[Bug 1595] New: Server option PrintLastLog does not work on AIX

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon May 4 02:09:40 EST 2009 

https://bugzilla.mindrot.org/show_bug.cgi?id=1595

           Summary: Server option PrintLastLog does not work on AIX
           Product: Portable OpenSSH
           Version: 5.2p1
          Platform: PPC
        OS/Version: AIX
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: miguel.sanders at arcelormittal.com
                CC: miguel.sanders at arcelormittal.com


Created an attachment (id=1631)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1631)
auth.c patch

Hi

Apparently, the server option "PrintLastLog" does not work on AIX.
The last login time is always displayed, disregarding the option.
When browsing the code, I found out there are several functions in
loginrec.c which solely handle the processing of the last login info
(login_get_lastlog, getlast_entry).
Since AIX does not provide such a function natively, the configure
script sets the DISABLE_LASTLOG define. 
A small code snippet from getlast_entry in loginrec.c shows this

#if defined(DISABLE_LASTLOG)
        /* On some systems we shouldn't even try to obtain last login
         * time, e.g. AIX */
        return (0);

On the other hand, when issuing the AIX loginsuccess() call (which
writes a new login record), the last login record can be retrieved by
that very same call.
If we look at port-aix.c, we can see the following:

if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0)
{
    success = 1;
            if (msg != NULL && loginmsg != NULL && !msg_done) {
                     debug("AIX/loginsuccess: msg %s", msg);
                     buffer_append(loginmsg, msg, strlen(msg));
                     xfree(msg);
                     msg_done = 1;
            }
 }


The pointer "msg" points to the new last login info for the user and it
always appended to the loginmsg buffer. 
The buffer_append call should only be called if options.print_lastlog
is set.

Proposed solution:

At first I thought it would be sufficient to embed the buffer_append
call 
if (options.print_lastlog)
    buffer_append(loginmsg, msg, strlen(msg));

And to add the following to port-aix.c
#include "servconf.h"
extern ServerOptions options;

But then compiling other modules (f.e. ssh-keyscan) will fail because
of the missing "options" in the openbsd-compat library .
        cc -qlanglvl=extc89 -o ssh-keyscan ssh-keyscan.o -L.
-Lopenbsd-compat/ -L/usr/lib -L/usr/lib -q64 -L/usr/lib
-blibpath:/usr/lib:/lib:/usr/lib -lssh -lopenbsd-compat -lssh -lcrypto
-lz -lksvc -lgssapi_krb5 -lkrb5
ld: 0711-224 WARNING: Duplicate symbol: .bcopy
ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more
information.
ld: 0711-317 ERROR: Undefined symbol: options

The only solution I currently see for this is to add an additional
parameter (value of options.print_lastlog) to the sys_auth_record_login
function in port-aix.c, port-aix.h and auth.c.
auth.c
# ifdef WITH_AIXAUTHENTICATE
        if (authenticated)
                sys_auth_record_login(authctxt->user,
                    get_canonical_hostname(options.use_dns), "ssh",
&loginmsg, options.print_lastlog);
# endif

port-aix.c
int
sys_auth_record_login(const char *user, const char *host, const char
*ttynm,
    Buffer *loginmsg, int print_lastlog)
{
...
    if(print_lastlog == 1)
        buffer_append(loginmsg, msg, strlen(msg));
    xfree(msg);
    msg_done = 1;
...
}

I uploaded some patches.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list