[Pkg-shadow-commits] r1804 - in upstream/trunk: . src
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Thu Feb 14 18:35:52 UTC 2008
Author: nekral-guest
Date: 2008-02-14 18:35:51 +0000 (Thu, 14 Feb 2008)
New Revision: 1804
Modified:
upstream/trunk/ChangeLog
upstream/trunk/NEWS
upstream/trunk/src/newgrp.c
Log:
Use the correct AUDIT_CHGRP_ID event instead of
AUDIT_USER_START, when changing the user space group ID with
newgrp or sg. Thanks to sgrubb at redhat.com for the patch.
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2008-02-11 22:46:08 UTC (rev 1803)
+++ upstream/trunk/ChangeLog 2008-02-14 18:35:51 UTC (rev 1804)
@@ -1,3 +1,9 @@
+2008-02-14 Nicolas François <nicolas.francois at centraliens.net>
+
+ * NEWS, src/newgrp.c: Use the correct AUDIT_CHGRP_ID event instead of
+ AUDIT_USER_START, when changing the user space group ID with
+ newgrp or sg. Thanks to sgrubb at redhat.com for the patch.
+
2008-02-10 Nicolas François <nicolas.francois at centraliens.net>
* src/usermod.c: Reset oflg with uflg if the new UID is equal to
Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS 2008-02-11 22:46:08 UTC (rev 1803)
+++ upstream/trunk/NEWS 2008-02-14 18:35:51 UTC (rev 1804)
@@ -32,6 +32,8 @@
* Fix segfault when an user returns to an unknown GID (either the user
was deleted during the user's newgrp session or the user's passwd
entry referenced an invalid group). Add a syslog warning in that case.
+ * Use the correct AUDIT_CHGRP_ID event instead of AUDIT_USER_START, when
+ changing the user space group ID with newgrp or sg.
- newusers
* The new users are no more added to the list of members of their groups
because the membership is already set by their primary group.
Modified: upstream/trunk/src/newgrp.c
===================================================================
--- upstream/trunk/src/newgrp.c 2008-02-11 22:46:08 UTC (rev 1803)
+++ upstream/trunk/src/newgrp.c 2008-02-14 18:35:51 UTC (rev 1804)
@@ -245,8 +245,15 @@
fprintf (stderr, _("%s: failure forking: %s"),
is_newgrp ? "newgrp" : "sg", strerror (errno));
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog, "changing",
- NULL, getuid (), 0);
+ if (group) {
+ snprintf (audit_buf, sizeof(audit_buf),
+ "changing new-group=%s", group);
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ audit_buf, NULL, getuid (), 0);
+ } else {
+ audit_logger (AUDIT_CHGRP_ID, Prog, "changing",
+ NULL, getuid (), 0);
+ }
#endif
exit (1);
} else if (child) {
@@ -322,6 +329,8 @@
#endif
#ifdef WITH_AUDIT
+ char audit_buf[80];
+
audit_help_open ();
#endif
setlocale (LC_ALL, "");
@@ -364,7 +373,7 @@
if (!pwd) {
fprintf (stderr, _("unknown UID: %u\n"), getuid ());
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog, "changing", NULL,
+ audit_logger (AUDIT_CHGRP_ID, Prog, "changing", NULL,
getuid (), 0);
#endif
SYSLOG ((LOG_WARN, "unknown UID %u", getuid ()));
@@ -473,8 +482,15 @@
if (ngroups < 0) {
perror ("getgroups");
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog,
- "changing", NULL, getuid (), 0);
+ if (group) {
+ snprintf (audit_buf, sizeof(audit_buf),
+ "changing new-group=%s", group);
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ audit_buf, NULL, getuid (), 0);
+ } else {
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ "changing", NULL, getuid (), 0);
+ }
#endif
exit (1);
}
@@ -595,14 +611,24 @@
* to the real UID. For root, this also sets the real GID to the
* new group id.
*/
- if (setgid (gid))
+ if (setgid (gid)) {
perror ("setgid");
+#ifdef WITH_AUDIT
+ snprintf (audit_buf, sizeof(audit_buf),
+ "changing new-gid=%d", gid);
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ audit_buf, NULL, getuid (), 0);
+#endif
+ exit (1);
+ }
if (setuid (getuid ())) {
perror ("setuid");
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog, "changing",
- NULL, getuid (), 0);
+ snprintf (audit_buf, sizeof(audit_buf),
+ "changing new-gid=%d", gid);
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ audit_buf, NULL, getuid (), 0);
#endif
exit (1);
}
@@ -615,8 +641,10 @@
closelog ();
execl ("/bin/sh", "sh", "-c", command, (char *) 0);
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog, "changing",
- NULL, getuid (), 0);
+ snprintf (audit_buf, sizeof(audit_buf),
+ "changing new-gid=%d", gid);
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ audit_buf, NULL, getuid (), 0);
#endif
perror ("/bin/sh");
exit (errno == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
@@ -682,7 +710,8 @@
}
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog, "changing", NULL, getuid (), 1);
+ snprintf (audit_buf, sizeof(audit_buf), "changing new-gid=%d", gid);
+ audit_logger (AUDIT_CHGRP_ID, Prog, audit_buf, NULL, getuid (), 1);
#endif
/*
* Exec the login shell and go away. We are trying to get back to
@@ -705,7 +734,15 @@
*/
closelog ();
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog, "changing", NULL, getuid (), 0);
+ if (group) {
+ snprintf (audit_buf, sizeof(audit_buf),
+ "changing new-group=%s", group);
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ audit_buf, NULL, getuid (), 0);
+ } else {
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ "changing", NULL, getuid (), 0);
+ }
#endif
exit (1);
}
More information about the Pkg-shadow-commits
mailing list