Teach login(1) about the make.conf NO_AUDIT variable. This allows us to

conditionally build in audit support.

Submitted by:	bz
MFC after:	1 week

3 files changed, 28 insertions, 3 deletions

diff --git a/usr.bin/login/Makefile b/usr.bin/login/Makefile
index 8a2daa3bd976..22c73b9993d9 100644
--- a/usr.bin/login/Makefile
+++ b/usr.bin/login/Makefile
@@ -4,10 +4,17 @@
 .include <bsd.own.mk>
 
 PROG=	login
-SRCS=	login.c login_audit.c login_fbtab.c
+SRCS=	login.c login_fbtab.c
 CFLAGS+=-DLOGALL
-DPADD=	${LIBUTIL} ${LIBPAM} ${LIBBSM}
-LDADD=	-lutil ${MINUSLPAM} -lbsm
+DPADD=	${LIBUTIL} ${LIBPAM}
+LDADD=	-lutil ${MINUSLPAM}
+
+.if ${MK_AUDIT} != "no"
+SRCS+=	login_audit.c
+CFLAGS+= -DUSE_BSM_AUDIT
+DPADD+=  ${LIBBSM}
+LDADD+=  -lbsm
+.endif
 
 .if ${MK_SETUID_LOGIN} != "no"
 BINOWN=	root
diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c
index b7aa278cdabf..7827ea1da7d2 100644
--- a/usr.bin/login/login.c
+++ b/usr.bin/login/login.c
@@ -173,7 +173,9 @@ main(int argc, char *argv[])
 	login_cap_t *lc = NULL;
 	login_cap_t *lc_user = NULL;
 	pid_t pid;
+#ifdef USE_BSM_AUDIT
 	char auditsuccess = 1;
+#endif
 
 	(void)signal(SIGQUIT, SIG_IGN);
 	(void)signal(SIGINT, SIG_IGN);
@@ -292,19 +294,25 @@ main(int argc, char *argv[])
 		pam_err = pam_start("login", username, &pamc, &pamh);
 		if (pam_err != PAM_SUCCESS) {
 			pam_syslog("pam_start()");
+#ifdef USE_BSM_AUDIT
 			au_login_fail("PAM Error", 1);
+#endif
 			bail(NO_SLEEP_EXIT, 1);
 		}
 		pam_err = pam_set_item(pamh, PAM_TTY, tty);
 		if (pam_err != PAM_SUCCESS) {
 			pam_syslog("pam_set_item(PAM_TTY)");
+#ifdef USE_BSM_AUDIT
 			au_login_fail("PAM Error", 1);
+#endif
 			bail(NO_SLEEP_EXIT, 1);
 		}
 		pam_err = pam_set_item(pamh, PAM_RHOST, hostname);
 		if (pam_err != PAM_SUCCESS) {
 			pam_syslog("pam_set_item(PAM_RHOST)");
+#ifdef USE_BSM_AUDIT
 			au_login_fail("PAM Error", 1);
+#endif
 			bail(NO_SLEEP_EXIT, 1);
 		}
 
@@ -321,7 +329,9 @@ main(int argc, char *argv[])
 		    (uid == (uid_t)0 || uid == (uid_t)pwd->pw_uid)) {
 			/* already authenticated */
 			rval = 0;
+#ifdef USE_BSM_AUDIT
 			auditsuccess = 0; /* opened a terminal window only */
+#endif
 		} else {
 			fflag = 0;
 			(void)setpriority(PRIO_PROCESS, 0, -4);
@@ -338,7 +348,9 @@ main(int argc, char *argv[])
 		 * We are not exiting here, but this corresponds to a failed
 		 * login event, so set exitstatus to 1.
 		 */
+#ifdef USE_BSM_AUDIT
 		au_login_fail("Login incorrect", 1);
+#endif
 
 		(void)printf("Login incorrect\n");
 		failures++;
@@ -364,9 +376,11 @@ main(int argc, char *argv[])
 
 	endpwent();
 
+#ifdef USE_BSM_AUDIT
 	/* Audit successful login. */
 	if (auditsuccess)
 		au_login_success();
+#endif
 
 	/*
 	 * Establish the login class.
@@ -953,8 +967,10 @@ bail(int sec, int eval)
 {
 
 	pam_cleanup();
+#ifdef USE_BSM_AUDIT
 	if (pwd != NULL)
 		audit_logout();
+#endif
 	(void)sleep(sec);
 	exit(eval);
 }
diff --git a/usr.bin/login/login.h b/usr.bin/login/login.h
index 0b33592155c2..9d1b921dac6a 100644
--- a/usr.bin/login/login.h
+++ b/usr.bin/login/login.h
@@ -27,8 +27,10 @@
 
 void	login_fbtab(char *, uid_t, gid_t);
 
+#ifdef USE_BSM_AUDIT
 void	au_login_success(void);
 void	au_login_fail(char *errmsg, int na);
+#endif
 
 extern char		**environ;
 extern struct passwd	*pwd;