1 | /* gdm-session-solaris-auditor.c - Object for Solaris auditing of session login/logout |
---|
2 | * |
---|
3 | * Copyright (C) 2004, 2008 Sun Microsystems, Inc. |
---|
4 | * Copyright (C) 2005, 2008 Red Hat, Inc. |
---|
5 | * |
---|
6 | * This program is free software; you can redistribute it and/or modify |
---|
7 | * it under the terms of the GNU General Public License as published by |
---|
8 | * the Free Software Foundation; either version 2, or (at your option) |
---|
9 | * any later version. |
---|
10 | * |
---|
11 | * This program is distributed in the hope that it will be useful, |
---|
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
14 | * GNU General Public License for more details. |
---|
15 | * |
---|
16 | * You should have received a copy of the GNU General Public License |
---|
17 | * along with this program; if not, write to the Free Software |
---|
18 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA |
---|
19 | * 02111-1307, USA. |
---|
20 | * |
---|
21 | * Written by: Brian A. Cameron <Brian.Cameron@sun.com> |
---|
22 | * Gary Winiger <Gary.Winiger@sun.com> |
---|
23 | * Ray Strode <rstrode@redhat.com> |
---|
24 | * Steve Grubb <sgrubb@redhat.com> |
---|
25 | */ |
---|
26 | #include "config.h" |
---|
27 | #include "gdm-session-solaris-auditor.h" |
---|
28 | |
---|
29 | #include <syslog.h> |
---|
30 | #include <security/pam_appl.h> |
---|
31 | #include <pwd.h> |
---|
32 | |
---|
33 | #include <fcntl.h> |
---|
34 | #include <bsm/adt.h> |
---|
35 | #include <bsm/adt_event.h> |
---|
36 | |
---|
37 | #include <glib.h> |
---|
38 | #include <glib-object.h> |
---|
39 | #include <glib/gi18n.h> |
---|
40 | |
---|
41 | struct _GdmSessionSolarisAuditorPrivate |
---|
42 | { |
---|
43 | adt_session_data_t *audit_session_handle; |
---|
44 | |
---|
45 | guint password_change_initiated : 1; |
---|
46 | guint password_changed : 1; |
---|
47 | guint user_accredited : 1; |
---|
48 | |
---|
49 | /* cached values to prevent repeated calls |
---|
50 | * to getpwnam |
---|
51 | */ |
---|
52 | char *username; |
---|
53 | uid_t uid; |
---|
54 | gid_t gid; |
---|
55 | }; |
---|
56 | |
---|
57 | static void gdm_session_solaris_auditor_finalize (GObject *object); |
---|
58 | |
---|
59 | G_DEFINE_TYPE (GdmSessionSolarisAuditor, gdm_session_solaris_auditor, GDM_TYPE_SESSION_AUDITOR) |
---|
60 | |
---|
61 | static void |
---|
62 | gdm_session_solaris_auditor_report_password_changed (GdmSessionAuditor *auditor) |
---|
63 | { |
---|
64 | GdmSessionSolarisAuditor *solaris_auditor; |
---|
65 | |
---|
66 | solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor); |
---|
67 | solaris_auditor->priv->password_change_initiated = TRUE; |
---|
68 | solaris_auditor->priv->password_changed = TRUE; |
---|
69 | } |
---|
70 | |
---|
71 | static void |
---|
72 | gdm_session_solaris_auditor_report_password_change_failure (GdmSessionAuditor *auditor) |
---|
73 | { |
---|
74 | GdmSessionSolarisAuditor *solaris_auditor; |
---|
75 | |
---|
76 | solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor); |
---|
77 | solaris_auditor->priv->password_change_initiated = TRUE; |
---|
78 | solaris_auditor->priv->password_changed = FALSE; |
---|
79 | } |
---|
80 | |
---|
81 | static void |
---|
82 | gdm_session_solaris_auditor_report_user_accredited (GdmSessionAuditor *auditor) |
---|
83 | { |
---|
84 | GdmSessionSolarisAuditor *solaris_auditor; |
---|
85 | |
---|
86 | solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor); |
---|
87 | solaris_auditor->priv->user_accredited = TRUE; |
---|
88 | } |
---|
89 | |
---|
90 | static void |
---|
91 | gdm_session_solaris_auditor_report_login (GdmSessionAuditor *auditor) |
---|
92 | { |
---|
93 | GdmSessionSolarisAuditor *solaris_auditor; |
---|
94 | adt_session_data_t *adt_ah; /* Audit session handle */ |
---|
95 | adt_event_data_t *event; /* Event to generate */ |
---|
96 | |
---|
97 | solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor); |
---|
98 | |
---|
99 | g_return_if_fail (solaris_auditor->priv->username != NULL); |
---|
100 | |
---|
101 | adt_ah = NULL; |
---|
102 | if (adt_start_session (&adt_ah, NULL, ADT_USE_PROC_DATA) != 0) { |
---|
103 | syslog (LOG_AUTH | LOG_ALERT, |
---|
104 | "adt_start_session (ADT_login): %m"); |
---|
105 | goto cleanup; |
---|
106 | } |
---|
107 | |
---|
108 | if (adt_set_user (adt_ah, solaris_auditor->priv->uid, |
---|
109 | solaris_auditor->priv->gid, solaris_auditor->priv->uid, |
---|
110 | solaris_auditor->priv->gid, NULL, ADT_USER) != 0) { |
---|
111 | syslog (LOG_AUTH | LOG_ALERT, |
---|
112 | "adt_set_user (ADT_login, %s): %m", |
---|
113 | solaris_auditor->priv->username); |
---|
114 | } |
---|
115 | |
---|
116 | event = adt_alloc_event (adt_ah, ADT_login); |
---|
117 | if (event == NULL) { |
---|
118 | syslog (LOG_AUTH | LOG_ALERT, "adt_alloc_event (ADT_login): %m"); |
---|
119 | } else if (adt_put_event (event, ADT_SUCCESS, ADT_SUCCESS) != 0) { |
---|
120 | syslog (LOG_AUTH | LOG_ALERT, |
---|
121 | "adt_put_event (ADT_login, ADT_SUCCESS): %m"); |
---|
122 | } |
---|
123 | |
---|
124 | if (solaris_auditor->priv->password_changed) { |
---|
125 | |
---|
126 | g_assert (solaris_auditor->priv->password_change_initiated); |
---|
127 | |
---|
128 | /* Also audit password change */ |
---|
129 | adt_free_event (event); |
---|
130 | event = adt_alloc_event (adt_ah, ADT_passwd); |
---|
131 | if (event == NULL) { |
---|
132 | syslog (LOG_AUTH | LOG_ALERT, |
---|
133 | "adt_alloc_event (ADT_passwd): %m"); |
---|
134 | } else if (adt_put_event (event, ADT_SUCCESS, |
---|
135 | ADT_SUCCESS) != 0) { |
---|
136 | |
---|
137 | syslog (LOG_AUTH | LOG_ALERT, |
---|
138 | "adt_put_event (ADT_passwd, ADT_SUCCESS): %m"); |
---|
139 | } |
---|
140 | } |
---|
141 | |
---|
142 | adt_free_event (event); |
---|
143 | |
---|
144 | cleanup: |
---|
145 | solaris_auditor->priv->audit_session_handle = adt_ah; |
---|
146 | } |
---|
147 | |
---|
148 | static void |
---|
149 | gdm_session_solaris_auditor_report_login_failure (GdmSessionAuditor *auditor, |
---|
150 | int pam_error_code, |
---|
151 | const char *pam_error_string) |
---|
152 | { |
---|
153 | GdmSessionSolarisAuditor *solaris_auditor; |
---|
154 | char *hostname; |
---|
155 | char *display_device; |
---|
156 | adt_session_data_t *ah; /* Audit session handle */ |
---|
157 | adt_event_data_t *event; /* Event to generate */ |
---|
158 | adt_termid_t *tid; /* Terminal ID for failures */ |
---|
159 | |
---|
160 | solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor); |
---|
161 | g_object_get (G_OBJECT (auditor), |
---|
162 | "hostname", &hostname, |
---|
163 | "display-device", &display_device, NULL); |
---|
164 | |
---|
165 | if (solaris_auditor->priv->user_accredited) { |
---|
166 | if (adt_start_session (&ah, NULL, ADT_USE_PROC_DATA) != 0) { |
---|
167 | syslog (LOG_AUTH | LOG_ALERT, |
---|
168 | "adt_start_session (ADT_login, ADT_FAILURE): %m"); |
---|
169 | goto cleanup; |
---|
170 | } |
---|
171 | } else { |
---|
172 | if (adt_start_session (&ah, NULL, 0) != 0) { |
---|
173 | syslog (LOG_AUTH | LOG_ALERT, |
---|
174 | "adt_start_session (ADT_login, ADT_FAILURE): %m"); |
---|
175 | goto cleanup; |
---|
176 | } |
---|
177 | |
---|
178 | /* If display is on console or VT */ |
---|
179 | if (hostname != NULL && hostname[0] != '\0') { |
---|
180 | /* Login from a remote host */ |
---|
181 | if (adt_load_hostname (hostname, &tid) != 0) { |
---|
182 | syslog (LOG_AUTH | LOG_ALERT, |
---|
183 | "adt_loadhostname (%s): %m", hostname); |
---|
184 | } |
---|
185 | } else { |
---|
186 | /* login from the local host */ |
---|
187 | if (adt_load_ttyname (display_device, &tid) != 0) { |
---|
188 | syslog (LOG_AUTH | LOG_ALERT, |
---|
189 | "adt_loadhostname (localhost): %m"); |
---|
190 | } |
---|
191 | } |
---|
192 | |
---|
193 | if (adt_set_user (ah, |
---|
194 | solaris_auditor->priv->username != NULL ? solaris_auditor->priv->uid : ADT_NO_ATTRIB, |
---|
195 | solaris_auditor->priv->username != NULL ? solaris_auditor->priv->gid : ADT_NO_ATTRIB, |
---|
196 | solaris_auditor->priv->username != NULL ? solaris_auditor->priv->uid : ADT_NO_ATTRIB, |
---|
197 | solaris_auditor->priv->username != NULL ? solaris_auditor->priv->gid : ADT_NO_ATTRIB, |
---|
198 | tid, ADT_NEW) != 0) { |
---|
199 | |
---|
200 | syslog (LOG_AUTH | LOG_ALERT, |
---|
201 | "adt_set_user (%s): %m", |
---|
202 | solaris_auditor->priv->username != NULL ? solaris_auditor->priv->username : "ADT_NO_ATTRIB"); |
---|
203 | } |
---|
204 | } |
---|
205 | |
---|
206 | event = adt_alloc_event (ah, ADT_login); |
---|
207 | |
---|
208 | if (event == NULL) { |
---|
209 | syslog (LOG_AUTH | LOG_ALERT, |
---|
210 | "adt_alloc_event (ADT_login, ADT_FAILURE): %m"); |
---|
211 | goto done; |
---|
212 | } else if (adt_put_event (event, ADT_FAILURE, |
---|
213 | ADT_FAIL_PAM + pam_error_code) != 0) { |
---|
214 | syslog (LOG_AUTH | LOG_ALERT, |
---|
215 | "adt_put_event (ADT_login (ADT_FAIL, %s): %m", |
---|
216 | pam_error_string); |
---|
217 | } |
---|
218 | |
---|
219 | if (solaris_auditor->priv->password_change_initiated) { |
---|
220 | /* Also audit password change */ |
---|
221 | adt_free_event (event); |
---|
222 | |
---|
223 | event = adt_alloc_event (ah, ADT_passwd); |
---|
224 | if (event == NULL) { |
---|
225 | syslog (LOG_AUTH | LOG_ALERT, |
---|
226 | "adt_alloc_event (ADT_passwd): %m"); |
---|
227 | goto done; |
---|
228 | } |
---|
229 | |
---|
230 | if (solaris_auditor->priv->password_changed) { |
---|
231 | if (adt_put_event (event, ADT_SUCCESS, |
---|
232 | ADT_SUCCESS) != 0) { |
---|
233 | |
---|
234 | syslog (LOG_AUTH | LOG_ALERT, |
---|
235 | "adt_put_event (ADT_passwd, ADT_SUCCESS): " |
---|
236 | "%m"); |
---|
237 | } |
---|
238 | } else { |
---|
239 | if (adt_put_event (event, ADT_FAILURE, |
---|
240 | ADT_FAIL_PAM + pam_error_code) != 0) { |
---|
241 | |
---|
242 | syslog (LOG_AUTH | LOG_ALERT, |
---|
243 | "adt_put_event (ADT_passwd, ADT_FAILURE): " |
---|
244 | "%m"); |
---|
245 | } |
---|
246 | } |
---|
247 | } |
---|
248 | adt_free_event (event); |
---|
249 | |
---|
250 | done: |
---|
251 | /* Reset process audit state. this process is being reused.*/ |
---|
252 | if ((adt_set_user (ah, ADT_NO_AUDIT, ADT_NO_AUDIT, ADT_NO_AUDIT, |
---|
253 | ADT_NO_AUDIT, NULL, ADT_NEW) != 0) || |
---|
254 | (adt_set_proc (ah) != 0)) { |
---|
255 | |
---|
256 | syslog (LOG_AUTH | LOG_ALERT, |
---|
257 | "adt_put_event (ADT_login (ADT_FAILURE reset, %m)"); |
---|
258 | } |
---|
259 | (void) adt_end_session (ah); |
---|
260 | |
---|
261 | cleanup: |
---|
262 | g_free (hostname); |
---|
263 | g_free (display_device); |
---|
264 | } |
---|
265 | |
---|
266 | static void |
---|
267 | gdm_session_solaris_auditor_report_logout (GdmSessionAuditor *auditor) |
---|
268 | { |
---|
269 | GdmSessionSolarisAuditor *solaris_auditor; |
---|
270 | adt_session_data_t *adt_ah; /* Audit session handle */ |
---|
271 | adt_event_data_t *event; /* Event to generate */ |
---|
272 | |
---|
273 | solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor); |
---|
274 | |
---|
275 | adt_ah = solaris_auditor->priv->audit_session_handle; |
---|
276 | |
---|
277 | event = adt_alloc_event (adt_ah, ADT_logout); |
---|
278 | if (event == NULL) { |
---|
279 | syslog (LOG_AUTH | LOG_ALERT, |
---|
280 | "adt_alloc_event (ADT_logout): %m"); |
---|
281 | } else if (adt_put_event (event, ADT_SUCCESS, ADT_SUCCESS) != 0) { |
---|
282 | syslog (LOG_AUTH | LOG_ALERT, |
---|
283 | "adt_put_event (ADT_logout, ADT_SUCCESS): %m"); |
---|
284 | } |
---|
285 | |
---|
286 | adt_free_event (event); |
---|
287 | |
---|
288 | /* Reset process audit state. this process is being reused. */ |
---|
289 | if ((adt_set_user (adt_ah, ADT_NO_AUDIT, ADT_NO_AUDIT, ADT_NO_AUDIT, |
---|
290 | ADT_NO_AUDIT, NULL, ADT_NEW) != 0) || |
---|
291 | (adt_set_proc (adt_ah) != 0)) { |
---|
292 | syslog (LOG_AUTH | LOG_ALERT, |
---|
293 | "adt_set_proc (ADT_logout reset): %m"); |
---|
294 | } |
---|
295 | |
---|
296 | (void) adt_end_session (adt_ah); |
---|
297 | solaris_auditor->priv->audit_session_handle = NULL; |
---|
298 | } |
---|
299 | |
---|
300 | static void |
---|
301 | gdm_session_solaris_auditor_class_init (GdmSessionSolarisAuditorClass *klass) |
---|
302 | { |
---|
303 | GObjectClass *object_class; |
---|
304 | GdmSessionAuditorClass *auditor_class; |
---|
305 | |
---|
306 | object_class = G_OBJECT_CLASS (klass); |
---|
307 | auditor_class = GDM_SESSION_AUDITOR_CLASS (klass); |
---|
308 | |
---|
309 | object_class->finalize = gdm_session_solaris_auditor_finalize; |
---|
310 | |
---|
311 | auditor_class->report_password_changed = gdm_session_solaris_auditor_report_password_changed; |
---|
312 | auditor_class->report_password_change_failure = gdm_session_solaris_auditor_report_password_change_failure; |
---|
313 | auditor_class->report_user_accredited = gdm_session_solaris_auditor_report_user_accredited; |
---|
314 | auditor_class->report_login = gdm_session_solaris_auditor_report_login; |
---|
315 | auditor_class->report_login_failure = gdm_session_solaris_auditor_report_login_failure; |
---|
316 | auditor_class->report_logout = gdm_session_solaris_auditor_report_logout; |
---|
317 | |
---|
318 | g_type_class_add_private (auditor_class, sizeof (GdmSessionSolarisAuditorPrivate)); |
---|
319 | } |
---|
320 | |
---|
321 | static void |
---|
322 | on_username_set (GdmSessionSolarisAuditor *auditor) |
---|
323 | { |
---|
324 | char *username; |
---|
325 | struct passwd *passwd_entry; |
---|
326 | |
---|
327 | g_object_get (G_OBJECT (auditor), "username", &username, NULL); |
---|
328 | |
---|
329 | passwd_entry = getpwnam (username); |
---|
330 | |
---|
331 | if (passwd_entry != NULL) { |
---|
332 | auditor->priv->uid = passwd_entry->pw_uid; |
---|
333 | auditor->priv->gid = passwd_entry->pw_gid; |
---|
334 | auditor->priv->username = g_strdup (passwd_entry->pw_name); |
---|
335 | } else { |
---|
336 | g_free (auditor->priv->username); |
---|
337 | auditor->priv->username = NULL; |
---|
338 | auditor->priv->uid = (uid_t) -1; |
---|
339 | auditor->priv->gid = (gid_t) -1; |
---|
340 | } |
---|
341 | |
---|
342 | g_free (username); |
---|
343 | } |
---|
344 | |
---|
345 | static void |
---|
346 | gdm_session_solaris_auditor_init (GdmSessionSolarisAuditor *auditor) |
---|
347 | { |
---|
348 | auditor->priv = G_TYPE_INSTANCE_GET_PRIVATE (auditor, |
---|
349 | GDM_TYPE_SESSION_SOLARIS_AUDITOR, |
---|
350 | GdmSessionSolarisAuditorPrivate); |
---|
351 | |
---|
352 | g_signal_connect (G_OBJECT (auditor), "notify::username", |
---|
353 | G_CALLBACK (on_username_set), NULL); |
---|
354 | |
---|
355 | auditor->priv->uid = (uid_t) -1; |
---|
356 | auditor->priv->gid = (gid_t) -1; |
---|
357 | } |
---|
358 | |
---|
359 | static void |
---|
360 | gdm_session_solaris_auditor_finalize (GObject *object) |
---|
361 | { |
---|
362 | GdmSessionSolarisAuditor *solaris_auditor; |
---|
363 | GObjectClass *parent_class; |
---|
364 | |
---|
365 | solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (object); |
---|
366 | |
---|
367 | g_free (solaris_auditor->priv->username); |
---|
368 | solaris_auditor->priv->username = NULL; |
---|
369 | |
---|
370 | parent_class = G_OBJECT_CLASS (gdm_session_solaris_auditor_parent_class); |
---|
371 | |
---|
372 | if (parent_class->finalize != NULL) { |
---|
373 | parent_class->finalize (object); |
---|
374 | } |
---|
375 | } |
---|
376 | |
---|
377 | GdmSessionAuditor * |
---|
378 | gdm_session_solaris_auditor_new (const char *hostname, |
---|
379 | const char *display_device) |
---|
380 | { |
---|
381 | GObject *auditor; |
---|
382 | |
---|
383 | auditor = g_object_new (GDM_TYPE_SESSION_SOLARIS_AUDITOR, |
---|
384 | "hostname", hostname, |
---|
385 | "display-device", display_device, |
---|
386 | NULL); |
---|
387 | |
---|
388 | return GDM_SESSION_AUDITOR (auditor); |
---|
389 | } |
---|
390 | |
---|
391 | |
---|