From 475aa341c5af77f7850cf63676b5491f3456a3c8 Mon Sep 17 00:00:00 2001
From: Alessandro Mauri <alemauri001@gmail.com>
Date: Wed, 14 Jul 2021 19:28:12 +0200
Subject: [PATCH] implemented "nolog" option

---
 us.c | 33 +++++++++++++++++++++++++++------
 1 file changed, 27 insertions(+), 6 deletions(-)

diff --git a/us.c b/us.c
index 2c7aac1..2f55992 100644
--- a/us.c
+++ b/us.c
@@ -41,6 +41,7 @@
 #include <signal.h>
 #include <time.h>
 #include <fcntl.h>
+#include <syslog.h>
 
 #if !defined(_XOPEN_CRYPT) || _XOPEN_CRYPT == -1
 #include <crypt.h>
@@ -51,6 +52,7 @@
 #endif
 
 #define MAX_HASH 1024
+#define PASS_MAX 1024
 #define CONF_LINE_MAX 1024
 #define GROUPS_MAX 256
 #define STR_MAX 1024
@@ -242,8 +244,18 @@ int main(int argc, char *argv[])
 
 	/* Authenticate, we will be root from now on */
 	if (!(conf_flags & FLAG_NOPASS))
-		if (authenticate(my_pw->pw_uid, askpass, conf_flags & FLAG_PERSIST))
+		if (authenticate(my_pw->pw_uid, askpass, conf_flags & FLAG_PERSIST)) {
+			if (!(conf_flags & FLAG_NOLOG))
+				exit(EXIT_FAILURE);
+			char cmd[1024] = {0};
+			for (int i = optind, x = 0; argv[i] && x < 1024; i++)
+				x += snprintf(cmd, 1024-x, "%s ", argv[i]);
+			openlog("us", LOG_NOWAIT, LOG_AUTH);
+			syslog(LOG_NOTICE, "user %s tried to run %s as %s"
+			       "but failed", my_name, cmd, t_pw->pw_name);
+			closelog();
 			exit(EXIT_FAILURE);
+		}
 
 	/* Get target user's shell */
 	if (!shellflag)
@@ -333,6 +345,15 @@ int main(int argc, char *argv[])
 		goto fail_end;
 	}
 
+	if (!(conf_flags & FLAG_NOLOG)) {
+		char cmd[1024] = {0};
+		for (int i = 0, x = 0; c_argv[i] && x < 1024; i++)
+			x += snprintf(cmd, 1024-x, "%s ", c_argv[i]);
+		openlog("us", LOG_NOWAIT, LOG_AUTH);
+		syslog(LOG_INFO, "user %s ran %s as %s", my_name, cmd, t_pw->pw_name);
+		closelog();
+	}
+
 	/* Execute the command */
 	err = execvp(c_argv[0], c_argv);
 	if (err == -1)
@@ -486,7 +507,7 @@ static int authenticate(uid_t uid, int ask, int persist)
 
 	int fd = STDIN_FILENO;
 	char *askpass = getenv("US_ASKPASS");
-	char pass[1024] = {0};
+	char pass[PASS_MAX] = {0};
 	struct termios tio_before, tio_pass;
 	if (ask && askpass) {
 		pid_t pid, parent = getpid();
@@ -532,7 +553,7 @@ static int authenticate(uid_t uid, int ask, int persist)
 		if (tcsetattr(tty_fd, TCSANOW, &tio_pass) == -1)
 			die("tcsetattr:");
 	}
-	int r = read(fd, pass, 1023);
+	int r = read(fd, pass, PASS_MAX-1);
 	if (!r || r == -1) {
 		if (errno)
 			fprintf(stderr, "read: %s\n", strerror(errno));
@@ -543,7 +564,7 @@ static int authenticate(uid_t uid, int ask, int persist)
 		waitpid(-1, NULL, 0);
 		exit(EXIT_FAILURE);
 	}
-	pass[1023] = '\0';
+	pass[PASS_MAX-1] = '\0';
 	/* Remove the terminating (if there is) \n in password */
 	int l = strlen(pass);
 	if (pass[l-1] == '\n')
@@ -558,8 +579,8 @@ static int authenticate(uid_t uid, int ask, int persist)
 
 	char *enc = crypt(pass, hash);
 	/* Remove password from memory, just to be sure */
-	memset(pass, 0, 1024);
-	if (strncmp(hash, enc, 1024)) {
+	memset(pass, 0, PASS_MAX);
+	if (strncmp(hash, enc, PASS_MAX)) {
 		printf("Authentication failure\n");
 		setuid(uid);
 		return -1;