summaryrefslogtreecommitdiff
path: root/loginrec.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2011-01-24 12:43:25 +0000
committerColin Watson <cjwatson@debian.org>2011-01-24 12:43:25 +0000
commit626f1d986ff72aa514da63e34744e1de9cf21b9a (patch)
treed215a5280bc2e57251e4a9e08bfd3674ad824a94 /loginrec.c
parent6ed622cb6fe8f71bbe0d998cdd12280410bfb420 (diff)
parent0970072c89b079b022538e3c366fbfa2c53fc821 (diff)
* New upstream release (http://www.openssh.org/txt/release-5.7):
- Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. - sftp(1)/sftp-server(8): add a protocol extension to support a hard link operation. It is available through the "ln" command in the client. The old "ln" behaviour of creating a symlink is available using its "-s" option or through the preexisting "symlink" command. - scp(1): Add a new -3 option to scp: Copies between two remote hosts are transferred through the local host (closes: #508613). - ssh(1): "atomically" create the listening mux socket by binding it on a temporary name and then linking it into position after listen() has succeeded. This allows the mux clients to determine that the server socket is either ready or stale without races (closes: #454784). Stale server sockets are now automatically removed (closes: #523250). - ssh(1): install a SIGCHLD handler to reap expired child process (closes: #594687). - ssh(1)/ssh-agent(1): honour $TMPDIR for client xauth and ssh-agent temporary directories (closes: #357469, although only if you arrange for ssh-agent to actually see $TMPDIR since the setgid bit will cause it to be stripped off).
Diffstat (limited to 'loginrec.c')
-rw-r--r--loginrec.c28
1 files changed, 18 insertions, 10 deletions
diff --git a/loginrec.c b/loginrec.c
index 6f655cb16..32941c985 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -273,7 +273,7 @@ login_logout(struct logininfo *li)
273 * try to retrieve lastlog information from wtmp/wtmpx. 273 * try to retrieve lastlog information from wtmp/wtmpx.
274 */ 274 */
275unsigned int 275unsigned int
276login_get_lastlog_time(const int uid) 276login_get_lastlog_time(const uid_t uid)
277{ 277{
278 struct logininfo li; 278 struct logininfo li;
279 279
@@ -297,7 +297,7 @@ login_get_lastlog_time(const int uid)
297 * 0 on failure (will use OpenSSH's logging facilities for diagnostics) 297 * 0 on failure (will use OpenSSH's logging facilities for diagnostics)
298 */ 298 */
299struct logininfo * 299struct logininfo *
300login_get_lastlog(struct logininfo *li, const int uid) 300login_get_lastlog(struct logininfo *li, const uid_t uid)
301{ 301{
302 struct passwd *pw; 302 struct passwd *pw;
303 303
@@ -311,7 +311,8 @@ login_get_lastlog(struct logininfo *li, const int uid)
311 */ 311 */
312 pw = getpwuid(uid); 312 pw = getpwuid(uid);
313 if (pw == NULL) 313 if (pw == NULL)
314 fatal("%s: Cannot find account for uid %i", __func__, uid); 314 fatal("%s: Cannot find account for uid %ld", __func__,
315 (long)uid);
315 316
316 /* No MIN_SIZEOF here - we absolutely *must not* truncate the 317 /* No MIN_SIZEOF here - we absolutely *must not* truncate the
317 * username (XXX - so check for trunc!) */ 318 * username (XXX - so check for trunc!) */
@@ -335,7 +336,7 @@ login_get_lastlog(struct logininfo *li, const int uid)
335 * allocation fails, the program halts. 336 * allocation fails, the program halts.
336 */ 337 */
337struct 338struct
338logininfo *login_alloc_entry(int pid, const char *username, 339logininfo *login_alloc_entry(pid_t pid, const char *username,
339 const char *hostname, const char *line) 340 const char *hostname, const char *line)
340{ 341{
341 struct logininfo *newli; 342 struct logininfo *newli;
@@ -363,7 +364,7 @@ login_free_entry(struct logininfo *li)
363 * Returns: 1 364 * Returns: 1
364 */ 365 */
365int 366int
366login_init_entry(struct logininfo *li, int pid, const char *username, 367login_init_entry(struct logininfo *li, pid_t pid, const char *username,
367 const char *hostname, const char *line) 368 const char *hostname, const char *line)
368{ 369{
369 struct passwd *pw; 370 struct passwd *pw;
@@ -468,9 +469,9 @@ login_write(struct logininfo *li)
468#endif 469#endif
469#ifdef SSH_AUDIT_EVENTS 470#ifdef SSH_AUDIT_EVENTS
470 if (li->type == LTYPE_LOGIN) 471 if (li->type == LTYPE_LOGIN)
471 audit_session_open(li->line); 472 audit_session_open(li);
472 else if (li->type == LTYPE_LOGOUT) 473 else if (li->type == LTYPE_LOGOUT)
473 audit_session_close(li->line); 474 audit_session_close(li);
474#endif 475#endif
475 return (0); 476 return (0);
476} 477}
@@ -872,11 +873,13 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut)
872 pos = (off_t)tty * sizeof(struct utmp); 873 pos = (off_t)tty * sizeof(struct utmp);
873 if ((ret = lseek(fd, pos, SEEK_SET)) == -1) { 874 if ((ret = lseek(fd, pos, SEEK_SET)) == -1) {
874 logit("%s: lseek: %s", __func__, strerror(errno)); 875 logit("%s: lseek: %s", __func__, strerror(errno));
876 close(fd);
875 return (0); 877 return (0);
876 } 878 }
877 if (ret != pos) { 879 if (ret != pos) {
878 logit("%s: Couldn't seek to tty %d slot in %s", 880 logit("%s: Couldn't seek to tty %d slot in %s",
879 __func__, tty, UTMP_FILE); 881 __func__, tty, UTMP_FILE);
882 close(fd);
880 return (0); 883 return (0);
881 } 884 }
882 /* 885 /*
@@ -892,16 +895,20 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut)
892 895
893 if ((ret = lseek(fd, pos, SEEK_SET)) == -1) { 896 if ((ret = lseek(fd, pos, SEEK_SET)) == -1) {
894 logit("%s: lseek: %s", __func__, strerror(errno)); 897 logit("%s: lseek: %s", __func__, strerror(errno));
898 close(fd);
895 return (0); 899 return (0);
896 } 900 }
897 if (ret != pos) { 901 if (ret != pos) {
898 logit("%s: Couldn't seek to tty %d slot in %s", 902 logit("%s: Couldn't seek to tty %d slot in %s",
899 __func__, tty, UTMP_FILE); 903 __func__, tty, UTMP_FILE);
904 close(fd);
900 return (0); 905 return (0);
901 } 906 }
902 if (atomicio(vwrite, fd, ut, sizeof(*ut)) != sizeof(*ut)) { 907 if (atomicio(vwrite, fd, ut, sizeof(*ut)) != sizeof(*ut)) {
903 logit("%s: error writing %s: %s", __func__, 908 logit("%s: error writing %s: %s", __func__,
904 UTMP_FILE, strerror(errno)); 909 UTMP_FILE, strerror(errno));
910 close(fd);
911 return (0);
905 } 912 }
906 913
907 close(fd); 914 close(fd);
@@ -1205,7 +1212,7 @@ wtmp_get_entry(struct logininfo *li)
1205 close (fd); 1212 close (fd);
1206 return (0); 1213 return (0);
1207 } 1214 }
1208 if ( wtmp_islogin(li, &ut) ) { 1215 if (wtmp_islogin(li, &ut) ) {
1209 found = 1; 1216 found = 1;
1210 /* 1217 /*
1211 * We've already checked for a time in struct 1218 * We've already checked for a time in struct
@@ -1496,11 +1503,12 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode)
1496 1503
1497 if (S_ISREG(st.st_mode)) { 1504 if (S_ISREG(st.st_mode)) {
1498 /* find this uid's offset in the lastlog file */ 1505 /* find this uid's offset in the lastlog file */
1499 offset = (off_t) ((long)li->uid * sizeof(struct lastlog)); 1506 offset = (off_t) ((u_long)li->uid * sizeof(struct lastlog));
1500 1507
1501 if (lseek(*fd, offset, SEEK_SET) != offset) { 1508 if (lseek(*fd, offset, SEEK_SET) != offset) {
1502 logit("%s: %s->lseek(): %s", __func__, 1509 logit("%s: %s->lseek(): %s", __func__,
1503 lastlog_file, strerror(errno)); 1510 lastlog_file, strerror(errno));
1511 close(*fd);
1504 return (0); 1512 return (0);
1505 } 1513 }
1506 } 1514 }
@@ -1672,7 +1680,7 @@ record_failed_login(const char *username, const char *hostname,
1672 strerror(errno)); 1680 strerror(errno));
1673 goto out; 1681 goto out;
1674 } 1682 }
1675 if((fst.st_mode & (S_IRWXG | S_IRWXO)) || (fst.st_uid != 0)){ 1683 if((fst.st_mode & (S_IXGRP | S_IRWXO)) || (fst.st_uid != 0)){
1676 logit("Excess permission or bad ownership on file %s", 1684 logit("Excess permission or bad ownership on file %s",
1677 _PATH_BTMP); 1685 _PATH_BTMP);
1678 goto out; 1686 goto out;
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-11 00:39:46 +0000