simono41/shellinabox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #339 from BenjiWiebe/master

Browse source 
Added --disable-utmp-logging option
This commit is contained in:
Luka Krajger 2015-08-28 20:44:16 +02:00
commit 0d522a05ca
2 changed files with 66 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
shellinabox/launcher.c
View file

@ -139,6 +139,9 @@ int execle(const char *, const char *, ...);
extern int pthread_once(pthread_once_t *, void (*)(void))__attribute__((weak)); extern int pthread_once(pthread_once_t *, void (*)(void))__attribute__((weak));
#endif #endif
// From shellinabox/shellinaboxd.c
extern int enableUtmpLogging;
// If PAM support is available, take advantage of it. Otherwise, silently fall // If PAM support is available, take advantage of it. Otherwise, silently fall
// back on legacy operations for session management. // back on legacy operations for session management.
#if defined(HAVE_SECURITY_PAM_APPL_H) && defined(HAVE_DLOPEN) #if defined(HAVE_SECURITY_PAM_APPL_H) && defined(HAVE_DLOPEN)
@ -673,15 +676,17 @@ void destroyUtmp(struct Utmp *utmp) {
UNUSED_RETURN(setresuid(0, 0, 0)); UNUSED_RETURN(setresuid(0, 0, 0));
UNUSED_RETURN(setresgid(0, 0, 0)); UNUSED_RETURN(setresgid(0, 0, 0));
setutxent(); if(enableUtmpLogging) {
pututxline(&utmp->utmpx); setutxent();
endutxent(); pututxline(&utmp->utmpx);
endutxent();
#if defined(HAVE_UPDWTMP) || defined(HAVE_UPDWTMPX) #if defined(HAVE_UPDWTMP) || defined(HAVE_UPDWTMPX)
if (!utmp->useLogin) { if (!utmp->useLogin) {
updwtmpx("/var/log/wtmp", &utmp->utmpx); updwtmpx("/var/log/wtmp", &utmp->utmpx);
} }
#endif #endif
}
// Switch back to the lower privileges // Switch back to the lower privileges
check(!setresgid(r_gid, e_gid, s_gid)); check(!setresgid(r_gid, e_gid, s_gid));
@ -1230,7 +1235,7 @@ static pam_handle_t *internalLogin(struct Service *service, struct Utmp *utmp,
// Update utmp/wtmp entries // Update utmp/wtmp entries
#ifdef HAVE_UTMPX_H #ifdef HAVE_UTMPX_H
if (service->authUser != 2 /* SSH */) { if (enableUtmpLogging && service->authUser != 2 /* SSH */) {
memset(&utmp->utmpx.ut_user, 0, sizeof(utmp->utmpx.ut_user)); memset(&utmp->utmpx.ut_user, 0, sizeof(utmp->utmpx.ut_user));
strncat(&utmp->utmpx.ut_user[0], service->user, strncat(&utmp->utmpx.ut_user[0], service->user,
sizeof(utmp->utmpx.ut_user) - 1); sizeof(utmp->utmpx.ut_user) - 1);
@ -1550,22 +1555,24 @@ static void childProcess(struct Service *service, int width, int height,
UNUSED_RETURN(setresuid(0, 0, 0)); UNUSED_RETURN(setresuid(0, 0, 0));
UNUSED_RETURN(setresgid(0, 0, 0)); UNUSED_RETURN(setresgid(0, 0, 0));
#ifdef HAVE_UTMPX_H #ifdef HAVE_UTMPX_H
setutxent(); if(enableUtmpLogging) {
struct utmpx utmpx = utmp->utmpx; setutxent();
if (service->useLogin || service->authUser) { struct utmpx utmpx = utmp->utmpx;
utmpx.ut_type = LOGIN_PROCESS; if (service->useLogin || service->authUser) {
memset(utmpx.ut_host, 0, sizeof(utmpx.ut_host)); utmpx.ut_type = LOGIN_PROCESS;
} memset(utmpx.ut_host, 0, sizeof(utmpx.ut_host));
pututxline(&utmpx); }
endutxent(); pututxline(&utmpx);
endutxent();
#if defined(HAVE_UPDWTMP) || defined(HAVE_UPDWTMPX) #if defined(HAVE_UPDWTMP) || defined(HAVE_UPDWTMPX)
if (!utmp->useLogin) { if (!utmp->useLogin) {
memset(&utmpx.ut_user, 0, sizeof(utmpx.ut_user)); memset(&utmpx.ut_user, 0, sizeof(utmpx.ut_user));
strncat(&utmpx.ut_user[0], "LOGIN", sizeof(utmpx.ut_user) - 1); strncat(&utmpx.ut_user[0], "LOGIN", sizeof(utmpx.ut_user) - 1);
updwtmpx("/var/log/wtmp", &utmpx); updwtmpx("/var/log/wtmp", &utmpx);
} }
#endif #endif
}
#endif #endif
// Create session. We might have to fork another process as PAM wants us // Create session. We might have to fork another process as PAM wants us

72
shellinabox/shellinaboxd.c
View file

@ -107,15 +107,16 @@
static int port; static int port;
static int portMin; static int portMin;
static int portMax; static int portMax;
static int localhostOnly = 0; static int localhostOnly = 0;
static int noBeep = 0; static int noBeep = 0;
static int numericHosts = 0; static int numericHosts = 0;
static int enableSSL = 1; static int enableSSL = 1;
static int enableSSLMenu = 1; static int enableSSLMenu = 1;
static char *messagesOrigin = NULL; int enableUtmpLogging = 1;
static int linkifyURLs = 1; static char *messagesOrigin = NULL;
static int linkifyURLs = 1;
static char *certificateDir; static char *certificateDir;
static int certificateFd = -1; static int certificateFd = -1;
static HashMap *externalFiles; static HashMap *externalFiles;
static Server *cgiServer; static Server *cgiServer;
static char *cgiSessionKey; static char *cgiSessionKey;
@ -789,6 +790,7 @@ static void usage(void) {
" -p, --port=PORT select a port (default: %d)\n" " -p, --port=PORT select a port (default: %d)\n"
" -s, --service=SERVICE define one or more services\n" " -s, --service=SERVICE define one or more services\n"
"%s" "%s"
" --disable-utmp-logging disable logging to utmp and wtmp\n"
" -q, --quiet turn off all messages\n" " -q, --quiet turn off all messages\n"
" --unixdomain-only=PATH:USER:GROUP:CHMOD listen on unix socket\n" " --unixdomain-only=PATH:USER:GROUP:CHMOD listen on unix socket\n"
" -u, --user=UID switch to this user (default: %s)\n" " -u, --user=UID switch to this user (default: %s)\n"
@ -877,31 +879,32 @@ static void parseArgs(int argc, char * const argv[]) {
for (;;) { for (;;) {
static const char optstring[] = "+hb::c:df:g:nm:p:s:tqu:v"; static const char optstring[] = "+hb::c:df:g:nm:p:s:tqu:v";
static struct option options[] = { static struct option options[] = {
{ "help", 0, 0, 'h' }, { "help", 0, 0, 'h' },
{ "background", 2, 0, 'b' }, { "background", 2, 0, 'b' },
{ "cert", 1, 0, 'c' }, { "cert", 1, 0, 'c' },
{ "cert-fd", 1, 0, 0 }, { "cert-fd", 1, 0, 0 },
{ "css", 1, 0, 0 }, { "css", 1, 0, 0 },
{ "cgi", 2, 0, 0 }, { "cgi", 2, 0, 0 },
{ "debug", 0, 0, 'd' }, { "debug", 0, 0, 'd' },
{ "static-file", 1, 0, 'f' }, { "static-file", 1, 0, 'f' },
{ "group", 1, 0, 'g' }, { "group", 1, 0, 'g' },
{ "linkify", 1, 0, 0 }, { "linkify", 1, 0, 0 },
{ "localhost-only", 0, 0, 0 }, { "localhost-only", 0, 0, 0 },
{ "no-beep", 0, 0, 0 }, { "no-beep", 0, 0, 0 },
{ "numeric", 0, 0, 'n' }, { "numeric", 0, 0, 'n' },
{ "messages-origin", 1, 0, 'm' }, { "messages-origin", 1, 0, 'm' },
{ "pidfile", 1, 0, 0 }, { "pidfile", 1, 0, 0 },
{ "port", 1, 0, 'p' }, { "port", 1, 0, 'p' },
{ "service", 1, 0, 's' }, { "service", 1, 0, 's' },
{ "disable-ssl", 0, 0, 't' }, { "disable-ssl", 0, 0, 't' },
{ "disable-ssl-menu", 0, 0, 0 }, { "disable-ssl-menu", 0, 0, 0 },
{ "quiet", 0, 0, 'q' }, { "disable-utmp-logging", 0, 0, 0 },
{ "unixdomain-only", 1, 0, 0, }, { "quiet", 0, 0, 'q' },
{ "user", 1, 0, 'u' }, { "unixdomain-only", 1, 0, 0, },
{ "user-css", 1, 0, 0 }, { "user", 1, 0, 'u' },
{ "verbose", 0, 0, 'v' }, { "user-css", 1, 0, 0 },
{ "version", 0, 0, 0 }, { "verbose", 0, 0, 'v' },
{ "version", 0, 0, 0 },
{ 0, 0, 0, 0 } }; { 0, 0, 0, 0 } };
int idx = -1; int idx = -1;
int c = getopt_long(argc, argv, optstring, options, &idx); int c = getopt_long(argc, argv, optstring, options, &idx);
@ -1127,6 +1130,9 @@ static void parseArgs(int argc, char * const argv[]) {
warn("[config] Ignoring disable-ssl-menu option, as SSL support is unavailable."); warn("[config] Ignoring disable-ssl-menu option, as SSL support is unavailable.");
} }
enableSSLMenu = 0; enableSSLMenu = 0;
} else if (!idx--) {
// Disable UTMP logging
enableUtmpLogging = 0;
} else if (!idx--) { } else if (!idx--) {
// Quiet // Quiet
if (!logIsDefault() && !logIsQuiet()) { if (!logIsDefault() && !logIsQuiet()) {