From owner-freebsd-hackers  Fri Dec  8  2:37:10 2000
From owner-freebsd-hackers@FreeBSD.ORG  Fri Dec  8 02:37:07 2000
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from ringworld.nanolink.com (pool207-tch-1.Sofia.0rbitel.net [212.95.170.207])
	by hub.freebsd.org (Postfix) with SMTP id C6BF137B402
	for <hackers@FreeBSD.org>; Fri,  8 Dec 2000 02:36:59 -0800 (PST)
Received: (qmail 776 invoked by uid 1000); 8 Dec 2000 10:36:14 -0000
Date: Fri, 8 Dec 2000 12:36:14 +0200
From: Peter Pentchev <roam@orbitel.bg>
To: Torbjorn Kristoffersen <sgt@netcom.no>
Cc: FreeBSD-Hackers <hackers@FreeBSD.org>
Subject: Re: Kernel question (detecting a user log-on)
Message-ID: <20001208123614.A451@ringworld.oblivion.bg>
Mail-Followup-To: Torbjorn Kristoffersen <sgt@netcom.no>,
	FreeBSD-Hackers <hackers@FreeBSD.org>
References: <Pine.BSF.4.30.0012072122130.1136-100000@hal.netforce.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.30.0012072122130.1136-100000@hal.netforce.no>; from sgt@netcom.no on Thu, Dec 07, 2000 at 09:30:54PM +0100
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, Dec 07, 2000 at 09:30:54PM +0100, Torbjorn Kristoffersen wrote:
> Hi Hackers,
> 
> I'm wondering about two things, how does the kernel detect that a
> user logs on a tty, and what should I know if I was to write a kernel
> module that detects it (And does something about it)? Must I
> read the TCP in-packets for port 23 and detect if a user logged on?
> I'm pretty unsure about this..
> 
> I know it could easier be implemented in userland by reading the
> _PATH_UTMP file, but I'm more interested in doing it in kernel space.

Generally the kernel does not know anything about user logins.  Those are
handled either by login(1) in the case of console, serial or telnet logins,
or by sshd(8) and similar remote login daemons.  Monitoring TCP activity
on port 23 would only catch plain telnet logins, and probably not always.

You'd be far better off hacking support for what you need into login(1),
sshd(8) and all other such daemons; or a much simpler, though FreeBSD-specific
solution (not that hacking login(1) isn't FreeBSD-specific) - modify
the login(3) libutil function.  It is used by login(1) and by the OpenSSH
daemon in the FreeBSD base system; I *think* the original SSH daemon also
uses it if present.

You'd want to either add a syscall, or some tty ioctl to alert your kernel
module about a user login, and then have login(3) perform that alert.

Hope that helps, and when you come up with something working, please post
more information either on the list, or to me privately - what you've
hinted at doing sounds interesting :)

G'luck,
Peter

-- 
This inert sentence is my body, but my soul is alive, dancing in the sparks of your brain.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message