- dtucker@cvs.openbsd.org 2004/07/17 05:31:41
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
Move "Last logged in at.." message generation to the monitor, right
before recording the new login. Fixes missing lastlog message when
/var/log/lastlog is not world-readable and incorrect datestamp when
multiple sessions are used (bz #463); much assistance & ok markus@
diff --git a/ChangeLog b/ChangeLog
index a70a1fa..8255b3e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,12 @@
Fix incorrect macro, .I -> .Em
From: Eric S. Raymond <esr at thyrsus dot com>
ok jmc@
+ - dtucker@cvs.openbsd.org 2004/07/17 05:31:41
+ [monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
+ Move "Last logged in at.." message generation to the monitor, right
+ before recording the new login. Fixes missing lastlog message when
+ /var/log/lastlog is not world-readable and incorrect datestamp when
+ multiple sessions are used (bz #463); much assistance & ok markus@
20040711
- (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows
@@ -1521,4 +1527,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3476 2004/07/17 06:13:15 dtucker Exp $
+$Id: ChangeLog,v 1.3477 2004/07/17 07:05:14 dtucker Exp $
diff --git a/monitor.c b/monitor.c
index 3f468df..b746340 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.60 2004/06/22 05:05:45 dtucker Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.61 2004/07/17 05:31:41 dtucker Exp $");
#include <openssl/dh.h>
@@ -79,6 +79,7 @@
extern Buffer input, output;
extern Buffer auth_debug;
extern int auth_debug_init;
+extern Buffer loginmsg;
/* State exported from the child */
@@ -1230,10 +1231,6 @@
buffer_put_int(m, 1);
buffer_put_cstring(m, s->tty);
- mm_request_send(sock, MONITOR_ANS_PTY, m);
-
- mm_send_fd(sock, s->ptyfd);
- mm_send_fd(sock, s->ttyfd);
/* We need to trick ttyslot */
if (dup2(s->ttyfd, 0) == -1)
@@ -1244,6 +1241,15 @@
/* Now we can close the file descriptor again */
close(0);
+ /* send messages generated by record_login */
+ buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
+ buffer_clear(&loginmsg);
+
+ mm_request_send(sock, MONITOR_ANS_PTY, m);
+
+ mm_send_fd(sock, s->ptyfd);
+ mm_send_fd(sock, s->ttyfd);
+
/* make sure nothing uses fd 0 */
if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0)
fatal("%s: open(/dev/null): %s", __func__, strerror(errno));
diff --git a/monitor_wrap.c b/monitor_wrap.c
index f6bc34e..0d7a0e3 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -25,7 +25,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.38 2004/07/03 11:02:25 dtucker Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.39 2004/07/17 05:31:41 dtucker Exp $");
#include <openssl/bn.h>
#include <openssl/dh.h>
@@ -70,6 +70,7 @@
extern z_stream outgoing_stream;
extern struct monitor *pmonitor;
extern Buffer input, output;
+extern Buffer loginmsg;
extern ServerOptions options;
int
@@ -642,7 +643,7 @@
mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
{
Buffer m;
- char *p;
+ char *p, *msg;
int success = 0;
buffer_init(&m);
@@ -658,11 +659,15 @@
return (0);
}
p = buffer_get_string(&m, NULL);
+ msg = buffer_get_string(&m, NULL);
buffer_free(&m);
strlcpy(namebuf, p, namebuflen); /* Possible truncation */
xfree(p);
+ buffer_append(&loginmsg, msg, strlen(msg));
+ xfree(msg);
+
*ptyfd = mm_receive_fd(pmonitor->m_recvfd);
*ttyfd = mm_receive_fd(pmonitor->m_recvfd);
diff --git a/session.c b/session.c
index 7c8fe5f..99b8439 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.178 2004/07/11 17:48:47 deraadt Exp $");
+RCSID("$OpenBSD: session.c,v 1.179 2004/07/17 05:31:41 dtucker Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -196,12 +196,11 @@
static void
display_loginmsg(void)
{
- if (buffer_len(&loginmsg) > 0) {
- buffer_append(&loginmsg, "\0", 1);
- printf("%s\n", (char *)buffer_ptr(&loginmsg));
- buffer_clear(&loginmsg);
- }
- fflush(stdout);
+ if (buffer_len(&loginmsg) > 0) {
+ buffer_append(&loginmsg, "\0", 1);
+ printf("%s", (char *)buffer_ptr(&loginmsg));
+ buffer_clear(&loginmsg);
+ }
}
void
@@ -676,14 +675,19 @@
do_exec_no_pty(s, command);
original_command = NULL;
-}
+ /*
+ * Clear loginmsg: it's the child's responsibility to display
+ * it to the user, otherwise multiple sessions may accumulate
+ * multiple copies of the login messages.
+ */
+ buffer_clear(&loginmsg);
+}
/* administrative, login(1)-like work */
void
do_login(Session *s, const char *command)
{
- char *time_string;
socklen_t fromlen;
struct sockaddr_storage from;
struct passwd * pw = s->pw;
@@ -728,19 +732,6 @@
display_loginmsg();
-#ifndef NO_SSH_LASTLOG
- if (options.print_lastlog && s->last_login_time != 0) {
- time_string = ctime(&s->last_login_time);
- if (strchr(time_string, '\n'))
- *strchr(time_string, '\n') = 0;
- if (strcmp(s->hostname, "") == 0)
- printf("Last login: %s\r\n", time_string);
- else
- printf("Last login: %s from %s\r\n", time_string,
- s->hostname);
- }
-#endif /* NO_SSH_LASTLOG */
-
do_motd();
}
@@ -1318,6 +1309,7 @@
static void
do_pwchange(Session *s)
{
+ fflush(NULL);
fprintf(stderr, "WARNING: Your password has expired.\n");
if (s->ttyfd != -1) {
fprintf(stderr,
@@ -1703,12 +1695,6 @@
packet_disconnect("Protocol error: you already have a pty.");
return 0;
}
- /* Get the time and hostname when the user last logged in. */
- if (options.print_lastlog) {
- s->hostname[0] = '\0';
- s->last_login_time = get_last_login_time(s->pw->pw_uid,
- s->pw->pw_name, s->hostname, sizeof(s->hostname));
- }
s->term = packet_get_string(&len);
diff --git a/session.h b/session.h
index e525066..48be507 100644
--- a/session.h
+++ b/session.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.h,v 1.22 2004/04/27 09:46:37 djm Exp $ */
+/* $OpenBSD: session.h,v 1.23 2004/07/17 05:31:41 dtucker Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -39,9 +39,6 @@
int ptyfd, ttyfd, ptymaster;
u_int row, col, xpixel, ypixel;
char tty[TTYSZ];
- /* last login */
- char hostname[MAXHOSTNAMELEN];
- time_t last_login_time;
/* X11 */
u_int display_number;
char *display;
diff --git a/sshd.c b/sshd.c
index ac62cb5..a9e7ccb 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.298 2004/07/11 17:48:47 deraadt Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.299 2004/07/17 05:31:41 dtucker Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
@@ -216,6 +216,9 @@
/* global authentication context */
Authctxt *the_authctxt = NULL;
+/* message to be displayed after login */
+Buffer loginmsg;
+
/* Prototypes for various functions defined later in this file. */
void destroy_sensitive_data(void);
void demote_sensitive_data(void);
@@ -1680,6 +1683,9 @@
if (privsep_preauth(authctxt) == 1)
goto authenticated;
+ /* prepare buffer to collect messages to display to user after login */
+ buffer_init(&loginmsg);
+
/* perform the key exchange */
/* authenticate user and start session */
if (compat20) {
diff --git a/sshlogin.c b/sshlogin.c
index 75446f9..41817ec 100644
--- a/sshlogin.c
+++ b/sshlogin.c
@@ -39,9 +39,15 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshlogin.c,v 1.9 2004/07/03 05:11:33 dtucker Exp $");
+RCSID("$OpenBSD: sshlogin.c,v 1.10 2004/07/17 05:31:41 dtucker Exp $");
#include "loginrec.h"
+#include "log.h"
+#include "buffer.h"
+#include "servconf.h"
+
+extern Buffer loginmsg;
+extern ServerOptions options;
/*
* Returns the time when the user last logged in. Returns 0 if the
@@ -60,6 +66,38 @@
}
/*
+ * Generate and store last login message. This must be done before
+ * login_login() is called and lastlog is updated.
+ */
+void
+store_lastlog_message(const char *user, uid_t uid)
+{
+ char *time_string, hostname[MAXHOSTNAMELEN] = "", buf[512];
+ time_t last_login_time;
+
+#ifndef NO_SSH_LASTLOG
+ if (!options.print_lastlog)
+ return;
+
+ last_login_time = get_last_login_time(uid, user, hostname,
+ sizeof(hostname));
+
+ if (last_login_time != 0) {
+ time_string = ctime(&last_login_time);
+ if (strchr(time_string, '\n'))
+ *strchr(time_string, '\n') = '\0';
+ if (strcmp(hostname, "") == 0)
+ snprintf(buf, sizeof(buf), "Last login: %s\r\n",
+ time_string);
+ else
+ snprintf(buf, sizeof(buf), "Last login: %s from %s\r\n",
+ time_string, hostname);
+ buffer_append(&loginmsg, buf, strlen(buf));
+ }
+#endif /* NO_SSH_LASTLOG */
+}
+
+/*
* Records that the user has logged in. I wish these parts of operating
* systems were more standardized.
*/
@@ -69,6 +107,9 @@
{
struct logininfo *li;
+ /* save previous login details before writing new */
+ store_lastlog_message(user, uid);
+
li = login_alloc_entry(pid, user, host, tty);
login_set_addr(li, addr, addrlen);
login_login(li);