utmp update for bsd systems (try 2)

Andrew Bartlett abartlet at samba.org
Tue Apr 19 21:55:53 GMT 2005 

On Tue, 2005-04-19 at 11:16 +0100, David Lee wrote:
> On Tue, 19 Apr 2005, Luke Mewburn wrote:
> 

> > login(3) and logout(3) certainly exist in NetBSD's libutil, and NetBSD
> > has had them since inception (March 1993).  FreeBSD has them.
> > OpenBSD should have them as NetBSD had them at the time OpenBSD forked
> > from NetBSD, unless they've since been removed.
> >
> > With the addition of utmpx(5) support in NetBSD a couple of years ago,
> > NetBSD also provides loginx(3), logout(x) and logwtmpx(3) APIs in
> > libutil, as well as the POSIX pututxline(3) (et al) API in libc.
> >
> > autoconf tests can be used to detect which particular utmp/wtmp/utmpx/wtmpx
> > APIs are present and working on a given system so that Samba can DTRT.
> 
> Thanks, Luke.

Indeed - I knew there had to be a sane way out of this.  By sane, I
should clarify my agreement as to making the OS responsible.  It's not
just locking issues - I just don't want to assume that the header
structure for struct utmp is blindly the same as the one used on disk.
If we get that wrong, we screw up critical system logs.

> Michael says "login/logout is unusable" (which I cannot assess either 
> way).  Alas, the comments in his diff don't say why.
> 
> Luke: Do you have the inclination, time and resources to investigate 
> whether a subroutine-based solution ("login()", "pututxline()") might be 
> feasible on one or more of the *BSD variants?  (And, as a side-effect, 
> checking whether the autoconf tests are adequate and sufficient?)
> 
> Further, in hunting through the "www.opensbd.org" CVS repository 
> yesterday, I also found a "pam_lastlog", which looked promising.  At his 
> point we need Andrew Bartlett again.

I think the purpose of this module is to print the last login time, I
don't think it writes it (but given the information we supply PAM, such
a module is not hard to construct, and I've not looked at the source).

> Andrew: I have a recollection (probably at least partially faulty) that 
> your preferred solution to all this session related stuff is PAM (when 
> available and when modules permit), falling back to "utmp.c:pututxline()", 
> falling back to "utmpc.c:write()".  Comments?

Well, I kept promising to some day write as 'session exec' hook, and
kept telling people that 'writing a PAM module is not too hard', until I
got it done ;-)

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050420/cb0b8360/attachment.bin

More information about the samba-technical mailing list