I'm using openssh 2.5.2p2 on Solaris-x86 2.6. I ran into a couple
problems when I set UseLogin to "yes":
The big one seems to have been reported before: login refuses to run
without a utmpx entry. This problem appears to have been caused by
the changes in revision 1.24 of session.c. Before this revision, the
record_login() function was always called, no matter how UseLogin was
set (FYI, the comment for revision 1.24 is "cleanup login(1)-like
jobs, no duplicate utmp entries".)
I had already created a fix for this problem by the time I finally
found this mailing list and noticed that a recent message from Matt
Eagleson had supplied a potential patch. My version of the fix is
fairly similar to Matt's, but I put the relocated record_login() call
into its own function rather than putting it back into do_exec_pty().
The appended patch makes use of Matt's LOGIN_NEEDS_UTMPX autoconf
changes, and has the added benefit that it doesn't call record_login()
twice in the "UseLogin no" code path (which is a bug in Matt's
patch).
Another problem I noticed (that I haven't seen mentioned elsewhere)
was that the terminal type failed to be passed through to "login"
unless I added an extra commandline parameter. The solaris version of
login has an optional "terminal" arg after the "-h hostname"
arg, and
without this being supplied, the value of TERM gets lost. I have
added a define, LOGIN_NEEDS_TERM, and made configure set it if we're
running Solaris.
What I did not notice was any problems with duplicated wtmpx entries
like Matt did.
Matt: What was the symptom you noticed that made you add the code to
loginrec.c? Duplicated entries when running "w"? Or something else?
..wayne..
---8<------8<------8<------8<---cut
here--->8------>8------>8------>8---
Index: acconfig.h
@@ -169,6 +169,12 @@
/* Define if you want to specify the path to your wtmpx file */
#undef CONF_WTMPX_FILE
+/* Some systems need a utmpx entry for /bin/login to work */
+#undef LOGIN_NEEDS_UTMPX
+
+/* Some versions of /bin/login need the TERM supplied on the commandline */
+#undef LOGIN_NEEDS_TERM
+
/* Define is libutil has login() function */
#undef HAVE_LIBUTIL_LOGIN
Index: configure.in
@@ -165,6 +165,8 @@
LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"
need_dash_r=1
AC_DEFINE(PAM_SUN_CODEBASE)
+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
+ AC_DEFINE(LOGIN_NEEDS_TERM)
# hardwire lastlog location (can't detect it on some versions)
conf_lastlog_location="/var/adm/lastlog"
AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
Index: session.c
@@ -126,6 +126,7 @@
void session_proctitle(Session *s);
void do_exec_pty(Session *s, const char *command, struct passwd * pw);
void do_exec_no_pty(Session *s, const char *command, struct passwd * pw);
+void call_record_login(Session *s);
void do_login(Session *s, const char *command);
void do_child(Session *s, const char *command);
@@ -632,6 +633,10 @@
/* record login, etc. similar to login(1) */
if (!(options.use_login && command == NULL))
do_login(s, command);
+#ifdef LOGIN_NEEDS_UTMPX
+ else
+ call_record_login(s);
+#endif
/* Do common processing for the child, such as execing the command. */
do_child(s, command);
@@ -685,18 +690,11 @@
return remote;
}
-/* administrative, login(1)-like work */
void
-do_login(Session *s, const char *command)
+call_record_login(Session *s)
{
- FILE *f;
- char *time_string;
- char buf[256];
- char hostname[MAXHOSTNAMELEN];
socklen_t fromlen;
struct sockaddr_storage from;
- struct stat st;
- time_t last_login_time;
struct passwd * pw = s->pw;
pid_t pid = getpid();
@@ -714,15 +712,30 @@
}
}
+ /* Record that there was a login on that tty from the remote host. */
+ record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
+ get_remote_name_or_ip(), (struct sockaddr *)&from);
+}
+
+/* administrative, login(1)-like work */
+void
+do_login(Session *s, const char *command)
+{
+ FILE *f;
+ char *time_string;
+ char buf[256];
+ char hostname[MAXHOSTNAMELEN];
+ struct stat st;
+ time_t last_login_time;
+ struct passwd * pw = s->pw;
+
+ call_record_login(s);
+
/* Get the time and hostname when the user last logged in. */
hostname[0] = '\0';
last_login_time = get_last_login_time(pw->pw_uid, pw->pw_name,
hostname, sizeof(hostname));
- /* Record that there was a login on that tty from the remote host. */
- record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
- get_remote_name_or_ip(), (struct sockaddr *)&from);
-
#ifdef USE_PAM
/*
* If password change is needed, do it now.
@@ -1466,6 +1479,9 @@
/* Launch login(1). */
execl(LOGIN_PROGRAM, "login", "-h", hostname,
+#ifdef LOGIN_NEEDS_TERM
+ s->term? s->term : "unknown",
+#endif
"-p", "-f", "--", pw->pw_name, NULL);
/* Login couldn't be executed, die. */
---8<------8<------8<------8<---cut
here--->8------>8------>8------>8---