Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!udel!mmdf
From: archer%segin4.segin.fr@relay.prime.com (Vincent Archer)
Newsgroups: comp.os.minix
Subject: Re: utmp/wtmp-related patches (was: Re: Help with gettydefs...)
Message-ID: <35798@nigel.ee.udel.edu>
Date: 8 Nov 90 15:19:27 GMT
Sender: mmdf@ee.udel.edu
Lines: 74

In message of  8 Nov 90 11:16:41 GMT, nemossan@uitec.ac.jp said :
> Thank you very much "utmp/wtmp-related patches".  I've tried several of
> them, and found curious phenomena on "last"-command.  After I've issued
> "login" command while I'm logged-in, I'm still login (may be forever).

Yep, that's the problem with login. It doesn't check wether or not the
utmp (the who-file) says you already commited a login. So you can log-in
twice...

> This is the output of PH-minix-1.5-PC-version,
[beautiful output deleted... :-) ]
> And this is by new "last" command
> ------------------------------------------------------------------------
> $ /usr/nemossan/bin/last
> nemossan tty0         Thu Nov  8 19:12   still logged in
> nemossan tty0         Thu Nov  8 19:10 - 19:12 (00:01)
> nemossan tty0         Thu Nov  8 15:06   still logged in	???
> nemossan tty0         Thu Nov  8 14:38 - 15:05 (00:27)
> reboot   ~            Thu Nov  8 14:38

If you use fwtmp to dump the /usr/adm/wtmp contents, you'll see
something like (I don't remember how it is displayed ;->):

t0 nemossan tty0        pid3    login  19:12
t0 nemossan tty0        pid3    exit   19:12
t0 nemossan tty0        pid2    login  19:10
t0 nemossan tty0        pid1    login  15:06
t0 nemossan tty0        pid1    exit   15:05

Now, what does the new command last does with this:
    It notes down that nemossan logged-in at 19:12, so it's still logged in
         (line 1)
    It notes down that nemossan did exit at 19:12 for tty0
    It notes down that nemossan did login at 19:10 on tty0. So 2 minutes login
         time... (line 2) The association can be thrown away, we've found
         nemossan's login-logout (That's the trick)
    It notes down that nemossan did login at 15:06. Since no exit can be found,
         the nemossan is still logged in! (line 3)
    and so on...

login should not record in wtmp (nor in utmp) a login-over-login attempt.
Another example of what you can do is:

$ who
root     tty0      18:10
$ login ast
ast> who
ast      tty0      18:15
ast> ^D
$ who
ast      tty0      18:15
$ whoami
root

:-)

Here's a quick fix to login to throw away this behaviour. In wtmp(), add
the following test at the beginning:

    if (getppid() > 2) return;

(2 if you use FvK's /etc/init. 1 if you use the old init/my init)

This suppress spurious accounting if you didn't come from INIT. The real fix
would be to FORBIDE login to execute if it's father isn't INIT (that's what
real unixes - most of them - do)... I'll post a more robust cdiff (that solves
the remaining "exec login" problem) Monday.

_________
 |\___/|	Vincent Archer
 | \ / |	Email: archer%segin4.segin.fr@relay.prime.com
 | /|\ |
 |// \\|
-+-----+-	"Time is running fast..."