Bug 170570

Summary: gdm doesn't write to btmp
Product: [Fedora] Fedora Reporter: Steve Grubb <sgrubb>
Component: gdmAssignee: Ray Strode [halfline] <rstrode>
Status: CLOSED RAWHIDE QA Contact: Mike McLean <mikem>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: james.antill
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-07-19 18:40:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 150223    
Attachments:
Description Flags
add btmp logging, first cut none

Description Steve Grubb 2005-10-12 22:15:31 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
btmp is the bad login records file. It is accessed from the lastb command. Login programs should write bad login attempts to this file. gdm doesn't do this, it only writes to utmp. There are security protection profiles that want all bad login attempts recorded.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. try to login using a bad password.
2. run lastb

Actual Results:  no results related to gdm.

Expected Results:  the date, time, and acct of the bad login attempt.

Additional info:

Code exists in util-linux/login and sshd that can be used with very little modification.

Comment 1 James Antill 2006-04-25 13:46:47 UTC
Created attachment 128198 [details]
add btmp logging, first cut

 This is my first "it works for me" cut of the btmp logging. There are a few
things I know about (feel free to let me know what you think):

. Patch is against 2.14.0-1

 . Hostname logging untested (same as "audit" though).
 . Later pam failures untested (dito).
 .. Note that audit doesn't get the username when the passwd is wrong though,
so should probably trust it about as far as we can throw it.
 . did_setcred path (last possible failure) might well not be correct.

 . If using "selected_user" (face browser?) ... then bad passwd's aren't logged
in btmp or audit.

 . HAVE_UPDWTMP and _HAVE_UT_TV probably need to be in autoconf.

 . Might want to move entire logbtmp() function to another file, so as to keep
utmp.h namespace from current file.

Comment 2 Ray Strode [halfline] 2006-04-26 14:13:09 UTC
Thanks James,

This looks pretty good as a first cut.  I'm in the process of rewriting some of
the PAM code in GDM right now, so as I'm working on that I'll fold this in.

Comment 3 Steve Grubb 2006-06-17 14:04:10 UTC
So what's the status on this? We are losing valuable testing time.

Comment 4 Ray Strode [halfline] 2006-06-17 18:46:26 UTC
It didn't make test1, it will definitely make test2.

Comment 5 Ray Strode [halfline] 2006-06-21 19:23:53 UTC
I've integrated btmp (and wtmp so we can ditch calling /usr/bin/sessreg) logging
support into the PAM code rewrite.

It's not ready to comitted yet, however.  I'll post an update when the patch
lands in rawhide.

Comment 6 Ray Strode [halfline] 2006-07-19 18:40:35 UTC
The PAM requires some changes to GDM that won't be done by RHEL-5, so I
implemented this functionality separately in the mean time.