Bug 170570 - gdm doesn't write to btmp
gdm doesn't write to btmp
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: gdm (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ray Strode [halfline]
Mike McLean
:
Depends On:
Blocks: FC6Target
  Show dependency treegraph
 
Reported: 2005-10-12 18:15 EDT by Steve Grubb
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-07-19 14:40:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
add btmp logging, first cut (2.01 KB, patch)
2006-04-25 09:46 EDT, James Antill
no flags Details | Diff

  None (edit)
Description Steve Grubb 2005-10-12 18:15:31 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
btmp is the bad login records file. It is accessed from the lastb command. Login programs should write bad login attempts to this file. gdm doesn't do this, it only writes to utmp. There are security protection profiles that want all bad login attempts recorded.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. try to login using a bad password.
2. run lastb

Actual Results:  no results related to gdm.

Expected Results:  the date, time, and acct of the bad login attempt.

Additional info:

Code exists in util-linux/login and sshd that can be used with very little modification.
Comment 1 James Antill 2006-04-25 09:46:47 EDT
Created attachment 128198 [details]
add btmp logging, first cut

 This is my first "it works for me" cut of the btmp logging. There are a few
things I know about (feel free to let me know what you think):

. Patch is against 2.14.0-1

 . Hostname logging untested (same as "audit" though).
 . Later pam failures untested (dito).
 .. Note that audit doesn't get the username when the passwd is wrong though,
so should probably trust it about as far as we can throw it.
 . did_setcred path (last possible failure) might well not be correct.

 . If using "selected_user" (face browser?) ... then bad passwd's aren't logged
in btmp or audit.

 . HAVE_UPDWTMP and _HAVE_UT_TV probably need to be in autoconf.

 . Might want to move entire logbtmp() function to another file, so as to keep
utmp.h namespace from current file.
Comment 2 Ray Strode [halfline] 2006-04-26 10:13:09 EDT
Thanks James,

This looks pretty good as a first cut.  I'm in the process of rewriting some of
the PAM code in GDM right now, so as I'm working on that I'll fold this in.
Comment 3 Steve Grubb 2006-06-17 10:04:10 EDT
So what's the status on this? We are losing valuable testing time.
Comment 4 Ray Strode [halfline] 2006-06-17 14:46:26 EDT
It didn't make test1, it will definitely make test2.
Comment 5 Ray Strode [halfline] 2006-06-21 15:23:53 EDT
I've integrated btmp (and wtmp so we can ditch calling /usr/bin/sessreg) logging
support into the PAM code rewrite.

It's not ready to comitted yet, however.  I'll post an update when the patch
lands in rawhide.
Comment 6 Ray Strode [halfline] 2006-07-19 14:40:35 EDT
The PAM requires some changes to GDM that won't be done by RHEL-5, so I
implemented this functionality separately in the mean time.

Note You need to log in before you can comment on or make changes to this bug.