[134] | 1 | /* gdm-session-linux-auditor.c - Object for Linux auditing of session login/logout |
---|
| 2 | * |
---|
| 3 | * Copyright (C) 2004, 2008 Sun Microsystems, Inc. |
---|
| 4 | * Copyright (C) 2005, 2008 Red Hat, Inc. |
---|
| 5 | * |
---|
| 6 | * This program is free software; you can redistribute it and/or modify |
---|
| 7 | * it under the terms of the GNU General Public License as published by |
---|
| 8 | * the Free Software Foundation; either version 2, or (at your option) |
---|
| 9 | * any later version. |
---|
| 10 | * |
---|
| 11 | * This program is distributed in the hope that it will be useful, |
---|
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
| 14 | * GNU General Public License for more details. |
---|
| 15 | * |
---|
| 16 | * You should have received a copy of the GNU General Public License |
---|
| 17 | * along with this program; if not, write to the Free Software |
---|
| 18 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA |
---|
| 19 | * 02111-1307, USA. |
---|
| 20 | * |
---|
| 21 | * Written by: Brian A. Cameron <Brian.Cameron@sun.com> |
---|
| 22 | * Gary Winiger <Gary.Winiger@sun.com> |
---|
| 23 | * Ray Strode <rstrode@redhat.com> |
---|
| 24 | * Steve Grubb <sgrubb@redhat.com> |
---|
| 25 | */ |
---|
| 26 | #include "config.h" |
---|
| 27 | #include "gdm-session-linux-auditor.h" |
---|
| 28 | |
---|
| 29 | #include <fcntl.h> |
---|
| 30 | #include <pwd.h> |
---|
| 31 | #include <syslog.h> |
---|
| 32 | #include <unistd.h> |
---|
| 33 | |
---|
| 34 | #include <libaudit.h> |
---|
| 35 | |
---|
| 36 | #include <glib.h> |
---|
| 37 | |
---|
| 38 | struct _GdmSessionLinuxAuditorPrivate |
---|
| 39 | { |
---|
| 40 | int audit_fd; |
---|
| 41 | }; |
---|
| 42 | |
---|
| 43 | static void gdm_session_linux_auditor_finalize (GObject *object); |
---|
| 44 | |
---|
| 45 | G_DEFINE_TYPE (GdmSessionLinuxAuditor, gdm_session_linux_auditor, GDM_TYPE_SESSION_AUDITOR) |
---|
| 46 | |
---|
| 47 | static void |
---|
| 48 | log_user_message (GdmSessionAuditor *auditor, |
---|
| 49 | gint type, |
---|
| 50 | gint result) |
---|
| 51 | { |
---|
| 52 | GdmSessionLinuxAuditor *linux_auditor; |
---|
| 53 | char buf[512]; |
---|
| 54 | char *username; |
---|
| 55 | char *hostname; |
---|
| 56 | char *display_device; |
---|
| 57 | struct passwd *pw; |
---|
| 58 | |
---|
| 59 | linux_auditor = GDM_SESSION_LINUX_AUDITOR (auditor); |
---|
| 60 | |
---|
| 61 | g_object_get (G_OBJECT (auditor), "username", &username, NULL); |
---|
| 62 | g_object_get (G_OBJECT (auditor), "hostname", &hostname, NULL); |
---|
| 63 | g_object_get (G_OBJECT (auditor), "display-device", &display_device, NULL); |
---|
| 64 | |
---|
| 65 | if (username != NULL) { |
---|
| 66 | pw = getpwnam (username); |
---|
| 67 | } else { |
---|
| 68 | username = g_strdup ("unknown"); |
---|
| 69 | pw = NULL; |
---|
| 70 | } |
---|
| 71 | |
---|
| 72 | if (pw != NULL) { |
---|
| 73 | g_snprintf (buf, sizeof (buf), "uid=%d", pw->pw_uid); |
---|
| 74 | audit_log_user_message (linux_auditor->priv->audit_fd, type, |
---|
| 75 | buf, hostname, NULL, display_device, |
---|
| 76 | result); |
---|
| 77 | } else { |
---|
| 78 | g_snprintf (buf, sizeof (buf), "acct=%s", username); |
---|
| 79 | audit_log_user_message (linux_auditor->priv->audit_fd, type, |
---|
| 80 | buf, hostname, NULL, display_device, |
---|
| 81 | result); |
---|
| 82 | } |
---|
| 83 | |
---|
| 84 | g_free (username); |
---|
| 85 | g_free (hostname); |
---|
| 86 | g_free (display_device); |
---|
| 87 | } |
---|
| 88 | |
---|
| 89 | static void |
---|
| 90 | gdm_session_linux_auditor_report_login (GdmSessionAuditor *auditor) |
---|
| 91 | { |
---|
| 92 | log_user_message (auditor, AUDIT_USER_LOGIN, 1); |
---|
| 93 | } |
---|
| 94 | |
---|
| 95 | static void |
---|
| 96 | gdm_session_linux_auditor_report_login_failure (GdmSessionAuditor *auditor, |
---|
| 97 | int pam_error_code, |
---|
| 98 | const char *pam_error_string) |
---|
| 99 | { |
---|
| 100 | log_user_message (auditor, AUDIT_USER_LOGIN, 0); |
---|
| 101 | } |
---|
| 102 | |
---|
| 103 | static void |
---|
| 104 | gdm_session_linux_auditor_report_logout (GdmSessionAuditor *auditor) |
---|
| 105 | { |
---|
| 106 | log_user_message (auditor, AUDIT_USER_LOGOUT, 1); |
---|
| 107 | } |
---|
| 108 | |
---|
| 109 | static void |
---|
| 110 | gdm_session_linux_auditor_class_init (GdmSessionLinuxAuditorClass *klass) |
---|
| 111 | { |
---|
| 112 | GObjectClass *object_class; |
---|
| 113 | GdmSessionAuditorClass *auditor_class; |
---|
| 114 | |
---|
| 115 | object_class = G_OBJECT_CLASS (klass); |
---|
| 116 | auditor_class = GDM_SESSION_AUDITOR_CLASS (klass); |
---|
| 117 | |
---|
| 118 | object_class->finalize = gdm_session_linux_auditor_finalize; |
---|
| 119 | |
---|
| 120 | auditor_class->report_login = gdm_session_linux_auditor_report_login; |
---|
| 121 | auditor_class->report_login_failure = gdm_session_linux_auditor_report_login_failure; |
---|
| 122 | auditor_class->report_logout = gdm_session_linux_auditor_report_logout; |
---|
| 123 | |
---|
| 124 | g_type_class_add_private (auditor_class, sizeof (GdmSessionLinuxAuditorPrivate)); |
---|
| 125 | } |
---|
| 126 | |
---|
| 127 | static void |
---|
| 128 | gdm_session_linux_auditor_init (GdmSessionLinuxAuditor *auditor) |
---|
| 129 | { |
---|
| 130 | auditor->priv = G_TYPE_INSTANCE_GET_PRIVATE (auditor, |
---|
| 131 | GDM_TYPE_SESSION_LINUX_AUDITOR, |
---|
| 132 | GdmSessionLinuxAuditorPrivate); |
---|
| 133 | |
---|
| 134 | auditor->priv->audit_fd = audit_open (); |
---|
| 135 | } |
---|
| 136 | |
---|
| 137 | static void |
---|
| 138 | gdm_session_linux_auditor_finalize (GObject *object) |
---|
| 139 | { |
---|
| 140 | GdmSessionLinuxAuditor *linux_auditor; |
---|
| 141 | GObjectClass *parent_class; |
---|
| 142 | |
---|
| 143 | linux_auditor = GDM_SESSION_LINUX_AUDITOR (object); |
---|
| 144 | |
---|
| 145 | close (linux_auditor->priv->audit_fd); |
---|
| 146 | |
---|
| 147 | parent_class = G_OBJECT_CLASS (gdm_session_linux_auditor_parent_class); |
---|
| 148 | if (parent_class->finalize != NULL) { |
---|
| 149 | parent_class->finalize (object); |
---|
| 150 | } |
---|
| 151 | } |
---|
| 152 | |
---|
| 153 | |
---|
| 154 | GdmSessionAuditor * |
---|
| 155 | gdm_session_linux_auditor_new (const char *hostname, |
---|
| 156 | const char *display_device) |
---|
| 157 | { |
---|
| 158 | GObject *auditor; |
---|
| 159 | |
---|
| 160 | auditor = g_object_new (GDM_TYPE_SESSION_LINUX_AUDITOR, |
---|
| 161 | "hostname", hostname, |
---|
| 162 | "display-device", display_device, |
---|
| 163 | NULL); |
---|
| 164 | |
---|
| 165 | return GDM_SESSION_AUDITOR (auditor); |
---|
| 166 | } |
---|
| 167 | |
---|
| 168 | |
---|