Subject: bin/32870: login(1) does not obey .hushlogin - fix supplied
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: Johan Veenhuizen <veenhuizen@users.sourceforge.net>
List: netbsd-bugs
Date: 02/18/2006 23:15:00
>Number:         32870
>Category:       bin
>Synopsis:       login(1) does not obey .hushlogin - fix supplied
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Feb 18 23:15:00 +0000 2006
>Originator:     Johan Veenhuizen
>Release:        NetBSD 3.0
>Organization:
	
>Environment:
	
	
System: NetBSD n203-3.vildanden.afb.lu.se 3.0 NetBSD 3.0 (N203-3) #10: Fri Feb 17 00:15:48 CET 2006 jpv@n203-3.vildanden.afb.lu.se:/usr/src/sys/arch/i386/compile/N203-3 i386
Architecture: i386
Machine: i386
>Description:
	login(1) prints the date and time of the last login even if
	the file ".hushlogin" exists in the user's home directory.
	Both the original version and the PAM version of login
	are affected.

	The problem is caused by login(1) and libpam.
	Both need to be patched in order to restore the
	correct behaviour. See below.
>How-To-Repeat:
	Create the file ".hushlogin" in your home directory,
	log out, and log back in. The string
	"Last login: <DATE> on <TTY>" will be printed on
	the console, even though the manual page says
	it won't.
>Fix:
	Apply the following patches to login(1) and libpam.

diff -Nur src.orig/usr.bin/login/login.c src/usr.bin/login/login.c
--- src.orig/usr.bin/login/login.c	2005-03-30 12:25:08.000000000 +0200
+++ src/usr.bin/login/login.c	2006-02-18 20:44:48.000000000 +0100
@@ -989,7 +989,7 @@
 dolastlogx(int quiet)
 {
 	struct lastlogx ll;
-	if (getlastlogx(_PATH_LASTLOGX, pwd->pw_uid, &ll) != NULL) {
+	if (!quiet && getlastlogx(_PATH_LASTLOGX, pwd->pw_uid, &ll) != NULL) {
 		time_t t = (time_t)ll.ll_tv.tv_sec;
 		(void)printf("Last login: %.24s ", ctime(&t));
 		if (*ll.ll_host != '\0')
diff -Nur src.orig/usr.bin/login/login_pam.c src/usr.bin/login/login_pam.c
--- src.orig/usr.bin/login/login_pam.c	2005-07-10 00:42:12.000000000 +0200
+++ src/usr.bin/login/login_pam.c	2006-02-18 20:15:54.000000000 +0100
@@ -468,7 +468,7 @@
 
 	if (!quietlog) {
 		quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0;
-		pam_silent = 0;
+		pam_silent = quietlog ? PAM_SILENT : 0;
 	}
 
 	/* regain special privileges */
diff -Nur src.orig/lib/libpam/modules/pam_lastlog/pam_lastlog.c src/lib/libpam/modules/pam_lastlog/pam_lastlog.c
--- src.orig/lib/libpam/modules/pam_lastlog/pam_lastlog.c	2005-07-11 13:23:34.000000000 +0200
+++ src/lib/libpam/modules/pam_lastlog/pam_lastlog.c	2006-02-18 18:33:14.000000000 +0100
@@ -153,11 +153,16 @@
 
 	if (openpam_get_option(pamh, "no_nested") == NULL || nuser == NULL) {
 		int quiet;
+		if ((flags & PAM_SILENT) != 0)
+			quiet = 1;
+		else {
 #ifdef LOGIN_CAP
-		quiet = login_getcapbool(login_getpwclass(pwd), "hushlogin", 0);
+			quiet = login_getcapbool(login_getpwclass(pwd),
+			    "hushlogin", 0);
 #else
-		quiet = 0;
+			quiet = 0;
 #endif
+		}
 #ifdef SUPPORT_UTMPX
 		doutmpx(user, rhost, tty, ss, &now);
 		dolastlogx(pamh, quiet, pwd, rhost, tty, ss, &now);

>Unformatted: