[134] | 1 | /* gdm-session-solaris-auditor.c - Object for Solaris auditing of session login/logout |
---|
| 2 | * |
---|
| 3 | * Copyright (C) 2004, 2008 Sun Microsystems, Inc. |
---|
| 4 | * Copyright (C) 2005, 2008 Red Hat, Inc. |
---|
| 5 | * |
---|
| 6 | * This program is free software; you can redistribute it and/or modify |
---|
| 7 | * it under the terms of the GNU General Public License as published by |
---|
| 8 | * the Free Software Foundation; either version 2, or (at your option) |
---|
| 9 | * any later version. |
---|
| 10 | * |
---|
| 11 | * This program is distributed in the hope that it will be useful, |
---|
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
| 14 | * GNU General Public License for more details. |
---|
| 15 | * |
---|
| 16 | * You should have received a copy of the GNU General Public License |
---|
| 17 | * along with this program; if not, write to the Free Software |
---|
| 18 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA |
---|
| 19 | * 02111-1307, USA. |
---|
| 20 | * |
---|
| 21 | * Written by: Brian A. Cameron <Brian.Cameron@sun.com> |
---|
| 22 | * Gary Winiger <Gary.Winiger@sun.com> |
---|
| 23 | * Ray Strode <rstrode@redhat.com> |
---|
| 24 | * Steve Grubb <sgrubb@redhat.com> |
---|
| 25 | */ |
---|
| 26 | #include "config.h" |
---|
| 27 | #include "gdm-session-solaris-auditor.h" |
---|
| 28 | |
---|
| 29 | #include <syslog.h> |
---|
| 30 | #include <security/pam_appl.h> |
---|
| 31 | #include <pwd.h> |
---|
| 32 | |
---|
| 33 | #include <fcntl.h> |
---|
| 34 | #include <bsm/adt.h> |
---|
| 35 | #include <bsm/adt_event.h> |
---|
| 36 | |
---|
| 37 | #include <glib.h> |
---|
| 38 | #include <glib-object.h> |
---|
| 39 | #include <glib/gi18n.h> |
---|
| 40 | |
---|
| 41 | struct _GdmSessionSolarisAuditorPrivate |
---|
| 42 | { |
---|
| 43 | adt_session_data_t *audit_session_handle; |
---|
| 44 | |
---|
| 45 | guint password_change_initiated : 1; |
---|
| 46 | guint password_changed : 1; |
---|
| 47 | guint user_accredited : 1; |
---|
| 48 | |
---|
| 49 | /* cached values to prevent repeated calls |
---|
| 50 | * to getpwnam |
---|
| 51 | */ |
---|
| 52 | char *username; |
---|
| 53 | uid_t uid; |
---|
| 54 | gid_t gid; |
---|
| 55 | }; |
---|
| 56 | |
---|
| 57 | static void gdm_session_solaris_auditor_finalize (GObject *object); |
---|
| 58 | |
---|
| 59 | G_DEFINE_TYPE (GdmSessionSolarisAuditor, gdm_session_solaris_auditor, GDM_TYPE_SESSION_AUDITOR) |
---|
| 60 | |
---|
| 61 | static void |
---|
| 62 | gdm_session_solaris_auditor_report_password_changed (GdmSessionAuditor *auditor) |
---|
| 63 | { |
---|
| 64 | GdmSessionSolarisAuditor *solaris_auditor; |
---|
| 65 | |
---|
| 66 | solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor); |
---|
| 67 | solaris_auditor->priv->password_change_initiated = TRUE; |
---|
| 68 | solaris_auditor->priv->password_changed = TRUE; |
---|
| 69 | } |
---|
| 70 | |
---|
| 71 | static void |
---|
| 72 | gdm_session_solaris_auditor_report_password_change_failure (GdmSessionAuditor *auditor) |
---|
| 73 | { |
---|
| 74 | GdmSessionSolarisAuditor *solaris_auditor; |
---|
| 75 | |
---|
| 76 | solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor); |
---|
| 77 | solaris_auditor->priv->password_change_initiated = TRUE; |
---|
| 78 | solaris_auditor->priv->password_changed = FALSE; |
---|
| 79 | } |
---|
| 80 | |
---|
| 81 | static void |
---|
| 82 | gdm_session_solaris_auditor_report_user_accredited (GdmSessionAuditor *auditor) |
---|
| 83 | { |
---|
| 84 | GdmSessionSolarisAuditor *solaris_auditor; |
---|
| 85 | |
---|
| 86 | solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor); |
---|
| 87 | solaris_auditor->priv->user_accredited = TRUE; |
---|
| 88 | } |
---|
| 89 | |
---|
| 90 | static void |
---|
| 91 | gdm_session_solaris_auditor_report_login (GdmSessionAuditor *auditor) |
---|
| 92 | { |
---|
| 93 | GdmSessionSolarisAuditor *solaris_auditor; |
---|
| 94 | adt_session_data_t *adt_ah; /* Audit session handle */ |
---|
| 95 | adt_event_data_t *event; /* Event to generate */ |
---|
| 96 | |
---|
| 97 | solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor); |
---|
| 98 | |
---|
| 99 | g_return_if_fail (solaris_auditor->priv->username != NULL); |
---|
| 100 | |
---|
| 101 | adt_ah = NULL; |
---|
| 102 | if (adt_start_session (&adt_ah, NULL, ADT_USE_PROC_DATA) != 0) { |
---|
| 103 | syslog (LOG_AUTH | LOG_ALERT, |
---|
| 104 | "adt_start_session (ADT_login): %m"); |
---|
| 105 | goto cleanup; |
---|
| 106 | } |
---|
| 107 | |
---|
| 108 | if (adt_set_user (adt_ah, solaris_auditor->priv->uid, |
---|
| 109 | solaris_auditor->priv->gid, solaris_auditor->priv->uid, |
---|
| 110 | solaris_auditor->priv->gid, NULL, ADT_USER) != 0) { |
---|
| 111 | syslog (LOG_AUTH | LOG_ALERT, |
---|
| 112 | "adt_set_user (ADT_login, %s): %m", |
---|
| 113 | solaris_auditor->priv->username); |
---|
| 114 | } |
---|
| 115 | |
---|
| 116 | event = adt_alloc_event (adt_ah, ADT_login); |
---|
| 117 | if (event == NULL) { |
---|
| 118 | syslog (LOG_AUTH | LOG_ALERT, "adt_alloc_event (ADT_login): %m"); |
---|
| 119 | } else if (adt_put_event (event, ADT_SUCCESS, ADT_SUCCESS) != 0) { |
---|
| 120 | syslog (LOG_AUTH | LOG_ALERT, |
---|
| 121 | "adt_put_event (ADT_login, ADT_SUCCESS): %m"); |
---|
| 122 | } |
---|
| 123 | |
---|
| 124 | if (solaris_auditor->priv->password_changed) { |
---|
| 125 | |
---|
| 126 | g_assert (solaris_auditor->priv->password_change_initiated); |
---|
| 127 | |
---|
| 128 | /* Also audit password change */ |
---|
| 129 | adt_free_event (event); |
---|
| 130 | event = adt_alloc_event (adt_ah, ADT_passwd); |
---|
| 131 | if (event == NULL) { |
---|
| 132 | syslog (LOG_AUTH | LOG_ALERT, |
---|
| 133 | "adt_alloc_event (ADT_passwd): %m"); |
---|
| 134 | } else if (adt_put_event (event, ADT_SUCCESS, |
---|
| 135 | ADT_SUCCESS) != 0) { |
---|
| 136 | |
---|
| 137 | syslog (LOG_AUTH | LOG_ALERT, |
---|
| 138 | "adt_put_event (ADT_passwd, ADT_SUCCESS): %m"); |
---|
| 139 | } |
---|
| 140 | } |
---|
| 141 | |
---|
| 142 | adt_free_event (event); |
---|
| 143 | |
---|
| 144 | cleanup: |
---|
| 145 | solaris_auditor->priv->audit_session_handle = adt_ah; |
---|
| 146 | } |
---|
| 147 | |
---|
| 148 | static void |
---|
| 149 | gdm_session_solaris_auditor_report_login_failure (GdmSessionAuditor *auditor, |
---|
| 150 | int pam_error_code, |
---|
| 151 | const char *pam_error_string) |
---|
| 152 | { |
---|
| 153 | GdmSessionSolarisAuditor *solaris_auditor; |
---|
| 154 | char *hostname; |
---|
| 155 | char *display_device; |
---|
| 156 | adt_session_data_t *ah; /* Audit session handle */ |
---|
| 157 | adt_event_data_t *event; /* Event to generate */ |
---|
| 158 | adt_termid_t *tid; /* Terminal ID for failures */ |
---|
| 159 | |
---|
| 160 | solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor); |
---|
| 161 | g_object_get (G_OBJECT (auditor), |
---|
| 162 | "hostname", &hostname, |
---|
| 163 | "display-device", &display_device, NULL); |
---|
| 164 | |
---|
| 165 | if (solaris_auditor->priv->user_accredited) { |
---|
| 166 | if (adt_start_session (&ah, NULL, ADT_USE_PROC_DATA) != 0) { |
---|
| 167 | syslog (LOG_AUTH | LOG_ALERT, |
---|
| 168 | "adt_start_session (ADT_login, ADT_FAILURE): %m"); |
---|
| 169 | goto cleanup; |
---|
| 170 | } |
---|
| 171 | } else { |
---|
| 172 | if (adt_start_session (&ah, NULL, 0) != 0) { |
---|
| 173 | syslog (LOG_AUTH | LOG_ALERT, |
---|
| 174 | "adt_start_session (ADT_login, ADT_FAILURE): %m"); |
---|
| 175 | goto cleanup; |
---|
| 176 | } |
---|
| 177 | |
---|
| 178 | /* If display is on console or VT */ |
---|
| 179 | if (hostname != NULL && hostname[0] != '\0') { |
---|
| 180 | /* Login from a remote host */ |
---|
| 181 | if (adt_load_hostname (hostname, &tid) != 0) { |
---|
| 182 | syslog (LOG_AUTH | LOG_ALERT, |
---|
| 183 | "adt_loadhostname (%s): %m", hostname); |
---|
| 184 | } |
---|
| 185 | } else { |
---|
| 186 | /* login from the local host */ |
---|
| 187 | if (adt_load_ttyname (display_device, &tid) != 0) { |
---|
| 188 | syslog (LOG_AUTH | LOG_ALERT, |
---|
| 189 | "adt_loadhostname (localhost): %m"); |
---|
| 190 | } |
---|
| 191 | } |
---|
| 192 | |
---|
| 193 | if (adt_set_user (ah, |
---|
| 194 | solaris_auditor->priv->username != NULL ? solaris_auditor->priv->uid : ADT_NO_ATTRIB, |
---|
| 195 | solaris_auditor->priv->username != NULL ? solaris_auditor->priv->gid : ADT_NO_ATTRIB, |
---|
| 196 | solaris_auditor->priv->username != NULL ? solaris_auditor->priv->uid : ADT_NO_ATTRIB, |
---|
| 197 | solaris_auditor->priv->username != NULL ? solaris_auditor->priv->gid : ADT_NO_ATTRIB, |
---|
| 198 | tid, ADT_NEW) != 0) { |
---|
| 199 | |
---|
| 200 | syslog (LOG_AUTH | LOG_ALERT, |
---|
| 201 | "adt_set_user (%s): %m", |
---|
| 202 | solaris_auditor->priv->username != NULL ? solaris_auditor->priv->username : "ADT_NO_ATTRIB"); |
---|
| 203 | } |
---|
| 204 | } |
---|
| 205 | |
---|
| 206 | event = adt_alloc_event (ah, ADT_login); |
---|
| 207 | |
---|
| 208 | if (event == NULL) { |
---|
| 209 | syslog (LOG_AUTH | LOG_ALERT, |
---|
| 210 | "adt_alloc_event (ADT_login, ADT_FAILURE): %m"); |
---|
| 211 | goto done; |
---|
| 212 | } else if (adt_put_event (event, ADT_FAILURE, |
---|
| 213 | ADT_FAIL_PAM + pam_error_code) != 0) { |
---|
| 214 | syslog (LOG_AUTH | LOG_ALERT, |
---|
| 215 | "adt_put_event (ADT_login (ADT_FAIL, %s): %m", |
---|
| 216 | pam_error_string); |
---|
| 217 | } |
---|
| 218 | |
---|
| 219 | if (solaris_auditor->priv->password_change_initiated) { |
---|
| 220 | /* Also audit password change */ |
---|
| 221 | adt_free_event (event); |
---|
| 222 | |
---|
| 223 | event = adt_alloc_event (ah, ADT_passwd); |
---|
| 224 | if (event == NULL) { |
---|
| 225 | syslog (LOG_AUTH | LOG_ALERT, |
---|
| 226 | "adt_alloc_event (ADT_passwd): %m"); |
---|
| 227 | goto done; |
---|
| 228 | } |
---|
| 229 | |
---|
| 230 | if (solaris_auditor->priv->password_changed) { |
---|
| 231 | if (adt_put_event (event, ADT_SUCCESS, |
---|
| 232 | ADT_SUCCESS) != 0) { |
---|
| 233 | |
---|
| 234 | syslog (LOG_AUTH | LOG_ALERT, |
---|
| 235 | "adt_put_event (ADT_passwd, ADT_SUCCESS): " |
---|
| 236 | "%m"); |
---|
| 237 | } |
---|
| 238 | } else { |
---|
| 239 | if (adt_put_event (event, ADT_FAILURE, |
---|
| 240 | ADT_FAIL_PAM + pam_error_code) != 0) { |
---|
| 241 | |
---|
| 242 | syslog (LOG_AUTH | LOG_ALERT, |
---|
| 243 | "adt_put_event (ADT_passwd, ADT_FAILURE): " |
---|
| 244 | "%m"); |
---|
| 245 | } |
---|
| 246 | } |
---|
| 247 | } |
---|
| 248 | adt_free_event (event); |
---|
| 249 | |
---|
| 250 | done: |
---|
| 251 | /* Reset process audit state. this process is being reused.*/ |
---|
| 252 | if ((adt_set_user (ah, ADT_NO_AUDIT, ADT_NO_AUDIT, ADT_NO_AUDIT, |
---|
| 253 | ADT_NO_AUDIT, NULL, ADT_NEW) != 0) || |
---|
| 254 | (adt_set_proc (ah) != 0)) { |
---|
| 255 | |
---|
| 256 | syslog (LOG_AUTH | LOG_ALERT, |
---|
| 257 | "adt_put_event (ADT_login (ADT_FAILURE reset, %m)"); |
---|
| 258 | } |
---|
| 259 | (void) adt_end_session (ah); |
---|
| 260 | |
---|
| 261 | cleanup: |
---|
| 262 | g_free (hostname); |
---|
| 263 | g_free (display_device); |
---|
| 264 | } |
---|
| 265 | |
---|
| 266 | static void |
---|
| 267 | gdm_session_solaris_auditor_report_logout (GdmSessionAuditor *auditor) |
---|
| 268 | { |
---|
| 269 | GdmSessionSolarisAuditor *solaris_auditor; |
---|
| 270 | adt_session_data_t *adt_ah; /* Audit session handle */ |
---|
| 271 | adt_event_data_t *event; /* Event to generate */ |
---|
| 272 | |
---|
| 273 | solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor); |
---|
| 274 | |
---|
| 275 | adt_ah = solaris_auditor->priv->audit_session_handle; |
---|
| 276 | |
---|
| 277 | event = adt_alloc_event (adt_ah, ADT_logout); |
---|
| 278 | if (event == NULL) { |
---|
| 279 | syslog (LOG_AUTH | LOG_ALERT, |
---|
| 280 | "adt_alloc_event (ADT_logout): %m"); |
---|
| 281 | } else if (adt_put_event (event, ADT_SUCCESS, ADT_SUCCESS) != 0) { |
---|
| 282 | syslog (LOG_AUTH | LOG_ALERT, |
---|
| 283 | "adt_put_event (ADT_logout, ADT_SUCCESS): %m"); |
---|
| 284 | } |
---|
| 285 | |
---|
| 286 | adt_free_event (event); |
---|
| 287 | |
---|
| 288 | /* Reset process audit state. this process is being reused. */ |
---|
| 289 | if ((adt_set_user (adt_ah, ADT_NO_AUDIT, ADT_NO_AUDIT, ADT_NO_AUDIT, |
---|
| 290 | ADT_NO_AUDIT, NULL, ADT_NEW) != 0) || |
---|
| 291 | (adt_set_proc (adt_ah) != 0)) { |
---|
| 292 | syslog (LOG_AUTH | LOG_ALERT, |
---|
| 293 | "adt_set_proc (ADT_logout reset): %m"); |
---|
| 294 | } |
---|
| 295 | |
---|
| 296 | (void) adt_end_session (adt_ah); |
---|
| 297 | solaris_auditor->priv->audit_session_handle = NULL; |
---|
| 298 | } |
---|
| 299 | |
---|
| 300 | static void |
---|
| 301 | gdm_session_solaris_auditor_class_init (GdmSessionSolarisAuditorClass *klass) |
---|
| 302 | { |
---|
| 303 | GObjectClass *object_class; |
---|
| 304 | GdmSessionAuditorClass *auditor_class; |
---|
| 305 | |
---|
| 306 | object_class = G_OBJECT_CLASS (klass); |
---|
| 307 | auditor_class = GDM_SESSION_AUDITOR_CLASS (klass); |
---|
| 308 | |
---|
| 309 | object_class->finalize = gdm_session_solaris_auditor_finalize; |
---|
| 310 | |
---|
| 311 | auditor_class->report_password_changed = gdm_session_solaris_auditor_report_password_changed; |
---|
| 312 | auditor_class->report_password_change_failure = gdm_session_solaris_auditor_report_password_change_failure; |
---|
| 313 | auditor_class->report_user_accredited = gdm_session_solaris_auditor_report_user_accredited; |
---|
| 314 | auditor_class->report_login = gdm_session_solaris_auditor_report_login; |
---|
| 315 | auditor_class->report_login_failure = gdm_session_solaris_auditor_report_login_failure; |
---|
| 316 | auditor_class->report_logout = gdm_session_solaris_auditor_report_logout; |
---|
| 317 | |
---|
| 318 | g_type_class_add_private (auditor_class, sizeof (GdmSessionSolarisAuditorPrivate)); |
---|
| 319 | } |
---|
| 320 | |
---|
| 321 | static void |
---|
| 322 | on_username_set (GdmSessionSolarisAuditor *auditor) |
---|
| 323 | { |
---|
| 324 | char *username; |
---|
| 325 | struct passwd *passwd_entry; |
---|
| 326 | |
---|
| 327 | g_object_get (G_OBJECT (auditor), "username", &username, NULL); |
---|
| 328 | |
---|
| 329 | passwd_entry = getpwnam (username); |
---|
| 330 | |
---|
| 331 | if (passwd_entry != NULL) { |
---|
| 332 | auditor->priv->uid = passwd_entry->pw_uid; |
---|
| 333 | auditor->priv->gid = passwd_entry->pw_gid; |
---|
| 334 | auditor->priv->username = g_strdup (passwd_entry->pw_name); |
---|
| 335 | } else { |
---|
| 336 | g_free (auditor->priv->username); |
---|
| 337 | auditor->priv->username = NULL; |
---|
| 338 | auditor->priv->uid = (uid_t) -1; |
---|
| 339 | auditor->priv->gid = (gid_t) -1; |
---|
| 340 | } |
---|
| 341 | |
---|
| 342 | g_free (username); |
---|
| 343 | } |
---|
| 344 | |
---|
| 345 | static void |
---|
| 346 | gdm_session_solaris_auditor_init (GdmSessionSolarisAuditor *auditor) |
---|
| 347 | { |
---|
| 348 | auditor->priv = G_TYPE_INSTANCE_GET_PRIVATE (auditor, |
---|
| 349 | GDM_TYPE_SESSION_SOLARIS_AUDITOR, |
---|
| 350 | GdmSessionSolarisAuditorPrivate); |
---|
| 351 | |
---|
| 352 | g_signal_connect (G_OBJECT (auditor), "notify::username", |
---|
| 353 | G_CALLBACK (on_username_set), NULL); |
---|
| 354 | |
---|
| 355 | auditor->priv->uid = (uid_t) -1; |
---|
| 356 | auditor->priv->gid = (gid_t) -1; |
---|
| 357 | } |
---|
| 358 | |
---|
| 359 | static void |
---|
| 360 | gdm_session_solaris_auditor_finalize (GObject *object) |
---|
| 361 | { |
---|
| 362 | GdmSessionSolarisAuditor *solaris_auditor; |
---|
| 363 | GObjectClass *parent_class; |
---|
| 364 | |
---|
| 365 | solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (object); |
---|
| 366 | |
---|
| 367 | g_free (solaris_auditor->priv->username); |
---|
| 368 | solaris_auditor->priv->username = NULL; |
---|
| 369 | |
---|
| 370 | parent_class = G_OBJECT_CLASS (gdm_session_solaris_auditor_parent_class); |
---|
| 371 | |
---|
| 372 | if (parent_class->finalize != NULL) { |
---|
| 373 | parent_class->finalize (object); |
---|
| 374 | } |
---|
| 375 | } |
---|
| 376 | |
---|
| 377 | GdmSessionAuditor * |
---|
| 378 | gdm_session_solaris_auditor_new (const char *hostname, |
---|
| 379 | const char *display_device) |
---|
| 380 | { |
---|
| 381 | GObject *auditor; |
---|
| 382 | |
---|
| 383 | auditor = g_object_new (GDM_TYPE_SESSION_SOLARIS_AUDITOR, |
---|
| 384 | "hostname", hostname, |
---|
| 385 | "display-device", display_device, |
---|
| 386 | NULL); |
---|
| 387 | |
---|
| 388 | return GDM_SESSION_AUDITOR (auditor); |
---|
| 389 | } |
---|
| 390 | |
---|
| 391 | |
---|