diff -urN tcsh-6.12.00/README.audit tcsh-6.12.00-new/README.audit --- tcsh-6.12.00/README.audit Wed Dec 31 17:00:00 1969 +++ tcsh-6.12.00-new/README.audit Thu Oct 24 22:44:40 2002 @@ -0,0 +1,18 @@ +this is tcsh 6.12.00 with the bash logging patch ported in. + +things you need to know: + +Define Action +====== ====== +LOGHIST send copies of the history to syslog. "master switch" +LOGFAC syslog facility: defaults to LOG_USER +LOGPRI syslog priority: defaults to LOG_INFO +LOGMINUID if defined, minimum uid before auditing is attempted +LOGGROUP if defined, only this group is audited +LOGNOTGROUP if defined, only this group is not audited + +you may want to have a look at my values of these in config_f.h + +just for the record, i hate people who do unportable shit like +a) assuming the size of a particular type, and +b) redefining the size of a particular type. diff -urN tcsh-6.12.00/config_f.h tcsh-6.12.00-new/config_f.h --- tcsh-6.12.00/config_f.h Fri Mar 8 10:36:45 2002 +++ tcsh-6.12.00-new/config_f.h Thu Oct 24 22:45:25 2002 @@ -38,13 +38,27 @@ #ifndef _h_config_f #define _h_config_f +/* auditing stuff */ +#define LOGHIST +#ifdef LOGHIST +#include +#define LOGFAC LOG_USER +#define LOGPRI LOG_INFO +#define LOGMINUID 1000 +#define LOGGROUP 31337 +#undef LOGNOTGROUP +#ifndef UT_NAMESIZE +#define UT_NAMESIZE 32 +#endif +#endif + /* * SHORT_STRINGS Use 16 bit characters instead of 8 bit chars * This fixes up quoting problems and eases implementation * of nls... * */ -#define SHORT_STRINGS +#undef SHORT_STRINGS /* * NLS: Use Native Language System @@ -52,7 +66,7 @@ * if you don't have , you don't want * to define this. */ -#define NLS +#undef NLS /* * NLS_CATALOGS:Use Native Language System catalogs for @@ -100,7 +114,7 @@ * on the name of the tty, and environment. * Does not make sense in the modern window systems! */ -#define AUTOLOGOUT +#undef AUTOLOGOUT /* * SUSPENDED Newer shells say 'Suspended' instead of 'Stopped'. diff -urN tcsh-6.12.00/sh.hist.c tcsh-6.12.00-new/sh.hist.c --- tcsh-6.12.00/sh.hist.c Tue Jun 25 13:02:11 2002 +++ tcsh-6.12.00-new/sh.hist.c Thu Oct 24 22:43:55 2002 @@ -34,6 +34,7 @@ RCSID("$Id: sh.hist.c,v 3.29 2002/06/25 19:02:11 christos Exp $") +#include #include "tc.h" extern bool histvalid; @@ -44,6 +45,7 @@ static void hfree __P((struct Hist *)); static void dohist1 __P((struct Hist *, int *, int)); static void phist __P((struct Hist *, int)); +static void sysloghist __P((char *)); #define HIST_ONLY 0x01 #define HIST_SAVE 0x02 @@ -118,7 +120,7 @@ { extern time_t Htime; struct Hist *p = NULL, *pp = &Histlist; - int n, r; + int n, r, l; register struct Hist *np; Char *dp; @@ -203,6 +205,18 @@ np->Hnum = n; np->Href = r; } } +#ifdef LOGHIST +#ifdef LOGMINUID + if (getuid() >= LOGMINUID) +#endif +#ifdef LOGGROUP + if (getgid() == LOGGROUP) +#endif +#ifdef LOGNOTGROUP + if (getgid() != LOGNOTGROUP) +#endif + sysloghist(histline); +#endif /* LOGHIST */ np->Hnext = pp->Hnext; pp->Hnext = np; return (np); @@ -471,3 +485,194 @@ dosource(loadhist_cmd, NULL); } + +#ifdef LOGHIST +static unsigned char *logsafe(unsigned char *line) { + unsigned char *b; + int i, j; + + for (i = j = 0; line[i]; ++i) + if (line[i] < ' ') ++j; + if (j == 0 || !(b = malloc(i + j*3 + 1))) + return line; + for (i = j = 0; line[i]; ++i) { + if (line[i] < ' ') { + b[j++] = '\\'; + b[j++] = ((line[i] >> 6) & 7) + '0'; + b[j++] = ((line[i] >> 3) & 7) + '0'; + b[j++] = (line[i] & 7) + '0'; + } else b[j++] = line[i]; + } + return b; +} + +#include +#include +#include +static char uname[UT_NAMESIZE]; +static char gname[UT_NAMESIZE]; +static char euname[UT_NAMESIZE]; +static char egname[UT_NAMESIZE]; +static int loguid = -1; +static int loggid = -1; +static int logeuid = -1; +static int logegid = -1; +static int logpid = -1; + +static const char *loggetuid(void) { + static char b[UT_NAMESIZE*2+8]; + struct passwd *pw; + int n; + + if (loguid < 0) { + if ((loguid = getuid()) == logeuid) { + strcpy(uname, euname); + } else if ((pw = getpwuid(loguid))) { + strncpy(uname, pw->pw_name, UT_NAMESIZE); + uname[UT_NAMESIZE-1] = '\0'; + } else { + snprintf(uname, UT_NAMESIZE, "%u", loguid); + } + } else if (loguid != (n = getuid())) { + strcpy(b, uname); + strcat(b, "->"); + if (n == logeuid) { + strcpy(uname, euname); + } else if ((pw = getpwuid(n))) { + strncpy(uname, pw->pw_name, UT_NAMESIZE); + uname[UT_NAMESIZE-1] = '\0'; + } else { + snprintf(uname, UT_NAMESIZE, "%u", n); + } + strcat(b, uname); + return b; + } + return uname; +} + +static const char *loggeteuid(void) { + static char b[UT_NAMESIZE*2+8]; + struct passwd *pw; + int n; + + if (logeuid < 0) { + if ((logeuid = geteuid()) == loguid) { + strcpy(euname, uname); + } else if ((pw = getpwuid(logeuid))) { + strncpy(euname, pw->pw_name, UT_NAMESIZE); + euname[UT_NAMESIZE-1] = '\0'; + } else { + snprintf(euname, UT_NAMESIZE, "%u", logeuid); + } + if (logeuid == loguid) b[0] = '\0'; + else strcpy(b, euname); + } else if (logeuid != (n = geteuid())) { + strcpy(b, euname); + strcat(b, "->"); + if (n == loguid) { + strcpy(euname, uname); + } else if ((pw = getpwuid(n))) { + strncpy(euname, pw->pw_name, UT_NAMESIZE); + euname[UT_NAMESIZE-1] = '\0'; + } else { + snprintf(euname, UT_NAMESIZE, "%u", n); + } + strcat(b, euname); + } else { + if (logeuid == loguid) b[0] = '\0'; + else strcpy(b, euname); + } + return b; +} + +static const char *loggetgid(void) { + static char b[UT_NAMESIZE*2+8]; + struct group *gr; + int n; + + if (loggid < 0) { + if ((loggid = getgid()) == logegid) { + strcpy(gname, egname); + } else if ((gr = getgrgid(loggid))) { + strncpy(gname, gr->gr_name, UT_NAMESIZE); + gname[UT_NAMESIZE-1] = '\0'; + } else { + snprintf(gname, UT_NAMESIZE, "%u", loggid); + } + } else if (loggid != (n = getgid())) { + strcpy(b, gname); + strcat(b, "->"); + if (n == logegid) { + strcpy(gname, egname); + } else if ((gr = getgrgid(n))) { + strncpy(gname, gr->gr_name, UT_NAMESIZE); + gname[UT_NAMESIZE-1] = '\0'; + } else { + snprintf(gname, UT_NAMESIZE, "%u", n); + } + strcat(b, gname); + return b; + } + return gname; +} + +static const char *loggetegid(void) { + static char b[UT_NAMESIZE*2+8]; + struct group *gr; + int n; + + if (logegid < 0) { + if ((logegid = getegid()) == loggid) { + strcpy(egname, gname); + } else if ((gr = getgrgid(logegid))) { + strncpy(egname, gr->gr_name, UT_NAMESIZE); + egname[UT_NAMESIZE-1] = '\0'; + } else { + snprintf(egname, UT_NAMESIZE, "%u", logegid); + } + if (logegid == loggid) b[0] = '\0'; + else strcpy(b, egname); + } else if (logegid != (n = getegid())) { + strcpy(b, egname); + strcat(b, "->"); + if (n == loggid) { + strcpy(egname, gname); + } else if ((gr = getgrgid(n))) { + strncpy(egname, gr->gr_name, UT_NAMESIZE); + egname[UT_NAMESIZE-1] = '\0'; + } else { + snprintf(egname, UT_NAMESIZE, "%u", n); + } + strcat(b, egname); + } else { + if (logegid == loggid) b[0] = '\0'; + else strcpy(b, egname); + } + return b; +} + +static const char *loggetpid(void) { + static char b[16]; + int p; + + if (logpid < 0) { + logpid = getpid(); + snprintf(b, 16, "%u", logpid); + } else if (logpid != (p = getpid())) { + snprintf(b, 16, "%u >> %u", logpid, p); + logpid = p; + } else + snprintf(b, 16, "%u", logpid); + return b; +} + +static void sysloghist(char *line) { + char *l; + + l = logsafe(line); + syslog(LOGFAC | LOGPRI, "(%s) [%s.%s] |%s.%s| %s", + loggetpid(), loggetuid(), loggetgid(), + loggeteuid(), loggetegid(), l); + if (l != line) free(l); +} +#endif /* LOGHIST */