openssh unix dev - Nov 2001 - Patch for "last" providing incorrect information on Solaris 8

I have put together a simple set of diffs that corrects the problem
described by Steven Fishback <sfishback at interpath.net> on 10-30 on this
list regarding incorrect information reported by last on Solaris. The
patches merely pass along the username in the utmpx record for a logout.
Is there any reason why this would be a problem with other OSes? If not,
maybe this could be rolled into the port. If so, diddling with configure
would be the next step. Any ideas? The diffs are against 3.0p1, by the
way.

			Bill Knox
			Senior Operating Systems Programmer/Analyst
			The MITRE Corporation
-------------- next part --------------
--- loginrec.c.orig	Thu Nov 15 09:35:02 2001
+++ loginrec.c	Thu Nov 15 09:38:01 2001
@@ -701,6 +701,7 @@
 	line_stripname(utx->ut_line, li->line, sizeof(utx->ut_line));
 	set_utmpx_time(li, utx);
 	utx->ut_pid = li->pid;
+	strncpy(utx->ut_name, li->username, MIN_SIZEOF(utx->ut_name,
li->username));
 
 	if (li->type == LTYPE_LOGOUT)
 		return;
@@ -711,7 +712,6 @@
 	 */
 
 	/* strncpy(): Don't necessarily want null termination */
-	strncpy(utx->ut_name, li->username, MIN_SIZEOF(utx->ut_name,
li->username));
 # ifdef HAVE_HOST_IN_UTMPX
 	strncpy(utx->ut_host, li->hostname, MIN_SIZEOF(utx->ut_host,
li->hostname));
 # endif
@@ -942,9 +942,7 @@
 {
 	struct utmpx utx;
 
-	memset(&utx, '\0', sizeof(utx));
-	set_utmpx_time(li, &utx);
-	line_stripname(utx.ut_line, li->line, sizeof(utx.ut_line));
+	construct_utmpx(li, &utx);
 # ifdef HAVE_ID_IN_UTMPX
 	line_abbrevname(utx.ut_id, li->line, sizeof(utx.ut_id));
 # endif

--- session.c.orig	Thu Nov 15 09:35:02 2001
+++ session.c	Thu Nov 15 09:38:01 2001
@@ -1856,7 +1856,7 @@
 
 	/* Record that the user has logged out. */
 	if (s->pid != 0)
-		record_logout(s->pid, s->tty);
+		record_logout(s->pid, s->tty, s->pw->pw_name);
 
 	/* Release the pseudo-tty. */
 	pty_release(s->tty);

--- sshlogin.c.orig	Thu Nov 15 09:35:02 2001
+++ sshlogin.c	Thu Nov 15 09:38:01 2001
@@ -94,11 +94,11 @@
 /* Records that the user has logged out. */
 
 void
-record_logout(pid_t pid, const char *ttyname)
+record_logout(pid_t pid, const char *ttyname, const char *user)
 {
   struct logininfo *li;
 
-  li = login_alloc_entry(pid, NULL, NULL, ttyname);
+  li = login_alloc_entry(pid, user, NULL, ttyname);
   login_logout(li);
   login_free_entry(li);
 }

--- sshlogin.h.orig	Thu Nov 15 09:35:02 2001
+++ sshlogin.h	Thu Nov 15 09:38:01 2001
@@ -17,7 +17,7 @@
 void
 record_login(pid_t, const char *, const char *, uid_t,
     const char *, struct sockaddr *);
-void   record_logout(pid_t, const char *);
+void   record_logout(pid_t, const char *, const char *);
 u_long         get_last_login_time(uid_t, const char *, char *, u_int);
 
 #endif

If we enhance record_logout to include the username as
a passed parameter, it will also help me greatly in
getting the Solaris auditing (BSM) support working.
(In fact, I was just about to propose it to the list--
it's a non-trivial divergence between the OpenBSD
version and Portable, but it's really necessary for
BSM.)

I would therefore strongly recommend that these patches
get rolled into OpenSSH ASAP--since I need to "diddle
with configure" already for the BSM parts, I'm going to
incorporate these patches into my temporarily-divergent
codebase and work on a combined patch.

--
Rip Loomis
Senior Systems Security Engineer
SAIC Center for Information Security Technology 
> -----Original Message-----
> From: William R. Knox [mailto:wknox at mitre.org]
> Sent: Thursday, 15 November, 2001 10:10
> To: openssh-unix-dev at mindrot.org
> Subject: Patch for "last" providing incorrect information on
Solaris 8
> 
> 
> I have put together a simple set of diffs that corrects the problem
> described by Steven Fishback <sfishback at interpath.net> on 
> 10-30 on this
> list regarding incorrect information reported by last on Solaris. The
> patches merely pass along the username in the utmpx record 
> for a logout.
> Is there any reason why this would be a problem with other 
> OSes? If not,
> maybe this could be rolled into the port. If so, diddling 
> with configure
> would be the next step. Any ideas? The diffs are against 3.0p1, by the
> way.
> 
> 			Bill Knox
> 			Senior Operating Systems Programmer/Analyst
> 			The MITRE Corporation
>