Attachment 916 Details for Bug 980 – Patch for logging,clearing shell pid during login and logout

[patch] Patch for logging,clearing shell pid during login and logout

LogShellpid_PrivSepyes.patch (text/plain), 9.33 KB, created by senthilkumar on 2005-05-16 23:38:26 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: senthilkumar

Created: 2005-05-16 23:38:26 AEST

Size: 9.33 KB

patch

obsolete

>diff -Nur openssh-4.0p1/monitor.c openssh-4.0p1-logname/monitor.c
>--- openssh-4.0p1/monitor.c     2005-03-06 17:01:36.000000000 +0530
>+++ openssh-4.0p1-logname/monitor.c     2005-05-16 16:59:00.000000000 +0530
>@@ -127,6 +127,9 @@
> int mm_answer_sesskey(int, Buffer *);
> int mm_answer_sessid(int, Buffer *);
>
>+int mm_answer_writelogin(int, Buffer *);
>+int mm_answer_record_logout(int, Buffer *);
>+
> #ifdef USE_PAM
> int mm_answer_pam_start(int, Buffer *);
> int mm_answer_pam_account(int, Buffer *);
>@@ -219,6 +222,8 @@
>     {MONITOR_REQ_PTY, 0, mm_answer_pty},
>     {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
>     {MONITOR_REQ_TERM, 0, mm_answer_term},
>+    {MONITOR_REQ_WRITELOGIN, 0, mm_answer_writelogin},
>+    {MONITOR_REQ_LOGOUT, 0, mm_answer_record_logout},
> #ifdef SSH_AUDIT_EVENTS
>     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
>     {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
>@@ -261,6 +266,8 @@
>     {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
>     {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
>     {MONITOR_REQ_TERM, 0, mm_answer_term},
>+    {MONITOR_REQ_WRITELOGIN, 0, mm_answer_writelogin},
>+    {MONITOR_REQ_LOGOUT, 0, mm_answer_record_logout},
> #ifdef SSH_AUDIT_EVENTS
>     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
>     {MONITOR_REQ_AUDIT_COMMAND, MON_ONCE, mm_answer_audit_command},
>@@ -396,6 +403,8 @@
>        if (!no_pty_flag) {
>                monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
>                monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);
>+               monitor_permit(mon_dispatch, MONITOR_REQ_WRITELOGIN, 1);
>+               monitor_permit(mon_dispatch, MONITOR_REQ_LOGOUT, 1);
>        }
>
>        for (;;)
>@@ -1216,10 +1225,7 @@
>                        cleanup_exit(255);
>                }
>        }
>-       /* Record that there was a login on that tty from the remote host. */
>-       record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid,
>-           get_remote_name_or_ip(utmp_len, options.use_dns),
>-           (struct sockaddr *)&from, fromlen);
>+       store_lastlog_message(pw->pw_name, pw->pw_uid);
> }
>
> static void
>@@ -1916,3 +1922,68 @@
>        return (authenticated);
> }
> #endif /* GSSAPI */
>+
>+/*
>+     Receive a "write login" request from the unpriviledged
>+     process. The priviledged process will receive the pid
>+     of the shell process, and the tty name. Record the login.
>+*/
>+int mm_answer_writelogin(int socket, Buffer *m)
>+{
>+          pid_t pid;
>+          char tty[TTYSZ];
>+          socklen_t fromlen;
>+          struct sockaddr_storage from;
>+          struct passwd *pw;
>+
>+          memset(tty, 0, TTYSZ);
>+          buffer_get(m, &pid, sizeof(pid_t));
>+          buffer_get(m, tty, TTYSZ);
>+          debug("Priviledged process: received pid %d tty %s", pid, tty);
>+           /*
>+            * Get IP address of client. If the connection is not a socket, let
>+            * the address be 0.0.0.0.
>+            */
>+           memset(&from, 0, sizeof(from));
>+           fromlen = sizeof(from);
>+           if (packet_connection_is_on_socket()) {
>+                   if (getpeername(packet_get_connection_in(),
>+                           (struct sockaddr *) & from, &fromlen) < 0) {
>+                           debug("getpeername: %.100s", strerror(errno));
>+                           cleanup_exit(255);
>+                   }
>+           }
>+           pw = authctxt->pw;
>+
>+           /* Record that there was a login on that tty from the remote host. */
>+           record_login(pid, tty, pw->pw_name, pw->pw_uid,
>+               get_remote_name_or_ip(utmp_len, options.use_dns),
>+               (struct sockaddr *)&from, fromlen);
>+
>+}
>+
>+/* LOGOUT FIX
>+    Receive a "record logout" request from the unpriviledged
>+    process. The priviledged process will receive the pid
>+    of the shell process, and the tty name. Record the logout.
>+*/
>+int mm_answer_record_logout(int socket, Buffer *m)
>+{
>+              pid_t pid;
>+              char tty[TTYSZ];
>+              char *pwname;
>+              struct passwd *pw;
>+
>+              memset(tty, 0, TTYSZ);
>+              buffer_get(m, &pid, sizeof(pid_t));
>+              buffer_get(m, tty, TTYSZ);
>+              pwname = buffer_get_string(m,NULL);
>+              debug("Priviledged process: received pid for logout %d tty %s", pid, tty);
>+              pw = authctxt->pw;
>+
>+              if (pid != 0)
>+                      record_logout(pid, tty, pw->pw_name);
>+              xfree(pwname);
>+}
>+
>+
>diff -Nur openssh-4.0p1/monitor.h openssh-4.0p1-logname/monitor.h
>--- openssh-4.0p1/monitor.h     2005-02-02 18:50:53.000000000 +0530
>+++ openssh-4.0p1-logname/monitor.h     2005-05-16 17:10:06.000000000 +0530
>@@ -60,7 +60,9 @@
>        MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
>        MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
>        MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
>-       MONITOR_REQ_TERM
>+       MONITOR_REQ_LOGOUT,
>+       MONITOR_REQ_TERM,
>+       MONITOR_REQ_WRITELOGIN
> };
>
> struct mm_master;
>diff -Nur openssh-4.0p1/monitor_wrap.c openssh-4.0p1-logname/monitor_wrap.c
>--- openssh-4.0p1/monitor_wrap.c        2005-02-08 16:22:48.000000000 +0530
>+++ openssh-4.0p1-logname/monitor_wrap.c        2005-05-16 17:05:11.000000000 +0530
>@@ -1218,3 +1218,39 @@
>        return (authenticated);
> }
> #endif /* GSSAPI */
>+
>+/* Only the priviledged process can update the login recording files.
>+    Send the pid of the shell process, and the session tty name
>+    to the priviledged process.
>+*/
>+
>+void mm_write_login(pid_t pid, const char *tty, int len)
>+{
>+         Buffer m;
>+         buffer_init(&m);
>+         buffer_append(&m, (void *)&pid, sizeof(pid_t));
>+         buffer_append(&m, tty, TTYSZ);
>+         debug("Writing pid %d tty %s to priviledged process ", pid, tty);
>+         mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_WRITELOGIN, &m);
>+         buffer_free(&m);
>+}
>+
>+/* LOGOUT FIX
>+   Only the priviledged process can update the logout recording files.
>+    Send the pid of the shell process, and the session tty name
>+    to the priviledged process.
>+*/
>+void mm_record_logout(pid_t pid, const char *tty, const char *pwname)
>+{
>+              Buffer m;
>+              buffer_init(&m);
>+              buffer_append(&m, (void *)&pid, sizeof(pid_t));
>+              buffer_append(&m, tty, TTYSZ);
>+              buffer_put_string(&m, pwname, strlen(pwname));
>+              debug("Writing pid %d tty %s to priviledged process ",
>+                      pid, tty);
>+              mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_LOGOUT, &m);
>+              buffer_free(&m);
>+}
>+
>+
>diff -Nur openssh-4.0p1/monitor_wrap.h openssh-4.0p1-logname/monitor_wrap.h
>--- openssh-4.0p1/monitor_wrap.h        2005-02-08 16:22:48.000000000 +0530
>+++ openssh-4.0p1-logname/monitor_wrap.h        2005-05-16 16:58:23.000000000 +0530
>@@ -111,4 +111,7 @@
> void mm_zfree(struct mm_master *, void *);
> void mm_init_compression(struct mm_master *);
>
>+void mm_write_login(pid_t pid, const char *tty, int len);
>+void mm_record_logout(pid_t pid, const char *tty, const char *pwname);
>+
> #endif /* _MM_H_ */
>diff -Nur openssh-4.0p1/session.c openssh-4.0p1-logname/session.c
>--- openssh-4.0p1/session.c     2005-03-06 17:08:52.000000000 +0530
>+++ openssh-4.0p1-logname/session.c     2005-05-16 16:57:51.000000000 +0530
>@@ -475,6 +475,11 @@
>        if (pid < 0)
>                packet_disconnect("fork failed: %.100s", strerror(errno));
>        s->pid = pid;
>+
>+       /* Send the utmpx information to the priviledged process */
>+        if (use_privsep)
>+             mm_write_login(pid, s->tty, TTYSZ);
>+
>        /* Set interactive/non-interactive mode. */
>        packet_set_interactive(s->display != NULL);
> #ifdef USE_PIPES
>@@ -2011,7 +2016,7 @@
>        debug("session_pty_cleanup: session %d release %s", s->self, s->tty);
>
>        /* Record that the user has logged out. */
>-       if (s->pid != 0)
>+       if (s->pid != 0 && !use_privsep)
>                record_logout(s->pid, s->tty, s->pw->pw_name);
>
>        /* Release the pseudo-tty. */
>@@ -2108,6 +2113,9 @@
>        int i;
>
>        debug("session_close: session %d pid %ld", s->self, (long)s->pid);
>+       /* Send the utmpx information to the priviledged process */
>+        if (use_privsep)
>+                mm_record_logout(s->pid, s->tty, s->pw->pw_name);
>        if (s->ttyfd != -1)
>                session_pty_cleanup(s);
>        if (s->term)
>diff -Nur openssh-4.0p1/sshlogin.c openssh-4.0p1-logname/sshlogin.c
>--- openssh-4.0p1/sshlogin.c    2004-08-13 16:51:47.000000000 +0530
>+++ openssh-4.0p1-logname/sshlogin.c    2005-05-16 14:47:32.000000000 +0530
>@@ -69,7 +69,7 @@
>  * Generate and store last login message.  This must be done before
>  * login_login() is called and lastlog is updated.
>  */
>-static void
>+void
> store_lastlog_message(const char *user, uid_t uid)
> {
>        char *time_string, hostname[MAXHOSTNAMELEN] = "", buf[512];
>diff -Nur openssh-4.0p1/sshlogin.h openssh-4.0p1-logname/sshlogin.h
>--- openssh-4.0p1/sshlogin.h    2003-01-02 05:13:56.000000000 +0530
>+++ openssh-4.0p1-logname/sshlogin.h    2005-05-16 14:51:01.000000000 +0530
>@@ -25,4 +25,6 @@
>                struct sockaddr *, socklen_t);
> #endif
>
>+void store_lastlog_message(const char *user, uid_t uid);
>+
> #endif

Actions: View | Diff

Attachments on bug 980: 802 | 821 | 916