Bug#757059: Dynamic part of MOTD out of date

[Ken T Takusagawa <kenta@MIT.EDU>]

Package: openssh-server
Version: 1:6.6p1-6
Severity: normal
Tags: patch

Dear Maintainer,

Customizing a dynamic MOTD in /etc/update-motd.d does not work as expected.  As a simple testcase, create a script there that simply runs "date".  Upon login, the date of the *previous* login, not the current date, will get printed.

The problem is in /etc/pam.d/sshd (or debian/openssh-server.sshd.pam.in in the source).  The flag "noupdate" ought to be passed to the *second* call to pam_motd.so, not the *first* as is currently done.

The buggy behavior happens as follows, tracing through the pam file:
1. session    optional     pam_motd.so  motd=/run/motd.dynamic noupdate
  a. This will not change /run/motd.dynamic (due to the "noupdate" flag)
  b. This will will then cat the unchanged /run/motd.dynamic (the file specified by the motd= flag)
2. session    optional     pam_motd.so # [1]
  a. This will change /run/motd.dynamic (this path is hardcoded into PAM).
  b. This will cat /etc/motd (the default file hardcoded into the source)

The changed /run/motd.dynamic is NOT displayed in step 2, but it will get displayed
on the next login in step 1.a.

The attached patch fixes the problem:

This system information below as collected by reportbug is inaccurate; the bug report above reflects the head of the Debian source repository. git://anonscm.debian.org/pkg-ssh/openssh.git

-- System Information:
Debian Release: 7.6
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-server depends on:
ii  adduser                3.113+nmu3
ii  debconf [debconf-2.0]  1.5.49
ii  dpkg                   1.16.15
ii  libc6                  2.13-38+deb7u3
ii  libcomerr2             1.42.5-1.1
ii  libgssapi-krb5-2       1.10.1+dfsg-5+deb7u1
ii  libkrb5-3              1.10.1+dfsg-5+deb7u1
ii  libpam-modules         1.1.3-7.1
ii  libpam-runtime         1.1.3-7.1
ii  libpam0g               1.1.3-7.1
ii  libselinux1            2.1.9-5
ii  libssl1.0.0            1.0.1e-2+deb7u11
ii  libwrap0               7.6.q-24
ii  lsb-base               4.1+Debian8+deb7u1
ii  openssh-client         1:6.0p1-4+deb7u2
ii  procps                 1:3.3.3-3
ii  zlib1g                 1:1.2.7.dfsg-13

Versions of packages openssh-server recommends:
ii  ncurses-term             5.9-10
ii  openssh-blacklist        0.4.1+nmu1
ii  openssh-blacklist-extra  0.4.1+nmu1
ii  xauth                    1:1.0.7-1

Versions of packages openssh-server suggests:
pn  molly-guard   <none>
pn  monkeysphere  <none>
pn  rssh          <none>
pn  ssh-askpass   <none>
pn  ufw           <none>

-- debconf-show failed

--- openssh/debian/openssh-server.sshd.pam.in	2014-08-04 19:48:08.159979937 -0400
+++ openssh/debian/openssh-server.sshd.pam.in	2014-08-04 19:48:08.159979937 -0400
@@ -30,8 +30,8 @@
 # Print the message of the day upon successful login.
 # This includes a dynamically generated part from /run/motd.dynamic
 # and a static (admin-editable) part from /etc/motd.
-session    optional     pam_motd.so  motd=/run/motd.dynamic noupdate
-session    optional     pam_motd.so # [1]
+session    optional     pam_motd.so  motd=/run/motd.dynamic
+session    optional     pam_motd.so noupdate
 
 # Print the status of the user's mailbox upon successful login.
 session    optional     pam_mail.so standard noenv # [1]