> From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <[email protected]>
> Date: Mon, 8 Aug 2011 21:26:49 +0200
>
> https://bugzilla.redhat.com/469357
> Patch by Steve Grubb <sgrubb at redhat dot com>
Hmm, isn't PAM already supposed to take care of that (through the
pam_audit module)?
> configure.ac | 22 ++++++++++++++++++++++
> greeter/greet.c | 32 ++++++++++++++++++++++++++++++++
> 2 files changed, 54 insertions(+), 0 deletions(-)
>
> diff --git a/configure.ac b/configure.ac
> index 0c79999..17b14fd 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -145,6 +145,28 @@ if test "x$USE_SELINUX" != "xno" ; then
> )
> fi
>
> +AC_ARG_WITH(libaudit,
> + [ --with-libaudit=[auto/yes/no] Add Linux audit support [default=auto]],,
> + with_libaudit=auto)
> +
> +# Check for Linux auditing API
> +#
> +# libaudit detection
> +if test x$with_libaudit = xno ; then
> + have_libaudit=no;
> +else
> + # See if we have audit daemon library
> + AC_CHECK_LIB(audit, audit_log_user_message,
> + have_libaudit=yes, have_libaudit=no)
> +fi
> +
> +AM_CONDITIONAL(HAVE_LIBAUDIT, test x$have_libaudit = xyes)
> +
> +if test x$have_libaudit = xyes ; then
> + XDMGREET_LIBS="$XDMGREET_LIBS -laudit"
> + AC_DEFINE(HAVE_LIBAUDIT,1,[linux audit support])
> +fi
> +
> # FIXME: Find better test for which OS'es use su -m - for now, just try to
> # mirror the Imakefile setting of:
> # if defined(OpenBSDArchitecture) || defined(NetBSDArchitecture) ||
> defined(FreeBSDArchitecture) || defined(DarwinArchitecture)
> diff --git a/greeter/greet.c b/greeter/greet.c
> index 87d2a83..7d424c9 100644
> --- a/greeter/greet.c
> +++ b/greeter/greet.c
> @@ -86,6 +86,13 @@ from The Open Group.
> # endif
> #endif
>
> +#ifdef HAVE_LIBAUDIT
> +#include <libaudit.h>
> +#include <pwd.h>
> +#else
> +#define log_to_audit_system(l,h,s) do { ; } while (0)
> +#endif
> +
> #include <string.h>
>
> #if defined(SECURE_RPC) && defined(sun)
> @@ -415,6 +422,29 @@ FailedLogin (struct display *d, const char *username)
> DrawFail (login);
> }
>
> +#ifdef USE_PAM
> +#ifdef HAVE_LIBAUDIT
> +static void
> +log_to_audit_system(const pam_handle_t *pamhp, int success)
> +{
> + struct passwd *pw = NULL;
> + char *hostname = NULL, *tty = NULL, *login=NULL;
> + int audit_fd;
> +
> + audit_fd = audit_open();
> + pam_get_item(pamhp, PAM_RHOST, &hostname);
> + pam_get_item(pamhp, PAM_TTY, &tty);
> + pam_get_item(pamhp, PAM_USER, &login);
> + if (login)
> + pw = getpwnam(login);
> + audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
> + NULL, "login", login ? login : "(unknown)",
> + pw ? pw->pw_uid : -1, hostname, NULL, tty, success);
> + close(audit_fd);
> +}
> +#endif
> +#endif
> +
> _X_EXPORT
> greet_user_rtn GreetUser(
> struct display *d,
> @@ -600,6 +630,7 @@ greet_user_rtn GreetUser(
> if ((pam_error == PAM_SUCCESS) && (Verify (d, greet, verify))) {
> SetPrompt (login, 1, "Login Successful", LOGIN_TEXT_INFO, False);
> SetValue (login, 1, NULL);
> + log_to_audit_system(*pamhp, 1);
> break;
> } else {
> /* Try to fill in username for failed login error log */
> @@ -611,6 +642,7 @@ greet_user_rtn GreetUser(
> (void *) &username));
> }
> FailedLogin (d, username);
> + log_to_audit_system(*pamhp, 0);
> RUN_AND_CHECK_PAM_ERROR(pam_end,
> (*pamhp, pam_error));
> }
> --
> 1.7.6
>
> _______________________________________________
> [email protected]: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: http://lists.x.org/mailman/listinfo/xorg-devel
>
>
_______________________________________________
[email protected]: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
