From 1315da38ef063c63141ef76201707daea8140c63 Mon Sep 17 00:00:00 2001 From: csjp Date: Wed, 13 Dec 2006 06:13:32 +0000 Subject: Teach login(1) about the make.conf NO_AUDIT variable. This allows us to conditionally build in audit support. Submitted by: bz MFC after: 1 week --- usr.bin/login/Makefile | 13 ++++++++++--- usr.bin/login/login.c | 16 ++++++++++++++++ usr.bin/login/login.h | 2 ++ 3 files changed, 28 insertions(+), 3 deletions(-) (limited to 'usr.bin') diff --git a/usr.bin/login/Makefile b/usr.bin/login/Makefile index 8a2daa3..22c73b9 100644 --- a/usr.bin/login/Makefile +++ b/usr.bin/login/Makefile @@ -4,10 +4,17 @@ .include PROG= login -SRCS= login.c login_audit.c login_fbtab.c +SRCS= login.c login_fbtab.c CFLAGS+=-DLOGALL -DPADD= ${LIBUTIL} ${LIBPAM} ${LIBBSM} -LDADD= -lutil ${MINUSLPAM} -lbsm +DPADD= ${LIBUTIL} ${LIBPAM} +LDADD= -lutil ${MINUSLPAM} + +.if ${MK_AUDIT} != "no" +SRCS+= login_audit.c +CFLAGS+= -DUSE_BSM_AUDIT +DPADD+= ${LIBBSM} +LDADD+= -lbsm +.endif .if ${MK_SETUID_LOGIN} != "no" BINOWN= root diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c index b7aa278..7827ea1 100644 --- a/usr.bin/login/login.c +++ b/usr.bin/login/login.c @@ -173,7 +173,9 @@ main(int argc, char *argv[]) login_cap_t *lc = NULL; login_cap_t *lc_user = NULL; pid_t pid; +#ifdef USE_BSM_AUDIT char auditsuccess = 1; +#endif (void)signal(SIGQUIT, SIG_IGN); (void)signal(SIGINT, SIG_IGN); @@ -292,19 +294,25 @@ main(int argc, char *argv[]) pam_err = pam_start("login", username, &pamc, &pamh); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_start()"); +#ifdef USE_BSM_AUDIT au_login_fail("PAM Error", 1); +#endif bail(NO_SLEEP_EXIT, 1); } pam_err = pam_set_item(pamh, PAM_TTY, tty); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_set_item(PAM_TTY)"); +#ifdef USE_BSM_AUDIT au_login_fail("PAM Error", 1); +#endif bail(NO_SLEEP_EXIT, 1); } pam_err = pam_set_item(pamh, PAM_RHOST, hostname); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_set_item(PAM_RHOST)"); +#ifdef USE_BSM_AUDIT au_login_fail("PAM Error", 1); +#endif bail(NO_SLEEP_EXIT, 1); } @@ -321,7 +329,9 @@ main(int argc, char *argv[]) (uid == (uid_t)0 || uid == (uid_t)pwd->pw_uid)) { /* already authenticated */ rval = 0; +#ifdef USE_BSM_AUDIT auditsuccess = 0; /* opened a terminal window only */ +#endif } else { fflag = 0; (void)setpriority(PRIO_PROCESS, 0, -4); @@ -338,7 +348,9 @@ main(int argc, char *argv[]) * We are not exiting here, but this corresponds to a failed * login event, so set exitstatus to 1. */ +#ifdef USE_BSM_AUDIT au_login_fail("Login incorrect", 1); +#endif (void)printf("Login incorrect\n"); failures++; @@ -364,9 +376,11 @@ main(int argc, char *argv[]) endpwent(); +#ifdef USE_BSM_AUDIT /* Audit successful login. */ if (auditsuccess) au_login_success(); +#endif /* * Establish the login class. @@ -953,8 +967,10 @@ bail(int sec, int eval) { pam_cleanup(); +#ifdef USE_BSM_AUDIT if (pwd != NULL) audit_logout(); +#endif (void)sleep(sec); exit(eval); } diff --git a/usr.bin/login/login.h b/usr.bin/login/login.h index 0b33592..9d1b921 100644 --- a/usr.bin/login/login.h +++ b/usr.bin/login/login.h @@ -27,8 +27,10 @@ void login_fbtab(char *, uid_t, gid_t); +#ifdef USE_BSM_AUDIT void au_login_success(void); void au_login_fail(char *errmsg, int na); +#endif extern char **environ; extern struct passwd *pwd; -- cgit v1.1