diff options
Diffstat (limited to '')
| -rwxr-xr-x | src/logging | 149 |
1 files changed, 72 insertions, 77 deletions
diff --git a/src/logging b/src/logging index 9505db2..5d70ee2 100755 --- a/src/logging +++ b/src/logging @@ -2,7 +2,7 @@ # cerberus-logging – Log-in logging extension for cerberus # -# Copyright © 2014, 2015 Mattias Andrée (maandree@member.fsf.org) +# Copyright © 2014, 2015 Mattias Andrée (m@maandree.se) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -21,11 +21,11 @@ # Login username, client hostname if non-local, ttyname, cerberus-hook and PID username= hostname= -ttyname="$(tty <&2 | cut -d / -f 1,2 --complement)" +ttyname="$(tty <&2 | sed 's:^/dev/::')" hook="${1}" pid=$PPID -if [ ! "${LOGIN_PID}" = "" ]; then - pid="${LOGIN_PID}" +if test -n "${LOGIN_PID}"; then + pid="${LOGIN_PID}" fi # Remove the hookname from $@ shift 1 @@ -35,96 +35,91 @@ shift 1 hostname_on_next=0 dash=0 for arg in "$@"; do - if [ "${arg}" = "" ]; then - true - elif [ "${arg::1}" = "-" ] && [ ${dash} = 0 ]; then - arg="${arg:1}" - while [ ! "${arg}" = "" ]; do - c="${arg::1}" - arg="${arg:1}" - if [ "${c}" = "h" ]; then # hostname - if [ ! "${arg}" = "" ]; then - hostname="${arg}" - else - hostname_on_next=1 - fi - break - elif [ "${c}" = "f" ]; then # force - if [ ! "${arg}" = "" ]; then - username="${arg}" - fi - break - elif [ "${c}" = "-" ]; then # username - dash=1 - break - fi - done - elif [ ${hostname_on_next} = 1 ]; then - hostname="${arg}" - hostname_on_next=0 - else - username="${arg}" - fi + if test -z "${arg}"; then + : + elif test "${arg::1}" = "-" && test ${dash} = 0; then + arg="${arg:1}" + while test -n "${arg}"; do + c="${arg::1}" + arg="${arg:1}" + if test "${c}" = h; then # hostname + if test -n "${arg}"; then + hostname="${arg}" + else + hostname_on_next=1 + fi + break + elif test "${c}" = f; then # force + if test -n "${arg}"; then + username="${arg}" + fi + break + elif test "${c}" = '-'; then # username + dash=1 + break + fi + done + elif test ${hostname_on_next} = 1; then + hostname="${arg}" + hostname_on_next=0 + else + username="${arg}" + fi done user="${username}" # Execute a program only if it exists -try () -{ - if hash "${1}" 2>/dev/null; then - "$@" - fi +try () { + if command -v -- "${1}" >/dev/null 2>&1; then + "$@" + fi } -# Call logging programs (those that exists) for a successful login action -log_login () -{ - # This is useful if you want to print the last logging. - # log-login-lastlog updates the entry in lastlog so it is helpful - # to be able to print the log entry before the is updated. Its lets - # you add a script named .prelogin in your home directory that - # contains the following code, to print the last login information: - # echo 'Last login:' ; lastlog --user $USER | tail -n 1 - script="$(getent passwd | grep "^${user}:" | cut -d : -f 6)/.prelogin" - if [ -x "${script}" ]; then - su -c "${script}" -- "${user}" - fi - - try log-login-utmp "$@" - try log-login-audit "$@" - try log-login-lastlog "$@" - try log-login-syslog "$@" +# Call logging programs (those that exist) for a successful login action +log_login () { + # This is useful if you want to print the last logging. + # log-login-lastlog updates the entry in lastlog so it is helpful + # to be able to print the log entry before it is updated. This lets + # you add a script named .prelogin in your home directory that + # contains the following code, to print the last login information: + # echo 'Last login:' ; lastlog --user $USER | tail -n 1 + script="$(getent passwd | grep "^${user}:" | cut -d : -f 6)/.prelogin" + if test -x "${script}"; then + su -c "${script}" -- "${user}" + fi + + try log-login-utmp "$@" + try log-login-audit "$@" + try log-login-lastlog "$@" + try log-login-syslog "$@" } -# Call logging programs (those that exists) for a logout action -log_logout () -{ - true +# Call logging programs (those that exist) for a logout action +log_logout () { + : } -# Call logging programs (those that exists) for a failed login action -log_denied () -{ - try log-login-btmp "$@" - try log-login-audit "$@" - try log-login-syslog "$@" +# Call logging programs (those that exist) for a failed login action +log_denied () { + try log-login-btmp "$@" + try log-login-audit "$@" + try log-login-syslog "$@" } # Figure out the actionname action="${hook}" -if [ "${hook}" = denied ]; then - action=failed +if test "${hook}" = denied; then + action=failed fi -# Preprend options to values +# Prepend options to values action=--action="${action}" username=--username="${username}" ttyname=--ttyname="${ttyname}" pid=--pid="${pid}" # Call the logging programs -if [ "${hook}" = login ] || [ "${hook}" = logout ] || [ "${hook}" = denied ]; then - if [ "${hostname}" = "" ]; then - "log_${hook}" "${action}" "${username}" "${ttyname}" "${pid}" - else - "log_${hook}" "${action}" "${username}" "${ttyname}" "${pid}" --hostname="${hostname}" - fi +if test "${hook}" = login || test "${hook}" = logout || test "${hook}" = denied; then + if test -z "${hostname}"; then + "log_${hook}" "${action}" "${username}" "${ttyname}" "${pid}" + else + "log_${hook}" "${action}" "${username}" "${ttyname}" "${pid}" --hostname="${hostname}" + fi fi - |