Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openssh for openSUSE:Factory checked in at 2023-09-22 21:46:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssh (Old) and /work/SRC/openSUSE:Factory/.openssh.new.1770 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssh" Fri Sep 22 21:46:58 2023 rev:166 rq:1112087 version:9.3p2 Changes: -------- --- /work/SRC/openSUSE:Factory/openssh/openssh.changes 2023-07-24 18:11:52.685180183 +0200 +++ /work/SRC/openSUSE:Factory/.openssh.new.1770/openssh.changes 2023-09-22 21:47:31.917117018 +0200 @@ -42,0 +43,11 @@ +Wed Jun 21 12:14:54 UTC 2023 - Thorsten Kukuk <[email protected]> + +- Disable old lastlog, we use pam_lastlog2 +- openssh-8.4p1-pam_motd.patch: adjust to remove PrintLastLog + +------------------------------------------------------------------- +Thu Jun 15 07:05:38 UTC 2023 - Thorsten Kukuk <[email protected]> + +- logind_set_tty.patch: tell systemd-logind our current TTY + +------------------------------------------------------------------- New: ---- logind_set_tty.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssh.spec ++++++ --- /var/tmp/diff_new_pack.PW86Yb/_old 2023-09-22 21:47:36.589286631 +0200 +++ /var/tmp/diff_new_pack.PW86Yb/_new 2023-09-22 21:47:36.589286631 +0200 @@ -115,6 +115,7 @@ Patch49: openssh-do-not-send-empty-message.patch Patch50: openssh-openssl-3.patch Patch51: wtmpdb.patch +Patch52: logind_set_tty.patch Patch100: fix-missing-lz.patch BuildRequires: audit-devel BuildRequires: automake @@ -318,6 +319,10 @@ %if %{with wtmpdb} --with-wtmpdb \ %endif +%if 0%{?suse_version} >= 1550 + --disable-lastlog \ + --with-logind \ +%endif --with-security-key-builtin \ --target=%{_target_cpu}-suse-linux ++++++ logind_set_tty.patch ++++++ diff --git a/Makefile.in b/Makefile.in index f0ea07e7b..35dcf45f1 100644 --- a/Makefile.in +++ b/Makefile.in @@ -56,6 +56,7 @@ SSHDLIBS=@SSHDLIBS@ LIBEDIT=@LIBEDIT@ LIBFIDO2=@LIBFIDO2@ LIBWTMPDB=@LIBWTMPDB@ +LIBSYSTEMD=@LIBSYSTEMD@ AR=@AR@ AWK=@AWK@ RANLIB=@RANLIB@ @@ -208,7 +209,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(GSSLIBS) $(CHANNELLIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) - $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(CHANNELLIBS) $(LIBWTMPDB) + $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(CHANNELLIBS) $(LIBWTMPDB) $(LIBSYSTEMD) scp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SCP_OBJS) $(LD) -o $@ $(SCP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) diff --git a/configure.ac b/configure.ac index a12c6f7ad..860df3379 100644 --- a/configure.ac +++ b/configure.ac @@ -1789,6 +1789,47 @@ AC_ARG_WITH([wtmpdb], ) +# Check whether user wants logind/set tty support +AC_ARG_WITH([logind], + [ --with-logind[[=PATH]] Enable logind support for sshd], + [ if test "x$withval" != "xno" ; then + if test "x$withval" = "xyes" ; then + AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) + if test "x$PKGCONFIG" != "xno"; then + AC_MSG_CHECKING([if $PKGCONFIG knows about libsystemd]) + if "$PKGCONFIG" libsystemd; then + AC_MSG_RESULT([yes]) + use_pkgconfig_for_libsystemd=yes + else + AC_MSG_RESULT([no]) + fi + fi + else + CPPFLAGS="$CPPFLAGS -I${withval}/include" + if test -n "${rpath_opt}"; then + LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" + else + LDFLAGS="-L${withval}/lib ${LDFLAGS}" + fi + fi + if test "x$use_pkgconfig_for_libsystemd" = "xyes"; then + LIBSYSTEMD=`$PKGCONFIG --libs libsystemd` + CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libsystemd`" + else + LIBSYSTEMD="-lsystemd" + fi + OTHERLIBS=`echo $LIBSYSTEMD | sed 's/-lsystemd//'` + AC_CHECK_LIB([systemd], [sd_bus_open_system], + [ AC_DEFINE([USE_LOGIND], [1], [Use systemd-logind]) + AC_SUBST([LIBSYSTEMD]) + ], + [ AC_MSG_ERROR([libsystemd not found]) ], + [ $OTHERLIBS ] + ) + fi ] +) + + AUDIT_MODULE=none AC_ARG_WITH([audit], [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], diff --git a/loginrec.c b/loginrec.c index 86caf83b2..8b413190b 100644 --- a/loginrec.c +++ b/loginrec.c @@ -191,6 +191,10 @@ # include <wtmpdb.h> #endif +#ifdef USE_LOGIND +# include <systemd/sd-bus.h> +#endif + /** ** prototypes for helper functions in this file **/ @@ -214,6 +218,9 @@ int syslogin_write_entry(struct logininfo *li); #ifdef USE_WTMPDB int wtmpdb_write_entry(struct logininfo *li); #endif +#ifdef USE_LOGIND +int logind_set_tty(struct logininfo *li); +#endif int getlast_entry(struct logininfo *li); int lastlog_get_entry(struct logininfo *li); @@ -477,6 +484,9 @@ login_write(struct logininfo *li) #ifdef USE_WTMPDB wtmpdb_write_entry(li); #endif +#ifdef USE_LOGIND + logind_set_tty(li); +#endif #ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN if (li->type == LTYPE_LOGIN && !sys_auth_record_login(li->username,li->hostname,li->line, @@ -1476,6 +1486,88 @@ wtmpdb_write_entry(struct logininfo *li) } #endif +#ifdef USE_LOGIND +#define DBUS_DESTINATION "org.freedesktop.login1" +#define DBUS_PATH_ID "/org/freedesktop/login1/session/auto" +#define DBUS_INTERFACE "org.freedesktop.login1.Session" +#define DBUS_PATH "/org/freedesktop/login1/session/%s" + +static int +logind_perform_login(struct logininfo *li) +{ + sd_bus *bus = NULL; + sd_bus_error error = SD_BUS_ERROR_NULL; + char *session_id = NULL; + char *dbus_path; + const char *tty; + char buf[PATH_MAX]; + int r; + int fd; + + if (sd_bus_open_system(&bus) < 0) + { + logit("logind: canot open dbus"); + return (0); + } + + if (sd_bus_get_property_string(bus, DBUS_DESTINATION, + DBUS_PATH_ID, DBUS_INTERFACE, + "Id", &error, &session_id) < 0) + { + logit("logind: cannot get session ID"); + return (0); + } + + if (strncmp(li->line, "/dev/", 5) != 0) + snprintf (buf, sizeof(buf), "/dev/%s", li->line); + else + tty = li->line; + + fd = open(tty, O_RDWR|O_CLOEXEC|O_NOCTTY); + + if (asprintf (&dbus_path, DBUS_PATH, session_id) < 0) + return (0); + + if (sd_bus_call_method(bus, DBUS_DESTINATION, dbus_path, + DBUS_INTERFACE, "TakeControl", &error, NULL, + "b", 1) < 0) { + logit("logind: cannot take control"); + free(dbus_path); + return (0); + } + + if ((r = sd_bus_call_method(bus, DBUS_DESTINATION, dbus_path, + DBUS_INTERFACE, "SetTTY", &error, NULL, + "h", fd)) < 0) { + if (r != -EBADR) /* logind does not support "SetTTY" */ + logit("logind: cannot set TTY(%s, %s): %s", session_id, tty, strerror(-r)); + free(dbus_path); + return (0); + } + + free(dbus_path); + + if (sd_bus_flush(bus) < 0) + return (0); + + return (1); +} + +int +logind_set_tty(struct logininfo *li) +{ + switch(li->type) { + case LTYPE_LOGIN: + return (logind_perform_login(li)); + case LTYPE_LOGOUT: + return (1); + default: + logit("%s: invalid type field", __func__); + return (0); + } +} +#endif + /** ** Low-level libutil login() functions ++++++ openssh-8.4p1-pam_motd.patch ++++++ --- /var/tmp/diff_new_pack.PW86Yb/_old 2023-09-22 21:47:36.781293602 +0200 +++ /var/tmp/diff_new_pack.PW86Yb/_new 2023-09-22 21:47:36.781293602 +0200 @@ -1,19 +1,13 @@ -Gemeinsame Unterverzeichnisse: openssh-8.4p1.orig/contrib und openssh-8.4p1/contrib. -Gemeinsame Unterverzeichnisse: openssh-8.4p1.orig/.github und openssh-8.4p1/.github. -Gemeinsame Unterverzeichnisse: openssh-8.4p1.orig/m4 und openssh-8.4p1/m4. -Gemeinsame Unterverzeichnisse: openssh-8.4p1.orig/openbsd-compat und openssh-8.4p1/openbsd-compat. -Gemeinsame Unterverzeichnisse: openssh-8.4p1.orig/regress und openssh-8.4p1/regress. diff -u openssh-8.4p1.orig/sshd_config openssh-8.4p1/sshd_config --- openssh-8.4p1.orig/sshd_config 2020-09-27 09:25:01.000000000 +0200 +++ openssh-8.4p1/sshd_config 2021-05-18 19:15:39.190701511 +0200 -@@ -88,8 +88,8 @@ +@@ -88,8 +88,7 @@ #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes -#PrintMotd yes -#PrintLastLog yes +PrintMotd no -+PrintLastLog no #TCPKeepAlive yes #PermitUserEnvironment no #Compression delayed
