[Bug 463] PrintLastLog doesn't work in privsep mode
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Feb 22 16:01:40 EST 2003
http://bugzilla.mindrot.org/show_bug.cgi?id=463
------- Additional Comments From dtucker at zip.com.au 2003-02-22 16:01 -------
Created an attachment (id=235)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=235&action=view)
Generate login message as part of login recording.
This patch moves the generation of the generic last login message to
sshlogin.c, the AIX loginsuccess call to loginrec.c and provides a monitor call
to get the login message. (The AIX problem was that loginsuccess did not get
called for non-password auth).
The reason the monitor call is necessary is that on AIX, the last login message
is generated as a side-effect of calling loginsuccess(). This needs root privs
(as it does some logging too). Now if you have a postponed authentication,
you can't safely call loginsuccess() before the post-auth privsep split (since
the postponed authentication may not actually succeed). Hence, the only
guaranteed safe place to call it is from the post-auth monitor, and therefore a
monitor call is necessary to retrieve the login message).
As a minor bonus (?) this also allows correct recording of ptys in the AIX
login info.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-unix-dev
mailing list