Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 616396 - lastlog is not recorded with the big uid
lastlog is not recorded with the big uid
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: openssh (Show other bugs)
5.5
All Linux
medium Severity medium
: rc
: ---
Assigned To: Jan F. Chadima
BaseOS QE Security Team
:
Depends On:
Blocks: 631787
  Show dependency treegraph
 
Reported: 2010-07-20 06:57 EDT by Masahiro Matsuya
Modified: 2018-11-14 14:18 EST (History)
3 users (show)

See Also:
Fixed In Version: openssh-4.3p2-45.el5
Doc Type: Bug Fix
Doc Text:
Due to the limitations of the data type that was used to store user identifier (UID), the lastlog record was not created for users with UID larger than 2147483647. With this update, this data type has been changed to unsigned long integer, and the /var/log/lastlog database is now updated as expected.
Story Points: ---
Clone Of:
: 631787 706315 731935 (view as bug list)
Environment:
Last Closed: 2011-01-13 17:05:03 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
proposed patch (577 bytes, patch)
2010-07-20 07:09 EDT, Masahiro Matsuya
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0018 normal SHIPPED_LIVE openssh bug fix and enhancement update 2011-01-12 11:04:50 EST

  None (edit)
Description Masahiro Matsuya 2010-07-20 06:57:44 EDT
Description of problem:
lastlog is not recorded with the big uid (>2147483647).


   1569 /* open the file (using filemode) and seek to the login entry */
   1570 static int
   1571 lastlog_openseek(struct logininfo *li, int *fd, int filemode)
   1572 {
            ...
   1600         if (type == LL_FILE) {
   1601                 /* find this uid's offset in the lastlog file */
   1602                 offset = (off_t) ((long)li->uid * sizeof(struct lastlog));
   1603 
   1604                 if (lseek(*fd, offset, SEEK_SET) != offset) {
   1605                         logit("%s: %s->lseek(): %s", __func__,
   1606                             lastlog_file, strerror(errno));
   1607                         return (0);
   1608                 }

When uid is 2147483648, offset is 18446743446644326400 at line 1602.

uid       = 2147483648 (0x80000000)
(long)uid = 18446744071562067968 (0xFFFFFFFF80000000)

As a result, offset becomes so big value, lseek fails, and lastlog is not recorded. 

  lseek(9, 18446743446644326400, SEEK_SET) = -1 EINVAL (Invalid argument)

Version-Release number of selected component (if applicable):
openssh-4.3p2-41.el5


How reproducible:
Always

Steps to Reproduce:

On sshd server, 
   # useradd -u 2147483648 testuser
   # passwd testuser
   # lastlog               <-- confirm "**Never logged in**" for testuser
   # ssh -l testuser localhost
   # lastlog               <-- confirm still "**Never logged in**"
  
Actual results:
lastlog is not recorded for uid >2147483647


Expected results:
lastlog is recorded for uid >2147483647

Additional info:
I'll attach the proposed patch.
Comment 1 Masahiro Matsuya 2010-07-20 07:09:58 EDT
Created attachment 433130 [details]
proposed patch
Comment 2 Masahiro Matsuya 2010-07-20 07:12:37 EDT
I confirmed that the patch fixed this problem.

# lastlog -u testlast2
Username         Port     From             Latest
testlast2                                  **Never logged in**

# id testlast2
uid=4294967293(testlast2) gid=4294967293(testlast2) groups=4294967293(testlast2) context=root:system_r:unconfined_t:SystemLow-SystemHigh

# lastlog -u testlast2
Username         Port     From             Latest
testlast2        pts/2    test.nrt. Tue Jul 20 07:06:06 -0400 2010
Comment 5 Jaromir Hradilek 2010-07-28 08:33:36 EDT
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.

New Contents:
Due to the limitations of the data type that was used to store user identifier (UID), the lastlog record was not created for users with UID larger than 2147483647. With this update, this data type has been changed to unsigned long integer, and the /var/log/lastlog database is now updated as expected.
Comment 9 errata-xmlrpc 2011-01-13 17:05:03 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0018.html

Note You need to log in before you can comment on or make changes to this bug.