Irix UseLogin wtmp/utmp bug

John W. Sopko Jr. sopko at cs.unc.edu
Tue Jul 23 23:54:26 EST 2002


I am using the "UseLogin yes" configuration parameter to call the
/usr/bin/login program on SGI Irix, (we are using Irix version
6.5.13).  I do this because the SGI login program is AFS awhere and
checks out a token for you and I do not want to compile the Kerberos
version of sshd, (it is to messy for me to support).

Everything seems to work fine accept the wtmp(x) and utmp(x) files do
not get updated? The problem existed in openssh 3.0.2 I just upgraded
to 3.4 and still have the problem. Here is what I have found, if anyone
has any info that would be great else I will have to live with this:


The login program is execl'd in the sesssion.c file using the execl()
call:

----------

static void
launch_login(struct passwd *pw, const char *hostname)
{
char *env_init[] = {"MYENV=null", NULL};
        /* Launch login(1). */

        fprintf(stderr, "X11 forwarding not supported with IRIX
login.\n");
        fprintf(stderr, "Must enter password again to get AFS
token,\n");
        /* execl(LOGIN_PROGRAM, "login", "-h", hostname, */
        execl(LOGIN_PROGRAM, "login",
#ifdef xxxLOGIN_NEEDS_TERM
                    (s->term ? s->term : "unknown"),
#endif /* LOGIN_NEEDS_TERM */
#ifdef LOGIN_NO_ENDOPT
            /* "-p", "-f", pw->pw_name, (char *)NULL); */
            pw->pw_name, (char *)NULL);
#else
            /* "-p", "-f", "--", pw->pw_name, (char *)NULL); */
             pw->pw_name, (char *)NULL);
#endif

----------

Note I made a few changes here since the SGI login program only
supports the following options, (from the sgi man page):

login(1)

NAME
     login - sign on

SYNOPSIS
     login [ -d device ] [ name [ environ ... ]]




After the ifdef's are applied above login gets called as:

execl(LOGIN_PROGRAM, "login",pw->pw_name, (char *)NULL);

Which equates to "/usr/bin/login user_name".


When a user logs in the login program gets executed, the user gets
prompted twice for their password, they get an AFS token. The wtmp/utmp
files are not updated and I cannot tell who is logged in or has been
logged in.

I think it is up to the SGI login program to update these files at this
point, not the sshd daemon. If I do not use the UseLogin option the
sshd daemon updated the wtmp/utmp files just fine, (but I do not get an
AFS token).

I can call the /usr/bin/login program once I am logged into a session
that
uses the UseLogin option and the wtmp/utmp files still do not get
updated!

But if I call /usr/bin/login from the command line while logged into a
sshd session that does NOT use UseLogin the wtmp/utmp files do get
updated.

This leads me to believe when the login program is execl'ed it inherits
the sshd environment variables and there is something that the
/usr/bin/login program detects that causes it not to update wtmp/umtp?

I tried to prove this by using the execle() call instead of execl().
The execle() call allows you to pass a new environment in an array. I
set the environment array to contain just one variable. I was able to
login but this did not fix the problem!

I searched SGI's support for any updates to the /usr/bin/login program
and couldnot find anything. Note that on SGI the /usr/bin/login program
is a link to /usr/lib/iaf/scheme. I placed this program directly in the
execl call, execl("/usr/lib/iaf/scheme",... and this did not help.

I also tried to enable-- and disable-- the following configure
options,(which I could not find any documentation on), and this did not
help:

--disable-utmp          disable use of utmp even if detected no
--disable-utmpx         disable use of utmpx even if detected no
--disable-wtmp          disable use of wtmp even if detected no
--disable-wtmpx         disable use of wtmpx even if detected no


Any ideas out there?

-- 
John W. Sopko Jr.               University of North Carolina
email: sopko at cs.unc.edu         Computer Science Dept., CB 3175
Phone: 919-962-1844             Sitterson Hall; Room 135
Fax:   919-962-1799             Chapel Hill, NC 27599-3175



More information about the openssh-unix-dev mailing list