login: add audit support

The login command reports AUDIT_USER_LOGIN message to audit system
(depends on --with-audit).

Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/login-utils/Makefile.am b/login-utils/Makefile.am
index 0a36e158f758bfed2bc9af46f651c623475933c1..404b7987f695d80c9d07efeaf11ea63b6f656e59 100644 (file)
--- a/login-utils/Makefile.am
+++ b/login-utils/Makefile.am
@@ -67,6 +67,9 @@ else
 login_SOURCES = login.c checktty.c login.h my_crypt.h
 endif
 
+if HAVE_AUDIT
+login_LDADD += -laudit
+endif
 
 if HAVE_SELINUX
 chfn_SOURCES += selinux_utils.c selinux_utils.h

diff --git a/login-utils/login.c b/login-utils/login.c
index e3b4f6fd086d6cbbd9ab7b51a99910506bc9b300..e5f6262f8af5c91046e5f31fc06e1abd1c442c09 100644 (file)
--- a/login-utils/login.c
+++ b/login-utils/login.c
@@ -106,6 +106,9 @@
 #include <sys/syslog.h>
 #include <sys/sysmacros.h>
 #include <netdb.h>
+#ifdef HAVE_LIBAUDIT
+# include <libaudit.h>
+#endif
 #include "pathnames.h"
 #include "my_crypt.h"
 #include "login.h"
@@ -316,6 +319,33 @@ sig_handler(int signal)
 
 #endif /* HAVE_SECURITY_PAM_MISC_H */
 
+#ifdef HAVE_LIBAUDIT
+static void
+logaudit(const char *tty, const char *username, const char *hostname,
+                                       struct passwd *pwd, int status)
+{
+       char buf[64];
+       int audit_fd;
+
+       audit_fd = audit_open();
+       if (audit_fd == -1)
+               return;
+       if (!pwd)
+               pwd = getpwnam(username);
+       if (pwd)
+               snprintf(buf, sizeof(buf), "uid=%d", pwd->pw_uid);
+       else
+               snprintf(buf, sizeof(buf), "acct=%s", username);
+
+       audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
+               buf, hostname, NULL, tty, status);
+
+       close(audit_fd);
+}
+#else /* ! HAVE_LIBAUDIT */
+# define logaudit(tty, username, hostname, pwd, status)
+#endif /* HAVE_LIBAUDIT */
+
 int
 main(int argc, char **argv)
 {
@@ -580,6 +610,7 @@ main(int argc, char **argv)
            syslog(LOG_NOTICE,_("FAILED LOGIN %d FROM %s FOR %s, %s"),
                   failcount, hostname, username, pam_strerror(pamh, retcode));
            logbtmp(tty_name, username, hostname);
+           logaudit(tty_name, username, hostname, NULL, 0);
 
            fprintf(stderr,_("Login incorrect\n\n"));
            pam_set_item(pamh,PAM_USER,NULL);
@@ -597,6 +628,7 @@ main(int argc, char **argv)
                syslog(LOG_NOTICE,_("FAILED LOGIN SESSION FROM %s FOR %s, %s"),
                        hostname, username, pam_strerror(pamh, retcode));
            logbtmp(tty_name, username, hostname);
+           logaudit(tty_name, username, hostname, NULL, 0);
 
            fprintf(stderr,_("\nLogin incorrect\n"));
            pam_end(pamh, retcode);
@@ -751,6 +783,7 @@ main(int argc, char **argv)
              syslog(LOG_NOTICE,
                     _("LOGIN %s REFUSED ON TTY %s"),
                     pwd->pw_name, tty_name);
+           logaudit(tty_name, pwd->pw_name, hostname, pwd, 0);
            continue;
        }
 
@@ -948,6 +981,7 @@ Michael Riepe <michael@stud.uni-hannover.de>
 #endif
     }
     
+    logaudit(tty_name, username, hostname, pwd, 1);
     dolastlog(quietlog);
     
     chown(ttyn, pwd->pw_uid,