shadow: Add auditing support to su

This patch extends the auditing feature used in login to su.

Signed-off-by: Jussi Ohenoja <jussi.ohenoja@nokia.com>
This commit is contained in:
Jussi Ohenoja 2016-12-13 18:44:19 +02:00
parent 9e93c984f7
commit a3bf32fe87
2 changed files with 32 additions and 1 deletions

View File

@ -113,7 +113,7 @@ pwunconv_LDADD = $(LDADD) $(LIBSELINUX)
su_SOURCES = \
su.c \
suauth.c
su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
sulogin_LDADD = $(LDADD) $(LIBCRYPT)
useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR)
userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE)

View File

@ -219,6 +219,22 @@ static /*@noreturn@*/void su_failure (const char *tty, bool su_to_root)
}
closelog ();
#endif
#ifdef WITH_AUDIT
audit_fd = audit_open ();
audit_log_acct_message (audit_fd,
AUDIT_USER_ROLE_CHANGE,
NULL, /* Prog. name */
"su",
('\0' != caller_name[0]) ? caller_name : "???",
AUDIT_NO_ID,
"localhost",
NULL, /* addr */
tty,
0); /* result */
close (audit_fd);
#endif /* WITH_AUDIT */
exit (1);
}
@ -1076,6 +1092,21 @@ int main (int argc, char **argv)
}
#endif /* !USE_PAM */
#ifdef WITH_AUDIT
audit_fd = audit_open ();
audit_log_acct_message (audit_fd,
AUDIT_USER_ROLE_CHANGE,
NULL, /* Prog. name */
"su",
('\0' != caller_name[0]) ? caller_name : "???",
AUDIT_NO_ID,
"localhost",
NULL, /* addr */
caller_tty,
1); /* result */
close (audit_fd);
#endif /* WITH_AUDIT */
set_environment (pw);
if (!doshell) {