- dtucker@cvs.openbsd.org 2004/07/17 05:31:41

[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c] Move "Last logged in at.." message generation to the monitor, right before recording the new login. Fixes missing lastlog message when /var/log/lastlog is not world-readable and incorrect datestamp when multiple sessions are used (bz #463); much assistance & ok markus@
author: Darren Tucker <dtucker@zip.com.au> 2004-07-17 17:05:14 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2004-07-17 17:05:14 +1000
commit: 0999174755bbc5b50d65bfa95e0b322ffd12337c (patch)
tree: a0153a329222f784d98f8554ecd8d1d98bce23bd
parent: 3ca45082017f0fcaf01b0bf781ae33cf1cc57e27 (diff)
7 files changed, 89 insertions, 42 deletions
diff --git a/ChangeLog b/ChangeLog
index a70a1fac1..8255b3e59 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,12 @@
     Fix incorrect macro, .I -> .Em
     From: Eric S. Raymond <esr at thyrsus dot com>
     ok jmc@
+   - dtucker@cvs.openbsd.org 2004/07/17 05:31:41
+     [monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
+     Move "Last logged in at.." message generation to the monitor, right
+     before recording the new login.  Fixes missing lastlog message when
+     /var/log/lastlog is not world-readable and incorrect datestamp when
+     multiple sessions are used (bz #463);  much assistance & ok markus@
 20040711
 - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows
@@ -1521,4 +1527,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3476 2004/07/17 06:13:15 dtucker Exp $
+$Id: ChangeLog,v 1.3477 2004/07/17 07:05:14 dtucker Exp $
diff --git a/monitor.c b/monitor.c
index 3f468dfff..b7463400e 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.60 2004/06/22 05:05:45 dtucker Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.61 2004/07/17 05:31:41 dtucker Exp $");
 #include <openssl/dh.h>
@@ -79,6 +79,7 @@ extern u_char session_id[];
 extern Buffer input, output;
 extern Buffer auth_debug;
 extern int auth_debug_init;
+extern Buffer loginmsg;
 /* State exported from the child */
@@ -1230,10 +1231,6 @@ mm_answer_pty(int sock, Buffer *m)
        buffer_put_int(m, 1);
        buffer_put_cstring(m, s->tty);
-        mm_request_send(sock, MONITOR_ANS_PTY, m);
-        mm_send_fd(sock, s->ptyfd);
-        mm_send_fd(sock, s->ttyfd);
        /* We need to trick ttyslot */
        if (dup2(s->ttyfd, 0) == -1)
@@ -1244,6 +1241,15 @@ mm_answer_pty(int sock, Buffer *m)
        /* Now we can close the file descriptor again */
        close(0);
+        /* send messages generated by record_login */
+        buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
+        buffer_clear(&loginmsg);
+        mm_request_send(sock, MONITOR_ANS_PTY, m);
+        mm_send_fd(sock, s->ptyfd);
+        mm_send_fd(sock, s->ttyfd);
        /* make sure nothing uses fd 0 */
        if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0)
                fatal("%s: open(/dev/null): %s", __func__, strerror(errno));
diff --git a/monitor_wrap.c b/monitor_wrap.c
index f6bc34ec8..0d7a0e3bd 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -25,7 +25,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.38 2004/07/03 11:02:25 dtucker Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.39 2004/07/17 05:31:41 dtucker Exp $");
 #include <openssl/bn.h>
 #include <openssl/dh.h>
@@ -70,6 +70,7 @@ extern z_stream incoming_stream;
 extern z_stream outgoing_stream;
 extern struct monitor *pmonitor;
 extern Buffer input, output;
+extern Buffer loginmsg;
 extern ServerOptions options;
 int
@@ -642,7 +643,7 @@ int
 mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
 {
        Buffer m;
-        char *p;
+        char *p, *msg;
        int success = 0;
        buffer_init(&m);
@@ -658,11 +659,15 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
                return (0);
        }
        p = buffer_get_string(&m, NULL);
+        msg = buffer_get_string(&m, NULL);
        buffer_free(&m);
        strlcpy(namebuf, p, namebuflen); /* Possible truncation */
        xfree(p);
+        buffer_append(&loginmsg, msg, strlen(msg));
+        xfree(msg);
        *ptyfd = mm_receive_fd(pmonitor->m_recvfd);
        *ttyfd = mm_receive_fd(pmonitor->m_recvfd);
diff --git a/session.c b/session.c
index 7c8fe5faf..99b84394e 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.178 2004/07/11 17:48:47 deraadt Exp $");
+RCSID("$OpenBSD: session.c,v 1.179 2004/07/17 05:31:41 dtucker Exp $");
 #include "ssh.h"
 #include "ssh1.h"
@@ -196,12 +196,11 @@ auth_input_request_forwarding(struct passwd * pw)
 static void
 display_loginmsg(void)
 {
-        if (buffer_len(&loginmsg) > 0) {
+        if (buffer_len(&loginmsg) > 0) {
-                buffer_append(&loginmsg, "\0", 1);
+                buffer_append(&loginmsg, "\0", 1);
-                printf("%s\n", (char *)buffer_ptr(&loginmsg));
+                printf("%s", (char *)buffer_ptr(&loginmsg));
-                buffer_clear(&loginmsg);
+                buffer_clear(&loginmsg);
-        }
+        }
-        fflush(stdout);
 }
 void
@@ -676,14 +675,19 @@ do_exec(Session *s, const char *command)
                do_exec_no_pty(s, command);
        original_command = NULL;
-}
+        /*
+         * Clear loginmsg: it's the child's responsibility to display
+         * it to the user, otherwise multiple sessions may accumulate
+         * multiple copies of the login messages.
+         */
+        buffer_clear(&loginmsg);
+}
 /* administrative, login(1)-like work */
 void
 do_login(Session *s, const char *command)
 {
-        char *time_string;
        socklen_t fromlen;
        struct sockaddr_storage from;
        struct passwd * pw = s->pw;
@@ -728,19 +732,6 @@ do_login(Session *s, const char *command)
        display_loginmsg();
-#ifndef NO_SSH_LASTLOG
-        if (options.print_lastlog && s->last_login_time != 0) {
-                time_string = ctime(&s->last_login_time);
-                if (strchr(time_string, '\n'))
-                        *strchr(time_string, '\n') = 0;
-                if (strcmp(s->hostname, "") == 0)
-                        printf("Last login: %s\r\n", time_string);
-                else
-                        printf("Last login: %s from %s\r\n", time_string,
-                            s->hostname);
-        }
-#endif /* NO_SSH_LASTLOG */
        do_motd();
 }
@@ -1318,6 +1309,7 @@ do_setusercontext(struct passwd *pw)
 static void
 do_pwchange(Session *s)
 {
+        fflush(NULL);
        fprintf(stderr, "WARNING: Your password has expired.\n");
        if (s->ttyfd != -1) {
                fprintf(stderr,
@@ -1703,12 +1695,6 @@ session_pty_req(Session *s)
                packet_disconnect("Protocol error: you already have a pty.");
                return 0;
        }
-        /* Get the time and hostname when the user last logged in. */
-        if (options.print_lastlog) {
-                s->hostname[0] = '\0';
-                s->last_login_time = get_last_login_time(s->pw->pw_uid,
-                    s->pw->pw_name, s->hostname, sizeof(s->hostname));
-        }
        s->term = packet_get_string(&len);
diff --git a/session.h b/session.h
index e52506652..48be5070c 100644
--- a/session.h
+++ b/session.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: session.h,v 1.22 2004/04/27 09:46:37 djm Exp $        */
+/*      $OpenBSD: session.h,v 1.23 2004/07/17 05:31:41 dtucker Exp $    */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -39,9 +39,6 @@ struct Session {
        int     ptyfd, ttyfd, ptymaster;
        u_int   row, col, xpixel, ypixel;
        char    tty[TTYSZ];
-        /* last login */
-        char    hostname[MAXHOSTNAMELEN];
-        time_t  last_login_time;
        /* X11 */
        u_int   display_number;
        char    *display;
diff --git a/sshd.c b/sshd.c
index ac62cb506..a9e7ccb31 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.298 2004/07/11 17:48:47 deraadt Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.299 2004/07/17 05:31:41 dtucker Exp $");
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -216,6 +216,9 @@ Buffer loginmsg;
 /* global authentication context */
 Authctxt *the_authctxt = NULL;
+/* message to be displayed after login */
+Buffer loginmsg;
 /* Prototypes for various functions defined later in this file. */
 void destroy_sensitive_data(void);
 void demote_sensitive_data(void);
@@ -1680,6 +1683,9 @@ main(int ac, char **av)
                if (privsep_preauth(authctxt) == 1)
                        goto authenticated;
+        /* prepare buffer to collect messages to display to user after login */
+        buffer_init(&loginmsg);
        /* perform the key exchange */
        /* authenticate user and start session */
        if (compat20) {
diff --git a/sshlogin.c b/sshlogin.c
index 75446f9eb..41817ec96 100644
--- a/sshlogin.c
+++ b/sshlogin.c
@@ -39,9 +39,15 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshlogin.c,v 1.9 2004/07/03 05:11:33 dtucker Exp $");
+RCSID("$OpenBSD: sshlogin.c,v 1.10 2004/07/17 05:31:41 dtucker Exp $");
 #include "loginrec.h"
+#include "log.h"
+#include "buffer.h"
+#include "servconf.h"
+extern Buffer loginmsg;
+extern ServerOptions options;
 /*
 * Returns the time when the user last logged in.  Returns 0 if the
@@ -60,6 +66,38 @@ get_last_login_time(uid_t uid, const char *logname,
 }
 /*
+ * Generate and store last login message.  This must be done before
+ * login_login() is called and lastlog is updated.
+ */
+void
+store_lastlog_message(const char *user, uid_t uid)
+{
+        char *time_string, hostname[MAXHOSTNAMELEN] = "", buf[512];
+        time_t last_login_time;
+#ifndef NO_SSH_LASTLOG
+        if (!options.print_lastlog)
+                return;
+        last_login_time = get_last_login_time(uid, user, hostname,
+            sizeof(hostname));
+        if (last_login_time != 0) {
+                time_string = ctime(&last_login_time);
+                if (strchr(time_string, '\n'))
+                    *strchr(time_string, '\n') = '\0';
+                if (strcmp(hostname, "") == 0)
+                        snprintf(buf, sizeof(buf), "Last login: %s\r\n",
+                            time_string);
+                else
+                        snprintf(buf, sizeof(buf), "Last login: %s from %s\r\n",
+                            time_string, hostname);
+                buffer_append(&loginmsg, buf, strlen(buf));
+        }
+#endif /* NO_SSH_LASTLOG */
+}
+/*
 * Records that the user has logged in.  I wish these parts of operating
 * systems were more standardized.
 */
@@ -69,6 +107,9 @@ record_login(pid_t pid, const char *tty, const char *user, uid_t uid,
 {
        struct logininfo *li;
+        /* save previous login details before writing new */
+        store_lastlog_message(user, uid);
        li = login_alloc_entry(pid, user, host, tty);
        login_set_addr(li, addr, addrlen);
        login_login(li);
author	Darren Tucker <dtucker@zip.com.au>	2004-07-17 17:05:14 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2004-07-17 17:05:14 +1000
commit	0999174755bbc5b50d65bfa95e0b322ffd12337c (patch)
tree	a0153a329222f784d98f8554ecd8d1d98bce23bd
parent	3ca45082017f0fcaf01b0bf781ae33cf1cc57e27 (diff)