Mercurial Mercurial > upstream > oracle > userland-gate / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
19517432 OpenSSH does not update utmpx on login
authorBrent Paulson <Brent.Paulson@Oracle.COM>
Fri, 05 Sep 2014 10:10:15 -0700
changeset 2070 be6c6d4f183f
parent 2069 702bb045e898
child 2071 521c7d4794e9
19517432 OpenSSH does not update utmpx on login
components/openssh/Makefile file | annotate | diff | comparison | revisions
components/openssh/patches/003-last_login.patch file | annotate | diff | comparison | revisions 
--- a/components/openssh/Makefile	Thu Sep 04 21:42:03 2014 -0600
+++ b/components/openssh/Makefile	Fri Sep 05 10:10:15 2014 -0700
@@ -47,7 +47,7 @@
 # Enable ASLR for this component
 ASLR_MODE = $(ASLR_ENABLE)
 
-CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS) -DSET_USE_PAM -DDEPRECATE_SUNSSH_OPT -DLASTLOG_FIX -DKRB5_BUILD_FIX -DAUE_openssh=6172 -DDTRACE_SFTP -DDISABLE_BANNER -DPAM_ENHANCEMENT -DPAM_BUGFIX"
+CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS) -DSET_USE_PAM -DDEPRECATE_SUNSSH_OPT -DKRB5_BUILD_FIX -DAUE_openssh=6172 -DDTRACE_SFTP -DDISABLE_BANNER -DPAM_ENHANCEMENT -DPAM_BUGFIX"
 
 # We need to disable lazyloading of dynamic dependent libraries. During the
 # pre-authentication phase, sshd will chroot to /var/empty which doesn't
--- a/components/openssh/patches/003-last_login.patch	Thu Sep 04 21:42:03 2014 -0600
+++ b/components/openssh/patches/003-last_login.patch	Fri Sep 05 10:10:15 2014 -0700
@@ -1,90 +1,32 @@
-#
-# We changed the OpenSSH to not record the last login time when the "UsePAM"
-# option is on, because the PAM session module in Solaris will record the last
-# login time.  This is for Solaris only, so we will not contribute back this
-# change to the upstream community.
+# This change is Solaris-specific and thus is not being contributed back
+# to the upstream community.  Details:
 #
-*** orig/sshd.c	Thu Oct  4 16:08:28 2012
---- new/sshd.c	Thu Oct  4 16:06:05 2012
-***************
-*** 128,133 ****
---- 128,137 ----
-  int deny_severity;
-  #endif /* LIBWRAP */
-  
-+ #if defined(LASTLOG_FIX) && defined(USE_PAM)
-+ #include "sshlogin.h"
-+ #endif
-+ 
-  #ifndef O_NOCTTY
-  #define O_NOCTTY	0
-  #endif
-***************
-*** 2028,2033 ****
---- 2032,2041 ----
-  #endif
-  #ifdef USE_PAM
-  	if (options.use_pam) {
-+ #ifdef LASTLOG_FIX
-+ 		store_lastlog_message(authctxt->pw->pw_name,
-+ 		    authctxt->pw->pw_uid);
-+ #endif
-  		do_pam_setcred(1);
-  		do_pam_session();
-  	}
-*** orig/sshlogin.h	Thu Oct  4 16:08:54 2012
---- new/sshlogin.h	Thu Oct  4 16:06:31 2012
+# OpenSSH updates lastlog when users login however on Solaris the
+# pam_open_session(3PAM) function handles this so we avoid the
+# redundant additional upating of lastlog here.  We can't disable all
+# lastlog references with --disable-lastlog or NO_SSH_LASTLOG since that
+# prevents the 'Last login: ...' message from being displayed.  Thus
+# we just prevent OpenSSH from updating lastlog since reading from
+# lastlog is fine.  Other PAM implementations don't update lastlog
+# during session management so this change is Solaris-specific and
+# thus isn't being contributed back to the upstream community.
+#
+*** orig/loginrec.c	Thu Oct  4 16:08:42 2012
+--- new/loginrec.c      Thu Sep  4 16:41:24 2014
 ***************
-*** 14,19 ****
---- 14,22 ----
-  
-  void	record_login(pid_t, const char *, const char *, uid_t,
-      const char *, struct sockaddr *, socklen_t);
-+ #ifdef LASTLOG_FIX
-+ void store_lastlog_message(const char *, uid_t);
-+ #endif
-  void   record_logout(pid_t, const char *, const char *);
-  time_t	get_last_login_time(uid_t, const char *, char *, u_int);
-  
-*** orig/sshlogin.c	Thu Oct  4 16:08:42 2012
---- new/sshlogin.c	Thu Oct  4 16:35:27 2012
-***************
-*** 83,89 ****
---- 83,93 ----
-   * Generate and store last login message.  This must be done before
-   * login_login() is called and lastlog is updated.
-   */
-+ #ifndef LASTLOG_FIX
-  static void
-+ #else
-+ void
-+ #endif
-  store_lastlog_message(const char *user, uid_t uid)
-  {
-  #ifndef NO_SSH_LASTLOG
-***************
-*** 128,133 ****
---- 132,141 ----
-  {
-  	struct logininfo *li;
-  
-+ #ifdef LASTLOG_FIX
-+ 	/* In Solaris, PAM takes care of last login tracking */
-+         if (!options.use_pam) {
-+ #endif
-  	/* save previous login details before writing new */
-  	store_lastlog_message(user, uid);
-  
-***************
-*** 135,140 ****
---- 143,152 ----
-  	login_set_addr(li, addr, addrlen);
-  	login_login(li);
-  	login_free_entry(li);
-+ 
-+ #ifdef LASTLOG_FIX
-+ 	}
-+ #endif
-  }
-  
-  #ifdef LOGIN_NEEDS_UTMPX
+*** 444,450 ****
+  #ifdef USE_LOGIN
+  	syslogin_write_entry(li);
+  #endif
+! #ifdef USE_LASTLOG
+  	if (li->type == LTYPE_LOGIN)
+  		lastlog_write_entry(li);
+  #endif
+--- 444,450 ----
+  #ifdef USE_LOGIN
+  	syslogin_write_entry(li);
+  #endif
+! #if defined(USE_LASTLOG) && !defined(PAM_SUN_CODEBASE)
+  	if (li->type == LTYPE_LOGIN)
+  		lastlog_write_entry(li);
+  #endif
upstream/oracle/userland-gate