- dtucker@cvs.openbsd.org 2004/07/17 05:31:41

[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c] Move "Last logged in at.." message generation to the monitor, right before recording the new login. Fixes missing lastlog message when /var/log/lastlog is not world-readable and incorrect datestamp when multiple sessions are used (bz #463); much assistance & ok markus@
2004-07-17 17:05:14 +10:00 · 2004-07-17 17:05:14 +10:00 · 0999174755
parent 3ca4508201
commit 0999174755
7 changed files with 89 additions and 42 deletions
--- a/8
+++ b/8
@ -15,6 +15,12 @@
     Fix incorrect macro, .I -> .Em
     From: Eric S. Raymond <esr at thyrsus dot com>
     ok jmc@
+   - dtucker@cvs.openbsd.org 2004/07/17 05:31:41
+     [monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
+     Move "Last logged in at.." message generation to the monitor, right
+     before recording the new login.  Fixes missing lastlog message when
+     /var/log/lastlog is not world-readable and incorrect datestamp when
+     multiple sessions are used (bz #463);  much assistance & ok markus@

 20040711
 - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows
@ -1521,4 +1527,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu

-$Id: ChangeLog,v 1.3476 2004/07/17 06:13:15 dtucker Exp $
+$Id: ChangeLog,v 1.3477 2004/07/17 07:05:14 dtucker Exp $
--- a/monitor.c
+++ b/monitor.c
@ -25,7 +25,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.60 2004/06/22 05:05:45 dtucker Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.61 2004/07/17 05:31:41 dtucker Exp $");

 #include <openssl/dh.h>

@ -79,6 +79,7 @@ extern u_char session_id[];
 extern Buffer input, output;
 extern Buffer auth_debug;
 extern int auth_debug_init;
+extern Buffer loginmsg;

 /* State exported from the child */

@ -1230,10 +1231,6 @@ mm_answer_pty(int sock, Buffer *m)

 	buffer_put_int(m, 1);
 	buffer_put_cstring(m, s->tty);
-	mm_request_send(sock, MONITOR_ANS_PTY, m);
-
-	mm_send_fd(sock, s->ptyfd);
-	mm_send_fd(sock, s->ttyfd);

 	/* We need to trick ttyslot */
 	if (dup2(s->ttyfd, 0) == -1)
@ -1244,6 +1241,15 @@ mm_answer_pty(int sock, Buffer *m)
 	/* Now we can close the file descriptor again */
 	close(0);

+	/* send messages generated by record_login */
+	buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
+	buffer_clear(&loginmsg);
+
+	mm_request_send(sock, MONITOR_ANS_PTY, m);
+
+	mm_send_fd(sock, s->ptyfd);
+	mm_send_fd(sock, s->ttyfd);
+
 	/* make sure nothing uses fd 0 */
 	if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0)
 		fatal("%s: open(/dev/null): %s", __func__, strerror(errno));
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@ -25,7 +25,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.38 2004/07/03 11:02:25 dtucker Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.39 2004/07/17 05:31:41 dtucker Exp $");

 #include <openssl/bn.h>
 #include <openssl/dh.h>
@ -70,6 +70,7 @@ extern z_stream incoming_stream;
 extern z_stream outgoing_stream;
 extern struct monitor *pmonitor;
 extern Buffer input, output;
+extern Buffer loginmsg;
 extern ServerOptions options;

 int
@ -642,7 +643,7 @@ int
 mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
 {
 	Buffer m;
-	char *p;
+	char *p, *msg;
 	int success = 0;

 	buffer_init(&m);
@ -658,11 +659,15 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
 		return (0);
 	}
 	p = buffer_get_string(&m, NULL);
+	msg = buffer_get_string(&m, NULL);
 	buffer_free(&m);

 	strlcpy(namebuf, p, namebuflen); /* Possible truncation */
 	xfree(p);

+	buffer_append(&loginmsg, msg, strlen(msg));
+	xfree(msg);
+
 	*ptyfd = mm_receive_fd(pmonitor->m_recvfd);
 	*ttyfd = mm_receive_fd(pmonitor->m_recvfd);

--- a/session.c
+++ b/session.c
@ -33,7 +33,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.178 2004/07/11 17:48:47 deraadt Exp $");
+RCSID("$OpenBSD: session.c,v 1.179 2004/07/17 05:31:41 dtucker Exp $");

 #include "ssh.h"
 #include "ssh1.h"
@ -196,12 +196,11 @@ auth_input_request_forwarding(struct passwd * pw)
 static void
 display_loginmsg(void)
 {
-	if (buffer_len(&loginmsg) > 0) {
-		buffer_append(&loginmsg, "\0", 1);
-		printf("%s\n", (char *)buffer_ptr(&loginmsg));
-		buffer_clear(&loginmsg);
-	}
-	fflush(stdout);
+        if (buffer_len(&loginmsg) > 0) {
+                buffer_append(&loginmsg, "\0", 1);
+                printf("%s", (char *)buffer_ptr(&loginmsg));
+                buffer_clear(&loginmsg);
+        }
 }

 void
@ -676,14 +675,19 @@ do_exec(Session *s, const char *command)
 		do_exec_no_pty(s, command);

 	original_command = NULL;
-}

+	/*
+	 * Clear loginmsg: it's the child's responsibility to display
+	 * it to the user, otherwise multiple sessions may accumulate
+	 * multiple copies of the login messages.
+	 */
+	buffer_clear(&loginmsg);
+}

 /* administrative, login(1)-like work */
 void
 do_login(Session *s, const char *command)
 {
-	char *time_string;
 	socklen_t fromlen;
 	struct sockaddr_storage from;
 	struct passwd * pw = s->pw;
@ -728,19 +732,6 @@ do_login(Session *s, const char *command)

 	display_loginmsg();

-#ifndef NO_SSH_LASTLOG
-	if (options.print_lastlog && s->last_login_time != 0) {
-		time_string = ctime(&s->last_login_time);
-		if (strchr(time_string, '\n'))
-			*strchr(time_string, '\n') = 0;
-		if (strcmp(s->hostname, "") == 0)
-			printf("Last login: %s\r\n", time_string);
-		else
-			printf("Last login: %s from %s\r\n", time_string,
-			    s->hostname);
-	}
-#endif /* NO_SSH_LASTLOG */
-
 	do_motd();
 }

@ -1318,6 +1309,7 @@ do_setusercontext(struct passwd *pw)
 static void
 do_pwchange(Session *s)
 {
+	fflush(NULL);
 	fprintf(stderr, "WARNING: Your password has expired.\n");
 	if (s->ttyfd != -1) {
 		fprintf(stderr,
@ -1703,12 +1695,6 @@ session_pty_req(Session *s)
 		packet_disconnect("Protocol error: you already have a pty.");
 		return 0;
 	}
-	/* Get the time and hostname when the user last logged in. */
-	if (options.print_lastlog) {
-		s->hostname[0] = '\0';
-		s->last_login_time = get_last_login_time(s->pw->pw_uid,
-		    s->pw->pw_name, s->hostname, sizeof(s->hostname));
-	}

 	s->term = packet_get_string(&len);

--- a/session.h
+++ b/session.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: session.h,v 1.22 2004/04/27 09:46:37 djm Exp $	*/
+/*	$OpenBSD: session.h,v 1.23 2004/07/17 05:31:41 dtucker Exp $	*/

 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@ -39,9 +39,6 @@ struct Session {
 	int	ptyfd, ttyfd, ptymaster;
 	u_int	row, col, xpixel, ypixel;
 	char	tty[TTYSZ];
-	/* last login */
-	char	hostname[MAXHOSTNAMELEN];
-	time_t	last_login_time;
 	/* X11 */
 	u_int	display_number;
 	char	*display;
--- a/sshd.c
+++ b/sshd.c
@ -42,7 +42,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.298 2004/07/11 17:48:47 deraadt Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.299 2004/07/17 05:31:41 dtucker Exp $");

 #include <openssl/dh.h>
 #include <openssl/bn.h>
@ -216,6 +216,9 @@ Buffer loginmsg;
 /* global authentication context */
 Authctxt *the_authctxt = NULL;

+/* message to be displayed after login */
+Buffer loginmsg;
+
 /* Prototypes for various functions defined later in this file. */
 void destroy_sensitive_data(void);
 void demote_sensitive_data(void);
@ -1680,6 +1683,9 @@ main(int ac, char **av)
 		if (privsep_preauth(authctxt) == 1)
 			goto authenticated;

+	/* prepare buffer to collect messages to display to user after login */
+	buffer_init(&loginmsg);
+
 	/* perform the key exchange */
 	/* authenticate user and start session */
 	if (compat20) {
--- a/sshlogin.c
+++ b/sshlogin.c
@ -39,9 +39,15 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: sshlogin.c,v 1.9 2004/07/03 05:11:33 dtucker Exp $");
+RCSID("$OpenBSD: sshlogin.c,v 1.10 2004/07/17 05:31:41 dtucker Exp $");

 #include "loginrec.h"
+#include "log.h"
+#include "buffer.h"
+#include "servconf.h"
+
+extern Buffer loginmsg;
+extern ServerOptions options;

 /*
 * Returns the time when the user last logged in.  Returns 0 if the
@ -59,6 +65,38 @@ get_last_login_time(uid_t uid, const char *logname,
 	return li.tv_sec;
 }

+/*
+ * Generate and store last login message.  This must be done before
+ * login_login() is called and lastlog is updated.
+ */
+void
+store_lastlog_message(const char *user, uid_t uid)
+{
+	char *time_string, hostname[MAXHOSTNAMELEN] = "", buf[512];
+	time_t last_login_time;
+
+#ifndef NO_SSH_LASTLOG
+	if (!options.print_lastlog)
+		return;
+
+	last_login_time = get_last_login_time(uid, user, hostname,
+	    sizeof(hostname));
+
+	if (last_login_time != 0) {
+		time_string = ctime(&last_login_time);
+		if (strchr(time_string, '\n'))
+		    *strchr(time_string, '\n') = '\0';
+		if (strcmp(hostname, "") == 0)
+			snprintf(buf, sizeof(buf), "Last login: %s\r\n",
+			    time_string);
+		else
+			snprintf(buf, sizeof(buf), "Last login: %s from %s\r\n",
+			    time_string, hostname);
+		buffer_append(&loginmsg, buf, strlen(buf));
+	}
+#endif /* NO_SSH_LASTLOG */
+}
+
 /*
 * Records that the user has logged in.  I wish these parts of operating
 * systems were more standardized.
@ -69,6 +107,9 @@ record_login(pid_t pid, const char *tty, const char *user, uid_t uid,
 {
 	struct logininfo *li;

+	/* save previous login details before writing new */
+	store_lastlog_message(user, uid);
+
 	li = login_alloc_entry(pid, user, host, tty);
 	login_set_addr(li, addr, addrlen);
 	login_login(li);