From: mdw Date: Wed, 21 Apr 1999 22:52:43 +0000 (+0000) Subject: Added a pile of syslog stuff, so that admins can see what this thing is X-Git-Tag: 1.0.0~6 X-Git-Url: https://git.distorted.org.uk/~mdw/shells/commitdiff_plain/cf60a6216fbe118de305d9c4f8727d691ed31776 Added a pile of syslog stuff, so that admins can see what this thing is doing. --- diff --git a/chrootsh.8 b/chrootsh.8 index ce232f6..26e8e96 100644 --- a/chrootsh.8 +++ b/chrootsh.8 @@ -71,6 +71,15 @@ in the gaol's password file Finally, set a sensible password for .B fred in the main password database, and everything ought to work. +.PP +The +.B chrootsh +program makes entries in the system log whenever a user logs in, or when +something goes wrong. Every call ought to make at least one log entry. +Logging is done to the +.B LOG_DAEMON +facility, because the idea is that users with shells like this get used +to run `daemon'-like services. .SH BUGS The .B chrootsh diff --git a/chrootsh.c b/chrootsh.c index 341724c..5b12d0e 100644 --- a/chrootsh.c +++ b/chrootsh.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: chrootsh.c,v 1.2 1999/04/21 09:07:55 mdw Exp $ + * $Id: chrootsh.c,v 1.3 1999/04/21 22:52:43 mdw Exp $ * * Chroot gaol shell * @@ -27,6 +27,10 @@ /*----- Revision history --------------------------------------------------* * * $Log: chrootsh.c,v $ + * Revision 1.3 1999/04/21 22:52:43 mdw + * Added a pile of syslog stuff, so that admins can see what this thing is + * doing. + * * Revision 1.2 1999/04/21 09:07:55 mdw * Fiddle with copyright messages so that they're correct. * @@ -44,6 +48,7 @@ #include #include +#include #include extern char **environ; @@ -78,6 +83,7 @@ int main(int argc, char *argv[]) { struct passwd *pw; uid_t me = getuid(); + char *myname; char **env; char **av; @@ -90,17 +96,22 @@ int main(int argc, char *argv[]) if (*q == '/') p = q + 1; } + if (*p == '-') + p++; quis = p; + openlog(quis, LOG_PID | LOG_NDELAY, LOG_DAEMON); } /* --- Check the user is meant to be chrooted --- */ pw = getpwuid(me); if (!pw) { + syslog(LOG_ERR, "executed by non-existant user (uid = %i)", (int)me); fprintf(stderr, "%s: you don't exist. Go away.\n", quis); exit(EXIT_FAILURE); } if (strcmp(pw->pw_shell, CHROOTSH_PATH) != 0) { + syslog(LOG_ERR, "executed by non-chrooted user `%s'", pw->pw_name); fprintf(stderr, "%s: you aren't a chrooted user\n", quis); exit(EXIT_FAILURE); } @@ -115,6 +126,7 @@ int main(int argc, char *argv[]) *q = 0; if (chdir(p) || chroot(p)) { + syslog(LOG_ERR, "error entering chroot gaol: %m"); fprintf(stderr, "%s: couldn't call chroot: %s", quis, strerror(errno)); exit(EXIT_FAILURE); } @@ -125,10 +137,11 @@ int main(int argc, char *argv[]) /* --- Read the new password block --- */ { - char *p = xstrdup(pw->pw_name); - pw = getpwnam(p); - free(p); + myname = xstrdup(pw->pw_name); + pw = getpwnam(myname); if (!pw) { + syslog(LOG_ERR, + "configuration error: user `%s' not defined in gaol", myname); fprintf(stderr, "%s: you don't exist in the gaol\n", quis); exit(EXIT_FAILURE); } @@ -189,6 +202,8 @@ int main(int argc, char *argv[]) /* --- Run the real shell --- */ + syslog(LOG_INFO, "chroot user `%s' logged in ok", myname); + closelog(); execve(pw->pw_shell, av, env); fprintf(stderr, "%s: couldn't exec `%s': %s", quis, pw->pw_shell, strerror(errno));