diff options
| author | Wayne Salamon <wsalamon@FreeBSD.org> | 2006-02-04 20:20:02 +0000 |
|---|---|---|
| committer | Wayne Salamon <wsalamon@FreeBSD.org> | 2006-02-04 20:20:02 +0000 |
| commit | a1c73d21bf8c1e7c993fb94d827d85790546095c (patch) | |
| tree | 6e04a1e8c50be266102f73f0a516960314a4c645 /usr.bin/login/login.c | |
| parent | 55ad4158245377514f1f3a956e19237ffe86a6c0 (diff) | |
| download | src-a1c73d21bf8c1e7c993fb94d827d85790546095c.tar.gz src-a1c73d21bf8c1e7c993fb94d827d85790546095c.zip | |
Make login audit-enabled, submitting audit records for the login and logout
events. The specifics of submitting the records is contained within
login_audit.c.
Document the auditing behavior in the man page.
Obtained from: TrustedBSD Project, Apple Computer, Inc.
Approved by: rwatson (mentor)
Notes
Notes:
svn path=/head/; revision=155312
Diffstat (limited to 'usr.bin/login/login.c')
| -rw-r--r-- | usr.bin/login/login.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c index 68693f82e21c..f23467de807a 100644 --- a/usr.bin/login/login.c +++ b/usr.bin/login/login.c @@ -173,6 +173,7 @@ main(int argc, char *argv[]) login_cap_t *lc = NULL; login_cap_t *lc_user = NULL; pid_t pid; + char auditsuccess = 1; (void)signal(SIGQUIT, SIG_IGN); (void)signal(SIGINT, SIG_IGN); @@ -291,16 +292,19 @@ main(int argc, char *argv[]) pam_err = pam_start("login", username, &pamc, &pamh); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_start()"); + au_login_fail("PAM Error", 1); bail(NO_SLEEP_EXIT, 1); } pam_err = pam_set_item(pamh, PAM_TTY, tty); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_set_item(PAM_TTY)"); + au_login_fail("PAM Error", 1); bail(NO_SLEEP_EXIT, 1); } pam_err = pam_set_item(pamh, PAM_RHOST, hostname); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_set_item(PAM_RHOST)"); + au_login_fail("PAM Error", 1); bail(NO_SLEEP_EXIT, 1); } @@ -317,6 +321,7 @@ main(int argc, char *argv[]) (uid == (uid_t)0 || uid == (uid_t)pwd->pw_uid)) { /* already authenticated */ rval = 0; + auditsuccess = 0; /* opened a terminal window only */ } else { fflag = 0; (void)setpriority(PRIO_PROCESS, 0, -4); @@ -329,6 +334,12 @@ main(int argc, char *argv[]) pam_cleanup(); + /* + * We are not exiting here, but this corresponds to a failed + * login event, so set exitstatus to 1. + */ + au_login_fail("Login incorrect", 1); + (void)printf("Login incorrect\n"); failures++; @@ -351,6 +362,10 @@ main(int argc, char *argv[]) endpwent(); + /* Audit successful login. */ + if (auditsuccess) + au_login_success(); + /* * Establish the login class. */ @@ -936,6 +951,7 @@ bail(int sec, int eval) { pam_cleanup(); + audit_logout(); (void)sleep(sec); exit(eval); } |