Added --disable-utmp-logging option
This commit is contained in:
parent
6f30739e33
commit
3ff0ad5768
2 changed files with 66 additions and 53 deletions
|
@ -139,6 +139,9 @@ int execle(const char *, const char *, ...);
|
||||||
extern int pthread_once(pthread_once_t *, void (*)(void))__attribute__((weak));
|
extern int pthread_once(pthread_once_t *, void (*)(void))__attribute__((weak));
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
// From shellinabox/shellinaboxd.c
|
||||||
|
extern int enableUtmpLogging;
|
||||||
|
|
||||||
// If PAM support is available, take advantage of it. Otherwise, silently fall
|
// If PAM support is available, take advantage of it. Otherwise, silently fall
|
||||||
// back on legacy operations for session management.
|
// back on legacy operations for session management.
|
||||||
#if defined(HAVE_SECURITY_PAM_APPL_H) && defined(HAVE_DLOPEN)
|
#if defined(HAVE_SECURITY_PAM_APPL_H) && defined(HAVE_DLOPEN)
|
||||||
|
@ -673,6 +676,7 @@ void destroyUtmp(struct Utmp *utmp) {
|
||||||
UNUSED_RETURN(setresuid(0, 0, 0));
|
UNUSED_RETURN(setresuid(0, 0, 0));
|
||||||
UNUSED_RETURN(setresgid(0, 0, 0));
|
UNUSED_RETURN(setresgid(0, 0, 0));
|
||||||
|
|
||||||
|
if(enableUtmpLogging) {
|
||||||
setutxent();
|
setutxent();
|
||||||
pututxline(&utmp->utmpx);
|
pututxline(&utmp->utmpx);
|
||||||
endutxent();
|
endutxent();
|
||||||
|
@ -682,6 +686,7 @@ void destroyUtmp(struct Utmp *utmp) {
|
||||||
updwtmpx("/var/log/wtmp", &utmp->utmpx);
|
updwtmpx("/var/log/wtmp", &utmp->utmpx);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
// Switch back to the lower privileges
|
// Switch back to the lower privileges
|
||||||
check(!setresgid(r_gid, e_gid, s_gid));
|
check(!setresgid(r_gid, e_gid, s_gid));
|
||||||
|
@ -1230,7 +1235,7 @@ static pam_handle_t *internalLogin(struct Service *service, struct Utmp *utmp,
|
||||||
|
|
||||||
// Update utmp/wtmp entries
|
// Update utmp/wtmp entries
|
||||||
#ifdef HAVE_UTMPX_H
|
#ifdef HAVE_UTMPX_H
|
||||||
if (service->authUser != 2 /* SSH */) {
|
if (enableUtmpLogging && service->authUser != 2 /* SSH */) {
|
||||||
memset(&utmp->utmpx.ut_user, 0, sizeof(utmp->utmpx.ut_user));
|
memset(&utmp->utmpx.ut_user, 0, sizeof(utmp->utmpx.ut_user));
|
||||||
strncat(&utmp->utmpx.ut_user[0], service->user,
|
strncat(&utmp->utmpx.ut_user[0], service->user,
|
||||||
sizeof(utmp->utmpx.ut_user) - 1);
|
sizeof(utmp->utmpx.ut_user) - 1);
|
||||||
|
@ -1550,6 +1555,7 @@ static void childProcess(struct Service *service, int width, int height,
|
||||||
UNUSED_RETURN(setresuid(0, 0, 0));
|
UNUSED_RETURN(setresuid(0, 0, 0));
|
||||||
UNUSED_RETURN(setresgid(0, 0, 0));
|
UNUSED_RETURN(setresgid(0, 0, 0));
|
||||||
#ifdef HAVE_UTMPX_H
|
#ifdef HAVE_UTMPX_H
|
||||||
|
if(enableUtmpLogging) {
|
||||||
setutxent();
|
setutxent();
|
||||||
struct utmpx utmpx = utmp->utmpx;
|
struct utmpx utmpx = utmp->utmpx;
|
||||||
if (service->useLogin || service->authUser) {
|
if (service->useLogin || service->authUser) {
|
||||||
|
@ -1566,6 +1572,7 @@ static void childProcess(struct Service *service, int width, int height,
|
||||||
updwtmpx("/var/log/wtmp", &utmpx);
|
updwtmpx("/var/log/wtmp", &utmpx);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
// Create session. We might have to fork another process as PAM wants us
|
// Create session. We might have to fork another process as PAM wants us
|
||||||
|
|
|
@ -112,6 +112,7 @@ static int noBeep = 0;
|
||||||
static int numericHosts = 0;
|
static int numericHosts = 0;
|
||||||
static int enableSSL = 1;
|
static int enableSSL = 1;
|
||||||
static int enableSSLMenu = 1;
|
static int enableSSLMenu = 1;
|
||||||
|
int enableUtmpLogging = 1;
|
||||||
static char *messagesOrigin = NULL;
|
static char *messagesOrigin = NULL;
|
||||||
static int linkifyURLs = 1;
|
static int linkifyURLs = 1;
|
||||||
static char *certificateDir;
|
static char *certificateDir;
|
||||||
|
@ -789,6 +790,7 @@ static void usage(void) {
|
||||||
" -p, --port=PORT select a port (default: %d)\n"
|
" -p, --port=PORT select a port (default: %d)\n"
|
||||||
" -s, --service=SERVICE define one or more services\n"
|
" -s, --service=SERVICE define one or more services\n"
|
||||||
"%s"
|
"%s"
|
||||||
|
" --disable-utmp-logging disable logging to utmp and wtmp\n"
|
||||||
" -q, --quiet turn off all messages\n"
|
" -q, --quiet turn off all messages\n"
|
||||||
" --unixdomain-only=PATH:USER:GROUP:CHMOD listen on unix socket\n"
|
" --unixdomain-only=PATH:USER:GROUP:CHMOD listen on unix socket\n"
|
||||||
" -u, --user=UID switch to this user (default: %s)\n"
|
" -u, --user=UID switch to this user (default: %s)\n"
|
||||||
|
@ -896,6 +898,7 @@ static void parseArgs(int argc, char * const argv[]) {
|
||||||
{ "service", 1, 0, 's' },
|
{ "service", 1, 0, 's' },
|
||||||
{ "disable-ssl", 0, 0, 't' },
|
{ "disable-ssl", 0, 0, 't' },
|
||||||
{ "disable-ssl-menu", 0, 0, 0 },
|
{ "disable-ssl-menu", 0, 0, 0 },
|
||||||
|
{ "disable-utmp-logging", 0, 0, 0 },
|
||||||
{ "quiet", 0, 0, 'q' },
|
{ "quiet", 0, 0, 'q' },
|
||||||
{ "unixdomain-only", 1, 0, 0, },
|
{ "unixdomain-only", 1, 0, 0, },
|
||||||
{ "user", 1, 0, 'u' },
|
{ "user", 1, 0, 'u' },
|
||||||
|
@ -1127,6 +1130,9 @@ static void parseArgs(int argc, char * const argv[]) {
|
||||||
warn("[config] Ignoring disable-ssl-menu option, as SSL support is unavailable.");
|
warn("[config] Ignoring disable-ssl-menu option, as SSL support is unavailable.");
|
||||||
}
|
}
|
||||||
enableSSLMenu = 0;
|
enableSSLMenu = 0;
|
||||||
|
} else if (!idx--) {
|
||||||
|
// Disable UTMP logging
|
||||||
|
enableUtmpLogging = 0;
|
||||||
} else if (!idx--) {
|
} else if (!idx--) {
|
||||||
// Quiet
|
// Quiet
|
||||||
if (!logIsDefault() && !logIsQuiet()) {
|
if (!logIsDefault() && !logIsQuiet()) {
|
||||||
|
|
Loading…
Reference in a new issue