# HG changeset patch # User Brent Paulson # Date 1409937015 25200 # Node ID be6c6d4f183ffb731197b6cdc25a25318ec3d8b9 # Parent 702bb045e898a4f12ed9a7dd10e06c72a9cc4128 19517432 OpenSSH does not update utmpx on login diff -r 702bb045e898 -r be6c6d4f183f components/openssh/Makefile --- a/components/openssh/Makefile Thu Sep 04 21:42:03 2014 -0600 +++ b/components/openssh/Makefile Fri Sep 05 10:10:15 2014 -0700 @@ -47,7 +47,7 @@ # Enable ASLR for this component ASLR_MODE = $(ASLR_ENABLE) -CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS) -DSET_USE_PAM -DDEPRECATE_SUNSSH_OPT -DLASTLOG_FIX -DKRB5_BUILD_FIX -DAUE_openssh=6172 -DDTRACE_SFTP -DDISABLE_BANNER -DPAM_ENHANCEMENT -DPAM_BUGFIX" +CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS) -DSET_USE_PAM -DDEPRECATE_SUNSSH_OPT -DKRB5_BUILD_FIX -DAUE_openssh=6172 -DDTRACE_SFTP -DDISABLE_BANNER -DPAM_ENHANCEMENT -DPAM_BUGFIX" # We need to disable lazyloading of dynamic dependent libraries. During the # pre-authentication phase, sshd will chroot to /var/empty which doesn't diff -r 702bb045e898 -r be6c6d4f183f components/openssh/patches/003-last_login.patch --- a/components/openssh/patches/003-last_login.patch Thu Sep 04 21:42:03 2014 -0600 +++ b/components/openssh/patches/003-last_login.patch Fri Sep 05 10:10:15 2014 -0700 @@ -1,90 +1,32 @@ -# -# We changed the OpenSSH to not record the last login time when the "UsePAM" -# option is on, because the PAM session module in Solaris will record the last -# login time. This is for Solaris only, so we will not contribute back this -# change to the upstream community. +# This change is Solaris-specific and thus is not being contributed back +# to the upstream community. Details: # -*** orig/sshd.c Thu Oct 4 16:08:28 2012 ---- new/sshd.c Thu Oct 4 16:06:05 2012 -*************** -*** 128,133 **** ---- 128,137 ---- - int deny_severity; - #endif /* LIBWRAP */ - -+ #if defined(LASTLOG_FIX) && defined(USE_PAM) -+ #include "sshlogin.h" -+ #endif -+ - #ifndef O_NOCTTY - #define O_NOCTTY 0 - #endif -*************** -*** 2028,2033 **** ---- 2032,2041 ---- - #endif - #ifdef USE_PAM - if (options.use_pam) { -+ #ifdef LASTLOG_FIX -+ store_lastlog_message(authctxt->pw->pw_name, -+ authctxt->pw->pw_uid); -+ #endif - do_pam_setcred(1); - do_pam_session(); - } -*** orig/sshlogin.h Thu Oct 4 16:08:54 2012 ---- new/sshlogin.h Thu Oct 4 16:06:31 2012 +# OpenSSH updates lastlog when users login however on Solaris the +# pam_open_session(3PAM) function handles this so we avoid the +# redundant additional upating of lastlog here. We can't disable all +# lastlog references with --disable-lastlog or NO_SSH_LASTLOG since that +# prevents the 'Last login: ...' message from being displayed. Thus +# we just prevent OpenSSH from updating lastlog since reading from +# lastlog is fine. Other PAM implementations don't update lastlog +# during session management so this change is Solaris-specific and +# thus isn't being contributed back to the upstream community. +# +*** orig/loginrec.c Thu Oct 4 16:08:42 2012 +--- new/loginrec.c Thu Sep 4 16:41:24 2014 *************** -*** 14,19 **** ---- 14,22 ---- - - void record_login(pid_t, const char *, const char *, uid_t, - const char *, struct sockaddr *, socklen_t); -+ #ifdef LASTLOG_FIX -+ void store_lastlog_message(const char *, uid_t); -+ #endif - void record_logout(pid_t, const char *, const char *); - time_t get_last_login_time(uid_t, const char *, char *, u_int); - -*** orig/sshlogin.c Thu Oct 4 16:08:42 2012 ---- new/sshlogin.c Thu Oct 4 16:35:27 2012 -*************** -*** 83,89 **** ---- 83,93 ---- - * Generate and store last login message. This must be done before - * login_login() is called and lastlog is updated. - */ -+ #ifndef LASTLOG_FIX - static void -+ #else -+ void -+ #endif - store_lastlog_message(const char *user, uid_t uid) - { - #ifndef NO_SSH_LASTLOG -*************** -*** 128,133 **** ---- 132,141 ---- - { - struct logininfo *li; - -+ #ifdef LASTLOG_FIX -+ /* In Solaris, PAM takes care of last login tracking */ -+ if (!options.use_pam) { -+ #endif - /* save previous login details before writing new */ - store_lastlog_message(user, uid); - -*************** -*** 135,140 **** ---- 143,152 ---- - login_set_addr(li, addr, addrlen); - login_login(li); - login_free_entry(li); -+ -+ #ifdef LASTLOG_FIX -+ } -+ #endif - } - - #ifdef LOGIN_NEEDS_UTMPX +*** 444,450 **** + #ifdef USE_LOGIN + syslogin_write_entry(li); + #endif +! #ifdef USE_LASTLOG + if (li->type == LTYPE_LOGIN) + lastlog_write_entry(li); + #endif +--- 444,450 ---- + #ifdef USE_LOGIN + syslogin_write_entry(li); + #endif +! #if defined(USE_LASTLOG) && !defined(PAM_SUN_CODEBASE) + if (li->type == LTYPE_LOGIN) + lastlog_write_entry(li); + #endif