https://bugzilla.mindrot.org/show_bug.cgi?id=3976
Bug ID: 3976
Summary: sshd 9.8+ does not record utmp/wtmp/lastlog for
interactive sessions on DISABLE_FD_PASSING platforms
(regression)
Product: Portable OpenSSH
Version: 10.3p1
Hardware: amd64
OS: Cygwin on NT/2k/Win7-11
Status: NEW
Severity: major
Priority: P5
Component: sshd
Assignee: [email protected]
Reporter: [email protected]
On any build with DISABLE_FD_PASSING (Cygwin, SCO OpenServer 5, QNX6,
Tru64+SIA,
or --disable-fd-passing), an interactive pty login is never written
to
utmp/wtmp/lastlog. `who`, `w`, `who am i`, and `last` do not show the
session.
Non-interactive sessions are unaffected. This is a regression
introduced in 9.8
(the sshd-session split).
REPRODUCE (easiest on Cygwin, from a pristine upstream tarball,
isolated prefix):
./configure --prefix=/tmp/o103 --sysconfdir=/tmp/o103/etc
make && make install
/tmp/o103/bin/ssh-keygen -t ed25519 -f
/tmp/o103/etc/ssh_host_ed25519_key -N ''
printf 'Port 2222\nHostKey /tmp/o103/etc/ssh_host_ed25519_key\n' \
>> /tmp/o103/etc/sshd_config
/tmp/o103/sbin/sshd -ddd -e -f /tmp/o103/etc/sshd_config
# from another terminal:
ssh -p 2222 localhost
who am i # prints nothing (should show your login line)
who # your pty is absent
CONTROLLED EXPERIMENT (isolates the regression to the version):
On a single Cygwin host, the distro's 9.4p1 service records
interactive logins
correctly, but a pristine upstream 10.3p1 build on the SAME machine
does not: the
new session's pty is absent from `who` and `who am i` is empty, while
the
9.4p1-recorded sessions remain listed in the same `who` output. Only
the OpenSSH
version differs. Independently reproduced on SCO OpenServer 5
(10.3p1).
ROOT CAUSE (line numbers are stock openssh-10.3p1):
The only reachable caller of record_login() in a running server is
the privsep
monitor's mm_answer_pty() (monitor.c:1693) -> mm_record_login()
(monitor.c:1657)
-> record_login() (monitor.c:1676). mm_answer_pty() runs only when
the session
child requests the pty from the monitor (MONITOR_REQ_PTY) via
mm_pty_allocate().
But on DISABLE_FD_PASSING builds that call is compiled out:
/* session.c:109-111 */
#ifdef DISABLE_FD_PASSING
#define mm_pty_allocate pty_allocate
#endif
so the session child allocates its pty locally (session.c:1884) and
never sends
MONITOR_REQ_PTY. mm_answer_pty() therefore never runs and
record_login() is never
called. Nothing else records the login (login_login()/login_write()
are reached
only via record_login()).
WHY 9.8: the matching hack in privsep_postauth()
(sshd-session.c:377-387) retains
root on this path "so it can allocate PTYs directly", and its comment
notes this
is "equivalent to what we did <= 9.7, which was to disable post-auth
privsep
entirely." Re-enabling split post-auth privsep for DISABLE_FD_PASSING
platforms in
9.8 moved pty allocation out of the monitor, and utmp recording --
which lives
only in the monitor's pty handler -- was left behind.
SUGGESTED FIX: on the DISABLE_FD_PASSING path (where the child
allocates the pty),
also record login/logout from the session process. Minimal change in
session.c,
ideally guarded by #ifdef DISABLE_FD_PASSING:
1. do_login(): call record_login() for the session's pid/tty before
check_quietlogin() (needs `extern u_int utmp_len;`, defined in
sshd-session.c);
2. session_pty_cleanup(): call record_logout();
3. the post-auth cleanup guarded by `if (mm_is_monitor())` around
session_destroy_all(): run it for the session process on this
path too.
A tested patch (running in production on SCO OpenServer 5.0.7,
verified to restore
who/w/who am i/last) available on request
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs