Okay, here is a fixed version of the patch I sent before for fixing the problems I know about with Digital Unix SIA: displaying too much info (MOTD, last login, etc.) when access is denied, and the loss of the error message sometimes when access is denied. It does break some code out of do_login into a couple of separate functions. I did this to avoid duplicating the code in a couple of places. If that's a problem, I can generate a patch that doesn't touch anything else (but duplicates code); just let me know. This is against CVS as of a little while ago. -- Chris Adams <cmadams at hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. diff -urN openssh_cvs/auth-sia.c openssh/auth-sia.c --- openssh_cvs/auth-sia.c Tue Feb 13 08:25:23 2001 +++ openssh/auth-sia.c Fri Apr 13 11:00:07 2001 @@ -61,35 +61,46 @@ host = get_canonical_hostname (options.reverse_mapping_check); if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0, - NULL) != SIASUCCESS) - fatal("sia_ses_init failed"); + NULL) != SIASUCCESS) { + error("sia_ses_init failed"); + exit(1); + } if ((pw = getpwnam(user)) == NULL) { sia_ses_release(&ent); - fatal("getpwnam(%s) failed: %s", user, strerror(errno)); + error("getpwnam(%s) failed: %s", user, strerror(errno)); + exit(1); } if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) { sia_ses_release(&ent); - fatal("sia_make_entity_pwd failed"); + error("sia_make_entity_pwd failed"); + exit(1); } ent->authtype = SIA_A_NONE; - if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) - fatal("couldn't establish session for %s from %s", user, + if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) { + error("couldn't establish session for %s from %s", user, host); + exit(1); + } if (setpriority(PRIO_PROCESS, 0, 0) == -1) { sia_ses_release(&ent); - fatal("setpriority failed: %s", strerror (errno)); + error("setpriority failed: %s", strerror (errno)); + exit(1); } - if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) - fatal("couldn't launch session for %s from %s", user, host); + if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) { + error("couldn't launch session for %s from %s", user, host); + exit(1); + } sia_ses_release(&ent); - if (setreuid(geteuid(), geteuid()) < 0) - fatal("setreuid failed: %s", strerror (errno)); + if (setreuid(geteuid(), geteuid()) < 0) { + error("setreuid failed: %s", strerror (errno)); + exit(1); + } } #endif /* HAVE_OSF_SIA */ diff -urN openssh_cvs/session.c openssh/session.c --- openssh_cvs/session.c Fri Apr 13 09:28:30 2001 +++ openssh/session.c Fri Apr 13 09:32:41 2001 @@ -128,9 +128,11 @@ void do_exec_no_pty(Session *s, const char *command); void do_login(Session *s, const char *command); void do_child(Session *s, const char *command); +void do_motd(void); void do_authenticated1(Authctxt *authctxt); void do_authenticated2(Authctxt *authctxt); +int check_quietlogin(Session *s, const char *command); /* import */ extern ServerOptions options; @@ -633,8 +635,10 @@ close(ttyfd); /* record login, etc. similar to login(1) */ +#ifndef HAVE_OSF_SIA if (!(options.use_login && command == NULL)) do_login(s, command); +#endif /* Do common processing for the child, such as execing the command. */ do_child(s, command); @@ -681,7 +685,6 @@ void do_login(Session *s, const char *command) { - FILE *f; char *time_string; char buf[256]; char hostname[MAXHOSTNAMELEN]; @@ -729,15 +732,8 @@ } #endif - /* Done if .hushlogin exists or a command given. */ - if (command != NULL) - return; - snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); -#ifdef HAVE_LOGIN_CAP - if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) -#else - if (stat(buf, &st) >= 0) -#endif + /* Done if quiet login. */ + if (check_quietlogin(s, command)) return; #ifdef USE_PAM @@ -758,6 +754,19 @@ else printf("Last login: %s from %s\r\n", time_string, hostname); } + + do_motd(); +} + +/* + * Display the message of the day. + */ +void +do_motd(void) +{ + FILE *f; + char buf[256]; + if (options.print_motd) { #ifdef HAVE_LOGIN_CAP f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", @@ -1023,7 +1032,7 @@ if (options.use_login && command != NULL) options.use_login = 0; -#ifndef USE_PAM /* pam_nologin handles this */ +#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) if (!options.use_login) { # ifdef HAVE_LOGIN_CAP if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid) @@ -1041,7 +1050,7 @@ exit(254); } } -#endif /* USE_PAM */ +#endif /* USE_PAM || HAVE_OSF_SIA */ /* Set login name, uid, gid, and groups. */ /* Login(1) does this as well, and it needs uid 0 for the "-h" @@ -1049,6 +1058,8 @@ if (!options.use_login) { #ifdef HAVE_OSF_SIA session_setup_sia(pw->pw_name, s->ttyfd == -1 ? NULL : s->tty); + if (! check_quietlogin(s, command)) + do_motd(); #else /* HAVE_OSF_SIA */ #ifdef HAVE_CYGWIN if (is_winnt) { @@ -2027,4 +2038,27 @@ server_loop2(); if (xauthfile) xauthfile_cleanup_proc(NULL); +} + +/* + * Check for quiet login, either .hushlogin or command given. + */ +int +check_quietlogin(Session *s, const char *command) +{ + char buf[256]; + struct passwd * pw = s->pw; + struct stat st; + + /* Return 1 if .hushlogin exists or a command given. */ + if (command != NULL) + return 1; + snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); +#ifdef HAVE_LOGIN_CAP + if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) +#else + if (stat(buf, &st) >= 0) +#endif + return 1; + return 0; }