Okay, here is a fixed version of the patch I sent before for fixing the
problems I know about with Digital Unix SIA: displaying too much info
(MOTD, last login, etc.) when access is denied, and the loss of the
error message sometimes when access is denied.
It does break some code out of do_login into a couple of separate
functions. I did this to avoid duplicating the code in a couple of
places. If that's a problem, I can generate a patch that doesn't touch
anything else (but duplicates code); just let me know.
This is against CVS as of a little while ago.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
diff -urN openssh_cvs/auth-sia.c openssh/auth-sia.c
--- openssh_cvs/auth-sia.c Tue Feb 13 08:25:23 2001
+++ openssh/auth-sia.c Fri Apr 13 11:00:07 2001
@@ -61,35 +61,46 @@
host = get_canonical_hostname (options.reverse_mapping_check);
if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0,
- NULL) != SIASUCCESS)
- fatal("sia_ses_init failed");
+ NULL) != SIASUCCESS) {
+ error("sia_ses_init failed");
+ exit(1);
+ }
if ((pw = getpwnam(user)) == NULL) {
sia_ses_release(&ent);
- fatal("getpwnam(%s) failed: %s", user, strerror(errno));
+ error("getpwnam(%s) failed: %s", user, strerror(errno));
+ exit(1);
}
if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) {
sia_ses_release(&ent);
- fatal("sia_make_entity_pwd failed");
+ error("sia_make_entity_pwd failed");
+ exit(1);
}
ent->authtype = SIA_A_NONE;
- if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS)
- fatal("couldn't establish session for %s from %s", user,
+ if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) {
+ error("couldn't establish session for %s from %s", user,
host);
+ exit(1);
+ }
if (setpriority(PRIO_PROCESS, 0, 0) == -1) {
sia_ses_release(&ent);
- fatal("setpriority failed: %s", strerror (errno));
+ error("setpriority failed: %s", strerror (errno));
+ exit(1);
}
- if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS)
- fatal("couldn't launch session for %s from %s", user, host);
+ if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) {
+ error("couldn't launch session for %s from %s", user, host);
+ exit(1);
+ }
sia_ses_release(&ent);
- if (setreuid(geteuid(), geteuid()) < 0)
- fatal("setreuid failed: %s", strerror (errno));
+ if (setreuid(geteuid(), geteuid()) < 0) {
+ error("setreuid failed: %s", strerror (errno));
+ exit(1);
+ }
}
#endif /* HAVE_OSF_SIA */
diff -urN openssh_cvs/session.c openssh/session.c
--- openssh_cvs/session.c Fri Apr 13 09:28:30 2001
+++ openssh/session.c Fri Apr 13 09:32:41 2001
@@ -128,9 +128,11 @@
void do_exec_no_pty(Session *s, const char *command);
void do_login(Session *s, const char *command);
void do_child(Session *s, const char *command);
+void do_motd(void);
void do_authenticated1(Authctxt *authctxt);
void do_authenticated2(Authctxt *authctxt);
+int check_quietlogin(Session *s, const char *command);
/* import */
extern ServerOptions options;
@@ -633,8 +635,10 @@
close(ttyfd);
/* record login, etc. similar to login(1) */
+#ifndef HAVE_OSF_SIA
if (!(options.use_login && command == NULL))
do_login(s, command);
+#endif
/* Do common processing for the child, such as execing the command. */
do_child(s, command);
@@ -681,7 +685,6 @@
void
do_login(Session *s, const char *command)
{
- FILE *f;
char *time_string;
char buf[256];
char hostname[MAXHOSTNAMELEN];
@@ -729,15 +732,8 @@
}
#endif
- /* Done if .hushlogin exists or a command given. */
- if (command != NULL)
- return;
- snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);
-#ifdef HAVE_LOGIN_CAP
- if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >=
0)
-#else
- if (stat(buf, &st) >= 0)
-#endif
+ /* Done if quiet login. */
+ if (check_quietlogin(s, command))
return;
#ifdef USE_PAM
@@ -758,6 +754,19 @@
else
printf("Last login: %s from %s\r\n", time_string, hostname);
}
+
+ do_motd();
+}
+
+/*
+ * Display the message of the day.
+ */
+void
+do_motd(void)
+{
+ FILE *f;
+ char buf[256];
+
if (options.print_motd) {
#ifdef HAVE_LOGIN_CAP
f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
@@ -1023,7 +1032,7 @@
if (options.use_login && command != NULL)
options.use_login = 0;
-#ifndef USE_PAM /* pam_nologin handles this */
+#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
if (!options.use_login) {
# ifdef HAVE_LOGIN_CAP
if (!login_getcapbool(lc, "ignorenologin", 0) &&
pw->pw_uid)
@@ -1041,7 +1050,7 @@
exit(254);
}
}
-#endif /* USE_PAM */
+#endif /* USE_PAM || HAVE_OSF_SIA */
/* Set login name, uid, gid, and groups. */
/* Login(1) does this as well, and it needs uid 0 for the "-h"
@@ -1049,6 +1058,8 @@
if (!options.use_login) {
#ifdef HAVE_OSF_SIA
session_setup_sia(pw->pw_name, s->ttyfd == -1 ? NULL : s->tty);
+ if (! check_quietlogin(s, command))
+ do_motd();
#else /* HAVE_OSF_SIA */
#ifdef HAVE_CYGWIN
if (is_winnt) {
@@ -2027,4 +2038,27 @@
server_loop2();
if (xauthfile)
xauthfile_cleanup_proc(NULL);
+}
+
+/*
+ * Check for quiet login, either .hushlogin or command given.
+ */
+int
+check_quietlogin(Session *s, const char *command)
+{
+ char buf[256];
+ struct passwd * pw = s->pw;
+ struct stat st;
+
+ /* Return 1 if .hushlogin exists or a command given. */
+ if (command != NULL)
+ return 1;
+ snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);
+#ifdef HAVE_LOGIN_CAP
+ if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >=
0)
+#else
+ if (stat(buf, &st) >= 0)
+#endif
+ return 1;
+ return 0;
}
