#!/bin/sh
# Author: Christian Birchinger <cbirchinger@netswarm.net>
#
# rootlogin 0.2
#
# Setup: define command="/path/to/rootlogin realusername" ssh-dss <keystuff> <comment>
# Example: command="/sbin/rootlogin joecool" ssh-dss XXXXXXwztva....2Ba== joecool
#
# rootlogin adds more infos to remote ssh key logins as root. A bit similar what sudo logs do.
# Theres also a mechanism to reject logins from a key when the real user account doesn't exist
# anymore (tracking locked or expired accounts would also be a nice additional feature).
#
# It's meant as verbose info for tracking problems caused by multiple root users. It's not
# designed to prevent evil stuff.

REALUSER="$1"
AUTHTYPE="daemon" # "daemon" or "auth"

if [ -z "$REALUSER" ]; then
	echo "Error: no REALUSER defined. Aborting."
	logger -t "sshd[$$]" -p $AUTHTYPE.warning "Warning: Root login failed, no REALUSER defined."
	exit
fi

USERSHELL="`grep "^$REALUSER:" /etc/passwd | cut -f7 -d:`"

if [ -z "$USERSHELL" ]; then
	echo "Error: User $REALUSER not found or no shell defined. Aborting."
	logger -t "sshd[$$]" -p $AUTHTYPE.warning "Warning: Root login failed, User $REALUSER not found or no shell defined."
	exit
fi

if [ -z "$SSH_ORIGINAL_COMMAND" ]; then
	logger -t "sshd[$$]" -p $AUTHTYPE.info "User $REALUSER logged in as root."
	SSH_ORIGINAL_COMMAND="$USERSHELL"
else
	logger -t "sshd[$$]" -p $AUTHTYPE.info "User $REALUSER executed \"$SSH_ORIGINAL_COMMAND\" as root."
fi

eval $SSH_ORIGINAL_COMMAND