Patch to musl to provide wtmp for Linux PAM

Patch to musl to provide wtmp for Linux PAM

[Raphael Cohn]

[-- Attachment #1: Type: text/plain, Size: 2984 bytes --]

I've drafted a patch for musl which I'm using to get Linux-PAM to compile.

This patch:-
- defines _PATH_LASTLOG;
- uses macros in the utmpx struct for documentary value;
- adds an implementation of logwtmp
- alters _PATH_*TMP

It's probably not suitable for inclusion in musl mainline as it stands
(especially the last part) - but hopefully it'll be useful to others. It's
also quick and dirty, and so may be just plain wrong.

By the way, are there any plans to support writing to lastlog / wtmp / etc?
If not, I might create a private patch to redirect the writes to syslog. In
my view, this is where information like this belongs...

diff -N -u -r musl-0.9.14.orig/include/utmp.h musl-0.9.14/include/utmp.h
--- musl-0.9.14.orig/include/utmp.h    2013-09-23 22:01:11.000000000 +0100
+++ musl-0.9.14/include/utmp.h    2013-12-04 10:34:43.000000000 +0000
@@ -7,10 +7,6 @@

 #include <utmpx.h>

-#define ACCOUNTING 9
-#define UT_NAMESIZE 32
-#define UT_HOSTSIZE 256
-
 struct lastlog {
     time_t ll_time;
     char ll_line[UT_LINESIZE];
@@ -32,8 +28,11 @@

 void updwtmp(const char *, const struct utmp *);

-#define _PATH_UTMP "/dev/null/utmp"
-#define _PATH_WTMP "/dev/null/wtmp"
+void logwtmp(const char *, const char *, const char *);
+
+#define _PATH_UTMP "/var/run/utmp"
+#define _PATH_WTMP "/var/log/wtmp"
+#define _PATH_LASTLOG "/var/log/lastlog"

 #define UTMP_FILE _PATH_UTMP
 #define WTMP_FILE _PATH_WTMP
diff -N -u -r musl-0.9.14.orig/include/utmpx.h musl-0.9.14/include/utmpx.h
--- musl-0.9.14.orig/include/utmpx.h    2013-09-23 22:01:11.000000000 +0100
+++ musl-0.9.14/include/utmpx.h    2013-12-04 10:32:20.000000000 +0000
@@ -13,6 +13,8 @@
 #include <bits/alltypes.h>

 #define UT_LINESIZE 32
+#define UT_NAMESIZE 32
+#define UT_HOSTSIZE 256

 struct utmpx
 {
@@ -20,8 +22,8 @@
     pid_t ut_pid;
     char ut_line[UT_LINESIZE];
     char ut_id[4];
-    char ut_user[32];
-    char ut_host[256];
+    char ut_user[UT_NAMESIZE];
+    char ut_host[UT_HOSTSIZE];
     struct {
         short e_termination;
         short e_exit;
@@ -50,6 +52,7 @@
 #define LOGIN_PROCESS   6
 #define USER_PROCESS    7
 #define DEAD_PROCESS    8
+#define ACCOUNTING      9

 #ifdef __cplusplus
 }
diff -N -u -r musl-0.9.14.orig/src/legacy/utmp.c
musl-0.9.14/src/legacy/utmp.c
--- musl-0.9.14.orig/src/legacy/utmp.c    1970-01-01 01:00:00.000000000
+0100
+++ musl-0.9.14/src/legacy/utmp.c    2013-12-04 14:25:40.000000000 +0000
@@ -0,0 +1,20 @@
+#include <utmp.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/time.h>
+#include "libc.h"
+
+void logwtmp(const char * line, const char * name, const char * host)
+{
+    struct utmp u;
+    memset(&u, 0, sizeof(u));
+
+    u.ut_pid = getpid();
+    u.ut_type = name[0] ? USER_PROCESS : DEAD_PROCESS;
+    strncpy(u.ut_line, line, sizeof(u.ut_line));
+    strncpy(u.ut_name, name, sizeof(u.ut_name));
+    strncpy(u.ut_host, host, sizeof(u.ut_host));
+    gettimeofday(&(u.ut_tv), NULL);
+
+    updwtmp(_PATH_WTMP, &u);
+}

Raph

[-- Attachment #2: Type: text/html, Size: 3772 bytes --]

Re: Patch to musl to provide wtmp for Linux PAM

[Szabolcs Nagy]

[-- Attachment #1: Type: text/plain, Size: 1694 bytes --]

* Raphael Cohn <raphael.cohn@stormmq.com> [2013-12-04 14:49:32 +0000]:
> By the way, are there any plans to support writing to lastlog / wtmp / etc?
> If not, I might create a private patch to redirect the writes to syslog. In
> my view, this is where information like this belongs...

http://www.openwall.com/lists/musl/2012/03/04/4

i think the policy hasn't changed since

> --- musl-0.9.14.orig/include/utmpx.h    2013-09-23 22:01:11.000000000 +0100
> +++ musl-0.9.14/include/utmpx.h    2013-12-04 10:32:20.000000000 +0000
> @@ -13,6 +13,8 @@
>  #include <bits/alltypes.h>
> 
>  #define UT_LINESIZE 32
> +#define UT_NAMESIZE 32
> +#define UT_HOSTSIZE 256
> 

note that utmpx.h is defined in posix (part of the XSI option)
and UT_ is not reserved prefix for it so even the UT_LINESIZE
is a namespace violation (although a rather harmless one)

i attach a current list of namespace violations in musl based on
http://port70.net/~nsz/c/posix/reserved.txt

> +++ musl-0.9.14/src/legacy/utmp.c    2013-12-04 14:25:40.000000000 +0000
> @@ -0,0 +1,20 @@
> +#include <utmp.h>
> +#include <string.h>
> +#include <unistd.h>
> +#include <sys/time.h>
> +#include "libc.h"
> +
> +void logwtmp(const char * line, const char * name, const char * host)
> +{
> +    struct utmp u;
> +    memset(&u, 0, sizeof(u));
> +
> +    u.ut_pid = getpid();
> +    u.ut_type = name[0] ? USER_PROCESS : DEAD_PROCESS;
> +    strncpy(u.ut_line, line, sizeof(u.ut_line));
> +    strncpy(u.ut_name, name, sizeof(u.ut_name));
> +    strncpy(u.ut_host, host, sizeof(u.ut_host));
> +    gettimeofday(&(u.ut_tv), NULL);
> +
> +    updwtmp(_PATH_WTMP, &u);
> +}

note that updwtmp is just a stub so this logwtmp does not do much

[-- Attachment #2: nsbug.txt --]
[-- Type: text/plain, Size: 2231 bytes --]

arpa/inet.h accept4
arpa/inet.h gid
arpa/inet.h imr_address
arpa/inet.h imr_ifindex
arpa/inet.h imr_interface
arpa/inet.h imr_multiaddr
arpa/inet.h imr_sourceaddr
arpa/inet.h imsf_fmode
arpa/inet.h imsf_interface
arpa/inet.h imsf_multiaddr
arpa/inet.h imsf_numsrc
arpa/inet.h imsf_slist
arpa/inet.h ip6_mtuinfo
arpa/inet.h ip6m_addr
arpa/inet.h ip6m_mtu
arpa/inet.h ipi6_addr
arpa/inet.h ipi6_ifindex
arpa/inet.h ipi_addr
arpa/inet.h ipi_ifindex
arpa/inet.h ipi_spec_dst
arpa/inet.h pid
arpa/inet.h quot
arpa/inet.h rem
arpa/inet.h ucred
arpa/inet.h uid
complex.h CMPLX
complex.h CMPLXF
complex.h CMPLXL
float.h DBL_TRUE_MIN
float.h FLT_TRUE_MIN
float.h LDBL_TRUE_MIN
inttypes.h quot
inttypes.h rem
netdb.h accept4
netdb.h gid
netdb.h imr_address
netdb.h imr_ifindex
netdb.h imr_interface
netdb.h imr_multiaddr
netdb.h imr_sourceaddr
netdb.h imsf_fmode
netdb.h imsf_interface
netdb.h imsf_multiaddr
netdb.h imsf_numsrc
netdb.h imsf_slist
netdb.h ip6_mtuinfo
netdb.h ip6m_addr
netdb.h ip6m_mtu
netdb.h ipi6_addr
netdb.h ipi6_ifindex
netdb.h ipi_addr
netdb.h ipi_ifindex
netdb.h ipi_spec_dst
netdb.h pid
netdb.h quot
netdb.h rem
netdb.h ucred
netdb.h uid
netinet/in.h accept4
netinet/in.h gid
netinet/in.h imr_address
netinet/in.h imr_ifindex
netinet/in.h imr_interface
netinet/in.h imr_multiaddr
netinet/in.h imr_sourceaddr
netinet/in.h imsf_fmode
netinet/in.h imsf_interface
netinet/in.h imsf_multiaddr
netinet/in.h imsf_numsrc
netinet/in.h imsf_slist
netinet/in.h ip6_mtuinfo
netinet/in.h ip6m_addr
netinet/in.h ip6m_mtu
netinet/in.h ipi6_addr
netinet/in.h ipi6_ifindex
netinet/in.h ipi_addr
netinet/in.h ipi_ifindex
netinet/in.h ipi_spec_dst
netinet/in.h pid
netinet/in.h quot
netinet/in.h rem
netinet/in.h ucred
netinet/in.h uid
stdio.h P_tmpdir
stdlib.h aligned_alloc
stdlib.h at_quick_exit
stdlib.h mkostemp
stdlib.h quick_exit
stdlib.h quot
stdlib.h rem
stropts.h RPROTMASK
sys/shm.h used_ids
sys/socket.h accept4
sys/socket.h gid
sys/socket.h pid
sys/socket.h ucred
sys/socket.h uid
sys/uio.h UIO_MAXIOV
termios.h CBAUDEX
termios.h CRTSCTS
termios.h EXTPROC
termios.h XTABS
tgmath.h CMPLX
tgmath.h CMPLXF
tgmath.h CMPLXL
unistd.h dup3
unistd.h pipe2
utmpx.h UT_LINESIZE
utmpx.h e_exit
utmpx.h e_termination
utmpx.h updwtmpx

Re: Patch to musl to provide wtmp for Linux PAM

[Raphael Cohn]

[-- Attachment #1: Type: text/plain, Size: 2475 bytes --]

Thanks for the reply - I realise udpwtmp is a stub, but if it ever
changes... although policy would seem to make that unlikely. The only
reason I can really see to deviate from this policy is to support the
various security / monitoring tools. From memory, things like splunk might
use it.

As an aside, I actually used the *tmp files to debug random restarts of
Azure linux instances earlier this year... (for the list, the problem was
with Azure).

Given the policy I'm minded to write a private patch for updwtmp captures
some of these details and sends them to authpriv. Other things are more
pressing though...

On 4 December 2013 16:20, Szabolcs Nagy <nsz@port70.net> wrote:

> * Raphael Cohn <raphael.cohn@stormmq.com> [2013-12-04 14:49:32 +0000]:
> > By the way, are there any plans to support writing to lastlog / wtmp /
> etc?
> > If not, I might create a private patch to redirect the writes to syslog.
> In
> > my view, this is where information like this belongs...
>
> http://www.openwall.com/lists/musl/2012/03/04/4
>
> i think the policy hasn't changed since
>
> > --- musl-0.9.14.orig/include/utmpx.h    2013-09-23 22:01:11.000000000
> +0100
> > +++ musl-0.9.14/include/utmpx.h    2013-12-04 10:32:20.000000000 +0000
> > @@ -13,6 +13,8 @@
> >  #include <bits/alltypes.h>
> >
> >  #define UT_LINESIZE 32
> > +#define UT_NAMESIZE 32
> > +#define UT_HOSTSIZE 256
> >
>
> note that utmpx.h is defined in posix (part of the XSI option)
> and UT_ is not reserved prefix for it so even the UT_LINESIZE
> is a namespace violation (although a rather harmless one)
>
> i attach a current list of namespace violations in musl based on
> http://port70.net/~nsz/c/posix/reserved.txt
>
> > +++ musl-0.9.14/src/legacy/utmp.c    2013-12-04 14:25:40.000000000 +0000
> > @@ -0,0 +1,20 @@
> > +#include <utmp.h>
> > +#include <string.h>
> > +#include <unistd.h>
> > +#include <sys/time.h>
> > +#include "libc.h"
> > +
> > +void logwtmp(const char * line, const char * name, const char * host)
> > +{
> > +    struct utmp u;
> > +    memset(&u, 0, sizeof(u));
> > +
> > +    u.ut_pid = getpid();
> > +    u.ut_type = name[0] ? USER_PROCESS : DEAD_PROCESS;
> > +    strncpy(u.ut_line, line, sizeof(u.ut_line));
> > +    strncpy(u.ut_name, name, sizeof(u.ut_name));
> > +    strncpy(u.ut_host, host, sizeof(u.ut_host));
> > +    gettimeofday(&(u.ut_tv), NULL);
> > +
> > +    updwtmp(_PATH_WTMP, &u);
> > +}
>
> note that updwtmp is just a stub so this logwtmp does not do much
>

[-- Attachment #2: Type: text/html, Size: 3448 bytes --]