Attachment #916 for bug #980

Lines 127-132 Link Here

(-)openssh-4.0p1/monitor.c (-4 / +75 lines)
127	int mm_answer_sesskey(int, Buffer *);	127	int mm_answer_sesskey(int, Buffer *);
128	int mm_answer_sessid(int, Buffer *);	128	int mm_answer_sessid(int, Buffer *);
		129	int mm_answer_writelogin(int, Buffer *);
		130	int mm_answer_record_logout(int, Buffer *);
		131
129	#ifdef USE_PAM	132	#ifdef USE_PAM
130	int mm_answer_pam_start(int, Buffer *);	133	int mm_answer_pam_start(int, Buffer *);
131	int mm_answer_pam_account(int, Buffer *);	134	int mm_answer_pam_account(int, Buffer *);
Lines 219-224 Link Here
219	{MONITOR_REQ_PTY, 0, mm_answer_pty},	222	{MONITOR_REQ_PTY, 0, mm_answer_pty},
220	{MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},	223	{MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
221	{MONITOR_REQ_TERM, 0, mm_answer_term},	224	{MONITOR_REQ_TERM, 0, mm_answer_term},
		225	{MONITOR_REQ_WRITELOGIN, 0, mm_answer_writelogin},
		226	{MONITOR_REQ_LOGOUT, 0, mm_answer_record_logout},
222	#ifdef SSH_AUDIT_EVENTS	227	#ifdef SSH_AUDIT_EVENTS
223	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},	228	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
224	{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},	229	{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
Lines 261-266 Link Here
261	{MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},	266	{MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
262	{MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},	267	{MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
263	{MONITOR_REQ_TERM, 0, mm_answer_term},	268	{MONITOR_REQ_TERM, 0, mm_answer_term},
		269	{MONITOR_REQ_WRITELOGIN, 0, mm_answer_writelogin},
		270	{MONITOR_REQ_LOGOUT, 0, mm_answer_record_logout},
264	#ifdef SSH_AUDIT_EVENTS	271	#ifdef SSH_AUDIT_EVENTS
265	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},	272	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
266	{MONITOR_REQ_AUDIT_COMMAND, MON_ONCE, mm_answer_audit_command},	273	{MONITOR_REQ_AUDIT_COMMAND, MON_ONCE, mm_answer_audit_command},
Lines 396-401 Link Here
396	if (!no_pty_flag) {	403	if (!no_pty_flag) {
397	monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);	404	monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
398	monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);	405	monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);
		406	monitor_permit(mon_dispatch, MONITOR_REQ_WRITELOGIN, 1);
		407	monitor_permit(mon_dispatch, MONITOR_REQ_LOGOUT, 1);
399	}	408	}
400	for (;;)	409	for (;;)
Lines 1216-1225 Link Here
1216	cleanup_exit(255);	1225	cleanup_exit(255);
1217	}	1226	}
1218	}	1227	}
1219	/* Record that there was a login on that tty from the remote host. */	1228	store_lastlog_message(pw->pw_name, pw->pw_uid);
1220	record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid,
1221	get_remote_name_or_ip(utmp_len, options.use_dns),
1222	(struct sockaddr *)&from, fromlen);
1223	}	1229	}
1224	static void	1230	static void
Lines 1916-1918 Link Here
1916	return (authenticated);	1922	return (authenticated);
1917	}	1923	}
1918	#endif /* GSSAPI */	1924	#endif /* GSSAPI */
		1925
		1926	/*
		1927	Receive a "write login" request from the unpriviledged
		1928	process. The priviledged process will receive the pid
		1929	of the shell process, and the tty name. Record the login.
		1930	*/
		1931	int mm_answer_writelogin(int socket, Buffer *m)
		1932	{
		1933	pid_t pid;
		1934	char tty[TTYSZ];
		1935	socklen_t fromlen;
		1936	struct sockaddr_storage from;
		1937	struct passwd *pw;
		1938
		1939	memset(tty, 0, TTYSZ);
		1940	buffer_get(m, &pid, sizeof(pid_t));
		1941	buffer_get(m, tty, TTYSZ);
		1942	debug("Priviledged process: received pid %d tty %s", pid, tty);
		1943	/*
		1944	* Get IP address of client. If the connection is not a socket, let
		1945	* the address be 0.0.0.0.
		1946	*/
		1947	memset(&from, 0, sizeof(from));
		1948	fromlen = sizeof(from);
		1949	if (packet_connection_is_on_socket()) {
		1950	if (getpeername(packet_get_connection_in(),
		1951	(struct sockaddr *) & from, &fromlen) < 0) {
		1952	debug("getpeername: %.100s", strerror(errno));
		1953	cleanup_exit(255);
		1954	}
		1955	}
		1956	pw = authctxt->pw;
		1957
		1958	/* Record that there was a login on that tty from the remote host. */
		1959	record_login(pid, tty, pw->pw_name, pw->pw_uid,
		1960	get_remote_name_or_ip(utmp_len, options.use_dns),
		1961	(struct sockaddr *)&from, fromlen);
		1962
		1963	}
		1964
		1965	/* LOGOUT FIX
		1966	Receive a "record logout" request from the unpriviledged
		1967	process. The priviledged process will receive the pid
		1968	of the shell process, and the tty name. Record the logout.
		1969	*/
		1970	int mm_answer_record_logout(int socket, Buffer *m)
		1971	{
		1972	pid_t pid;
		1973	char tty[TTYSZ];
		1974	char *pwname;
		1975	struct passwd *pw;
		1976
		1977	memset(tty, 0, TTYSZ);
		1978	buffer_get(m, &pid, sizeof(pid_t));
		1979	buffer_get(m, tty, TTYSZ);
		1980	pwname = buffer_get_string(m,NULL);
		1981	debug("Priviledged process: received pid for logout %d tty %s", pid, tty);
		1982	pw = authctxt->pw;
		1983
		1984	if (pid != 0)
		1985	record_logout(pid, tty, pw->pw_name);
		1986	xfree(pwname);
		1987	}
		1988
1989

Lines 60-66 Link Here

(-)openssh-4.0p1/monitor.h (-1 / +3 lines)
60	MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,	60	MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
61	MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,	61	MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
62	MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,	62	MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
63	MONITOR_REQ_TERM	63	MONITOR_REQ_LOGOUT,
		64	MONITOR_REQ_TERM,
		65	MONITOR_REQ_WRITELOGIN
64	};	66	};
65	struct mm_master;	67	struct mm_master;




       return (authenticated);
}
#endif /* GSSAPI */

/* Only the priviledged process can update the login recording files.
    Send the pid of the shell process, and the session tty name
    to the priviledged process.
*/

void mm_write_login(pid_t pid, const char *tty, int len)
{
         Buffer m;
         buffer_init(&m);
         buffer_append(&m, (void *)&pid, sizeof(pid_t));
         buffer_append(&m, tty, TTYSZ);
         debug("Writing pid %d tty %s to priviledged process ", pid, tty);
         mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_WRITELOGIN, &m);
         buffer_free(&m);
}

/* LOGOUT FIX
   Only the priviledged process can update the logout recording files.
    Send the pid of the shell process, and the session tty name
    to the priviledged process.
*/
void mm_record_logout(pid_t pid, const char *tty, const char *pwname)
{
              Buffer m;
              buffer_init(&m);
              buffer_append(&m, (void *)&pid, sizeof(pid_t));
              buffer_append(&m, tty, TTYSZ);
              buffer_put_string(&m, pwname, strlen(pwname));
              debug("Writing pid %d tty %s to priviledged process ",
                      pid, tty);
              mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_LOGOUT, &m);
              buffer_free(&m);
}



Lines 111-114 Link Here

(-)openssh-4.0p1/monitor_wrap.h (+3 lines)
111	void mm_zfree(struct mm_master , void );	111	void mm_zfree(struct mm_master , void );
112	void mm_init_compression(struct mm_master *);	112	void mm_init_compression(struct mm_master *);
		113	void mm_write_login(pid_t pid, const char *tty, int len);
		114	void mm_record_logout(pid_t pid, const char tty, const char pwname);
		115
113	#endif /* _MM_H_ */	116	#endif /* _MM_H_ */

Lines 475-480 Link Here

(-)openssh-4.0p1/session.c (-1 / +9 lines)
475	if (pid < 0)	475	if (pid < 0)
476	packet_disconnect("fork failed: %.100s", strerror(errno));	476	packet_disconnect("fork failed: %.100s", strerror(errno));
477	s->pid = pid;	477	s->pid = pid;
		478
		479	/* Send the utmpx information to the priviledged process */
		480	if (use_privsep)
		481	mm_write_login(pid, s->tty, TTYSZ);
		482
478	/* Set interactive/non-interactive mode. */	483	/* Set interactive/non-interactive mode. */
479	packet_set_interactive(s->display != NULL);	484	packet_set_interactive(s->display != NULL);
480	#ifdef USE_PIPES	485	#ifdef USE_PIPES
Lines 2011-2017 Link Here
2011	debug("session_pty_cleanup: session %d release %s", s->self, s->tty);	2016	debug("session_pty_cleanup: session %d release %s", s->self, s->tty);
2012	/* Record that the user has logged out. */	2017	/* Record that the user has logged out. */
2013	if (s->pid != 0)	2018	if (s->pid != 0 && !use_privsep)
2014	record_logout(s->pid, s->tty, s->pw->pw_name);	2019	record_logout(s->pid, s->tty, s->pw->pw_name);
2015	/* Release the pseudo-tty. */	2020	/* Release the pseudo-tty. */
Lines 2108-2113 Link Here
2108	int i;	2113	int i;
2109	debug("session_close: session %d pid %ld", s->self, (long)s->pid);	2114	debug("session_close: session %d pid %ld", s->self, (long)s->pid);
		2115	/* Send the utmpx information to the priviledged process */
		2116	if (use_privsep)
		2117	mm_record_logout(s->pid, s->tty, s->pw->pw_name);
2110	if (s->ttyfd != -1)	2118	if (s->ttyfd != -1)
2111	session_pty_cleanup(s);	2119	session_pty_cleanup(s);
2112	if (s->term)	2120	if (s->term)

Lines 69-75 Link Here

(-)openssh-4.0p1/sshlogin.c (-1 / +1 lines)
69	* Generate and store last login message. This must be done before	69	* Generate and store last login message. This must be done before
70	* login_login() is called and lastlog is updated.	70	* login_login() is called and lastlog is updated.
71	*/	71	*/
72	static void	72	void
73	store_lastlog_message(const char *user, uid_t uid)	73	store_lastlog_message(const char *user, uid_t uid)
74	{	74	{
75	char *time_string, hostname[MAXHOSTNAMELEN] = "", buf[512];	75	char *time_string, hostname[MAXHOSTNAMELEN] = "", buf[512];

Lines 25-28 Link Here

(-)openssh-4.0p1/sshlogin.h (+2 lines)
25	struct sockaddr *, socklen_t);	25	struct sockaddr *, socklen_t);
26	#endif	26	#endif
		27	void store_lastlog_message(const char *user, uid_t uid);
		28
27	#endif	29	#endif

Return to bug 980

Lines 1218-1220 Link Here

(-)openssh-4.0p1/monitor_wrap.c (+36 lines)
1218	return (authenticated);	1218	return (authenticated);
1219	}	1219	}
1220	#endif /* GSSAPI */	1220	#endif /* GSSAPI */
		1221
		1222	/* Only the priviledged process can update the login recording files.
		1223	Send the pid of the shell process, and the session tty name
		1224	to the priviledged process.
		1225	*/
		1226
		1227	void mm_write_login(pid_t pid, const char *tty, int len)
		1228	{
		1229	Buffer m;
		1230	buffer_init(&m);
		1231	buffer_append(&m, (void *)&pid, sizeof(pid_t));
		1232	buffer_append(&m, tty, TTYSZ);
		1233	debug("Writing pid %d tty %s to priviledged process ", pid, tty);
		1234	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_WRITELOGIN, &m);
		1235	buffer_free(&m);
		1236	}
		1237
		1238	/* LOGOUT FIX
		1239	Only the priviledged process can update the logout recording files.
		1240	Send the pid of the shell process, and the session tty name
		1241	to the priviledged process.
		1242	*/
		1243	void mm_record_logout(pid_t pid, const char tty, const char pwname)
		1244	{
		1245	Buffer m;
		1246	buffer_init(&m);
		1247	buffer_append(&m, (void *)&pid, sizeof(pid_t));
		1248	buffer_append(&m, tty, TTYSZ);
		1249	buffer_put_string(&m, pwname, strlen(pwname));
		1250	debug("Writing pid %d tty %s to priviledged process ",
		1251	pid, tty);
		1252	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_LOGOUT, &m);
		1253	buffer_free(&m);
		1254	}
		1255
		1256