From ab31b0f2711a11b53b22db8181713fe48cec0ce9 Mon Sep 17 00:00:00 2001
From: Tom Judge <tjudge@sourcefire.com>
Date: Tue, 24 Oct 2017 20:53:52 +0000
Subject: [PATCH] Add syslog logging of connections

Log connection change events to syslog in the auth log, logging the PID,
username and remote host.

Also log session begin and end.

Co-Authored-By: John Hood <cgull@glup.org>
---
 Makefile.am                 |  2 +-
 configure.ac                | 11 ++++++++
 src/frontend/mosh-server.cc | 52 +++++++++++++++++++++++++++++++++----
 3 files changed, 59 insertions(+), 6 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 478a3da..2b9edf6 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2,7 +2,7 @@ ACLOCAL_AMFLAGS = -I m4
 SUBDIRS = scripts src man conf
 EXTRA_DIST = autogen.sh ocb-license.html README.md COPYING.iOS
 BUILT_SOURCES = version.h
-AM_DISTCHECK_CONFIGURE_FLAGS = --enable-compile-warnings=distcheck --enable-examples
+AM_DISTCHECK_CONFIGURE_FLAGS = --enable-compile-warnings=distcheck --enable-examples --enable-syslog
 
 # non-Automake defines
 CPPCHECK_FLAGS = --enable=all --template=gcc --force # -j8 disables unused function checking.
diff --git a/configure.ac b/configure.ac
index 3ad983d..ef18743 100644
--- a/configure.ac
+++ b/configure.ac
@@ -177,6 +177,17 @@ AS_IF([test x"$with_utempter" != xno],
       [AC_MSG_WARN([Unable to find libutempter; utmp entries will not be made.])],
       [AC_MSG_ERROR([--with-utempter was given but libutempter was not found.])])])])
 
+AC_ARG_ENABLE([syslog],
+  [AS_HELP_STRING([--enable-syslog], [Enable connection logging in mosh-server @<:@no@:>@])],
+  [enable_syslog="$enableval"],
+  [enable_syslog="no"])
+AS_IF([test x"$enable_syslog" != xno],
+  [AC_CHECK_HEADERS([syslog.h],
+    [AC_DEFINE([HAVE_SYSLOG], [1], [Define if syslog is available.])],
+    [AS_IF([test x"$enable_syslog" = xcheck],
+      [AC_MSG_WARN([Unable to find syslog.h.])],
+      [AC_MSG_ERROR([--enable-syslog was given but syslog.h was not found.])])])])
+
 AC_SEARCH_LIBS([compress], [z], , [AC_MSG_ERROR([Unable to find zlib.])])
 
 AC_SEARCH_LIBS([socket], [socket network])
diff --git a/src/frontend/mosh-server.cc b/src/frontend/mosh-server.cc
index 71acc74..134457a 100644
--- a/src/frontend/mosh-server.cc
+++ b/src/frontend/mosh-server.cc
@@ -52,6 +52,9 @@
 #ifdef HAVE_UTEMPTER
 #include <utempter.h>
 #endif
+#ifdef HAVE_SYSLOG
+#include <syslog.h>
+#endif
 #include <sys/socket.h>
 #include <netdb.h>
 #include <time.h>
@@ -278,6 +281,10 @@ int main( int argc, char *argv[] )
 
   bool with_motd = false;
 
+  #ifdef HAVE_SYSLOG
+  openlog(argv[0], LOG_PID | LOG_NDELAY, LOG_AUTH);
+  #endif
+
   /* Get shell */
   char *my_argv[ 2 ];
   string shell_name;
@@ -522,6 +529,10 @@ static int run_server( const char *desired_ip, const char *desired_port,
     fatal_assert( 0 == sigaction( SIGHUP, &sa, NULL ) );
     fatal_assert( 0 == sigaction( SIGPIPE, &sa, NULL ) );
 
+    #ifdef HAVE_SYSLOG
+    closelog();
+    #endif
+
     /* close server-related file descriptors */
     network.reset();
 
@@ -652,11 +663,21 @@ static void serve( int host_fd, Terminal::Complete &terminal, ServerConnection &
 
   #ifdef HAVE_UTEMPTER
   bool connected_utmp = false;
-
+  #endif
+  #if defined(HAVE_SYSLOG) || defined(HAVE_UPTEMPTER)
+  bool force_connection_change_evt = false;
   Addr saved_addr;
   socklen_t saved_addr_len = 0;
   #endif
 
+  #ifdef HAVE_SYSLOG
+  struct passwd *pw = getpwuid( getuid() );
+  if (pw == NULL) {
+    throw NetworkException( std::string( "serve: getpwuid: " ) + strerror( errno ), 0 );
+  }
+  syslog(LOG_INFO, "user %s session begin", pw->pw_name);
+  #endif
+
   bool child_released = false;
 
   while ( true ) {
@@ -756,14 +777,25 @@ static void serve( int host_fd, Terminal::Complete &terminal, ServerConnection &
 	  if ( !network.shutdown_in_progress() ) {
 	    network.set_current_state( terminal );
 	  }
-	  
+	  #if defined(HAVE_SYSLOG) || defined(HAVE_UPTEMPTER)
 	  #ifdef HAVE_UTEMPTER
-	  /* update utmp entry if we have become "connected" */
-	  if ( (!connected_utmp)
+	  if (!connected_utmp) {
+	    force_connection_change_evt = true;
+	  } else {
+	    force_connection_change_evt = false;
+	  }
+	  #else
+	  force_connection_change_evt = false;
+	  #endif
+
+	  /**
+	   * - HAVE_UTEMPTER - update utmp entry if we have become "connected"
+	   * - HAVE_SYSLOG - log connection information to syslog
+	   **/
+	  if ( (force_connection_change_evt)
 	       || saved_addr_len != network.get_remote_addr_len()
 	       || memcmp( &saved_addr, &network.get_remote_addr(),
 			  saved_addr_len ) != 0 ) {
-	    utempter_remove_record( host_fd );
 
 	    saved_addr = network.get_remote_addr();
 	    saved_addr_len = network.get_remote_addr_len();
@@ -776,11 +808,18 @@ static void serve( int host_fd, Terminal::Complete &terminal, ServerConnection &
 	      throw NetworkException( std::string( "serve: getnameinfo: " ) + gai_strerror( errcode ), 0 );
 	    }
 
+	    #ifdef HAVE_UTEMPTER
+	    utempter_remove_record( host_fd );
 	    char tmp[ 64 ];
 	    snprintf( tmp, 64, "%s via mosh [%d]", host, getpid() );
 	    utempter_add_record( host_fd, tmp );
 
 	    connected_utmp = true;
+	    #endif
+
+	    #ifdef HAVE_SYSLOG
+	    syslog(LOG_INFO, "user %s connected from host: %s", pw->pw_name, host);
+	    #endif
 	  }
 	  #endif
 
@@ -896,6 +935,9 @@ static void serve( int host_fd, Terminal::Complete &terminal, ServerConnection &
       }
     }
   }
+  #ifdef HAVE_SYSLOG
+  syslog(LOG_INFO, "user %s session end", pw->pw_name);
+  #endif
 }
 
 /* Print the motd from a given file, if available */