1 files changed, 462 insertions, 363 deletions
diff --git a/loginrec.c b/loginrec.c
index f07f65fce..361ac4cb7 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -25,130 +25,125 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
+/*
+ * The btmp logging code is derived from login.c from util-linux and is under
+ * the the following license:
+ *
+ * Copyright (c) 1980, 1987, 1988 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by the University of California, Berkeley.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
 /**
 ** loginrec.c:  platform-independent login recording and lastlog retrieval
 **/
 /*
-  The new login code explained
+ *  The new login code explained
-  ============================
+ *  ============================
+ *
-  This code attempts to provide a common interface to login recording
+ *  This code attempts to provide a common interface to login recording
-  (utmp and friends) and last login time retrieval.
+ *  (utmp and friends) and last login time retrieval.
+ *
-  Its primary means of achieving this is to use 'struct logininfo', a
+ *  Its primary means of achieving this is to use 'struct logininfo', a
-  union of all the useful fields in the various different types of
+ *  union of all the useful fields in the various different types of
-  system login record structures one finds on UNIX variants.
+ *  system login record structures one finds on UNIX variants.
+ *
-  We depend on autoconf to define which recording methods are to be
+ *  We depend on autoconf to define which recording methods are to be
-  used, and which fields are contained in the relevant data structures
+ *  used, and which fields are contained in the relevant data structures
-  on the local system. Many C preprocessor symbols affect which code
+ *  on the local system. Many C preprocessor symbols affect which code
-  gets compiled here.
+ *  gets compiled here.
+ *
-  The code is designed to make it easy to modify a particular
+ *  The code is designed to make it easy to modify a particular
-  recording method, without affecting other methods nor requiring so
+ *  recording method, without affecting other methods nor requiring so
-  many nested conditional compilation blocks as were commonplace in
+ *  many nested conditional compilation blocks as were commonplace in
-  the old code.
+ *  the old code.
+ *
-  For login recording, we try to use the local system's libraries as
+ *  For login recording, we try to use the local system's libraries as
-  these are clearly most likely to work correctly. For utmp systems
+ *  these are clearly most likely to work correctly. For utmp systems
-  this usually means login() and logout() or setutent() etc., probably
+ *  this usually means login() and logout() or setutent() etc., probably
-  in libutil, along with logwtmp() etc. On these systems, we fall back
+ *  in libutil, along with logwtmp() etc. On these systems, we fall back
-  to writing the files directly if we have to, though this method
+ *  to writing the files directly if we have to, though this method
-  requires very thorough testing so we do not corrupt local auditing
+ *  requires very thorough testing so we do not corrupt local auditing
-  information. These files and their access methods are very system
+ *  information. These files and their access methods are very system
-  specific indeed.
+ *  specific indeed.
+ *
-  For utmpx systems, the corresponding library functions are
+ *  For utmpx systems, the corresponding library functions are
-  setutxent() etc. To the author's knowledge, all utmpx systems have
+ *  setutxent() etc. To the author's knowledge, all utmpx systems have
-  these library functions and so no direct write is attempted. If such
+ *  these library functions and so no direct write is attempted. If such
-  a system exists and needs support, direct analogues of the [uw]tmp
+ *  a system exists and needs support, direct analogues of the [uw]tmp
-  code should suffice.
+ *  code should suffice.
+ *
-  Retrieving the time of last login ('lastlog') is in some ways even
+ *  Retrieving the time of last login ('lastlog') is in some ways even
-  more problemmatic than login recording. Some systems provide a
+ *  more problemmatic than login recording. Some systems provide a
-  simple table of all users which we seek based on uid and retrieve a
+ *  simple table of all users which we seek based on uid and retrieve a
-  relatively standard structure. Others record the same information in
+ *  relatively standard structure. Others record the same information in
-  a directory with a separate file, and others don't record the
+ *  a directory with a separate file, and others don't record the
-  information separately at all. For systems in the latter category,
+ *  information separately at all. For systems in the latter category,
-  we look backwards in the wtmp or wtmpx file for the last login entry
+ *  we look backwards in the wtmp or wtmpx file for the last login entry
-  for our user. Naturally this is slower and on busy systems could
+ *  for our user. Naturally this is slower and on busy systems could
-  incur a significant performance penalty.
+ *  incur a significant performance penalty.
+ *
-  Calling the new code
+ *  Calling the new code
-  --------------------
+ *  --------------------
+ *
-  In OpenSSH all login recording and retrieval is performed in
+ *  In OpenSSH all login recording and retrieval is performed in
-  login.c. Here you'll find working examples. Also, in the logintest.c
+ *  login.c. Here you'll find working examples. Also, in the logintest.c
-  program there are more examples.
+ *  program there are more examples.
+ *
-  Internal handler calling method
+ *  Internal handler calling method
-  -------------------------------
+ *  -------------------------------
+ *
-  When a call is made to login_login() or login_logout(), both
+ *  When a call is made to login_login() or login_logout(), both
-  routines set a struct logininfo flag defining which action (log in,
+ *  routines set a struct logininfo flag defining which action (log in,
-  or log out) is to be taken. They both then call login_write(), which
+ *  or log out) is to be taken. They both then call login_write(), which
-  calls whichever of the many structure-specific handlers autoconf
+ *  calls whichever of the many structure-specific handlers autoconf
-  selects for the local system.
+ *  selects for the local system.
+ *
-  The handlers themselves handle system data structure specifics. Both
+ *  The handlers themselves handle system data structure specifics. Both
-  struct utmp and struct utmpx have utility functions (see
+ *  struct utmp and struct utmpx have utility functions (see
-  construct_utmp*()) to try to make it simpler to add extra systems
+ *  construct_utmp*()) to try to make it simpler to add extra systems
-  that introduce new features to either structure.
+ *  that introduce new features to either structure.
+ *
-  While it may seem terribly wasteful to replicate so much similar
+ *  While it may seem terribly wasteful to replicate so much similar
-  code for each method, experience has shown that maintaining code to
+ *  code for each method, experience has shown that maintaining code to
-  write both struct utmp and utmpx in one function, whilst maintaining
+ *  write both struct utmp and utmpx in one function, whilst maintaining
-  support for all systems whether they have library support or not, is
+ *  support for all systems whether they have library support or not, is
-  a difficult and time-consuming task.
+ *  a difficult and time-consuming task.
+ *
-  Lastlog support proceeds similarly. Functions login_get_lastlog()
+ *  Lastlog support proceeds similarly. Functions login_get_lastlog()
-  (and its OpenSSH-tuned friend login_get_lastlog_time()) call
+ *  (and its OpenSSH-tuned friend login_get_lastlog_time()) call
-  getlast_entry(), which tries one of three methods to find the last
+ *  getlast_entry(), which tries one of three methods to find the last
-  login time. It uses local system lastlog support if it can,
+ *  login time. It uses local system lastlog support if it can,
-  otherwise it tries wtmp or wtmpx before giving up and returning 0,
+ *  otherwise it tries wtmp or wtmpx before giving up and returning 0,
-  meaning "tilt".
+ *  meaning "tilt".
+ *
-  Maintenance
+ *  Maintenance
-  -----------
+ *  -----------
+ *
-  In many cases it's possible to tweak autoconf to select the correct
+ *  In many cases it's possible to tweak autoconf to select the correct
-  methods for a particular platform, either by improving the detection
+ *  methods for a particular platform, either by improving the detection
-  code (best), or by presetting DISABLE_<method> or CONF_<method>_FILE
+ *  code (best), or by presetting DISABLE_<method> or CONF_<method>_FILE
-  symbols for the platform.
+ *  symbols for the platform.
+ *
-  Use logintest to check which symbols are defined before modifying
+ *  Use logintest to check which symbols are defined before modifying
-  configure.ac and loginrec.c. (You have to build logintest yourself
+ *  configure.ac and loginrec.c. (You have to build logintest yourself
-  with 'make logintest' as it's not built by default.)
+ *  with 'make logintest' as it's not built by default.)
+ *
-  Otherwise, patches to the specific method(s) are very helpful!
+ *  Otherwise, patches to the specific method(s) are very helpful!
+ */
-*/
-/**
- ** TODO:
- **   homegrown ttyslot()
- **   test, test, test
- **
- ** Platform status:
- ** ----------------
- **
- ** Known good:
- **   Linux (Redhat 6.2, Debian)
- **   Solaris
- **   HP-UX 10.20 (gcc only)
- **   IRIX
- **   NeXT - M68k/HPPA/Sparc (4.2/3.3)
- **
- ** Testing required: Please send reports!
- **   NetBSD
- **   HP-UX 11
- **   AIX
- **
- ** Platforms with known problems:
- **   Some variants of Slackware Linux
- **
- **/
 #include "includes.h"
@@ -157,17 +152,21 @@
 #include "loginrec.h"
 #include "log.h"
 #include "atomicio.h"
+#include "packet.h"
-RCSID("$Id: loginrec.c,v 1.58 2004/08/15 09:12:52 djm Exp $");
+#include "canohost.h"
+#include "auth.h"
+#include "buffer.h"
 #ifdef HAVE_UTIL_H
-#  include <util.h>
+# include <util.h>
 #endif
 #ifdef HAVE_LIBUTIL_H
-#   include <libutil.h>
+# include <libutil.h>
 #endif
+RCSID("$Id: loginrec.c,v 1.67 2005/02/15 11:19:28 dtucker Exp $");
 /**
 ** prototypes for helper functions in this file
 **/
@@ -194,14 +193,17 @@ int lastlog_get_entry(struct logininfo *li);
 int wtmp_get_entry(struct logininfo *li);
 int wtmpx_get_entry(struct logininfo *li);
+extern Buffer loginmsg;
 /* pick the shortest string */
-#define MIN_SIZEOF(s1,s2) ( sizeof(s1) < sizeof(s2) ? sizeof(s1) : sizeof(s2) )
+#define MIN_SIZEOF(s1,s2) (sizeof(s1) < sizeof(s2) ? sizeof(s1) : sizeof(s2))
 /**
 ** platform-independent login functions
 **/
-/* login_login(struct logininfo *)     -Record a login
+/*
+ * login_login(struct logininfo *) - Record a login
 *
 * Call with a pointer to a struct logininfo initialised with
 * login_init_entry() or login_alloc_entry()
@@ -211,14 +213,15 @@ int wtmpx_get_entry(struct logininfo *li);
 *  0  on failure (will use OpenSSH's logging facilities for diagnostics)
 */
 int
-login_login (struct logininfo *li)
+login_login(struct logininfo *li)
 {
        li->type = LTYPE_LOGIN;
-        return login_write(li);
+        return (login_write(li));
 }
-/* login_logout(struct logininfo *)     - Record a logout
+/*
+ * login_logout(struct logininfo *) - Record a logout
 *
 * Call as with login_login()
 *
@@ -230,10 +233,11 @@ int
 login_logout(struct logininfo *li)
 {
        li->type = LTYPE_LOGOUT;
-        return login_write(li);
+        return (login_write(li));
 }
-/* login_get_lastlog_time(int)           - Retrieve the last login time
+/*
+ * login_get_lastlog_time(int) - Retrieve the last login time
 *
 * Retrieve the last login time for the given uid. Will try to use the
 * system lastlog facilities if they are available, but will fall back
@@ -256,12 +260,13 @@ login_get_lastlog_time(const int uid)
        struct logininfo li;
        if (login_get_lastlog(&li, uid))
-                return li.tv_sec;
+                return (li.tv_sec);
        else
-                return 0;
+                return (0);
 }
-/* login_get_lastlog(struct logininfo *, int)   - Retrieve a lastlog entry
+/*
+ * login_get_lastlog(struct logininfo *, int)   - Retrieve a lastlog entry
 *
 * Retrieve a logininfo structure populated (only partially) with
 * information from the system lastlog data, or from wtmp/wtmpx if no
@@ -272,7 +277,6 @@ login_get_lastlog_time(const int uid)
 * Returns:
 *  >0: A pointer to your struct logininfo if successful
 *  0  on failure (will use OpenSSH's logging facilities for diagnostics)
- *
 */
 struct logininfo *
 login_get_lastlog(struct logininfo *li, const int uid)
@@ -289,20 +293,21 @@ login_get_lastlog(struct logininfo *li, const int uid)
         */
        pw = getpwuid(uid);
        if (pw == NULL)
-                fatal("login_get_lastlog: Cannot find account for uid %i", uid);
+                fatal("%s: Cannot find account for uid %i", __func__, uid);
        /* No MIN_SIZEOF here - we absolutely *must not* truncate the
-         * username */
+         * username (XXX - so check for trunc!) */
        strlcpy(li->username, pw->pw_name, sizeof(li->username));
        if (getlast_entry(li))
-                return li;
+                return (li);
        else
-                return NULL;
+                return (NULL);
 }
-/* login_alloc_entry(int, char*, char*, char*)    - Allocate and initialise
+/*
+ * login_alloc_entry(int, char*, char*, char*)    - Allocate and initialise
 *                                                  a logininfo structure
 *
 * This function creates a new struct logininfo, a data structure
@@ -313,13 +318,13 @@ login_get_lastlog(struct logininfo *li, const int uid)
 */
 struct
 logininfo *login_alloc_entry(int pid, const char *username,
-                             const char *hostname, const char *line)
+    const char *hostname, const char *line)
 {
        struct logininfo *newli;
-        newli = (struct logininfo *) xmalloc (sizeof(*newli));
+        newli = xmalloc(sizeof(*newli));
-        (void)login_init_entry(newli, pid, username, hostname, line);
+        login_init_entry(newli, pid, username, hostname, line);
-        return newli;
+        return (newli);
 }
@@ -341,7 +346,7 @@ login_free_entry(struct logininfo *li)
 */
 int
 login_init_entry(struct logininfo *li, int pid, const char *username,
-                 const char *hostname, const char *line)
+    const char *hostname, const char *line)
 {
        struct passwd *pw;
@@ -356,18 +361,21 @@ login_init_entry(struct logininfo *li, int pid, const char *username,
        if (username) {
                strlcpy(li->username, username, sizeof(li->username));
                pw = getpwnam(li->username);
-                if (pw == NULL)
+                if (pw == NULL) {
-                        fatal("login_init_entry: Cannot find user \"%s\"", li->username);
+                        fatal("%s: Cannot find user \"%s\"", __func__, 
+                            li->username);
+                }
                li->uid = pw->pw_uid;
        }
        if (hostname)
                strlcpy(li->hostname, hostname, sizeof(li->hostname));
-        return 1;
+        return (1);
 }
-/* login_set_current_time(struct logininfo *)    - set the current time
+/* 
+ * login_set_current_time(struct logininfo *)    - set the current time
 *
 * Set the current time in a logininfo structure. This function is
 * meant to eliminate the need to deal with system dependencies for
@@ -387,7 +395,7 @@ login_set_current_time(struct logininfo *li)
 /* copy a sockaddr_* into our logininfo */
 void
 login_set_addr(struct logininfo *li, const struct sockaddr *sa,
-               const unsigned int sa_size)
+    const unsigned int sa_size)
 {
        unsigned int bufsize = sa_size;
@@ -395,7 +403,7 @@ login_set_addr(struct logininfo *li, const struct sockaddr *sa,
        if (sizeof(li->hostaddr) < sa_size)
                bufsize = sizeof(li->hostaddr);
-        memcpy((void *)&(li->hostaddr.sa), (const void *)sa, bufsize);
+        memcpy(&li->hostaddr.sa, sa, bufsize);
 }
@@ -404,12 +412,12 @@ login_set_addr(struct logininfo *li, const struct sockaddr *sa,
 ** results
 **/
 int
-login_write (struct logininfo *li)
+login_write(struct logininfo *li)
 {
 #ifndef HAVE_CYGWIN
-        if ((int)geteuid() != 0) {
+        if (geteuid() != 0) {
-          logit("Attempt to write login records by non-root user (aborting)");
+                logit("Attempt to write login records by non-root user (aborting)");
-          return 1;
+                return (1);
        }
 #endif
@@ -419,9 +427,8 @@ login_write (struct logininfo *li)
        syslogin_write_entry(li);
 #endif
 #ifdef USE_LASTLOG
-        if (li->type == LTYPE_LOGIN) {
+        if (li->type == LTYPE_LOGIN)
                lastlog_write_entry(li);
-        }
 #endif
 #ifdef USE_UTMP
        utmp_write_entry(li);
@@ -437,10 +444,16 @@ login_write (struct logininfo *li)
 #endif
 #ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN
        if (li->type == LTYPE_LOGIN && 
-           !sys_auth_record_login(li->username,li->hostname,li->line))
+           !sys_auth_record_login(li->username,li->hostname,li->line, &loginmsg))
                logit("Writing login record failed for %s", li->username);
 #endif
-        return 0;
+#ifdef SSH_AUDIT_EVENTS
+        if (li->type == LTYPE_LOGIN)
+                audit_session_open(li->line);
+        else if (li->type == LTYPE_LOGOUT)
+                audit_session_close(li->line);
+#endif
+        return (0);
 }
 #ifdef LOGIN_NEEDS_UTMPX
@@ -461,7 +474,7 @@ login_utmp_only(struct logininfo *li)
 # ifdef USE_WTMPX
        wtmpx_write_entry(li);
 # endif
-        return 0;
+        return (0);
 }
 #endif
@@ -478,25 +491,21 @@ getlast_entry(struct logininfo *li)
        return(lastlog_get_entry(li));
 #else /* !USE_LASTLOG */
-#ifdef DISABLE_LASTLOG
+#if defined(DISABLE_LASTLOG)
        /* On some systems we shouldn't even try to obtain last login
         * time, e.g. AIX */
-        return 0;
+        return (0);
-# else /* DISABLE_LASTLOG */
+# elif defined(USE_WTMP) && \
-        /* Try to retrieve the last login time from wtmp */
+    (defined(HAVE_TIME_IN_UTMP) || defined(HAVE_TV_IN_UTMP))
-#  if defined(USE_WTMP) && (defined(HAVE_TIME_IN_UTMP) || defined(HAVE_TV_IN_UTMP))
        /* retrieve last login time from utmp */
        return (wtmp_get_entry(li));
-#  else /* defined(USE_WTMP) && (defined(HAVE_TIME_IN_UTMP) || defined(HAVE_TV_IN_UTMP)) */
+# elif defined(USE_WTMPX) && \
+    (defined(HAVE_TIME_IN_UTMPX) || defined(HAVE_TV_IN_UTMPX))
        /* If wtmp isn't available, try wtmpx */
-#   if defined(USE_WTMPX) && (defined(HAVE_TIME_IN_UTMPX) || defined(HAVE_TV_IN_UTMPX))
-        /* retrieve last login time from utmpx */
        return (wtmpx_get_entry(li));
-#   else
+# else
        /* Give up: No means of retrieving last login time */
-        return 0;
+        return (0);
-#   endif /* USE_WTMPX && (HAVE_TIME_IN_UTMPX || HAVE_TV_IN_UTMPX) */
-#  endif /* USE_WTMP && (HAVE_TIME_IN_UTMP || HAVE_TV_IN_UTMP) */
 # endif /* DISABLE_LASTLOG */
 #endif /* USE_LASTLOG */
 }
@@ -520,19 +529,21 @@ getlast_entry(struct logininfo *li)
 */
-/* line_fullname(): add the leading '/dev/' if it doesn't exist make
+/*
- * sure dst has enough space, if not just copy src (ugh) */
+ * line_fullname(): add the leading '/dev/' if it doesn't exist make
+ * sure dst has enough space, if not just copy src (ugh)
+ */
 char *
 line_fullname(char *dst, const char *src, int dstsize)
 {
        memset(dst, '\0', dstsize);
-        if ((strncmp(src, "/dev/", 5) == 0) || (dstsize < (strlen(src) + 5))) {
+        if ((strncmp(src, "/dev/", 5) == 0) || (dstsize < (strlen(src) + 5)))
                strlcpy(dst, src, dstsize);
-        } else {
+        else {
                strlcpy(dst, "/dev/", dstsize);
                strlcat(dst, src, dstsize);
        }
-        return dst;
+        return (dst);
 }
 /* line_stripname(): strip the leading '/dev' if it exists, return dst */
@@ -544,15 +555,17 @@ line_stripname(char *dst, const char *src, int dstsize)
                strlcpy(dst, src + 5, dstsize);
        else
                strlcpy(dst, src, dstsize);
-        return dst;
+        return (dst);
 }
-/* line_abbrevname(): Return the abbreviated (usually four-character)
+/* 
+ * line_abbrevname(): Return the abbreviated (usually four-character)
 * form of the line (Just use the last <dstsize> characters of the
 * full name.)
 *
 * NOTE: use strncpy because we do NOT necessarily want zero
- * termination */
+ * termination
+ */
 char *
 line_abbrevname(char *dst, const char *src, int dstsize)
 {
@@ -579,7 +592,7 @@ line_abbrevname(char *dst, const char *src, int dstsize)
                strncpy(dst, src, (size_t)dstsize);
        }
-        return dst;
+        return (dst);
 }
 /**
@@ -595,13 +608,11 @@ line_abbrevname(char *dst, const char *src, int dstsize)
 void
 set_utmp_time(struct logininfo *li, struct utmp *ut)
 {
-# ifdef HAVE_TV_IN_UTMP
+# if defined(HAVE_TV_IN_UTMP)
        ut->ut_tv.tv_sec = li->tv_sec;
        ut->ut_tv.tv_usec = li->tv_usec;
-# else
+# elif defined(HAVE_TIME_IN_UTMP)
-#  ifdef HAVE_TIME_IN_UTMP
        ut->ut_time = li->tv_sec;
-#  endif
 # endif
 }
@@ -611,7 +622,8 @@ construct_utmp(struct logininfo *li,
 {
 # ifdef HAVE_ADDR_V6_IN_UTMP
        struct sockaddr_in6 *sa6;
-#  endif
+# endif
        memset(ut, '\0', sizeof(*ut));
        /* First fill out fields used for both logins and logouts */
@@ -647,7 +659,7 @@ construct_utmp(struct logininfo *li,
        /* If we're logging out, leave all other fields blank */
        if (li->type == LTYPE_LOGOUT)
-          return;
+                return;
        /*
         * These fields are only used when logging in, and are blank
@@ -655,9 +667,11 @@ construct_utmp(struct logininfo *li,
         */
        /* Use strncpy because we don't necessarily want null termination */
-        strncpy(ut->ut_name, li->username, MIN_SIZEOF(ut->ut_name, li->username));
+        strncpy(ut->ut_name, li->username,
+            MIN_SIZEOF(ut->ut_name, li->username));
 # ifdef HAVE_HOST_IN_UTMP
-        strncpy(ut->ut_host, li->hostname, MIN_SIZEOF(ut->ut_host, li->hostname));
+        strncpy(ut->ut_host, li->hostname,
+            MIN_SIZEOF(ut->ut_host, li->hostname));
 # endif
 # ifdef HAVE_ADDR_IN_UTMP
        /* this is just a 32-bit IP address */
@@ -692,14 +706,12 @@ construct_utmp(struct logininfo *li,
 void
 set_utmpx_time(struct logininfo *li, struct utmpx *utx)
 {
-# ifdef HAVE_TV_IN_UTMPX
+# if defined(HAVE_TV_IN_UTMPX)
        utx->ut_tv.tv_sec = li->tv_sec;
        utx->ut_tv.tv_usec = li->tv_usec;
-# else /* HAVE_TV_IN_UTMPX */
+# elif defined(HAVE_TIME_IN_UTMPX)
-#  ifdef HAVE_TIME_IN_UTMPX
        utx->ut_time = li->tv_sec;
-#  endif /* HAVE_TIME_IN_UTMPX */
+# endif
-# endif /* HAVE_TV_IN_UTMPX */
 }
 void
@@ -709,6 +721,7 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx)
        struct sockaddr_in6 *sa6;
 #  endif
        memset(utx, '\0', sizeof(*utx));
 # ifdef HAVE_ID_IN_UTMPX
        line_abbrevname(utx->ut_id, li->line, sizeof(utx->ut_id));
 # endif
@@ -725,8 +738,10 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx)
        line_stripname(utx->ut_line, li->line, sizeof(utx->ut_line));
        set_utmpx_time(li, utx);
        utx->ut_pid = li->pid;
        /* strncpy(): Don't necessarily want null termination */
-        strncpy(utx->ut_name, li->username, MIN_SIZEOF(utx->ut_name, li->username));
+        strncpy(utx->ut_name, li->username,
+            MIN_SIZEOF(utx->ut_name, li->username));
        if (li->type == LTYPE_LOGOUT)
                return;
@@ -737,7 +752,8 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx)
         */
 # ifdef HAVE_HOST_IN_UTMPX
-        strncpy(utx->ut_host, li->hostname, MIN_SIZEOF(utx->ut_host, li->hostname));
+        strncpy(utx->ut_host, li->hostname,
+            MIN_SIZEOF(utx->ut_host, li->hostname));
 # endif
 # ifdef HAVE_ADDR_IN_UTMPX
        /* this is just a 32-bit IP address */
@@ -785,16 +801,17 @@ utmp_write_library(struct logininfo *li, struct utmp *ut)
 {
        setutent();
        pututline(ut);
 #  ifdef HAVE_ENDUTENT
        endutent();
 #  endif
-        return 1;
+        return (1);
 }
 # else /* UTMP_USE_LIBRARY */
-/* write a utmp entry direct to the file */
+/* 
-/* This is a slightly modification of code in OpenBSD's login.c */
+ * Write a utmp entry direct to the file
+ * This is a slightly modification of code in OpenBSD's login.c
+ */
 static int
 utmp_write_direct(struct logininfo *li, struct utmp *ut)
 {
@@ -805,19 +822,18 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut)
        /* FIXME: (ATL) ttyslot() needs local implementation */
 #if defined(HAVE_GETTTYENT)
-        register struct ttyent *ty;
+        struct ttyent *ty;
        tty=0;
        setttyent();
-        while ((struct ttyent *)0 != (ty = getttyent())) {
+        while (NULL != (ty = getttyent())) {
                tty++;
                if (!strncmp(ty->ty_name, ut->ut_line, sizeof(ut->ut_line)))
                        break;
        }
        endttyent();
-        if((struct ttyent *)0 == ty) {
+        if (NULL == ty) {
                logit("%s: tty not found", __func__);
                return (0);
        }
@@ -832,12 +848,12 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut)
                pos = (off_t)tty * sizeof(struct utmp);
                if ((ret = lseek(fd, pos, SEEK_SET)) == -1) {
-                        logit("%s: llseek: %s", strerror(errno));
+                        logit("%s: lseek: %s", __func__, strerror(errno));
                        return (0);
                }
                if (ret != pos) {
-                        logit("%s: Couldn't seek to tty %s slot in %s", tty,
+                        logit("%s: Couldn't seek to tty %d slot in %s", 
-                            UTMP_FILE);
+                            __func__, tty, UTMP_FILE);
                        return (0);
                }
                /*
@@ -846,29 +862,29 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut)
                 * and ut_line and ut_name match, preserve the old ut_line.
                 */
                if (atomicio(read, fd, &old_ut, sizeof(old_ut)) == sizeof(old_ut) &&
-                        (ut->ut_host[0] == '\0') && (old_ut.ut_host[0] != '\0') &&
+                    (ut->ut_host[0] == '\0') && (old_ut.ut_host[0] != '\0') &&
-                        (strncmp(old_ut.ut_line, ut->ut_line, sizeof(ut->ut_line)) == 0) &&
+                    (strncmp(old_ut.ut_line, ut->ut_line, sizeof(ut->ut_line)) == 0) &&
-                        (strncmp(old_ut.ut_name, ut->ut_name, sizeof(ut->ut_name)) == 0)) {
+                    (strncmp(old_ut.ut_name, ut->ut_name, sizeof(ut->ut_name)) == 0))
-                        (void)memcpy(ut->ut_host, old_ut.ut_host, sizeof(ut->ut_host));
+                        memcpy(ut->ut_host, old_ut.ut_host, sizeof(ut->ut_host));
-                }
                if ((ret = lseek(fd, pos, SEEK_SET)) == -1) {
-                        logit("%s: llseek: %s", __func__, strerror(errno));
+                        logit("%s: lseek: %s", __func__, strerror(errno));
                        return (0);
                }
                if (ret != pos) {
-                        logit("%s: Couldn't seek to tty %s slot in %s",
+                        logit("%s: Couldn't seek to tty %d slot in %s",
                            __func__, tty, UTMP_FILE);
                        return (0);
                }
-                if (atomicio(vwrite, fd, ut, sizeof(*ut)) != sizeof(*ut))
+                if (atomicio(vwrite, fd, ut, sizeof(*ut)) != sizeof(*ut)) {
                        logit("%s: error writing %s: %s", __func__,
                            UTMP_FILE, strerror(errno));
+                }
-                (void)close(fd);
+                close(fd);
-                return 1;
+                return (1);
        } else {
-                return 0;
+                return (0);
        }
 }
 # endif /* UTMP_USE_LIBRARY */
@@ -881,16 +897,16 @@ utmp_perform_login(struct logininfo *li)
        construct_utmp(li, &ut);
 # ifdef UTMP_USE_LIBRARY
        if (!utmp_write_library(li, &ut)) {
-                logit("utmp_perform_login: utmp_write_library() failed");
+                logit("%s: utmp_write_library() failed", __func__);
-                return 0;
+                return (0);
        }
 # else
        if (!utmp_write_direct(li, &ut)) {
-                logit("utmp_perform_login: utmp_write_direct() failed");
+                logit("%s: utmp_write_direct() failed", __func__);
-                return 0;
+                return (0);
        }
 # endif
-        return 1;
+        return (1);
 }
@@ -902,16 +918,16 @@ utmp_perform_logout(struct logininfo *li)
        construct_utmp(li, &ut);
 # ifdef UTMP_USE_LIBRARY
        if (!utmp_write_library(li, &ut)) {
-                logit("utmp_perform_logout: utmp_write_library() failed");
+                logit("%s: utmp_write_library() failed", __func__);
-                return 0;
+                return (0);
        }
 # else
        if (!utmp_write_direct(li, &ut)) {
-                logit("utmp_perform_logout: utmp_write_direct() failed");
+                logit("%s: utmp_write_direct() failed", __func__);
-                return 0;
+                return (0);
        }
 # endif
-        return 1;
+        return (1);
 }
@@ -920,14 +936,14 @@ utmp_write_entry(struct logininfo *li)
 {
        switch(li->type) {
        case LTYPE_LOGIN:
-                return utmp_perform_login(li);
+                return (utmp_perform_login(li));
        case LTYPE_LOGOUT:
-                return utmp_perform_logout(li);
+                return (utmp_perform_logout(li));
        default:
-                logit("utmp_write_entry: invalid type field");
+                logit("%s: invalid type field", __func__);
-                return 0;
+                return (0);
        }
 }
 #endif /* USE_UTMP */
@@ -958,7 +974,7 @@ utmpx_write_library(struct logininfo *li, struct utmpx *utx)
 #  ifdef HAVE_ENDUTXENT
        endutxent();
 #  endif
-        return 1;
+        return (1);
 }
 # else /* UTMPX_USE_LIBRARY */
@@ -967,8 +983,8 @@ utmpx_write_library(struct logininfo *li, struct utmpx *utx)
 static int
 utmpx_write_direct(struct logininfo *li, struct utmpx *utx)
 {
-        logit("utmpx_write_direct: not implemented!");
+        logit("%s: not implemented!", __func__);
-        return 0;
+        return (0);
 }
 # endif /* UTMPX_USE_LIBRARY */
@@ -980,16 +996,16 @@ utmpx_perform_login(struct logininfo *li)
        construct_utmpx(li, &utx);
 # ifdef UTMPX_USE_LIBRARY
        if (!utmpx_write_library(li, &utx)) {
-                logit("utmpx_perform_login: utmp_write_library() failed");
+                logit("%s: utmp_write_library() failed", __func__);
-                return 0;
+                return (0);
        }
 # else
        if (!utmpx_write_direct(li, &ut)) {
-                logit("utmpx_perform_login: utmp_write_direct() failed");
+                logit("%s: utmp_write_direct() failed", __func__);
-                return 0;
+                return (0);
        }
 # endif
-        return 1;
+        return (1);
 }
@@ -1011,7 +1027,7 @@ utmpx_perform_logout(struct logininfo *li)
 # else
        utmpx_write_direct(li, &utx);
 # endif
-        return 1;
+        return (1);
 }
 int
@@ -1019,12 +1035,12 @@ utmpx_write_entry(struct logininfo *li)
 {
        switch(li->type) {
        case LTYPE_LOGIN:
-                return utmpx_perform_login(li);
+                return (utmpx_perform_login(li));
        case LTYPE_LOGOUT:
-                return utmpx_perform_logout(li);
+                return (utmpx_perform_logout(li));
        default:
-                logit("utmpx_write_entry: invalid type field");
+                logit("%s: invalid type field", __func__);
-                return 0;
+                return (0);
        }
 }
 #endif /* USE_UTMPX */
@@ -1036,8 +1052,10 @@ utmpx_write_entry(struct logininfo *li)
 #ifdef USE_WTMP
-/* write a wtmp entry direct to the end of the file */
+/* 
-/* This is a slight modification of code in OpenBSD's logwtmp.c */
+ * Write a wtmp entry direct to the end of the file
+ * This is a slight modification of code in OpenBSD's logwtmp.c
+ */
 static int
 wtmp_write(struct logininfo *li, struct utmp *ut)
 {
@@ -1045,19 +1063,19 @@ wtmp_write(struct logininfo *li, struct utmp *ut)
        int fd, ret = 1;
        if ((fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0) {
-                logit("wtmp_write: problem writing %s: %s",
+                logit("%s: problem writing %s: %s", __func__,
                    WTMP_FILE, strerror(errno));
-                return 0;
+                return (0);
        }
        if (fstat(fd, &buf) == 0)
                if (atomicio(vwrite, fd, ut, sizeof(*ut)) != sizeof(*ut)) {
                        ftruncate(fd, buf.st_size);
-                        logit("wtmp_write: problem writing %s: %s",
+                        logit("%s: problem writing %s: %s", __func__,
                            WTMP_FILE, strerror(errno));
                        ret = 0;
                }
-        (void)close(fd);
+        close(fd);
-        return ret;
+        return (ret);
 }
 static int
@@ -1066,7 +1084,7 @@ wtmp_perform_login(struct logininfo *li)
        struct utmp ut;
        construct_utmp(li, &ut);
-        return wtmp_write(li, &ut);
+        return (wtmp_write(li, &ut));
 }
@@ -1076,7 +1094,7 @@ wtmp_perform_logout(struct logininfo *li)
        struct utmp ut;
        construct_utmp(li, &ut);
-        return wtmp_write(li, &ut);
+        return (wtmp_write(li, &ut));
 }
@@ -1085,17 +1103,18 @@ wtmp_write_entry(struct logininfo *li)
 {
        switch(li->type) {
        case LTYPE_LOGIN:
-                return wtmp_perform_login(li);
+                return (wtmp_perform_login(li));
        case LTYPE_LOGOUT:
-                return wtmp_perform_logout(li);
+                return (wtmp_perform_logout(li));
        default:
-                logit("wtmp_write_entry: invalid type field");
+                logit("%s: invalid type field", __func__);
-                return 0;
+                return (0);
        }
 }
-/* Notes on fetching login data from wtmp/wtmpx
+/* 
+ * Notes on fetching login data from wtmp/wtmpx
 *
 * Logouts are usually recorded with (amongst other things) a blank
 * username on a given tty line.  However, some systems (HP-UX is one)
@@ -1116,15 +1135,15 @@ static int
 wtmp_islogin(struct logininfo *li, struct utmp *ut)
 {
        if (strncmp(li->username, ut->ut_name,
-                MIN_SIZEOF(li->username, ut->ut_name)) == 0) {
+            MIN_SIZEOF(li->username, ut->ut_name)) == 0) {
 # ifdef HAVE_TYPE_IN_UTMP
                if (ut->ut_type & USER_PROCESS)
-                        return 1;
+                        return (1);
 # else
-                return 1;
+                return (1);
 # endif
        }
-        return 0;
+        return (0);
 }
 int
@@ -1132,41 +1151,43 @@ wtmp_get_entry(struct logininfo *li)
 {
        struct stat st;
        struct utmp ut;
-        int fd, found=0;
+        int fd, found = 0;
        /* Clear the time entries in our logininfo */
        li->tv_sec = li->tv_usec = 0;
        if ((fd = open(WTMP_FILE, O_RDONLY)) < 0) {
-                logit("wtmp_get_entry: problem opening %s: %s",
+                logit("%s: problem opening %s: %s", __func__, 
                    WTMP_FILE, strerror(errno));
-                return 0;
+                return (0);
        }
        if (fstat(fd, &st) != 0) {
-                logit("wtmp_get_entry: couldn't stat %s: %s",
+                logit("%s: couldn't stat %s: %s", __func__, 
                    WTMP_FILE, strerror(errno));
                close(fd);
-                return 0;
+                return (0);
        }
        /* Seek to the start of the last struct utmp */
        if (lseek(fd, -(off_t)sizeof(struct utmp), SEEK_END) == -1) {
                /* Looks like we've got a fresh wtmp file */
                close(fd);
-                return 0;
+                return (0);
        }
        while (!found) {
                if (atomicio(read, fd, &ut, sizeof(ut)) != sizeof(ut)) {
-                        logit("wtmp_get_entry: read of %s failed: %s",
+                        logit("%s: read of %s failed: %s", __func__, 
                            WTMP_FILE, strerror(errno));
                        close (fd);
-                        return 0;
+                        return (0);
                }
                if ( wtmp_islogin(li, &ut) ) {
                        found = 1;
-                        /* We've already checked for a time in struct
+                        /*
-                         * utmp, in login_getlast(). */
+                         * We've already checked for a time in struct
+                         * utmp, in login_getlast()
+                         */
 # ifdef HAVE_TIME_IN_UTMP
                        li->tv_sec = ut.ut_time;
 # else
@@ -1175,24 +1196,24 @@ wtmp_get_entry(struct logininfo *li)
 #  endif
 # endif
                        line_fullname(li->line, ut.ut_line,
-                                      MIN_SIZEOF(li->line, ut.ut_line));
+                            MIN_SIZEOF(li->line, ut.ut_line));
 # ifdef HAVE_HOST_IN_UTMP
                        strlcpy(li->hostname, ut.ut_host,
-                                MIN_SIZEOF(li->hostname, ut.ut_host));
+                            MIN_SIZEOF(li->hostname, ut.ut_host));
 # endif
                        continue;
                }
                /* Seek back 2 x struct utmp */
                if (lseek(fd, -(off_t)(2 * sizeof(struct utmp)), SEEK_CUR) == -1) {
                        /* We've found the start of the file, so quit */
-                        close (fd);
+                        close(fd);
-                        return 0;
+                        return (0);
                }
        }
        /* We found an entry. Tidy up and return */
        close(fd);
-        return 1;
+        return (1);
 }
 # endif /* USE_WTMP */
@@ -1202,8 +1223,10 @@ wtmp_get_entry(struct logininfo *li)
 **/
 #ifdef USE_WTMPX
-/* write a wtmpx entry direct to the end of the file */
+/*
-/* This is a slight modification of code in OpenBSD's logwtmp.c */
+ * Write a wtmpx entry direct to the end of the file
+ * This is a slight modification of code in OpenBSD's logwtmp.c
+ */
 static int
 wtmpx_write(struct logininfo *li, struct utmpx *utx)
 {
@@ -1212,24 +1235,24 @@ wtmpx_write(struct logininfo *li, struct utmpx *utx)
        int fd, ret = 1;
        if ((fd = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0)) < 0) {
-                logit("wtmpx_write: problem opening %s: %s",
+                logit("%s: problem opening %s: %s", __func__, 
                    WTMPX_FILE, strerror(errno));
-                return 0;
+                return (0);
        }
        if (fstat(fd, &buf) == 0)
                if (atomicio(vwrite, fd, utx, sizeof(*utx)) != sizeof(*utx)) {
                        ftruncate(fd, buf.st_size);
-                        logit("wtmpx_write: problem writing %s: %s",
+                        logit("%s: problem writing %s: %s", __func__,
                            WTMPX_FILE, strerror(errno));
                        ret = 0;
                }
-        (void)close(fd);
+        close(fd);
-        return ret;
+        return (ret);
 #else
        updwtmpx(WTMPX_FILE, utx);
-        return 1;
+        return (1);
 #endif
 }
@@ -1240,7 +1263,7 @@ wtmpx_perform_login(struct logininfo *li)
        struct utmpx utx;
        construct_utmpx(li, &utx);
-        return wtmpx_write(li, &utx);
+        return (wtmpx_write(li, &utx));
 }
@@ -1250,7 +1273,7 @@ wtmpx_perform_logout(struct logininfo *li)
        struct utmpx utx;
        construct_utmpx(li, &utx);
-        return wtmpx_write(li, &utx);
+        return (wtmpx_write(li, &utx));
 }
@@ -1259,12 +1282,12 @@ wtmpx_write_entry(struct logininfo *li)
 {
        switch(li->type) {
        case LTYPE_LOGIN:
-                return wtmpx_perform_login(li);
+                return (wtmpx_perform_login(li));
        case LTYPE_LOGOUT:
-                return wtmpx_perform_logout(li);
+                return (wtmpx_perform_logout(li));
        default:
-                logit("wtmpx_write_entry: invalid type field");
+                logit("%s: invalid type field", __func__);
-                return 0;
+                return (0);
        }
 }
@@ -1275,16 +1298,16 @@ wtmpx_write_entry(struct logininfo *li)
 static int
 wtmpx_islogin(struct logininfo *li, struct utmpx *utx)
 {
-        if ( strncmp(li->username, utx->ut_name,
+        if (strncmp(li->username, utx->ut_name,
-                MIN_SIZEOF(li->username, utx->ut_name)) == 0 ) {
+            MIN_SIZEOF(li->username, utx->ut_name)) == 0 ) {
 # ifdef HAVE_TYPE_IN_UTMPX
                if (utx->ut_type == USER_PROCESS)
-                        return 1;
+                        return (1);
 # else
-                return 1;
+                return (1);
 # endif
        }
-        return 0;
+        return (0);
 }
@@ -1299,57 +1322,57 @@ wtmpx_get_entry(struct logininfo *li)
        li->tv_sec = li->tv_usec = 0;
        if ((fd = open(WTMPX_FILE, O_RDONLY)) < 0) {
-                logit("wtmpx_get_entry: problem opening %s: %s",
+                logit("%s: problem opening %s: %s", __func__, 
                    WTMPX_FILE, strerror(errno));
-                return 0;
+                return (0);
        }
        if (fstat(fd, &st) != 0) {
-                logit("wtmpx_get_entry: couldn't stat %s: %s",
+                logit("%s: couldn't stat %s: %s", __func__, 
                    WTMPX_FILE, strerror(errno));
                close(fd);
-                return 0;
+                return (0);
        }
        /* Seek to the start of the last struct utmpx */
        if (lseek(fd, -(off_t)sizeof(struct utmpx), SEEK_END) == -1 ) {
                /* probably a newly rotated wtmpx file */
                close(fd);
-                return 0;
+                return (0);
        }
        while (!found) {
                if (atomicio(read, fd, &utx, sizeof(utx)) != sizeof(utx)) {
-                        logit("wtmpx_get_entry: read of %s failed: %s",
+                        logit("%s: read of %s failed: %s", __func__, 
                            WTMPX_FILE, strerror(errno));
                        close (fd);
-                        return 0;
+                        return (0);
                }
-                /* Logouts are recorded as a blank username on a particular line.
+                /*
-                 * So, we just need to find the username in struct utmpx */
+                 * Logouts are recorded as a blank username on a particular 
-                if ( wtmpx_islogin(li, &utx) ) {
+                 * line. So, we just need to find the username in struct utmpx
+                 */
+                if (wtmpx_islogin(li, &utx)) {
                        found = 1;
-# ifdef HAVE_TV_IN_UTMPX
+# if defined(HAVE_TV_IN_UTMPX)
                        li->tv_sec = utx.ut_tv.tv_sec;
-# else
+# elif defined(HAVE_TIME_IN_UTMPX)
-#  ifdef HAVE_TIME_IN_UTMPX
                        li->tv_sec = utx.ut_time;
-#  endif
 # endif
                        line_fullname(li->line, utx.ut_line, sizeof(li->line));
-# ifdef HAVE_HOST_IN_UTMPX
+# if defined(HAVE_HOST_IN_UTMPX)
                        strlcpy(li->hostname, utx.ut_host,
-                                MIN_SIZEOF(li->hostname, utx.ut_host));
+                            MIN_SIZEOF(li->hostname, utx.ut_host));
 # endif
                        continue;
                }
                if (lseek(fd, -(off_t)(2 * sizeof(struct utmpx)), SEEK_CUR) == -1) {
-                        close (fd);
+                        close(fd);
-                        return 0;
+                        return (0);
                }
        }
        close(fd);
-        return 1;
+        return (1);
 }
 #endif /* USE_WTMPX */
@@ -1363,15 +1386,12 @@ syslogin_perform_login(struct logininfo *li)
 {
        struct utmp *ut;
-        if (! (ut = (struct utmp *)malloc(sizeof(*ut)))) {
+        ut = xmalloc(sizeof(*ut));
-                logit("syslogin_perform_login: couldn't malloc()");
-                return 0;
-        }
        construct_utmp(li, ut);
        login(ut);
        free(ut);
-        return 1;
+        return (1);
 }
 static int
@@ -1382,19 +1402,18 @@ syslogin_perform_logout(struct logininfo *li)
        (void)line_stripname(line, li->line, sizeof(line));
-        if (!logout(line)) {
+        if (!logout(line))
-                logit("syslogin_perform_logout: logout() returned an error");
+                logit("%s: logout() returned an error", __func__);
 #  ifdef HAVE_LOGWTMP
-        } else {
+        else
                logwtmp(line, "", "");
 #  endif
-        }
        /* FIXME: (ATL - if the need arises) What to do if we have
         * login, but no logout?  what if logout but no logwtmp? All
         * routines are in libutil so they should all be there,
         * but... */
 # endif
-        return 1;
+        return (1);
 }
 int
@@ -1402,12 +1421,12 @@ syslogin_write_entry(struct logininfo *li)
 {
        switch (li->type) {
        case LTYPE_LOGIN:
-                return syslogin_perform_login(li);
+                return (syslogin_perform_login(li));
        case LTYPE_LOGOUT:
-                return syslogin_perform_logout(li);
+                return (syslogin_perform_logout(li));
        default:
-                logit("syslogin_write_entry: Invalid type field");
+                logit("%s: Invalid type field", __func__);
-                return 0;
+                return (0);
        }
 }
 #endif /* USE_LOGIN */
@@ -1429,7 +1448,7 @@ lastlog_construct(struct logininfo *li, struct lastlog *last)
        /* clear the structure */
        memset(last, '\0', sizeof(*last));
-        (void)line_stripname(last->ll_line, li->line, sizeof(last->ll_line));
+        line_stripname(last->ll_line, li->line, sizeof(last->ll_line));
        strlcpy(last->ll_host, li->hostname,
                MIN_SIZEOF(last->ll_host, li->hostname));
        last->ll_time = li->tv_sec;
@@ -1441,16 +1460,16 @@ lastlog_filetype(char *filename)
        struct stat st;
        if (stat(LASTLOG_FILE, &st) != 0) {
-                logit("lastlog_perform_login: Couldn't stat %s: %s", LASTLOG_FILE,
+                logit("%s: Couldn't stat %s: %s", __func__,
-                        strerror(errno));
+                    LASTLOG_FILE, strerror(errno));
-                return 0;
+                return (0);
        }
        if (S_ISDIR(st.st_mode))
-                return LL_DIR;
+                return (LL_DIR);
        else if (S_ISREG(st.st_mode))
-                return LL_FILE;
+                return (LL_FILE);
        else
-                return LL_OTHER;
+                return (LL_OTHER);
 }
@@ -1464,38 +1483,39 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode)
        type = lastlog_filetype(LASTLOG_FILE);
        switch (type) {
-                case LL_FILE:
+        case LL_FILE:
-                        strlcpy(lastlog_file, LASTLOG_FILE, sizeof(lastlog_file));
+                strlcpy(lastlog_file, LASTLOG_FILE,
-                        break;
+                    sizeof(lastlog_file));
-                case LL_DIR:
+                break;
-                        snprintf(lastlog_file, sizeof(lastlog_file), "%s/%s",
+        case LL_DIR:
-                                 LASTLOG_FILE, li->username);
+                snprintf(lastlog_file, sizeof(lastlog_file), "%s/%s",
-                        break;
+                    LASTLOG_FILE, li->username);
-                default:
+                break;
-                        logit("lastlog_openseek: %.100s is not a file or directory!",
+        default:
-                            LASTLOG_FILE);
+                logit("%s: %.100s is not a file or directory!", __func__,
-                        return 0;
+                    LASTLOG_FILE);
+                return (0);
        }
        *fd = open(lastlog_file, filemode, 0600);
-        if ( *fd < 0) {
+        if (*fd < 0) {
-                debug("lastlog_openseek: Couldn't open %s: %s",
+                debug("%s: Couldn't open %s: %s", __func__,
                    lastlog_file, strerror(errno));
-                return 0;
+                return (0);
        }
        if (type == LL_FILE) {
                /* find this uid's offset in the lastlog file */
                offset = (off_t) ((long)li->uid * sizeof(struct lastlog));
-                if ( lseek(*fd, offset, SEEK_SET) != offset ) {
+                if (lseek(*fd, offset, SEEK_SET) != offset) {
-                        logit("lastlog_openseek: %s->lseek(): %s",
+                        logit("%s: %s->lseek(): %s", __func__,
-                         lastlog_file, strerror(errno));
+                            lastlog_file, strerror(errno));
-                        return 0;
+                        return (0);
                }
        }
-        return 1;
+        return (1);
 }
 static int
@@ -1508,18 +1528,18 @@ lastlog_perform_login(struct logininfo *li)
        lastlog_construct(li, &last);
        if (!lastlog_openseek(li, &fd, O_RDWR|O_CREAT))
-                return(0);
+                return (0);
        /* write the entry */
        if (atomicio(vwrite, fd, &last, sizeof(last)) != sizeof(last)) {
                close(fd);
-                logit("lastlog_write_filemode: Error writing to %s: %s",
+                logit("%s: Error writing to %s: %s", __func__,
                    LASTLOG_FILE, strerror(errno));
-                return 0;
+                return (0);
        }
        close(fd);
-        return 1;
+        return (1);
 }
 int
@@ -1527,10 +1547,10 @@ lastlog_write_entry(struct logininfo *li)
 {
        switch(li->type) {
        case LTYPE_LOGIN:
-                return lastlog_perform_login(li);
+                return (lastlog_perform_login(li));
        default:
-                logit("lastlog_write_entry: Invalid type field");
+                logit("%s: Invalid type field", __func__);
-                return 0;
+                return (0);
        }
 }
@@ -1539,7 +1559,7 @@ lastlog_populate_entry(struct logininfo *li, struct lastlog *last)
 {
        line_fullname(li->line, last->ll_line, sizeof(li->line));
        strlcpy(li->hostname, last->ll_host,
-                MIN_SIZEOF(li->hostname, last->ll_host));
+            MIN_SIZEOF(li->hostname, last->ll_host));
        li->tv_sec = last->ll_time;
 }
@@ -1576,3 +1596,82 @@ lastlog_get_entry(struct logininfo *li)
        return (0);
 }
 #endif /* USE_LASTLOG */
+#ifdef USE_BTMP
+  /*
+   * Logs failed login attempts in _PATH_BTMP if that exists.
+   * The most common login failure is to give password instead of username.
+   * So the _PATH_BTMP file checked for the correct permission, so that
+   * only root can read it.
+   */
+void
+record_failed_login(const char *username, const char *hostname,
+    const char *ttyn)
+{
+        int fd;
+        struct utmp ut;
+        struct sockaddr_storage from;
+        size_t fromlen = sizeof(from);
+        struct sockaddr_in *a4;
+        struct sockaddr_in6 *a6;
+        time_t t;
+        struct stat fst;
+        if (geteuid() != 0)
+                return;
+        if ((fd = open(_PATH_BTMP, O_WRONLY | O_APPEND)) < 0) {
+                debug("Unable to open the btmp file %s: %s", _PATH_BTMP,
+                    strerror(errno));
+                return;
+        }
+        if (fstat(fd, &fst) < 0) {
+                logit("%s: fstat of %s failed: %s", __func__, _PATH_BTMP,
+                    strerror(errno));
+                goto out;
+        }
+        if((fst.st_mode & (S_IRWXG | S_IRWXO)) || (fst.st_uid != 0)){
+                logit("Excess permission or bad ownership on file %s",
+                    _PATH_BTMP);
+                goto out;
+        }
+        memset(&ut, 0, sizeof(ut));
+        /* strncpy because we don't necessarily want nul termination */
+        strncpy(ut.ut_user, username, sizeof(ut.ut_user));
+        strlcpy(ut.ut_line, "ssh:notty", sizeof(ut.ut_line));
+        time(&t);
+        ut.ut_time = t;     /* ut_time is not always a time_t */
+        ut.ut_type = LOGIN_PROCESS;
+        ut.ut_pid = getpid();
+        /* strncpy because we don't necessarily want nul termination */
+        strncpy(ut.ut_host, hostname, sizeof(ut.ut_host));
+        if (packet_connection_is_on_socket() &&
+            getpeername(packet_get_connection_in(),
+            (struct sockaddr *)&from, &fromlen) == 0) {
+                ipv64_normalise_mapped(&from, &fromlen);
+                if (from.ss_family == AF_INET) {
+                        a4 = (struct sockaddr_in *)&from;
+                        memcpy(&ut.ut_addr, &(a4->sin_addr),
+                            MIN_SIZEOF(ut.ut_addr, a4->sin_addr));
+                }
+#ifdef HAVE_ADDR_V6_IN_UTMP
+                if (from.ss_family == AF_INET6) {
+                        a6 = (struct sockaddr_in6 *)&from;
+                        memcpy(&ut.ut_addr_v6, &(a6->sin6_addr),
+                            MIN_SIZEOF(ut.ut_addr_v6, a6->sin6_addr));
+                }
+#endif
+        }
+        if (atomicio(vwrite, fd, &ut, sizeof(ut)) != sizeof(ut))
+                error("Failed to write to %s: %s", _PATH_BTMP,
+                    strerror(errno));
+out:
+        close(fd);
+}
+#endif  /* USE_BTMP */