<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<body text="#000000" bgcolor="#FFFFFF" link="#0000FF" vlink="#FF0000" alink="#000088">
Kevin, I tried re-implementing the wtmp writing routines to use utmpname(3),
setutent(3), pututline(3), and so on. If my understanding is correct,
the wtmp and utmp files function differently. When processing a logout
with utmp, the routines will find the corresponding login record and update
it with the logout information. However, when working with wtmp,
you always want to append information. You do not actually want to
update the login entry. Instead you want to add a whole new logout
entry. That is why the wtmp grows so much faster than utmp.
<p>After re-implementing the code in loginrec.c to use the getut(3) routines
to write to wtmp, I noticed the following behavior. After I log in,
"last" shows an entry for my SSH login and lists it as "still logged in".
The wtmp file grows by 60 bytes. When I logout, "last" no longer
shows any record of my login. In other words, the entry that said
"still logged in" did not show my logout time as you would expect.
Rather, it simply no longer showed up. And, the wtmp file did not
grow in size. This leads me to believe the getut(3) routines updated
the login entry. That, and the man pages say they do.
<p>When working correctly, the wtmp file should grow by 60 bytes when I
log in and again when I log out. Two entries are actually recorded.
Using the pututline functions, the login entry is updated instead.
<p>I did read in some HP/UX 11 64-bit documents that use of the getut(3)
functions has been deprecated in favor of the getutx(3) functions.
However, no other system utilities that ship with HP/UX update the wtmpx
file. It is normally blank. In fact, the utmp.h and utmpx.h
include files do not define WTMPX_FILE where they do define UTMP_FILE,
UTMPX_FULE, and WTMP_FILE. It is interesting that they indicate the
getut(3) function should no longer be used when they (HP) still use them.
<p>Note that when using the pututline(3) routine, even if I pass it the
72 byte 64-bit utmp structure, it casts it to the 60 byte 32-bit structure
and records it. This is good. It does not corrupt the wtmp
file.
<br>
<p>Kevin Steves wrote:
<blockquote TYPE=CITE>On Wed, 9 Jan 2002, Quentin Bracken wrote:
<br>:I do not know what a good work around could be. I temporarily
modified
<br>:the /usr/include/utmp.h structure to use int32_t as the type for ut_time
<br>:instead of long and rebuilt loginrec.o and relinked sshd. OpenSSH
<br>:performed correctly, updating wtmp like a champ. I thought that
we
<br>:could use utmpname and the pututline tools (which will convert the
72
<br>:byte structure to a 60 byte structure somehow), but their behavior
is
<br>:not actually compatible with wtmp. I also thought about defining
a
<br>:custom utmp structure when building on HP-UX 64-bit, but that really
<br>:seems like a bad way of doing it.
<p>ah, thanks for dealing with problems in TODO.
<p>we use getutx(3C) and getut(3C) for get* and put* (i think that is correct
<br>for hp-ux). would this be a defect in the 64-bit versions of
those
<br>interfaces? i don't understand "not actually compatible with
wtmp".</blockquote>
<p><br>--
<br><a href="mailto:quentin.bracken@eds.com">Quentin Bracken</a>
<br>Infrastructure Specialist
<br>EDS
<br>
<br>
</body>
</html>