122 lines
3.7 KiB
Diff
122 lines
3.7 KiB
Diff
diff -urp shadow-4.1.0.orig/src/newgrp.c shadow-4.1.0/src/newgrp.c
|
|
--- shadow-4.1.0.orig/src/newgrp.c 2007-11-18 18:15:05.000000000 -0500
|
|
+++ shadow-4.1.0/src/newgrp.c 2008-02-12 16:45:20.000000000 -0500
|
|
@@ -122,6 +122,8 @@ int main (int argc, char **argv)
|
|
#endif
|
|
|
|
#ifdef WITH_AUDIT
|
|
+ char audit_buf[80];
|
|
+
|
|
audit_help_open ();
|
|
#endif
|
|
setlocale (LC_ALL, "");
|
|
@@ -164,7 +166,7 @@ int main (int argc, char **argv)
|
|
if (!pwd) {
|
|
fprintf (stderr, _("unknown UID: %u\n"), getuid ());
|
|
#ifdef WITH_AUDIT
|
|
- audit_logger (AUDIT_USER_START, Prog, "changing", NULL,
|
|
+ audit_logger (AUDIT_CHGRP_ID, Prog, "changing", NULL,
|
|
getuid (), 0);
|
|
#endif
|
|
SYSLOG ((LOG_WARN, "unknown UID %u", getuid ()));
|
|
@@ -272,8 +274,14 @@ int main (int argc, char **argv)
|
|
if (ngroups < 0) {
|
|
perror ("getgroups");
|
|
#ifdef WITH_AUDIT
|
|
- audit_logger (AUDIT_USER_START, Prog,
|
|
- "changing", NULL, getuid (), 0);
|
|
+ if (group) {
|
|
+ snprintf(audit_buf, sizeof(audit_buf),
|
|
+ "changing new-group=%s", group);
|
|
+ audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
+ audit_buf, NULL, getuid (), 0);
|
|
+ } else
|
|
+ audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
+ "changing", NULL, getuid (), 0);
|
|
#endif
|
|
exit (1);
|
|
}
|
|
@@ -461,8 +469,14 @@ int main (int argc, char **argv)
|
|
fprintf (stderr, _("%s: failure forking: %s"),
|
|
is_newgrp ? "newgrp" : "sg", strerror (errno));
|
|
#ifdef WITH_AUDIT
|
|
- audit_logger (AUDIT_USER_START, Prog, "changing",
|
|
- NULL, getuid (), 0);
|
|
+ if (group) {
|
|
+ snprintf(audit_buf, sizeof(audit_buf),
|
|
+ "changing new-group=%s", group);
|
|
+ audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
+ audit_buf, NULL, getuid (), 0);
|
|
+ } else
|
|
+ audit_logger (AUDIT_CHGRP_ID, Prog, "changing",
|
|
+ NULL, getuid (), 0);
|
|
#endif
|
|
exit (1);
|
|
} else if (child) {
|
|
@@ -531,14 +545,24 @@ int main (int argc, char **argv)
|
|
* to the real UID. For root, this also sets the real GID to the
|
|
* new group id.
|
|
*/
|
|
- if (setgid (gid))
|
|
+ if (setgid (gid)) {
|
|
perror ("setgid");
|
|
+#ifdef WITH_AUDIT
|
|
+ snprintf(audit_buf, sizeof(audit_buf),
|
|
+ "changing new-gid=%d", gid);
|
|
+ audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
+ audit_buf, NULL, getuid (), 0);
|
|
+#endif
|
|
+ exit (1);
|
|
+ }
|
|
|
|
if (setuid (getuid ())) {
|
|
perror ("setuid");
|
|
#ifdef WITH_AUDIT
|
|
- audit_logger (AUDIT_USER_START, Prog, "changing",
|
|
- NULL, getuid (), 0);
|
|
+ snprintf(audit_buf, sizeof(audit_buf),
|
|
+ "changing new-gid=%d", gid);
|
|
+ audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
+ audit_buf, NULL, getuid (), 0);
|
|
#endif
|
|
exit (1);
|
|
}
|
|
@@ -551,8 +575,10 @@ int main (int argc, char **argv)
|
|
closelog ();
|
|
execl ("/bin/sh", "sh", "-c", command, (char *) 0);
|
|
#ifdef WITH_AUDIT
|
|
- audit_logger (AUDIT_USER_START, Prog, "changing",
|
|
- NULL, getuid (), 0);
|
|
+ snprintf(audit_buf, sizeof(audit_buf),
|
|
+ "changing new-gid=%d", gid);
|
|
+ audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
+ audit_buf, NULL, getuid (), 0);
|
|
#endif
|
|
perror ("/bin/sh");
|
|
exit (errno == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
|
|
@@ -618,7 +644,8 @@ int main (int argc, char **argv)
|
|
}
|
|
|
|
#ifdef WITH_AUDIT
|
|
- audit_logger (AUDIT_USER_START, Prog, "changing", NULL, getuid (), 1);
|
|
+ snprintf(audit_buf, sizeof(audit_buf), "changing new-gid=%d", gid);
|
|
+ audit_logger (AUDIT_CHGRP_ID, Prog, audit_buf, NULL, getuid (), 1);
|
|
#endif
|
|
/*
|
|
* Exec the login shell and go away. We are trying to get back to
|
|
@@ -641,7 +668,14 @@ int main (int argc, char **argv)
|
|
*/
|
|
closelog ();
|
|
#ifdef WITH_AUDIT
|
|
- audit_logger (AUDIT_USER_START, Prog, "changing", NULL, getuid (), 0);
|
|
+ if (group) {
|
|
+ snprintf(audit_buf, sizeof(audit_buf),
|
|
+ "changing new-group=%s", group);
|
|
+ audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
+ audit_buf, NULL, getuid (), 0);
|
|
+ } else
|
|
+ audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
+ "changing", NULL, getuid (), 0);
|
|
#endif
|
|
exit (1);
|
|
}
|