- Import of patch from Ben Taylor <bent@clark.net>:

- Improved PAM support - "uninstall" rule for Makefile - utmpx support - Should fix PAM problems on Solaris
author: Damien Miller <djm@mindrot.org> 1999-12-09 10:16:54 +1100
committer: Damien Miller <djm@mindrot.org> 1999-12-09 10:16:54 +1100
commit: bf1c9b2012fadab02392126bece5d21e9ddffda6 (patch)
tree: 371e5f27669fa28773e2b2bb008a81a03715cf2e
parent: fce1648681a20b99f569d4bfd9335bc4a956b119 (diff)
8 files changed, 157 insertions, 51 deletions
diff --git a/ChangeLog b/ChangeLog
index 1b4809505..39304e24d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+19991209
+ - Import of patch from Ben Taylor <bent@clark.net>:
+   - Improved PAM support
+   - "uninstall" rule for Makefile
+   - utmpx support
+   - Should fix PAM problems on Solaris
 19991208
 - Compile fix for Solaris with /dev/ptmx from 
   David Agraz <dagraz@jahoopa.com>
diff --git a/Makefile.in b/Makefile.in
index 80b0a6d42..232f8e024 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -103,6 +103,36 @@ install: all
                $(INSTALL) -m644 sshd_config $(sysconfdir)/sshd_config; \
        fi
+uninstallall:   uninstall
+        -rm -f $(sysconfdir)/ssh_config
+        -rm -f $(sysconfdir)/sshd_config
+        -rmdir $(sysconfdir)
+        -rmdir $(bindir)
+        -rmdir $(sbindir)
+        -rmdir $(mandir)/man1
+        -rmdir $(mandir)/man8
+        -rmdir $(mandir)
+        -rmdir $(libexecdir)
+uninstall: 
+        -rm -f $(bindir)/ssh
+        -rm -f $(bindir)/scp
+        -rm -f $(bindir)/ssh-add
+        -rm -f $(bindir)/ssh-agent
+        -rm -f $(bindir)/ssh-keygen
+        -rm -f $(sbindir)/sshd
+        -rm -f $(mandir)/man1/ssh.1
+        -rm -f $(mandir)/man1/scp.1
+        -rm -f $(mandir)/man1/ssh-add.1
+        -rm -f $(mandir)/man1/ssh-agent.1
+        -rm -f $(mandir)/man1/ssh-keygen.1
+        -rm -f $(mandir)/man8/sshd.8
+        -rm -f $(bindir)/slogin
+        -rm -f $(mandir)/man1/slogin.1
+        -rm -f $(mandir)/man1/slogin.1
+        -rm -f ${ASKPASS_PROGRAM}
+        -rmdir $(libexecdir)/ssh ;
 distclean: clean
        rm -f Makefile config.h core *~
diff --git a/acconfig.h b/acconfig.h
index 29ec07821..811c00d47 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -24,6 +24,9 @@
 /* Define is utmp.h has a ut_host field */
 #undef HAVE_HOST_IN_UTMP
+/* Define is utmpx.h has a ut_host field */
+#undef HAVE_HOST_IN_UTMPX
 /* Define is libutil has login() function */
 #undef HAVE_LIBUTIL_LOGIN
@@ -85,6 +88,10 @@
 # include <utmp.h> /* For _PATH_XXX */
 #endif 
+#ifdef HAVE_UTMPX_H
+# include <utmpx.h> /* For _PATH_XXX */
+#endif 
 #ifdef HAVE_SYS_TIME_H
 # include <sys/time.h> /* For timersub */
 #endif
@@ -96,13 +103,13 @@
 #ifndef SHUT_RDWR
 enum
 {
-  SHUT_RD = 0,    /* No more receptions.  */
+  SHUT_RD = 0,          /* No more receptions.  */
-#define SHUT_RD   SHUT_RD
+  SHUT_WR,                      /* No more transmissions.  */
-  SHUT_WR,    /* No more transmissions.  */
+  SHUT_RDWR                     /* No more receptions or transmissions.  */
-#define SHUT_WR   SHUT_WR
-  SHUT_RDWR   /* No more receptions or transmissions.  */
-#define SHUT_RDWR SHUT_RDWR
 };
+# define SHUT_RD   SHUT_RD
+# define SHUT_WR   SHUT_WR
+# define SHUT_RDWR SHUT_RDWR
 #endif
 /* If sys/types.h does not supply intXX_t, supply them ourselves */
@@ -164,25 +171,44 @@ enum
 # define quad_t int64_t
 #endif
+/* If _PATH_LASTLOG is not defined by system headers, set it to the */
+/* lastlog file detected by autoconf */
 #ifndef _PATH_LASTLOG
 # ifdef LASTLOG_LOCATION
 #  define _PATH_LASTLOG LASTLOG_LOCATION
 # endif
 #endif
+/* Use utmpx if supported */
+#ifdef HAVE_UTMPX_H
+# define UTMP_STR utmpx
+#else 
+# ifdef HAVE_UTMP_H
+#  define UTMP_STR utmp
+# endif
+#endif
 #ifndef _PATH_UTMP
-# ifdef UTMP_FILE
+# ifdef UTMPX_FILE
-#  define _PATH_UTMP UTMP_FILE
+#  define _PATH_UTMP UTMPX_FILE
 # else
-#  define _PATH_UTMP "/var/adm/utmp"
+#  ifdef UTMP_FILE
+#   define _PATH_UTMP UTMP_FILE
+#  else
+#   define _PATH_UTMP "/var/adm/utmp"
+#  endif
 # endif
 #endif
 #ifndef _PATH_WTMP
-# ifdef WTMP_FILE
+# ifdef WTMPX_FILE
-#  define _PATH_WTMP WTMP_FILE
+#  define _PATH_WTMP WTMPX_FILE
 # else
-#  define _PATH_WTMP "/var/adm/wtmp"
+#  ifdef WTMP_FILE
+#   define _PATH_WTMP WTMP_FILE
+#  else
+#   define _PATH_WTMP "/var/adm/wtmp"
+#  endif
 # endif
 #endif
@@ -219,9 +245,9 @@ enum
         (result)->tv_usec += 1000000;                        \
      }                                                       \
   } while (0)
 #endif
+/* In older versions of libpam, pam_strerror takes a single argument */
 #ifdef HAVE_OLD_PAM
 # define PAM_STRERROR(a,b) pam_strerror((b))
 #else
@@ -231,3 +257,4 @@ enum
 #ifndef __P
 # define __P(x) x
 #endif
diff --git a/bsd-login.c b/bsd-login.c
index dcbabe0bf..9c1206547 100644
--- a/bsd-login.c
+++ b/bsd-login.c
@@ -45,47 +45,59 @@ static char *rcsid = "$OpenBSD: login.c,v 1.5 1998/07/13 02:11:12 millert Exp $"
 #include <fcntl.h>
 #include <unistd.h>
 #include <stdlib.h>
-#include <utmp.h>
+#ifdef HAVE_UTMPX_H
+# include <utmpx.h>
+#endif
+#ifdef HAVE_UTMP_H
+# include <utmp.h>
+#endif
 #include <stdio.h>
 void
 login(utp)
-        struct utmp *utp;
+        struct UTMP_STR *utp;
 {
-        struct utmp old_ut;
+        struct UTMP_STR old_ut;
        register int fd;
        int tty;
 #ifndef UT_LINESIZE
 # define UT_LINESIZE (sizeof(old_ut.ut_line))
-# define UT_NAMESIZE (sizeof(old_ut.ut_name))
+# ifdef HAVE_UTMPX_H
+#  define UT_NAMESIZE (sizeof(old_ut.ut_user))
+# else
+#  define UT_NAMESIZE (sizeof(old_ut.ut_name))
+# endif
 # ifdef HAVE_HOST_IN_UTMP
 #  define UT_HOSTSIZE (sizeof(old_ut.ut_host))
 # endif
+# ifdef HAVE_HOST_IN_UTMPX
+#  define UT_HOSTSIZE (sizeof(old_ut.ut_host))
+# endif
 #endif
        tty = ttyslot();
        if (tty > 0 && (fd = open(_PATH_UTMP, O_RDWR|O_CREAT, 0644)) >= 0) {
-#ifdef HAVE_HOST_IN_UTMP
+#ifdef HAVE_HOST_IN_UTMP || HAVE_HOST_IN_UTMPX
-                (void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
+                (void)lseek(fd, (off_t)(tty * sizeof(struct UTMP_STR)), SEEK_SET);
                /*
                 * Prevent luser from zero'ing out ut_host.
                 * If the new ut_line is empty but the old one is not
                 * and ut_line and ut_name match, preserve the old ut_line.
                 */
-                if (read(fd, &old_ut, sizeof(struct utmp)) ==
+                if (read(fd, &old_ut, sizeof(struct UTMP_STR)) ==
-                    sizeof(struct utmp) && utp->ut_host[0] == '\0' &&
+                    sizeof(struct UTMP_STR) && utp->ut_host[0] == '\0' &&
                    old_ut.ut_host[0] != '\0' &&
                    strncmp(old_ut.ut_line, utp->ut_line, UT_LINESIZE) == 0 &&
                    strncmp(old_ut.ut_name, utp->ut_name, UT_NAMESIZE) == 0)
                        (void)memcpy(utp->ut_host, old_ut.ut_host, UT_HOSTSIZE);
-#endif /* HAVE_HOST_IN_UTMP */
+#endif /* HAVE_HOST_IN_UTMP || HAVE_HOST_IN_UTMPX */
-                (void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
+                (void)lseek(fd, (off_t)(tty * sizeof(struct UTMP_STR)), SEEK_SET);
-                (void)write(fd, utp, sizeof(struct utmp));
+                (void)write(fd, utp, sizeof(struct UTMP_STR));
                (void)close(fd);
        }
        if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
-                (void)write(fd, utp, sizeof(struct utmp));
+                (void)write(fd, utp, sizeof(struct UTMP_STR));
                (void)close(fd);
        }
 }
diff --git a/configure.in b/configure.in
index f1027ef42..e0395528d 100644
--- a/configure.in
+++ b/configure.in
@@ -56,7 +56,7 @@ AC_CHECK_LIB(dl, dlopen, , )
 AC_CHECK_LIB(pam, pam_authenticate, , )
 dnl Checks for header files.
-AC_CHECK_HEADERS(endian.h lastlog.h login.h maillock.h netgroup.h paths.h pty.h shadow.h util.h utmp.h sys/select.h sys/stropts.h sys/time.h)
+AC_CHECK_HEADERS(endian.h lastlog.h login.h maillock.h netgroup.h paths.h pty.h shadow.h util.h utmp.h utmpx.h sys/select.h sys/stropts.h sys/time.h)
 dnl Checks for library functions.
 AC_CHECK_FUNCS(arc4random mkdtemp openpty _getpty setenv setlogin setproctitle snprintf strlcat strlcpy vsnprintf)
@@ -198,6 +198,13 @@ AC_EGREP_HEADER(ut_host, utmp.h,
        [AC_MSG_RESULT(no)]
 )
+dnl Check for ut_host field in utmpx
+AC_MSG_CHECKING([whether utmpx.h has ut_host field])
+AC_EGREP_HEADER(ut_host, utmpx.h, 
+        [AC_DEFINE(HAVE_HOST_IN_UTMPX) AC_MSG_RESULT(yes); ], 
+        [AC_MSG_RESULT(no)]
+)
 dnl Look for lastlog location
 AC_MSG_CHECKING([location of lastlog file])
 for lastlog in /var/log/lastlog /var/adm/lastlog /etc/security/lastlog ; do
diff --git a/login.c b/login.c
index 81bae8205..ff4184572 100644
--- a/login.c
+++ b/login.c
@@ -18,9 +18,14 @@
 */
 #include "includes.h"
-RCSID("$Id: login.c,v 1.5 1999/11/25 02:08:31 damien Exp $");
+RCSID("$Id: login.c,v 1.6 1999/12/08 23:16:55 damien Exp $");
-#include <utmp.h>
+#ifdef HAVE_UTMPX_H
+# include <utmpx.h>
+#endif
+#ifdef HAVE_UTMP_H
+# include <utmp.h>
+#endif
 #include "ssh.h"
 #ifdef HAVE_UTIL_H
@@ -83,15 +88,20 @@ record_login(int pid, const char *ttyname, const char *user, uid_t uid,
        int fd;
        struct lastlog ll;
        char *lastlog;
-        struct utmp u;
+        struct UTMP_STR u;
        const char *utmp, *wtmp;
        /* Construct an utmp/wtmp entry. */
        memset(&u, 0, sizeof(u));
        strncpy(u.ut_line, ttyname + 5, sizeof(u.ut_line));
+#ifdef HAVE_UTMPX_H
+        u.ut_tv.tv_sec = time(NULL);
+        strncpy(u.ut_user, user, sizeof(u.ut_name));
+#else
        u.ut_time = time(NULL);
        strncpy(u.ut_name, user, sizeof(u.ut_name));
-#ifdef HAVE_HOST_IN_UTMP
+#endif
+#if defined(HAVE_HOST_IN_UTMP) || defined(HAVE_HOST_IN_UTMPX)
        strncpy(u.ut_host, host, sizeof(u.ut_host));
 #endif
diff --git a/pty.c b/pty.c
index acd81c9ba..c6c7363b2 100644
--- a/pty.c
+++ b/pty.c
@@ -14,11 +14,15 @@
 */
 #include "includes.h"
-RCSID("$Id: pty.c,v 1.7 1999/12/07 21:53:52 damien Exp $");
+RCSID("$Id: pty.c,v 1.8 1999/12/08 23:16:55 damien Exp $");
 #include "pty.h"
 #include "ssh.h"
+#ifdef HAVE_DEV_PTMX
+#include <sys/stropts.h>
+#endif /* HAVE_DEV_PTMX */
 /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
 #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
 #undef HAVE_DEV_PTMX
diff --git a/sshd.c b/sshd.c
index 0c15e2837..2ff8f45b4 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,7 @@
 */
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.35 1999/12/07 04:38:32 damien Exp $");
+RCSID("$Id: sshd.c,v 1.36 1999/12/08 23:16:55 damien Exp $");
 #include "xmalloc.h"
 #include "rsa.h"
@@ -138,7 +138,8 @@ void do_child(const char *command, struct passwd * pw, const char *term,
 #ifdef HAVE_LIBPAM
 static int pamconv(int num_msg, const struct pam_message **msg,
          struct pam_response **resp, void *appdata_ptr);
-void do_pam_account_and_session(char *username, char *remote_user);
+void do_pam_account(char *username, char *remote_user);
+void do_pam_session(char *username, char *ttyname);
 void pam_cleanup_proc(void *context);
 static struct pam_conv conv = {
@@ -228,7 +229,7 @@ void pam_cleanup_proc(void *context)
        }
 }
-void do_pam_account_and_session(char *username, char *remote_user)
+void do_pam_account(char *username, char *remote_user)
 {
        int pam_retval;
@@ -254,12 +255,22 @@ void do_pam_account_and_session(char *username, char *remote_user)
                log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
                do_fake_authloop(username);
        }
+}
-        pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
+void do_pam_session(char *username, char *ttyname)
-        if (pam_retval != PAM_SUCCESS) {
+{
-                log("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+        int pam_retval;
-                do_fake_authloop(username);
+        if (ttyname != NULL) {
+                debug("PAM setting tty to \"%.200s\"", ttyname);
+                pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, ttyname);
+                if (pam_retval != PAM_SUCCESS)
+                        fatal("PAM set tty failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
        }
+        pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
+        if (pam_retval != PAM_SUCCESS)
+                fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 }
 #endif /* HAVE_LIBPAM */
@@ -1476,12 +1487,16 @@ do_authloop(struct passwd * pw)
                        pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
                        if (pam_retval == PAM_SUCCESS) {
                                log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name);
+                                memset(password, 0, strlen(password));
+                                xfree(password);
                                authenticated = 1;
                                break;
                        }
                        log("PAM Password authentication for \"%.100s\" failed: %s", 
                                pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+                        memset(password, 0, strlen(password));
+                        xfree(password);
                        break;
 #else /* HAVE_LIBPAM */
                        /* Try authentication with the password. */
@@ -1561,30 +1576,18 @@ do_authloop(struct passwd * pw)
                        packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
 #else /* HAVE_LIBPAM */
                if (authenticated) {
-                        do_pam_account_and_session(pw->pw_name, client_user);
+                        do_pam_account(pw->pw_name, client_user);
-                        /* Clean up */
                        if (client_user != NULL)
                                xfree(client_user);
-                        if (password != NULL) {
-                                memset(password, 0, strlen(password));
-                                xfree(password);
-                        }
-                        
                        return;
                }
                if (attempt > AUTH_FAIL_MAX) {
-                        /* Clean up */
                        if (client_user != NULL)
                                xfree(client_user);
-                        if (password != NULL) {
-                                memset(password, 0, strlen(password));
-                                xfree(password);
-                        }
-                        
                        packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
                }
 #endif /* HAVE_LIBPAM */
@@ -1785,6 +1788,12 @@ do_authenticated(struct passwd * pw)
                        /* Indicate that we now have a pty. */
                        have_pty = 1;
+#ifdef HAVE_LIBPAM
+                        /* do the pam_open_session since we have the pty */
+                        do_pam_session(pw->pw_name,ttyname);
+#endif /* HAVE_LIBPAM */
                        break;
                case SSH_CMSG_X11_REQUEST_FORWARDING:
author	Damien Miller <djm@mindrot.org>	1999-12-09 10:16:54 +1100
committer	Damien Miller <djm@mindrot.org>	1999-12-09 10:16:54 +1100
commit	bf1c9b2012fadab02392126bece5d21e9ddffda6 (patch)
tree	371e5f27669fa28773e2b2bb008a81a03715cf2e
parent	fce1648681a20b99f569d4bfd9335bc4a956b119 (diff)

diff --git a/ChangeLog b/ChangeLog index 1b4809505..39304e24d 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,3 +1,10 @@
		1	19991209
		2	- Import of patch from Ben Taylor <bent@clark.net>:
		3	- Improved PAM support
		4	- "uninstall" rule for Makefile
		5	- utmpx support
		6	- Should fix PAM problems on Solaris
		7
1	19991208	8	19991208
2	- Compile fix for Solaris with /dev/ptmx from	9	- Compile fix for Solaris with /dev/ptmx from
3	David Agraz <dagraz@jahoopa.com>	10	David Agraz <dagraz@jahoopa.com>


diff --git a/Makefile.in b/Makefile.in index 80b0a6d42..232f8e024 100644 --- a/Makefile.in +++ b/Makefile.in
@@ -103,6 +103,36 @@ install: all
103	$(INSTALL) -m644 sshd_config $(sysconfdir)/sshd_config; \	103	$(INSTALL) -m644 sshd_config $(sysconfdir)/sshd_config; \
104	fi	104	fi
105		105
		106	uninstallall: uninstall
		107	-rm -f $(sysconfdir)/ssh_config
		108	-rm -f $(sysconfdir)/sshd_config
		109	-rmdir $(sysconfdir)
		110	-rmdir $(bindir)
		111	-rmdir $(sbindir)
		112	-rmdir $(mandir)/man1
		113	-rmdir $(mandir)/man8
		114	-rmdir $(mandir)
		115	-rmdir $(libexecdir)
		116
		117	uninstall:
		118	-rm -f $(bindir)/ssh
		119	-rm -f $(bindir)/scp
		120	-rm -f $(bindir)/ssh-add
		121	-rm -f $(bindir)/ssh-agent
		122	-rm -f $(bindir)/ssh-keygen
		123	-rm -f $(sbindir)/sshd
		124	-rm -f $(mandir)/man1/ssh.1
		125	-rm -f $(mandir)/man1/scp.1
		126	-rm -f $(mandir)/man1/ssh-add.1
		127	-rm -f $(mandir)/man1/ssh-agent.1
		128	-rm -f $(mandir)/man1/ssh-keygen.1
		129	-rm -f $(mandir)/man8/sshd.8
		130	-rm -f $(bindir)/slogin
		131	-rm -f $(mandir)/man1/slogin.1
		132	-rm -f $(mandir)/man1/slogin.1
		133	-rm -f ${ASKPASS_PROGRAM}
		134	-rmdir $(libexecdir)/ssh ;
		135
106	distclean: clean	136	distclean: clean
107	rm -f Makefile config.h core *~	137	rm -f Makefile config.h core *~
108		138


diff --git a/acconfig.h b/acconfig.h index 29ec07821..811c00d47 100644 --- a/acconfig.h +++ b/acconfig.h
@@ -24,6 +24,9 @@
24	/* Define is utmp.h has a ut_host field */	24	/* Define is utmp.h has a ut_host field */
25	#undef HAVE_HOST_IN_UTMP	25	#undef HAVE_HOST_IN_UTMP
26		26
		27	/* Define is utmpx.h has a ut_host field */
		28	#undef HAVE_HOST_IN_UTMPX
		29
27	/* Define is libutil has login() function */	30	/* Define is libutil has login() function */
28	#undef HAVE_LIBUTIL_LOGIN	31	#undef HAVE_LIBUTIL_LOGIN
29		32
@@ -85,6 +88,10 @@
85	# include <utmp.h> /* For _PATH_XXX */	88	# include <utmp.h> /* For _PATH_XXX */
86	#endif	89	#endif
87		90
		91	#ifdef HAVE_UTMPX_H
		92	# include <utmpx.h> /* For _PATH_XXX */
		93	#endif
		94
88	#ifdef HAVE_SYS_TIME_H	95	#ifdef HAVE_SYS_TIME_H
89	# include <sys/time.h> /* For timersub */	96	# include <sys/time.h> /* For timersub */
90	#endif	97	#endif
@@ -96,13 +103,13 @@
96	#ifndef SHUT_RDWR	103	#ifndef SHUT_RDWR
97	enum	104	enum
98	{	105	{
99	SHUT_RD = 0, /* No more receptions. */	106	SHUT_RD = 0, /* No more receptions. */
100	#define SHUT_RD SHUT_RD	107	SHUT_WR, /* No more transmissions. */
101	SHUT_WR, /* No more transmissions. */	108	SHUT_RDWR /* No more receptions or transmissions. */
102	#define SHUT_WR SHUT_WR
103	SHUT_RDWR /* No more receptions or transmissions. */
104	#define SHUT_RDWR SHUT_RDWR
105	};	109	};
		110	# define SHUT_RD SHUT_RD
		111	# define SHUT_WR SHUT_WR
		112	# define SHUT_RDWR SHUT_RDWR
106	#endif	113	#endif
107		114
108	/* If sys/types.h does not supply intXX_t, supply them ourselves */	115	/* If sys/types.h does not supply intXX_t, supply them ourselves */
@@ -164,25 +171,44 @@ enum
164	# define quad_t int64_t	171	# define quad_t int64_t
165	#endif	172	#endif
166		173
		174	/* If _PATH_LASTLOG is not defined by system headers, set it to the */
		175	/* lastlog file detected by autoconf */
167	#ifndef _PATH_LASTLOG	176	#ifndef _PATH_LASTLOG
168	# ifdef LASTLOG_LOCATION	177	# ifdef LASTLOG_LOCATION
169	# define _PATH_LASTLOG LASTLOG_LOCATION	178	# define _PATH_LASTLOG LASTLOG_LOCATION
170	# endif	179	# endif
171	#endif	180	#endif
172		181
		182	/* Use utmpx if supported */
		183	#ifdef HAVE_UTMPX_H
		184	# define UTMP_STR utmpx
		185	#else
		186	# ifdef HAVE_UTMP_H
		187	# define UTMP_STR utmp
		188	# endif
		189	#endif
		190
173	#ifndef _PATH_UTMP	191	#ifndef _PATH_UTMP
174	# ifdef UTMP_FILE	192	# ifdef UTMPX_FILE
175	# define _PATH_UTMP UTMP_FILE	193	# define _PATH_UTMP UTMPX_FILE
176	# else	194	# else
177	# define _PATH_UTMP "/var/adm/utmp"	195	# ifdef UTMP_FILE
		196	# define _PATH_UTMP UTMP_FILE
		197	# else
		198	# define _PATH_UTMP "/var/adm/utmp"
		199	# endif
178	# endif	200	# endif
179	#endif	201	#endif
180		202
181	#ifndef _PATH_WTMP	203	#ifndef _PATH_WTMP
182	# ifdef WTMP_FILE	204	# ifdef WTMPX_FILE
183	# define _PATH_WTMP WTMP_FILE	205	# define _PATH_WTMP WTMPX_FILE
184	# else	206	# else
185	# define _PATH_WTMP "/var/adm/wtmp"	207	# ifdef WTMP_FILE
		208	# define _PATH_WTMP WTMP_FILE
		209	# else
		210	# define _PATH_WTMP "/var/adm/wtmp"
		211	# endif
186	# endif	212	# endif
187	#endif	213	#endif
188		214
@@ -219,9 +245,9 @@ enum
219	(result)->tv_usec += 1000000; \	245	(result)->tv_usec += 1000000; \
220	} \	246	} \
221	} while (0)	247	} while (0)
222
223	#endif	248	#endif
224		249
		250	/* In older versions of libpam, pam_strerror takes a single argument */
225	#ifdef HAVE_OLD_PAM	251	#ifdef HAVE_OLD_PAM
226	# define PAM_STRERROR(a,b) pam_strerror((b))	252	# define PAM_STRERROR(a,b) pam_strerror((b))
227	#else	253	#else
@@ -231,3 +257,4 @@ enum
231	#ifndef __P	257	#ifndef __P
232	# define __P(x) x	258	# define __P(x) x
233	#endif	259	#endif
		260


diff --git a/bsd-login.c b/bsd-login.c index dcbabe0bf..9c1206547 100644 --- a/bsd-login.c +++ b/bsd-login.c
@@ -45,47 +45,59 @@ static char *rcsid = "$OpenBSD: login.c,v 1.5 1998/07/13 02:11:12 millert Exp $"
45	#include <fcntl.h>	45	#include <fcntl.h>
46	#include <unistd.h>	46	#include <unistd.h>
47	#include <stdlib.h>	47	#include <stdlib.h>
48	#include <utmp.h>	48	#ifdef HAVE_UTMPX_H
		49	# include <utmpx.h>
		50	#endif
		51	#ifdef HAVE_UTMP_H
		52	# include <utmp.h>
		53	#endif
49	#include <stdio.h>	54	#include <stdio.h>
50		55
51	void	56	void
52	login(utp)	57	login(utp)
53	struct utmp *utp;	58	struct UTMP_STR *utp;
54	{	59	{
55	struct utmp old_ut;	60	struct UTMP_STR old_ut;
56	register int fd;	61	register int fd;
57	int tty;	62	int tty;
58		63
59	#ifndef UT_LINESIZE	64	#ifndef UT_LINESIZE
60	# define UT_LINESIZE (sizeof(old_ut.ut_line))	65	# define UT_LINESIZE (sizeof(old_ut.ut_line))
61	# define UT_NAMESIZE (sizeof(old_ut.ut_name))	66	# ifdef HAVE_UTMPX_H
		67	# define UT_NAMESIZE (sizeof(old_ut.ut_user))
		68	# else
		69	# define UT_NAMESIZE (sizeof(old_ut.ut_name))
		70	# endif
62	# ifdef HAVE_HOST_IN_UTMP	71	# ifdef HAVE_HOST_IN_UTMP
63	# define UT_HOSTSIZE (sizeof(old_ut.ut_host))	72	# define UT_HOSTSIZE (sizeof(old_ut.ut_host))
64	# endif	73	# endif
		74	# ifdef HAVE_HOST_IN_UTMPX
		75	# define UT_HOSTSIZE (sizeof(old_ut.ut_host))
		76	# endif
65	#endif	77	#endif
66		78
67	tty = ttyslot();	79	tty = ttyslot();
68	if (tty > 0 && (fd = open(_PATH_UTMP, O_RDWR\|O_CREAT, 0644)) >= 0) {	80	if (tty > 0 && (fd = open(_PATH_UTMP, O_RDWR\|O_CREAT, 0644)) >= 0) {
69	#ifdef HAVE_HOST_IN_UTMP	81	#ifdef HAVE_HOST_IN_UTMP \|\| HAVE_HOST_IN_UTMPX
70	(void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);	82	(void)lseek(fd, (off_t)(tty * sizeof(struct UTMP_STR)), SEEK_SET);
71	/*	83	/*
72	* Prevent luser from zero'ing out ut_host.	84	* Prevent luser from zero'ing out ut_host.
73	* If the new ut_line is empty but the old one is not	85	* If the new ut_line is empty but the old one is not
74	* and ut_line and ut_name match, preserve the old ut_line.	86	* and ut_line and ut_name match, preserve the old ut_line.
75	*/	87	*/
76	if (read(fd, &old_ut, sizeof(struct utmp)) ==	88	if (read(fd, &old_ut, sizeof(struct UTMP_STR)) ==
77	sizeof(struct utmp) && utp->ut_host[0] == '\0' &&	89	sizeof(struct UTMP_STR) && utp->ut_host[0] == '\0' &&
78	old_ut.ut_host[0] != '\0' &&	90	old_ut.ut_host[0] != '\0' &&
79	strncmp(old_ut.ut_line, utp->ut_line, UT_LINESIZE) == 0 &&	91	strncmp(old_ut.ut_line, utp->ut_line, UT_LINESIZE) == 0 &&
80	strncmp(old_ut.ut_name, utp->ut_name, UT_NAMESIZE) == 0)	92	strncmp(old_ut.ut_name, utp->ut_name, UT_NAMESIZE) == 0)
81	(void)memcpy(utp->ut_host, old_ut.ut_host, UT_HOSTSIZE);	93	(void)memcpy(utp->ut_host, old_ut.ut_host, UT_HOSTSIZE);
82	#endif /* HAVE_HOST_IN_UTMP */	94	#endif /* HAVE_HOST_IN_UTMP \|\| HAVE_HOST_IN_UTMPX */
83	(void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);	95	(void)lseek(fd, (off_t)(tty * sizeof(struct UTMP_STR)), SEEK_SET);
84	(void)write(fd, utp, sizeof(struct utmp));	96	(void)write(fd, utp, sizeof(struct UTMP_STR));
85	(void)close(fd);	97	(void)close(fd);
86	}	98	}
87	if ((fd = open(_PATH_WTMP, O_WRONLY\|O_APPEND, 0)) >= 0) {	99	if ((fd = open(_PATH_WTMP, O_WRONLY\|O_APPEND, 0)) >= 0) {
88	(void)write(fd, utp, sizeof(struct utmp));	100	(void)write(fd, utp, sizeof(struct UTMP_STR));
89	(void)close(fd);	101	(void)close(fd);
90	}	102	}
91	}	103	}


diff --git a/configure.in b/configure.in index f1027ef42..e0395528d 100644 --- a/configure.in +++ b/configure.in
@@ -56,7 +56,7 @@ AC_CHECK_LIB(dl, dlopen, , )
56	AC_CHECK_LIB(pam, pam_authenticate, , )	56	AC_CHECK_LIB(pam, pam_authenticate, , )
57		57
58	dnl Checks for header files.	58	dnl Checks for header files.
59	AC_CHECK_HEADERS(endian.h lastlog.h login.h maillock.h netgroup.h paths.h pty.h shadow.h util.h utmp.h sys/select.h sys/stropts.h sys/time.h)	59	AC_CHECK_HEADERS(endian.h lastlog.h login.h maillock.h netgroup.h paths.h pty.h shadow.h util.h utmp.h utmpx.h sys/select.h sys/stropts.h sys/time.h)
60		60
61	dnl Checks for library functions.	61	dnl Checks for library functions.
62	AC_CHECK_FUNCS(arc4random mkdtemp openpty _getpty setenv setlogin setproctitle snprintf strlcat strlcpy vsnprintf)	62	AC_CHECK_FUNCS(arc4random mkdtemp openpty _getpty setenv setlogin setproctitle snprintf strlcat strlcpy vsnprintf)
@@ -198,6 +198,13 @@ AC_EGREP_HEADER(ut_host, utmp.h,
198	[AC_MSG_RESULT(no)]	198	[AC_MSG_RESULT(no)]
199	)	199	)
200		200
		201	dnl Check for ut_host field in utmpx
		202	AC_MSG_CHECKING([whether utmpx.h has ut_host field])
		203	AC_EGREP_HEADER(ut_host, utmpx.h,
		204	[AC_DEFINE(HAVE_HOST_IN_UTMPX) AC_MSG_RESULT(yes); ],
		205	[AC_MSG_RESULT(no)]
		206	)
		207
201	dnl Look for lastlog location	208	dnl Look for lastlog location
202	AC_MSG_CHECKING([location of lastlog file])	209	AC_MSG_CHECKING([location of lastlog file])
203	for lastlog in /var/log/lastlog /var/adm/lastlog /etc/security/lastlog ; do	210	for lastlog in /var/log/lastlog /var/adm/lastlog /etc/security/lastlog ; do


diff --git a/login.c b/login.c index 81bae8205..ff4184572 100644 --- a/login.c +++ b/login.c
@@ -18,9 +18,14 @@
18	*/	18	*/
19		19
20	#include "includes.h"	20	#include "includes.h"
21	RCSID("$Id: login.c,v 1.5 1999/11/25 02:08:31 damien Exp $");	21	RCSID("$Id: login.c,v 1.6 1999/12/08 23:16:55 damien Exp $");
22		22
23	#include <utmp.h>	23	#ifdef HAVE_UTMPX_H
		24	# include <utmpx.h>
		25	#endif
		26	#ifdef HAVE_UTMP_H
		27	# include <utmp.h>
		28	#endif
24	#include "ssh.h"	29	#include "ssh.h"
25		30
26	#ifdef HAVE_UTIL_H	31	#ifdef HAVE_UTIL_H
@@ -83,15 +88,20 @@ record_login(int pid, const char ttyname, const char user, uid_t uid,
83	int fd;	88	int fd;
84	struct lastlog ll;	89	struct lastlog ll;
85	char *lastlog;	90	char *lastlog;
86	struct utmp u;	91	struct UTMP_STR u;
87	const char utmp, wtmp;	92	const char utmp, wtmp;
88		93
89	/* Construct an utmp/wtmp entry. */	94	/* Construct an utmp/wtmp entry. */
90	memset(&u, 0, sizeof(u));	95	memset(&u, 0, sizeof(u));
91	strncpy(u.ut_line, ttyname + 5, sizeof(u.ut_line));	96	strncpy(u.ut_line, ttyname + 5, sizeof(u.ut_line));
		97	#ifdef HAVE_UTMPX_H
		98	u.ut_tv.tv_sec = time(NULL);
		99	strncpy(u.ut_user, user, sizeof(u.ut_name));
		100	#else
92	u.ut_time = time(NULL);	101	u.ut_time = time(NULL);
93	strncpy(u.ut_name, user, sizeof(u.ut_name));	102	strncpy(u.ut_name, user, sizeof(u.ut_name));
94	#ifdef HAVE_HOST_IN_UTMP	103	#endif
		104	#if defined(HAVE_HOST_IN_UTMP) \|\| defined(HAVE_HOST_IN_UTMPX)
95	strncpy(u.ut_host, host, sizeof(u.ut_host));	105	strncpy(u.ut_host, host, sizeof(u.ut_host));
96	#endif	106	#endif
97		107


diff --git a/pty.c b/pty.c index acd81c9ba..c6c7363b2 100644 --- a/pty.c +++ b/pty.c
@@ -14,11 +14,15 @@
14	*/	14	*/
15		15
16	#include "includes.h"	16	#include "includes.h"
17	RCSID("$Id: pty.c,v 1.7 1999/12/07 21:53:52 damien Exp $");	17	RCSID("$Id: pty.c,v 1.8 1999/12/08 23:16:55 damien Exp $");
18		18
19	#include "pty.h"	19	#include "pty.h"
20	#include "ssh.h"	20	#include "ssh.h"
21		21
		22	#ifdef HAVE_DEV_PTMX
		23	#include <sys/stropts.h>
		24	#endif /* HAVE_DEV_PTMX */
		25
22	/* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */	26	/* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
23	#if defined(HAVE__GETPTY) \|\| defined(HAVE_OPENPTY)	27	#if defined(HAVE__GETPTY) \|\| defined(HAVE_OPENPTY)
24	#undef HAVE_DEV_PTMX	28	#undef HAVE_DEV_PTMX


diff --git a/sshd.c b/sshd.c index 0c15e2837..2ff8f45b4 100644 --- a/sshd.c +++ b/sshd.c
@@ -11,7 +11,7 @@
11	*/	11	*/
12		12
13	#include "includes.h"	13	#include "includes.h"
14	RCSID("$Id: sshd.c,v 1.35 1999/12/07 04:38:32 damien Exp $");	14	RCSID("$Id: sshd.c,v 1.36 1999/12/08 23:16:55 damien Exp $");
15		15
16	#include "xmalloc.h"	16	#include "xmalloc.h"
17	#include "rsa.h"	17	#include "rsa.h"
@@ -138,7 +138,8 @@ void do_child(const char command, struct passwd pw, const char *term,
138	#ifdef HAVE_LIBPAM	138	#ifdef HAVE_LIBPAM
139	static int pamconv(int num_msg, const struct pam_message **msg,	139	static int pamconv(int num_msg, const struct pam_message **msg,
140	struct pam_response *resp, void appdata_ptr);	140	struct pam_response *resp, void appdata_ptr);
141	void do_pam_account_and_session(char username, char remote_user);	141	void do_pam_account(char username, char remote_user);
		142	void do_pam_session(char username, char ttyname);
142	void pam_cleanup_proc(void *context);	143	void pam_cleanup_proc(void *context);
143		144
144	static struct pam_conv conv = {	145	static struct pam_conv conv = {
@@ -228,7 +229,7 @@ void pam_cleanup_proc(void *context)
228	}	229	}
229	}	230	}
230		231
231	void do_pam_account_and_session(char username, char remote_user)	232	void do_pam_account(char username, char remote_user)
232	{	233	{
233	int pam_retval;	234	int pam_retval;
234		235
@@ -254,12 +255,22 @@ void do_pam_account_and_session(char username, char remote_user)
254	log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));	255	log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
255	do_fake_authloop(username);	256	do_fake_authloop(username);
256	}	257	}
		258	}
257		259
258	pam_retval = pam_open_session((pam_handle_t *)pamh, 0);	260	void do_pam_session(char username, char ttyname)
259	if (pam_retval != PAM_SUCCESS) {	261	{
260	log("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));	262	int pam_retval;
261	do_fake_authloop(username);	263
		264	if (ttyname != NULL) {
		265	debug("PAM setting tty to \"%.200s\"", ttyname);
		266	pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, ttyname);
		267	if (pam_retval != PAM_SUCCESS)
		268	fatal("PAM set tty failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
262	}	269	}
		270
		271	pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
		272	if (pam_retval != PAM_SUCCESS)
		273	fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
263	}	274	}
264	#endif /* HAVE_LIBPAM */	275	#endif /* HAVE_LIBPAM */
265		276
@@ -1476,12 +1487,16 @@ do_authloop(struct passwd * pw)
1476	pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);	1487	pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
1477	if (pam_retval == PAM_SUCCESS) {	1488	if (pam_retval == PAM_SUCCESS) {
1478	log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name);	1489	log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name);
		1490	memset(password, 0, strlen(password));
		1491	xfree(password);
1479	authenticated = 1;	1492	authenticated = 1;
1480	break;	1493	break;
1481	}	1494	}
1482		1495
1483	log("PAM Password authentication for \"%.100s\" failed: %s",	1496	log("PAM Password authentication for \"%.100s\" failed: %s",
1484	pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));	1497	pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
		1498	memset(password, 0, strlen(password));
		1499	xfree(password);
1485	break;	1500	break;
1486	#else /* HAVE_LIBPAM */	1501	#else /* HAVE_LIBPAM */
1487	/* Try authentication with the password. */	1502	/* Try authentication with the password. */
@@ -1561,30 +1576,18 @@ do_authloop(struct passwd * pw)
1561	packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);	1576	packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
1562	#else /* HAVE_LIBPAM */	1577	#else /* HAVE_LIBPAM */
1563	if (authenticated) {	1578	if (authenticated) {
1564	do_pam_account_and_session(pw->pw_name, client_user);	1579	do_pam_account(pw->pw_name, client_user);
1565		1580
1566	/* Clean up */
1567	if (client_user != NULL)	1581	if (client_user != NULL)
1568	xfree(client_user);	1582	xfree(client_user);
1569		1583
1570	if (password != NULL) {
1571	memset(password, 0, strlen(password));
1572	xfree(password);
1573	}
1574
1575	return;	1584	return;
1576	}	1585	}
1577		1586
1578	if (attempt > AUTH_FAIL_MAX) {	1587	if (attempt > AUTH_FAIL_MAX) {
1579	/* Clean up */
1580	if (client_user != NULL)	1588	if (client_user != NULL)
1581	xfree(client_user);	1589	xfree(client_user);
1582		1590
1583	if (password != NULL) {
1584	memset(password, 0, strlen(password));
1585	xfree(password);
1586	}
1587
1588	packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);	1591	packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
1589	}	1592	}
1590	#endif /* HAVE_LIBPAM */	1593	#endif /* HAVE_LIBPAM */
@@ -1785,6 +1788,12 @@ do_authenticated(struct passwd * pw)
1785		1788
1786	/* Indicate that we now have a pty. */	1789	/* Indicate that we now have a pty. */
1787	have_pty = 1;	1790	have_pty = 1;
		1791
		1792	#ifdef HAVE_LIBPAM
		1793	/* do the pam_open_session since we have the pty */
		1794	do_pam_session(pw->pw_name,ttyname);
		1795	#endif /* HAVE_LIBPAM */
		1796
1788	break;	1797	break;
1789		1798
1790	case SSH_CMSG_X11_REQUEST_FORWARDING:	1799	case SSH_CMSG_X11_REQUEST_FORWARDING: