From: Jussi Ohenoja Date: Tue, 13 Dec 2016 16:44:19 +0000 (+0200) Subject: shadow: Add auditing support to su X-Git-Tag: 4.5~22^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F58%2Fhead;p=thirdparty%2Fshadow.git shadow: Add auditing support to su This patch extends the auditing feature used in login to su. Signed-off-by: Jussi Ohenoja --- diff --git a/src/Makefile.am b/src/Makefile.am index f4cc0e656..12ef6308a 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -113,7 +113,7 @@ pwunconv_LDADD = $(LDADD) $(LIBSELINUX) su_SOURCES = \ su.c \ suauth.c -su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) +su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) sulogin_LDADD = $(LDADD) $(LIBCRYPT) useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) diff --git a/src/su.c b/src/su.c index d605af8e7..f20d230ab 100644 --- a/src/su.c +++ b/src/su.c @@ -219,6 +219,22 @@ static /*@noreturn@*/void su_failure (const char *tty, bool su_to_root) } closelog (); #endif + +#ifdef WITH_AUDIT + audit_fd = audit_open (); + audit_log_acct_message (audit_fd, + AUDIT_USER_ROLE_CHANGE, + NULL, /* Prog. name */ + "su", + ('\0' != caller_name[0]) ? caller_name : "???", + AUDIT_NO_ID, + "localhost", + NULL, /* addr */ + tty, + 0); /* result */ + close (audit_fd); +#endif /* WITH_AUDIT */ + exit (1); } @@ -1076,6 +1092,21 @@ int main (int argc, char **argv) } #endif /* !USE_PAM */ +#ifdef WITH_AUDIT + audit_fd = audit_open (); + audit_log_acct_message (audit_fd, + AUDIT_USER_ROLE_CHANGE, + NULL, /* Prog. name */ + "su", + ('\0' != caller_name[0]) ? caller_name : "???", + AUDIT_NO_ID, + "localhost", + NULL, /* addr */ + caller_tty, + 1); /* result */ + close (audit_fd); +#endif /* WITH_AUDIT */ + set_environment (pw); if (!doshell) {