openssh unix dev - Oct 2001 - bug report: last login time vs PAM in portability release

on hp-ux 11 i see:

$ date;ssh jenny
Fri Oct 12 14:44:13 PDT 2001
Last   successful login for stevesk: Fri Oct 12 10:45:42 PST8PDT 2001 on pts/2
Last unsuccessful login for stevesk: Mon Sep 24 22:55:53 PST8PDT 2001
Last login: Fri Oct 12 10:45:43 2001 from 172.31.1.53
You have mail.

so solaris PAM is different.  can other solaris+PAM users confirm this?

On Fri, 12 Oct 2001, Benn Oshrin wrote:
:There appears to be a problem with the reported last login time for
:v2.9.9p2 (and possibly earlier versions).  This is for PAM enabled Solaris
:hosts (Sol 7 and 8).
:
:Login to a host running stock 2.9.9p2:
:
: benno[~] starscream% date ; slogin hola
: Fri Oct 12 13:10:50 EDT 2001
: Last login: Fri Oct 12 13:10:52 2001 from starscream.cc.c
: SunOS hola 5.7 Generic_106541-09 sun4u sparc SUNW,Ultra-60
: You have new mail.
: benno[~] hola%
:
:Note that the last login time reported is two seconds after the connection
:is initiated.  It appears that this is because pam_open_session is called
:before do_login.  pam_open_session updates the lastlog file.  When do_login
:is called, it reads the already updated lastlog file and reports the time
:of the session just started.  To fix this, I moved the pam_open_session
:call into do_login:
:
:--- session.c   Fri Oct 12 13:05:58 2001
:+++ .snapshot/nightly.3/session.c       Mon Oct  8 15:52:02 2001
:@@ -541,6 +541,11 @@
:        ptyfd = s->ptyfd;
:        ttyfd = s->ttyfd;
:
:+#if defined(USE_PAM)
:+       do_pam_session(s->pw->pw_name, s->tty);
:+       do_pam_setcred(1);
:+#endif
:+
:        /* Fork the child. */
:        if ((pid = fork()) == 0) {
:
:@@ -698,11 +703,6 @@
:                last_login_time = get_last_login_time(pw->pw_uid,
:pw->pw_name,
:                    hostname, sizeof(hostname));
:        }
:-
:-#if defined(USE_PAM)
:-       do_pam_session(s->pw->pw_name, s->tty);
:-       do_pam_setcred(1);
:-#endif
:
:        /* Record that there was a login on that tty from the remote host.
:*/
:        record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
:
:And here's a session from to a host running the patched version:
:
: benno[~] starscream% date ; slogin saluton
: Fri Oct 12 13:16:47 EDT 2001
: Last login: Fri Oct 12 13:05:03 2001 from starscream.cc.c
: SunOS saluton 5.7 Generic_106541-09 sun4u sparc SUNW,Ultra-60
: You have new mail.
: benno[~] saluton%
:
:I hope you find this useful.
:
:-Benn-
:

It is a problem with Solaris.

Linux (Mandrake in this case) does not show this bug.

bash-2.05$ date; ssh localhost
Fri Oct 12 16:59:26 CDT 2001
Last login: Fri Oct 12 15:13:24 2001 from karla.eviladmin.org


But my solaris 2.7 does show it.

- Ben

On Fri, 12 Oct 2001, Kevin Steves wrote:
> on hp-ux 11 i see:
>
> $ date;ssh jenny
> Fri Oct 12 14:44:13 PDT 2001
> Last   successful login for stevesk: Fri Oct 12 10:45:42 PST8PDT 2001 on
pts/2
> Last unsuccessful login for stevesk: Mon Sep 24 22:55:53 PST8PDT 2001
> Last login: Fri Oct 12 10:45:43 2001 from 172.31.1.53
> You have mail.
>
> so solaris PAM is different.  can other solaris+PAM users confirm this?
>
> On Fri, 12 Oct 2001, Benn Oshrin wrote:
> :There appears to be a problem with the reported last login time for
> :v2.9.9p2 (and possibly earlier versions).  This is for PAM enabled Solaris
> :hosts (Sol 7 and 8).
> :
> :Login to a host running stock 2.9.9p2:
> :
> : benno[~] starscream% date ; slogin hola
> : Fri Oct 12 13:10:50 EDT 2001
> : Last login: Fri Oct 12 13:10:52 2001 from starscream.cc.c
> : SunOS hola 5.7 Generic_106541-09 sun4u sparc SUNW,Ultra-60
> : You have new mail.
> : benno[~] hola%
> :
> :Note that the last login time reported is two seconds after the connection
> :is initiated.  It appears that this is because pam_open_session is called
> :before do_login.  pam_open_session updates the lastlog file.  When
do_login
> :is called, it reads the already updated lastlog file and reports the time
> :of the session just started.  To fix this, I moved the pam_open_session
> :call into do_login:
> :
> :--- session.c   Fri Oct 12 13:05:58 2001
> :+++ .snapshot/nightly.3/session.c       Mon Oct  8 15:52:02 2001
> :@@ -541,6 +541,11 @@
> :        ptyfd = s->ptyfd;
> :        ttyfd = s->ttyfd;
> :
> :+#if defined(USE_PAM)
> :+       do_pam_session(s->pw->pw_name, s->tty);
> :+       do_pam_setcred(1);
> :+#endif
> :+
> :        /* Fork the child. */
> :        if ((pid = fork()) == 0) {
> :
> :@@ -698,11 +703,6 @@
> :                last_login_time = get_last_login_time(pw->pw_uid,
> :pw->pw_name,
> :                    hostname, sizeof(hostname));
> :        }
> :-
> :-#if defined(USE_PAM)
> :-       do_pam_session(s->pw->pw_name, s->tty);
> :-       do_pam_setcred(1);
> :-#endif
> :
> :        /* Record that there was a login on that tty from the remote host.
> :*/
> :        record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
> :
> :And here's a session from to a host running the patched version:
> :
> : benno[~] starscream% date ; slogin saluton
> : Fri Oct 12 13:16:47 EDT 2001
> : Last login: Fri Oct 12 13:05:03 2001 from starscream.cc.c
> : SunOS saluton 5.7 Generic_106541-09 sun4u sparc SUNW,Ultra-60
> : You have new mail.
> : benno[~] saluton%
> :
> :I hope you find this useful.
> :
> :-Benn-
> :
>
>
>

On Fri, 12 Oct 2001 mouring at etoh.eviladmin.org wrote:
:It is a problem with Solaris.

is it a defect with Solaris PAM, or incorrect usage?