Report login attempts to syslog. Due to the statically-linked nature of

nologin(8), this causes a considerable (100K) increase in the binary size,
so I've added a NO_LOGIN_LOG option which disables this.

While I'm here, s/sizeof(MESSAGE)/sizeof(MESSAGE) - 1/, in order to
avoid writing the string-terminating zero byte.

No complaints from: -current
Approved by:	rwatson (mentor)

2 files changed, 21 insertions, 1 deletions

diff --git a/usr.sbin/nologin/Makefile b/usr.sbin/nologin/Makefile
index 31ac9f06e1ea..c98b44bf17c0 100644
--- a/usr.sbin/nologin/Makefile
+++ b/usr.sbin/nologin/Makefile
@@ -11,4 +11,11 @@ MAN=	nologin.5 nologin.8
 # rendering a dynamic nologin binary virtually useless.
 NOSHARED=	YES
 
+# Logging to syslog increases the size of the statically linked
+# binary by over 100K.  Provide an option for disabling this on
+# systems where conserving space on the root device is critical.
+.ifdef NO_NOLOGIN_LOG
+CFLAGS+=	-DNO_NOLOGIN_LOG
+.endif
+
 .include <bsd.prog.mk>
diff --git a/usr.sbin/nologin/nologin.c b/usr.sbin/nologin/nologin.c
index 2454df4bf785..ad2c2fe3c9c1 100644
--- a/usr.sbin/nologin/nologin.c
+++ b/usr.sbin/nologin/nologin.c
@@ -8,6 +8,7 @@ __FBSDID("$FreeBSD$");
 
 #include <sys/types.h>
 #include <sys/uio.h>
+#include <syslog.h>
 #include <unistd.h>
 
 #define	MESSAGE	"This account is currently not available.\n"
@@ -15,7 +16,19 @@ __FBSDID("$FreeBSD$");
 int
 main(int argc, char *argv[])
 {
+#ifndef NO_NOLOGIN_LOG
+	char *user, *tt;
 
-	write(STDOUT_FILENO, MESSAGE, sizeof(MESSAGE));
+	if ((tt = ttyname(0)) == NULL)
+		tt = "UNKNOWN";
+	if ((user = getlogin()) == NULL)
+		user = "UNKNOWN";
+
+	openlog("nologin", LOG_CONS, LOG_AUTH);
+	syslog(LOG_CRIT, "Attempted login by %s on %s", user, tt);
+	closelog();
+#endif /* NO_NOLOGIN_LOG */
+
+	write(STDOUT_FILENO, MESSAGE, sizeof(MESSAGE) - 1);
 	_exit(1);
 }