6 +1061,16 @@ mm_answer_pty(int sock, Buffer *m) > > /* Now we can close the file descriptor again */ > close(0); >+ >+ /* send messages generated by record_login */ >+ buffer_append(&loginmsg, "\0", 1); >+ buffer_put_cstring(m, buffer_ptr(&loginmsg)); >+ buffer_clear(&loginmsg); >+ >+ mm_request_send(sock, MONITOR_ANS_PTY, m); >+ >+ mm_send_fd(sock, s->ptyfd); >+ mm_send_fd(sock, s->ttyfd); > > /* make sure nothing uses fd 0 */ > if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0) >Index: monitor_wrap.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/monitor_wrap.c,v >retrieving revision 1.37 >diff -u -p -r1.37 monitor_wrap.c >--- monitor_wrap.c 22 Jun 2004 05:05:45 -0000 1.37 >+++ monitor_wrap.c 3 Jul 2004 04:42:57 -0000 >@@ -63,6 +63,7 @@ extern z_stream incoming_stream; > extern z_stream outgoing_stream; > extern struct monitor *pmonitor; > extern Buffer input, output; >+extern Buffer loginmsg; > > int > mm_is_monitor(void) >@@ -632,7 +633,7 @@ int > mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) > { > Buffer m; >- char *p; >+ char *p, *msg; > int success = 0; > > buffer_init(&m); >@@ -648,10 +649,14 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, > return (0); > } > p = buffer_get_string(&m, NULL); >+ msg = buffer_get_string(&m, NULL); > buffer_free(&m); > > strlcpy(namebuf, p, namebuflen); /* Possible truncation */ > xfree(p); >+ >+ buffer_append(&loginmsg, msg, strlen(msg)); >+ xfree(msg); > > *ptyfd = mm_receive_fd(pmonitor->m_recvfd); > *ttyfd = mm_receive_fd(pmonitor->m_recvfd); >Index: session.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/session.c,v >retrieving revision 1.177 >diff -u -p -r1.177 session.c >--- session.c 30 Jun 2004 08:36:59 -0000 1.177 >+++ session.c 3 Jul 2004 04:42:59 -0000 >@@ -94,6 +94,7 @@ extern int debug_flag; > extern u_int utmp_len; > extern int startup_pipe; > extern void destroy_sensitive_data(void); >+extern Buffer loginmsg; > > /* original command from peer. */ > const char *original_command = NULL; >@@ -189,6 +190,15 @@ auth_input_request_forwarding(struct pas > return 1; > } > >+static void >+display_loginmsg(void) >+{ >+ if (buffer_len(&loginmsg) > 0) { >+ buffer_append(&loginmsg, "\0", 1); >+ printf("%s", (char *)buffer_ptr(&loginmsg)); >+ buffer_clear(&loginmsg); >+ } >+} > > void > do_authenticated(Authctxt *authctxt) >@@ -586,6 +596,13 @@ do_exec(Session *s, const char *command) > do_exec_no_pty(s, command); > > original_command = NULL; >+ >+ /* >+ * Clear loginmsg: it's the child's responsibility to display >+ * it to the user, otherwise multiple sessions may accumulate >+ * multiple copies of the login messages. >+ */ >+ buffer_clear(&loginmsg); > } > > >@@ -593,7 +610,6 @@ do_exec(Session *s, const char *command) > void > do_login(Session *s, const char *command) > { >- char *time_string; > socklen_t fromlen; > struct sockaddr_storage from; > struct passwd * pw = s->pw; >@@ -623,16 +639,7 @@ do_login(Session *s, const char *command > if (check_quietlogin(s, command)) > return; > >- if (options.print_lastlog && s->last_login_time != 0) { >- time_string = ctime(&s->last_login_time); >- if (strchr(time_string, '\n')) >- *strchr(time_string, '\n') = 0; >- if (strcmp(s->hostname, "") == 0) >- printf("Last login: %s\r\n", time_string); >- else >- printf("Last login: %s from %s\r\n", time_string, >- s->hostname); >- } >+ display_loginmsg(); > > do_motd(); > } >@@ -1377,12 +1384,6 @@ session_pty_req(Session *s) > if (s->ttyfd != -1) { > packet_disconnect("Protocol error: you already have a pty."); > return 0; >- } >- /* Get the time and hostname when the user last logged in. */ >- if (options.print_lastlog) { >- s->hostname[0] = '\0'; >- s->last_login_time = get_last_login_time(s->pw->pw_uid, >- s->pw->pw_name, s->hostname, sizeof(s->hostname)); > } > > s->term = packet_get_string(&len); >Index: session.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/session.h,v >retrieving revision 1.22 >diff -u -p -r1.22 session.h >--- session.h 27 Apr 2004 09:46:37 -0000 1.22 >+++ session.h 3 Jul 2004 04:42:59 -0000 >@@ -39,9 +39,6 @@ struct Session { > int ptyfd, ttyfd, ptymaster; > u_int row, col, xpixel, ypixel; > char tty[TTYSZ]; >- /* last login */ >- char hostname[MAXHOSTNAMELEN]; >- time_t last_login_time; > /* X11 */ > u_int display_number; > char *display; >Index: sshd.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshd.c,v >retrieving revision 1.297 >diff -u -p -r1.297 sshd.c >--- sshd.c 26 Jun 2004 20:07:16 -0000 1.297 >+++ sshd.c 3 Jul 2004 04:43:00 -0000 >@@ -208,6 +208,9 @@ struct monitor *pmonitor = NULL; > /* global authentication context */ > Authctxt *the_authctxt = NULL; > >+/* message to be displayed after login */ >+Buffer loginmsg; >+ > /* Prototypes for various functions defined later in this file. */ > void destroy_sensitive_data(void); > void demote_sensitive_data(void); >@@ -1603,6 +1606,9 @@ main(int ac, char **av) > if (use_privsep) > if (privsep_preauth(authctxt) == 1) > goto authenticated; >+ >+ /* prepare buffer to collect messages to display to user after login */ >+ buffer_init(&loginmsg); > > /* perform the key exchange */ > /* authenticate user and start session */ >Index: sshlogin.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshlogin.c,v >retrieving revision 1.8 >diff -u -p -r1.8 sshlogin.c >--- sshlogin.c 21 Jun 2004 17:36:31 -0000 1.8 >+++ sshlogin.c 3 Jul 2004 04:43:00 -0000 >@@ -45,6 +45,11 @@ RCSID("$OpenBSD: sshlogin.c,v 1.8 2004/0 > #include <utmp.h> > #include "sshlogin.h" > #include "log.h" >+#include "buffer.h" >+#include "servconf.h" >+ >+extern Buffer loginmsg; >+extern ServerOptions options; > > /* > * Returns the time when the user last logged in. Returns 0 if the >@@ -79,6 +84,36 @@ get_last_login_time(uid_t uid, const cha > } > > /* >+ * Generate and store last login message. This must be done before >+ * login_login() is called and lastlog is updated. >+ */ >+void >+store_lastlog_message(const char *user, uid_t uid) >+{ >+ char *time_string, hostname[MAXHOSTNAMELEN] = "", buf[512]; >+ time_t last_login_time; >+ >+ if (!options.print_lastlog) >+ return; >+ >+ last_login_time = get_last_login_time(uid, user, hostname, >+ sizeof(hostname)); >+ >+ if (last_login_time != 0) { >+ time_string = ctime(&last_login_time); >+ if (strchr(time_string, '\n')) >+ *strchr(time_string, '\n') = 0; >+ if (strcmp(hostname, "") == 0) >+ snprintf(buf, sizeof(buf), "Last login: %s\r\n", >+ time_string); >+ else >+ snprintf(buf, sizeof(buf), "Last login: %s from %s\r\n", >+ time_string, hostname); >+ buffer_append(&loginmsg, buf, strlen(buf)); >+ } >+} >+ >+/* > * Records that the user has logged in. I wish these parts of operating > * systems were more standardized. > */ >@@ -90,6 +125,9 @@ record_login(pid_t pid, const char *tty, > struct lastlog ll; > char *lastlog; > struct utmp u; >+ >+ /* save previous login details before writing new */ >+ store_lastlog_message(user, uid); > > /* Construct an utmp/wtmp entry. */ > memset(&u, 0, sizeof(u));
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=676">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 463
:
235
|
287
|
288
| 676 |
677