Accepting request 1110800 from home:kukuk:no-utmp

Teach openssh to tell logind the TTY, else tools like wall will stop working now with the new systemd v254 and util-linux (and who, w, ... will not show a tty) OBS-URL: https://build.opensuse.org/request/show/1110800 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=250
2023-09-18 22:02:17 +00:00 · 2023-09-18 22:02:17 +00:00 · a4dae544f0
commit a4dae544f0
parent 67a17999e6
4 changed files with 214 additions and 7 deletions
--- a/logind_set_tty.patch
+++ b/logind_set_tty.patch
@ -0,0 +1,197 @@
+diff --git a/Makefile.in b/Makefile.in
+index f0ea07e7b..35dcf45f1 100644
+--- a/Makefile.in
+++ b/Makefile.in
+@@ -56,6 +56,7 @@ SSHDLIBS=@SSHDLIBS@
+ LIBEDIT=@LIBEDIT@
+ LIBFIDO2=@LIBFIDO2@
+ LIBWTMPDB=@LIBWTMPDB@
+LIBSYSTEMD=@LIBSYSTEMD@
+ AR=@AR@
+ AWK=@AWK@
+ RANLIB=@RANLIB@
+@@ -208,7 +209,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
+ 	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(GSSLIBS) $(CHANNELLIBS)
+ 
+ sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
+-	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(CHANNELLIBS) $(LIBWTMPDB)
+	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(CHANNELLIBS) $(LIBWTMPDB) $(LIBSYSTEMD)
+ 
+ scp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SCP_OBJS)
+ 	$(LD) -o $@ $(SCP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+diff --git a/configure.ac b/configure.ac
+index a12c6f7ad..860df3379 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -1789,6 +1789,47 @@ AC_ARG_WITH([wtmpdb],
+ )
+ 
+ 
+# Check whether user wants logind/set tty support
+AC_ARG_WITH([logind],
+	[  --with-logind[[=PATH]]   Enable logind support for sshd],
+	[ if test "x$withval" != "xno" ; then
+		if test "x$withval" = "xyes" ; then
+			AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
+			if test "x$PKGCONFIG" != "xno"; then
+				AC_MSG_CHECKING([if $PKGCONFIG knows about libsystemd])
+				if "$PKGCONFIG" libsystemd; then
+					AC_MSG_RESULT([yes])
+					use_pkgconfig_for_libsystemd=yes
+				else
+					AC_MSG_RESULT([no])
+				fi
+			fi
+		else
+			CPPFLAGS="$CPPFLAGS -I${withval}/include"
+			if test -n "${rpath_opt}"; then
+				LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
+			else
+				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+			fi
+		fi
+		if test "x$use_pkgconfig_for_libsystemd" = "xyes"; then
+			LIBSYSTEMD=`$PKGCONFIG --libs libsystemd`
+			CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libsystemd`"
+		else
+			LIBSYSTEMD="-lsystemd"
+		fi
+		OTHERLIBS=`echo $LIBSYSTEMD | sed 's/-lsystemd//'`
+		AC_CHECK_LIB([systemd], [sd_bus_open_system],
+			[ AC_DEFINE([USE_LOGIND], [1], [Use systemd-logind])
+			  AC_SUBST([LIBSYSTEMD])
+			],
+			[ AC_MSG_ERROR([libsystemd not found]) ],
+			[ $OTHERLIBS ]
+		)
+	fi ]
+)
+
+
+ AUDIT_MODULE=none
+ AC_ARG_WITH([audit],
+ 	[  --with-audit=module     Enable audit support (modules=debug,bsm,linux)],
+diff --git a/loginrec.c b/loginrec.c
+index 86caf83b2..8b413190b 100644
+--- a/loginrec.c
+++ b/loginrec.c
+@@ -191,6 +191,10 @@
+ # include <wtmpdb.h>
+ #endif
+ 
+#ifdef USE_LOGIND
+# include <systemd/sd-bus.h>
+#endif
+
+ /**
+  ** prototypes for helper functions in this file
+  **/
+@@ -214,6 +218,9 @@ int syslogin_write_entry(struct logininfo *li);
+ #ifdef USE_WTMPDB
+ int wtmpdb_write_entry(struct logininfo *li);
+ #endif
+#ifdef USE_LOGIND
+int logind_set_tty(struct logininfo *li);
+#endif
+ 
+ int getlast_entry(struct logininfo *li);
+ int lastlog_get_entry(struct logininfo *li);
+@@ -477,6 +484,9 @@ login_write(struct logininfo *li)
+ #ifdef USE_WTMPDB
+ 	wtmpdb_write_entry(li);
+ #endif
+#ifdef USE_LOGIND
+	logind_set_tty(li);
+#endif
+ #ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN
+ 	if (li->type == LTYPE_LOGIN &&
+ 	    !sys_auth_record_login(li->username,li->hostname,li->line,
+@@ -1476,6 +1486,88 @@ wtmpdb_write_entry(struct logininfo *li)
+ }
+ #endif
+ 
+#ifdef USE_LOGIND
+#define DBUS_DESTINATION "org.freedesktop.login1"
+#define DBUS_PATH_ID "/org/freedesktop/login1/session/auto"
+#define DBUS_INTERFACE "org.freedesktop.login1.Session"
+#define DBUS_PATH "/org/freedesktop/login1/session/%s"
+
+static int
+logind_perform_login(struct logininfo *li)
+{
+  sd_bus *bus = NULL;
+  sd_bus_error error = SD_BUS_ERROR_NULL;
+  char *session_id = NULL;
+  char *dbus_path;
+  const char *tty;
+  char buf[PATH_MAX];
+  int r;
+  int fd;
+
+  if (sd_bus_open_system(&bus) < 0)
+    {
+      logit("logind: canot open dbus");
+      return (0);
+    }
+
+  if (sd_bus_get_property_string(bus, DBUS_DESTINATION,
+				 DBUS_PATH_ID, DBUS_INTERFACE,
+				 "Id", &error, &session_id) < 0)
+    {
+      logit("logind: cannot get session ID");
+      return (0);
+    }
+
+  if (strncmp(li->line, "/dev/", 5) != 0)
+    snprintf (buf, sizeof(buf), "/dev/%s", li->line);
+  else
+    tty = li->line;
+
+  fd = open(tty, O_RDWR|O_CLOEXEC|O_NOCTTY);
+
+  if (asprintf (&dbus_path, DBUS_PATH, session_id) < 0)
+    return (0);
+
+  if (sd_bus_call_method(bus, DBUS_DESTINATION, dbus_path,
+			 DBUS_INTERFACE, "TakeControl", &error, NULL,
+			 "b", 1) < 0) {
+    logit("logind: cannot take control");
+    free(dbus_path);
+    return (0);
+  }
+
+  if ((r = sd_bus_call_method(bus, DBUS_DESTINATION, dbus_path,
+			      DBUS_INTERFACE, "SetTTY", &error, NULL,
+			      "h", fd)) < 0) {
+    if (r != -EBADR) /* logind does not support "SetTTY" */
+      logit("logind: cannot set TTY(%s, %s): %s", session_id, tty, strerror(-r));
+    free(dbus_path);
+    return (0);
+  }
+
+  free(dbus_path);
+
+  if (sd_bus_flush(bus) < 0)
+    return (0);
+
+  return (1);
+}
+
+int
+logind_set_tty(struct logininfo *li)
+{
+	switch(li->type) {
+	case LTYPE_LOGIN:
+		return (logind_perform_login(li));
+	case LTYPE_LOGOUT:
+	        return (1);
+	default:
+		logit("%s: invalid type field", __func__);
+		return (0);
+	}
+}
+#endif
+
+ 
+ /**
+  ** Low-level libutil login() functions
--- a/openssh-8.4p1-pam_motd.patch
+++ b/openssh-8.4p1-pam_motd.patch
@ -1,19 +1,13 @@
-Gemeinsame Unterverzeichnisse: openssh-8.4p1.orig/contrib und openssh-8.4p1/contrib.
-Gemeinsame Unterverzeichnisse: openssh-8.4p1.orig/.github und openssh-8.4p1/.github.
-Gemeinsame Unterverzeichnisse: openssh-8.4p1.orig/m4 und openssh-8.4p1/m4.
-Gemeinsame Unterverzeichnisse: openssh-8.4p1.orig/openbsd-compat und openssh-8.4p1/openbsd-compat.
-Gemeinsame Unterverzeichnisse: openssh-8.4p1.orig/regress und openssh-8.4p1/regress.
 diff -u openssh-8.4p1.orig/sshd_config openssh-8.4p1/sshd_config
 --- openssh-8.4p1.orig/sshd_config	2020-09-27 09:25:01.000000000 +0200
 +++ openssh-8.4p1/sshd_config	2021-05-18 19:15:39.190701511 +0200
-@@ -88,8 +88,8 @@
+@@ -88,8 +88,7 @@
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PermitTTY yes
 -#PrintMotd yes
 -#PrintLastLog yes
 +PrintMotd no
-+PrintLastLog no
 #TCPKeepAlive yes
 #PermitUserEnvironment no
 #Compression delayed
--- a/openssh.changes
+++ b/openssh.changes
@ -39,6 +39,17 @@ Fri Jul 21 02:48:58 UTC 2023 - Simon Lees <sflees@suse.de>
     may circumvent this restriction.


+-------------------------------------------------------------------
+Wed Jun 21 12:14:54 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
+
+- Disable old lastlog, we use pam_lastlog2
+- openssh-8.4p1-pam_motd.patch: adjust to remove PrintLastLog
+
+-------------------------------------------------------------------
+Thu Jun 15 07:05:38 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
+
+- logind_set_tty.patch: tell systemd-logind our current TTY
+
 -------------------------------------------------------------------
 Thu May 11 07:01:54 UTC 2023 - Antonio Larrosa <alarrosa@suse.com>

--- a/openssh.spec
+++ b/openssh.spec
@ -115,6 +115,7 @@ Patch48:        openssh-8.4p1-pam_motd.patch
 Patch49:        openssh-do-not-send-empty-message.patch
 Patch50:        openssh-openssl-3.patch
 Patch51:        wtmpdb.patch
+Patch52:        logind_set_tty.patch
 Patch100:       fix-missing-lz.patch
 BuildRequires:  audit-devel
 BuildRequires:  automake
@ -317,6 +318,10 @@ export LDFLAGS CFLAGS CXXFLAGS CPPFLAGS
    --with-libedit \
 %if %{with wtmpdb}
    --with-wtmpdb \
+%endif
+%if 0%{?suse_version} >= 1550
+    --disable-lastlog \
+    --with-logind \
 %endif
    --with-security-key-builtin \
    --target=%{_target_cpu}-suse-linux