diff -Nru lightdm-1.16.0/configure.ac lightdm-1.16.1/configure.ac --- lightdm-1.16.0/configure.ac 2015-09-06 23:49:32.000000000 +0000 +++ lightdm-1.16.1/configure.ac 2015-09-16 17:38:01.000000000 +0000 @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -AC_INIT(lightdm, 1.16.0) +AC_INIT(lightdm, 1.16.1) AC_CONFIG_MACRO_DIR(m4) AC_CONFIG_HEADER(config.h) AM_INIT_AUTOMAKE([1.11 no-dist-gzip dist-xz foreign]) @@ -129,6 +129,23 @@ fi AM_CONDITIONAL(COMPILE_LIBLIGHTDM_QT5, test x"$compile_liblightdm_qt5" != "xno") +AC_ARG_ENABLE([audit], + AS_HELP_STRING([--enable-audit], + [Enable audit logging of login and logout events [[default=auto]]]), + [enable_audit=$enableval], + [enable_audit=auto]) +if test x"$enable_audit" != "xno"; then + AC_CHECK_LIB([audit], [audit_log_user_message], + [AC_DEFINE(HAVE_LIBAUDIT, 1, [libaudit support]) + LIGHTDM_LIBS="${LIGHTDM_LIBS} -laudit" + ], + [if test "x$enable_audit" != xauto; then + AC_MSG_FAILURE( + [--enable-audit was given, but test for libaudit failed]) + fi + ]) +fi + AC_MSG_CHECKING(whether to build tests) AC_ARG_ENABLE(tests, AS_HELP_STRING([--disable-tests], [Disable tests building]), diff -Nru lightdm-1.16.0/debian/changelog lightdm-1.16.1/debian/changelog --- lightdm-1.16.0/debian/changelog 2015-09-06 23:49:32.000000000 +0000 +++ lightdm-1.16.1/debian/changelog 2015-09-16 17:44:01.000000000 +0000 @@ -1,3 +1,10 @@ +lightdm (1.16.1-0ubuntu1) wily; urgency=medium + + * New upstream release: + - Use libaudit to generate audit events (LP: #1478087) + + -- Robert Ancell Wed, 16 Sep 2015 13:43:34 -0400 + lightdm (1.16.0-0ubuntu1) wily; urgency=medium * New upstream release: diff -Nru lightdm-1.16.0/debian/control lightdm-1.16.1/debian/control --- lightdm-1.16.0/debian/control 2015-09-06 23:49:32.000000000 +0000 +++ lightdm-1.16.1/debian/control 2015-09-16 17:30:02.000000000 +0000 @@ -27,6 +27,7 @@ gtk-doc-tools, yelp-tools, dbus, + libaudit-dev Homepage: https://launchpad.net/lightdm # If you aren't a member of ~lightdm-team but need to upload packaging changes, # just go ahead. ~lightdm-team will notice and sync up the code again. diff -Nru lightdm-1.16.0/debian/lightdm.lightdm-autologin.pam lightdm-1.16.1/debian/lightdm.lightdm-autologin.pam --- lightdm-1.16.0/debian/lightdm.lightdm-autologin.pam 2015-09-06 23:49:32.000000000 +0000 +++ lightdm-1.16.1/debian/lightdm.lightdm-autologin.pam 2015-09-16 17:30:02.000000000 +0000 @@ -3,6 +3,7 @@ auth required pam_permit.so @include common-account session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close +session required pam_loginuid.so session required pam_limits.so @include common-session session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open diff -Nru lightdm-1.16.0/debian/lightdm.pam lightdm-1.16.1/debian/lightdm.pam --- lightdm-1.16.0/debian/lightdm.pam 2015-09-06 23:49:32.000000000 +0000 +++ lightdm-1.16.1/debian/lightdm.pam 2015-09-16 17:30:02.000000000 +0000 @@ -7,6 +7,7 @@ auth optional pam_kwallet5.so @include common-account session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close +session required pam_loginuid.so session required pam_limits.so @include common-session session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open diff -Nru lightdm-1.16.0/NEWS lightdm-1.16.1/NEWS --- lightdm-1.16.0/NEWS 2015-09-06 23:49:32.000000000 +0000 +++ lightdm-1.16.1/NEWS 2015-09-16 17:38:25.000000000 +0000 @@ -1,3 +1,7 @@ +Overview of changes in lightdm 1.16.1 + + * Use libaudit to generate audit events + Overview of changes in lightdm 1.16.0 * Update default configuration better explaining the seat configuration name diff -Nru lightdm-1.16.0/src/session-child.c lightdm-1.16.1/src/session-child.c --- lightdm-1.16.0/src/session-child.c 2015-09-06 23:49:32.000000000 +0000 +++ lightdm-1.16.1/src/session-child.c 2015-09-16 17:30:02.000000000 +0000 @@ -16,6 +16,7 @@ #include #include #include +#include #include "configuration.h" #include "session-child.h" @@ -220,6 +221,32 @@ updwtmp (wtmp_file, &u); } +static void +audit_event (int type, const gchar *username, uid_t uid, const gchar *remote_host_name, const gchar *tty, gboolean success) +{ +#if HAVE_LIBAUDIT + int auditfd, result; + const char *op = NULL; + + auditfd = audit_open (); + if (auditfd < 0) { + g_printerr ("Error opening audit socket: %s\n", strerror (errno)); + return; + } + + if (type == AUDIT_USER_LOGIN) + op = "login"; + else if (type == AUDIT_USER_LOGOUT) + op = "logout"; + result = success == TRUE ? 1 : 0; + + if (audit_log_acct_message (auditfd, type, NULL, op, username, uid, remote_host_name, NULL, tty, result) <= 0) + g_printerr ("Error writing audit message: %s\n", strerror (errno)); + + close (auditfd); +#endif +} + int session_child_run (int argc, char **argv) { @@ -386,6 +413,8 @@ ut.ut_tv.tv_usec = tv.tv_usec; updwtmpx ("/var/log/btmp", &ut); + + audit_event (AUDIT_USER_LOGIN, username, -1, remote_host_name, tty, FALSE); } /* Check account is valid */ @@ -701,6 +730,8 @@ g_printerr ("Failed to write utmpx: %s\n", strerror (errno)); endutxent (); updwtmpx ("/var/log/wtmp", &ut); + + audit_event (AUDIT_USER_LOGIN, username, uid, remote_host_name, tty, TRUE); } waitpid (child_pid, &return_code, 0); @@ -737,6 +768,8 @@ g_printerr ("Failed to write utmpx: %s\n", strerror (errno)); endutxent (); updwtmpx ("/var/log/wtmp", &ut); + + audit_event (AUDIT_USER_LOGOUT, username, uid, remote_host_name, tty, TRUE); } }