feat(templates): wire SSH+Telnet to sessrec transcript recorder

Build login-session into both images as the swapped root shell, add a quarantine bind mount for telnet (symmetric to SSH), seed transcripts/ dir and service discriminant at entrypoint. Deployer syncs sessrec.c + Makefile into each build context alongside the existing syslog_bridge helper. sessrec falls back to /etc/sessrec.service when env is stripped (busybox /bin/login).
2026-04-21 23:03:42 -04:00
parent 4596c1d69a
commit a58d42e492
11 changed files with 1286 additions and 6 deletions
--- a/decnet/templates/_shared/sessrec/sessrec.c
+++ b/decnet/templates/_shared/sessrec/sessrec.c
@@ -528,8 +528,24 @@ int main(int argc, char **argv) {
    }

    /* Service discriminant: env var SESSREC_SERVICE set by the template
-     * entrypoint (ssh vs telnet) before exec'ing sshd/telnetd. */
+     * entrypoint (ssh vs telnet). SSH forwards env via PAM; busybox /bin/login
+     * strips env, so as a fallback we read /etc/sessrec.service, a one-line
+     * file the template entrypoint writes at boot. */
    const char *service = getenv("SESSREC_SERVICE");
+    static char svc_buf[16];
+    if (!service || !*service) {
+        FILE *sf = fopen("/etc/sessrec.service", "r");
+        if (sf) {
+            if (fgets(svc_buf, sizeof svc_buf, sf)) {
+                size_t n = strlen(svc_buf);
+                while (n > 0 && (svc_buf[n - 1] == '\n' || svc_buf[n - 1] == ' ')) {
+                    svc_buf[--n] = '\0';
+                }
+                if (svc_buf[0]) service = svc_buf;
+            }
+            fclose(sf);
+        }
+    }
    if (!service || !*service) service = "ssh";

    char src_ip[NI_MAXHOST];