/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- * * Copyright (C) 2004, 2008 Sun Microsystems, Inc. * Copyright (C) 2005, 2008 Red Hat, Inc. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. * * Written by: Brian A. Cameron * Gary Winiger * Ray Strode * Steve Grubb */ #include "config.h" #include "gdm-session-solaris-auditor.h" #include #include #include #include #include #include #include #include #include struct GdmSessionSolarisAuditor { GdmSessionAuditor parent; adt_session_data_t *audit_session_handle; guint password_change_initiated : 1; guint password_changed : 1; guint user_accredited : 1; /* cached values to prevent repeated calls * to getpwnam */ char *username; uid_t uid; gid_t gid; }; static void gdm_session_solaris_auditor_finalize (GObject *object); G_DEFINE_TYPE (GdmSessionSolarisAuditor, gdm_session_solaris_auditor, GDM_TYPE_SESSION_AUDITOR) static void gdm_session_solaris_auditor_report_password_changed (GdmSessionAuditor *auditor) { GdmSessionSolarisAuditor *solaris_auditor; solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor); solaris_auditor->password_change_initiated = TRUE; solaris_auditor->password_changed = TRUE; } static void gdm_session_solaris_auditor_report_password_change_failure (GdmSessionAuditor *auditor) { GdmSessionSolarisAuditor *solaris_auditor; solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor); solaris_auditor->password_change_initiated = TRUE; solaris_auditor->password_changed = FALSE; } static void gdm_session_solaris_auditor_report_user_accredited (GdmSessionAuditor *auditor) { GdmSessionSolarisAuditor *solaris_auditor; solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor); solaris_auditor->user_accredited = TRUE; } static void gdm_session_solaris_auditor_report_login (GdmSessionAuditor *auditor) { GdmSessionSolarisAuditor *solaris_auditor; adt_session_data_t *adt_ah; /* Audit session handle */ adt_event_data_t *event; /* Event to generate */ solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor); g_return_if_fail (solaris_auditor->username != NULL); adt_ah = NULL; if (adt_start_session (&adt_ah, NULL, ADT_USE_PROC_DATA) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_start_session (ADT_login): %m"); goto cleanup; } if (adt_set_user (adt_ah, solaris_auditor->uid, solaris_auditor->gid, solaris_auditor->uid, solaris_auditor->gid, NULL, ADT_USER) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_set_user (ADT_login, %s): %m", solaris_auditor->username); } event = adt_alloc_event (adt_ah, ADT_login); if (event == NULL) { syslog (LOG_AUTH | LOG_ALERT, "adt_alloc_event (ADT_login): %m"); } else if (adt_put_event (event, ADT_SUCCESS, ADT_SUCCESS) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_put_event (ADT_login, ADT_SUCCESS): %m"); } if (solaris_auditor->password_changed) { g_assert (solaris_auditor->password_change_initiated); /* Also audit password change */ adt_free_event (event); event = adt_alloc_event (adt_ah, ADT_passwd); if (event == NULL) { syslog (LOG_AUTH | LOG_ALERT, "adt_alloc_event (ADT_passwd): %m"); } else if (adt_put_event (event, ADT_SUCCESS, ADT_SUCCESS) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_put_event (ADT_passwd, ADT_SUCCESS): %m"); } } adt_free_event (event); cleanup: solaris_auditor->audit_session_handle = adt_ah; } static void gdm_session_solaris_auditor_report_login_failure (GdmSessionAuditor *auditor, int pam_error_code, const char *pam_error_string) { GdmSessionSolarisAuditor *solaris_auditor; char *hostname; char *display_device; adt_session_data_t *ah; /* Audit session handle */ adt_event_data_t *event; /* Event to generate */ adt_termid_t *tid; /* Terminal ID for failures */ solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor); g_object_get (G_OBJECT (auditor), "hostname", &hostname, "display-device", &display_device, NULL); if (solaris_auditor->user_accredited) { if (adt_start_session (&ah, NULL, ADT_USE_PROC_DATA) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_start_session (ADT_login, ADT_FAILURE): %m"); goto cleanup; } } else { if (adt_start_session (&ah, NULL, 0) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_start_session (ADT_login, ADT_FAILURE): %m"); goto cleanup; } /* If display is on console or VT */ if (hostname != NULL && hostname[0] != '\0') { /* Login from a remote host */ if (adt_load_hostname (hostname, &tid) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_loadhostname (%s): %m", hostname); } } else { /* login from the local host */ if (adt_load_ttyname (display_device, &tid) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_loadhostname (localhost): %m"); } } if (adt_set_user (ah, solaris_auditor->username != NULL ? solaris_auditor->uid : ADT_NO_ATTRIB, solaris_auditor->username != NULL ? solaris_auditor->gid : ADT_NO_ATTRIB, solaris_auditor->username != NULL ? solaris_auditor->uid : ADT_NO_ATTRIB, solaris_auditor->username != NULL ? solaris_auditor->gid : ADT_NO_ATTRIB, tid, ADT_NEW) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_set_user (%s): %m", solaris_auditor->username != NULL ? solaris_auditor->username : "ADT_NO_ATTRIB"); } } event = adt_alloc_event (ah, ADT_login); if (event == NULL) { syslog (LOG_AUTH | LOG_ALERT, "adt_alloc_event (ADT_login, ADT_FAILURE): %m"); goto done; } else if (adt_put_event (event, ADT_FAILURE, ADT_FAIL_PAM + pam_error_code) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_put_event (ADT_login (ADT_FAIL, %s): %m", pam_error_string); } if (solaris_auditor->password_change_initiated) { /* Also audit password change */ adt_free_event (event); event = adt_alloc_event (ah, ADT_passwd); if (event == NULL) { syslog (LOG_AUTH | LOG_ALERT, "adt_alloc_event (ADT_passwd): %m"); goto done; } if (solaris_auditor->password_changed) { if (adt_put_event (event, ADT_SUCCESS, ADT_SUCCESS) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_put_event (ADT_passwd, ADT_SUCCESS): " "%m"); } } else { if (adt_put_event (event, ADT_FAILURE, ADT_FAIL_PAM + pam_error_code) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_put_event (ADT_passwd, ADT_FAILURE): " "%m"); } } } adt_free_event (event); done: /* Reset process audit state. this process is being reused.*/ if ((adt_set_user (ah, ADT_NO_AUDIT, ADT_NO_AUDIT, ADT_NO_AUDIT, ADT_NO_AUDIT, NULL, ADT_NEW) != 0) || (adt_set_proc (ah) != 0)) { syslog (LOG_AUTH | LOG_ALERT, "adt_put_event (ADT_login (ADT_FAILURE reset, %m)"); } (void) adt_end_session (ah); cleanup: g_free (hostname); g_free (display_device); } static void gdm_session_solaris_auditor_report_logout (GdmSessionAuditor *auditor) { GdmSessionSolarisAuditor *solaris_auditor; adt_session_data_t *adt_ah; /* Audit session handle */ adt_event_data_t *event; /* Event to generate */ solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor); adt_ah = solaris_auditor->audit_session_handle; event = adt_alloc_event (adt_ah, ADT_logout); if (event == NULL) { syslog (LOG_AUTH | LOG_ALERT, "adt_alloc_event (ADT_logout): %m"); } else if (adt_put_event (event, ADT_SUCCESS, ADT_SUCCESS) != 0) { syslog (LOG_AUTH | LOG_ALERT, "adt_put_event (ADT_logout, ADT_SUCCESS): %m"); } adt_free_event (event); /* Reset process audit state. this process is being reused. */ if ((adt_set_user (adt_ah, ADT_NO_AUDIT, ADT_NO_AUDIT, ADT_NO_AUDIT, ADT_NO_AUDIT, NULL, ADT_NEW) != 0) || (adt_set_proc (adt_ah) != 0)) { syslog (LOG_AUTH | LOG_ALERT, "adt_set_proc (ADT_logout reset): %m"); } (void) adt_end_session (adt_ah); solaris_auditor->audit_session_handle = NULL; } static void gdm_session_solaris_auditor_class_init (GdmSessionSolarisAuditorClass *klass) { GObjectClass *object_class; GdmSessionAuditorClass *auditor_class; object_class = G_OBJECT_CLASS (klass); auditor_class = GDM_SESSION_AUDITOR_CLASS (klass); object_class->finalize = gdm_session_solaris_auditor_finalize; auditor_class->report_password_changed = gdm_session_solaris_auditor_report_password_changed; auditor_class->report_password_change_failure = gdm_session_solaris_auditor_report_password_change_failure; auditor_class->report_user_accredited = gdm_session_solaris_auditor_report_user_accredited; auditor_class->report_login = gdm_session_solaris_auditor_report_login; auditor_class->report_login_failure = gdm_session_solaris_auditor_report_login_failure; auditor_class->report_logout = gdm_session_solaris_auditor_report_logout; } static void on_username_set (GdmSessionSolarisAuditor *auditor) { char *username; struct passwd *passwd_entry; g_object_get (G_OBJECT (auditor), "username", &username, NULL); gdm_get_pwent_for_name (username, &passwd_entry); if (passwd_entry != NULL) { auditor->uid = passwd_entry->pw_uid; auditor->gid = passwd_entry->pw_gid; auditor->username = g_strdup (passwd_entry->pw_name); } else { g_free (auditor->username); auditor->username = NULL; auditor->uid = (uid_t) -1; auditor->gid = (gid_t) -1; } g_free (username); } static void gdm_session_solaris_auditor_init (GdmSessionSolarisAuditor *auditor) { g_signal_connect (G_OBJECT (auditor), "notify::username", G_CALLBACK (on_username_set), NULL); auditor->uid = (uid_t) -1; auditor->gid = (gid_t) -1; } static void gdm_session_solaris_auditor_finalize (GObject *object) { GdmSessionSolarisAuditor *solaris_auditor; GObjectClass *parent_class; solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (object); g_free (solaris_auditor->username); solaris_auditor->username = NULL; parent_class = G_OBJECT_CLASS (gdm_session_solaris_auditor_parent_class); if (parent_class->finalize != NULL) { parent_class->finalize (object); } } GdmSessionAuditor * gdm_session_solaris_auditor_new (const char *hostname, const char *display_device) { GObject *auditor; auditor = g_object_new (GDM_TYPE_SESSION_SOLARIS_AUDITOR, "hostname", hostname, "display-device", display_device, NULL); return GDM_SESSION_AUDITOR (auditor); }