Report login attempts to syslog. Due to the statically-linked nature of

nologin(8), this causes a considerable (100K) increase in the binary size, so I've added a NO_LOGIN_LOG option which disables this. While I'm here, s/sizeof(MESSAGE)/sizeof(MESSAGE) - 1/, in order to avoid writing the string-terminating zero byte. No complaints from: -current Approved by: rwatson (mentor)
2004-02-22 10:03:24 +00:00 · 2004-02-22 10:03:24 +00:00 · 47c524ddd4
commit 47c524ddd4
parent 9a6caa1afc
4 changed files with 42 additions and 2 deletions
--- a/sbin/nologin/Makefile
+++ b/sbin/nologin/Makefile
@ -11,4 +11,11 @@ MAN=	nologin.5 nologin.8
 # rendering a dynamic nologin binary virtually useless.
 NOSHARED=	YES

+# Logging to syslog increases the size of the statically linked
+# binary by over 100K.  Provide an option for disabling this on
+# systems where conserving space on the root device is critical.
+.ifdef NO_NOLOGIN_LOG
+CFLAGS+=	-DNO_NOLOGIN_LOG
+.endif
+
 .include <bsd.prog.mk>
--- a/sbin/nologin/nologin.c
+++ b/sbin/nologin/nologin.c
@ -8,6 +8,7 @@ __FBSDID("$FreeBSD$");

 #include <sys/types.h>
 #include <sys/uio.h>
+#include <syslog.h>
 #include <unistd.h>

 #define	MESSAGE	"This account is currently not available.\n"
@ -15,7 +16,19 @@ __FBSDID("$FreeBSD$");
 int
 main(int argc, char *argv[])
 {
+#ifndef NO_NOLOGIN_LOG
+	char *user, *tt;

-	write(STDOUT_FILENO, MESSAGE, sizeof(MESSAGE));
+	if ((tt = ttyname(0)) == NULL)
+		tt = "UNKNOWN";
+	if ((user = getlogin()) == NULL)
+		user = "UNKNOWN";
+
+	openlog("nologin", LOG_CONS, LOG_AUTH);
+	syslog(LOG_CRIT, "Attempted login by %s on %s", user, tt);
+	closelog();
+#endif /* NO_NOLOGIN_LOG */
+
+	write(STDOUT_FILENO, MESSAGE, sizeof(MESSAGE) - 1);
 	_exit(1);
 }
--- a/usr.sbin/nologin/Makefile
+++ b/usr.sbin/nologin/Makefile
@ -11,4 +11,11 @@ MAN=	nologin.5 nologin.8
 # rendering a dynamic nologin binary virtually useless.
 NOSHARED=	YES

+# Logging to syslog increases the size of the statically linked
+# binary by over 100K.  Provide an option for disabling this on
+# systems where conserving space on the root device is critical.
+.ifdef NO_NOLOGIN_LOG
+CFLAGS+=	-DNO_NOLOGIN_LOG
+.endif
+
 .include <bsd.prog.mk>
--- a/usr.sbin/nologin/nologin.c
+++ b/usr.sbin/nologin/nologin.c
@ -8,6 +8,7 @@ __FBSDID("$FreeBSD$");

 #include <sys/types.h>
 #include <sys/uio.h>
+#include <syslog.h>
 #include <unistd.h>

 #define	MESSAGE	"This account is currently not available.\n"
@ -15,7 +16,19 @@ __FBSDID("$FreeBSD$");
 int
 main(int argc, char *argv[])
 {
+#ifndef NO_NOLOGIN_LOG
+	char *user, *tt;

-	write(STDOUT_FILENO, MESSAGE, sizeof(MESSAGE));
+	if ((tt = ttyname(0)) == NULL)
+		tt = "UNKNOWN";
+	if ((user = getlogin()) == NULL)
+		user = "UNKNOWN";
+
+	openlog("nologin", LOG_CONS, LOG_AUTH);
+	syslog(LOG_CRIT, "Attempted login by %s on %s", user, tt);
+	closelog();
+#endif /* NO_NOLOGIN_LOG */
+
+	write(STDOUT_FILENO, MESSAGE, sizeof(MESSAGE) - 1);
 	_exit(1);
 }