[Bug 463] PrintLastLog doesn't work in privsep mode

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Feb 22 16:01:40 EST 2003


------- Additional Comments From dtucker at zip.com.au  2003-02-22 16:01 -------
Created an attachment (id=235)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=235&action=view)
Generate login message as part of login recording.

This patch moves the generation of the generic last login message to
sshlogin.c, the AIX loginsuccess call to loginrec.c and provides a monitor call
to get the login message.  (The AIX problem was that loginsuccess did not get
called for non-password auth).

The reason the monitor call is necessary is that on AIX, the last login message
is generated as a side-effect of calling loginsuccess().  This needs root privs
 (as it does some logging too).  Now if you have a postponed authentication,
you can't safely call loginsuccess() before the post-auth privsep split (since
the postponed authentication may not actually succeed).  Hence, the only
guaranteed safe place to call it is from the post-auth monitor, and therefore a
monitor call is necessary to retrieve the login message).

As a minor bonus (?) this also allows correct recording of ptys in the AIX
login info.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-unix-dev mailing list