Adding logging of SSH_ORIGINAL_COMMAND to nologin.

If SSH_ORIGINAL_COMMAND is set, it will be added to the syslog entry.

Closes #123.

Changelog: (SEH squashed commit): Fixing indentation
Changelog: (SEH) break up long line

diff --git a/man/nologin.8.xml b/man/nologin.8.xml
index ae355d3ab3f67ba906e2c4ca708a76c5dc703673..30d4f1b9e83ee0222f2a23f6d7136c32b2643ce9 100644 (file)
--- a/man/nologin.8.xml
+++ b/man/nologin.8.xml
@@ -72,6 +72,9 @@
       <citerefentry><refentrytitle>nologin</refentrytitle><manvolnum>5</manvolnum>
       </citerefentry>.
     </para>
+    <para>
+      If <command>SSH_ORIGINAL_COMMAND</command> is populated it will be logged.
+    </para>
   </refsect1>
 
   <refsect1 id='see_also'>

diff --git a/src/nologin.c b/src/nologin.c
index 98989d26b0889e35e3877823789776265cbd6a90..b137f9cdaace96cb870a5ac775067020bc7334ef 100644 (file)
--- a/src/nologin.c
+++ b/src/nologin.c
@@ -45,9 +45,14 @@ int main (void)
        if (NULL == user) {
                user = "UNKNOWN";
        }
+
+       char *ssh_origcmd = getenv("SSH_ORIGINAL_COMMAND");
        uid = getuid (); /* getuid() is always successful */
        openlog ("nologin", LOG_CONS, LOG_AUTH);
-       syslog (LOG_CRIT, "Attempted login by %s (UID: %d) on %s", user, uid, tty);
+       syslog (LOG_CRIT, "Attempted login by %s (UID: %d) on %s%s%s",
+               user, uid, tty,
+               (ssh_origcmd ? " SSH_ORIGINAL_COMMAND=" : ""),
+               (ssh_origcmd ? ssh_origcmd : ""));
        closelog ();
 
        printf ("%s", "This account is currently not available.\n");