fix newgrp audit event

shadow-4.1.0-audit-newgrp.patch

@@ -0,0 +1,122 @@
+diff -urp shadow-4.1.0.orig/src/newgrp.c shadow-4.1.0/src/newgrp.c
+--- shadow-4.1.0.orig/src/newgrp.c	2007-11-18 18:15:05.000000000 -0500
++++ shadow-4.1.0/src/newgrp.c	2008-02-12 16:45:20.000000000 -0500
+@@ -122,6 +122,8 @@ int main (int argc, char **argv)
+ #endif
+ 
+ #ifdef WITH_AUDIT
++	char audit_buf[80];
++
+ 	audit_help_open ();
+ #endif
+ 	setlocale (LC_ALL, "");
+@@ -164,7 +166,7 @@ int main (int argc, char **argv)
+ 	if (!pwd) {
+ 		fprintf (stderr, _("unknown UID: %u\n"), getuid ());
+ #ifdef WITH_AUDIT
+-		audit_logger (AUDIT_USER_START, Prog, "changing", NULL,
++		audit_logger (AUDIT_CHGRP_ID, Prog, "changing", NULL,
+ 			      getuid (), 0);
+ #endif
+ 		SYSLOG ((LOG_WARN, "unknown UID %u", getuid ()));
+@@ -272,8 +274,14 @@ int main (int argc, char **argv)
+ 	if (ngroups < 0) {
+ 		perror ("getgroups");
+ #ifdef WITH_AUDIT
+-		audit_logger (AUDIT_USER_START, Prog,
+-			      "changing", NULL, getuid (), 0);
++		if (group) {
++			snprintf(audit_buf, sizeof(audit_buf),
++				"changing new-group=%s", group);
++			audit_logger (AUDIT_CHGRP_ID, Prog,
++				audit_buf, NULL, getuid (), 0);
++		} else
++			audit_logger (AUDIT_CHGRP_ID, Prog,
++				      "changing", NULL, getuid (), 0);
+ #endif
+ 		exit (1);
+ 	}
+@@ -461,8 +469,14 @@ int main (int argc, char **argv)
+ 			fprintf (stderr, _("%s: failure forking: %s"),
+ 				 is_newgrp ? "newgrp" : "sg", strerror (errno));
+ #ifdef WITH_AUDIT
+-			audit_logger (AUDIT_USER_START, Prog, "changing",
+-				      NULL, getuid (), 0);
++			if (group) {
++				snprintf(audit_buf, sizeof(audit_buf),
++					"changing new-group=%s", group);
++				audit_logger (AUDIT_CHGRP_ID, Prog,
++					audit_buf, NULL, getuid (), 0);
++			} else
++				audit_logger (AUDIT_CHGRP_ID, Prog, "changing",
++					      NULL, getuid (), 0);
+ #endif
+ 			exit (1);
+ 		} else if (child) {
+@@ -531,14 +545,24 @@ int main (int argc, char **argv)
+ 	 * to the real UID. For root, this also sets the real GID to the
+ 	 * new group id.
+ 	 */
+-	if (setgid (gid))
++	if (setgid (gid)) {
+ 		perror ("setgid");
++#ifdef WITH_AUDIT
++		snprintf(audit_buf, sizeof(audit_buf),
++			"changing new-gid=%d", gid);
++		audit_logger (AUDIT_CHGRP_ID, Prog,
++			audit_buf, NULL, getuid (), 0);
++#endif
++		exit (1);
++	}
+ 
+ 	if (setuid (getuid ())) {
+ 		perror ("setuid");
+ #ifdef WITH_AUDIT
+-		audit_logger (AUDIT_USER_START, Prog, "changing",
+-			      NULL, getuid (), 0);
++		snprintf(audit_buf, sizeof(audit_buf),
++			"changing new-gid=%d", gid);
++		audit_logger (AUDIT_CHGRP_ID, Prog,
++			audit_buf, NULL, getuid (), 0);
+ #endif
+ 		exit (1);
+ 	}
+@@ -551,8 +575,10 @@ int main (int argc, char **argv)
+ 		closelog ();
+ 		execl ("/bin/sh", "sh", "-c", command, (char *) 0);
+ #ifdef WITH_AUDIT
+-		audit_logger (AUDIT_USER_START, Prog, "changing",
+-			      NULL, getuid (), 0);
++		snprintf(audit_buf, sizeof(audit_buf),
++			"changing new-gid=%d", gid);
++		audit_logger (AUDIT_CHGRP_ID, Prog,
++			audit_buf, NULL, getuid (), 0);
+ #endif
+ 		perror ("/bin/sh");
+ 		exit (errno == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
+@@ -618,7 +644,8 @@ int main (int argc, char **argv)
+ 	}
+ 
+ #ifdef WITH_AUDIT
+-	audit_logger (AUDIT_USER_START, Prog, "changing", NULL, getuid (), 1);
++	snprintf(audit_buf, sizeof(audit_buf), "changing new-gid=%d", gid);
++	audit_logger (AUDIT_CHGRP_ID, Prog, audit_buf, NULL, getuid (), 1);
+ #endif
+ 	/*
+ 	 * Exec the login shell and go away. We are trying to get back to
+@@ -641,7 +668,14 @@ int main (int argc, char **argv)
+ 	 */
+ 	closelog ();
+ #ifdef WITH_AUDIT
+-	audit_logger (AUDIT_USER_START, Prog, "changing", NULL, getuid (), 0);
++	if (group) {
++		snprintf(audit_buf, sizeof(audit_buf),
++			"changing new-group=%s", group);
++		audit_logger (AUDIT_CHGRP_ID, Prog, 
++			audit_buf, NULL, getuid (), 0);
++	} else
++		audit_logger (AUDIT_CHGRP_ID, Prog,
++			"changing", NULL, getuid (), 0);
+ #endif
+ 	exit (1);
+ }

shadow-utils.spec

@@ -5,7 +5,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
 Version: 4.1.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 Epoch: 2
 URL: http://pkg-shadow.alioth.debian.org/
 Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2
@@ -20,6 +20,7 @@ Patch4: shadow-4.1.0-selinux.patch
 Patch5: shadow-4.0.18.1-sysAccount.patch
 Patch6: shadow-4.0.18.1-findNewUidOnce.patch
 Patch7: shadow-4.0.18.1-mtime.patch
+Patch8: shadow-4.1.0-audit-newgrp.patch
 
 License: BSD
 Group: System Environment/Base
@@ -52,6 +53,7 @@ are used for managing group accounts.
 %patch5 -p1 -b .sysAccount
 %patch6 -p1 -b .findNewUidOnce
 %patch7 -p1 -b .mtime
+%patch8 -p1 -b .auditNewgrp
 
 rm po/*.gmo
 rm po/stamp-po
@@ -191,6 +193,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man8/vigr.8*
 
 %changelog
+* Wed Feb 13 2008 Peter Vrabec <pvrabec@redhat.com> 2:4.1.0-2
+- fix newgrp audit event
+
 * Wed Dec 12 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.1.0-1
 - new upgrade release from new upstream
 - provide vipw and vigr