Add syslog logging of connections
Log connection change events to syslog in the auth log, logging the PID, username and remote host. Also log session begin and end. Co-Authored-By: John Hood <cgull@glup.org>
This commit is contained in:
Tom Judge
+1
-1
@@ -2,7 +2,7 @@ ACLOCAL_AMFLAGS = -I m4
|
|||||||
SUBDIRS = scripts src man conf
|
SUBDIRS = scripts src man conf
|
||||||
EXTRA_DIST = autogen.sh ocb-license.html README.md COPYING.iOS
|
EXTRA_DIST = autogen.sh ocb-license.html README.md COPYING.iOS
|
||||||
BUILT_SOURCES = version.h
|
BUILT_SOURCES = version.h
|
||||||
AM_DISTCHECK_CONFIGURE_FLAGS = --enable-compile-warnings=distcheck --enable-examples
|
AM_DISTCHECK_CONFIGURE_FLAGS = --enable-compile-warnings=distcheck --enable-examples --enable-syslog
|
||||||
|
|
||||||
# non-Automake defines
|
# non-Automake defines
|
||||||
CPPCHECK_FLAGS = --enable=all --template=gcc --force # -j8 disables unused function checking.
|
CPPCHECK_FLAGS = --enable=all --template=gcc --force # -j8 disables unused function checking.
|
||||||
|
|||||||
@@ -177,6 +177,17 @@ AS_IF([test x"$with_utempter" != xno],
|
|||||||
[AC_MSG_WARN([Unable to find libutempter; utmp entries will not be made.])],
|
[AC_MSG_WARN([Unable to find libutempter; utmp entries will not be made.])],
|
||||||
[AC_MSG_ERROR([--with-utempter was given but libutempter was not found.])])])])
|
[AC_MSG_ERROR([--with-utempter was given but libutempter was not found.])])])])
|
||||||
|
|
||||||
|
AC_ARG_ENABLE([syslog],
|
||||||
|
[AS_HELP_STRING([--enable-syslog], [Enable connection logging in mosh-server @<:@no@:>@])],
|
||||||
|
[enable_syslog="$enableval"],
|
||||||
|
[enable_syslog="no"])
|
||||||
|
AS_IF([test x"$enable_syslog" != xno],
|
||||||
|
[AC_CHECK_HEADERS([syslog.h],
|
||||||
|
[AC_DEFINE([HAVE_SYSLOG], [1], [Define if syslog is available.])],
|
||||||
|
[AS_IF([test x"$enable_syslog" = xcheck],
|
||||||
|
[AC_MSG_WARN([Unable to find syslog.h.])],
|
||||||
|
[AC_MSG_ERROR([--enable-syslog was given but syslog.h was not found.])])])])
|
||||||
|
|
||||||
AC_SEARCH_LIBS([compress], [z], , [AC_MSG_ERROR([Unable to find zlib.])])
|
AC_SEARCH_LIBS([compress], [z], , [AC_MSG_ERROR([Unable to find zlib.])])
|
||||||
|
|
||||||
AC_SEARCH_LIBS([socket], [socket network])
|
AC_SEARCH_LIBS([socket], [socket network])
|
||||||
|
|||||||
@@ -52,6 +52,9 @@
|
|||||||
#ifdef HAVE_UTEMPTER
|
#ifdef HAVE_UTEMPTER
|
||||||
#include <utempter.h>
|
#include <utempter.h>
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef HAVE_SYSLOG
|
||||||
|
#include <syslog.h>
|
||||||
|
#endif
|
||||||
#include <sys/socket.h>
|
#include <sys/socket.h>
|
||||||
#include <netdb.h>
|
#include <netdb.h>
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
@@ -278,6 +281,10 @@ int main( int argc, char *argv[] )
|
|||||||
|
|
||||||
bool with_motd = false;
|
bool with_motd = false;
|
||||||
|
|
||||||
|
#ifdef HAVE_SYSLOG
|
||||||
|
openlog(argv[0], LOG_PID | LOG_NDELAY, LOG_AUTH);
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Get shell */
|
/* Get shell */
|
||||||
char *my_argv[ 2 ];
|
char *my_argv[ 2 ];
|
||||||
string shell_name;
|
string shell_name;
|
||||||
@@ -522,6 +529,10 @@ static int run_server( const char *desired_ip, const char *desired_port,
|
|||||||
fatal_assert( 0 == sigaction( SIGHUP, &sa, NULL ) );
|
fatal_assert( 0 == sigaction( SIGHUP, &sa, NULL ) );
|
||||||
fatal_assert( 0 == sigaction( SIGPIPE, &sa, NULL ) );
|
fatal_assert( 0 == sigaction( SIGPIPE, &sa, NULL ) );
|
||||||
|
|
||||||
|
#ifdef HAVE_SYSLOG
|
||||||
|
closelog();
|
||||||
|
#endif
|
||||||
|
|
||||||
/* close server-related file descriptors */
|
/* close server-related file descriptors */
|
||||||
network.reset();
|
network.reset();
|
||||||
|
|
||||||
@@ -652,11 +663,21 @@ static void serve( int host_fd, Terminal::Complete &terminal, ServerConnection &
|
|||||||
|
|
||||||
#ifdef HAVE_UTEMPTER
|
#ifdef HAVE_UTEMPTER
|
||||||
bool connected_utmp = false;
|
bool connected_utmp = false;
|
||||||
|
#endif
|
||||||
|
#if defined(HAVE_SYSLOG) || defined(HAVE_UPTEMPTER)
|
||||||
|
bool force_connection_change_evt = false;
|
||||||
Addr saved_addr;
|
Addr saved_addr;
|
||||||
socklen_t saved_addr_len = 0;
|
socklen_t saved_addr_len = 0;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_SYSLOG
|
||||||
|
struct passwd *pw = getpwuid( getuid() );
|
||||||
|
if (pw == NULL) {
|
||||||
|
throw NetworkException( std::string( "serve: getpwuid: " ) + strerror( errno ), 0 );
|
||||||
|
}
|
||||||
|
syslog(LOG_INFO, "user %s session begin", pw->pw_name);
|
||||||
|
#endif
|
||||||
|
|
||||||
bool child_released = false;
|
bool child_released = false;
|
||||||
|
|
||||||
while ( true ) {
|
while ( true ) {
|
||||||
@@ -756,14 +777,25 @@ static void serve( int host_fd, Terminal::Complete &terminal, ServerConnection &
|
|||||||
if ( !network.shutdown_in_progress() ) {
|
if ( !network.shutdown_in_progress() ) {
|
||||||
network.set_current_state( terminal );
|
network.set_current_state( terminal );
|
||||||
}
|
}
|
||||||
|
#if defined(HAVE_SYSLOG) || defined(HAVE_UPTEMPTER)
|
||||||
#ifdef HAVE_UTEMPTER
|
#ifdef HAVE_UTEMPTER
|
||||||
/* update utmp entry if we have become "connected" */
|
if (!connected_utmp) {
|
||||||
if ( (!connected_utmp)
|
force_connection_change_evt = true;
|
||||||
|
} else {
|
||||||
|
force_connection_change_evt = false;
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
force_connection_change_evt = false;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* - HAVE_UTEMPTER - update utmp entry if we have become "connected"
|
||||||
|
* - HAVE_SYSLOG - log connection information to syslog
|
||||||
|
**/
|
||||||
|
if ( (force_connection_change_evt)
|
||||||
|| saved_addr_len != network.get_remote_addr_len()
|
|| saved_addr_len != network.get_remote_addr_len()
|
||||||
|| memcmp( &saved_addr, &network.get_remote_addr(),
|
|| memcmp( &saved_addr, &network.get_remote_addr(),
|
||||||
saved_addr_len ) != 0 ) {
|
saved_addr_len ) != 0 ) {
|
||||||
utempter_remove_record( host_fd );
|
|
||||||
|
|
||||||
saved_addr = network.get_remote_addr();
|
saved_addr = network.get_remote_addr();
|
||||||
saved_addr_len = network.get_remote_addr_len();
|
saved_addr_len = network.get_remote_addr_len();
|
||||||
@@ -776,11 +808,18 @@ static void serve( int host_fd, Terminal::Complete &terminal, ServerConnection &
|
|||||||
throw NetworkException( std::string( "serve: getnameinfo: " ) + gai_strerror( errcode ), 0 );
|
throw NetworkException( std::string( "serve: getnameinfo: " ) + gai_strerror( errcode ), 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef HAVE_UTEMPTER
|
||||||
|
utempter_remove_record( host_fd );
|
||||||
char tmp[ 64 ];
|
char tmp[ 64 ];
|
||||||
snprintf( tmp, 64, "%s via mosh [%d]", host, getpid() );
|
snprintf( tmp, 64, "%s via mosh [%d]", host, getpid() );
|
||||||
utempter_add_record( host_fd, tmp );
|
utempter_add_record( host_fd, tmp );
|
||||||
|
|
||||||
connected_utmp = true;
|
connected_utmp = true;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_SYSLOG
|
||||||
|
syslog(LOG_INFO, "user %s connected from host: %s", pw->pw_name, host);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -896,6 +935,9 @@ static void serve( int host_fd, Terminal::Complete &terminal, ServerConnection &
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#ifdef HAVE_SYSLOG
|
||||||
|
syslog(LOG_INFO, "user %s session end", pw->pw_name);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Print the motd from a given file, if available */
|
/* Print the motd from a given file, if available */
|
||||||
|
|||||||
Reference in New Issue
Block a user