fix newgrp audit event

2008-02-13 12:54:32 +00:00 · 2008-02-13 12:54:32 +00:00 · 2c3e028c8e
commit 2c3e028c8e
parent 0b4d54c804
2 changed files with 128 additions and 1 deletions
--- a/shadow-4.1.0-audit-newgrp.patch
+++ b/shadow-4.1.0-audit-newgrp.patch
@ -0,0 +1,122 @@
+diff -urp shadow-4.1.0.orig/src/newgrp.c shadow-4.1.0/src/newgrp.c
+--- shadow-4.1.0.orig/src/newgrp.c	2007-11-18 18:15:05.000000000 -0500
+++ shadow-4.1.0/src/newgrp.c	2008-02-12 16:45:20.000000000 -0500
+@@ -122,6 +122,8 @@ int main (int argc, char **argv)
+ #endif
+ 
+ #ifdef WITH_AUDIT
+	char audit_buf[80];
+
+ 	audit_help_open ();
+ #endif
+ 	setlocale (LC_ALL, "");
+@@ -164,7 +166,7 @@ int main (int argc, char **argv)
+ 	if (!pwd) {
+ 		fprintf (stderr, _("unknown UID: %u\n"), getuid ());
+ #ifdef WITH_AUDIT
+-		audit_logger (AUDIT_USER_START, Prog, "changing", NULL,
+		audit_logger (AUDIT_CHGRP_ID, Prog, "changing", NULL,
+ 			      getuid (), 0);
+ #endif
+ 		SYSLOG ((LOG_WARN, "unknown UID %u", getuid ()));
+@@ -272,8 +274,14 @@ int main (int argc, char **argv)
+ 	if (ngroups < 0) {
+ 		perror ("getgroups");
+ #ifdef WITH_AUDIT
+-		audit_logger (AUDIT_USER_START, Prog,
+-			      "changing", NULL, getuid (), 0);
+		if (group) {
+			snprintf(audit_buf, sizeof(audit_buf),
+				"changing new-group=%s", group);
+			audit_logger (AUDIT_CHGRP_ID, Prog,
+				audit_buf, NULL, getuid (), 0);
+		} else
+			audit_logger (AUDIT_CHGRP_ID, Prog,
+				      "changing", NULL, getuid (), 0);
+ #endif
+ 		exit (1);
+ 	}
+@@ -461,8 +469,14 @@ int main (int argc, char **argv)
+ 			fprintf (stderr, _("%s: failure forking: %s"),
+ 				 is_newgrp ? "newgrp" : "sg", strerror (errno));
+ #ifdef WITH_AUDIT
+-			audit_logger (AUDIT_USER_START, Prog, "changing",
+-				      NULL, getuid (), 0);
+			if (group) {
+				snprintf(audit_buf, sizeof(audit_buf),
+					"changing new-group=%s", group);
+				audit_logger (AUDIT_CHGRP_ID, Prog,
+					audit_buf, NULL, getuid (), 0);
+			} else
+				audit_logger (AUDIT_CHGRP_ID, Prog, "changing",
+					      NULL, getuid (), 0);
+ #endif
+ 			exit (1);
+ 		} else if (child) {
+@@ -531,14 +545,24 @@ int main (int argc, char **argv)
+ 	 * to the real UID. For root, this also sets the real GID to the
+ 	 * new group id.
+ 	 */
+-	if (setgid (gid))
+	if (setgid (gid)) {
+ 		perror ("setgid");
+#ifdef WITH_AUDIT
+		snprintf(audit_buf, sizeof(audit_buf),
+			"changing new-gid=%d", gid);
+		audit_logger (AUDIT_CHGRP_ID, Prog,
+			audit_buf, NULL, getuid (), 0);
+#endif
+		exit (1);
+	}
+ 
+ 	if (setuid (getuid ())) {
+ 		perror ("setuid");
+ #ifdef WITH_AUDIT
+-		audit_logger (AUDIT_USER_START, Prog, "changing",
+-			      NULL, getuid (), 0);
+		snprintf(audit_buf, sizeof(audit_buf),
+			"changing new-gid=%d", gid);
+		audit_logger (AUDIT_CHGRP_ID, Prog,
+			audit_buf, NULL, getuid (), 0);
+ #endif
+ 		exit (1);
+ 	}
+@@ -551,8 +575,10 @@ int main (int argc, char **argv)
+ 		closelog ();
+ 		execl ("/bin/sh", "sh", "-c", command, (char *) 0);
+ #ifdef WITH_AUDIT
+-		audit_logger (AUDIT_USER_START, Prog, "changing",
+-			      NULL, getuid (), 0);
+		snprintf(audit_buf, sizeof(audit_buf),
+			"changing new-gid=%d", gid);
+		audit_logger (AUDIT_CHGRP_ID, Prog,
+			audit_buf, NULL, getuid (), 0);
+ #endif
+ 		perror ("/bin/sh");
+ 		exit (errno == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
+@@ -618,7 +644,8 @@ int main (int argc, char **argv)
+ 	}
+ 
+ #ifdef WITH_AUDIT
+-	audit_logger (AUDIT_USER_START, Prog, "changing", NULL, getuid (), 1);
+	snprintf(audit_buf, sizeof(audit_buf), "changing new-gid=%d", gid);
+	audit_logger (AUDIT_CHGRP_ID, Prog, audit_buf, NULL, getuid (), 1);
+ #endif
+ 	/*
+ 	 * Exec the login shell and go away. We are trying to get back to
+@@ -641,7 +668,14 @@ int main (int argc, char **argv)
+ 	 */
+ 	closelog ();
+ #ifdef WITH_AUDIT
+-	audit_logger (AUDIT_USER_START, Prog, "changing", NULL, getuid (), 0);
+	if (group) {
+		snprintf(audit_buf, sizeof(audit_buf),
+			"changing new-group=%s", group);
+		audit_logger (AUDIT_CHGRP_ID, Prog, 
+			audit_buf, NULL, getuid (), 0);
+	} else
+		audit_logger (AUDIT_CHGRP_ID, Prog,
+			"changing", NULL, getuid (), 0);
+ #endif
+ 	exit (1);
+ }
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@ -5,7 +5,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
 Version: 4.1.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 Epoch: 2
 URL: http://pkg-shadow.alioth.debian.org/
 Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2
@ -20,6 +20,7 @@ Patch4: shadow-4.1.0-selinux.patch
 Patch5: shadow-4.0.18.1-sysAccount.patch
 Patch6: shadow-4.0.18.1-findNewUidOnce.patch
 Patch7: shadow-4.0.18.1-mtime.patch
+Patch8: shadow-4.1.0-audit-newgrp.patch

 License: BSD
 Group: System Environment/Base
@ -52,6 +53,7 @@ are used for managing group accounts.
 %patch5 -p1 -b .sysAccount
 %patch6 -p1 -b .findNewUidOnce
 %patch7 -p1 -b .mtime
+%patch8 -p1 -b .auditNewgrp

 rm po/*.gmo
 rm po/stamp-po
@ -191,6 +193,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man8/vigr.8*

 %changelog
+* Wed Feb 13 2008 Peter Vrabec <pvrabec@redhat.com> 2:4.1.0-2
+- fix newgrp audit event
+
 * Wed Dec 12 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.1.0-1
 - new upgrade release from new upstream
 - provide vipw and vigr