From 47c524ddd41a4d07b2f0d1847ff22c43babbe1ed Mon Sep 17 00:00:00 2001
From: Colin Percival <cperciva@FreeBSD.org>
Date: Sun, 22 Feb 2004 10:03:24 +0000
Subject: [PATCH] Report login attempts to syslog.  Due to the
 statically-linked nature of nologin(8), this causes a considerable (100K)
 increase in the binary size, so I've added a NO_LOGIN_LOG option which
 disables this.

While I'm here, s/sizeof(MESSAGE)/sizeof(MESSAGE) - 1/, in order to
avoid writing the string-terminating zero byte.

No complaints from: -current
Approved by:	rwatson (mentor)
---
 sbin/nologin/Makefile      |  7 +++++++
 sbin/nologin/nologin.c     | 15 ++++++++++++++-
 usr.sbin/nologin/Makefile  |  7 +++++++
 usr.sbin/nologin/nologin.c | 15 ++++++++++++++-
 4 files changed, 42 insertions(+), 2 deletions(-)

diff --git a/sbin/nologin/Makefile b/sbin/nologin/Makefile
index 31ac9f06e1ea..c98b44bf17c0 100644
--- a/sbin/nologin/Makefile
+++ b/sbin/nologin/Makefile
@@ -11,4 +11,11 @@ MAN=	nologin.5 nologin.8
 # rendering a dynamic nologin binary virtually useless.
 NOSHARED=	YES
 
+# Logging to syslog increases the size of the statically linked
+# binary by over 100K.  Provide an option for disabling this on
+# systems where conserving space on the root device is critical.
+.ifdef NO_NOLOGIN_LOG
+CFLAGS+=	-DNO_NOLOGIN_LOG
+.endif
+
 .include <bsd.prog.mk>
diff --git a/sbin/nologin/nologin.c b/sbin/nologin/nologin.c
index 2454df4bf785..ad2c2fe3c9c1 100644
--- a/sbin/nologin/nologin.c
+++ b/sbin/nologin/nologin.c
@@ -8,6 +8,7 @@ __FBSDID("$FreeBSD$");
 
 #include <sys/types.h>
 #include <sys/uio.h>
+#include <syslog.h>
 #include <unistd.h>
 
 #define	MESSAGE	"This account is currently not available.\n"
@@ -15,7 +16,19 @@ __FBSDID("$FreeBSD$");
 int
 main(int argc, char *argv[])
 {
+#ifndef NO_NOLOGIN_LOG
+	char *user, *tt;
 
-	write(STDOUT_FILENO, MESSAGE, sizeof(MESSAGE));
+	if ((tt = ttyname(0)) == NULL)
+		tt = "UNKNOWN";
+	if ((user = getlogin()) == NULL)
+		user = "UNKNOWN";
+
+	openlog("nologin", LOG_CONS, LOG_AUTH);
+	syslog(LOG_CRIT, "Attempted login by %s on %s", user, tt);
+	closelog();
+#endif /* NO_NOLOGIN_LOG */
+
+	write(STDOUT_FILENO, MESSAGE, sizeof(MESSAGE) - 1);
 	_exit(1);
 }
diff --git a/usr.sbin/nologin/Makefile b/usr.sbin/nologin/Makefile
index 31ac9f06e1ea..c98b44bf17c0 100644
--- a/usr.sbin/nologin/Makefile
+++ b/usr.sbin/nologin/Makefile
@@ -11,4 +11,11 @@ MAN=	nologin.5 nologin.8
 # rendering a dynamic nologin binary virtually useless.
 NOSHARED=	YES
 
+# Logging to syslog increases the size of the statically linked
+# binary by over 100K.  Provide an option for disabling this on
+# systems where conserving space on the root device is critical.
+.ifdef NO_NOLOGIN_LOG
+CFLAGS+=	-DNO_NOLOGIN_LOG
+.endif
+
 .include <bsd.prog.mk>
diff --git a/usr.sbin/nologin/nologin.c b/usr.sbin/nologin/nologin.c
index 2454df4bf785..ad2c2fe3c9c1 100644
--- a/usr.sbin/nologin/nologin.c
+++ b/usr.sbin/nologin/nologin.c
@@ -8,6 +8,7 @@ __FBSDID("$FreeBSD$");
 
 #include <sys/types.h>
 #include <sys/uio.h>
+#include <syslog.h>
 #include <unistd.h>
 
 #define	MESSAGE	"This account is currently not available.\n"
@@ -15,7 +16,19 @@ __FBSDID("$FreeBSD$");
 int
 main(int argc, char *argv[])
 {
+#ifndef NO_NOLOGIN_LOG
+	char *user, *tt;
 
-	write(STDOUT_FILENO, MESSAGE, sizeof(MESSAGE));
+	if ((tt = ttyname(0)) == NULL)
+		tt = "UNKNOWN";
+	if ((user = getlogin()) == NULL)
+		user = "UNKNOWN";
+
+	openlog("nologin", LOG_CONS, LOG_AUTH);
+	syslog(LOG_CRIT, "Attempted login by %s on %s", user, tt);
+	closelog();
+#endif /* NO_NOLOGIN_LOG */
+
+	write(STDOUT_FILENO, MESSAGE, sizeof(MESSAGE) - 1);
 	_exit(1);
 }