From a8bc585e33fa771c3ff6f6bba5ee705d64677809 Mon Sep 17 00:00:00 2001 From: nekral-guest Date: Thu, 14 Feb 2008 18:35:51 +0000 Subject: [PATCH] Use the correct AUDIT_CHGRP_ID event instead of AUDIT_USER_START, when changing the user space group ID with newgrp or sg. Thanks to sgrubb@redhat.com for the patch. --- ChangeLog | 6 ++++++ NEWS | 2 ++ src/newgrp.c | 61 +++++++++++++++++++++++++++++++++++++++++----------- 3 files changed, 57 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index a2af5ffd..227b393b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2008-02-14 Nicolas François + + * NEWS, src/newgrp.c: Use the correct AUDIT_CHGRP_ID event instead of + AUDIT_USER_START, when changing the user space group ID with + newgrp or sg. Thanks to sgrubb@redhat.com for the patch. + 2008-02-10 Nicolas François * src/usermod.c: Reset oflg with uflg if the new UID is equal to diff --git a/NEWS b/NEWS index 1aad2984..33eba3f0 100644 --- a/NEWS +++ b/NEWS @@ -32,6 +32,8 @@ shadow-4.1.0 -> shadow-4.1.1 UNRELEASED * Fix segfault when an user returns to an unknown GID (either the user was deleted during the user's newgrp session or the user's passwd entry referenced an invalid group). Add a syslog warning in that case. + * Use the correct AUDIT_CHGRP_ID event instead of AUDIT_USER_START, when + changing the user space group ID with newgrp or sg. - newusers * The new users are no more added to the list of members of their groups because the membership is already set by their primary group. diff --git a/src/newgrp.c b/src/newgrp.c index c7ed8951..b3af03b9 100644 --- a/src/newgrp.c +++ b/src/newgrp.c @@ -245,8 +245,15 @@ static void syslog_sg (const char *name, const char *group) fprintf (stderr, _("%s: failure forking: %s"), is_newgrp ? "newgrp" : "sg", strerror (errno)); #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_START, Prog, "changing", - NULL, getuid (), 0); + if (group) { + snprintf (audit_buf, sizeof(audit_buf), + "changing new-group=%s", group); + audit_logger (AUDIT_CHGRP_ID, Prog, + audit_buf, NULL, getuid (), 0); + } else { + audit_logger (AUDIT_CHGRP_ID, Prog, "changing", + NULL, getuid (), 0); + } #endif exit (1); } else if (child) { @@ -322,6 +329,8 @@ int main (int argc, char **argv) #endif #ifdef WITH_AUDIT + char audit_buf[80]; + audit_help_open (); #endif setlocale (LC_ALL, ""); @@ -364,7 +373,7 @@ int main (int argc, char **argv) if (!pwd) { fprintf (stderr, _("unknown UID: %u\n"), getuid ()); #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_START, Prog, "changing", NULL, + audit_logger (AUDIT_CHGRP_ID, Prog, "changing", NULL, getuid (), 0); #endif SYSLOG ((LOG_WARN, "unknown UID %u", getuid ())); @@ -473,8 +482,15 @@ int main (int argc, char **argv) if (ngroups < 0) { perror ("getgroups"); #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_START, Prog, - "changing", NULL, getuid (), 0); + if (group) { + snprintf (audit_buf, sizeof(audit_buf), + "changing new-group=%s", group); + audit_logger (AUDIT_CHGRP_ID, Prog, + audit_buf, NULL, getuid (), 0); + } else { + audit_logger (AUDIT_CHGRP_ID, Prog, + "changing", NULL, getuid (), 0); + } #endif exit (1); } @@ -595,14 +611,24 @@ int main (int argc, char **argv) * to the real UID. For root, this also sets the real GID to the * new group id. */ - if (setgid (gid)) + if (setgid (gid)) { perror ("setgid"); +#ifdef WITH_AUDIT + snprintf (audit_buf, sizeof(audit_buf), + "changing new-gid=%d", gid); + audit_logger (AUDIT_CHGRP_ID, Prog, + audit_buf, NULL, getuid (), 0); +#endif + exit (1); + } if (setuid (getuid ())) { perror ("setuid"); #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_START, Prog, "changing", - NULL, getuid (), 0); + snprintf (audit_buf, sizeof(audit_buf), + "changing new-gid=%d", gid); + audit_logger (AUDIT_CHGRP_ID, Prog, + audit_buf, NULL, getuid (), 0); #endif exit (1); } @@ -615,8 +641,10 @@ int main (int argc, char **argv) closelog (); execl ("/bin/sh", "sh", "-c", command, (char *) 0); #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_START, Prog, "changing", - NULL, getuid (), 0); + snprintf (audit_buf, sizeof(audit_buf), + "changing new-gid=%d", gid); + audit_logger (AUDIT_CHGRP_ID, Prog, + audit_buf, NULL, getuid (), 0); #endif perror ("/bin/sh"); exit (errno == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC); @@ -682,7 +710,8 @@ int main (int argc, char **argv) } #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_START, Prog, "changing", NULL, getuid (), 1); + snprintf (audit_buf, sizeof(audit_buf), "changing new-gid=%d", gid); + audit_logger (AUDIT_CHGRP_ID, Prog, audit_buf, NULL, getuid (), 1); #endif /* * Exec the login shell and go away. We are trying to get back to @@ -705,7 +734,15 @@ int main (int argc, char **argv) */ closelog (); #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_START, Prog, "changing", NULL, getuid (), 0); + if (group) { + snprintf (audit_buf, sizeof(audit_buf), + "changing new-group=%s", group); + audit_logger (AUDIT_CHGRP_ID, Prog, + audit_buf, NULL, getuid (), 0); + } else { + audit_logger (AUDIT_CHGRP_ID, Prog, + "changing", NULL, getuid (), 0); + } #endif exit (1); }