Added a pile of syslog stuff, so that admins can see what this thing is

doing.

diff --git a/chrootsh.8 b/chrootsh.8
index ce232f6..26e8e96 100644 (file)
--- a/chrootsh.8
+++ b/chrootsh.8
@@ -71,6 +71,15 @@ in the gaol's password file
 Finally, set a sensible password for
 .B fred
 in the main password database, and everything ought to work.
+.PP
+The
+.B chrootsh
+program makes entries in the system log whenever a user logs in, or when
+something goes wrong.  Every call ought to make at least one log entry.
+Logging is done to the
+.B LOG_DAEMON
+facility, because the idea is that users with shells like this get used
+to run `daemon'-like services.
 .SH BUGS
 The
 .B chrootsh

diff --git a/chrootsh.c b/chrootsh.c
index 341724c..5b12d0e 100644 (file)
--- a/chrootsh.c
+++ b/chrootsh.c
@@ -1,6 +1,6 @@
 /* -*-c-*-
  *
- * $Id: chrootsh.c,v 1.2 1999/04/21 09:07:55 mdw Exp $
+ * $Id: chrootsh.c,v 1.3 1999/04/21 22:52:43 mdw Exp $
  *
  * Chroot gaol shell
  *
@@ -27,6 +27,10 @@
 /*----- Revision history --------------------------------------------------* 
  *
  * $Log: chrootsh.c,v $
+ * Revision 1.3  1999/04/21 22:52:43  mdw
+ * Added a pile of syslog stuff, so that admins can see what this thing is
+ * doing.
+ *
  * Revision 1.2  1999/04/21 09:07:55  mdw
  * Fiddle with copyright messages so that they're correct.
  *
@@ -44,6 +48,7 @@
 
 #include <sys/types.h>
 #include <unistd.h>
+#include <syslog.h>
 #include <pwd.h>
 
 extern char **environ;
@@ -78,6 +83,7 @@ int main(int argc, char *argv[])
 {
   struct passwd *pw;
   uid_t me = getuid();
+  char *myname;
   char **env;
   char **av;
 
@@ -90,17 +96,22 @@ int main(int argc, char *argv[])
       if (*q == '/')
        p = q + 1;
     }
+    if (*p == '-')
+      p++;
     quis = p;
+    openlog(quis, LOG_PID | LOG_NDELAY, LOG_DAEMON);
   }
 
   /* --- Check the user is meant to be chrooted --- */
 
   pw = getpwuid(me);
   if (!pw) {
+    syslog(LOG_ERR, "executed by non-existant user (uid = %i)", (int)me);
     fprintf(stderr, "%s: you don't exist.  Go away.\n", quis);
     exit(EXIT_FAILURE);
   }
   if (strcmp(pw->pw_shell, CHROOTSH_PATH) != 0) {
+    syslog(LOG_ERR, "executed by non-chrooted user `%s'", pw->pw_name);
     fprintf(stderr, "%s: you aren't a chrooted user\n", quis);
     exit(EXIT_FAILURE);
   }
@@ -115,6 +126,7 @@ int main(int argc, char *argv[])
       *q = 0;
     
     if (chdir(p) || chroot(p)) {
+      syslog(LOG_ERR, "error entering chroot gaol: %m");
       fprintf(stderr, "%s: couldn't call chroot: %s", quis, strerror(errno));
       exit(EXIT_FAILURE);
     }
@@ -125,10 +137,11 @@ int main(int argc, char *argv[])
   /* --- Read the new password block --- */
 
   {
-    char *p = xstrdup(pw->pw_name);
-    pw = getpwnam(p);
-    free(p);
+    myname = xstrdup(pw->pw_name);
+    pw = getpwnam(myname);
     if (!pw) {
+      syslog(LOG_ERR,
+            "configuration error: user `%s' not defined in gaol", myname);
       fprintf(stderr, "%s: you don't exist in the gaol\n", quis);
       exit(EXIT_FAILURE);
     }
@@ -189,6 +202,8 @@ int main(int argc, char *argv[])
 
   /* --- Run the real shell --- */
 
+  syslog(LOG_INFO, "chroot user `%s' logged in ok", myname);
+  closelog();
   execve(pw->pw_shell, av, env);
   fprintf(stderr, "%s: couldn't exec `%s': %s",
          quis, pw->pw_shell, strerror(errno));