From e89b40e9c90e94447ba61e20649e9419744f5501 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Mon, 7 Aug 2006 13:41:16 +0000
Subject: [PATCH] Add (disabled by default) LOG_COMMANDS option to log the
 commands executed by clients.

--HG--
extra : convert_revision : bea3887a5875cf3ab8a1331e15e698b37b61fe37
---
 options.h         |  6 ++++--
 svr-chansession.c | 10 ++++++++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/options.h b/options.h
index 0349fa92..30fa637a 100644
--- a/options.h
+++ b/options.h
@@ -199,8 +199,10 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  * not using the Dropbear client, you'll need to change it */
 #define _PATH_SSH_PROGRAM "/usr/bin/dbclient"
 
-/* Multi-purpose binary configuration has now moved. Look at the top
- * of the Makefile for instructions, or INSTALL */
+/* Whether to log commands executed by a client. This only logs the 
+ * (single) command sent to the server, not what a user did in a 
+ * shell/sftp session etc. */
+/* #define LOG_COMMANDS */
 
 /*******************************************************************
  * You shouldn't edit below here unless you know you need to.
diff --git a/svr-chansession.c b/svr-chansession.c
index 0916e7e6..612885b2 100644
--- a/svr-chansession.c
+++ b/svr-chansession.c
@@ -588,6 +588,16 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess,
 		}
 	}
 
+#ifdef LOG_COMMANDS
+	if (chansess->cmd) {
+		dropbear_log(LOG_INFO, "user %s executing '%s'", 
+						ses.authstate.printableuser, chansess->cmd);
+	} else {
+		dropbear_log(LOG_INFO, "user %s executing login shell", 
+						ses.authstate.printableuser);
+	}
+#endif
+
 	if (chansess->term == NULL) {
 		/* no pty */
 		ret = noptycommand(channel, chansess);
-- 
GitLab