[PATCH 3/4] Send a USER_LOGIN event like other Linux login programs do.

Matěj Cepl mcepl at redhat.com
Mon Aug 8 12:26:49 PDT 2011


https://bugzilla.redhat.com/469357
Patch by Steve Grubb <sgrubb at redhat dot com>

Signed-off-by: Matěj Cepl <mcepl at redhat.com>
---
 configure.ac    |   22 ++++++++++++++++++++++
 greeter/greet.c |   32 ++++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+), 0 deletions(-)

diff --git a/configure.ac b/configure.ac
index 0c79999..17b14fd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -145,6 +145,28 @@ if test "x$USE_SELINUX" != "xno" ; then
     )
 fi
 
+AC_ARG_WITH(libaudit,
+  [  --with-libaudit=[auto/yes/no]  Add Linux audit support [default=auto]],,
+  with_libaudit=auto)
+
+# Check for Linux auditing API
+#
+# libaudit detection
+if test x$with_libaudit = xno ; then
+    have_libaudit=no;
+else
+    # See if we have audit daemon library
+    AC_CHECK_LIB(audit, audit_log_user_message,
+                 have_libaudit=yes, have_libaudit=no)
+fi
+
+AM_CONDITIONAL(HAVE_LIBAUDIT, test x$have_libaudit = xyes)
+
+if test x$have_libaudit = xyes ; then
+    XDMGREET_LIBS="$XDMGREET_LIBS -laudit"
+    AC_DEFINE(HAVE_LIBAUDIT,1,[linux audit support])
+fi
+
 # FIXME: Find better test for which OS'es use su -m  - for now, just try to
 # mirror the Imakefile setting of:
 # if  defined(OpenBSDArchitecture) || defined(NetBSDArchitecture) || defined(FreeBSDArchitecture) || defined(DarwinArchitecture)
diff --git a/greeter/greet.c b/greeter/greet.c
index 87d2a83..7d424c9 100644
--- a/greeter/greet.c
+++ b/greeter/greet.c
@@ -86,6 +86,13 @@ from The Open Group.
 # endif
 #endif
 
+#ifdef HAVE_LIBAUDIT
+#include <libaudit.h>
+#include <pwd.h>
+#else
+#define log_to_audit_system(l,h,s)   do { ; } while (0)
+#endif
+
 #include <string.h>
 
 #if defined(SECURE_RPC) && defined(sun)
@@ -415,6 +422,29 @@ FailedLogin (struct display *d, const char *username)
     DrawFail (login);
 }
 
+#ifdef USE_PAM
+#ifdef HAVE_LIBAUDIT
+static void 
+log_to_audit_system(const pam_handle_t *pamhp, int success)
+{
+	struct passwd *pw = NULL;
+	char *hostname = NULL, *tty = NULL, *login=NULL;
+	int audit_fd;
+
+	audit_fd = audit_open();
+	pam_get_item(pamhp, PAM_RHOST, &hostname);
+	pam_get_item(pamhp, PAM_TTY, &tty);
+	pam_get_item(pamhp, PAM_USER, &login);
+	if (login)
+		pw = getpwnam(login);
+	audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
+		NULL, "login", login ? login : "(unknown)",
+		pw ? pw->pw_uid : -1, hostname, NULL, tty, success);
+	close(audit_fd);
+}
+#endif
+#endif
+
 _X_EXPORT
 greet_user_rtn GreetUser(
     struct display          *d,
@@ -600,6 +630,7 @@ greet_user_rtn GreetUser(
 	if ((pam_error == PAM_SUCCESS) && (Verify (d, greet, verify))) {
 	    SetPrompt (login, 1, "Login Successful", LOGIN_TEXT_INFO, False);
 	    SetValue (login, 1, NULL);
+		log_to_audit_system(*pamhp, 1);
 	    break;
 	} else {
 	    /* Try to fill in username for failed login error log */
@@ -611,6 +642,7 @@ greet_user_rtn GreetUser(
 					 (void *) &username));
 	    }
 	    FailedLogin (d, username);
+		log_to_audit_system(*pamhp, 0);
 	    RUN_AND_CHECK_PAM_ERROR(pam_end,
 				    (*pamhp, pam_error));
 	}
-- 
1.7.6



More information about the xorg-devel mailing list