Add (disabled by default) LOG_COMMANDS option to log the commands executed

by clients.

--HG--
extra : convert_revision : bea3887a5875cf3ab8a1331e15e698b37b61fe37

2 files changed, 14 insertions, 2 deletions

diff --git a/options.h b/options.h
index 0349fa9..30fa637 100644
--- a/options.h
+++ b/options.h
@@ -199,8 +199,10 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  * not using the Dropbear client, you'll need to change it */
 #define _PATH_SSH_PROGRAM "/usr/bin/dbclient"
 
-/* Multi-purpose binary configuration has now moved. Look at the top
- * of the Makefile for instructions, or INSTALL */
+/* Whether to log commands executed by a client. This only logs the 
+ * (single) command sent to the server, not what a user did in a 
+ * shell/sftp session etc. */
+/* #define LOG_COMMANDS */
 
 /*******************************************************************
  * You shouldn't edit below here unless you know you need to.
diff --git a/svr-chansession.c b/svr-chansession.c
index 0916e7e..612885b 100644
--- a/svr-chansession.c
+++ b/svr-chansession.c
@@ -588,6 +588,16 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess,
 		}
 	}
 
+#ifdef LOG_COMMANDS
+	if (chansess->cmd) {
+		dropbear_log(LOG_INFO, "user %s executing '%s'", 
+						ses.authstate.printableuser, chansess->cmd);
+	} else {
+		dropbear_log(LOG_INFO, "user %s executing login shell", 
+						ses.authstate.printableuser);
+	}
+#endif
+
 	if (chansess->term == NULL) {
 		/* no pty */
 		ret = noptycommand(channel, chansess);