Attachment 677 Details for Bug 463 – Patch 676 against Portable, plus AIX loginsuccess() support.

[patch] Patch 676 against Portable, plus AIX loginsuccess() support.

openssh-loginmsg2.patch (text/plain), 11.58 KB, created by Darren Tucker on 2004-07-03 16:42:07 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Darren Tucker

Created: 2004-07-03 16:42:07 AEST

Size: 11.58 KB

patch

obsolete

>Index: loginrec.c
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/loginrec.c,v
>retrieving revision 1.56
>diff -u -p -r1.56 loginrec.c
>--- loginrec.c	8 Apr 2004 06:16:06 -0000	1.56
>+++ loginrec.c	3 Jul 2004 06:40:58 -0000
>@@ -157,6 +157,7 @@
> #include "loginrec.h"
> #include "log.h"
> #include "atomicio.h"
>+#include "buffer.h"
> 
> RCSID("$Id: loginrec.c,v 1.56 2004/04/08 06:16:06 dtucker Exp $");
> 
>@@ -197,6 +198,8 @@ int wtmpx_get_entry(struct logininfo *li
> /* pick the shortest string */
> #define MIN_SIZEOF(s1,s2) ( sizeof(s1) < sizeof(s2) ? sizeof(s1) : sizeof(s2) )
> 
>+extern Buffer loginmsg;
>+
> /**
>  ** platform-independent login functions
>  **/
>@@ -434,6 +437,11 @@ login_write (struct logininfo *li)
> #endif
> #ifdef USE_WTMPX
> 	wtmpx_write_entry(li);
>+#endif
>+#ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN
>+	if (li->type == LTYPE_LOGIN && 
>+	   !sys_auth_record_login(li->username,li->hostname,li->line))
>+		logit("Writing login record failed for %s", li->username);
> #endif
> 	return 0;
> }
>Index: monitor.c
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/monitor.c,v
>retrieving revision 1.75
>diff -u -p -r1.75 monitor.c
>--- monitor.c	22 Jun 2004 05:06:46 -0000	1.75
>+++ monitor.c	3 Jul 2004 05:24:17 -0000
>@@ -79,6 +79,7 @@ extern u_char session_id[];
> extern Buffer input, output;
> extern Buffer auth_debug;
> extern int auth_debug_init;
>+extern Buffer loginmsg;
> 
> /* State exported from the child */
> 
>@@ -1230,10 +1231,6 @@ mm_answer_pty(int sock, Buffer *m)
> 
> 	buffer_put_int(m, 1);
> 	buffer_put_cstring(m, s->tty);
>-	mm_request_send(sock, MONITOR_ANS_PTY, m);
>-
>-	mm_send_fd(sock, s->ptyfd);
>-	mm_send_fd(sock, s->ttyfd);
> 
> 	/* We need to trick ttyslot */
> 	if (dup2(s->ttyfd, 0) == -1)
>@@ -1243,6 +1240,16 @@ mm_answer_pty(int sock, Buffer *m)
> 
> 	/* Now we can close the file descriptor again */
> 	close(0);
>+
>+	/* send messages generated by record_login */
>+	buffer_append(&loginmsg, "\0", 1);
>+	buffer_put_cstring(m, buffer_ptr(&loginmsg));
>+	buffer_clear(&loginmsg);
>+
>+	mm_request_send(sock, MONITOR_ANS_PTY, m);
>+
>+	mm_send_fd(sock, s->ptyfd);
>+	mm_send_fd(sock, s->ttyfd);
> 
> 	/* make sure nothing uses fd 0 */
> 	if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0)
>Index: monitor_wrap.c
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/monitor_wrap.c,v
>retrieving revision 1.46
>diff -u -p -r1.46 monitor_wrap.c
>--- monitor_wrap.c	22 Jun 2004 05:06:46 -0000	1.46
>+++ monitor_wrap.c	3 Jul 2004 05:25:38 -0000
>@@ -70,6 +70,7 @@ extern z_stream incoming_stream;
> extern z_stream outgoing_stream;
> extern struct monitor *pmonitor;
> extern Buffer input, output;
>+extern Buffer loginmsg;
> extern ServerOptions options;
> 
> int
>@@ -642,7 +643,7 @@ int
> mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
> {
> 	Buffer m;
>-	char *p;
>+	char *p, *msg;
> 	int success = 0;
> 
> 	buffer_init(&m);
>@@ -658,10 +659,14 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, 
> 		return (0);
> 	}
> 	p = buffer_get_string(&m, NULL);
>+	msg = buffer_get_string(&m, NULL);
> 	buffer_free(&m);
> 
> 	strlcpy(namebuf, p, namebuflen); /* Possible truncation */
> 	xfree(p);
>+
>+	buffer_append(&loginmsg, msg, strlen(msg));
>+	xfree(msg);
> 
> 	*ptyfd = mm_receive_fd(pmonitor->m_recvfd);
> 	*ttyfd = mm_receive_fd(pmonitor->m_recvfd);
>Index: session.c
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/session.c,v
>retrieving revision 1.284
>diff -u -p -r1.284 session.c
>--- session.c	30 Jun 2004 23:48:29 -0000	1.284
>+++ session.c	3 Jul 2004 05:58:21 -0000
>@@ -193,17 +193,6 @@ auth_input_request_forwarding(struct pas
> 	return 1;
> }
> 
>-static void
>-display_loginmsg(void)
>-{
>-	if (buffer_len(&loginmsg) > 0) {
>-		buffer_append(&loginmsg, "\0", 1);
>-		printf("%s\n", (char *)buffer_ptr(&loginmsg));
>-		buffer_clear(&loginmsg);
>-	}
>-	fflush(stdout);
>-}
>-
> void
> do_authenticated(Authctxt *authctxt)
> {
>@@ -676,14 +665,29 @@ do_exec(Session *s, const char *command)
> 		do_exec_no_pty(s, command);
> 
> 	original_command = NULL;
>+
>+	/*
>+	 * Clear loginmsg: it's the child's responsibility to display
>+	 * it to the user, otherwise multiple sessions may accumulate
>+	 * multiple copies of the login messages.
>+	 */
>+	buffer_clear(&loginmsg);
> }
> 
>+static void
>+display_loginmsg(void)
>+{
>+        if (buffer_len(&loginmsg) > 0) {
>+                buffer_append(&loginmsg, "\0", 1);
>+                printf("%s", (char *)buffer_ptr(&loginmsg));
>+                buffer_clear(&loginmsg);
>+        }
>+}
> 
> /* administrative, login(1)-like work */
> void
> do_login(Session *s, const char *command)
> {
>-	char *time_string;
> 	socklen_t fromlen;
> 	struct sockaddr_storage from;
> 	struct passwd * pw = s->pw;
>@@ -728,19 +732,6 @@ do_login(Session *s, const char *command
> 
> 	display_loginmsg();
> 
>-#ifndef NO_SSH_LASTLOG
>-	if (options.print_lastlog && s->last_login_time != 0) {
>-		time_string = ctime(&s->last_login_time);
>-		if (strchr(time_string, '\n'))
>-			*strchr(time_string, '\n') = 0;
>-		if (strcmp(s->hostname, "") == 0)
>-			printf("Last login: %s\r\n", time_string);
>-		else
>-			printf("Last login: %s from %s\r\n", time_string,
>-			    s->hostname);
>-	}
>-#endif /* NO_SSH_LASTLOG */
>-
> 	do_motd();
> }
> 
>@@ -1702,12 +1693,6 @@ session_pty_req(Session *s)
> 	if (s->ttyfd != -1) {
> 		packet_disconnect("Protocol error: you already have a pty.");
> 		return 0;
>-	}
>-	/* Get the time and hostname when the user last logged in. */
>-	if (options.print_lastlog) {
>-		s->hostname[0] = '\0';
>-		s->last_login_time = get_last_login_time(s->pw->pw_uid,
>-		    s->pw->pw_name, s->hostname, sizeof(s->hostname));
> 	}
> 
> 	s->term = packet_get_string(&len);
>Index: session.h
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/session.h,v
>retrieving revision 1.26
>diff -u -p -r1.26 session.h
>--- session.h	2 May 2004 12:11:30 -0000	1.26
>+++ session.h	3 Jul 2004 05:24:26 -0000
>@@ -39,9 +39,6 @@ struct Session {
> 	int	ptyfd, ttyfd, ptymaster;
> 	u_int	row, col, xpixel, ypixel;
> 	char	tty[TTYSZ];
>-	/* last login */
>-	char	hostname[MAXHOSTNAMELEN];
>-	time_t	last_login_time;
> 	/* X11 */
> 	u_int	display_number;
> 	char	*display;
>Index: sshd.c
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sshd.c,v
>retrieving revision 1.288
>diff -u -p -r1.288 sshd.c
>--- sshd.c	30 Jun 2004 12:40:20 -0000	1.288
>+++ sshd.c	3 Jul 2004 05:24:26 -0000
>@@ -220,6 +220,9 @@ Buffer loginmsg;
> /* global authentication context */
> Authctxt *the_authctxt = NULL;
> 
>+/* message to be displayed after login */
>+Buffer loginmsg;
>+
> /* Prototypes for various functions defined later in this file. */
> void destroy_sensitive_data(void);
> void demote_sensitive_data(void);
>@@ -1683,6 +1686,9 @@ main(int ac, char **av)
> 	if (use_privsep)
> 		if (privsep_preauth(authctxt) == 1)
> 			goto authenticated;
>+
>+	/* prepare buffer to collect messages to display to user after login */
>+	buffer_init(&loginmsg);
> 
> 	/* perform the key exchange */
> 	/* authenticate user and start session */
>Index: sshlogin.c
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sshlogin.c,v
>retrieving revision 1.13
>diff -u -p -r1.13 sshlogin.c
>--- sshlogin.c	22 Jun 2004 02:56:02 -0000	1.13
>+++ sshlogin.c	3 Jul 2004 05:56:31 -0000
>@@ -42,6 +42,12 @@
> RCSID("$OpenBSD: sshlogin.c,v 1.8 2004/06/21 17:36:31 avsm Exp $");
> 
> #include "loginrec.h"
>+#include "log.h"
>+#include "buffer.h"
>+#include "servconf.h"
>+
>+extern Buffer loginmsg;
>+extern ServerOptions options;
> 
> /*
>  * Returns the time when the user last logged in.  Returns 0 if the
>@@ -60,6 +66,38 @@ get_last_login_time(uid_t uid, const cha
> }
> 
> /*
>+ * Generate and store last login message.  This must be done before
>+ * login_login() is called and lastlog is updated.
>+ */
>+void
>+store_lastlog_message(const char *user, uid_t uid)
>+{
>+	char *time_string, hostname[MAXHOSTNAMELEN] = "", buf[512];
>+	time_t last_login_time;
>+
>+#ifndef NO_SSH_LASTLOG
>+	if (!options.print_lastlog)
>+		return;
>+
>+	last_login_time = get_last_login_time(uid, user, hostname,
>+	    sizeof(hostname));
>+
>+	if (last_login_time != 0) {
>+		time_string = ctime(&last_login_time);
>+		if (strchr(time_string, '\n'))
>+		    *strchr(time_string, '\n') = 0;
>+		if (strcmp(hostname, "") == 0)
>+			snprintf(buf, sizeof(buf), "Last login: %s\r\n",
>+			    time_string);
>+		else
>+			snprintf(buf, sizeof(buf), "Last login: %s from %s\r\n",
>+			    time_string, hostname);
>+		buffer_append(&loginmsg, buf, strlen(buf));
>+	}
>+#endif /* NO_SSH_LASTLOG */
>+}
>+
>+/*
>  * Records that the user has logged in.  I wish these parts of operating
>  * systems were more standardized.
>  */
>@@ -68,6 +106,9 @@ record_login(pid_t pid, const char *tty,
>     const char *host, struct sockaddr * addr, socklen_t addrlen)
> {
> 	struct logininfo *li;
>+
>+	/* save previous login details before writing new */
>+	store_lastlog_message(user, uid);
> 
> 	li = login_alloc_entry(pid, user, host, tty);
> 	login_set_addr(li, addr, addrlen);
>Index: openbsd-compat/port-aix.c
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.c,v
>retrieving revision 1.22
>diff -u -p -r1.22 port-aix.c
>--- openbsd-compat/port-aix.c	28 Jun 2004 08:11:19 -0000	1.22
>+++ openbsd-compat/port-aix.c	3 Jul 2004 06:24:54 -0000
>@@ -101,7 +101,7 @@ aix_remove_embedded_newlines(char *p)
> int
> sys_auth_passwd(Authctxt *ctxt, const char *password)
> {
>-	char *authmsg = NULL, *host, *msg, *name = ctxt->pw->pw_name;
>+	char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name;
> 	int authsuccess = 0, expired, reenter, result;
> 
> 	do {
>@@ -115,20 +115,11 @@ sys_auth_passwd(Authctxt *ctxt, const ch
> 	if (result == 0) {
> 		authsuccess = 1;
> 
>-		host = (char *)get_canonical_hostname(options.use_dns);
>-
> 	       	/*
> 		 * Record successful login.  We don't have a pty yet, so just
> 		 * label the line as "ssh"
> 		 */
> 		aix_setauthdb(name);
>-	       	if (loginsuccess((char *)name, (char *)host, "ssh", &msg) == 0) {
>-			if (msg != NULL) {
>-				debug("%s: msg %s", __func__, msg);
>-				buffer_append(&loginmsg, msg, strlen(msg));
>-				xfree(msg);
>-			}
>-		}
> 
> 		/*
> 		 * Check if the user's password is expired.
>@@ -206,6 +197,25 @@ sys_auth_allowed_user(struct passwd *pw)
> 		logit("Login restricted for %s: %.100s", pw->pw_name, msg);
> 	xfree(msg);
> 	return permitted;
>+}
>+
>+int
>+sys_auth_record_login(const char *user, const char *host, const char *ttynm)
>+{
>+	char *msg;
>+	int success = 0;
>+
>+	aix_setauthdb(user);
>+       	if (loginsuccess((char *)user, host, ttynm, &msg) == 0) {
>+		success = 1;
>+		if (msg != NULL) {
>+			debug("AIX/loginsuccess: msg %s", __func__, msg);
>+			buffer_append(&loginmsg, msg, strlen(msg));
>+			xfree(msg);
>+		}
>+	}
>+	aix_restoreauthdb();
>+	return (success);
> }
> 
> #  ifdef CUSTOM_FAILED_LOGIN
>Index: openbsd-compat/port-aix.h
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.h,v
>retrieving revision 1.20
>diff -u -p -r1.20 port-aix.h
>--- openbsd-compat/port-aix.h	23 Jun 2004 03:45:24 -0000	1.20
>+++ openbsd-compat/port-aix.h	3 Jul 2004 06:25:23 -0000
>@@ -65,6 +65,8 @@ void aix_usrinfo(struct passwd *);
> # define CUSTOM_SYS_AUTH_PASSWD 1
> # define CUSTOM_SYS_AUTH_ALLOWED_USER 1
> int sys_auth_allowed_user(struct passwd *);
>+# define CUSTOM_SYS_AUTH_RECORD_LOGIN 1
>+int sys_auth_record_login(const char *, const char *, const char *);
> # define CUSTOM_FAILED_LOGIN 1
> void record_failed_login(const char *, const char *);
> #endif

Actions: View | Diff

Attachments on bug 463: 235 | 287 | 288 | 676 | 677