gdm r5702 - in trunk: . daemon
- From: halfline svn gnome org
- To: svn-commits-list gnome org
- Subject: gdm r5702 - in trunk: . daemon
- Date: Wed, 6 Feb 2008 05:00:16 +0000 (GMT)
Author: halfline
Date: Wed Feb 6 05:00:15 2008
New Revision: 5702
URL: http://svn.gnome.org/viewvc/gdm?rev=5702&view=rev
Log:
2008-02-05 Ray Strode <rstrode redhat com>
Add PAM auditing logic. Based on patch and feedback from
Brian Cameron and earlier code from Gary Winiger and
Steve Grubb.
* configure.ac: set HAVE_ADT and HAVE_LIBAUDIT as appropriate
for solaris and linux audit support, respectively.
* daemon/Makefile.am: add new auditing code to Makefile.
* daemon/gdm-session-auditor.[ch]: generic base class for doing
auditing.
* daemon/gdm-session-linux-auditor.[ch]: linux auditor subclass
* daemon/gdm-session-solaris-auditor.[ch]: solaris auditor
subclass
* daemon/gdm-session-worker.c (GdmSessionWorkerPrivate): track
auditor
(gdm_session_worker_update_username): inform audit code about
username changes
(gdm_session_worker_start_auditor): instantiate the auditor
(gdm_session_worker_stop_auditor): free the auditor
(gdm_session_worker_uninitialize_pam): inform audit code about
logout/login failure and then free the auditor
(_get_tty_for_pam): fix calling return more than once on solaris
(gdm_session_worker_initialize_pam): instantiate the auditor.
(gdm_session_worker_authorize_user): inform audit code about
password changes
(gdm_session_worker_accredit_user): inform audit code about
user getting credentials
(gdm_session_worker_open_user_session): inform audit code about
successful login
Added:
trunk/daemon/gdm-session-auditor.c
trunk/daemon/gdm-session-auditor.h
trunk/daemon/gdm-session-linux-auditor.c
trunk/daemon/gdm-session-linux-auditor.h
trunk/daemon/gdm-session-solaris-auditor.c
trunk/daemon/gdm-session-solaris-auditor.h
Modified:
trunk/ChangeLog
trunk/configure.ac
trunk/daemon/Makefile.am
trunk/daemon/gdm-session-worker.c
Modified: trunk/configure.ac
==============================================================================
--- trunk/configure.ac (original)
+++ trunk/configure.ac Wed Feb 6 05:00:15 2008
@@ -995,11 +995,34 @@
if test ${check_sun_audit} = yes
then
AC_DEFINE(HAVE_ADT)
- EXTRA_DAEMON_LIBS="$EXTRA_DAEMON_LIBS -lbsm"
+ PAM_LIBS="$PAM_LIBS -lbsm"
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
+AM_CONDITIONAL(HAVE_ADT, test x$check_sun_audit = xyes)
+
+# Check for Linux auditing API
+#
+AC_ARG_WITH(libaudit,
+ [ --with-libaudit=[auto/yes/no] Add Linux audit support [default=auto]],,
+ with_libaudit=auto)
+
+# libaudit detection
+if test x$with_libaudit = xno ; then
+ have_libaudit=no;
+else
+ # See if we have audit daemon library
+ AC_CHECK_LIB(audit, audit_log_user_message,
+ have_libaudit=yes, have_libaudit=no)
+fi
+
+AM_CONDITIONAL(HAVE_LIBAUDIT, test x$have_libaudit = xyes)
+
+if test x$have_libaudit = xyes ; then
+ PAM_LIBS="$PAM_LIBS -laudit"
+ AC_DEFINE(HAVE_LIBAUDIT,1,[linux audit support])
+fi
# Check for Solaris logindevperm support
#
Modified: trunk/daemon/Makefile.am
==============================================================================
--- trunk/daemon/Makefile.am (original)
+++ trunk/daemon/Makefile.am Wed Feb 6 05:00:15 2008
@@ -244,10 +244,22 @@
gdm_session_worker_SOURCES = \
session-worker-main.c \
+ gdm-session-auditor.h \
+ gdm-session-auditor.c \
gdm-session-worker.h \
gdm-session-worker.c \
$(NULL)
+if HAVE_LIBAUDIT
+gdm_session_worker_SOURCES += gdm-session-linux-auditor.h \
+ gdm-session-linux-auditor.c
+endif
+
+if HAVE_ADT
+gdm_session_worker_SOURCES += gdm-session-solaris-auditor.h \
+ gdm-session-solaris-auditor.c
+endif
+
gdm_session_worker_LDFLAGS = \
$(PAM_LIBS) \
$(NULL)
Added: trunk/daemon/gdm-session-auditor.c
==============================================================================
--- (empty file)
+++ trunk/daemon/gdm-session-auditor.c Wed Feb 6 05:00:15 2008
@@ -0,0 +1,305 @@
+/* gdm-session-auditor.c - Object for auditing session login/logout
+ *
+ * Copyright (C) 2004, 2008 Sun Microsystems
+ * Copyright (C) 2005, 2008 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Written by: Brian A. Cameron <Brian Cameron sun com>
+ * Gary Winiger <Gary Winiger sun com>
+ * Ray Strode <rstrode redhat com>
+ * Steve Grubb <sgrubb redhat com>
+ */
+#include "config.h"
+#include "gdm-session-auditor.h"
+
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <glib.h>
+#include <glib-object.h>
+#include <glib/gi18n.h>
+
+struct _GdmSessionAuditorPrivate
+{
+ char *username;
+ char *hostname;
+ char *display_device;
+};
+
+static void gdm_session_auditor_finalize (GObject *object);
+static void gdm_session_auditor_class_install_properties (GdmSessionAuditorClass *
+ auditor_class);
+
+static void gdm_session_auditor_set_property (GObject *object,
+ guint prop_id,
+ const GValue *value,
+ GParamSpec *pspec);
+static void gdm_session_auditor_get_property (GObject *object,
+ guint prop_id,
+ GValue *value,
+ GParamSpec *pspec);
+
+enum {
+ PROP_0 = 0,
+ PROP_USERNAME,
+ PROP_HOSTNAME,
+ PROP_DISPLAY_DEVICE
+};
+
+G_DEFINE_TYPE (GdmSessionAuditor, gdm_session_auditor, G_TYPE_OBJECT);
+
+static void
+gdm_session_auditor_class_init (GdmSessionAuditorClass *auditor_class)
+{
+ GObjectClass *object_class;
+
+ object_class = G_OBJECT_CLASS (auditor_class);
+
+ object_class->finalize = gdm_session_auditor_finalize;
+
+ gdm_session_auditor_class_install_properties (auditor_class);
+
+ g_type_class_add_private (auditor_class, sizeof (GdmSessionAuditorPrivate));
+}
+
+static void
+gdm_session_auditor_class_install_properties (GdmSessionAuditorClass *auditor_class)
+{
+ GObjectClass *object_class;
+ GParamSpec *param_spec;
+
+ object_class = G_OBJECT_CLASS (auditor_class);
+ object_class->set_property = gdm_session_auditor_set_property;
+ object_class->get_property = gdm_session_auditor_get_property;
+
+ param_spec = g_param_spec_string ("username", _("Username"),
+ _("The username"),
+ NULL, G_PARAM_READWRITE);
+ g_object_class_install_property (object_class, PROP_USERNAME, param_spec);
+
+ param_spec = g_param_spec_string ("hostname", _("Hostname"),
+ _("The hostname"),
+ NULL,
+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY);
+ g_object_class_install_property (object_class, PROP_HOSTNAME, param_spec);
+
+ param_spec = g_param_spec_string ("display-device", _("Display Device"),
+ _("The display device"),
+ NULL,
+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY);
+ g_object_class_install_property (object_class, PROP_DISPLAY_DEVICE, param_spec);
+}
+
+static void
+gdm_session_auditor_init (GdmSessionAuditor *auditor)
+{
+ auditor->priv = G_TYPE_INSTANCE_GET_PRIVATE (auditor,
+ GDM_TYPE_SESSION_AUDITOR,
+ GdmSessionAuditorPrivate);
+
+}
+
+static void
+gdm_session_auditor_finalize (GObject *object)
+{
+ GdmSessionAuditor *auditor;
+ GObjectClass *parent_class;
+
+ auditor = GDM_SESSION_AUDITOR (object);
+
+ g_free (auditor->priv->username);
+ g_free (auditor->priv->hostname);
+ g_free (auditor->priv->display_device);
+
+ parent_class = G_OBJECT_CLASS (gdm_session_auditor_parent_class);
+
+ if (parent_class->finalize != NULL) {
+ parent_class->finalize (object);
+ }
+}
+
+void
+gdm_session_auditor_set_username (GdmSessionAuditor *auditor,
+ const char *username)
+{
+ g_return_if_fail (GDM_IS_SESSION_AUDITOR (auditor));
+
+ if (username == auditor->priv->username) {
+ return;
+ }
+
+ if ((username == NULL || auditor->priv->username == NULL) ||
+ strcmp (username, auditor->priv->username) != 0) {
+ auditor->priv->username = g_strdup (username);
+ g_object_notify (G_OBJECT (auditor), "username");
+ }
+}
+
+static void
+gdm_session_auditor_set_hostname (GdmSessionAuditor *auditor,
+ const char *hostname)
+{
+ g_return_if_fail (GDM_IS_SESSION_AUDITOR (auditor));
+ auditor->priv->hostname = g_strdup (hostname);
+}
+
+static void
+gdm_session_auditor_set_display_device (GdmSessionAuditor *auditor,
+ const char *display_device)
+{
+ g_return_if_fail (GDM_IS_SESSION_AUDITOR (auditor));
+ auditor->priv->display_device = g_strdup (display_device);
+}
+
+static char *
+gdm_session_auditor_get_username (GdmSessionAuditor *auditor)
+{
+ return g_strdup (auditor->priv->username);
+}
+
+static char *
+gdm_session_auditor_get_hostname (GdmSessionAuditor *auditor)
+{
+ return g_strdup (auditor->priv->hostname);
+}
+
+static char *
+gdm_session_auditor_get_display_device (GdmSessionAuditor *auditor)
+{
+ return g_strdup (auditor->priv->display_device);
+}
+
+static void
+gdm_session_auditor_set_property (GObject *object,
+ guint prop_id,
+ const GValue *value,
+ GParamSpec *pspec)
+{
+ GdmSessionAuditor *auditor;
+
+ auditor = GDM_SESSION_AUDITOR (object);
+
+ switch (prop_id) {
+ case PROP_USERNAME:
+ gdm_session_auditor_set_username (auditor, g_value_get_string (value));
+ break;
+
+ case PROP_HOSTNAME:
+ gdm_session_auditor_set_hostname (auditor, g_value_get_string (value));
+ break;
+
+ case PROP_DISPLAY_DEVICE:
+ gdm_session_auditor_set_display_device (auditor, g_value_get_string (value));
+ break;
+
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ }
+}
+
+static void
+gdm_session_auditor_get_property (GObject *object,
+ guint prop_id,
+ GValue *value,
+ GParamSpec *pspec)
+{
+ GdmSessionAuditor *auditor;
+
+ auditor = GDM_SESSION_AUDITOR (object);
+
+ switch (prop_id) {
+ case PROP_USERNAME:
+ g_value_set_string (value, gdm_session_auditor_get_username (auditor));
+ break;
+
+ case PROP_HOSTNAME:
+ g_value_set_string (value, gdm_session_auditor_get_hostname (auditor));
+ break;
+
+ case PROP_DISPLAY_DEVICE:
+ g_value_set_string (value, gdm_session_auditor_get_display_device (auditor));
+ break;
+
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ }
+}
+
+GdmSessionAuditor *
+gdm_session_auditor_new (const char *hostname,
+ const char *display_device)
+{
+ GdmSessionAuditor *auditor;
+
+ auditor = g_object_new (GDM_TYPE_SESSION_AUDITOR,
+ "hostname", hostname,
+ "display-device", display_device,
+ NULL);
+
+ return auditor;
+}
+
+void
+gdm_session_auditor_report_password_changed (GdmSessionAuditor *auditor)
+{
+ if (GDM_SESSION_AUDITOR_GET_CLASS (auditor)->report_password_changed != NULL) {
+ GDM_SESSION_AUDITOR_GET_CLASS (auditor)->report_password_changed (auditor);
+ }
+}
+
+void
+gdm_session_auditor_report_password_change_failure (GdmSessionAuditor *auditor)
+{
+ if (GDM_SESSION_AUDITOR_GET_CLASS (auditor)->report_password_change_failure != NULL) {
+ GDM_SESSION_AUDITOR_GET_CLASS (auditor)->report_password_change_failure (auditor);
+ }
+}
+
+void
+gdm_session_auditor_report_user_accredited (GdmSessionAuditor *auditor)
+{
+ if (GDM_SESSION_AUDITOR_GET_CLASS (auditor)->report_user_accredited != NULL) {
+ GDM_SESSION_AUDITOR_GET_CLASS (auditor)->report_user_accredited (auditor);
+ }
+}
+
+void
+gdm_session_auditor_report_login (GdmSessionAuditor *auditor)
+{
+ if (GDM_SESSION_AUDITOR_GET_CLASS (auditor)->report_login != NULL) {
+ GDM_SESSION_AUDITOR_GET_CLASS (auditor)->report_login (auditor);
+ }
+}
+
+void
+gdm_session_auditor_report_login_failure (GdmSessionAuditor *auditor,
+ int error_code,
+ const char *error_message)
+{
+ if (GDM_SESSION_AUDITOR_GET_CLASS (auditor)->report_login_failure != NULL) {
+ GDM_SESSION_AUDITOR_GET_CLASS (auditor)->report_login_failure (auditor, error_code, error_message);
+ }
+}
+
+void
+gdm_session_auditor_report_logout (GdmSessionAuditor *auditor)
+{
+ if (GDM_SESSION_AUDITOR_GET_CLASS (auditor)->report_logout != NULL) {
+ GDM_SESSION_AUDITOR_GET_CLASS (auditor)->report_logout (auditor);
+ }
+}
Added: trunk/daemon/gdm-session-auditor.h
==============================================================================
--- (empty file)
+++ trunk/daemon/gdm-session-auditor.h Wed Feb 6 05:00:15 2008
@@ -0,0 +1,81 @@
+/* gdm-session-auditor.h - Object for auditing session login/logout
+ *
+ * Copyright (C) 2004, 2008 Sun Microsystems
+ * Copyright (C) 2005, 2008 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Written by: Brian A. Cameron <Brian Cameron sun com>
+ * Gary Winiger <Gary Winiger sun com>
+ * Ray Strode <rstrode redhat com>
+ * Steve Grubb <sgrubb redhat com>
+ */
+#ifndef GDM_SESSION_AUDITOR_H
+#define GDM_SESSION_AUDITOR_H
+
+#include <glib.h>
+#include <glib-object.h>
+
+G_BEGIN_DECLS
+#define GDM_TYPE_SESSION_AUDITOR (gdm_session_auditor_get_type ())
+#define GDM_SESSION_AUDITOR(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GDM_TYPE_SESSION_AUDITOR, GdmSessionAuditor))
+#define GDM_SESSION_AUDITOR_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), GDM_TYPE_SESSION_AUDITOR, GdmSessionAuditorClass))
+#define GDM_IS_SESSION_AUDITOR(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GDM_TYPE_SESSION_AUDITOR))
+#define GDM_IS_SESSION_AUDITOR_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GDM_TYPE_SESSION_AUDITOR))
+#define GDM_SESSION_AUDITOR_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), GDM_TYPE_SESSION_AUDITOR, GdmSessionAuditorClass))
+#define GDM_SESSION_AUDITOR_ERROR (gdm_session_auditor_error_quark ())
+typedef struct _GdmSessionAuditor GdmSessionAuditor;
+typedef struct _GdmSessionAuditorClass GdmSessionAuditorClass;
+typedef struct _GdmSessionAuditorPrivate GdmSessionAuditorPrivate;
+
+struct _GdmSessionAuditor
+{
+ GObject parent;
+
+ /*< private > */
+ GdmSessionAuditorPrivate *priv;
+};
+
+struct _GdmSessionAuditorClass
+{
+ GObjectClass parent_class;
+
+ void (* report_password_changed) (GdmSessionAuditor *auditor);
+ void (* report_password_change_failure) (GdmSessionAuditor *auditor);
+ void (* report_user_accredited) (GdmSessionAuditor *auditor);
+ void (* report_login) (GdmSessionAuditor *auditor);
+ void (* report_login_failure) (GdmSessionAuditor *auditor,
+ int error_code,
+ const char *error_message);
+ void (* report_logout) (GdmSessionAuditor *auditor);
+};
+
+GType gdm_session_auditor_get_type (void);
+GdmSessionAuditor *gdm_session_auditor_new (const char *hostname,
+ const char *display_device);
+void gdm_session_auditor_set_username (GdmSessionAuditor *auditor,
+ const char *username);
+void gdm_session_auditor_report_password_changed (GdmSessionAuditor *auditor);
+void gdm_session_auditor_report_password_change_failure (GdmSessionAuditor *auditor);
+void gdm_session_auditor_report_user_accredited (GdmSessionAuditor *auditor);
+void gdm_session_auditor_report_login (GdmSessionAuditor *auditor);
+void gdm_session_auditor_report_login_failure (GdmSessionAuditor *auditor,
+ int error_code,
+ const char *error_message);
+void gdm_session_auditor_report_logout (GdmSessionAuditor *auditor);
+
+G_END_DECLS
+#endif /* GDM_SESSION_AUDITOR_H */
Added: trunk/daemon/gdm-session-linux-auditor.c
==============================================================================
--- (empty file)
+++ trunk/daemon/gdm-session-linux-auditor.c Wed Feb 6 05:00:15 2008
@@ -0,0 +1,162 @@
+/* gdm-session-linux-auditor.c - Object for Linux auditing of session login/logout
+ *
+ * Copyright (C) 2004, 2008 Sun Microsystems
+ * Copyright (C) 2005, 2008 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Written by: Brian A. Cameron <Brian Cameron sun com>
+ * Gary Winiger <Gary Winiger sun com>
+ * Ray Strode <rstrode redhat com>
+ * Steve Grubb <sgrubb redhat com>
+ */
+#include "config.h"
+#include "gdm-session-linux-auditor.h"
+
+#include <fcntl.h>
+#include <pwd.h>
+#include <syslog.h>
+#include <unistd.h>
+
+#include <libaudit.h>
+
+#include <glib.h>
+
+struct _GdmSessionLinuxAuditorPrivate
+{
+ int audit_fd;
+};
+
+static void gdm_session_linux_auditor_finalize (GObject *object);
+
+G_DEFINE_TYPE (GdmSessionLinuxAuditor, gdm_session_linux_auditor, GDM_TYPE_SESSION_AUDITOR);
+
+static void
+gdm_session_linux_auditor_report_login_attempt (GdmSessionAuditor *auditor,
+ gboolean was_successful)
+{
+ GdmSessionLinuxAuditor *linux_auditor;
+ char buf[512];
+ char *username;
+ char *hostname;
+ char *display_device;
+ struct passwd *pw;
+
+ linux_auditor = GDM_SESSION_LINUX_AUDITOR (auditor);
+
+ g_object_get (G_OBJECT (auditor), "username", &username, NULL);
+ g_object_get (G_OBJECT (auditor), "hostname", &hostname, NULL);
+ g_object_get (G_OBJECT (auditor), "display-device", &display_device, NULL);
+
+ pw = getpwnam (username);
+ if (username) {
+ pw = getpwnam (username);
+ } else {
+ username = "unknown";
+ pw = NULL;
+ }
+
+ if (pw) {
+ g_snprintf (buf, sizeof (buf), "uid=%d", pw->pw_uid);
+ audit_log_user_message (linux_auditor->priv->audit_fd, AUDIT_USER_LOGIN,
+ buf, hostname, NULL, display_device,
+ was_successful != FALSE);
+ } else {
+ g_snprintf (buf, sizeof (buf), "acct=%s", username);
+ audit_log_user_message (linux_auditor->priv->audit_fd, AUDIT_USER_LOGIN,
+ buf, hostname, NULL, display_device,
+ was_successful != FALSE);
+ }
+
+ g_free (username);
+ g_free (hostname);
+ g_free (display_device);
+}
+
+static void
+gdm_session_linux_auditor_report_login (GdmSessionAuditor *auditor)
+{
+ gdm_session_linux_auditor_report_login_attempt (auditor, TRUE);
+}
+
+static void
+gdm_session_linux_auditor_report_login_failure (GdmSessionAuditor *auditor,
+ int pam_error_code,
+ const char *pam_error_string)
+{
+
+ gdm_session_linux_auditor_report_login_attempt (auditor, FALSE);
+}
+
+static void
+gdm_session_linux_auditor_class_init (GdmSessionLinuxAuditorClass *klass)
+{
+ GObjectClass *object_class;
+ GdmSessionAuditorClass *auditor_class;
+
+ object_class = G_OBJECT_CLASS (klass);
+ auditor_class = GDM_SESSION_AUDITOR_CLASS (klass);
+
+ object_class->finalize = gdm_session_linux_auditor_finalize;
+
+ auditor_class->report_login = gdm_session_linux_auditor_report_login;
+ auditor_class->report_login_failure = gdm_session_linux_auditor_report_login_failure;
+
+ g_type_class_add_private (auditor_class, sizeof (GdmSessionLinuxAuditorPrivate));
+}
+
+static void
+gdm_session_linux_auditor_init (GdmSessionLinuxAuditor *auditor)
+{
+ auditor->priv = G_TYPE_INSTANCE_GET_PRIVATE (auditor,
+ GDM_TYPE_SESSION_LINUX_AUDITOR,
+ GdmSessionLinuxAuditorPrivate);
+
+ auditor->priv->audit_fd = audit_open ();
+}
+
+static void
+gdm_session_linux_auditor_finalize (GObject *object)
+{
+ GdmSessionLinuxAuditor *linux_auditor;
+ GObjectClass *parent_class;
+
+ linux_auditor = GDM_SESSION_LINUX_AUDITOR (object);
+
+ close (linux_auditor->priv->audit_fd);
+
+ parent_class = G_OBJECT_CLASS (gdm_session_linux_auditor_parent_class);
+ if (parent_class->finalize != NULL) {
+ parent_class->finalize (object);
+ }
+}
+
+
+GdmSessionAuditor *
+gdm_session_linux_auditor_new (const char *hostname,
+ const char *display_device)
+{
+ GObject *auditor;
+
+ auditor = g_object_new (GDM_TYPE_SESSION_LINUX_AUDITOR,
+ "hostname", hostname,
+ "display-device", display_device,
+ NULL);
+
+ return GDM_SESSION_AUDITOR (auditor);
+}
+
+
Added: trunk/daemon/gdm-session-linux-auditor.h
==============================================================================
--- (empty file)
+++ trunk/daemon/gdm-session-linux-auditor.h Wed Feb 6 05:00:15 2008
@@ -0,0 +1,63 @@
+/* gdm-linux-session-auditor.h - Object for linux auditing of session login/logout
+ *
+ * Copyright (C) 2004, 2008 Sun Microsystems
+ * Copyright (C) 2005, 2008 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Written by: Brian A. Cameron <Brian Cameron sun com>
+ * Gary Winiger <Gary Winiger sun com>
+ * Ray Strode <rstrode redhat com>
+ * Steve Grubb <sgrubb redhat com>
+ */
+#ifndef GDM_SESSION_LINUX_AUDITOR_H
+#define GDM_SESSION_LINUX_AUDITOR_H
+
+#include <glib.h>
+#include <glib-object.h>
+
+#include "gdm-session-auditor.h"
+
+G_BEGIN_DECLS
+#define GDM_TYPE_SESSION_LINUX_AUDITOR (gdm_session_linux_auditor_get_type ())
+#define GDM_SESSION_LINUX_AUDITOR(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GDM_TYPE_SESSION_LINUX_AUDITOR, GdmSessionLinuxAuditor))
+#define GDM_SESSION_LINUX_AUDITOR_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), GDM_TYPE_SESSION_LINUX_AUDITOR, GdmSessionLinuxAuditorClass))
+#define GDM_IS_SESSION_LINUX_AUDITOR(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GDM_TYPE_SESSION_LINUX_AUDITOR))
+#define GDM_IS_SESSION_LINUX_AUDITOR_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GDM_TYPE_SESSION_LINUX_AUDITOR))
+#define GDM_SESSION_LINUX_AUDITOR_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), GDM_TYPE_SESSION_LINUX_AUDITOR, GdmSessionLinuxAuditorClass))
+#define GDM_SESSION_LINUX_AUDITOR_ERROR (gdm_session_linux_auditor_error_quark ())
+typedef struct _GdmSessionLinuxAuditor GdmSessionLinuxAuditor;
+typedef struct _GdmSessionLinuxAuditorClass GdmSessionLinuxAuditorClass;
+typedef struct _GdmSessionLinuxAuditorPrivate GdmSessionLinuxAuditorPrivate;
+
+struct _GdmSessionLinuxAuditor
+{
+ GdmSessionAuditor parent;
+
+ /*< private > */
+ GdmSessionLinuxAuditorPrivate *priv;
+};
+
+struct _GdmSessionLinuxAuditorClass
+{
+ GdmSessionAuditorClass parent_class;
+};
+
+GType gdm_session_linux_auditor_get_type (void);
+GdmSessionAuditor *gdm_session_linux_auditor_new (const char *hostname,
+ const char *display_device);
+G_END_DECLS
+#endif /* GDM_SESSION_LINUX_AUDITOR_H */
Added: trunk/daemon/gdm-session-solaris-auditor.c
==============================================================================
--- (empty file)
+++ trunk/daemon/gdm-session-solaris-auditor.c Wed Feb 6 05:00:15 2008
@@ -0,0 +1,391 @@
+/* gdm-session-solaris-auditor.c - Object for Solaris auditing of session login/logout
+ *
+ * Copyright (C) 2004, 2008 Sun Microsystems
+ * Copyright (C) 2005, 2008 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Written by: Brian A. Cameron <Brian Cameron sun com>
+ * Gary Winiger <Gary Winiger sun com>
+ * Ray Strode <rstrode redhat com>
+ * Steve Grubb <sgrubb redhat com>
+ */
+#include "config.h"
+#include "gdm-session-solaris-auditor.h"
+
+#include <syslog.h>
+#include <security/pam_appl.h>
+#include <pwd.h>
+
+#include <fcntl.h>
+#include <bsm/adt.h>
+#include <bsm/adt_event.h>
+
+#include <glib.h>
+#include <glib-object.h>
+#include <glib/gi18n.h>
+
+struct _GdmSessionSolarisAuditorPrivate
+{
+ adt_session_data_t *audit_session_handle;
+
+ guint password_change_initiated : 1;
+ guint password_changed : 1;
+ guint user_accredited : 1;
+
+ /* cached values to prevent repeated calls
+ * to getpwnam
+ */
+ char *username;
+ uid_t uid;
+ gid_t gid;
+};
+
+static void gdm_session_solaris_auditor_finalize (GObject *object);
+
+G_DEFINE_TYPE (GdmSessionSolarisAuditor, gdm_session_solaris_auditor, GDM_TYPE_SESSION_AUDITOR)
+
+static void
+gdm_session_solaris_auditor_report_password_changed (GdmSessionAuditor *auditor)
+{
+ GdmSessionSolarisAuditor *solaris_auditor;
+
+ solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor);
+ solaris_auditor->priv->password_change_initiated = TRUE;
+ solaris_auditor->priv->password_changed = TRUE;
+}
+
+static void
+gdm_session_solaris_auditor_report_password_change_failure (GdmSessionAuditor *auditor)
+{
+ GdmSessionSolarisAuditor *solaris_auditor;
+
+ solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor);
+ solaris_auditor->priv->password_change_initiated = TRUE;
+ solaris_auditor->priv->password_changed = FALSE;
+}
+
+static void
+gdm_session_solaris_auditor_report_user_accredited (GdmSessionAuditor *auditor)
+{
+ GdmSessionSolarisAuditor *solaris_auditor;
+
+ solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor);
+ solaris_auditor->priv->user_accredited = TRUE;
+}
+
+static void
+gdm_session_solaris_auditor_report_login (GdmSessionAuditor *auditor)
+{
+ GdmSessionSolarisAuditor *solaris_auditor;
+ adt_session_data_t *adt_ah; /* Audit session handle */
+ adt_event_data_t *event; /* Event to generate */
+
+ solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor);
+
+ g_return_if_fail (solaris_auditor->priv->username != NULL);
+
+ adt_ah = NULL;
+ if (adt_start_session (&adt_ah, NULL, ADT_USE_PROC_DATA) != 0) {
+ syslog (LOG_AUTH | LOG_ALERT,
+ "adt_start_session (ADT_login): %m");
+ goto cleanup;
+ }
+
+ if (adt_set_user (adt_ah, solaris_auditor->priv->uid,
+ solaris_auditor->priv->gid, solaris_auditor->priv->uid,
+ solaris_auditor->priv->gid, NULL, ADT_USER) != 0) {
+ syslog (LOG_AUTH | LOG_ALERT,
+ "adt_set_user (ADT_login, %s): %m",
+ solaris_auditor->priv->username);
+ }
+
+ event = adt_alloc_event (adt_ah, ADT_login);
+ if (event == NULL) {
+ syslog (LOG_AUTH | LOG_ALERT, "adt_alloc_event (ADT_login): %m");
+ } else if (adt_put_event (event, ADT_SUCCESS, ADT_SUCCESS) != 0) {
+ syslog (LOG_AUTH | LOG_ALERT,
+ "adt_put_event (ADT_login, ADT_SUCCESS): %m");
+ }
+
+ if (solaris_auditor->priv->password_changed) {
+
+ g_assert (solaris_auditor->priv->password_change_initiated);
+
+ /* Also audit password change */
+ adt_free_event (event);
+ event = adt_alloc_event (adt_ah, ADT_passwd);
+ if (event == NULL) {
+ syslog (LOG_AUTH | LOG_ALERT,
+ "adt_alloc_event (ADT_passwd): %m");
+ } else if (adt_put_event (event, ADT_SUCCESS,
+ ADT_SUCCESS) != 0) {
+
+ syslog (LOG_AUTH | LOG_ALERT,
+ "adt_put_event (ADT_passwd, ADT_SUCCESS): %m");
+ }
+ }
+
+ adt_free_event (event);
+
+cleanup:
+ solaris_auditor->priv->audit_session_handle = adt_ah;
+}
+
+static void
+gdm_session_solaris_auditor_report_login_failure (GdmSessionAuditor *auditor,
+ int pam_error_code,
+ const char *pam_error_string)
+{
+ GdmSessionSolarisAuditor *solaris_auditor;
+ char *hostname;
+ char *display_device;
+ adt_session_data_t *ah; /* Audit session handle */
+ adt_event_data_t *event; /* Event to generate */
+ adt_termid_t *tid; /* Terminal ID for failures */
+
+ solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor);
+ g_object_get (G_OBJECT (auditor),
+ "hostname", &hostname,
+ "display-device", &display_device, NULL);
+
+ if (solaris_auditor->priv->user_accredited) {
+ if (adt_start_session (&ah, NULL, ADT_USE_PROC_DATA) != 0) {
+ syslog (LOG_AUTH | LOG_ALERT,
+ "adt_start_session (ADT_login, ADT_FAILURE): %m");
+ goto cleanup;
+ }
+ } else {
+ if (adt_start_session (&ah, NULL, 0) != 0) {
+ syslog (LOG_AUTH | LOG_ALERT,
+ "adt_start_session (ADT_login, ADT_FAILURE): %m");
+ goto cleanup;
+ }
+
+ /* If display is on console or VT */
+ if (hostname != NULL && hostname[0] != '\0') {
+ /* login from the local host */
+ if (adt_load_ttyname (display_device, &tid) != 0) {
+ syslog (LOG_AUTH | LOG_ALERT,
+ "adt_loadhostname (localhost): %m");
+ }
+ } else {
+ /* Login from a remote host */
+ if (adt_load_hostname (hostname, &tid) != 0) {
+ syslog (LOG_AUTH | LOG_ALERT,
+ "adt_loadhostname (%s): %m", hostname);
+ }
+ }
+
+ if (adt_set_user (ah,
+ solaris_auditor->priv->username != NULL ? solaris_auditor->priv->uid : ADT_NO_ATTRIB,
+ solaris_auditor->priv->username != NULL ? solaris_auditor->priv->gid : ADT_NO_ATTRIB,
+ solaris_auditor->priv->username != NULL ? solaris_auditor->priv->uid : ADT_NO_ATTRIB,
+ solaris_auditor->priv->username != NULL ? solaris_auditor->priv->gid : ADT_NO_ATTRIB,
+ tid, ADT_NEW) != 0) {
+
+ syslog (LOG_AUTH | LOG_ALERT,
+ "adt_set_user (%s): %m",
+ solaris_auditor->priv->username != NULL ? solaris_auditor->priv->username : "ADT_NO_ATTRIB");
+ }
+ }
+
+ event = adt_alloc_event (ah, ADT_login);
+
+ if (event == NULL) {
+ syslog (LOG_AUTH | LOG_ALERT,
+ "adt_alloc_event (ADT_login, ADT_FAILURE): %m");
+ goto done;
+ } else if (adt_put_event (event, ADT_FAILURE,
+ ADT_FAIL_PAM + pam_error_code) != 0) {
+ syslog (LOG_AUTH | LOG_ALERT,
+ "adt_put_event (ADT_login (ADT_FAIL, %s): %m",
+ pam_error_string);
+ }
+
+ if (solaris_auditor->priv->password_change_initiated) {
+ /* Also audit password change */
+ adt_free_event (event);
+
+ event = adt_alloc_event (ah, ADT_passwd);
+ if (event == NULL) {
+ syslog (LOG_AUTH | LOG_ALERT,
+ "adt_alloc_event (ADT_passwd): %m");
+ goto done;
+ }
+
+ if (solaris_auditor->priv->password_changed) {
+ if (adt_put_event (event, ADT_SUCCESS,
+ ADT_SUCCESS) != 0) {
+
+ syslog (LOG_AUTH | LOG_ALERT,
+ "adt_put_event (ADT_passwd, ADT_SUCCESS): "
+ "%m");
+ }
+ } else {
+ if (adt_put_event (event, ADT_FAILURE,
+ ADT_FAIL_PAM + pam_error_code) != 0) {
+
+ syslog (LOG_AUTH | LOG_ALERT,
+ "adt_put_event (ADT_passwd, ADT_FAILURE): "
+ "%m");
+ }
+ }
+ }
+ adt_free_event (event);
+
+done:
+ /* Reset process audit state. this process is being reused.*/
+ if ((adt_set_user (ah, ADT_NO_AUDIT, ADT_NO_AUDIT, ADT_NO_AUDIT,
+ ADT_NO_AUDIT, NULL, ADT_NEW) != 0) ||
+ (adt_set_proc (ah) != 0)) {
+
+ syslog (LOG_AUTH | LOG_ALERT,
+ "adt_put_event (ADT_login (ADT_FAILURE reset, %m)");
+ }
+ (void) adt_end_session (ah);
+
+cleanup:
+ g_free (hostname);
+ g_free (display_device);
+}
+
+static void
+gdm_session_solaris_auditor_report_logout (GdmSessionAuditor *auditor)
+{
+ GdmSessionSolarisAuditor *solaris_auditor;
+ adt_session_data_t *adt_ah; /* Audit session handle */
+ adt_event_data_t *event; /* Event to generate */
+
+ solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor);
+
+ adt_ah = solaris_auditor->priv->audit_session_handle;
+
+ event = adt_alloc_event (adt_ah, ADT_logout);
+ if (event == NULL) {
+ syslog (LOG_AUTH | LOG_ALERT,
+ "adt_alloc_event (ADT_logout): %m");
+ } else if (adt_put_event (event, ADT_SUCCESS, ADT_SUCCESS) != 0) {
+ syslog (LOG_AUTH | LOG_ALERT,
+ "adt_put_event (ADT_logout, ADT_SUCCESS): %m");
+ }
+
+ adt_free_event (event);
+
+ /* Reset process audit state. this process is being reused. */
+ if ((adt_set_user (adt_ah, ADT_NO_AUDIT, ADT_NO_AUDIT, ADT_NO_AUDIT,
+ ADT_NO_AUDIT, NULL, ADT_NEW) != 0) ||
+ (adt_set_proc (adt_ah) != 0)) {
+ syslog (LOG_AUTH | LOG_ALERT,
+ "adt_set_proc (ADT_logout reset): %m");
+ }
+
+ (void) adt_end_session (adt_ah);
+ solaris_auditor->priv->audit_session_handle = NULL;
+}
+
+static void
+gdm_session_solaris_auditor_class_init (GdmSessionSolarisAuditorClass *klass)
+{
+ GObjectClass *object_class;
+ GdmSessionAuditorClass *auditor_class;
+
+ object_class = G_OBJECT_CLASS (klass);
+ auditor_class = GDM_SESSION_AUDITOR_CLASS (klass);
+
+ object_class->finalize = gdm_session_solaris_auditor_finalize;
+
+ auditor_class->report_password_changed = gdm_session_solaris_auditor_report_password_changed;
+ auditor_class->report_password_change_failure = gdm_session_solaris_auditor_report_password_change_failure;
+ auditor_class->report_user_accredited = gdm_session_solaris_auditor_report_user_accredited;
+ auditor_class->report_login = gdm_session_solaris_auditor_report_login;
+ auditor_class->report_login_failure = gdm_session_solaris_auditor_report_login_failure;
+ auditor_class->report_logout = gdm_session_solaris_auditor_report_logout;
+
+ g_type_class_add_private (auditor_class, sizeof (GdmSessionSolarisAuditorPrivate));
+}
+
+static void
+on_username_set (GdmSessionSolarisAuditor *auditor)
+{
+ char *username;
+ struct passwd *passwd_entry;
+
+ g_object_get (G_OBJECT (auditor), "username", &username, NULL);
+
+ passwd_entry = getpwnam (username);
+
+ if (passwd_entry != NULL) {
+ auditor->priv->uid = passwd_entry->pw_uid;
+ auditor->priv->gid = passwd_entry->pw_gid;
+ auditor->priv->username = g_strdup (passwd_entry->pw_name);
+ } else {
+ g_free (auditor->priv->username);
+ auditor->priv->username = NULL;
+ auditor->priv->uid = (uid_t) -1;
+ auditor->priv->gid = (gid_t) -1;
+ }
+
+ g_free (username);
+}
+
+static void
+gdm_session_solaris_auditor_init (GdmSessionSolarisAuditor *auditor)
+{
+ auditor->priv = G_TYPE_INSTANCE_GET_PRIVATE (auditor,
+ GDM_TYPE_SESSION_SOLARIS_AUDITOR,
+ GdmSessionSolarisAuditorPrivate);
+
+ g_signal_connect (G_OBJECT (auditor), "notify::username",
+ G_CALLBACK (on_username_set), NULL);
+
+ auditor->priv->uid = (uid_t) -1;
+ auditor->priv->gid = (gid_t) -1;
+}
+
+static void
+gdm_session_solaris_auditor_finalize (GObject *object)
+{
+ GdmSessionSolarisAuditor *solaris_auditor;
+ GObjectClass *parent_class;
+
+ solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (object);
+
+ g_free (solaris_auditor->priv->username);
+ solaris_auditor->priv->username = NULL;
+
+ parent_class = G_OBJECT_CLASS (gdm_session_solaris_auditor_parent_class);
+
+ if (parent_class->finalize != NULL) {
+ parent_class->finalize (object);
+ }
+}
+
+GdmSessionAuditor *
+gdm_session_solaris_auditor_new (const char *hostname,
+ const char *display_device)
+{
+ GObject *auditor;
+
+ auditor = g_object_new (GDM_TYPE_SESSION_SOLARIS_AUDITOR,
+ "hostname", hostname,
+ "display-device", display_device,
+ NULL);
+
+ return GDM_SESSION_AUDITOR (auditor);
+}
+
+
Added: trunk/daemon/gdm-session-solaris-auditor.h
==============================================================================
--- (empty file)
+++ trunk/daemon/gdm-session-solaris-auditor.h Wed Feb 6 05:00:15 2008
@@ -0,0 +1,63 @@
+/* gdm-solaris-session-auditor.h - Object for solaris auditing of session login/logout
+ *
+ * Copyright (C) 2004, 2008 Sun Microsystems
+ * Copyright (C) 2005, 2008 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Written by: Brian A. Cameron <Brian Cameron sun com>
+ * Gary Winiger <Gary Winiger sun com>
+ * Ray Strode <rstrode redhat com>
+ * Steve Grubb <sgrubb redhat com>
+ */
+#ifndef GDM_SESSION_SOLARIS_AUDITOR_H
+#define GDM_SESSION_SOLARIS_AUDITOR_H
+
+#include <glib.h>
+#include <glib-object.h>
+
+#include "gdm-session-auditor.h"
+
+G_BEGIN_DECLS
+#define GDM_TYPE_SESSION_SOLARIS_AUDITOR (gdm_session_solaris_auditor_get_type ())
+#define GDM_SESSION_SOLARIS_AUDITOR(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GDM_TYPE_SESSION_SOLARIS_AUDITOR, GdmSessionSolarisAuditor))
+#define GDM_SESSION_SOLARIS_AUDITOR_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), GDM_TYPE_SESSION_SOLARIS_AUDITOR, GdmSessionSolarisAuditorClass))
+#define GDM_IS_SESSION_SOLARIS_AUDITOR(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GDM_TYPE_SESSION_SOLARIS_AUDITOR))
+#define GDM_IS_SESSION_SOLARIS_AUDITOR_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GDM_TYPE_SESSION_SOLARIS_AUDITOR))
+#define GDM_SESSION_SOLARIS_AUDITOR_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), GDM_TYPE_SESSION_SOLARIS_AUDITOR, GdmSessionSolarisAuditorClass))
+#define GDM_SESSION_SOLARIS_AUDITOR_ERROR (gdm_session_solaris_auditor_error_quark ())
+typedef struct _GdmSessionSolarisAuditor GdmSessionSolarisAuditor;
+typedef struct _GdmSessionSolarisAuditorClass GdmSessionSolarisAuditorClass;
+typedef struct _GdmSessionSolarisAuditorPrivate GdmSessionSolarisAuditorPrivate;
+
+struct _GdmSessionSolarisAuditor
+{
+ GdmSessionAuditor parent;
+
+ /*< private > */
+ GdmSessionSolarisAuditorPrivate *priv;
+};
+
+struct _GdmSessionSolarisAuditorClass
+{
+ GdmSessionAuditorClass parent_class;
+};
+
+GType gdm_session_solaris_auditor_get_type (void);
+GdmSessionAuditor *gdm_session_solaris_auditor_new (const char *hostname,
+ const char *display_device);
+G_END_DECLS
+#endif /* GDM_SESSION_SOLARIS_AUDITOR_H */
Modified: trunk/daemon/gdm-session-worker.c
==============================================================================
--- trunk/daemon/gdm-session-worker.c (original)
+++ trunk/daemon/gdm-session-worker.c Wed Feb 6 05:00:15 2008
@@ -46,6 +46,14 @@
#include "gdm-session-worker.h"
#include "gdm-marshal.h"
+#if defined (HAVE_ADT)
+#include "gdm-session-solaris-auditor.h"
+#elif defined (HAVE_LIBAUDIT)
+#include "gdm-session-linux-auditor.h"
+#else
+#include "gdm-session-auditor.h"
+#endif
+
#define GDM_SESSION_WORKER_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), GDM_TYPE_SESSION_WORKER, GdmSessionWorkerPrivate))
#define GDM_SESSION_DBUS_PATH "/org/gnome/DisplayManager/Session"
@@ -110,6 +118,8 @@
char *server_address;
DBusConnection *connection;
+
+ GdmSessionAuditor *auditor;
};
enum {
@@ -496,6 +506,8 @@
worker->priv->username = username;
username = NULL;
+ gdm_session_auditor_set_username (worker->priv->auditor, worker->priv->username);
+
send_dbus_string_method (worker->priv->connection,
"UsernameChanged",
worker->priv->username);
@@ -773,6 +785,32 @@
}
static void
+gdm_session_worker_start_auditor (GdmSessionWorker *worker)
+{
+
+/* FIXME: it may make sense at some point to keep a list of
+ * auditors, instead of assuming they are mutually exclusive
+ */
+#if defined (HAVE_ADT)
+ worker->priv->auditor = gdm_session_solaris_auditor_new (worker->priv->hostname,
+ worker->priv->display_device);
+#elif defined (HAVE_LIBAUDIT)
+ worker->priv->auditor = gdm_session_linux_auditor_new (worker->priv->hostname,
+ worker->priv->display_device);
+#else
+ worker->priv->auditor = gdm_session_auditor_new (worker->priv->hostname,
+ worker->priv->display_device);
+#endif
+}
+
+static void
+gdm_session_worker_stop_auditor (GdmSessionWorker *worker)
+{
+ g_object_unref (worker->priv->auditor);
+ worker->priv->auditor = NULL;
+}
+
+static void
gdm_session_worker_uninitialize_pam (GdmSessionWorker *worker,
int status)
{
@@ -787,11 +825,18 @@
if (worker->priv->state >= GDM_SESSION_WORKER_STATE_SESSION_OPENED) {
pam_close_session (worker->priv->pam_handle, 0);
+ gdm_session_auditor_report_logout (worker->priv->auditor);
+ } else {
+ gdm_session_auditor_report_login_failure (worker->priv->auditor,
+ status,
+ pam_strerror (worker->priv->pam_handle, status));
}
pam_end (worker->priv->pam_handle, status);
worker->priv->pam_handle = NULL;
+ gdm_session_worker_stop_auditor (worker);
+
g_debug ("GdmSessionWorker: state NONE");
worker->priv->state = GDM_SESSION_WORKER_STATE_NONE;
}
@@ -802,8 +847,9 @@
{
#ifdef __sun
return g_strdup (display_device);
-#endif
+#else
return g_strdup (x11_display_name);
+#endif
}
static gboolean
@@ -827,6 +873,7 @@
pam_conversation.conv = (GdmSessionWorkerPamNewMessagesFunc) gdm_session_worker_pam_new_messages_handler;
pam_conversation.appdata_ptr = worker;
+ gdm_session_worker_start_auditor (worker);
error_code = pam_start (service,
username,
&pam_conversation,
@@ -966,9 +1013,16 @@
/* it's possible that the user needs to change their password or pin code
*/
- if (error_code == PAM_NEW_AUTHTOK_REQD)
+ if (error_code == PAM_NEW_AUTHTOK_REQD) {
error_code = pam_chauthtok (worker->priv->pam_handle, PAM_CHANGE_EXPIRED_AUTHTOK);
+ if (error_code != PAM_SUCCESS) {
+ gdm_session_auditor_report_password_change_failure (worker->priv->auditor);
+ } else {
+ gdm_session_auditor_report_password_changed (worker->priv->auditor);
+ }
+ }
+
if (error_code != PAM_SUCCESS) {
g_debug ("GdmSessionWorker: user is not authorized to log in: %s",
pam_strerror (worker->priv->pam_handle, error_code));
@@ -1144,6 +1198,8 @@
goto out;
}
+ gdm_session_auditor_report_user_accredited (worker->priv->auditor);
+
g_debug ("GdmSessionWorker: state ACCREDITED");
worker->priv->state = GDM_SESSION_WORKER_STATE_ACCREDITED;
@@ -1445,6 +1501,8 @@
return FALSE;
}
+ gdm_session_auditor_report_login (worker->priv->auditor);
+
return TRUE;
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
