Hello community,
here is the log from the commit of package kdebase3
checked in at Thu May 10 23:28:48 CEST 2007.
--------
--- KDE/kdebase3/kdebase3.changes 2007-04-26 23:23:45.000000000 +0200
+++ /mounts/work_src_done/STABLE/kdebase3/kdebase3.changes 2007-05-10 14:20:27.000000000 +0200
@@ -1,0 +2,5 @@
+Thu May 10 14:20:13 CEST 2007 - stbinner@suse.de
+
+- add audit log support to kdm (#263180)
+
+-------------------------------------------------------------------
New:
----
kdm-audit-log.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kdebase3.spec ++++++
--- /var/tmp/diff_new_pack.T26536/_old 2007-05-10 23:22:58.000000000 +0200
+++ /var/tmp/diff_new_pack.T26536/_new 2007-05-10 23:22:58.000000000 +0200
@@ -58,7 +58,7 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url: http://www.kde.org/
Version: 3.5.6
-Release: 33
+Release: 40
%define kde_version 3.5.6
Source0: kdebase-%{kde_version}.tar.bz2
Source3: startkde.suse.sh
@@ -200,6 +200,7 @@
Patch205: kcmkdm-default-grub.diff
Patch206: simplify-randr-settings.diff
Patch207: spellcheck-default-utf8.diff
+Patch208: kdm-audit-log.diff
%description
This package contains kdebase, one of the basic packages of the K
@@ -386,7 +387,7 @@
Summary: Set and list fileshares
Group: System/Management
Version: 2.0
-Release: 268
+Release: 275
%description -n fileshareset
This package contains the the fileshareset utility to allow users to
@@ -563,6 +564,7 @@
%patch205
%patch206
%patch207
+%patch208
cp %SOURCE17 l10n/tw/flag.png
. /etc/opt/kde3/common_options
cd ../fileshareset2
@@ -1575,6 +1577,8 @@
%endif
%changelog
+* Thu May 10 2007 - stbinner@suse.de
+- add audit log support to kdm (#263180)
* Thu Apr 26 2007 - dmueller@suse.de
- fix build for 10.3
* Wed Apr 25 2007 - stbinner@suse.de
++++++ kdm-audit-log.diff ++++++
Index: kdm/backend/client.c
===================================================================
--- kdm/backend/client.c (Revision 662873)
+++ kdm/backend/client.c (Arbeitskopie)
@@ -82,6 +82,14 @@
# include
#endif /* USE_PAM || _AIX */
+#define AU_FAILED 0
+#define AU_SUCCESS 1
+#ifdef HAVE_LIBAUDIT
+#include
+#else
+#define log_to_audit_system(l,h,d,s) do { ; } while (0)
+#endif
+
/*
* Session data, mostly what struct verify_info was for
*/
@@ -286,6 +294,56 @@
{}
# endif
+ /**
+ * log_to_audit_system:
+ * @login: Name of user
+ * @hostname: Name of host machine
+ * @tty: Name of display
+ * @success: 1 for success, 0 for failure
+ *
+ * Logs the success or failure of the login attempt with the linux kernel
+ * audit system. The intent is to capture failed events where the user
+ * fails authentication or otherwise is not permitted to login. There are
+ * many other places where pam could potentially fail and cause login to
+ * fail, but these are system failures rather than the signs of an account
+ * being hacked.
+ *
+ * Returns nothing.
+ */
+
+#ifdef HAVE_LIBAUDIT
+static void
+log_to_audit_system (const char *loginname,
+ const char *hostname,
+ const char *tty,
+ int success)
+{
+ struct passwd *pw;
+ char buf[64];
+ int audit_fd;
+
+ audit_fd = audit_open();
+ if (loginname)
+ pw = getpwnam(loginname);
+ else {
+ loginname = "unknown";
+ pw = NULL;
+ }
+ Debug("log_to_audit %p %s\n", pw, loginname);
+
+ if (pw) {
+ snprintf(buf, sizeof(buf), "uid=%d", pw->pw_uid);
+ audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
+ buf, hostname, NULL, tty, (int)success);
+ } else {
+ snprintf(buf, sizeof(buf), "acct=%s", loginname);
+ audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
+ buf, hostname, NULL, tty, (int)success);
+ }
+ close(audit_fd);
+}
+#endif
+
static int
doPAMAuth( const char *psrv, struct pam_data *pdata )
{
@@ -344,6 +402,8 @@
GSendStr( curuser );
}
if (pretc != PAM_SUCCESS) {
+ /* Log the failed login attempt */
+ log_to_audit_system (curuser, td->remoteHost, td->name, AU_FAILED);
switch (pretc) {
case PAM_USER_UNKNOWN:
case PAM_AUTH_ERR:
@@ -678,6 +738,8 @@
if (!p->pw_uid) {
if (!rootok && !td->allowRootLogin)
V_RET_FAIL( "Root logins are not allowed" );
+ /* Log the failed login attempt */
+ log_to_audit_system (curuser, td->remoteHost, td->name, AU_FAILED);
return 1; /* don't deny root to log in */
}
@@ -714,6 +776,8 @@
}
if (pretc == PAM_SUCCESS)
break;
+ /* Log the failed login attempt */
+ log_to_audit_system (curuser, td->remoteHost, td->name, AU_FAILED);
/* effectively there is only PAM_AUTHTOK_ERR */
GSendInt( V_FAIL );
}
@@ -803,6 +867,8 @@
GSendInt( V_MSG_ERR );
GSendStr( "Your account has expired;"
" please contact your system administrator" );
+ /* Log the failed login attempt */
+ log_to_audit_system (curuser, td->remoteHost, td->name, AU_FAILED);
GSendInt( V_FAIL );
LC_RET0;
} else if (tim > (expir - warntime) && !quietlog) {
@@ -837,6 +903,8 @@
GSendInt( V_MSG_ERR );
GSendStr( "Your account has expired;"
" please contact your system administrator" );
+ /* Log the failed login attempt */
+ log_to_audit_system (curuser, td->remoteHost, td->name, AU_FAILED);
GSendInt( V_FAIL );
LC_RET0;
}
@@ -896,6 +964,8 @@
close( fd );
}
GSendStr( "Logins are not allowed at the moment.\nTry again later" );
+ /* Log the failed login attempt */
+ log_to_audit_system (curuser, td->remoteHost, td->name, AU_FAILED);
GSendInt( V_FAIL );
LC_RET0;
}
@@ -906,6 +976,8 @@
PrepErrorGreet();
GSendInt( V_MSG_ERR );
GSendStr( "You are not allowed to login at the moment" );
+ /* Log the failed login attempt */
+ log_to_audit_system (curuser, td->remoteHost, td->name, AU_FAILED);
GSendInt( V_FAIL );
LC_RET0;
}
@@ -917,6 +989,8 @@
Debug( "shell not in /etc/shells\n" );
endusershell();
V_RET_FAIL( "Your login shell is not listed in /etc/shells" );
+ /* Log the failed login attempt */
+ log_to_audit_system (curuser, td->remoteHost, td->name, AU_FAILED);
}
if (!strcmp( s, p->pw_shell )) {
endusershell();
@@ -1326,6 +1400,9 @@
# define D_LOGIN_SETGROUP 0
#endif /* USE_PAM */
+ /* Login succeeded */
+ log_to_audit_system (curuser, td->remoteHost, td->name, AU_SUCCESS);
+
removeAuth = 1;
chownCtrl( &td->ctrl, curuid );
endpwent();
Index: kdm/configure.in.in
===================================================================
--- kdm/configure.in.in (Revision 662873)
+++ kdm/configure.in.in (Arbeitskopie)
@@ -241,3 +241,27 @@
fi
dnl AC_OUTPUT(kdm/kfrontend/sessions/kde.desktop)
+
+
+AC_ARG_WITH(libaudit,
+ [ --with-libaudit=[auto/yes/no] Add Linux audit support [default=auto]],,
+ with_libaudit=auto)
+
+# Check for Linux auditing API
+#
+# libaudit detection
+if test x$with_libaudit = xno ; then
+ have_libaudit=no;
+else
+ # See if we have audit daemon library
+ AC_CHECK_LIB(audit, audit_log_user_message,
+ have_libaudit=yes, have_libaudit=no)
+fi
+
+AM_CONDITIONAL(HAVE_LIBAUDIT, test x$have_libaudit = xyes)
+
+if test x$have_libaudit = xyes ; then
+ EXTRA_DAEMON_LIBS="$EXTRA_DAEMON_LIBS -laudit"
+ AC_DEFINE(HAVE_LIBAUDIT,1,[linux audit support])
+fi
+
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org