Re: PAM OpenSSH: two incorrect last login
Bill Fenner [EMAIL PROTECTED] writes: You could either pretend that yflag was not set (what ache was suggesting) or set yflag if the year of the last login was not this year (possibly more useful). ...or always print the year. Does anybody have any patches? :) DES -- Dag-Erling Smorgrav - [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: PAM OpenSSH: two incorrect last login
Might, might not. ISTR strftime() can't correctly emulate ctime(), but some other format might be preferrable. Do you have a format string handy? I'd think something like what last does would be good. d_first = (*nl_langinfo(D_MD_ORDER) == 'd'); ... (void) strftime(ct, sizeof(ct), d_first ? (yflag ? %a %e %b %Y %R : %a %e %b %R) : (yflag ? %a %b %e %Y %R : %a %b %e %R), tm); except you probably want %T instead of %R if you want the seconds. You could either pretend that yflag was not set (what ache was suggesting) or set yflag if the year of the last login was not this year (possibly more useful). Bill To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: PAM OpenSSH: two incorrect last login
On Mon, Apr 22, 2002 at 14:07:50 +0200, Dag-Erling Smorgrav wrote: Bill Fenner [EMAIL PROTECTED] writes: You could either pretend that yflag was not set (what ache was suggesting) or set yflag if the year of the last login was not this year (possibly more useful). ...or always print the year. Does anybody have any patches? :) IMHO always printing year in pam_lastlog (like unpatched sshd does) will not harm. L10n here currently is not useful for both plain login and sshd because environment from where LANG may come not yet activated at this moment. The code must be moved after environment activating first, but because it is the very first print, other prints like motd must be moved too. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: PAM OpenSSH: two incorrect last login
While you're in here, does it make sense to use strftime() instead of printing just a portion of what ctime returns? This would allow i18n of the time format if desired (and if the locale is set this early -- maybe this is just a can of worms =). Bill To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: PAM OpenSSH: two incorrect last login
Bill Fenner [EMAIL PROTECTED] writes: While you're in here, does it make sense to use strftime() instead of printing just a portion of what ctime returns? Might, might not. ISTR strftime() can't correctly emulate ctime(), but some other format might be preferrable. Do you have a format string handy? DES -- Dag-Erling Smorgrav - [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: PAM OpenSSH: two incorrect last login
This bug still present too. Please handle it somehow, it is clearly comes from PAM. On Sat, Apr 20, 2002 at 05:16:35 +0400, Andrey A. Chernov wrote: I got this TWO last login lines with recent -current SSH+PAM: -- Last login: Sat Apr 20 04:50:45 from hermes.dialup.ru Last login: Sat Apr 20 04:56:06 2002 from hermes.dialup.ru Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 ... -- The second one is semi-correct, excepting year not needed here. It is original SSH bug easy to fix, just print first 19 characters and not whole ctime() line in session.c But what about first one? Apparently it comes from pam_lastlog.so, but why there is \n in the middle? Looking at pam_lastlog.c sources I not find \n there. It seems it is inserted afterwards somehow. Notice the second \n after first lastlog line, it must not be there too. Please fix those two \n's. BTW, ONE lastlog line is enough. Please either remove pam_lastlog.so or comment #ifndef USE_PAM SSH one. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: PAM OpenSSH: two incorrect last login
Andrey A. Chernov [EMAIL PROTECTED] writes: This bug still present too. Please handle it somehow, it is clearly comes from PAM. Andrey, it's quite possible that you're Superman, but I'm not, so GIVE ME A BREAK. I'm doing this one step at a time. It'll happen much faster if you stay off my back. DES -- Dag-Erling Smorgrav - [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: PAM OpenSSH: two incorrect last login
On Sat, Apr 20, 2002 at 18:01:58 +0200, Dag-Erling Smorgrav wrote: Andrey A. Chernov [EMAIL PROTECTED] writes: This bug still present too. Please handle it somehow, it is clearly comes from PAM. Andrey, it's quite possible that you're Superman, but I'm not, so GIVE ME A BREAK. I'm doing this one step at a time. It'll happen much faster if you stay off my back. Sorry Dag-Erling, I not mean word 'immediately' at all, I just want to be sure that this one not forgotten in whole discussion. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: PAM OpenSSH: two incorrect last login
Andrey A. Chernov [EMAIL PROTECTED] writes:
I got this TWO last login lines with recent -current SSH+PAM:
See attached patch.
DES
--
Dag-Erling Smorgrav - [EMAIL PROTECTED]
//depot/user/des/pam/lib/libpam/modules/pam_lastlog/pam_lastlog.c#9 - /usr/src/lib/libpam/modules/pam_lastlog/pam_lastlog.c
--- /tmp/tmp.23049.0 Sat Apr 20 18:09:14 2002
+++ /usr/src/lib/libpam/modules/pam_lastlog/pam_lastlog.c Sat Apr 20 18:08:29 2002
@@ -108,15 +108,14 @@
if (lseek(fd, llpos, L_SET) != llpos)
goto file_err;
if ((flags PAM_SILENT) == 0) {
- if (read(fd, ll, sizeof(ll)) == sizeof(ll)
- ll.ll_time != 0) {
- pam_info(pamh, Last login: %.*s , 24 - 5,
- ctime(ll.ll_time));
+ if (read(fd, ll, sizeof ll) == sizeof ll ll.ll_time != 0) {
if (*ll.ll_host != '\0')
-pam_info(pamh, from %.*s\n,
+pam_info(pamh, Last login: %.*s from %.*s,
+24 - 5, ctime(ll.ll_time),
(int)sizeof(ll.ll_host), ll.ll_host);
else
-pam_info(pamh, on %.*s\n,
+pam_info(pamh, Last login: %.*s on %.*s,
+24 - 5, ctime(ll.ll_time),
(int)sizeof(ll.ll_line), ll.ll_line);
}
if (lseek(fd, llpos, L_SET) != llpos)
//depot/user/des/pam/crypto/openssh/session.c#6 - /usr/src/crypto/openssh/session.c
--- /tmp/tmp.23049.1 Sat Apr 20 18:09:15 2002
+++ /usr/src/crypto/openssh/session.c Sat Apr 20 18:04:43 2002
@@ -647,6 +647,7 @@
}
#endif
+#ifndef USE_PAM
/* Get the time and hostname when the user last logged in. */
if (options.print_lastlog) {
hostname[0] = '\0';
@@ -654,7 +655,6 @@
hostname, sizeof(hostname));
}
-#ifndef USE_PAM
/* Record that there was a login on that tty from the remote host. */
record_login(pid, s-tty, pw-pw_name, pw-pw_uid,
get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping),
Re: PAM OpenSSH: two incorrect last login
On Sat, Apr 20, 2002 at 18:10:50 +0200, Dag-Erling Smorgrav wrote: Andrey A. Chernov [EMAIL PROTECTED] writes: I got this TWO last login lines with recent -current SSH+PAM: See attached patch. It goes better and worse in the same time :-) Last login: Sat Apr 20 20:16:55 on ttyv4 Last login: Sun Apr 14 05:44:16 1991 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.0-CURRENT (HERMES) #2: Sat Apr 20 13:06:00 MSD 2002 Newlines are gone, but see second line from back 1991 (garbadge on the stack of 'last_login_time' variable). -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: PAM OpenSSH: two incorrect last login
On Sat, Apr 20, 2002 at 20:20:01 +0400, Andrey A. Chernov wrote: Newlines are gone, but see second line from back 1991 (garbadge on the stack of 'last_login_time' variable). BTW, please notice that printing this line is very conditionalized in OpenSSH: options.print_lastlog command == NULL !options.use_login !check_quietlogin(s, command) are checked. But in your variant it seems that only !check_quietlogin(s, command) checked (or, maybe it printed even unconditionally?) I am not sure here, it is internal PAM details. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
