shadow-utils-newxidmap/shadow-4.1.0-audit-newgrp.patch

151 lines
4.5 KiB
Diff
Raw Normal View History

2008-02-13 12:54:32 +00:00
diff -urp shadow-4.1.0.orig/src/newgrp.c shadow-4.1.0/src/newgrp.c
--- shadow-4.1.0.orig/src/newgrp.c 2007-11-18 18:15:05.000000000 -0500
2008-03-07 15:06:15 +00:00
+++ shadow-4.1.0/src/newgrp.c 2008-03-06 10:01:17.000000000 -0500
@@ -122,6 +123,8 @@ int main (int argc, char **argv)
2008-02-13 12:54:32 +00:00
#endif
#ifdef WITH_AUDIT
+ char audit_buf[80];
+
audit_help_open ();
#endif
setlocale (LC_ALL, "");
2008-03-07 15:06:15 +00:00
@@ -164,7 +167,7 @@ int main (int argc, char **argv)
2008-02-13 12:54:32 +00:00
if (!pwd) {
fprintf (stderr, _("unknown UID: %u\n"), getuid ());
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog, "changing", NULL,
+ audit_logger (AUDIT_CHGRP_ID, Prog, "changing", NULL,
getuid (), 0);
#endif
SYSLOG ((LOG_WARN, "unknown UID %u", getuid ()));
2008-03-07 15:06:15 +00:00
@@ -272,7 +275,13 @@ int main (int argc, char **argv)
2008-02-13 12:54:32 +00:00
if (ngroups < 0) {
perror ("getgroups");
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog,
+ if (group) {
2008-03-07 15:06:15 +00:00
+ snprintf (audit_buf, sizeof(audit_buf),
+ "changing new_group=%s", group);
2008-02-13 12:54:32 +00:00
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ audit_buf, NULL, getuid (), 0);
+ } else
+ audit_logger (AUDIT_CHGRP_ID, Prog,
2008-03-07 15:06:15 +00:00
"changing", NULL, getuid (), 0);
2008-02-13 12:54:32 +00:00
#endif
exit (1);
2008-03-07 15:06:15 +00:00
@@ -394,13 +403,26 @@ int main (int argc, char **argv)
if (grp->gr_passwd[0] == '\0' ||
strcmp (cpasswd, grp->gr_passwd) != 0) {
+#ifdef WITH_AUDIT
+ snprintf (audit_buf, sizeof(audit_buf),
+ "authentication new_gid=%d",
+ grp->gr_gid);
+ audit_logger (AUDIT_GRP_AUTH, Prog,
+ audit_buf, NULL, getuid (), 0);
+#endif
SYSLOG ((LOG_INFO,
"Invalid password for group `%s' from `%s'",
group, name));
sleep (1);
- fputs (_("Invalid password."), stderr);
+ fputs (_("Invalid password.\n"), stderr);
goto failure;
}
+#ifdef WITH_AUDIT
+ snprintf (audit_buf, sizeof(audit_buf),
+ "authentication new_gid=%d", grp->gr_gid);
+ audit_logger (AUDIT_GRP_AUTH, Prog,
+ audit_buf, NULL, getuid (), 1);
+#endif
2008-02-13 12:54:32 +00:00
}
2008-03-07 15:06:15 +00:00
/*
@@ -458,10 +480,16 @@ int main (int argc, char **argv)
child = fork ();
if (child < 0) {
/* error in fork() */
- fprintf (stderr, _("%s: failure forking: %s"),
+ fprintf (stderr, _("%s: failure forking: %s\n"),
2008-02-13 12:54:32 +00:00
is_newgrp ? "newgrp" : "sg", strerror (errno));
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog, "changing",
+ if (group) {
2008-03-07 15:06:15 +00:00
+ snprintf (audit_buf, sizeof(audit_buf),
+ "changing new_group=%s", group);
2008-02-13 12:54:32 +00:00
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ audit_buf, NULL, getuid (), 0);
+ } else
+ audit_logger (AUDIT_CHGRP_ID, Prog, "changing",
2008-03-07 15:06:15 +00:00
NULL, getuid (), 0);
2008-02-13 12:54:32 +00:00
#endif
exit (1);
2008-03-07 15:06:15 +00:00
@@ -531,14 +559,24 @@ int main (int argc, char **argv)
2008-02-13 12:54:32 +00:00
* to the real UID. For root, this also sets the real GID to the
* new group id.
*/
- if (setgid (gid))
+ if (setgid (gid)) {
perror ("setgid");
+#ifdef WITH_AUDIT
2008-03-07 15:06:15 +00:00
+ snprintf (audit_buf, sizeof(audit_buf),
+ "changing new_gid=%d", gid);
2008-02-13 12:54:32 +00:00
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ audit_buf, NULL, getuid (), 0);
+#endif
+ exit (1);
+ }
if (setuid (getuid ())) {
perror ("setuid");
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog, "changing",
- NULL, getuid (), 0);
2008-03-07 15:06:15 +00:00
+ snprintf (audit_buf, sizeof(audit_buf),
+ "changing new_gid=%d", gid);
2008-02-13 12:54:32 +00:00
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ audit_buf, NULL, getuid (), 0);
#endif
exit (1);
}
2008-03-07 15:06:15 +00:00
@@ -551,8 +589,10 @@ int main (int argc, char **argv)
2008-02-13 12:54:32 +00:00
closelog ();
execl ("/bin/sh", "sh", "-c", command, (char *) 0);
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog, "changing",
- NULL, getuid (), 0);
2008-03-07 15:06:15 +00:00
+ snprintf (audit_buf, sizeof(audit_buf),
+ "changing new_gid=%d", gid);
2008-02-13 12:54:32 +00:00
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ audit_buf, NULL, getuid (), 0);
#endif
perror ("/bin/sh");
exit (errno == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
2008-03-07 15:06:15 +00:00
@@ -618,7 +658,8 @@ int main (int argc, char **argv)
2008-02-13 12:54:32 +00:00
}
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog, "changing", NULL, getuid (), 1);
2008-03-07 15:06:15 +00:00
+ snprintf (audit_buf, sizeof(audit_buf), "changing new_gid=%d", gid);
2008-02-13 12:54:32 +00:00
+ audit_logger (AUDIT_CHGRP_ID, Prog, audit_buf, NULL, getuid (), 1);
#endif
/*
* Exec the login shell and go away. We are trying to get back to
2008-03-07 15:06:15 +00:00
@@ -641,7 +682,14 @@ int main (int argc, char **argv)
2008-02-13 12:54:32 +00:00
*/
closelog ();
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog, "changing", NULL, getuid (), 0);
+ if (group) {
2008-03-07 15:06:15 +00:00
+ snprintf (audit_buf, sizeof(audit_buf),
+ "changing new_group=%s", group);
2008-02-13 12:54:32 +00:00
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ audit_buf, NULL, getuid (), 0);
+ } else
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ "changing", NULL, getuid (), 0);
#endif
exit (1);
}