rpms/xorg-x11-xdm/F-13 xdm-1.1.6-add-audit-event.patch, NONE, 1.1 xorg-x11-xdm.spec, 1.54, 1.55

Wed Mar 24 16:36:32 UTC 2010

Author: mcepl

Update of /cvs/pkgs/rpms/xorg-x11-xdm/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv25336

Modified Files:
	xorg-x11-xdm.spec 
Added Files:
	xdm-1.1.6-add-audit-event.patch 
Log Message:
Work with audit system (fixes #469357). Patch by Steve Grubb.

xdm-1.1.6-add-audit-event.patch:
 config.h.in     |    3 +++
 configure.ac    |   23 +++++++++++++++++++++++
 greeter/greet.c |   32 ++++++++++++++++++++++++++++++++
 3 files changed, 58 insertions(+)

--- NEW FILE xdm-1.1.6-add-audit-event.patch ---
--- xdm-1.1.6.orig/config.h.in	2010-03-19 16:38:25.000000000 -0400
+++ xdm-1.1.6.orig/config.h.in	2010-03-19 16:38:38.000000000 -0400
@@ -171,6 +171,9 @@ 
 /* Use PAM for authentication */
 #undef USE_PAM
 
+/* Add linux audit support */
+#undef HAVE_LIBAUDIT
+
 /* Define to 1 to use Xft for text on greeter screen */
 #undef USE_XFT
 
--- xdm-1.1.6.orig/configure.ac	2010-03-19 16:38:25.000000000 -0400
+++ xdm-1.1.6.orig/configure.ac	2010-03-19 16:38:38.000000000 -0400
@@ -117,6 +117,29 @@ if test "x$USE_PAM" != "xno" ; then
 		 fi])
 fi
 
+AC_ARG_WITH(libaudit,
+  [  --with-libaudit=[auto/yes/no]  Add Linux audit support [default=auto]],,
+  with_libaudit=auto)
+
+# Check for Linux auditing API
+#
+# libaudit detection
+if test x$with_libaudit = xno ; then
+    have_libaudit=no;
+else
+    # See if we have audit daemon library
+    AC_CHECK_LIB(audit, audit_log_user_message,
+                 have_libaudit=yes, have_libaudit=no)
+fi
+
+AM_CONDITIONAL(HAVE_LIBAUDIT, test x$have_libaudit = xyes)
+
+if test x$have_libaudit = xyes ; then
+    XDMGREET_LIBS="$XDMGREET_LIBS -laudit"
+    AC_DEFINE(HAVE_LIBAUDIT,1,[linux audit support])
+fi
+
+
 # FIXME: Find better test for which OS'es use su -m  - for now, just try to
 # mirror the Imakefile setting of:
 # if  defined(OpenBSDArchitecture) || defined(NetBSDArchitecture) || defined(FreeBSDArchitecture) || defined(DarwinArchitecture)
--- xdm-1.1.6.orig/greeter/greet.c	2010-03-19 16:38:25.000000000 -0400
+++ xdm-1.1.6.orig/greeter/greet.c	2010-03-19 16:42:30.000000000 -0400
@@ -87,6 +87,13 @@ from The Open Group.
 #include <syslog.h>
 #endif
 
+#ifdef HAVE_LIBAUDIT
+#include <libaudit.h>
+#include <pwd.h>
+#else
+#define log_to_audit_system(l,h,s)   do { ; } while (0)
+#endif
+
 #if defined(SECURE_RPC) && defined(sun)
 /* Go figure, there's no getdomainname() prototype available */
 extern int getdomainname(char *name, size_t len);
@@ -422,6 +429,29 @@ FailedLogin (struct display *d, struct g
 #endif
 }
 
+#ifdef USE_PAM
+#ifdef HAVE_LIBAUDIT
+static void 
+log_to_audit_system(const pam_handle_t *pamhp, int success)
+{
+	struct passwd *pw = NULL;
+	char *hostname = NULL, *tty = NULL, *login=NULL;
+	int audit_fd;
+
+	audit_fd = audit_open();
+	pam_get_item(pamhp, PAM_RHOST, &hostname);
+	pam_get_item(pamhp, PAM_TTY, &tty);
+	pam_get_item(pamhp, PAM_USER, &login);
+	if (login)
+		pw = getpwnam(login);
+	audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
+		NULL, "login", login ? login : "(unknown)",
+		pw ? pw->pw_uid : -1, hostname, NULL, tty, success);
+	close(audit_fd);
+}
+#endif
+#endif
+
 _X_EXPORT
 greet_user_rtn GreetUser(
     struct display          *d,
@@ -585,8 +615,10 @@ greet_user_rtn GreetUser(
 	if ((pam_error == PAM_SUCCESS) && (Verify (d, greet, verify))) {
 	    SetPrompt (login, 1, "Login Successful", LOGIN_TEXT_INFO, False);
 	    SetValue (login, 1, NULL);
+            log_to_audit_system(*pamhp, 1);
 	    break;
 	} else {
+            log_to_audit_system(*pamhp, 0);
 	    RUN_AND_CHECK_PAM_ERROR(pam_end,
 				    (*pamhp, pam_error));
 	    FailedLogin (d, greet);


Index: xorg-x11-xdm.spec
===================================================================
RCS file: /cvs/pkgs/rpms/xorg-x11-xdm/F-13/xorg-x11-xdm.spec,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -p -r1.54 -r1.55
--- xorg-x11-xdm.spec	19 Mar 2010 17:48:13 -0000	1.54
+++ xorg-x11-xdm.spec	24 Mar 2010 16:36:31 -0000	1.55
@@ -3,7 +3,7 @@
 Summary: X.Org X11 xdm - X Display Manager
 Name: xorg-x11-%{pkgname}
 Version: 1.1.6
-Release: 18%{?dist}
+Release: 19%{?dist}
 # NOTE: Remove Epoch line if/when the package ever gets renamed.
 Epoch: 1
 License: MIT
@@ -29,6 +29,9 @@ Patch13: xdm-1.1.6-redhat-Xresources-fix
 
 Patch14: xdm-1.1.6-add-needed.patch
 
+# send a USER_LOGIN event like other login programs do. 
+Patch15: xdm-1.1.6-add-audit-event.patch
+-
 # FIXME: Temporary build dependencies for autotool dependence.
 BuildRequires: autoconf, automake, libtool
 
@@ -56,6 +59,8 @@ BuildRequires: libXinerama-devel
 BuildRequires: pam-devel
 # Add TrueType support (resolves bug #551908)
 BuildRequires: libXft-devel
+# Add libaudit support
+BuildRequires: audit-libs-devel
 
 Provides: xdm
 
@@ -82,6 +87,7 @@ X.Org X11 xdm - X Display Manager
 %patch12 -p1 -b .authDir-var-bug388431
 %patch13 -p1 -b .redhat-xresources-bug470348
 %patch14 -p1 -b .add-needed
+%patch15 -p1 -b .add-audit-events
 
 %build
 export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
@@ -89,7 +95,7 @@ sed -i '/XAW_/ s/)/, xaw7)/; /XAW_/ s/XA
 aclocal ; libtoolize --force ; automake ; autoconf
 %configure \
 	--disable-static \
-	--disable-xprint \
+	--disable-libaudit \
 	--with-xdmconfigdir=%{_sysconfdir}/X11/xdm \
 	--with-xdmscriptdir=%{_sysconfdir}/X11/xdm \
 	--with-pixmapdir=%{_datadir}/xdm/pixmaps
@@ -159,6 +165,11 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/*.1*
 
 %changelog
+* Wed Mar 24 2010 Matěj Cepl <mcepl at redhat.com> - 1:1.1.6-19
+- Work with audit system (fixes #469357). Patch by Steve Grubb.
+- --disable-xprint is not needed anymore, it is disabled by
+  default
+
 * Sat Mar 06 2010 Stephen Beahm <stephenbeahm at comcast.net> 1:1.1.6-18
 - Fix typo introduced in rev 15 to address (#551908).
 

