diff options
| author | Tyler Hicks <tyhicks@canonical.com> | 2015-09-01 20:53:52 -0500 |
|---|---|---|
| committer | Tyler Hicks <tyhicks@canonical.com> | 2015-09-01 20:53:52 -0500 |
| commit | 8fe51939ad74f86f7d2e7256d01cb46bd6e5b403 (patch) | |
| tree | af4a5cda8e53cef7da99c7e3b82298899d663c00 /src | |
| parent | f7304b3bec93f4eed4b4b5de12fd90e0dfaeca37 (diff) | |
| download | lightdm-8fe51939ad74f86f7d2e7256d01cb46bd6e5b403.tar.gz | |
* Generate login and logout events that can be used by the Linux Audit tools
such as aulast and aureport (LP: #1319278) (LP: #1478087)
- Link against libaudit and log AUDIT_USER_LOGIN and AUDIT_USER_LOGOUT
events after appending entries to the wtmp file. These events go to the
audit log and can then be consumed by the Linux Audit tools.
- debian/control: Add libaudit-dev to Build-Depends
- debian/lightdm.pam, debian/lightdm-autologin.pam: Set the loginuid for
the process that is authenticating. This allows for the UID to be
properly set when AUDIT_USER_LOGIN and AUDIT_USER_LOGOUT events are
logged.
Diffstat (limited to 'src')
| -rw-r--r-- | src/session-child.c | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/src/session-child.c b/src/session-child.c index e85f57da..f84e6c7b 100644 --- a/src/session-child.c +++ b/src/session-child.c @@ -16,6 +16,7 @@ #include <utmp.h> #include <utmpx.h> #include <sys/mman.h> +#include <libaudit.h> #include "configuration.h" #include "session-child.h" @@ -220,6 +221,32 @@ updwtmpx (const gchar *wtmp_file, struct utmpx *ut) updwtmp (wtmp_file, &u); } +static void +audit_event (int type, const gchar *username, uid_t uid, const gchar *remote_host_name, const gchar *tty, gboolean success) +{ +#if HAVE_LIBAUDIT + int auditfd, result; + const char *op = NULL; + + auditfd = audit_open (); + if (auditfd < 0) { + g_printerr ("Error opening audit socket: %s\n", strerror (errno)); + return; + } + + if (type == AUDIT_USER_LOGIN) + op = "login"; + else if (type == AUDIT_USER_LOGOUT) + op = "logout"; + result = success == TRUE ? 1 : 0; + + if (audit_log_acct_message (auditfd, type, NULL, op, username, uid, remote_host_name, NULL, tty, result) <= 0) + g_printerr ("Error writing audit message: %s\n", strerror (errno)); + + close (auditfd); +#endif +} + int session_child_run (int argc, char **argv) { @@ -386,6 +413,8 @@ session_child_run (int argc, char **argv) ut.ut_tv.tv_usec = tv.tv_usec; updwtmpx ("/var/log/btmp", &ut); + + audit_event (AUDIT_USER_LOGIN, username, -1, remote_host_name, tty, FALSE); } /* Check account is valid */ @@ -701,6 +730,8 @@ session_child_run (int argc, char **argv) g_printerr ("Failed to write utmpx: %s\n", strerror (errno)); endutxent (); updwtmpx ("/var/log/wtmp", &ut); + + audit_event (AUDIT_USER_LOGIN, username, uid, remote_host_name, tty, TRUE); } waitpid (child_pid, &return_code, 0); @@ -737,6 +768,8 @@ session_child_run (int argc, char **argv) g_printerr ("Failed to write utmpx: %s\n", strerror (errno)); endutxent (); updwtmpx ("/var/log/wtmp", &ut); + + audit_event (AUDIT_USER_LOGOUT, username, uid, remote_host_name, tty, TRUE); } } |