From: Karel Zak Date: Mon, 12 Mar 2007 13:26:34 +0000 (+0100) Subject: login: add audit support X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f8bdba2fd24a176d8d0ef8c96fb184fa3cd0f7bf;p=util-linux login: add audit support The login command reports AUDIT_USER_LOGIN message to audit system (depends on --with-audit). Signed-off-by: Karel Zak --- diff --git a/login-utils/Makefile.am b/login-utils/Makefile.am index 0a36e158..404b7987 100644 --- a/login-utils/Makefile.am +++ b/login-utils/Makefile.am @@ -67,6 +67,9 @@ else login_SOURCES = login.c checktty.c login.h my_crypt.h endif +if HAVE_AUDIT +login_LDADD += -laudit +endif if HAVE_SELINUX chfn_SOURCES += selinux_utils.c selinux_utils.h diff --git a/login-utils/login.c b/login-utils/login.c index e3b4f6fd..e5f6262f 100644 --- a/login-utils/login.c +++ b/login-utils/login.c @@ -106,6 +106,9 @@ #include #include #include +#ifdef HAVE_LIBAUDIT +# include +#endif #include "pathnames.h" #include "my_crypt.h" #include "login.h" @@ -316,6 +319,33 @@ sig_handler(int signal) #endif /* HAVE_SECURITY_PAM_MISC_H */ +#ifdef HAVE_LIBAUDIT +static void +logaudit(const char *tty, const char *username, const char *hostname, + struct passwd *pwd, int status) +{ + char buf[64]; + int audit_fd; + + audit_fd = audit_open(); + if (audit_fd == -1) + return; + if (!pwd) + pwd = getpwnam(username); + if (pwd) + snprintf(buf, sizeof(buf), "uid=%d", pwd->pw_uid); + else + snprintf(buf, sizeof(buf), "acct=%s", username); + + audit_log_user_message(audit_fd, AUDIT_USER_LOGIN, + buf, hostname, NULL, tty, status); + + close(audit_fd); +} +#else /* ! HAVE_LIBAUDIT */ +# define logaudit(tty, username, hostname, pwd, status) +#endif /* HAVE_LIBAUDIT */ + int main(int argc, char **argv) { @@ -580,6 +610,7 @@ main(int argc, char **argv) syslog(LOG_NOTICE,_("FAILED LOGIN %d FROM %s FOR %s, %s"), failcount, hostname, username, pam_strerror(pamh, retcode)); logbtmp(tty_name, username, hostname); + logaudit(tty_name, username, hostname, NULL, 0); fprintf(stderr,_("Login incorrect\n\n")); pam_set_item(pamh,PAM_USER,NULL); @@ -597,6 +628,7 @@ main(int argc, char **argv) syslog(LOG_NOTICE,_("FAILED LOGIN SESSION FROM %s FOR %s, %s"), hostname, username, pam_strerror(pamh, retcode)); logbtmp(tty_name, username, hostname); + logaudit(tty_name, username, hostname, NULL, 0); fprintf(stderr,_("\nLogin incorrect\n")); pam_end(pamh, retcode); @@ -751,6 +783,7 @@ main(int argc, char **argv) syslog(LOG_NOTICE, _("LOGIN %s REFUSED ON TTY %s"), pwd->pw_name, tty_name); + logaudit(tty_name, pwd->pw_name, hostname, pwd, 0); continue; } @@ -948,6 +981,7 @@ Michael Riepe #endif } + logaudit(tty_name, username, hostname, pwd, 1); dolastlog(quietlog); chown(ttyn, pwd->pw_uid,