7 files changed, 89 insertions, 42 deletions

diff --git a/ChangeLog b/ChangeLog
index a70a1fac1..8255b3e59 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,12 @@
      Fix incorrect macro, .I -> .Em
      From: Eric S. Raymond <esr at thyrsus dot com>
      ok jmc@
+   - dtucker@cvs.openbsd.org 2004/07/17 05:31:41
+     [monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
+     Move "Last logged in at.." message generation to the monitor, right
+     before recording the new login.  Fixes missing lastlog message when
+     /var/log/lastlog is not world-readable and incorrect datestamp when
+     multiple sessions are used (bz #463);  much assistance & ok markus@
 
 20040711
  - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows
@@ -1521,4 +1527,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3476 2004/07/17 06:13:15 dtucker Exp $
+$Id: ChangeLog,v 1.3477 2004/07/17 07:05:14 dtucker Exp $
diff --git a/monitor.c b/monitor.c
index 3f468dfff..b7463400e 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.60 2004/06/22 05:05:45 dtucker Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.61 2004/07/17 05:31:41 dtucker Exp $");
 
 #include <openssl/dh.h>
 
@@ -79,6 +79,7 @@ extern u_char session_id[];
 extern Buffer input, output;
 extern Buffer auth_debug;
 extern int auth_debug_init;
+extern Buffer loginmsg;
 
 /* State exported from the child */
 
@@ -1230,10 +1231,6 @@ mm_answer_pty(int sock, Buffer *m)
 
         buffer_put_int(m, 1);
         buffer_put_cstring(m, s->tty);
-        mm_request_send(sock, MONITOR_ANS_PTY, m);
-
-        mm_send_fd(sock, s->ptyfd);
-        mm_send_fd(sock, s->ttyfd);
 
         /* We need to trick ttyslot */
         if (dup2(s->ttyfd, 0) == -1)
@@ -1244,6 +1241,15 @@ mm_answer_pty(int sock, Buffer *m)
         /* Now we can close the file descriptor again */
         close(0);
 
+        /* send messages generated by record_login */
+        buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
+        buffer_clear(&loginmsg);
+
+        mm_request_send(sock, MONITOR_ANS_PTY, m);
+
+        mm_send_fd(sock, s->ptyfd);
+        mm_send_fd(sock, s->ttyfd);
+
         /* make sure nothing uses fd 0 */
         if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0)
                 fatal("%s: open(/dev/null): %s", __func__, strerror(errno));
diff --git a/monitor_wrap.c b/monitor_wrap.c
index f6bc34ec8..0d7a0e3bd 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.38 2004/07/03 11:02:25 dtucker Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.39 2004/07/17 05:31:41 dtucker Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dh.h>
@@ -70,6 +70,7 @@ extern z_stream incoming_stream;
 extern z_stream outgoing_stream;
 extern struct monitor *pmonitor;
 extern Buffer input, output;
+extern Buffer loginmsg;
 extern ServerOptions options;
 
 int
@@ -642,7 +643,7 @@ int
 mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
 {
         Buffer m;
-        char *p;
+        char *p, *msg;
         int success = 0;
 
         buffer_init(&m);
@@ -658,11 +659,15 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
                 return (0);
         }
         p = buffer_get_string(&m, NULL);
+        msg = buffer_get_string(&m, NULL);
         buffer_free(&m);
 
         strlcpy(namebuf, p, namebuflen); /* Possible truncation */
         xfree(p);
 
+        buffer_append(&loginmsg, msg, strlen(msg));
+        xfree(msg);
+
         *ptyfd = mm_receive_fd(pmonitor->m_recvfd);
         *ttyfd = mm_receive_fd(pmonitor->m_recvfd);
 
diff --git a/session.c b/session.c
index 7c8fe5faf..99b84394e 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.178 2004/07/11 17:48:47 deraadt Exp $");
+RCSID("$OpenBSD: session.c,v 1.179 2004/07/17 05:31:41 dtucker Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -196,12 +196,11 @@ auth_input_request_forwarding(struct passwd * pw)
 static void
 display_loginmsg(void)
 {
-        if (buffer_len(&loginmsg) > 0) {
-                buffer_append(&loginmsg, "\0", 1);
-                printf("%s\n", (char *)buffer_ptr(&loginmsg));
-                buffer_clear(&loginmsg);
-        }
-        fflush(stdout);
+        if (buffer_len(&loginmsg) > 0) {
+                buffer_append(&loginmsg, "\0", 1);
+                printf("%s", (char *)buffer_ptr(&loginmsg));
+                buffer_clear(&loginmsg);
+        }
 }
 
 void
@@ -676,14 +675,19 @@ do_exec(Session *s, const char *command)
                 do_exec_no_pty(s, command);
 
         original_command = NULL;
-}
 
+        /*
+         * Clear loginmsg: it's the child's responsibility to display
+         * it to the user, otherwise multiple sessions may accumulate
+         * multiple copies of the login messages.
+         */
+        buffer_clear(&loginmsg);
+}
 
 /* administrative, login(1)-like work */
 void
 do_login(Session *s, const char *command)
 {
-        char *time_string;
         socklen_t fromlen;
         struct sockaddr_storage from;
         struct passwd * pw = s->pw;
@@ -728,19 +732,6 @@ do_login(Session *s, const char *command)
 
         display_loginmsg();
 
-#ifndef NO_SSH_LASTLOG
-        if (options.print_lastlog && s->last_login_time != 0) {
-                time_string = ctime(&s->last_login_time);
-                if (strchr(time_string, '\n'))
-                        *strchr(time_string, '\n') = 0;
-                if (strcmp(s->hostname, "") == 0)
-                        printf("Last login: %s\r\n", time_string);
-                else
-                        printf("Last login: %s from %s\r\n", time_string,
-                            s->hostname);
-        }
-#endif /* NO_SSH_LASTLOG */
-
         do_motd();
 }
 
@@ -1318,6 +1309,7 @@ do_setusercontext(struct passwd *pw)
 static void
 do_pwchange(Session *s)
 {
+        fflush(NULL);
         fprintf(stderr, "WARNING: Your password has expired.\n");
         if (s->ttyfd != -1) {
                 fprintf(stderr,
@@ -1703,12 +1695,6 @@ session_pty_req(Session *s)
                 packet_disconnect("Protocol error: you already have a pty.");
                 return 0;
         }
-        /* Get the time and hostname when the user last logged in. */
-        if (options.print_lastlog) {
-                s->hostname[0] = '\0';
-                s->last_login_time = get_last_login_time(s->pw->pw_uid,
-                    s->pw->pw_name, s->hostname, sizeof(s->hostname));
-        }
 
         s->term = packet_get_string(&len);
 
diff --git a/session.h b/session.h
index e52506652..48be5070c 100644
--- a/session.h
+++ b/session.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: session.h,v 1.22 2004/04/27 09:46:37 djm Exp $        */
+/*      $OpenBSD: session.h,v 1.23 2004/07/17 05:31:41 dtucker Exp $    */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -39,9 +39,6 @@ struct Session {
         int     ptyfd, ttyfd, ptymaster;
         u_int   row, col, xpixel, ypixel;
         char    tty[TTYSZ];
-        /* last login */
-        char    hostname[MAXHOSTNAMELEN];
-        time_t  last_login_time;
         /* X11 */
         u_int   display_number;
         char    *display;
diff --git a/sshd.c b/sshd.c
index ac62cb506..a9e7ccb31 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.298 2004/07/11 17:48:47 deraadt Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.299 2004/07/17 05:31:41 dtucker Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -216,6 +216,9 @@ Buffer loginmsg;
 /* global authentication context */
 Authctxt *the_authctxt = NULL;
 
+/* message to be displayed after login */
+Buffer loginmsg;
+
 /* Prototypes for various functions defined later in this file. */
 void destroy_sensitive_data(void);
 void demote_sensitive_data(void);
@@ -1680,6 +1683,9 @@ main(int ac, char **av)
                 if (privsep_preauth(authctxt) == 1)
                         goto authenticated;
 
+        /* prepare buffer to collect messages to display to user after login */
+        buffer_init(&loginmsg);
+
         /* perform the key exchange */
         /* authenticate user and start session */
         if (compat20) {
diff --git a/sshlogin.c b/sshlogin.c
index 75446f9eb..41817ec96 100644
--- a/sshlogin.c
+++ b/sshlogin.c
@@ -39,9 +39,15 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshlogin.c,v 1.9 2004/07/03 05:11:33 dtucker Exp $");
+RCSID("$OpenBSD: sshlogin.c,v 1.10 2004/07/17 05:31:41 dtucker Exp $");
 
 #include "loginrec.h"
+#include "log.h"
+#include "buffer.h"
+#include "servconf.h"
+
+extern Buffer loginmsg;
+extern ServerOptions options;
 
 /*
  * Returns the time when the user last logged in.  Returns 0 if the
@@ -60,6 +66,38 @@ get_last_login_time(uid_t uid, const char *logname,
 }
 
 /*
+ * Generate and store last login message.  This must be done before
+ * login_login() is called and lastlog is updated.
+ */
+void
+store_lastlog_message(const char *user, uid_t uid)
+{
+        char *time_string, hostname[MAXHOSTNAMELEN] = "", buf[512];
+        time_t last_login_time;
+
+#ifndef NO_SSH_LASTLOG
+        if (!options.print_lastlog)
+                return;
+
+        last_login_time = get_last_login_time(uid, user, hostname,
+            sizeof(hostname));
+
+        if (last_login_time != 0) {
+                time_string = ctime(&last_login_time);
+                if (strchr(time_string, '\n'))
+                    *strchr(time_string, '\n') = '\0';
+                if (strcmp(hostname, "") == 0)
+                        snprintf(buf, sizeof(buf), "Last login: %s\r\n",
+                            time_string);
+                else
+                        snprintf(buf, sizeof(buf), "Last login: %s from %s\r\n",
+                            time_string, hostname);
+                buffer_append(&loginmsg, buf, strlen(buf));
+        }
+#endif /* NO_SSH_LASTLOG */
+}
+
+/*
  * Records that the user has logged in.  I wish these parts of operating
  * systems were more standardized.
  */
@@ -69,6 +107,9 @@ record_login(pid_t pid, const char *tty, const char *user, uid_t uid,
 {
         struct logininfo *li;
 
+        /* save previous login details before writing new */
+        store_lastlog_message(user, uid);
+
         li = login_alloc_entry(pid, user, host, tty);
         login_set_addr(li, addr, addrlen);
         login_login(li);