From 8fe51939ad74f86f7d2e7256d01cb46bd6e5b403 Mon Sep 17 00:00:00 2001
From: Tyler Hicks <tyhicks@canonical.com>
Date: Tue, 1 Sep 2015 20:53:52 -0500
Subject: * Generate login and logout events that can be used by the Linux
 Audit tools   such as aulast and aureport (LP: #1319278) (LP: #1478087)   -
 Link against libaudit and log AUDIT_USER_LOGIN and AUDIT_USER_LOGOUT    
 events after appending entries to the wtmp file. These events go to the    
 audit log and can then be consumed by the Linux Audit tools.   -
 debian/control: Add libaudit-dev to Build-Depends   - debian/lightdm.pam,
 debian/lightdm-autologin.pam: Set the loginuid for     the process that is
 authenticating. This allows for the UID to be     properly set when
 AUDIT_USER_LOGIN and AUDIT_USER_LOGOUT events are     logged.

---
 src/session-child.c | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

(limited to 'src')

diff --git a/src/session-child.c b/src/session-child.c
index e85f57da..f84e6c7b 100644
--- a/src/session-child.c
+++ b/src/session-child.c
@@ -16,6 +16,7 @@
 #include <utmp.h>
 #include <utmpx.h>
 #include <sys/mman.h>
+#include <libaudit.h>
 
 #include "configuration.h"
 #include "session-child.h"
@@ -220,6 +221,32 @@ updwtmpx (const gchar *wtmp_file, struct utmpx *ut)
     updwtmp (wtmp_file, &u);
 }
 
+static void
+audit_event (int type, const gchar *username, uid_t uid, const gchar *remote_host_name, const gchar *tty, gboolean success)
+{
+#if HAVE_LIBAUDIT
+    int auditfd, result;
+    const char *op = NULL;
+
+    auditfd = audit_open ();
+    if (auditfd < 0) {
+        g_printerr ("Error opening audit socket: %s\n", strerror (errno));
+        return;
+    }
+
+    if (type == AUDIT_USER_LOGIN)
+        op = "login";
+    else if (type == AUDIT_USER_LOGOUT)
+        op = "logout";
+    result = success == TRUE ? 1 : 0;
+
+    if (audit_log_acct_message (auditfd, type, NULL, op, username, uid, remote_host_name, NULL, tty, result) <= 0)
+        g_printerr ("Error writing audit message: %s\n", strerror (errno));
+
+    close (auditfd);
+#endif
+}
+
 int
 session_child_run (int argc, char **argv)
 {
@@ -386,6 +413,8 @@ session_child_run (int argc, char **argv)
             ut.ut_tv.tv_usec = tv.tv_usec;
 
             updwtmpx ("/var/log/btmp", &ut);
+
+            audit_event (AUDIT_USER_LOGIN, username, -1, remote_host_name, tty, FALSE);
         }
 
         /* Check account is valid */
@@ -701,6 +730,8 @@ session_child_run (int argc, char **argv)
                 g_printerr ("Failed to write utmpx: %s\n", strerror (errno));
             endutxent ();
             updwtmpx ("/var/log/wtmp", &ut);
+
+            audit_event (AUDIT_USER_LOGIN, username, uid, remote_host_name, tty, TRUE);
         }
 
         waitpid (child_pid, &return_code, 0);
@@ -737,6 +768,8 @@ session_child_run (int argc, char **argv)
                 g_printerr ("Failed to write utmpx: %s\n", strerror (errno));
             endutxent ();
             updwtmpx ("/var/log/wtmp", &ut);
+
+            audit_event (AUDIT_USER_LOGOUT, username, uid, remote_host_name, tty, TRUE);
         }
     }
 
-- 
cgit v1.2.1