summaryrefslogtreecommitdiffstats
path: root/lib/sulog.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/sulog.c')
-rw-r--r--lib/sulog.c83
1 files changed, 83 insertions, 0 deletions
diff --git a/lib/sulog.c b/lib/sulog.c
new file mode 100644
index 0000000..2ef22b2
--- /dev/null
+++ b/lib/sulog.c
@@ -0,0 +1,83 @@
+/*
+ * SPDX-FileCopyrightText: 1989 - 1992, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 2001 - 2005, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2008 - 2010, Nicolas François
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <config.h>
+
+#ident "$Id$"
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdio.h>
+#include <time.h>
+#include "prototypes.h"
+#include "defines.h"
+#include "getdef.h"
+
+/*
+ * sulog - log a SU command execution result
+ */
+void sulog (const char *tty, bool success, const char *oldname, const char *name)
+{
+ const char *sulog_file;
+ time_t now;
+ struct tm *tm;
+ FILE *fp;
+ mode_t oldmask;
+ gid_t oldgid = 0;
+
+ if (success) {
+ SYSLOG ((LOG_INFO,
+ "Successful su for %s by %s",name,oldname));
+ } else {
+ SYSLOG ((LOG_NOTICE,
+ "FAILED su for %s by %s",name,oldname));
+ }
+
+ sulog_file = getdef_str ("SULOG_FILE");
+ if (NULL == sulog_file) {
+ return;
+ }
+
+ oldgid = getgid ();
+ oldmask = umask (077);
+ /* Switch to group root to avoid creating the sulog file with
+ * the wrong group ownership. */
+ if ((oldgid != 0) && (setgid (0) != 0)) {
+ SYSLOG ((LOG_INFO,
+ "su session not logged to %s", sulog_file));
+ /* Continue, but do not switch back to oldgid later */
+ oldgid = 0;
+ }
+ fp = fopen (sulog_file, "a+");
+ (void) umask (oldmask);
+ if ((oldgid != 0) && (setgid (oldgid) != 0)) {
+ perror ("setgid");
+ SYSLOG ((LOG_ERR,
+ "can't switch back to group `%d' in sulog",
+ oldgid));
+ /* Do not return if the group permission were raised. */
+ exit (EXIT_FAILURE);
+ }
+ if (fp == NULL) {
+ return; /* can't open or create logfile */
+ }
+
+ (void) time (&now);
+ tm = localtime (&now);
+
+ fprintf (fp, "SU %.02d/%.02d %.02d:%.02d %c %s %s-%s\n",
+ tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min,
+ success ? '+' : '-', tty, oldname, name);
+
+ (void) fflush (fp);
+ fsync (fileno (fp));
+ fclose (fp);
+ /* TODO: log if failure */
+}
+