On Wed, 2011-08-10 at 20:37 +0200, Matěj Cepl wrote: > From: Steve Grubb <[email protected]> > > https://bugzilla.redhat.com/469357 > > Thanks for help with this patch to > "Gaetan Nadon" <[email protected]> > > Signed-off-by: Matěj Cepl <[email protected]> > --- > configure.ac | 16 +++++++++++++++- > greeter/greet.c | 32 ++++++++++++++++++++++++++++++++ > 2 files changed, 47 insertions(+), 1 deletions(-) > > diff --git a/configure.ac b/configure.ac > index 0c79999..ef2302c 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -145,6 +145,20 @@ if test "x$USE_SELINUX" != "xno" ; then > ) > fi > > +# Check for Linux Audit support > +AC_ARG_WITH(libaudit, AS_HELP_STRING([--with-libaudit], > + [Add support for Linux Audit (default is autodetected)]), > + [USE_LINUX_AUDIT=$withval], [USE_LINUX_AUDIT=auto]) > +if test "x$USE_LINUX_AUDIT" != "xno" ; then > + AC_CHECK_LIB(audit, audit_log_user_message, > + [AC_DEFINE(USE_LINUX_AUDIT,1,[Use Linux Audit support])] > + XDMGREET_LIBS="$XDMGREET_LIBS -laudit", > + [AS_IF([test "x$USE_LINUX_AUDIT" = "xyes"], > + [AC_MSG_ERROR([Linux Audit support requested, but > audit_log_user_message not found.])] > + )] > + ) > +fi > + > # FIXME: Find better test for which OS'es use su -m - for now, just try to > # mirror the Imakefile setting of: > # if defined(OpenBSDArchitecture) || defined(NetBSDArchitecture) || > defined(FreeBSDArchitecture) || defined(DarwinArchitecture) > @@ -171,7 +185,7 @@ AC_SUBST(SU) > > # Define a configure option to locate a special file (/dev/random or > /dev/urandom) > # that serves as a random or a pseudorandom number generator > -AC_ARG_WITH(random-device, > AS_HELP_STRING([--with-random-device\[=<pathname>\]], > +AC_ARG_WITH(random-device, AS_HELP_STRING([--with-random-device=<pathname>], > [Use <pathname> as a source of randomness (default is auto-detected)]), > [USE_DEVICE="$withval"], [USE_DEVICE="auto"]) > if test x$USE_DEVICE != xno ; then > diff --git a/greeter/greet.c b/greeter/greet.c > index 87d2a83..2d26c69 100644 > --- a/greeter/greet.c > +++ b/greeter/greet.c > @@ -86,6 +86,13 @@ from The Open Group. > # endif > #endif > > +#ifdef HAVE_LIBAUDIT > +#include <libaudit.h> > +#include <pwd.h> > +#else > +#define log_to_audit_system(l,h,s) do { ; } while (0)
This define seems to be dead code. There are a number of versions you can find on the net. The Gnome display manager has a four parameter version. In this patch the function has two parameters. This Fedora patch cannot compile when libaudit is missing which has probably never been tried. http://lists.fedoraproject.org/pipermail/scm-commits/2010-March/410961.html This patch needs more work and mainly more testing. I'd be happy to help with the configuration part, but I cannot review the C code which appears faulty to me. > +#endif > + > #include <string.h> > > #if defined(SECURE_RPC) && defined(sun) > @@ -415,6 +422,29 @@ FailedLogin (struct display *d, const char *username) > DrawFail (login); > } > > +#ifdef USE_PAM > +#ifdef HAVE_LIBAUDIT > +static void > +log_to_audit_system(const pam_handle_t *pamhp, int success) > +{ > + struct passwd *pw = NULL; > + char *hostname = NULL, *tty = NULL, *login=NULL; > + int audit_fd; > + > + audit_fd = audit_open(); > + pam_get_item(pamhp, PAM_RHOST, &hostname); > + pam_get_item(pamhp, PAM_TTY, &tty); > + pam_get_item(pamhp, PAM_USER, &login); > + if (login) > + pw = getpwnam(login); > + audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN, > + NULL, "login", login ? login : "(unknown)", > + pw ? pw->pw_uid : -1, hostname, NULL, tty, success); > + close(audit_fd); > +} > +#endif > +#endif > + > _X_EXPORT > greet_user_rtn GreetUser( > struct display *d, > @@ -600,6 +630,7 @@ greet_user_rtn GreetUser( > if ((pam_error == PAM_SUCCESS) && (Verify (d, greet, verify))) { > SetPrompt (login, 1, "Login Successful", LOGIN_TEXT_INFO, False); > SetValue (login, 1, NULL); > + log_to_audit_system(*pamhp, 1); > break; > } else { > /* Try to fill in username for failed login error log */ > @@ -611,6 +642,7 @@ greet_user_rtn GreetUser( > (void *) &username)); > } > FailedLogin (d, username); > + log_to_audit_system(*pamhp, 0); > RUN_AND_CHECK_PAM_ERROR(pam_end, > (*pamhp, pam_error)); > } > -- > 1.7.6 > > _______________________________________________ > [email protected]: X.Org development > Archives: http://lists.x.org/archives/xorg-devel > Info: http://lists.x.org/mailman/listinfo/xorg-devel
signature.asc
Description: This is a digitally signed message part
_______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
