--- SimplePAMApps-0.60.orig/configure.in +++ SimplePAMApps-0.60/configure.in @@ -17,6 +17,15 @@ [ TAGDIR=pamapps ]) ]) if test "${TAGDIR}" = "pamapps"; then + + AC_ARG_WITH(audit, + [ --with-audit build applications with audit library + --without-audit build applications without audit library ], + [ case "${withval}" in + y*) AC_DEFINE(HAVE_LIBAUDIT, 1, [Whether audit support is enabled]) + LIBS="${LIBS} -laudit";; + esac ]) + AC_CHECK_LIB(pam, pam_start) AC_CHECK_LIB(pam_misc, misc_conv) AC_ARG_WITH(pwdb, --- SimplePAMApps-0.60.orig/pamapps/login/login.c +++ SimplePAMApps-0.60/pamapps/login/login.c @@ -47,6 +47,10 @@ #include #endif /* HAVE_PWDB */ +#ifdef HAVE_LIBAUDIT +# include +#endif + #include "../../common/include/shell_args.h" #include "../../common/include/wait4shell.h" #include "../../common/include/login_indep.h" @@ -128,6 +132,28 @@ /* ------ some local (static) functions ------- */ +#ifdef HAVE_LIBAUDIT +static void logaudit(int status, uid_t uid) +{ + const void *item; + const char *username; + int fd; + + if (!pamh || pam_get_item(pamh, PAM_USER, &item) != PAM_SUCCESS || !item) + return; + username = item; + + if ((fd = audit_open()) < 0) + return; + + audit_log_acct_message(fd, AUDIT_USER_LOGIN, + NULL, "login", username, uid, NULL, NULL, + terminal_name ?: "???", status); + + close(fd); +} +#endif /* HAVE_LIBAUDIT */ + #ifdef __GNUC__ __attribute__ ((format (printf, 1, 2))) #endif @@ -251,6 +277,10 @@ static int login_authenticate_user(void) return PAM_MAXTRIES; } +#ifdef HAVE_LIBAUDIT + logaudit(0, (uid_t) -1); +#endif + /* reset the login prompt */ retval = pam_set_item(pamh, PAM_USER_PROMPT, user_prompt); @@ -677,6 +707,11 @@ int main(int argc, const char **argv) err_descr = NULL; } state = LOGIN_STATE_UTMP_OPENED; + +#ifdef HAVE_LIBAUDIT + logaudit(1, uid); +#endif + /* * Process is parent here... wait for the child to exit */ @@ -688,6 +723,11 @@ int main(int argc, const char **argv) } }while (0); +#ifdef HAVE_LIBAUDIT + if (err_descr) + logaudit(0, uid); +#endif + /*Cleaning up*/ do {