From 6b2a5b9f5595f39fb919c12c52c7f3c53f33f914 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 6 Sep 2012 14:58:57 +0200 Subject: pam_selinux, pam_tally2: Add tty and rhost to audit data. modules/pam_selinux/pam_selinux.c (send_audit_message): Obtain tty and rhost from PAM items and pass them to audit. modules/pam_tally2/pam_tally2.c (tally_check): Obtain tty and rhost from PAM items and pass them to audit. (main): Obtain tty name of stdin and pass it to audit. --- modules/pam_tally2/pam_tally2.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'modules/pam_tally2/pam_tally2.c') diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c index d3d6779a..09e85855 100644 --- a/modules/pam_tally2/pam_tally2.c +++ b/modules/pam_tally2/pam_tally2.c @@ -509,6 +509,7 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, #ifdef HAVE_LIBAUDIT char buf[64]; int audit_fd = -1; + const void *rhost = NULL, *tty = NULL; #endif if ((opts->ctrl & OPT_MAGIC_ROOT) && getuid() == 0) { @@ -521,6 +522,8 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT)) return PAM_SYSTEM_ERR; + (void)pam_get_item(pamh, PAM_TTY, &tty); + (void)pam_get_item(pamh, PAM_RHOST, &rhost); #endif if (opts->deny != 0 && /* deny==0 means no deny */ tally->fail_cnt > opts->deny && /* tally>deny means exceeded */ @@ -530,7 +533,7 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, /* First say that max number was hit. */ snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf, - NULL, NULL, NULL, 1); + rhost, NULL, tty, 1); } #endif if (uid) { @@ -541,7 +544,7 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, #ifdef HAVE_LIBAUDIT snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf, - NULL, NULL, NULL, 1); + rhost, NULL, tty, 1); #endif rv = PAM_SUCCESS; goto cleanup; @@ -555,7 +558,7 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, #ifdef HAVE_LIBAUDIT snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf, - NULL, NULL, NULL, 1); + rhost, NULL, tty, 1); #endif rv = PAM_SUCCESS; goto cleanup; @@ -567,7 +570,7 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, if (tally->fail_cnt == opts->deny+1) { /* First say that max number was hit. */ audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_LOCK, buf, - NULL, NULL, NULL, 1); + rhost, NULL, tty, 1); } #endif @@ -996,7 +999,7 @@ main( int argc UNUSED, char **argv ) int audit_fd = audit_open(); snprintf(buf, sizeof(buf), "pam_tally2 uid=%u reset=%hu", uid, cline_reset); audit_log_user_message(audit_fd, AUDIT_USER_ACCT, - buf, NULL, NULL, NULL, 1); + buf, NULL, NULL, ttyname(STDIN_FILENO), 1); if (audit_fd >=0) close(audit_fd); #endif @@ -1041,7 +1044,7 @@ main( int argc UNUSED, char **argv ) int audit_fd = audit_open(); snprintf(buf, sizeof(buf), "pam_tally2 uid=all reset=0"); audit_log_user_message(audit_fd, AUDIT_USER_ACCT, - buf, NULL, NULL, NULL, 1); + buf, NULL, NULL, ttyname(STDIN_FILENO), 1); if (audit_fd >=0) close(audit_fd); #endif -- cgit v1.2.3