[PATCH 2/4] Send a USER_LOGIN event like other Linux login programs do.

[Matěj Cepl]

https://bugzilla.redhat.com/469357
Patch by Steve Grubb <sgrubb at redhat dot com>

Signed-off-by: Matěj Cepl <mc...@redhat.com>
---
 configure.ac    |   22 ++++++++++++++++++++++
 greeter/greet.c |   32 ++++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+), 0 deletions(-)

Index: xdm.git/configure.ac
===================================================================
--- xdm.git.orig/configure.ac
+++ xdm.git/configure.ac
@@ -145,6 +145,28 @@ if test "x$USE_SELINUX" != "xno" ; then
     )
 fi
 
+AC_ARG_WITH(libaudit, AS_HELP_STRING([--with-libaudit=<auto/yes/no>],
+       [Add Linux audit support (default=auto)]),
+    [],        [with_libaudit=auto])
+
+# Check for Linux auditing API
+#
+# libaudit detection
+if test x$with_libaudit = xno ; then
+    have_libaudit=no;
+else
+    # See if we have audit daemon library
+    AC_CHECK_LIB(audit, audit_log_user_message,
+                 have_libaudit=yes, have_libaudit=no)
+fi
+
+AM_CONDITIONAL(HAVE_LIBAUDIT, test x$have_libaudit = xyes)
+
+if test x$have_libaudit = xyes ; then
+    XDMGREET_LIBS="$XDMGREET_LIBS -laudit"
+    AC_DEFINE(HAVE_LIBAUDIT,1,[linux audit support])
+fi
+
 # FIXME: Find better test for which OS'es use su -m  - for now, just try to
 # mirror the Imakefile setting of:
 # if  defined(OpenBSDArchitecture) || defined(NetBSDArchitecture) || 
defined(FreeBSDArchitecture) || defined(DarwinArchitecture)
@@ -171,7 +193,7 @@ AC_SUBST(SU)
 
 # Define a configure option to locate a special file (/dev/random or 
/dev/urandom)
 # that serves as a random or a pseudorandom number generator
-AC_ARG_WITH(random-device, 
AS_HELP_STRING([--with-random-device\[=<pathname>\]],
+AC_ARG_WITH(random-device, AS_HELP_STRING([--with-random-device=<pathname>],
        [Use <pathname> as a source of randomness (default is auto-detected)]),
        [USE_DEVICE="$withval"], [USE_DEVICE="auto"])
 if test x$USE_DEVICE != xno ; then
Index: xdm.git/greeter/greet.c
===================================================================
--- xdm.git.orig/greeter/greet.c
+++ xdm.git/greeter/greet.c
@@ -86,6 +86,13 @@ from The Open Group.
 # endif
 #endif
 
+#ifdef HAVE_LIBAUDIT
+#include <libaudit.h>
+#include <pwd.h>
+#else
+#define log_to_audit_system(l,h,s)   do { ; } while (0)
+#endif
+
 #include <string.h>
 
 #if defined(SECURE_RPC) && defined(sun)
@@ -415,6 +422,29 @@ FailedLogin (struct display *d, const ch
     DrawFail (login);
 }
 
+#ifdef USE_PAM
+#ifdef HAVE_LIBAUDIT
+static void
+log_to_audit_system(const pam_handle_t *pamhp, int success)
+{
+       struct passwd *pw = NULL;
+       char *hostname = NULL, *tty = NULL, *login=NULL;
+       int audit_fd;
+
+       audit_fd = audit_open();
+       pam_get_item(pamhp, PAM_RHOST, &hostname);
+       pam_get_item(pamhp, PAM_TTY, &tty);
+       pam_get_item(pamhp, PAM_USER, &login);
+       if (login)
+               pw = getpwnam(login);
+       audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
+               NULL, "login", login ? login : "(unknown)",
+               pw ? pw->pw_uid : -1, hostname, NULL, tty, success);
+       close(audit_fd);
+}
+#endif
+#endif
+
 _X_EXPORT
 greet_user_rtn GreetUser(
     struct display          *d,
@@ -600,6 +630,7 @@ greet_user_rtn GreetUser(
        if ((pam_error == PAM_SUCCESS) && (Verify (d, greet, verify))) {
            SetPrompt (login, 1, "Login Successful", LOGIN_TEXT_INFO, False);
            SetValue (login, 1, NULL);
+           log_to_audit_system(*pamhp, 1);
            break;
        } else {
            /* Try to fill in username for failed login error log */
@@ -611,6 +642,7 @@ greet_user_rtn GreetUser(
                                         (void *) &username));
            }
            FailedLogin (d, username);
+           log_to_audit_system(*pamhp, 0);
            RUN_AND_CHECK_PAM_ERROR(pam_end,
                                    (*pamhp, pam_error));
        }
_______________________________________________
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel