From 6b2a5b9f5595f39fb919c12c52c7f3c53f33f914 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 6 Sep 2012 14:58:57 +0200 Subject: pam_selinux, pam_tally2: Add tty and rhost to audit data. modules/pam_selinux/pam_selinux.c (send_audit_message): Obtain tty and rhost from PAM items and pass them to audit. modules/pam_tally2/pam_tally2.c (tally_check): Obtain tty and rhost from PAM items and pass them to audit. (main): Obtain tty name of stdin and pass it to audit. --- modules/pam_selinux/pam_selinux.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'modules/pam_selinux') diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index d66ccb46..473655c5 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -87,6 +87,7 @@ int send_audit_message(pam_handle_t *pamh, int success, security_context_t defau int audit_fd = audit_open(); security_context_t default_raw=NULL; security_context_t selected_raw=NULL; + const void *tty = NULL, *rhost = NULL; rc = -1; if (audit_fd < 0) { if (errno == EINVAL || errno == EPROTONOSUPPORT || @@ -95,6 +96,8 @@ int send_audit_message(pam_handle_t *pamh, int success, security_context_t defau pam_syslog(pamh, LOG_ERR, "Error connecting to audit system."); return rc; } + (void)pam_get_item(pamh, PAM_TTY, &tty); + (void)pam_get_item(pamh, PAM_RHOST, &rhost); if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) { pam_syslog(pamh, LOG_ERR, "Error translating default context."); default_raw = NULL; @@ -110,7 +113,7 @@ int send_audit_message(pam_handle_t *pamh, int success, security_context_t defau goto out; } if (audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE, - msg, NULL, NULL, NULL, success) <= 0) { + msg, rhost, NULL, tty, success) <= 0) { pam_syslog(pamh, LOG_ERR, "Error sending audit message."); goto out; } -- cgit v1.2.3