diff options
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | COPYING | 2 | ||||
| -rw-r--r-- | DEPENDENCIES | 3 | ||||
| -rw-r--r-- | Makefile | 78 | ||||
| -rw-r--r-- | README | 1 | ||||
| -rw-r--r-- | info/cerberus-logging.texinfo | 1 | ||||
| -rw-r--r-- | src/common.c | 34 | ||||
| -rw-r--r-- | src/common.h | 99 | ||||
| -rw-r--r-- | src/log-login-audit.c | 38 | ||||
| -rw-r--r-- | src/log-login-btmp.c | 64 | ||||
| -rw-r--r-- | src/log-login-lastlog.c | 51 | ||||
| -rw-r--r-- | src/log-login-syslog.c | 77 | ||||
| -rw-r--r-- | src/log-login-utmp.c | 126 | ||||
| -rwxr-xr-x | src/logging | 149 |
14 files changed, 351 insertions, 374 deletions
@@ -1,4 +1,3 @@ -_/ bin/ obj/ \#*\# @@ -18,4 +17,3 @@ obj/ *.gz *.bz2 *.xz - @@ -1,6 +1,6 @@ cerberus-logging – Log-in logging extension for cerberus -Copyright © 2014, 2015 Mattias Andrée (maandree@member.fsf.org) +Copyright © 2014, 2015 Mattias Andrée (m@maandree.se) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/DEPENDENCIES b/DEPENDENCIES index 3b00f72..33d7587 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -6,7 +6,6 @@ RUNTIME DEPENDENCIES: audit (opt-out, for log-login-audit) util-linux (optional, for ~/.prelogin support) - BUILD DEPENDENCIES: coreutils @@ -17,9 +16,7 @@ BUILD DEPENDENCIES: texinfo (opt-out, for info manual, opt-in for pdf, dvi and ps manuals) texlive-core (opt-in for pdf, dvi and ps manuals) - INSTALL DEPENDENCIES: coreutils make - @@ -8,7 +8,7 @@ BIN = /bin BINDIR = $(PREFIX)$(BIN) DATA = /share VARDIR = /var -LOGDIR = $(DEVDIR)/log +LOGDIR = $(VARDIR)/log DATADIR = $(PREFIX)$(DATA) DOCDIR = $(DATADIR)/doc INFODIR = $(DATADIR)/info @@ -16,20 +16,12 @@ LICENSEDIR = $(DATADIR)/licenses PKGNAME = cerberus-logging +TEXI2DVI = texi2dvi +CC = gcc -std=gnu99 -OPTIMISE = -Os -STD = -std=gnu99 -WARN = -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self -Wmissing-include-dirs \ - -Wtrampolines -Wfloat-equal -Wshadow -Wmissing-prototypes -Wmissing-declarations \ - -Wredundant-decls -Wnested-externs -Winline -Wno-variadic-macros -Wsync-nand \ - -Wunsafe-loop-optimizations -Wcast-align -Wstrict-overflow -Wdeclaration-after-statement \ - -Wundef -Wbad-function-cast -Wcast-qual -Wwrite-strings -Wlogical-op -Waggregate-return \ - -Wstrict-prototypes -Wold-style-definition -Wpacked -Wvector-operation-performance \ - -Wunsuffixed-float-constants -Wsuggest-attribute=const -Wsuggest-attribute=noreturn \ - -Wsuggest-attribute=pure -Wsuggest-attribute=format -Wnormalized=nfkc -Wconversion \ - -fstrict-aliasing -fstrict-overflow -fipa-pure-const -ftree-vrp -fstack-usage \ - -funsafe-loop-optimizations -pedantic -DEFS = -D'LOGDIR="$(LOGDIR)"' +CPPFLAGS = -D'LOGDIR="$(LOGDIR)"' +CFLAGS = -Os +LDFLAGS = SYSTEMS = btmp utmp lastlog syslog audit DEFAULT_SYSTEMS = utmp @@ -56,11 +48,11 @@ audit: bin/log-login-audit bin/log-login-%: obj/log-login-%.o obj/common.o @mkdir -p bin - $(CC) $(STD) $(OPTIMISE) $(WARN) $(L_$*) $(LDFLAGS) -o $@ $^ + $(CC) -o $@ $^ $(L_$*) $(LDFLAGS) obj/%.o: src/%.c src/*.h @mkdir -p obj - $(CC) $(STD) $(OPTIMISE) $(WARN) $(DEFS) $(CPPFLAGS) $(CFLAGS) -c -o $@ $< + $(CC) -c -o $@ $< $(CPPFLAGS) $(CFLAGS) .PHONY: doc doc: info pdf ps dvi @@ -74,21 +66,21 @@ info: cerberus-logging.info pdf: cerberus-logging.pdf %.pdf: info/%.texinfo info/fdl.texinfo @mkdir -p obj/pdf - cd obj/pdf ; yes X | texi2pdf ../../$< + cd obj/pdf && texi2pdf ../../$< < /dev/null mv obj/pdf/$@ $@ .PHONY: dvi dvi: cerberus-logging.dvi %.dvi: info/%.texinfo info/fdl.texinfo @mkdir -p obj/dvi - cd obj/dvi ; yes X | $(TEXI2DVI) ../../$< + cd obj/dvi && $(TEXI2DVI) ../../$< < /dev/null mv obj/dvi/$@ $@ .PHONY: ps ps: cerberus-logging.ps %.ps: info/%.texinfo info/fdl.texinfo @mkdir -p obj/ps - cd obj/ps ; yes X | texi2pdf --ps ../../$< + cd obj/ps && texi2pdf --ps ../../$< < /dev/null mv obj/ps/$@ $@ @@ -103,13 +95,13 @@ install-base: install-logging install-license .PHONY: install-logging install-logging: - install -dm755 -- "$(DESTDIR)$(DATADIR)/$(PKGNAME)" - install -m755 -- src/logging "$(DESTDIR)$(DATADIR)/$(PKGNAME)/logging" + mkdir -p -- "$(DESTDIR)$(DATADIR)/$(PKGNAME)" + cp -- src/logging "$(DESTDIR)$(DATADIR)/$(PKGNAME)/logging" .PHONY: install-license install-license: - install -dm755 -- "$(DESTDIR)$(LICENSEDIR)/$(PKGNAME)" - install -m644 -- COPYING LICENSE "$(DESTDIR)$(LICENSEDIR)/$(PKGNAME)" + mkdir -p -- "$(DESTDIR)$(LICENSEDIR)/$(PKGNAME)" + cp -- COPYING LICENSE "$(DESTDIR)$(LICENSEDIR)/$(PKGNAME)" .PHONY: install-systems install-systems: $(foreach S,$(SYSTEMS),install-$(S)) @@ -119,51 +111,51 @@ install-default-systems: $(foreach S,$(DEFAULT_SYSTEMS),install-$(S)) .PHONY: install-btmp install-btmp: bin/log-login-btmp - install -dm755 -- "$(DESTDIR)$(BINDIR)" - install $< -- "$(DESTDIR)$(BINDIR)/log-login-btmp" + mkdir -p -- "$(DESTDIR)$(BINDIR)" + cp -- bin/log-login-btmp "$(DESTDIR)$(BINDIR)/log-login-btmp" .PHONY: install-utmp install-utmp: bin/log-login-utmp - install -dm755 -- "$(DESTDIR)$(BINDIR)" - install $< -- "$(DESTDIR)$(BINDIR)/log-login-utmp" + mkdir -p -- "$(DESTDIR)$(BINDIR)" + cp -- bin/log-login-utmp "$(DESTDIR)$(BINDIR)/log-login-utmp" .PHONY: install-lastlog install-lastlog: bin/log-login-lastlog - install -dm755 -- "$(DESTDIR)$(BINDIR)" - install $< -- "$(DESTDIR)$(BINDIR)/log-login-lastlog" + mkdir -p -- "$(DESTDIR)$(BINDIR)" + cp -- bin/log-login-lastlog "$(DESTDIR)$(BINDIR)/log-login-lastlog" .PHONY: install-syslog install-syslog: bin/log-login-syslog - install -dm755 -- "$(DESTDIR)$(BINDIR)" - install $< -- "$(DESTDIR)$(BINDIR)/log-login-syslog" + mkdir -p -- "$(DESTDIR)$(BINDIR)" + cp -- bin/log-login-syslog "$(DESTDIR)$(BINDIR)/log-login-syslog" .PHONY: install-audit install-audit: bin/log-login-audit - install -dm755 -- "$(DESTDIR)$(BINDIR)" - install $< -- "$(DESTDIR)$(BINDIR)/log-login-audit" + mkdir -p -- "$(DESTDIR)$(BINDIR)" + cp -- bin/log-login-audit "$(DESTDIR)$(BINDIR)/log-login-audit" .PHONY: install-doc install-doc: install-info install-pdf install-ps install-dvi .PHONY: install-info install-info: cerberus-logging.info - install -dm755 -- "$(DESTDIR)$(INFODIR)" - install -m644 -- "$<" "$(DESTDIR)$(INFODIR)/$(PKGNAME).info" + mkdir -p -- "$(DESTDIR)$(INFODIR)" + cp -- cerberus-logging.info "$(DESTDIR)$(INFODIR)/$(PKGNAME).info" .PHONY: install-pdf install-pdf: cerberus-logging.pdf - install -dm755 -- "$(DESTDIR)$(DOCDIR)" - install -m644 -- "$<" "$(DESTDIR)$(DOCDIR)/$(PKGNAME).pdf" + mkdir -p -- "$(DESTDIR)$(DOCDIR)" + cp -- cerberus-logging.pdf "$(DESTDIR)$(DOCDIR)/$(PKGNAME).pdf" .PHONY: install-ps install-ps: cerberus-logging.ps - install -dm755 -- "$(DESTDIR)$(DOCDIR)" - install -m644 -- "$<" "$(DESTDIR)$(DOCDIR)/$(PKGNAME).ps" + mkdir -p -- "$(DESTDIR)$(DOCDIR)" + cp -- cerberus-logging.ps "$(DESTDIR)$(DOCDIR)/$(PKGNAME).ps" .PHONY: install-dvi install-dvi: cerberus-logging.dvi - install -dm755 -- "$(DESTDIR)$(DOCDIR)" - install -m644 -- "$<" "$(DESTDIR)$(DOCDIR)/$(PKGNAME).dvi" + mkdir -p -- "$(DESTDIR)$(DOCDIR)" + cp -- cerberus-logging.dvi "$(DESTDIR)$(DOCDIR)/$(PKGNAME).dvi" .PHONY: uninstall @@ -174,7 +166,6 @@ uninstall: -rm -- "$(DESTDIR)$(LICENSEDIR)/$(PKGNAME)/COPYING" -rm -- "$(DESTDIR)$(LICENSEDIR)/$(PKGNAME)/LICENSE" -rmdir -- "$(DESTDIR)$(LICENSEDIR)/$(PKGNAME)" - -rmdir -- "$(DESTDIR)$(PREFIX)$(LICENSES)/$(PKGNAME)" -rm -- "$(DESTDIR)$(INFODIR)/$(PKGNAME).info" -rm -- "$(DESTDIR)$(DOCDIR)/$(PKGNAME).pdf" -rm -- "$(DESTDIR)$(DOCDIR)/$(PKGNAME).ps" @@ -183,5 +174,4 @@ uninstall: .PHONY: clean clean: - -rm -r bin obj *.su src/*.su - + -rm -fr -- bin obj *.su src/*.su @@ -1,2 +1 @@ Log-in logging extension for cerberus. - diff --git a/info/cerberus-logging.texinfo b/info/cerberus-logging.texinfo index 4047d56..f864de1 100644 --- a/info/cerberus-logging.texinfo +++ b/info/cerberus-logging.texinfo @@ -111,4 +111,3 @@ echo 'Last login:' ; lastlog --user $USER | tail -n 1 @include fdl.texinfo @bye - diff --git a/src/common.c b/src/common.c index 78b3383..1600a80 100644 --- a/src/common.c +++ b/src/common.c @@ -1,7 +1,7 @@ /** * cerberus-logging – Log-in logging extension for cerberus * - * Copyright © 2014, 2015 Mattias Andrée (maandree@member.fsf.org) + * Copyright © 2014, 2015 Mattias Andrée (m@maandree.se) * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,26 +19,24 @@ #include "common.h" -#define X(A) const char* A = NULL; - LIST_ARGUMENTS +#define X(A) const char *A = NULL; +LIST_ARGUMENTS #undef X -int main(int argc, char** argv) +int +main(int argc, char **argv) { - int i; - - for (i = 1; i < argc; i++) - { -#define X(A) if (strstr(argv[i], "--" #A "=")) A = strchr(argv[i], '=') + 1; - LIST_ARGUMENTS + int i; + + for (i = 1; i < argc; i++) { +#define X(A) if (strstr(argv[i], "--" #A "=")) A = &strchr(argv[i], '=')[1]; + LIST_ARGUMENTS #undef X - } - - if (NULL == username) return 1; - if (NULL == ttyname) return 1; - if (NULL == pid) return 1; - - return -do_log(); -} + } + if (!username || !ttyname || !pid) + return 1; + + return -do_log(); +} diff --git a/src/common.h b/src/common.h index ab788e1..92e8444 100644 --- a/src/common.h +++ b/src/common.h @@ -1,7 +1,7 @@ /** * cerberus-logging – Log-in logging extension for cerberus * - * Copyright © 2014, 2015 Mattias Andrée (maandree@member.fsf.org) + * Copyright © 2014, 2015 Mattias Andrée (m@maandree.se) * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -52,71 +52,74 @@ #define LIST_ARGUMENTS X(action) X(username) X(ttyname) X(pid) X(hostname) -#define streq(a, b) (((a == NULL) == (b == NULL)) || (a && b && !strcmp(a, b))) +#define streq(a, b) (!a == !b || (a && b && !strcmp(a, b))) #define xstrcpy(d, s) (s ? snprintf(d, sizeof(d) / sizeof(char), "%s", s) : 0) #define xmemcpy(d, s) (s ? memcpy(d, s, sizeof(d)) : NULL) -#define X(A) extern const char* A; - LIST_ARGUMENTS +#define X(A) extern const char *A; +LIST_ARGUMENTS #undef X -static inline const char* first_digit(const char* str) +static inline const char * +first_digit(const char *str) { - for (; str && *str; str++) - if (('0' <= *str) && (*str <= '9')) - return str; - return NULL; + for (; str && *str; str++) + if ('0' <= *str && *str <= '9') + return str; + return NULL; } -static const char* get_hostaddress(const char* host) +static const char * +get_hostaddress(const char *host) { - static char rc[32 * 4 / 8]; - struct addrinfo hints; - struct addrinfo *info = NULL; - - if (host == NULL) - return NULL; - - memset(rc, 0, sizeof(rc)); - memset(&hints, 0, sizeof(hints)); - hints.ai_flags = AI_ADDRCONFIG; - - if (getaddrinfo(host, NULL, &hints, &info)) return NULL; - if (info == NULL) return NULL; - - if (info->ai_family == AF_INET) - { - struct sockaddr_in* addr = (struct sockaddr_in*)(info->ai_addr); - memcpy(rc, &(addr->sin_addr), sizeof(addr->sin_addr)); - } - else if (info->ai_family == AF_INET6) - { - struct sockaddr_in6* addr = (struct sockaddr_in6*)(info->ai_addr); - memcpy(rc, &(addr->sin6_addr), sizeof(addr->sin6_addr)); - } - - freeaddrinfo(info); - return rc; + static char rc[32 * 4 / 8]; + struct addrinfo hints; + struct addrinfo *info = NULL; + + if (!host) + return NULL; + + memset(rc, 0, sizeof(rc)); + memset(&hints, 0, sizeof(hints)); + hints.ai_flags = AI_ADDRCONFIG; + + if (getaddrinfo(host, NULL, &hints, &info) || !info) + return NULL; + + if (info->ai_family == AF_INET) { + struct sockaddr_in *addr = (struct sockaddr_in *)(info->ai_addr); + memcpy(rc, &(addr->sin_addr), sizeof(addr->sin_addr)); + } else if (info->ai_family == AF_INET6) { + struct sockaddr_in6 *addr = (struct sockaddr_in6 *)(info->ai_addr); + memcpy(rc, &(addr->sin6_addr), sizeof(addr->sin6_addr)); + } + + freeaddrinfo(info); + return rc; } -static inline int write_all(int fd, char* data, size_t n) +static inline int +write_all(int fd, char *data, size_t n) { - ssize_t wrote; - - while (n > 0) - if (wrote = write(fd, data, n), wrote >= 0) - data += wrote, n -= (size_t)wrote; - else if (errno != EINTR) - return -1; - - return 0; + ssize_t wrote; + + while (n > 0) { + wrote = write(fd, data, n); + if (wrote >= 0) { + data += wrote; + n -= (size_t)wrote; + } else if (errno != EINTR) { + return -1; + } + } + + return 0; } int do_log(void); - diff --git a/src/log-login-audit.c b/src/log-login-audit.c index fded0d5..0fb38b9 100644 --- a/src/log-login-audit.c +++ b/src/log-login-audit.c @@ -1,7 +1,7 @@ /** * cerberus-logging – Log-in logging extension for cerberus * - * Copyright © 2014, 2015 Mattias Andrée (maandree@member.fsf.org) + * Copyright © 2014, 2015 Mattias Andrée (m@maandree.se) * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -21,23 +21,23 @@ #include <pwd.h> -int do_log(void) +int +do_log(void) { - struct passwd* pwd; - int fd, status, r; - - if ((!streq(action, "failed")) && (!streq(action, "login"))) - return 0; - - status = streq(action, "login"); - - if (pwd = getpwnam(username), pwd == NULL) return -1; - if (fd = audit_open(), fd == -1) return -1; - - r = audit_log_acct_message(fd, AUDIT_USER_LOGIN, NULL, "login", username, - pwd->pw_uid, hostname, NULL, ttyname, status); - - close(fd); - return r; -} + struct passwd *pwd; + int fd, status, r; + + if (!streq(action, "failed") && !streq(action, "login")) + return 0; + + status = streq(action, "login"); + if (pwd = getpwnam(username), !pwd) return -1; + if (fd = audit_open(), fd == -1) return -1; + + r = audit_log_acct_message(fd, AUDIT_USER_LOGIN, NULL, "login", username, + pwd->pw_uid, hostname, NULL, ttyname, status); + + close(fd); + return r; +} diff --git a/src/log-login-btmp.c b/src/log-login-btmp.c index beeba17..b801044 100644 --- a/src/log-login-btmp.c +++ b/src/log-login-btmp.c @@ -1,7 +1,7 @@ /** * cerberus-logging – Log-in logging extension for cerberus * - * Copyright © 2014, 2015 Mattias Andrée (maandree@member.fsf.org) + * Copyright © 2014, 2015 Mattias Andrée (m@maandree.se) * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -20,39 +20,39 @@ #include <utmp.h> -int do_log(void) +int +do_log(void) { - struct utmp ut; - - if (!streq(action, "failed")) - return 0; - - memset(&ut, 0, sizeof(struct utmp)); - - ut.ut_type = LOGIN_PROCESS; - ut.ut_pid = (pid_t)atoll(pid); - xstrcpy(ut.ut_user, username); - xstrcpy(ut.ut_host, hostname); - xstrcpy(ut.ut_line, ttyname); - xstrcpy(ut.ut_id, first_digit(ttyname)); - xmemcpy(ut.ut_addr_v6, get_hostaddress(hostname)); - + struct utmp ut; + + if (!streq(action, "failed")) + return 0; + + memset(&ut, 0, sizeof(struct utmp)); + + ut.ut_type = LOGIN_PROCESS; + ut.ut_pid = (pid_t)atoll(pid); + xstrcpy(ut.ut_user, username); + xstrcpy(ut.ut_host, hostname); + xstrcpy(ut.ut_line, ttyname); + xstrcpy(ut.ut_id, first_digit(ttyname)); + xmemcpy(ut.ut_addr_v6, get_hostaddress(hostname)); + #ifdef _HAVE_UT_TV - { - struct timeval tv; - gettimeofday(&tv, NULL); - ut.ut_tv.tv_sec = (typeof(ut.ut_tv.tv_sec))(tv.tv_sec); - ut.ut_tv.tv_usec = (typeof(ut.ut_tv.tv_usec))(tv.tv_usec); - } + { + struct timeval tv; + gettimeofday(&tv, NULL); + ut.ut_tv.tv_sec = (typeof(ut.ut_tv.tv_sec))tv.tv_sec; + ut.ut_tv.tv_usec = (typeof(ut.ut_tv.tv_usec))tv.tv_usec; + } #else - { - time_t t; - time(&t); - ut.ut_time = t; - } + { + time_t t; + time(&t); + ut.ut_time = t; + } #endif - - updwtmp(LOGDIR "/btmp", &ut); - return 0; -} + updwtmp(LOGDIR "/btmp", &ut); + return 0; +} diff --git a/src/log-login-lastlog.c b/src/log-login-lastlog.c index 46509df..f8f8d3c 100644 --- a/src/log-login-lastlog.c +++ b/src/log-login-lastlog.c @@ -1,7 +1,7 @@ /** * cerberus-logging – Log-in logging extension for cerberus * - * Copyright © 2014, 2015 Mattias Andrée (maandree@member.fsf.org) + * Copyright © 2014, 2015 Mattias Andrée (m@maandree.se) * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -21,31 +21,32 @@ #include <pwd.h> -int do_log(void) +int +do_log(void) { - struct passwd* pwd; - struct lastlog ll; - time_t t; - int fd; + struct passwd *pwd; + struct lastlog ll; + time_t t; + int fd; - if (!streq(action, "login")) - return 0; + if (!streq(action, "login")) + return 0; - if (pwd = getpwnam(username), pwd == NULL) return -1; - if (fd = open(_PATH_LASTLOG, O_RDWR, 0), fd < 0) return -1; - if (lseek(fd, (off_t)(pwd->pw_uid * sizeof(ll)), SEEK_SET) == -1) goto fail; - - memset(&ll, 0, sizeof(ll)); - - time(&t), ll.ll_time = (typeof(ll.ll_time))t; - xstrcpy(ll.ll_line, ttyname); - xstrcpy(ll.ll_host, hostname); - - if (write_all(fd, (char*)&ll, sizeof(ll))) - goto fail; - - return close(fd), 0; - fail: - return close(fd), -1; -} + if (pwd = getpwnam(username), !pwd) return -1; + if (fd = open(_PATH_LASTLOG, O_RDWR, 0), fd < 0) return -1; + if (lseek(fd, (off_t)(pwd->pw_uid * sizeof(ll)), SEEK_SET) == -1) goto fail; + memset(&ll, 0, sizeof(ll)); + + time(&t); + ll.ll_time = (typeof(ll.ll_time))t; + xstrcpy(ll.ll_line, ttyname); + xstrcpy(ll.ll_host, hostname); + + if (write_all(fd, (char *)&ll, sizeof(ll))) + goto fail; + + return close(fd), 0; +fail: + return close(fd), -1; +} diff --git a/src/log-login-syslog.c b/src/log-login-syslog.c index f855aed..f9fa75e 100644 --- a/src/log-login-syslog.c +++ b/src/log-login-syslog.c @@ -1,7 +1,7 @@ /** * cerberus-logging – Log-in logging extension for cerberus * - * Copyright © 2014, 2015 Mattias Andrée (maandree@member.fsf.org) + * Copyright © 2014, 2015 Mattias Andrée (m@maandree.se) * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -21,44 +21,43 @@ #include <pwd.h> -int do_log(void) +int +do_log(void) { - static char empty[] = ""; - struct passwd* pwd; - const char* prefix; - const char* affix; - int status; - - if ((!streq(action, "failed")) && (!streq(action, "login"))) - return 0; - - status = streq(action, "login"); - - if (pwd = getpwnam(username), pwd == NULL) return -1; - - openlog("log-login-syslog", LOG_ODELAY, LOG_AUTHPRIV); + static char empty[] = ""; + struct passwd *pwd; + const char *prefix; + const char *affix; + int status; - if (status) - { - if (strstr(ttyname, "ttyS") == ttyname) - syslog(LOG_INFO, "DIALUP AT %s BY %s", ttyname, username); - - prefix = pwd->pw_uid ? "" : "ROOT "; - affix = hostname ? " FROM " : ""; - hostname = hostname ? hostname : empty; - - syslog(pwd->pw_uid ? LOG_INFO : LOG_NOTICE, "%sLOGIN ON %s BY %s%s%s", - prefix, ttyname, username, affix, hostname); - } - else - { - affix = hostname ? " FROM " : ""; - - syslog(LOG_NOTICE, "FAILED LOGIN SESSION%s%s FOR %s ON %s", - affix, hostname, username, ttyname); - } - - closelog(); - return 0; -} + if (!streq(action, "failed") && !streq(action, "login")) + return 0; + + status = streq(action, "login"); + + pwd = getpwnam(username); + if (!pwd) + return -1; + + openlog("log-login-syslog", LOG_ODELAY, LOG_AUTHPRIV); + + if (status) { + if (strstr(ttyname, "ttyS") == ttyname) + syslog(LOG_INFO, "DIALUP AT %s BY %s", ttyname, username); + prefix = pwd->pw_uid ? "" : "ROOT "; + affix = hostname ? " FROM " : ""; + hostname = hostname ? hostname : empty; + + syslog(pwd->pw_uid ? LOG_INFO : LOG_NOTICE, "%sLOGIN ON %s BY %s%s%s", + prefix, ttyname, username, affix, hostname); + } else { + affix = hostname ? " FROM " : ""; + + syslog(LOG_NOTICE, "FAILED LOGIN SESSION%s%s FOR %s ON %s", + affix, hostname, username, ttyname); + } + + closelog(); + return 0; +} diff --git a/src/log-login-utmp.c b/src/log-login-utmp.c index 8a4d281..db0b291 100644 --- a/src/log-login-utmp.c +++ b/src/log-login-utmp.c @@ -1,7 +1,7 @@ /** * cerberus-logging – Log-in logging extension for cerberus * - * Copyright © 2014, 2015 Mattias Andrée (maandree@member.fsf.org) + * Copyright © 2014, 2015 Mattias Andrée (m@maandree.se) * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -20,72 +20,70 @@ #include <utmp.h> -int do_log(void) +int +do_log(void) { - struct utmp ut; - struct utmp *entry; - pid_t pid_; - const char* ttyno; - - if (!streq(action, "login")) - return 0; - - pid_ = (pid_t)atoll(pid); - ttyno = first_digit(ttyname); - memset(&ut, 0, sizeof(struct utmp)); - - utmpname(_PATH_UTMP); - setutent(); - - while ((entry = getutent())) - if (entry->ut_pid == pid_) - if ((INIT_PROCESS <= entry->ut_type) && (entry->ut_type <= DEAD_PROCESS)) - break; - - if ((entry == NULL) && ttyname) - { - setutent(); - ut.ut_type = LOGIN_PROCESS; - xstrcpy(ut.ut_line, ttyname); - entry = getutline(&ut); - } - if ((entry == NULL) && ttyno) - { - setutent(); - ut.ut_type = DEAD_PROCESS; - xstrcpy(ut.ut_id, ttyno); - entry = getutline(&ut); - } - - if (entry) memcpy(&ut, entry, sizeof(struct utmp)); - else memset(&ut, 0, sizeof(struct utmp)); - - ut.ut_type = USER_PROCESS; - ut.ut_pid = pid_; - xstrcpy(ut.ut_user, username); - xstrcpy(ut.ut_host, hostname); - xstrcpy(ut.ut_line, ttyname); - xstrcpy(ut.ut_id, first_digit(ttyname)); - xmemcpy(ut.ut_addr_v6, get_hostaddress(hostname)); - + struct utmp ut; + struct utmp *entry; + pid_t pid_; + const char* ttyno; + + if (!streq(action, "login")) + return 0; + + pid_ = (pid_t)atoll(pid); + ttyno = first_digit(ttyname); + memset(&ut, 0, sizeof(struct utmp)); + + utmpname(_PATH_UTMP); + setutent(); + + while ((entry = getutent())) + if (entry->ut_pid == pid_) + if (INIT_PROCESS <= entry->ut_type && entry->ut_type <= DEAD_PROCESS) + break; + + if (!entry && ttyname) { + setutent(); + ut.ut_type = LOGIN_PROCESS; + xstrcpy(ut.ut_line, ttyname); + entry = getutline(&ut); + } + if (!entry && ttyno) { + setutent(); + ut.ut_type = DEAD_PROCESS; + xstrcpy(ut.ut_id, ttyno); + entry = getutline(&ut); + } + + if (entry) memcpy(&ut, entry, sizeof(struct utmp)); + else memset(&ut, 0, sizeof(struct utmp)); + + ut.ut_type = USER_PROCESS; + ut.ut_pid = pid_; + xstrcpy(ut.ut_user, username); + xstrcpy(ut.ut_host, hostname); + xstrcpy(ut.ut_line, ttyname); + xstrcpy(ut.ut_id, first_digit(ttyname)); + xmemcpy(ut.ut_addr_v6, get_hostaddress(hostname)); + #ifdef _HAVE_UT_TV - { - struct timeval tv; - gettimeofday(&tv, NULL); - ut.ut_tv.tv_sec = (typeof(ut.ut_tv.tv_sec))(tv.tv_sec); - ut.ut_tv.tv_usec = (typeof(ut.ut_tv.tv_usec))(tv.tv_usec); - } + { + struct timeval tv; + gettimeofday(&tv, NULL); + ut.ut_tv.tv_sec = (typeof(ut.ut_tv.tv_sec))tv.tv_sec; + ut.ut_tv.tv_usec = (typeof(ut.ut_tv.tv_usec))tv.tv_usec; + } #else - { - time_t t; - time(&t); - ut.ut_time = t; - } + { + time_t t; + time(&t); + ut.ut_time = t; + } #endif - pututline(&ut); - endutent(); - updwtmp(_PATH_WTMP, &ut); - return 0; + pututline(&ut); + endutent(); + updwtmp(_PATH_WTMP, &ut); + return 0; } - diff --git a/src/logging b/src/logging index 9505db2..5d70ee2 100755 --- a/src/logging +++ b/src/logging @@ -2,7 +2,7 @@ # cerberus-logging – Log-in logging extension for cerberus # -# Copyright © 2014, 2015 Mattias Andrée (maandree@member.fsf.org) +# Copyright © 2014, 2015 Mattias Andrée (m@maandree.se) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -21,11 +21,11 @@ # Login username, client hostname if non-local, ttyname, cerberus-hook and PID username= hostname= -ttyname="$(tty <&2 | cut -d / -f 1,2 --complement)" +ttyname="$(tty <&2 | sed 's:^/dev/::')" hook="${1}" pid=$PPID -if [ ! "${LOGIN_PID}" = "" ]; then - pid="${LOGIN_PID}" +if test -n "${LOGIN_PID}"; then + pid="${LOGIN_PID}" fi # Remove the hookname from $@ shift 1 @@ -35,96 +35,91 @@ shift 1 hostname_on_next=0 dash=0 for arg in "$@"; do - if [ "${arg}" = "" ]; then - true - elif [ "${arg::1}" = "-" ] && [ ${dash} = 0 ]; then - arg="${arg:1}" - while [ ! "${arg}" = "" ]; do - c="${arg::1}" - arg="${arg:1}" - if [ "${c}" = "h" ]; then # hostname - if [ ! "${arg}" = "" ]; then - hostname="${arg}" - else - hostname_on_next=1 - fi - break - elif [ "${c}" = "f" ]; then # force - if [ ! "${arg}" = "" ]; then - username="${arg}" - fi - break - elif [ "${c}" = "-" ]; then # username - dash=1 - break - fi - done - elif [ ${hostname_on_next} = 1 ]; then - hostname="${arg}" - hostname_on_next=0 - else - username="${arg}" - fi + if test -z "${arg}"; then + : + elif test "${arg::1}" = "-" && test ${dash} = 0; then + arg="${arg:1}" + while test -n "${arg}"; do + c="${arg::1}" + arg="${arg:1}" + if test "${c}" = h; then # hostname + if test -n "${arg}"; then + hostname="${arg}" + else + hostname_on_next=1 + fi + break + elif test "${c}" = f; then # force + if test -n "${arg}"; then + username="${arg}" + fi + break + elif test "${c}" = '-'; then # username + dash=1 + break + fi + done + elif test ${hostname_on_next} = 1; then + hostname="${arg}" + hostname_on_next=0 + else + username="${arg}" + fi done user="${username}" # Execute a program only if it exists -try () -{ - if hash "${1}" 2>/dev/null; then - "$@" - fi +try () { + if command -v -- "${1}" >/dev/null 2>&1; then + "$@" + fi } -# Call logging programs (those that exists) for a successful login action -log_login () -{ - # This is useful if you want to print the last logging. - # log-login-lastlog updates the entry in lastlog so it is helpful - # to be able to print the log entry before the is updated. Its lets - # you add a script named .prelogin in your home directory that - # contains the following code, to print the last login information: - # echo 'Last login:' ; lastlog --user $USER | tail -n 1 - script="$(getent passwd | grep "^${user}:" | cut -d : -f 6)/.prelogin" - if [ -x "${script}" ]; then - su -c "${script}" -- "${user}" - fi - - try log-login-utmp "$@" - try log-login-audit "$@" - try log-login-lastlog "$@" - try log-login-syslog "$@" +# Call logging programs (those that exist) for a successful login action +log_login () { + # This is useful if you want to print the last logging. + # log-login-lastlog updates the entry in lastlog so it is helpful + # to be able to print the log entry before it is updated. This lets + # you add a script named .prelogin in your home directory that + # contains the following code, to print the last login information: + # echo 'Last login:' ; lastlog --user $USER | tail -n 1 + script="$(getent passwd | grep "^${user}:" | cut -d : -f 6)/.prelogin" + if test -x "${script}"; then + su -c "${script}" -- "${user}" + fi + + try log-login-utmp "$@" + try log-login-audit "$@" + try log-login-lastlog "$@" + try log-login-syslog "$@" } -# Call logging programs (those that exists) for a logout action -log_logout () -{ - true +# Call logging programs (those that exist) for a logout action +log_logout () { + : } -# Call logging programs (those that exists) for a failed login action -log_denied () -{ - try log-login-btmp "$@" - try log-login-audit "$@" - try log-login-syslog "$@" +# Call logging programs (those that exist) for a failed login action +log_denied () { + try log-login-btmp "$@" + try log-login-audit "$@" + try log-login-syslog "$@" } # Figure out the actionname action="${hook}" -if [ "${hook}" = denied ]; then - action=failed +if test "${hook}" = denied; then + action=failed fi -# Preprend options to values +# Prepend options to values action=--action="${action}" username=--username="${username}" ttyname=--ttyname="${ttyname}" pid=--pid="${pid}" # Call the logging programs -if [ "${hook}" = login ] || [ "${hook}" = logout ] || [ "${hook}" = denied ]; then - if [ "${hostname}" = "" ]; then - "log_${hook}" "${action}" "${username}" "${ttyname}" "${pid}" - else - "log_${hook}" "${action}" "${username}" "${ttyname}" "${pid}" --hostname="${hostname}" - fi +if test "${hook}" = login || test "${hook}" = logout || test "${hook}" = denied; then + if test -z "${hostname}"; then + "log_${hook}" "${action}" "${username}" "${ttyname}" "${pid}" + else + "log_${hook}" "${action}" "${username}" "${ttyname}" "${pid}" --hostname="${hostname}" + fi fi - |