summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@cvs.openbsd.org>2004-07-17 05:31:42 +0000
committerDarren Tucker <dtucker@cvs.openbsd.org>2004-07-17 05:31:42 +0000
commitcd1da93fdcb77629b53207e84d167d697e2a2b78 (patch)
treea111290710eda38a16e5725daba7cc1e7d75b4e4
parenta1b7ba98885586ea761d0a2809d683fae1ab8e86 (diff)
Move "Last logged in at.." message generation to the monitor, right
before recording the new login. Fixes missing lastlog message when /var/log/lastlog is not world-readable and incorrect datestamp when multiple sessions are used (bz #463); much assistance & ok markus@
-rw-r--r--usr.bin/ssh/monitor.c16
-rw-r--r--usr.bin/ssh/monitor_wrap.c9
-rw-r--r--usr.bin/ssh/session.c38
-rw-r--r--usr.bin/ssh/session.h5
-rw-r--r--usr.bin/ssh/sshd.c8
-rw-r--r--usr.bin/ssh/sshlogin.c40
6 files changed, 85 insertions, 31 deletions
diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c
index 604366225f0..a4dc59c7e6c 100644
--- a/usr.bin/ssh/monitor.c
+++ b/usr.bin/ssh/monitor.c
@@ -25,7 +25,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.60 2004/06/22 05:05:45 dtucker Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.61 2004/07/17 05:31:41 dtucker Exp $");
#include <openssl/dh.h>
@@ -73,6 +73,7 @@ extern u_char session_id[];
extern Buffer input, output;
extern Buffer auth_debug;
extern int auth_debug_init;
+extern Buffer loginmsg;
/* State exported from the child */
@@ -1051,10 +1052,6 @@ mm_answer_pty(int sock, Buffer *m)
buffer_put_int(m, 1);
buffer_put_cstring(m, s->tty);
- mm_request_send(sock, MONITOR_ANS_PTY, m);
-
- mm_send_fd(sock, s->ptyfd);
- mm_send_fd(sock, s->ttyfd);
/* We need to trick ttyslot */
if (dup2(s->ttyfd, 0) == -1)
@@ -1065,6 +1062,15 @@ mm_answer_pty(int sock, Buffer *m)
/* Now we can close the file descriptor again */
close(0);
+ /* send messages generated by record_login */
+ buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
+ buffer_clear(&loginmsg);
+
+ mm_request_send(sock, MONITOR_ANS_PTY, m);
+
+ mm_send_fd(sock, s->ptyfd);
+ mm_send_fd(sock, s->ttyfd);
+
/* make sure nothing uses fd 0 */
if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0)
fatal("%s: open(/dev/null): %s", __func__, strerror(errno));
diff --git a/usr.bin/ssh/monitor_wrap.c b/usr.bin/ssh/monitor_wrap.c
index 3d49bd6db07..0546daf2cc7 100644
--- a/usr.bin/ssh/monitor_wrap.c
+++ b/usr.bin/ssh/monitor_wrap.c
@@ -25,7 +25,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.38 2004/07/03 11:02:25 dtucker Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.39 2004/07/17 05:31:41 dtucker Exp $");
#include <openssl/bn.h>
#include <openssl/dh.h>
@@ -63,6 +63,7 @@ extern z_stream incoming_stream;
extern z_stream outgoing_stream;
extern struct monitor *pmonitor;
extern Buffer input, output;
+extern Buffer loginmsg;
int
mm_is_monitor(void)
@@ -632,7 +633,7 @@ int
mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
{
Buffer m;
- char *p;
+ char *p, *msg;
int success = 0;
buffer_init(&m);
@@ -648,11 +649,15 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
return (0);
}
p = buffer_get_string(&m, NULL);
+ msg = buffer_get_string(&m, NULL);
buffer_free(&m);
strlcpy(namebuf, p, namebuflen); /* Possible truncation */
xfree(p);
+ buffer_append(&loginmsg, msg, strlen(msg));
+ xfree(msg);
+
*ptyfd = mm_receive_fd(pmonitor->m_recvfd);
*ttyfd = mm_receive_fd(pmonitor->m_recvfd);
diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c
index f3482ffae24..4ddfb5a1399 100644
--- a/usr.bin/ssh/session.c
+++ b/usr.bin/ssh/session.c
@@ -33,7 +33,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.178 2004/07/11 17:48:47 deraadt Exp $");
+RCSID("$OpenBSD: session.c,v 1.179 2004/07/17 05:31:41 dtucker Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -94,6 +94,7 @@ extern int debug_flag;
extern u_int utmp_len;
extern int startup_pipe;
extern void destroy_sensitive_data(void);
+extern Buffer loginmsg;
/* original command from peer. */
const char *original_command = NULL;
@@ -189,6 +190,15 @@ auth_input_request_forwarding(struct passwd * pw)
return 1;
}
+static void
+display_loginmsg(void)
+{
+ if (buffer_len(&loginmsg) > 0) {
+ buffer_append(&loginmsg, "\0", 1);
+ printf("%s", (char *)buffer_ptr(&loginmsg));
+ buffer_clear(&loginmsg);
+ }
+}
void
do_authenticated(Authctxt *authctxt)
@@ -586,6 +596,13 @@ do_exec(Session *s, const char *command)
do_exec_no_pty(s, command);
original_command = NULL;
+
+ /*
+ * Clear loginmsg: it's the child's responsibility to display
+ * it to the user, otherwise multiple sessions may accumulate
+ * multiple copies of the login messages.
+ */
+ buffer_clear(&loginmsg);
}
@@ -593,7 +610,6 @@ do_exec(Session *s, const char *command)
void
do_login(Session *s, const char *command)
{
- char *time_string;
socklen_t fromlen;
struct sockaddr_storage from;
struct passwd * pw = s->pw;
@@ -623,16 +639,7 @@ do_login(Session *s, const char *command)
if (check_quietlogin(s, command))
return;
- if (options.print_lastlog && s->last_login_time != 0) {
- time_string = ctime(&s->last_login_time);
- if (strchr(time_string, '\n'))
- *strchr(time_string, '\n') = 0;
- if (strcmp(s->hostname, "") == 0)
- printf("Last login: %s\r\n", time_string);
- else
- printf("Last login: %s from %s\r\n", time_string,
- s->hostname);
- }
+ display_loginmsg();
do_motd();
}
@@ -1017,6 +1024,7 @@ do_setusercontext(struct passwd *pw)
static void
do_pwchange(Session *s)
{
+ fflush(NULL);
fprintf(stderr, "WARNING: Your password has expired.\n");
if (s->ttyfd != -1) {
fprintf(stderr,
@@ -1378,12 +1386,6 @@ session_pty_req(Session *s)
packet_disconnect("Protocol error: you already have a pty.");
return 0;
}
- /* Get the time and hostname when the user last logged in. */
- if (options.print_lastlog) {
- s->hostname[0] = '\0';
- s->last_login_time = get_last_login_time(s->pw->pw_uid,
- s->pw->pw_name, s->hostname, sizeof(s->hostname));
- }
s->term = packet_get_string(&len);
diff --git a/usr.bin/ssh/session.h b/usr.bin/ssh/session.h
index e525066520d..48be5070c85 100644
--- a/usr.bin/ssh/session.h
+++ b/usr.bin/ssh/session.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.h,v 1.22 2004/04/27 09:46:37 djm Exp $ */
+/* $OpenBSD: session.h,v 1.23 2004/07/17 05:31:41 dtucker Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -39,9 +39,6 @@ struct Session {
int ptyfd, ttyfd, ptymaster;
u_int row, col, xpixel, ypixel;
char tty[TTYSZ];
- /* last login */
- char hostname[MAXHOSTNAMELEN];
- time_t last_login_time;
/* X11 */
u_int display_number;
char *display;
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 68712dd8c2b..64ffd771942 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -42,7 +42,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.298 2004/07/11 17:48:47 deraadt Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.299 2004/07/17 05:31:41 dtucker Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
@@ -208,6 +208,9 @@ struct monitor *pmonitor = NULL;
/* global authentication context */
Authctxt *the_authctxt = NULL;
+/* message to be displayed after login */
+Buffer loginmsg;
+
/* Prototypes for various functions defined later in this file. */
void destroy_sensitive_data(void);
void demote_sensitive_data(void);
@@ -1604,6 +1607,9 @@ main(int ac, char **av)
if (privsep_preauth(authctxt) == 1)
goto authenticated;
+ /* prepare buffer to collect messages to display to user after login */
+ buffer_init(&loginmsg);
+
/* perform the key exchange */
/* authenticate user and start session */
if (compat20) {
diff --git a/usr.bin/ssh/sshlogin.c b/usr.bin/ssh/sshlogin.c
index e7bf2efdd85..ae6f65270b2 100644
--- a/usr.bin/ssh/sshlogin.c
+++ b/usr.bin/ssh/sshlogin.c
@@ -39,12 +39,17 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshlogin.c,v 1.9 2004/07/03 05:11:33 dtucker Exp $");
+RCSID("$OpenBSD: sshlogin.c,v 1.10 2004/07/17 05:31:41 dtucker Exp $");
#include <util.h>
#include <utmp.h>
#include "sshlogin.h"
#include "log.h"
+#include "buffer.h"
+#include "servconf.h"
+
+extern Buffer loginmsg;
+extern ServerOptions options;
/*
* Returns the time when the user last logged in. Returns 0 if the
@@ -79,6 +84,36 @@ get_last_login_time(uid_t uid, const char *logname,
}
/*
+ * Generate and store last login message. This must be done before
+ * login_login() is called and lastlog is updated.
+ */
+void
+store_lastlog_message(const char *user, uid_t uid)
+{
+ char *time_string, hostname[MAXHOSTNAMELEN] = "", buf[512];
+ time_t last_login_time;
+
+ if (!options.print_lastlog)
+ return;
+
+ last_login_time = get_last_login_time(uid, user, hostname,
+ sizeof(hostname));
+
+ if (last_login_time != 0) {
+ time_string = ctime(&last_login_time);
+ if (strchr(time_string, '\n'))
+ *strchr(time_string, '\n') = '\0';
+ if (strcmp(hostname, "") == 0)
+ snprintf(buf, sizeof(buf), "Last login: %s\r\n",
+ time_string);
+ else
+ snprintf(buf, sizeof(buf), "Last login: %s from %s\r\n",
+ time_string, hostname);
+ buffer_append(&loginmsg, buf, strlen(buf));
+ }
+}
+
+/*
* Records that the user has logged in. I wish these parts of operating
* systems were more standardized.
*/
@@ -91,6 +126,9 @@ record_login(pid_t pid, const char *tty, const char *user, uid_t uid,
char *lastlog;
struct utmp u;
+ /* save previous login details before writing new */
+ store_lastlog_message(user, uid);
+
/* Construct an utmp/wtmp entry. */
memset(&u, 0, sizeof(u));
strncpy(u.ut_line, tty + 5, sizeof(u.ut_line));