[packages/util-linux.git] / util-linux-audit-login.patch

- add audit message to login

diff -ur util-linux-2.13-pre4.orig/login-utils/login.c util-linux-2.13-pre4/login-utils/login.c
--- util-linux-2.13-pre4.orig/login-utils/login.c	2005-10-14 13:59:08.000000000 -0400
+++ util-linux-2.13-pre4/login-utils/login.c	2005-10-14 15:43:54.000000000 -0400
@@ -106,6 +106,7 @@
 #include <sys/syslog.h>
 #include <sys/sysmacros.h>
 #include <netdb.h>
+#include <libaudit.h>
 #include "pathnames.h"
 #include "my_crypt.h"
 #include "login.h"
@@ -329,6 +330,7 @@
 #ifdef LOGIN_CHOWN_VCS
     char vcsn[20], vcsan[20];
 #endif
+    int audit_fd;
 
     pid = getpid();
 
@@ -545,11 +547,25 @@
 	       (retcode == PAM_USER_UNKNOWN) ||
 	       (retcode == PAM_CRED_INSUFFICIENT) ||
 	       (retcode == PAM_AUTHINFO_UNAVAIL))) {
+	    struct passwd *pw;
+	    char buf[64];
 	    pam_get_item(pamh, PAM_USER, (const void **) &username);
 
 	    syslog(LOG_NOTICE,_("FAILED LOGIN %d FROM %s FOR %s, %s"),
 		   failcount, hostname, username, pam_strerror(pamh, retcode));
 	    logbtmp(tty_name, username, hostname);
+	    audit_fd = audit_open();
+	    pw = getpwnam(username);
+	    if (pw) {
+		snprintf(buf, sizeof(buf), "uid=%d", pw->pw_uid);
+		audit_log_user_message(audit_fd, AUDIT_USER_LOGIN, 
+			buf, hostname, NULL, tty_name, 0);
+	    } else {
+		snprintf(buf, sizeof(buf), "acct=%s", username);
+		audit_log_user_message(audit_fd, AUDIT_USER_LOGIN, 
+			buf, hostname, NULL, tty_name, 0);
+	    }
+	    close(audit_fd);
 
 	    fprintf(stderr,_("Login incorrect\n\n"));
 	    pam_set_item(pamh,PAM_USER,NULL);
@@ -557,6 +573,8 @@
 	}
 
 	if (retcode != PAM_SUCCESS) {
+	    struct passwd *pw;
+	    char buf[64];
 	    pam_get_item(pamh, PAM_USER, (const void **) &username);
 
 	    if (retcode == PAM_MAXTRIES)
@@ -567,6 +585,18 @@
 		syslog(LOG_NOTICE,_("FAILED LOGIN SESSION FROM %s FOR %s, %s"),
 			hostname, username, pam_strerror(pamh, retcode));
 	    logbtmp(tty_name, username, hostname);
+	    audit_fd = audit_open();
+	    pw = getpwnam(username);
+	    if (pw) {
+		snprintf(buf, sizeof(buf), "uid=%d", pw->pw_uid);
+		audit_log_user_message(audit_fd, AUDIT_USER_LOGIN, 
+			buf, hostname, NULL, tty_name, 0);
+	    } else {
+		snprintf(buf, sizeof(buf), "acct=%s", username);
+		audit_log_user_message(audit_fd, AUDIT_USER_LOGIN, 
+			buf, hostname, NULL, tty_name, 0);
+	    }
+	    close(audit_fd);
 
 	    fprintf(stderr,_("\nLogin incorrect\n"));
 	    pam_end(pamh, retcode);
@@ -908,6 +938,15 @@
 #endif
 #endif
     }
+
+    {
+	char buf[32];
+	audit_fd = audit_open();
+	snprintf(buf, sizeof(buf), "uid=%d", pwd->pw_uid);
+	audit_log_user_message(audit_fd, AUDIT_USER_LOGIN, 
+		buf, hostname, NULL, tty_name, 1);
+	close(audit_fd);
+    }
     
     dolastlog(quietlog);
     
diff -ur util-linux-2.13-pre4.orig/login-utils/Makefile.am util-linux-2.13-pre4/login-utils/Makefile.am
--- util-linux-2.13-pre4.orig/login-utils/Makefile.am	2005-10-14 13:59:08.000000000 -0400
+++ util-linux-2.13-pre4/login-utils/Makefile.am	2005-10-14 15:45:22.000000000 -0400
@@ -55,7 +55,7 @@
 if HAVE_PAM
 chfn_LDADD += -lpam -lpam_misc
 chsh_LDADD += -lpam -lpam_misc
-login_LDADD += -lpam -lpam_misc
+login_LDADD += -lpam -lpam_misc -laudit
 login_SOURCES = login.c
 else
 login_SOURCES = login.c checktty.c
Commit	Line	Data
5545a732 JR	1	- add audit message to login
	2
	3	diff -ur util-linux-2.13-pre4.orig/login-utils/login.c util-linux-2.13-pre4/login-utils/login.c
	4	--- util-linux-2.13-pre4.orig/login-utils/login.c 2005-10-14 13:59:08.000000000 -0400
	5	+++ util-linux-2.13-pre4/login-utils/login.c 2005-10-14 15:43:54.000000000 -0400
	6	@@ -106,6 +106,7 @@
	7	#include <sys/syslog.h>
	8	#include <sys/sysmacros.h>
	9	#include <netdb.h>
	10	+#include <libaudit.h>
	11	#include "pathnames.h"
	12	#include "my_crypt.h"
	13	#include "login.h"
	14	@@ -329,6 +330,7 @@
	15	#ifdef LOGIN_CHOWN_VCS
	16	char vcsn[20], vcsan[20];
	17	#endif
	18	+ int audit_fd;
	19
	20	pid = getpid();
	21
	22	@@ -545,11 +547,25 @@
	23	(retcode == PAM_USER_UNKNOWN) \|\|
	24	(retcode == PAM_CRED_INSUFFICIENT) \|\|
	25	(retcode == PAM_AUTHINFO_UNAVAIL))) {
	26	+ struct passwd *pw;
	27	+ char buf[64];
	28	pam_get_item(pamh, PAM_USER, (const void **) &username);
	29
	30	syslog(LOG_NOTICE,_("FAILED LOGIN %d FROM %s FOR %s, %s"),
	31	failcount, hostname, username, pam_strerror(pamh, retcode));
	32	logbtmp(tty_name, username, hostname);
	33	+ audit_fd = audit_open();
	34	+ pw = getpwnam(username);
	35	+ if (pw) {
	36	+ snprintf(buf, sizeof(buf), "uid=%d", pw->pw_uid);
	37	+ audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
	38	+ buf, hostname, NULL, tty_name, 0);
	39	+ } else {
	40	+ snprintf(buf, sizeof(buf), "acct=%s", username);
	41	+ audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
	42	+ buf, hostname, NULL, tty_name, 0);
	43	+ }
	44	+ close(audit_fd);
	45
	46	fprintf(stderr,_("Login incorrect\n\n"));
	47	pam_set_item(pamh,PAM_USER,NULL);
	48	@@ -557,6 +573,8 @@
	49	}
	50
	51	if (retcode != PAM_SUCCESS) {
	52	+ struct passwd *pw;
	53	+ char buf[64];
	54	pam_get_item(pamh, PAM_USER, (const void **) &username);
	55
	56	if (retcode == PAM_MAXTRIES)
	57	@@ -567,6 +585,18 @@
	58	syslog(LOG_NOTICE,_("FAILED LOGIN SESSION FROM %s FOR %s, %s"),
	59	hostname, username, pam_strerror(pamh, retcode));
	60	logbtmp(tty_name, username, hostname);
	61	+ audit_fd = audit_open();
	62	+ pw = getpwnam(username);
	63	+ if (pw) {
	64	+ snprintf(buf, sizeof(buf), "uid=%d", pw->pw_uid);
65	+ audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
66	+ buf, hostname, NULL, tty_name, 0);
67	+ } else {
68	+ snprintf(buf, sizeof(buf), "acct=%s", username);
69	+ audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
70	+ buf, hostname, NULL, tty_name, 0);
71	+ }
72	+ close(audit_fd);
73
74	fprintf(stderr,_("\nLogin incorrect\n"));
75	pam_end(pamh, retcode);
76	@@ -908,6 +938,15 @@
77	#endif
78	#endif
79	}
80	+
81	+ {
82	+ char buf[32];
83	+ audit_fd = audit_open();
84	+ snprintf(buf, sizeof(buf), "uid=%d", pwd->pw_uid);
85	+ audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
86	+ buf, hostname, NULL, tty_name, 1);
87	+ close(audit_fd);
88	+ }
89
90	dolastlog(quietlog);
91
92	diff -ur util-linux-2.13-pre4.orig/login-utils/Makefile.am util-linux-2.13-pre4/login-utils/Makefile.am
93	--- util-linux-2.13-pre4.orig/login-utils/Makefile.am 2005-10-14 13:59:08.000000000 -0400
94	+++ util-linux-2.13-pre4/login-utils/Makefile.am 2005-10-14 15:45:22.000000000 -0400
95	@@ -55,7 +55,7 @@
96	if HAVE_PAM
97	chfn_LDADD += -lpam -lpam_misc
98	chsh_LDADD += -lpam -lpam_misc
99	-login_LDADD += -lpam -lpam_misc
100	+login_LDADD += -lpam -lpam_misc -laudit
101	login_SOURCES = login.c
102	else
103	login_SOURCES = login.c checktty.c