ahill/shadow
1
0
Fork 0
mirror of https://github.com/shadow-maint/shadow.git synced 2026-01-26 22:12:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

lib/, src/: update audit messages

Browse Source 
Auditing has been broken for a long time upstream and Fedora had some
downstream patches that fixed it, upstreaming that content to fix the
problem for everybody.

The audit of a user is performed through the AUDIT_USER_* macros.
Similarly, the audit of a group is performed through the AUDIT_GRP_*
macros. Part of the audit performed for groups was incorrectly labeled
as a user, and therefore some changes needed to be made to label them
correctly.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
This commit is contained in:
Iker Pedrosa 2025-01-24 14:13:27 +01:00 committed by Alejandro Colomar
parent 7a0f24f8d0
commit 133ee47f31
7 changed files with 112 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
lib/cleanup_group.c
View File

@ -62,7 +62,7 @@ void cleanup_report_mod_group (void *cleanup_info)
gr_dbname (),
info->action));
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_ACCT, log_get_progname(),
audit_logger (AUDIT_GRP_MGMT, log_get_progname(),
info->audit_msg,
info->name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
@ -80,7 +80,7 @@ void cleanup_report_mod_gshadow (void *cleanup_info)
sgr_dbname (),
info->action));
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_ACCT, log_get_progname(),
audit_logger (AUDIT_GRP_MGMT, log_get_progname(),
info->audit_msg,
info->name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
@ -101,7 +101,7 @@ void cleanup_report_add_group_group (void *group_name)
SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, gr_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
"adding group to /etc/group",
"adding-group",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@ -120,8 +120,8 @@ void cleanup_report_add_group_gshadow (void *group_name)
SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, sgr_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
"adding group to /etc/gshadow",
audit_logger (AUDIT_GRP_MGMT, log_get_progname(),
"adding-shadow-group",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@ -143,8 +143,8 @@ void cleanup_report_del_group_group (void *group_name)
"failed to remove group %s from %s",
name, gr_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
"removing group from /etc/group",
audit_logger (AUDIT_DEL_GROUP, log_get_progname(),
"removing-group",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@ -166,8 +166,8 @@ void cleanup_report_del_group_gshadow (void *group_name)
"failed to remove group %s from %s",
name, sgr_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
"removing group from /etc/gshadow",
audit_logger (AUDIT_GRP_MGMT, log_get_progname(),
"removing-shadow-group",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@ -187,7 +187,7 @@ void cleanup_unlock_group (MAYBE_UNUSED void *arg)
log_get_progname(), gr_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
#ifdef WITH_AUDIT
audit_logger_message ("unlocking group file",
audit_logger_message ("unlocking-group",
SHADOW_AUDIT_FAILURE);
#endif
}
@ -207,7 +207,7 @@ void cleanup_unlock_gshadow (MAYBE_UNUSED void *arg)
log_get_progname(), sgr_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
#ifdef WITH_AUDIT
audit_logger_message ("unlocking gshadow file",
audit_logger_message ("unlocking-gshadow",
SHADOW_AUDIT_FAILURE);
#endif
}

12
lib/cleanup_user.c
View File

@ -44,7 +44,7 @@ void cleanup_report_mod_passwd (void *cleanup_info)
pw_dbname (),
info->action));
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_ACCT, log_get_progname(),
audit_logger (AUDIT_USER_MGMT, log_get_progname(),
info->audit_msg,
info->name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
@ -65,7 +65,7 @@ void cleanup_report_add_user_passwd (void *user_name)
SYSLOG ((LOG_ERR, "failed to add user %s to %s", name, pw_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, log_get_progname(),
"adding user to /etc/passwd",
"adding-user",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@ -84,8 +84,8 @@ void cleanup_report_add_user_shadow (void *user_name)
SYSLOG ((LOG_ERR, "failed to add user %s to %s", name, spw_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, log_get_progname(),
"adding user to /etc/shadow",
audit_logger (AUDIT_USER_MGMT, log_get_progname(),
"adding-shadow-user",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@ -104,7 +104,7 @@ void cleanup_unlock_passwd (MAYBE_UNUSED void *arg)
log_get_progname(), pw_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
#ifdef WITH_AUDIT
audit_logger_message ("unlocking passwd file",
audit_logger_message ("unlocking-passwd",
SHADOW_AUDIT_FAILURE);
#endif
}
@ -123,7 +123,7 @@ void cleanup_unlock_shadow (MAYBE_UNUSED void *arg)
log_get_progname(), spw_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
#ifdef WITH_AUDIT
audit_logger_message ("unlocking shadow file",
audit_logger_message ("unlocking-shadow",
SHADOW_AUDIT_FAILURE);
#endif
}

39
src/chage.c
View File

@ -110,8 +110,8 @@ fail_exit (int code)
#ifdef WITH_AUDIT
if (E_SUCCESS != code) {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"change age", user_name, user_uid, 0);
audit_logger (AUDIT_USER_MGMT, Prog,
"change-age", user_name, user_uid, SHADOW_AUDIT_FAILURE);
}
#endif
@ -789,10 +789,7 @@ int main (int argc, char **argv)
fprintf (stderr, _("%s: Permission denied.\n"), Prog);
fail_exit (E_NOPERM);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"display aging info", user_name, user_uid, 1);
#endif
/* Displaying fields is not of interest to audit */
list_fields ();
fail_exit (E_SUCCESS);
}
@ -811,39 +808,39 @@ int main (int argc, char **argv)
}
#ifdef WITH_AUDIT
else {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"change all aging information",
user_name, user_uid, 1);
audit_logger (AUDIT_USER_MGMT, Prog,
"change-all-aging-information",
user_name, user_uid, SHADOW_AUDIT_SUCCESS);
}
#endif
} else {
#ifdef WITH_AUDIT
if (Mflg) {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"change max age", user_name, user_uid, 1);
audit_logger (AUDIT_USER_MGMT, Prog,
"change-max-age", user_name, user_uid, SHADOW_AUDIT_SUCCESS);
}
if (mflg) {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"change min age", user_name, user_uid, 1);
audit_logger (AUDIT_USER_MGMT, Prog,
"change-min-age", user_name, user_uid, 1);
}
if (dflg) {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"change last change date",
audit_logger (AUDIT_USER_MGMT, Prog,
"change-last-change-date",
user_name, user_uid, 1);
}
if (Wflg) {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"change passwd warning",
audit_logger (AUDIT_USER_MGMT, Prog,
"change-passwd-warning",
user_name, user_uid, 1);
}
if (Iflg) {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"change inactive days",
audit_logger (AUDIT_USER_MGMT, Prog,
"change-inactive-days",
user_name, user_uid, 1);
}
if (Eflg) {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"change passwd expiration",
audit_logger (AUDIT_USER_MGMT, Prog,
"change-passwd-expiration",
user_name, user_uid, 1);
}
#endif

49
src/groupadd.c
View File

@ -120,6 +120,15 @@ usage (int status)
exit (status);
}
static void fail_exit(int status)
{
#ifdef WITH_AUDIT
audit_logger(AUDIT_ADD_GROUP, Prog, "add-group", group_name,
AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
#endif
exit (status);
}
/*
* new_grent - initialize the values in a group file entry
*
@ -222,7 +231,7 @@ grp_update(void)
fprintf (stderr,
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, gr_dbname (), grp.gr_name);
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP
/*
@ -232,7 +241,7 @@ grp_update(void)
fprintf (stderr,
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, sgr_dbname (), sgrp.sg_namp);
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
#endif /* SHADOWGRP */
}
@ -250,7 +259,7 @@ check_new_name(void)
fprintf(stderr, _("%s: '%s' is not a valid group name\n"),
Prog, group_name);
exit(E_BAD_ARG);
fail_exit (E_BAD_ARG);
}
return;
@ -269,11 +278,11 @@ static void close_files (void)
fprintf (stderr,
_("%s: failure while writing changes to %s\n"),
Prog, gr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
"adding group to /etc/group",
"add-group",
group_name, group_id, SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO, "group added to %s: name=%s, GID=%u",
@ -290,11 +299,11 @@ static void close_files (void)
fprintf (stderr,
_("%s: failure while writing changes to %s\n"),
Prog, sgr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
"adding group to /etc/gshadow",
audit_logger (AUDIT_GRP_MGMT, Prog,
"add-shadow-group",
group_name, group_id, SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO, "group added to %s: name=%s",
@ -307,10 +316,6 @@ static void close_files (void)
#endif /* SHADOWGRP */
/* Report success at the system level */
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
"", group_name, group_id, SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u",
group_name, (unsigned int) group_id));
del_cleanup (cleanup_report_add_group);
@ -328,7 +333,7 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, gr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
add_cleanup (cleanup_unlock_group, NULL);
@ -338,7 +343,7 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sgr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
add_cleanup (cleanup_unlock_gshadow, NULL);
}
@ -354,7 +359,7 @@ static void open_files (void)
if (gr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s: %s\n"), Prog, gr_dbname (), strerror(errno));
SYSLOG ((LOG_WARN, "cannot open %s: %s", gr_dbname (), strerror(errno)));
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP
@ -364,7 +369,7 @@ static void open_files (void)
_("%s: cannot open %s: %s\n"),
Prog, sgr_dbname (), strerror(errno));
SYSLOG ((LOG_WARN, "cannot open %s: %s", sgr_dbname (), strerror(errno)));
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
}
#endif /* SHADOWGRP */
@ -499,7 +504,7 @@ static void check_flags (void)
fprintf (stderr,
_("%s: group '%s' already exists\n"),
Prog, group_name);
exit (E_NAME_IN_USE);
fail_exit (E_NAME_IN_USE);
}
if (gflg && (prefix_getgrgid (group_id) != NULL)) {
@ -518,7 +523,7 @@ static void check_flags (void)
fprintf (stderr,
_("%s: GID '%lu' already exists\n"),
Prog, (unsigned long) group_id);
exit (E_GID_IN_USE);
fail_exit (E_GID_IN_USE);
}
}
}
@ -546,7 +551,7 @@ static void check_perms (void)
fprintf (stderr,
_("%s: Cannot determine your user name.\n"),
Prog);
exit (1);
fail_exit (1);
}
retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
@ -566,7 +571,7 @@ static void check_perms (void)
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
exit (1);
fail_exit (1);
}
(void) pam_end (pamh, retval);
#endif /* USE_PAM */
@ -597,7 +602,7 @@ int main (int argc, char **argv)
fprintf (stderr,
_("%s: Cannot setup cleanup service.\n"),
Prog);
exit (1);
fail_exit (1);
}
/*
@ -624,7 +629,7 @@ int main (int argc, char **argv)
if (!gflg) {
if (find_new_gid (rflg, &group_id, NULL) < 0) {
exit (E_GID_IN_USE);
fail_exit (E_GID_IN_USE);
}
}

46
src/groupdel.c
View File

@ -87,6 +87,15 @@ usage (int status)
exit (status);
}
static void fail_exit(int status)
{
#ifdef WITH_AUDIT
audit_logger(AUDIT_GRP_MGMT, Prog, "delete-group", group_name,
AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
#endif
exit (status);
}
/*
* grp_update - update group file entries
*
@ -113,7 +122,7 @@ static void grp_update (void)
fprintf (stderr,
_("%s: cannot remove entry '%s' from %s\n"),
Prog, group_name, gr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP
@ -125,7 +134,7 @@ static void grp_update (void)
fprintf (stderr,
_("%s: cannot remove entry '%s' from %s\n"),
Prog, group_name, sgr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
}
#endif /* SHADOWGRP */
@ -144,12 +153,12 @@ static void close_files (void)
fprintf (stderr,
_("%s: failure while writing changes to %s\n"),
Prog, gr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_GROUP, Prog,
"removing group from /etc/group",
"delete-group",
group_name, group_id, SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO,
@ -168,12 +177,12 @@ static void close_files (void)
fprintf (stderr,
_("%s: failure while writing changes to %s\n"),
Prog, sgr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_GROUP, Prog,
"removing group from /etc/gshadow",
audit_logger (AUDIT_GRP_MGMT, Prog,
"delete-shadow-group",
group_name, group_id, SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO,
@ -186,11 +195,6 @@ static void close_files (void)
}
#endif /* SHADOWGRP */
/* Report success at the system level */
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_GROUP, Prog,
"", group_name, group_id, SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO, "group '%s' removed\n", group_name));
del_cleanup (cleanup_report_del_group);
}
@ -207,7 +211,7 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, gr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
add_cleanup (cleanup_unlock_group, NULL);
#ifdef SHADOWGRP
@ -216,7 +220,7 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sgr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
add_cleanup (cleanup_unlock_gshadow, NULL);
}
@ -234,7 +238,7 @@ static void open_files (void)
_("%s: cannot open %s\n"),
Prog, gr_dbname ());
SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP
if (is_shadow_grp) {
@ -243,7 +247,7 @@ static void open_files (void)
_("%s: cannot open %s\n"),
Prog, sgr_dbname ());
SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ()));
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
}
#endif /* SHADOWGRP */
@ -284,7 +288,7 @@ static void group_busy (gid_t gid)
fprintf (stderr,
_("%s: cannot remove the primary group of user '%s'\n"),
Prog, pwd->pw_name);
exit (E_GROUP_BUSY);
fail_exit (E_GROUP_BUSY);
}
/*
@ -368,7 +372,7 @@ int main (int argc, char **argv)
fprintf (stderr,
_("%s: Cannot setup cleanup service.\n"),
Prog);
exit (1);
fail_exit (1);
}
process_flags (argc, argv);
@ -382,7 +386,7 @@ int main (int argc, char **argv)
fprintf (stderr,
_("%s: Cannot determine your user name.\n"),
Prog);
exit (1);
fail_exit (1);
}
retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
@ -403,7 +407,7 @@ int main (int argc, char **argv)
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
exit (1);
fail_exit (1);
}
(void) pam_end (pamh, retval);
#endif /* USE_PAM */
@ -423,7 +427,7 @@ int main (int argc, char **argv)
fprintf (stderr,
_("%s: group '%s' does not exist\n"),
Prog, group_name);
exit (E_NOTFOUND);
fail_exit (E_NOTFOUND);
}
group_id = grp->gr_gid;

17
src/groupmod.c
View File

@ -488,7 +488,7 @@ static void close_files (void)
exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_ACCT, Prog,
audit_logger (AUDIT_GRP_MGMT, Prog,
info_group.audit_msg,
group_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
@ -511,7 +511,14 @@ static void close_files (void)
exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_ACCT, Prog,
/* If both happened, log password change as its more important */
if (pflg)
audit_logger (AUDIT_GRP_CHAUTHTOK, Prog,
info_gshadow.audit_msg,
group_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
else
audit_logger (AUDIT_GRP_MGMT, Prog,
info_gshadow.audit_msg,
group_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
@ -534,7 +541,7 @@ static void close_files (void)
exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_ACCT, Prog,
audit_logger (AUDIT_GRP_MGMT, Prog,
info_passwd.audit_msg,
group_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
@ -549,8 +556,8 @@ static void close_files (void)
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_ACCT, Prog,
"modifying group",
audit_logger (AUDIT_GRP_MGMT, Prog,
"modify-group",
group_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
#endif

36
src/newgrp.c
View File

@ -193,10 +193,10 @@ static void check_perms (const struct group *grp,
if (streq(grp->gr_passwd, "") ||
!streq(grp->gr_passwd, cpasswd)) {
#ifdef WITH_AUDIT
SNPRINTF(audit_buf, "authentication new-gid=%lu",
SNPRINTF(audit_buf, "authentication new_gid=%lu",
(unsigned long) grp->gr_gid);
audit_logger (AUDIT_GRP_AUTH, Prog,
audit_buf, NULL, getuid (), 0);
audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE);
#endif
SYSLOG ((LOG_INFO,
"Invalid password for group '%s' from '%s'",
@ -206,10 +206,10 @@ static void check_perms (const struct group *grp,
goto failure;
}
#ifdef WITH_AUDIT
SNPRINTF(audit_buf, "authentication new-gid=%lu",
SNPRINTF(audit_buf, "authentication new_gid=%lu",
(unsigned long) grp->gr_gid);
audit_logger (AUDIT_GRP_AUTH, Prog,
audit_buf, NULL, getuid (), 1);
audit_buf, NULL, getuid (), SHADOW_AUDIT_SUCCESS);
#endif
}
@ -220,16 +220,6 @@ failure:
* harm. -- JWP
*/
closelog ();
#ifdef WITH_AUDIT
if (groupname) {
SNPRINTF(audit_buf, "changing new-group=%s", groupname);
audit_logger (AUDIT_CHGRP_ID, Prog,
audit_buf, NULL, getuid (), 0);
} else {
audit_logger (AUDIT_CHGRP_ID, Prog,
"changing", NULL, getuid (), 0);
}
#endif
exit (EXIT_FAILURE);
}
@ -447,7 +437,7 @@ int main (int argc, char **argv)
Prog);
#ifdef WITH_AUDIT
audit_logger (AUDIT_CHGRP_ID, Prog,
"changing", NULL, getuid (), 0);
"changing", NULL, getuid (), SHADOW_AUDIT_FAILURE);
#endif
SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)",
(unsigned long) getuid ()));
@ -704,9 +694,9 @@ int main (int argc, char **argv)
if (setgid (gid) != 0) {
perror ("setgid");
#ifdef WITH_AUDIT
SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid);
audit_logger (AUDIT_CHGRP_ID, Prog,
audit_buf, NULL, getuid (), 0);
audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE);
#endif
exit (EXIT_FAILURE);
}
@ -714,9 +704,9 @@ int main (int argc, char **argv)
if (setuid (getuid ()) != 0) {
perror ("setuid");
#ifdef WITH_AUDIT
SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid);
audit_logger (AUDIT_CHGRP_ID, Prog,
audit_buf, NULL, getuid (), 0);
audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE);
#endif
exit (EXIT_FAILURE);
}
@ -729,9 +719,9 @@ int main (int argc, char **argv)
closelog ();
execl (SHELL, "sh", "-c", command, (char *) NULL);
#ifdef WITH_AUDIT
SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid);
audit_logger (AUDIT_CHGRP_ID, Prog,
audit_buf, NULL, getuid (), 0);
audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE);
#endif
perror (SHELL);
exit ((errno == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
@ -795,9 +785,9 @@ int main (int argc, char **argv)
}
#ifdef WITH_AUDIT
SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid);
audit_logger (AUDIT_CHGRP_ID, Prog,
audit_buf, NULL, getuid (), 1);
audit_buf, NULL, getuid (), SHADOW_AUDIT_SUCCESS);
#endif
/*
* Exec the login shell and go away. We are trying to get back to