From: Steve Grubb <[email protected]> https://bugzilla.redhat.com/469357
Thanks for help with this patch to "Gaetan Nadon" <[email protected]> Signed-off-by: Matěj Cepl <[email protected]> --- configure.ac | 16 +++++++++++++++- greeter/greet.c | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 1 deletions(-) diff --git a/configure.ac b/configure.ac index 0c79999..ef2302c 100644 --- a/configure.ac +++ b/configure.ac @@ -145,6 +145,20 @@ if test "x$USE_SELINUX" != "xno" ; then ) fi +# Check for Linux Audit support +AC_ARG_WITH(libaudit, AS_HELP_STRING([--with-libaudit], + [Add support for Linux Audit (default is autodetected)]), + [USE_LINUX_AUDIT=$withval], [USE_LINUX_AUDIT=auto]) +if test "x$USE_LINUX_AUDIT" != "xno" ; then + AC_CHECK_LIB(audit, audit_log_user_message, + [AC_DEFINE(USE_LINUX_AUDIT,1,[Use Linux Audit support])] + XDMGREET_LIBS="$XDMGREET_LIBS -laudit", + [AS_IF([test "x$USE_LINUX_AUDIT" = "xyes"], + [AC_MSG_ERROR([Linux Audit support requested, but audit_log_user_message not found.])] + )] + ) +fi + # FIXME: Find better test for which OS'es use su -m - for now, just try to # mirror the Imakefile setting of: # if defined(OpenBSDArchitecture) || defined(NetBSDArchitecture) || defined(FreeBSDArchitecture) || defined(DarwinArchitecture) @@ -171,7 +185,7 @@ AC_SUBST(SU) # Define a configure option to locate a special file (/dev/random or /dev/urandom) # that serves as a random or a pseudorandom number generator -AC_ARG_WITH(random-device, AS_HELP_STRING([--with-random-device\[=<pathname>\]], +AC_ARG_WITH(random-device, AS_HELP_STRING([--with-random-device=<pathname>], [Use <pathname> as a source of randomness (default is auto-detected)]), [USE_DEVICE="$withval"], [USE_DEVICE="auto"]) if test x$USE_DEVICE != xno ; then diff --git a/greeter/greet.c b/greeter/greet.c index 87d2a83..2d26c69 100644 --- a/greeter/greet.c +++ b/greeter/greet.c @@ -86,6 +86,13 @@ from The Open Group. # endif #endif +#ifdef HAVE_LIBAUDIT +#include <libaudit.h> +#include <pwd.h> +#else +#define log_to_audit_system(l,h,s) do { ; } while (0) +#endif + #include <string.h> #if defined(SECURE_RPC) && defined(sun) @@ -415,6 +422,29 @@ FailedLogin (struct display *d, const char *username) DrawFail (login); } +#ifdef USE_PAM +#ifdef HAVE_LIBAUDIT +static void +log_to_audit_system(const pam_handle_t *pamhp, int success) +{ + struct passwd *pw = NULL; + char *hostname = NULL, *tty = NULL, *login=NULL; + int audit_fd; + + audit_fd = audit_open(); + pam_get_item(pamhp, PAM_RHOST, &hostname); + pam_get_item(pamhp, PAM_TTY, &tty); + pam_get_item(pamhp, PAM_USER, &login); + if (login) + pw = getpwnam(login); + audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN, + NULL, "login", login ? login : "(unknown)", + pw ? pw->pw_uid : -1, hostname, NULL, tty, success); + close(audit_fd); +} +#endif +#endif + _X_EXPORT greet_user_rtn GreetUser( struct display *d, @@ -600,6 +630,7 @@ greet_user_rtn GreetUser( if ((pam_error == PAM_SUCCESS) && (Verify (d, greet, verify))) { SetPrompt (login, 1, "Login Successful", LOGIN_TEXT_INFO, False); SetValue (login, 1, NULL); + log_to_audit_system(*pamhp, 1); break; } else { /* Try to fill in username for failed login error log */ @@ -611,6 +642,7 @@ greet_user_rtn GreetUser( (void *) &username)); } FailedLogin (d, username); + log_to_audit_system(*pamhp, 0); RUN_AND_CHECK_PAM_ERROR(pam_end, (*pamhp, pam_error)); } -- 1.7.6 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
