Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:11.4
kdebase4-wallpapers
kdm-audit-log.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File kdm-audit-log.diff of Package kdebase4-wallpapers
Index: cmake/modules/FindAudit.cmake =================================================================== --- /dev/null +++ cmake/modules/FindAudit.cmake @@ -0,0 +1,12 @@ +FIND_LIBRARY(AUDIT_LIBRARIES NAMES audit) +FIND_PATH(AUDIT_INCLUDE_DIR libaudit.h) + +include(FindPackageHandleStandardArgs) +FIND_PACKAGE_HANDLE_STANDARD_ARGS(Audit DEFAULT_MSG AUDIT_INCLUDE_DIR AUDIT_LIBRARIES ) +MACRO_LOG_FEATURE(AUDIT_FOUND "audit" "Audit Logging for kdm" "http://people.redhat.com/sgrubb/audit/" FALSE) + +MARK_AS_ADVANCED(AUDIT_INCLUDE_DIR AUDIT_LIBRARIES) + +if ( AUDIT_LIBRARIES AND AUDIT_INCLUDE_DIR ) + set(HAVE_LIBAUDIT 1) +endif ( AUDIT_LIBRARIES AND AUDIT_INCLUDE_DIR ) Index: kdm/backend/client.c =================================================================== --- kdm/backend/client.c.orig +++ kdm/backend/client.c @@ -88,6 +88,14 @@ extern int loginsuccess( const char *Use #endif #include <signal.h> +#define AU_FAILED 0 +#define AU_SUCCESS 1 +#ifdef HAVE_LIBAUDIT +#include <libaudit.h> +#else +#define log_to_audit_system(l,h,d,s) do { ; } while (0) +#endif + /* * Session data, mostly what struct verify_info was for */ @@ -337,6 +345,56 @@ getPAMXauthData( const char *xauth_file } # endif + /** + * log_to_audit_system: + * @login: Name of user + * @hostname: Name of host machine + * @tty: Name of display + * @success: 1 for success, 0 for failure + * + * Logs the success or failure of the login attempt with the linux kernel + * audit system. The intent is to capture failed events where the user + * fails authentication or otherwise is not permitted to login. There are + * many other places where pam could potentially fail and cause login to + * fail, but these are system failures rather than the signs of an account + * being hacked. + * + * Returns nothing. + */ + +#ifdef HAVE_LIBAUDIT +static void +log_to_audit_system (const char *loginname, + const char *hostname, + const char *tty, + int success) +{ + struct passwd *pw; + char buf[64]; + int audit_fd; + + audit_fd = audit_open(); + if (loginname) + pw = getpwnam(loginname); + else { + loginname = "unknown"; + pw = NULL; + } + Debug("log_to_audit %p %s\n", pw, loginname); + + if (pw) { + snprintf(buf, sizeof(buf), "uid=%d", pw->pw_uid); + audit_log_user_message(audit_fd, AUDIT_USER_LOGIN, + buf, hostname, NULL, tty, (int)success); + } else { + snprintf(buf, sizeof(buf), "acct=%s", loginname); + audit_log_user_message(audit_fd, AUDIT_USER_LOGIN, + buf, hostname, NULL, tty, (int)success); + } + close(audit_fd); +} +#endif + static int doPAMAuth( const char *psrv, struct pam_data *pdata ) { @@ -422,6 +480,8 @@ doPAMAuth( const char *psrv, struct pam_ gSendStr( curuser ); } if (pretc != PAM_SUCCESS) { + /* Log the failed login attempt */ + log_to_audit_system (curuser, td->remoteHost, td->name, AU_FAILED); switch (pretc) { case PAM_USER_UNKNOWN: case PAM_AUTH_ERR: @@ -765,6 +825,8 @@ verify( GConvFunc gconv, int rootok ) if (!p->pw_uid) { if (!rootok && !td->allowRootLogin) V_RET_FAIL( "Root logins are not allowed" ); + /* Log the failed login attempt */ + log_to_audit_system (curuser, td->remoteHost, td->name, AU_FAILED); wipeStr( curpass ); curpass = 0; return True; /* don't deny root to log in */ @@ -805,6 +867,8 @@ verify( GConvFunc gconv, int rootok ) } if (pretc == PAM_SUCCESS) break; + /* Log the failed login attempt */ + log_to_audit_system (curuser, td->remoteHost, td->name, AU_FAILED); /* effectively there is only PAM_AUTHTOK_ERR */ gSendInt( V_FAIL ); } @@ -891,6 +955,8 @@ verify( GConvFunc gconv, int rootok ) displayStr( V_MSG_ERR, "Your account has expired;" " please contact your system administrator" ); + /* Log the failed login attempt */ + log_to_audit_system (curuser, td->remoteHost, td->name, AU_FAILED); gSendInt( V_FAIL ); LC_RET0; } else if (tim > (expir - warntime) && !quietlog) { @@ -917,6 +983,8 @@ verify( GConvFunc gconv, int rootok ) displayStr( V_MSG_ERR, "Your account has expired;" " please contact your system administrator" ); + /* Log the failed login attempt */ + log_to_audit_system (curuser, td->remoteHost, td->name, AU_FAILED); gSendInt( V_FAIL ); LC_RET0; } @@ -968,6 +1036,8 @@ verify( GConvFunc gconv, int rootok ) } displayStr( V_MSG_ERR, "Logins are not allowed at the moment.\nTry again later" ); + /* Log the failed login attempt */ + log_to_audit_system (curuser, td->remoteHost, td->name, AU_FAILED); gSendInt( V_FAIL ); LC_RET0; } @@ -977,6 +1047,8 @@ verify( GConvFunc gconv, int rootok ) if (!auth_timeok( lc, time( 0 ) )) { displayStr( V_MSG_ERR, "You are not allowed to login at the moment" ); + /* Log the failed login attempt */ + log_to_audit_system (curuser, td->remoteHost, td->name, AU_FAILED); gSendInt( V_FAIL ); LC_RET0; } @@ -988,6 +1060,8 @@ verify( GConvFunc gconv, int rootok ) debug( "shell not in /etc/shells\n" ); endusershell(); V_RET_FAIL( "Your login shell is not listed in /etc/shells" ); + /* Log the failed login attempt */ + log_to_audit_system (curuser, td->remoteHost, td->name, AU_FAILED); } if (!strcmp( s, p->pw_shell )) { endusershell(); @@ -1514,6 +1588,9 @@ startClient( volatile int *pid ) # define D_LOGIN_SETGROUP 0 #endif /* USE_PAM */ + /* Login succeeded */ + log_to_audit_system (curuser, td->remoteHost, td->name, AU_SUCCESS); + removeAuth = True; chownCtrl( &td->ctrl, curuid ); ctltalk.pipe = &ctlpipe; Index: kdm/ConfigureChecks.cmake =================================================================== --- kdm/ConfigureChecks.cmake.orig +++ kdm/ConfigureChecks.cmake @@ -231,4 +231,6 @@ if (NOT LIBEXEC_INSTALL_DIR STREQUAL "${ endif (NOT inip) endif (NOT LIBEXEC_INSTALL_DIR STREQUAL "${BIN_INSTALL_DIR}") +find_package(Audit) + configure_file(config-kdm.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config-kdm.h)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor