rpms / pam

Clone
Source Code
GIT

Files

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f7 f8 f9 main rawhide
  1.   f19
  2.   pam-1.1.6-audit-data.patch
Blob Blame History Raw 
diff -up Linux-PAM-1.1.6/modules/pam_faillock/main.c.audata Linux-PAM-1.1.6/modules/pam_faillock/main.c
--- Linux-PAM-1.1.6/modules/pam_faillock/main.c.audata	2012-09-03 15:18:19.077405822 +0200
+++ Linux-PAM-1.1.6/modules/pam_faillock/main.c	2012-09-03 15:18:19.082405927 +0200
@@ -42,6 +42,7 @@
 #include <errno.h>
 #include <pwd.h>
 #include <time.h>
+#include <unistd.h>
 #ifdef HAVE_LIBAUDIT
 #include <libaudit.h>
 #endif
@@ -142,7 +143,7 @@ do_user(struct options *opts, const char
 				snprintf(buf, sizeof(buf), "faillock reset uid=%u",
 					pwd->pw_uid);
 				audit_log_user_message(audit_fd, AUDIT_USER_ACCT,
-					buf, NULL, NULL, NULL, rv == 0);
+					buf, NULL, NULL, ttyname(fileno(stdin)), rv == 0);
 			}
 			close(audit_fd);
 		}
diff -up Linux-PAM-1.1.6/modules/pam_faillock/pam_faillock.c.audata Linux-PAM-1.1.6/modules/pam_faillock/pam_faillock.c
--- Linux-PAM-1.1.6/modules/pam_faillock/pam_faillock.c.audata	2012-09-03 15:18:19.077405822 +0200
+++ Linux-PAM-1.1.6/modules/pam_faillock/pam_faillock.c	2012-09-03 15:18:19.083405948 +0200
@@ -264,6 +264,7 @@ check_tally(pam_handle_t *pamh, struct o
 			if (opts->action != FAILLOCK_ACTION_PREAUTH) { /* do not audit in preauth */
 				char buf[64];
 				int audit_fd;
+				const void *rhost = NULL, *tty = NULL;
 
 				audit_fd = audit_open();
 				/* If there is an error & audit support is in the kernel report error */
@@ -271,9 +272,11 @@ check_tally(pam_handle_t *pamh, struct o
 					errno == EAFNOSUPPORT))
 					return PAM_SYSTEM_ERR;
 
+				(void)pam_get_item(pamh, PAM_TTY, &tty);
+				(void)pam_get_item(pamh, PAM_RHOST, &rhost);
 				snprintf(buf, sizeof(buf), "pam_faillock uid=%u ", opts->uid);
 				audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
-					NULL, NULL, NULL, 1);
+					rhost, NULL, tty, 1);
 			}
 #endif
 			opts->flags |= FAILLOCK_FLAG_UNLOCKED;
@@ -378,6 +381,7 @@ write_tally(pam_handle_t *pamh, struct o
 #ifdef HAVE_LIBAUDIT
 		char buf[64];
 		int audit_fd;
+		const void *tty = NULL, *rhost = NULL;
 
 		audit_fd = audit_open();
 		/* If there is an error & audit support is in the kernel report error */
@@ -385,13 +389,15 @@ write_tally(pam_handle_t *pamh, struct o
 			errno == EAFNOSUPPORT))
 			return PAM_SYSTEM_ERR;
 
+		(void)pam_get_item(pamh, PAM_TTY, &tty);
+		(void)pam_get_item(pamh, PAM_RHOST, &rhost);
 		snprintf(buf, sizeof(buf), "pam_faillock uid=%u ", opts->uid);
 		audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf,
-			NULL, NULL, NULL, 1);
+			rhost, NULL, tty, 1);
 
 		if (opts->uid != 0 || (opts->flags & FAILLOCK_FLAG_DENY_ROOT)) {
 			audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_LOCK, buf,
-				NULL, NULL, NULL, 1);
+				rhost, NULL, tty, 1);
 		}
 		close(audit_fd);
 #endif
diff -up Linux-PAM-1.1.6/modules/pam_selinux/pam_selinux.c.audata Linux-PAM-1.1.6/modules/pam_selinux/pam_selinux.c
--- Linux-PAM-1.1.6/modules/pam_selinux/pam_selinux.c.audata	2012-08-15 13:08:43.000000000 +0200
+++ Linux-PAM-1.1.6/modules/pam_selinux/pam_selinux.c	2012-09-03 15:18:19.083405948 +0200
@@ -87,6 +87,7 @@ int send_audit_message(pam_handle_t *pam
 	int audit_fd = audit_open();
 	security_context_t default_raw=NULL;
 	security_context_t selected_raw=NULL;
+	const void *tty = NULL, *rhost = NULL;
 	rc = -1;
 	if (audit_fd < 0) {
 		if (errno == EINVAL || errno == EPROTONOSUPPORT ||
@@ -95,6 +96,8 @@ int send_audit_message(pam_handle_t *pam
 		pam_syslog(pamh, LOG_ERR, "Error connecting to audit system.");
 		return rc;
 	}
+	(void)pam_get_item(pamh, PAM_TTY, &tty);
+	(void)pam_get_item(pamh, PAM_RHOST, &rhost);
 	if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) {
 		pam_syslog(pamh, LOG_ERR, "Error translating default context.");
 		default_raw = NULL;
@@ -110,7 +113,7 @@ int send_audit_message(pam_handle_t *pam
 		goto out;
 	}
 	if (audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE,
-				   msg, NULL, NULL, NULL, success) <= 0) {
+				   msg, rhost, NULL, tty, success) <= 0) {
 		pam_syslog(pamh, LOG_ERR, "Error sending audit message.");
 		goto out;
 	}
diff -up Linux-PAM-1.1.6/modules/pam_tally2/pam_tally2.c.audata Linux-PAM-1.1.6/modules/pam_tally2/pam_tally2.c
--- Linux-PAM-1.1.6/modules/pam_tally2/pam_tally2.c.audata	2012-08-15 13:08:43.000000000 +0200
+++ Linux-PAM-1.1.6/modules/pam_tally2/pam_tally2.c	2012-09-03 15:20:06.071641000 +0200
@@ -509,6 +509,7 @@ tally_check (tally_t oldcnt, time_t oldt
 #ifdef HAVE_LIBAUDIT
     char buf[64];
     int audit_fd = -1;
+    const void *rhost = NULL, *tty = NULL;
 #endif
 
     if ((opts->ctrl & OPT_MAGIC_ROOT) && getuid() == 0) {
@@ -521,6 +522,8 @@ tally_check (tally_t oldcnt, time_t oldt
     if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT ||
                             errno == EAFNOSUPPORT))
          return PAM_SYSTEM_ERR;
+    (void)pam_get_item(pamh, PAM_TTY, &tty);
+    (void)pam_get_item(pamh, PAM_RHOST, &rhost);
 #endif
     if (opts->deny != 0 &&                        /* deny==0 means no deny        */
         tally->fail_cnt > opts->deny &&           /* tally>deny means exceeded    */
@@ -530,7 +533,7 @@ tally_check (tally_t oldcnt, time_t oldt
             /* First say that max number was hit. */
             snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid);
             audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf,
-                                   NULL, NULL, NULL, 1);
+                                   rhost, NULL, tty, 1);
         }
 #endif
         if (uid) {
@@ -541,7 +544,7 @@ tally_check (tally_t oldcnt, time_t oldt
 #ifdef HAVE_LIBAUDIT
                     snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid);
                     audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
-                                   NULL, NULL, NULL, 1);
+                                   rhost, NULL, tty, 1);
 #endif
 	            rv = PAM_SUCCESS;
 		    goto cleanup;
@@ -555,7 +558,7 @@ tally_check (tally_t oldcnt, time_t oldt
 #ifdef HAVE_LIBAUDIT
                     snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid);
                     audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
-                                   NULL, NULL, NULL, 1);
+                                   rhost, NULL, tty, 1);
 #endif
 	            rv = PAM_SUCCESS;
 	            goto cleanup;
@@ -567,7 +570,7 @@ tally_check (tally_t oldcnt, time_t oldt
         if (tally->fail_cnt == opts->deny+1) {
             /* First say that max number was hit. */
             audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_LOCK, buf,
-                                   NULL, NULL, NULL, 1);
+                                   rhost, NULL, tty, 1);
         }
 #endif
 
@@ -996,7 +999,7 @@ main( int argc UNUSED, char **argv )
         int audit_fd = audit_open();
         snprintf(buf, sizeof(buf), "pam_tally2 uid=%u reset=%hu", uid, cline_reset);
         audit_log_user_message(audit_fd, AUDIT_USER_ACCT,
-                buf, NULL, NULL, NULL, 1);
+                buf, NULL, NULL, ttyname(fileno(stdin)), 1);
         if (audit_fd >=0)
                 close(audit_fd);
 #endif
@@ -1041,7 +1044,7 @@ main( int argc UNUSED, char **argv )
       int audit_fd = audit_open();
       snprintf(buf, sizeof(buf), "pam_tally2 uid=all reset=0");
       audit_log_user_message(audit_fd, AUDIT_USER_ACCT,
-              buf, NULL, NULL, NULL, 1);
+              buf, NULL, NULL, ttyname(fileno(stdin)), 1);
       if (audit_fd >=0)
               close(audit_fd);
 #endif
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.