login.defs: Add LASTLOG_UID_MAX variable to limit lastlog to small uids.

As the large uids are usually provided by remote user identity and
authentication service, which also provide user login tracking,
there is no need to create a huge sparse file for them on every local
machine.

fixup! login.defs: Add LASTLOG_UID_MAX variable to limit lastlog to small uids.

src/lastlog.c

@@ -44,6 +44,7 @@
 #include <assert.h>
 #include "defines.h"
 #include "prototypes.h"
+#include "getdef.h"
 /*@-exitarg@*/
 #include "exitcodes.h"
 
@@ -182,6 +183,15 @@ static void print_one (/*@null@*/const struct passwd *pw)
 static void print (void)
 {
 	const struct passwd *pwent;
+	unsigned long lastlog_uid_max;
+
+	lastlog_uid_max = getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL);
+	if (   (has_umin && umin > lastlog_uid_max)
+	    || (has_umax && umax > lastlog_uid_max)) {
+		fprintf (stderr, _("%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+				   "\tthe output might be incorrect.\n"), Prog, lastlog_uid_max);
+	}
+
 	if (uflg && has_umin && has_umax && (umin == umax)) {
 		print_one (getpwuid ((uid_t)umin));
 	} else {
@@ -191,6 +201,8 @@ static void print (void)
 			    && (   (has_umin && (pwent->pw_uid < (uid_t)umin))
 			        || (has_umax && (pwent->pw_uid > (uid_t)umax)))) {
 				continue;
+			} else if ( !uflg && pwent->pw_uid > (uid_t) lastlog_uid_max) {
+				continue;
 			}
 			print_one (pwent);
 		}
@@ -246,10 +258,19 @@ static void update_one (/*@null@*/const struct passwd *pw)
 static void update (void)
 {
 	const struct passwd *pwent;
+	unsigned long lastlog_uid_max;
 
 	if (!uflg) /* safety measure */
 		return;
 
+	lastlog_uid_max = getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL);
+	if (   (has_umin && umin > lastlog_uid_max)
+	    || (has_umax && umax > lastlog_uid_max)) {
+		fprintf (stderr, _("%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+				   "\tthey will not be updated.\n"), Prog, lastlog_uid_max);
+		return;
+	}
+
 	if (has_umin && has_umax && (umin == umax)) {
 		update_one (getpwuid ((uid_t)umin));
 	} else {

src/login.c

@@ -1162,7 +1162,9 @@ int main (int argc, char **argv)
 #endif				/* WITH_AUDIT */
 
 #ifndef USE_PAM			/* pam_lastlog handles this */
-	if (getdef_bool ("LASTLOG_ENAB")) {	/* give last login and log this one */
+	if (   getdef_bool ("LASTLOG_ENAB")
+	    && pwd->pw_uid <= (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL)) {
+		/* give last login and log this one */
 		dolastlog (&ll, pwd, tty, hostname);
 	}
 #endif
@@ -1298,6 +1300,7 @@ int main (int argc, char **argv)
 			}
 		}
 		if (   getdef_bool ("LASTLOG_ENAB")
+		    && pwd->pw_uid <= (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL)
 		    && (ll.ll_time != 0)) {
 			time_t ll_time = ll.ll_time;
 

src/useradd.c

@@ -1863,11 +1863,18 @@ static void lastlog_reset (uid_t uid)
 	struct lastlog ll;
 	int fd;
 	off_t offset_uid = (off_t) (sizeof ll) * uid;
+	uid_t max_uid;
 
 	if (access (LASTLOG_FILE, F_OK) != 0) {
 		return;
 	}
 
+	max_uid = (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL);
+	if (uid > max_uid) {
+		/* do not touch lastlog for large uids */
+		return;
+	}
+
 	memzero (&ll, sizeof (ll));
 
 	fd = open (LASTLOG_FILE, O_RDWR);

src/usermod.c

@@ -1864,11 +1864,18 @@ static void update_lastlog (void)
 	int fd;
 	off_t off_uid = (off_t) user_id * sizeof ll;
 	off_t off_newuid = (off_t) user_newid * sizeof ll;
+	uid_t max_uid;
 
 	if (access (LASTLOG_FILE, F_OK) != 0) {
 		return;
 	}
 
+	max_uid = (uid_t) getdef_ulong ("LASTLOG_MAX_UID", 0xFFFFFFFFUL);
+	if (user_newid > max_uid) {
+		/* do not touch lastlog for large uids */
+		return;
+	}
+
 	fd = open (LASTLOG_FILE, O_RDWR);
 
 	if (-1 == fd) {