Bug 170570 - gdm doesn't write to btmp
Summary: gdm doesn't write to btmp
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: gdm
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Ray Strode [halfline]
QA Contact: Mike McLean
URL:
Whiteboard:
Depends On:
Blocks: FC6Target
TreeView+ depends on / blocked
 
Reported: 2005-10-12 22:15 UTC by Steve Grubb
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-07-19 18:40:35 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
add btmp logging, first cut (2.01 KB, patch)
2006-04-25 13:46 UTC, James Antill 		no flags Details | Diff
View All

Description Steve Grubb 2005-10-12 22:15:31 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
btmp is the bad login records file. It is accessed from the lastb command. Login programs should write bad login attempts to this file. gdm doesn't do this, it only writes to utmp. There are security protection profiles that want all bad login attempts recorded.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. try to login using a bad password.
2. run lastb

Actual Results:  no results related to gdm.

Expected Results:  the date, time, and acct of the bad login attempt.

Additional info:

Code exists in util-linux/login and sshd that can be used with very little modification.
Comment 1 James Antill 2006-04-25 13:46:47 UTC 
Created attachment 128198 [details]
add btmp logging, first cut

 This is my first "it works for me" cut of the btmp logging. There are a few
things I know about (feel free to let me know what you think):

. Patch is against 2.14.0-1

 . Hostname logging untested (same as "audit" though).
 . Later pam failures untested (dito).
 .. Note that audit doesn't get the username when the passwd is wrong though,
so should probably trust it about as far as we can throw it.
 . did_setcred path (last possible failure) might well not be correct.

 . If using "selected_user" (face browser?) ... then bad passwd's aren't logged
in btmp or audit.

 . HAVE_UPDWTMP and _HAVE_UT_TV probably need to be in autoconf.

 . Might want to move entire logbtmp() function to another file, so as to keep
utmp.h namespace from current file.
Comment 2 Ray Strode [halfline] 2006-04-26 14:13:09 UTC 
Thanks James,

This looks pretty good as a first cut.  I'm in the process of rewriting some of
the PAM code in GDM right now, so as I'm working on that I'll fold this in.
Comment 3 Steve Grubb 2006-06-17 14:04:10 UTC 
So what's the status on this? We are losing valuable testing time.
Comment 4 Ray Strode [halfline] 2006-06-17 18:46:26 UTC 
It didn't make test1, it will definitely make test2.
Comment 5 Ray Strode [halfline] 2006-06-21 19:23:53 UTC 
I've integrated btmp (and wtmp so we can ditch calling /usr/bin/sessreg) logging
support into the PAM code rewrite.

It's not ready to comitted yet, however.  I'll post an update when the patch
lands in rawhide.
Comment 6 Ray Strode [halfline] 2006-07-19 18:40:35 UTC 
The PAM requires some changes to GDM that won't be done by RHEL-5, so I
implemented this functionality separately in the mean time.
Note You need to log in before you can comment on or make changes to this bug.