1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*-
2 *
3 * Copyright (C) 2004, 2008 Sun Microsystems, Inc.
4 * Copyright (C) 2005, 2008 Red Hat, Inc.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2, or (at your option)
9 * any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 * 02110-1301, USA.
20 *
21 * Written by: Brian A. Cameron <Brian.Cameron@sun.com>
22 * Gary Winiger <Gary.Winiger@sun.com>
23 * Ray Strode <rstrode@redhat.com>
24 * Steve Grubb <sgrubb@redhat.com>
25 */
26 #include "config.h"
27 #include "gdm-session-solaris-auditor.h"
28
29 #include <syslog.h>
30 #include <security/pam_appl.h>
31 #include <pwd.h>
32
33 #include <fcntl.h>
34 #include <bsm/adt.h>
35 #include <bsm/adt_event.h>
36
37 #include <glib.h>
38 #include <glib-object.h>
39 #include <glib/gi18n.h>
40
41 struct _GdmSessionSolarisAuditorPrivate
42 {
43 adt_session_data_t *audit_session_handle;
44
45 guint password_change_initiated : 1;
46 guint password_changed : 1;
47 guint user_accredited : 1;
48
49 /* cached values to prevent repeated calls
50 * to getpwnam
51 */
52 char *username;
53 uid_t uid;
54 gid_t gid;
55 };
56
57 static void gdm_session_solaris_auditor_finalize (GObject *object);
58
G_DEFINE_TYPE(GdmSessionSolarisAuditor,gdm_session_solaris_auditor,GDM_TYPE_SESSION_AUDITOR)59 G_DEFINE_TYPE (GdmSessionSolarisAuditor, gdm_session_solaris_auditor, GDM_TYPE_SESSION_AUDITOR)
60
61 static void
62 gdm_session_solaris_auditor_report_password_changed (GdmSessionAuditor *auditor)
63 {
64 GdmSessionSolarisAuditor *solaris_auditor;
65
66 solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor);
67 solaris_auditor->priv->password_change_initiated = TRUE;
68 solaris_auditor->priv->password_changed = TRUE;
69 }
70
71 static void
gdm_session_solaris_auditor_report_password_change_failure(GdmSessionAuditor * auditor)72 gdm_session_solaris_auditor_report_password_change_failure (GdmSessionAuditor *auditor)
73 {
74 GdmSessionSolarisAuditor *solaris_auditor;
75
76 solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor);
77 solaris_auditor->priv->password_change_initiated = TRUE;
78 solaris_auditor->priv->password_changed = FALSE;
79 }
80
81 static void
gdm_session_solaris_auditor_report_user_accredited(GdmSessionAuditor * auditor)82 gdm_session_solaris_auditor_report_user_accredited (GdmSessionAuditor *auditor)
83 {
84 GdmSessionSolarisAuditor *solaris_auditor;
85
86 solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor);
87 solaris_auditor->priv->user_accredited = TRUE;
88 }
89
90 static void
gdm_session_solaris_auditor_report_login(GdmSessionAuditor * auditor)91 gdm_session_solaris_auditor_report_login (GdmSessionAuditor *auditor)
92 {
93 GdmSessionSolarisAuditor *solaris_auditor;
94 adt_session_data_t *adt_ah; /* Audit session handle */
95 adt_event_data_t *event; /* Event to generate */
96
97 solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor);
98
99 g_return_if_fail (solaris_auditor->priv->username != NULL);
100
101 adt_ah = NULL;
102 if (adt_start_session (&adt_ah, NULL, ADT_USE_PROC_DATA) != 0) {
103 syslog (LOG_AUTH | LOG_ALERT,
104 "adt_start_session (ADT_login): %m");
105 goto cleanup;
106 }
107
108 if (adt_set_user (adt_ah, solaris_auditor->priv->uid,
109 solaris_auditor->priv->gid, solaris_auditor->priv->uid,
110 solaris_auditor->priv->gid, NULL, ADT_USER) != 0) {
111 syslog (LOG_AUTH | LOG_ALERT,
112 "adt_set_user (ADT_login, %s): %m",
113 solaris_auditor->priv->username);
114 }
115
116 event = adt_alloc_event (adt_ah, ADT_login);
117 if (event == NULL) {
118 syslog (LOG_AUTH | LOG_ALERT, "adt_alloc_event (ADT_login): %m");
119 } else if (adt_put_event (event, ADT_SUCCESS, ADT_SUCCESS) != 0) {
120 syslog (LOG_AUTH | LOG_ALERT,
121 "adt_put_event (ADT_login, ADT_SUCCESS): %m");
122 }
123
124 if (solaris_auditor->priv->password_changed) {
125
126 g_assert (solaris_auditor->priv->password_change_initiated);
127
128 /* Also audit password change */
129 adt_free_event (event);
130 event = adt_alloc_event (adt_ah, ADT_passwd);
131 if (event == NULL) {
132 syslog (LOG_AUTH | LOG_ALERT,
133 "adt_alloc_event (ADT_passwd): %m");
134 } else if (adt_put_event (event, ADT_SUCCESS,
135 ADT_SUCCESS) != 0) {
136
137 syslog (LOG_AUTH | LOG_ALERT,
138 "adt_put_event (ADT_passwd, ADT_SUCCESS): %m");
139 }
140 }
141
142 adt_free_event (event);
143
144 cleanup:
145 solaris_auditor->priv->audit_session_handle = adt_ah;
146 }
147
148 static void
gdm_session_solaris_auditor_report_login_failure(GdmSessionAuditor * auditor,int pam_error_code,const char * pam_error_string)149 gdm_session_solaris_auditor_report_login_failure (GdmSessionAuditor *auditor,
150 int pam_error_code,
151 const char *pam_error_string)
152 {
153 GdmSessionSolarisAuditor *solaris_auditor;
154 char *hostname;
155 char *display_device;
156 adt_session_data_t *ah; /* Audit session handle */
157 adt_event_data_t *event; /* Event to generate */
158 adt_termid_t *tid; /* Terminal ID for failures */
159
160 solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor);
161 g_object_get (G_OBJECT (auditor),
162 "hostname", &hostname,
163 "display-device", &display_device, NULL);
164
165 if (solaris_auditor->priv->user_accredited) {
166 if (adt_start_session (&ah, NULL, ADT_USE_PROC_DATA) != 0) {
167 syslog (LOG_AUTH | LOG_ALERT,
168 "adt_start_session (ADT_login, ADT_FAILURE): %m");
169 goto cleanup;
170 }
171 } else {
172 if (adt_start_session (&ah, NULL, 0) != 0) {
173 syslog (LOG_AUTH | LOG_ALERT,
174 "adt_start_session (ADT_login, ADT_FAILURE): %m");
175 goto cleanup;
176 }
177
178 /* If display is on console or VT */
179 if (hostname != NULL && hostname[0] != '\0') {
180 /* Login from a remote host */
181 if (adt_load_hostname (hostname, &tid) != 0) {
182 syslog (LOG_AUTH | LOG_ALERT,
183 "adt_loadhostname (%s): %m", hostname);
184 }
185 } else {
186 /* login from the local host */
187 if (adt_load_ttyname (display_device, &tid) != 0) {
188 syslog (LOG_AUTH | LOG_ALERT,
189 "adt_loadhostname (localhost): %m");
190 }
191 }
192
193 if (adt_set_user (ah,
194 solaris_auditor->priv->username != NULL ? solaris_auditor->priv->uid : ADT_NO_ATTRIB,
195 solaris_auditor->priv->username != NULL ? solaris_auditor->priv->gid : ADT_NO_ATTRIB,
196 solaris_auditor->priv->username != NULL ? solaris_auditor->priv->uid : ADT_NO_ATTRIB,
197 solaris_auditor->priv->username != NULL ? solaris_auditor->priv->gid : ADT_NO_ATTRIB,
198 tid, ADT_NEW) != 0) {
199
200 syslog (LOG_AUTH | LOG_ALERT,
201 "adt_set_user (%s): %m",
202 solaris_auditor->priv->username != NULL ? solaris_auditor->priv->username : "ADT_NO_ATTRIB");
203 }
204 }
205
206 event = adt_alloc_event (ah, ADT_login);
207
208 if (event == NULL) {
209 syslog (LOG_AUTH | LOG_ALERT,
210 "adt_alloc_event (ADT_login, ADT_FAILURE): %m");
211 goto done;
212 } else if (adt_put_event (event, ADT_FAILURE,
213 ADT_FAIL_PAM + pam_error_code) != 0) {
214 syslog (LOG_AUTH | LOG_ALERT,
215 "adt_put_event (ADT_login (ADT_FAIL, %s): %m",
216 pam_error_string);
217 }
218
219 if (solaris_auditor->priv->password_change_initiated) {
220 /* Also audit password change */
221 adt_free_event (event);
222
223 event = adt_alloc_event (ah, ADT_passwd);
224 if (event == NULL) {
225 syslog (LOG_AUTH | LOG_ALERT,
226 "adt_alloc_event (ADT_passwd): %m");
227 goto done;
228 }
229
230 if (solaris_auditor->priv->password_changed) {
231 if (adt_put_event (event, ADT_SUCCESS,
232 ADT_SUCCESS) != 0) {
233
234 syslog (LOG_AUTH | LOG_ALERT,
235 "adt_put_event (ADT_passwd, ADT_SUCCESS): "
236 "%m");
237 }
238 } else {
239 if (adt_put_event (event, ADT_FAILURE,
240 ADT_FAIL_PAM + pam_error_code) != 0) {
241
242 syslog (LOG_AUTH | LOG_ALERT,
243 "adt_put_event (ADT_passwd, ADT_FAILURE): "
244 "%m");
245 }
246 }
247 }
248 adt_free_event (event);
249
250 done:
251 /* Reset process audit state. this process is being reused.*/
252 if ((adt_set_user (ah, ADT_NO_AUDIT, ADT_NO_AUDIT, ADT_NO_AUDIT,
253 ADT_NO_AUDIT, NULL, ADT_NEW) != 0) ||
254 (adt_set_proc (ah) != 0)) {
255
256 syslog (LOG_AUTH | LOG_ALERT,
257 "adt_put_event (ADT_login (ADT_FAILURE reset, %m)");
258 }
259 (void) adt_end_session (ah);
260
261 cleanup:
262 g_free (hostname);
263 g_free (display_device);
264 }
265
266 static void
gdm_session_solaris_auditor_report_logout(GdmSessionAuditor * auditor)267 gdm_session_solaris_auditor_report_logout (GdmSessionAuditor *auditor)
268 {
269 GdmSessionSolarisAuditor *solaris_auditor;
270 adt_session_data_t *adt_ah; /* Audit session handle */
271 adt_event_data_t *event; /* Event to generate */
272
273 solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (auditor);
274
275 adt_ah = solaris_auditor->priv->audit_session_handle;
276
277 event = adt_alloc_event (adt_ah, ADT_logout);
278 if (event == NULL) {
279 syslog (LOG_AUTH | LOG_ALERT,
280 "adt_alloc_event (ADT_logout): %m");
281 } else if (adt_put_event (event, ADT_SUCCESS, ADT_SUCCESS) != 0) {
282 syslog (LOG_AUTH | LOG_ALERT,
283 "adt_put_event (ADT_logout, ADT_SUCCESS): %m");
284 }
285
286 adt_free_event (event);
287
288 /* Reset process audit state. this process is being reused. */
289 if ((adt_set_user (adt_ah, ADT_NO_AUDIT, ADT_NO_AUDIT, ADT_NO_AUDIT,
290 ADT_NO_AUDIT, NULL, ADT_NEW) != 0) ||
291 (adt_set_proc (adt_ah) != 0)) {
292 syslog (LOG_AUTH | LOG_ALERT,
293 "adt_set_proc (ADT_logout reset): %m");
294 }
295
296 (void) adt_end_session (adt_ah);
297 solaris_auditor->priv->audit_session_handle = NULL;
298 }
299
300 static void
gdm_session_solaris_auditor_class_init(GdmSessionSolarisAuditorClass * klass)301 gdm_session_solaris_auditor_class_init (GdmSessionSolarisAuditorClass *klass)
302 {
303 GObjectClass *object_class;
304 GdmSessionAuditorClass *auditor_class;
305
306 object_class = G_OBJECT_CLASS (klass);
307 auditor_class = GDM_SESSION_AUDITOR_CLASS (klass);
308
309 object_class->finalize = gdm_session_solaris_auditor_finalize;
310
311 auditor_class->report_password_changed = gdm_session_solaris_auditor_report_password_changed;
312 auditor_class->report_password_change_failure = gdm_session_solaris_auditor_report_password_change_failure;
313 auditor_class->report_user_accredited = gdm_session_solaris_auditor_report_user_accredited;
314 auditor_class->report_login = gdm_session_solaris_auditor_report_login;
315 auditor_class->report_login_failure = gdm_session_solaris_auditor_report_login_failure;
316 auditor_class->report_logout = gdm_session_solaris_auditor_report_logout;
317
318 g_type_class_add_private (auditor_class, sizeof (GdmSessionSolarisAuditorPrivate));
319 }
320
321 static void
on_username_set(GdmSessionSolarisAuditor * auditor)322 on_username_set (GdmSessionSolarisAuditor *auditor)
323 {
324 char *username;
325 struct passwd *passwd_entry;
326
327 g_object_get (G_OBJECT (auditor), "username", &username, NULL);
328
329 gdm_get_pwent_for_name (username, &passwd_entry);
330
331 if (passwd_entry != NULL) {
332 auditor->priv->uid = passwd_entry->pw_uid;
333 auditor->priv->gid = passwd_entry->pw_gid;
334 auditor->priv->username = g_strdup (passwd_entry->pw_name);
335 } else {
336 g_free (auditor->priv->username);
337 auditor->priv->username = NULL;
338 auditor->priv->uid = (uid_t) -1;
339 auditor->priv->gid = (gid_t) -1;
340 }
341
342 g_free (username);
343 }
344
345 static void
gdm_session_solaris_auditor_init(GdmSessionSolarisAuditor * auditor)346 gdm_session_solaris_auditor_init (GdmSessionSolarisAuditor *auditor)
347 {
348 auditor->priv = G_TYPE_INSTANCE_GET_PRIVATE (auditor,
349 GDM_TYPE_SESSION_SOLARIS_AUDITOR,
350 GdmSessionSolarisAuditorPrivate);
351
352 g_signal_connect (G_OBJECT (auditor), "notify::username",
353 G_CALLBACK (on_username_set), NULL);
354
355 auditor->priv->uid = (uid_t) -1;
356 auditor->priv->gid = (gid_t) -1;
357 }
358
359 static void
gdm_session_solaris_auditor_finalize(GObject * object)360 gdm_session_solaris_auditor_finalize (GObject *object)
361 {
362 GdmSessionSolarisAuditor *solaris_auditor;
363 GObjectClass *parent_class;
364
365 solaris_auditor = GDM_SESSION_SOLARIS_AUDITOR (object);
366
367 g_free (solaris_auditor->priv->username);
368 solaris_auditor->priv->username = NULL;
369
370 parent_class = G_OBJECT_CLASS (gdm_session_solaris_auditor_parent_class);
371
372 if (parent_class->finalize != NULL) {
373 parent_class->finalize (object);
374 }
375 }
376
377 GdmSessionAuditor *
gdm_session_solaris_auditor_new(const char * hostname,const char * display_device)378 gdm_session_solaris_auditor_new (const char *hostname,
379 const char *display_device)
380 {
381 GObject *auditor;
382
383 auditor = g_object_new (GDM_TYPE_SESSION_SOLARIS_AUDITOR,
384 "hostname", hostname,
385 "display-device", display_device,
386 NULL);
387
388 return GDM_SESSION_AUDITOR (auditor);
389 }
390
391
392