diff --git a/shellinabox/launcher.c b/shellinabox/launcher.c index 20a4869..e5a2ca3 100644 --- a/shellinabox/launcher.c +++ b/shellinabox/launcher.c @@ -139,6 +139,9 @@ int execle(const char *, const char *, ...); extern int pthread_once(pthread_once_t *, void (*)(void))__attribute__((weak)); #endif +// From shellinabox/shellinaboxd.c +extern int enableUtmpLogging; + // If PAM support is available, take advantage of it. Otherwise, silently fall // back on legacy operations for session management. #if defined(HAVE_SECURITY_PAM_APPL_H) && defined(HAVE_DLOPEN) @@ -673,15 +676,17 @@ void destroyUtmp(struct Utmp *utmp) { UNUSED_RETURN(setresuid(0, 0, 0)); UNUSED_RETURN(setresgid(0, 0, 0)); - setutxent(); - pututxline(&utmp->utmpx); - endutxent(); + if(enableUtmpLogging) { + setutxent(); + pututxline(&utmp->utmpx); + endutxent(); #if defined(HAVE_UPDWTMP) || defined(HAVE_UPDWTMPX) - if (!utmp->useLogin) { - updwtmpx("/var/log/wtmp", &utmp->utmpx); - } + if (!utmp->useLogin) { + updwtmpx("/var/log/wtmp", &utmp->utmpx); + } #endif + } // Switch back to the lower privileges check(!setresgid(r_gid, e_gid, s_gid)); @@ -1230,7 +1235,7 @@ static pam_handle_t *internalLogin(struct Service *service, struct Utmp *utmp, // Update utmp/wtmp entries #ifdef HAVE_UTMPX_H - if (service->authUser != 2 /* SSH */) { + if (enableUtmpLogging && service->authUser != 2 /* SSH */) { memset(&utmp->utmpx.ut_user, 0, sizeof(utmp->utmpx.ut_user)); strncat(&utmp->utmpx.ut_user[0], service->user, sizeof(utmp->utmpx.ut_user) - 1); @@ -1550,22 +1555,24 @@ static void childProcess(struct Service *service, int width, int height, UNUSED_RETURN(setresuid(0, 0, 0)); UNUSED_RETURN(setresgid(0, 0, 0)); #ifdef HAVE_UTMPX_H - setutxent(); - struct utmpx utmpx = utmp->utmpx; - if (service->useLogin || service->authUser) { - utmpx.ut_type = LOGIN_PROCESS; - memset(utmpx.ut_host, 0, sizeof(utmpx.ut_host)); - } - pututxline(&utmpx); - endutxent(); + if(enableUtmpLogging) { + setutxent(); + struct utmpx utmpx = utmp->utmpx; + if (service->useLogin || service->authUser) { + utmpx.ut_type = LOGIN_PROCESS; + memset(utmpx.ut_host, 0, sizeof(utmpx.ut_host)); + } + pututxline(&utmpx); + endutxent(); #if defined(HAVE_UPDWTMP) || defined(HAVE_UPDWTMPX) - if (!utmp->useLogin) { - memset(&utmpx.ut_user, 0, sizeof(utmpx.ut_user)); - strncat(&utmpx.ut_user[0], "LOGIN", sizeof(utmpx.ut_user) - 1); - updwtmpx("/var/log/wtmp", &utmpx); - } + if (!utmp->useLogin) { + memset(&utmpx.ut_user, 0, sizeof(utmpx.ut_user)); + strncat(&utmpx.ut_user[0], "LOGIN", sizeof(utmpx.ut_user) - 1); + updwtmpx("/var/log/wtmp", &utmpx); + } #endif + } #endif // Create session. We might have to fork another process as PAM wants us diff --git a/shellinabox/shellinaboxd.c b/shellinabox/shellinaboxd.c index c10ffc2..d1b2146 100644 --- a/shellinabox/shellinaboxd.c +++ b/shellinabox/shellinaboxd.c @@ -107,15 +107,16 @@ static int port; static int portMin; static int portMax; -static int localhostOnly = 0; -static int noBeep = 0; -static int numericHosts = 0; -static int enableSSL = 1; -static int enableSSLMenu = 1; -static char *messagesOrigin = NULL; -static int linkifyURLs = 1; +static int localhostOnly = 0; +static int noBeep = 0; +static int numericHosts = 0; +static int enableSSL = 1; +static int enableSSLMenu = 1; +int enableUtmpLogging = 1; +static char *messagesOrigin = NULL; +static int linkifyURLs = 1; static char *certificateDir; -static int certificateFd = -1; +static int certificateFd = -1; static HashMap *externalFiles; static Server *cgiServer; static char *cgiSessionKey; @@ -789,6 +790,7 @@ static void usage(void) { " -p, --port=PORT select a port (default: %d)\n" " -s, --service=SERVICE define one or more services\n" "%s" + " --disable-utmp-logging disable logging to utmp and wtmp\n" " -q, --quiet turn off all messages\n" " --unixdomain-only=PATH:USER:GROUP:CHMOD listen on unix socket\n" " -u, --user=UID switch to this user (default: %s)\n" @@ -877,31 +879,32 @@ static void parseArgs(int argc, char * const argv[]) { for (;;) { static const char optstring[] = "+hb::c:df:g:nm:p:s:tqu:v"; static struct option options[] = { - { "help", 0, 0, 'h' }, - { "background", 2, 0, 'b' }, - { "cert", 1, 0, 'c' }, - { "cert-fd", 1, 0, 0 }, - { "css", 1, 0, 0 }, - { "cgi", 2, 0, 0 }, - { "debug", 0, 0, 'd' }, - { "static-file", 1, 0, 'f' }, - { "group", 1, 0, 'g' }, - { "linkify", 1, 0, 0 }, - { "localhost-only", 0, 0, 0 }, - { "no-beep", 0, 0, 0 }, - { "numeric", 0, 0, 'n' }, - { "messages-origin", 1, 0, 'm' }, - { "pidfile", 1, 0, 0 }, - { "port", 1, 0, 'p' }, - { "service", 1, 0, 's' }, - { "disable-ssl", 0, 0, 't' }, - { "disable-ssl-menu", 0, 0, 0 }, - { "quiet", 0, 0, 'q' }, - { "unixdomain-only", 1, 0, 0, }, - { "user", 1, 0, 'u' }, - { "user-css", 1, 0, 0 }, - { "verbose", 0, 0, 'v' }, - { "version", 0, 0, 0 }, + { "help", 0, 0, 'h' }, + { "background", 2, 0, 'b' }, + { "cert", 1, 0, 'c' }, + { "cert-fd", 1, 0, 0 }, + { "css", 1, 0, 0 }, + { "cgi", 2, 0, 0 }, + { "debug", 0, 0, 'd' }, + { "static-file", 1, 0, 'f' }, + { "group", 1, 0, 'g' }, + { "linkify", 1, 0, 0 }, + { "localhost-only", 0, 0, 0 }, + { "no-beep", 0, 0, 0 }, + { "numeric", 0, 0, 'n' }, + { "messages-origin", 1, 0, 'm' }, + { "pidfile", 1, 0, 0 }, + { "port", 1, 0, 'p' }, + { "service", 1, 0, 's' }, + { "disable-ssl", 0, 0, 't' }, + { "disable-ssl-menu", 0, 0, 0 }, + { "disable-utmp-logging", 0, 0, 0 }, + { "quiet", 0, 0, 'q' }, + { "unixdomain-only", 1, 0, 0, }, + { "user", 1, 0, 'u' }, + { "user-css", 1, 0, 0 }, + { "verbose", 0, 0, 'v' }, + { "version", 0, 0, 0 }, { 0, 0, 0, 0 } }; int idx = -1; int c = getopt_long(argc, argv, optstring, options, &idx); @@ -1127,6 +1130,9 @@ static void parseArgs(int argc, char * const argv[]) { warn("[config] Ignoring disable-ssl-menu option, as SSL support is unavailable."); } enableSSLMenu = 0; + } else if (!idx--) { + // Disable UTMP logging + enableUtmpLogging = 0; } else if (!idx--) { // Quiet if (!logIsDefault() && !logIsQuiet()) {