From 15ba72574090648c628ed6406ca315423a1a3f14 Mon Sep 17 00:00:00 2001
From: Robert Ancell <robert.ancell@canonical.com>
Date: Wed, 16 Sep 2015 13:31:44 -0400
Subject: Use libaudit to generate audit events

---
 configure.ac                         | 17 +++++++++++++++++
 debian/control                       |  1 +
 debian/lightdm.lightdm-autologin.pam |  1 +
 debian/lightdm.pam                   |  1 +
 src/session-child.c                  | 33 +++++++++++++++++++++++++++++++++
 5 files changed, 53 insertions(+)

diff --git a/configure.ac b/configure.ac
index dfeca928..f9f6ebef 100644
--- a/configure.ac
+++ b/configure.ac
@@ -147,6 +147,23 @@ if test x"$enable_liblightdm_qt5" != "xno"; then
 fi
 AM_CONDITIONAL(COMPILE_LIBLIGHTDM_QT5, test x"$compile_liblightdm_qt5" != "xno")
 
+AC_ARG_ENABLE([audit],
+    AS_HELP_STRING([--enable-audit],
+                   [Enable audit logging of login and logout events [[default=auto]]]),
+    [enable_audit=$enableval],
+    [enable_audit=auto])
+if test x"$enable_audit" != "xno"; then
+    AC_CHECK_LIB([audit], [audit_log_user_message],
+                 [AC_DEFINE(HAVE_LIBAUDIT, 1, [libaudit support])
+                  LIGHTDM_LIBS="${LIGHTDM_LIBS} -laudit"
+                 ],
+                 [if test "x$enable_audit" != xauto; then
+                    AC_MSG_FAILURE(
+                      [--enable-audit was given, but test for libaudit failed])
+                  fi
+                 ])
+fi
+
 AC_MSG_CHECKING(whether to build tests)
 AC_ARG_ENABLE(tests,
         AS_HELP_STRING([--disable-tests], [Disable tests building]),
diff --git a/debian/control b/debian/control
index 3edf0812..11694c20 100644
--- a/debian/control
+++ b/debian/control
@@ -24,6 +24,7 @@ Build-Depends: debhelper (>= 7.0.50~),
                gtk-doc-tools,
                yelp-tools,
                dbus,
+               libaudit-dev
 Homepage: https://launchpad.net/lightdm
 # If you aren't a member of ~lightdm-team but need to upload packaging changes,
 # just go ahead.  ~lightdm-team will notice and sync up the code again.
diff --git a/debian/lightdm.lightdm-autologin.pam b/debian/lightdm.lightdm-autologin.pam
index d38e7a83..f42a4f47 100644
--- a/debian/lightdm.lightdm-autologin.pam
+++ b/debian/lightdm.lightdm-autologin.pam
@@ -3,6 +3,7 @@ auth    requisite       pam_nologin.so
 auth    required        pam_permit.so
 @include common-account
 session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+session required        pam_loginuid.so
 session required        pam_limits.so
 @include common-session
 session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
diff --git a/debian/lightdm.pam b/debian/lightdm.pam
index 9bc58b52..c97f2ad6 100644
--- a/debian/lightdm.pam
+++ b/debian/lightdm.pam
@@ -6,6 +6,7 @@ auth    optional        pam_gnome_keyring.so
 auth    optional        pam_kwallet.so
 @include common-account
 session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+session required        pam_loginuid.so
 session required        pam_limits.so
 @include common-session
 session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
diff --git a/src/session-child.c b/src/session-child.c
index bd55f33f..1609274a 100644
--- a/src/session-child.c
+++ b/src/session-child.c
@@ -16,6 +16,7 @@
 #include <utmp.h>
 #include <utmpx.h>
 #include <sys/mman.h>
+#include <libaudit.h>
 
 #include "configuration.h"
 #include "session-child.h"
@@ -220,6 +221,32 @@ updwtmpx (const gchar *wtmp_file, struct utmpx *ut)
     updwtmp (wtmp_file, &u);
 }
 
+static void
+audit_event (int type, const gchar *username, uid_t uid, const gchar *remote_host_name, const gchar *tty, gboolean success)
+{
+#if HAVE_LIBAUDIT
+    int auditfd, result;
+    const char *op = NULL;
+
+    auditfd = audit_open ();
+    if (auditfd < 0) {
+        g_printerr ("Error opening audit socket: %s\n", strerror (errno));
+        return;
+    }
+
+    if (type == AUDIT_USER_LOGIN)
+        op = "login";
+    else if (type == AUDIT_USER_LOGOUT)
+        op = "logout";
+    result = success == TRUE ? 1 : 0;
+
+    if (audit_log_acct_message (auditfd, type, NULL, op, username, uid, remote_host_name, NULL, tty, result) <= 0)
+        g_printerr ("Error writing audit message: %s\n", strerror (errno));
+
+    close (auditfd);
+#endif
+}
+
 int
 session_child_run (int argc, char **argv)
 {
@@ -386,6 +413,8 @@ session_child_run (int argc, char **argv)
             ut.ut_tv.tv_usec = tv.tv_usec;
 
             updwtmpx ("/var/log/btmp", &ut);
+
+            audit_event (AUDIT_USER_LOGIN, username, -1, remote_host_name, tty, FALSE);
         }
 
         /* Check account is valid */
@@ -701,6 +730,8 @@ session_child_run (int argc, char **argv)
                 g_printerr ("Failed to write utmpx: %s\n", strerror (errno));
             endutxent ();
             updwtmpx ("/var/log/wtmp", &ut);
+
+            audit_event (AUDIT_USER_LOGIN, username, uid, remote_host_name, tty, TRUE);
         }
 
         waitpid (child_pid, &return_code, 0);
@@ -737,6 +768,8 @@ session_child_run (int argc, char **argv)
                 g_printerr ("Failed to write utmpx: %s\n", strerror (errno));
             endutxent ();
             updwtmpx ("/var/log/wtmp", &ut);
+
+            audit_event (AUDIT_USER_LOGOUT, username, uid, remote_host_name, tty, TRUE);
         }
     }
 
-- 
cgit v1.2.1