fi
AM_CONDITIONAL(COMPILE_LIBLIGHTDM_QT5, test x"$compile_liblightdm_qt5" != "xno")
+AC_ARG_ENABLE([audit],
+ AS_HELP_STRING([--enable-audit],
+ [Enable audit logging of login and logout events [[default=auto]]]),
+ [enable_audit=$enableval],
+ [enable_audit=auto])
+if test x"$enable_audit" != "xno"; then
+ AC_CHECK_LIB([audit], [audit_log_user_message],
+ [AC_DEFINE(HAVE_LIBAUDIT, 1, [libaudit support])
+ LIGHTDM_LIBS="${LIGHTDM_LIBS} -laudit"
+ ],
+ [if test "x$enable_audit" != xauto; then
+ AC_MSG_FAILURE(
+ [--enable-audit was given, but test for libaudit failed])
+ fi
+ ])
+fi
+
AC_MSG_CHECKING(whether to build tests)
AC_ARG_ENABLE(tests,
AS_HELP_STRING([--disable-tests], [Disable tests building]),
#include <utmp.h>
#include <utmpx.h>
#include <sys/mman.h>
+#include <libaudit.h>
#include "configuration.h"
#include "session-child.h"
updwtmp (wtmp_file, &u);
}
+static void
+audit_event (int type, const gchar *username, uid_t uid, const gchar *remote_host_name, const gchar *tty, gboolean success)
+{
+#if HAVE_LIBAUDIT
+ int auditfd, result;
+ const char *op = NULL;
+
+ auditfd = audit_open ();
+ if (auditfd < 0) {
+ g_printerr ("Error opening audit socket: %s\n", strerror (errno));
+ return;
+ }
+
+ if (type == AUDIT_USER_LOGIN)
+ op = "login";
+ else if (type == AUDIT_USER_LOGOUT)
+ op = "logout";
+ result = success == TRUE ? 1 : 0;
+
+ if (audit_log_acct_message (auditfd, type, NULL, op, username, uid, remote_host_name, NULL, tty, result) <= 0)
+ g_printerr ("Error writing audit message: %s\n", strerror (errno));
+
+ close (auditfd);
+#endif
+}
+
int
session_child_run (int argc, char **argv)
{
ut.ut_tv.tv_usec = tv.tv_usec;
updwtmpx ("/var/log/btmp", &ut);
+
+ audit_event (AUDIT_USER_LOGIN, username, -1, remote_host_name, tty, FALSE);
}
/* Check account is valid */
g_printerr ("Failed to write utmpx: %s\n", strerror (errno));
endutxent ();
updwtmpx ("/var/log/wtmp", &ut);
+
+ audit_event (AUDIT_USER_LOGIN, username, uid, remote_host_name, tty, TRUE);
}
waitpid (child_pid, &return_code, 0);
g_printerr ("Failed to write utmpx: %s\n", strerror (errno));
endutxent ();
updwtmpx ("/var/log/wtmp", &ut);
+
+ audit_event (AUDIT_USER_LOGOUT, username, uid, remote_host_name, tty, TRUE);
}
}