From 0715f14fe63fe8a764d4da27dc2a499a3faa3323 Mon Sep 17 00:00:00 2001
From: Mattias Andrée <maandree@operamail.com>
Date: Wed, 29 Oct 2014 16:53:11 +0100
Subject: call logging programs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Mattias Andrée <maandree@operamail.com>
---
 src/logging | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 53 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/logging b/src/logging
index 5af2840..9ad9804 100755
--- a/src/logging
+++ b/src/logging
@@ -18,11 +18,16 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 
+# Login username, client hostname if non-local, ttyname and cerberus-hook
 username=
 hostname=
+ttyname="$(tty | cut -d / -f 1,2 --complement)"
 hook="${1}"
+# Remove the hookname from $@
 shift 1
 
+# Parse the command line, excluding the hookname
+# This is the arguments cerberus was spawned with
 hostname_on_next=0
 dash=0
 for arg in "$@"; do
@@ -33,19 +38,19 @@ for arg in "$@"; do
 	while [ ! "${arg}" = "" ]; do
 	    c="${arg::1}"
 	    arg="${arg:1}"
-	    if [ "${c}" = "h" ]; then
+	    if [ "${c}" = "h" ]; then # hostname
 		if [ ! "${arg}" = "" ]; then
 		    hostname="${arg}"
 		else
 		    hostname_on_next=1
 		fi
 		break
-	    elif [ "${c}" = "f" ]; then
+	    elif [ "${c}" = "f" ]; then # force
 		if [ ! "${arg}" = "" ]; then
 		    username="${arg}"
 		fi
 		break
-	    elif [ "${c}" = "-" ]; then
+	    elif [ "${c}" = "-" ]; then # username
 		dash=1
 		break
 	    fi
@@ -58,3 +63,48 @@ for arg in "$@"; do
     fi
 done
 
+# Execute a program only if it exists
+try ()
+{
+    if hash "${1}" 2>/dev/null then
+	"$@"
+    fi
+}
+# Call logging programs (those that exists) for a successful login action
+log-login ()
+{
+    try log-login-utmp "$@"
+    try log-login-audit "$@"
+    try log-login-lastlog "$@"
+    try log-login-syslog "$@"
+}
+# Call logging programs (those that exists) for a logout action
+log-logout ()
+{
+    try log-login-syslog "$@"
+}
+# Call logging programs (those that exists) for a failed login action
+log-denied ()
+{
+    try log-login-btmp "$@"
+    try log-login-audit "$@"
+}
+
+# Figure out the actionname
+action="${hook}"
+if [ "${hook}" = denied ]; then
+    action=fail
+fi
+
+# Preprend options to values
+action=--action="${action}"
+username=--username="${username}"
+ttyname=--ttyname="${ttyname}"
+
+# Call the logging programs
+if [ "${hostname}" = "" ]; then
+    "log-${hook}" "${action}" "${username}" "${ttyname}"
+else
+    "log-${hook}" "${action}" "${username}" "${ttyname}" --hostname="${hostname}"
+fi
+
-- 
cgit v1.2.3-70-g09d2