Sending the username is unecessary as the monitor already knows it (ie
authctxt->user). Hostname can be determined too (see mm_record_login). As a
general rule, as little as possible should be sent from slave to monitor.
It's out of the scope of this bug but I'd prefer to see a generalized
audit_event like in bug #125 in both OpenBSD and Portable, which could be
easily extended to handle cases like this.
Comment on attachment 774
BTMP PATCH
>+ if ( getuid() != 0 ){ btmp(authctxt- >user,get_ canonical_ hostname( options. use_dns) ); authctxt- >user,get_ canonical_ hostname( options. use_dns) );
>+ debug("=== calling log_btmp uid %d ===\n", getuid());
>+ mm_log_
>+ } else {
>+ debug("=== calling log_btmp uid %d ===\n", getuid());
>+ og_btmp(
>+ }
This bit is unnecessary, the PRIVSEP macro is for this purpose, ie:
debug("=== calling log_btmp uid %d ===\n", getuid()); log_btmp( authctxt- >user,get_ canonical_ hostname( options. use_dns) ));
PRIVSEP(
>+int mm_answer_ log_btmp( int socket, Buffer *m){
[...]
>+ buffer_get(m, user ,1024);
>+ buffer_get(m, hostname ,1024);
Sending the username is unecessary as the monitor already knows it (ie
authctxt->user). Hostname can be determined too (see mm_record_login). As a
general rule, as little as possible should be sent from slave to monitor.
It's out of the scope of this bug but I'd prefer to see a generalized
audit_event like in bug #125 in both OpenBSD and Portable, which could be
easily extended to handle cases like this.