shadow: Add auditing support to su

This patch extends the auditing feature used in login to su.

Signed-off-by: Jussi Ohenoja <jussi.ohenoja@nokia.com>

diff --git a/src/Makefile.am b/src/Makefile.am
index f4cc0e656b234d79bc38a9cee7c4ceb1020fb705..12ef6308a3157badebb27b0fe731202e3a9e9013 100644 (file)
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -113,7 +113,7 @@ pwunconv_LDADD = $(LDADD) $(LIBSELINUX)
 su_SOURCES     = \
        su.c \
        suauth.c
-su_LDADD       = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
+su_LDADD       = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
 sulogin_LDADD  = $(LDADD) $(LIBCRYPT)
 useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR)
 userdel_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE)

diff --git a/src/su.c b/src/su.c
index d605af8e7f86abecd2902b06d97084fc71e7b48f..f20d230ab5f31adae19f811cd468e91cb0157d0c 100644 (file)
--- a/src/su.c
+++ b/src/su.c
@@ -219,6 +219,22 @@ static /*@noreturn@*/void su_failure (const char *tty, bool su_to_root)
        }
        closelog ();
 #endif
+
+#ifdef WITH_AUDIT
+       audit_fd = audit_open ();
+       audit_log_acct_message (audit_fd,
+                               AUDIT_USER_ROLE_CHANGE,
+                               NULL,    /* Prog. name */
+                               "su",
+                               ('\0' != caller_name[0]) ? caller_name : "???",
+                               AUDIT_NO_ID,
+                               "localhost",
+                               NULL,    /* addr */
+                               tty,
+                               0);      /* result */
+       close (audit_fd);
+#endif                         /* WITH_AUDIT */
+
        exit (1);
 }
 
@@ -1076,6 +1092,21 @@ int main (int argc, char **argv)
        }
 #endif                         /* !USE_PAM */
 
+#ifdef WITH_AUDIT
+       audit_fd = audit_open ();
+       audit_log_acct_message (audit_fd,
+                               AUDIT_USER_ROLE_CHANGE,
+                               NULL,    /* Prog. name */
+                               "su",
+                               ('\0' != caller_name[0]) ? caller_name : "???",
+                               AUDIT_NO_ID,
+                               "localhost",
+                               NULL,    /* addr */
+                               caller_tty,
+                               1);      /* result */
+       close (audit_fd);
+#endif                         /* WITH_AUDIT */
+
        set_environment (pw);
 
        if (!doshell) {