Added --disable-utmp-logging option

2015-08-27 23:16:06 -05:00 · 2015-08-27 23:16:06 -05:00 · 3ff0ad5768
commit 3ff0ad5768
parent 6f30739e33
2 changed files with 66 additions and 53 deletions
--- a/shellinabox/launcher.c
+++ b/shellinabox/launcher.c
@ -139,6 +139,9 @@ int execle(const char *, const char *, ...);
 extern int pthread_once(pthread_once_t *, void (*)(void))__attribute__((weak));
 #endif

+// From shellinabox/shellinaboxd.c
+extern int enableUtmpLogging;
+
 // If PAM support is available, take advantage of it. Otherwise, silently fall
 // back on legacy operations for session management.
 #if defined(HAVE_SECURITY_PAM_APPL_H) && defined(HAVE_DLOPEN)
@ -673,6 +676,7 @@ void destroyUtmp(struct Utmp *utmp) {
      UNUSED_RETURN(setresuid(0, 0, 0));
      UNUSED_RETURN(setresgid(0, 0, 0));

+      if(enableUtmpLogging) {
        setutxent();
        pututxline(&utmp->utmpx);
        endutxent();
@ -682,6 +686,7 @@ void destroyUtmp(struct Utmp *utmp) {
          updwtmpx("/var/log/wtmp", &utmp->utmpx);
        }
 #endif
+      }

      // Switch back to the lower privileges
      check(!setresgid(r_gid, e_gid, s_gid));
@ -1230,7 +1235,7 @@ static pam_handle_t *internalLogin(struct Service *service, struct Utmp *utmp,

  // Update utmp/wtmp entries
 #ifdef HAVE_UTMPX_H
-  if (service->authUser != 2 /* SSH */) {
+  if (enableUtmpLogging && service->authUser != 2 /* SSH */) {
    memset(&utmp->utmpx.ut_user, 0, sizeof(utmp->utmpx.ut_user));
    strncat(&utmp->utmpx.ut_user[0], service->user,
            sizeof(utmp->utmpx.ut_user) - 1);
@ -1550,6 +1555,7 @@ static void childProcess(struct Service *service, int width, int height,
  UNUSED_RETURN(setresuid(0, 0, 0));
  UNUSED_RETURN(setresgid(0, 0, 0));
 #ifdef HAVE_UTMPX_H
+  if(enableUtmpLogging) {
    setutxent();
    struct utmpx utmpx            = utmp->utmpx;
    if (service->useLogin || service->authUser) {
@ -1566,6 +1572,7 @@ static void childProcess(struct Service *service, int width, int height,
      updwtmpx("/var/log/wtmp", &utmpx);
    }
 #endif
+  }
 #endif

  // Create session. We might have to fork another process as PAM wants us
--- a/shellinabox/shellinaboxd.c
+++ b/shellinabox/shellinaboxd.c
@ -112,6 +112,7 @@ static int            noBeep          = 0;
 static int            numericHosts      = 0;
 static int            enableSSL         = 1;
 static int            enableSSLMenu     = 1;
+int                   enableUtmpLogging = 1;
 static char           *messagesOrigin   = NULL;
 static int            linkifyURLs       = 1;
 static char           *certificateDir;
@ -789,6 +790,7 @@ static void usage(void) {
          "  -p, --port=PORT             select a port (default: %d)\n"
          "  -s, --service=SERVICE       define one or more services\n"
          "%s"
+          "      --disable-utmp-logging  disable logging to utmp and wtmp\n"
          "  -q, --quiet                 turn off all messages\n"
          "      --unixdomain-only=PATH:USER:GROUP:CHMOD listen on unix socket\n"
          "  -u, --user=UID              switch to this user (default: %s)\n"
@ -896,6 +898,7 @@ static void parseArgs(int argc, char * const argv[]) {
      { "service",              1, 0, 's' },
      { "disable-ssl",          0, 0, 't' },
      { "disable-ssl-menu",     0, 0,  0  },
+      { "disable-utmp-logging", 0, 0,  0  },
      { "quiet",                0, 0, 'q' },
      { "unixdomain-only",      1, 0,  0, },
      { "user",                 1, 0, 'u' },
@ -1127,6 +1130,9 @@ static void parseArgs(int argc, char * const argv[]) {
        warn("[config] Ignoring disable-ssl-menu option, as SSL support is unavailable.");
      }
      enableSSLMenu        = 0;
+    } else if (!idx--) {
+      // Disable UTMP logging
+      enableUtmpLogging    = 0;
    } else if (!idx--) {
      // Quiet
      if (!logIsDefault() && !logIsQuiet()) {