|
|
ac7df2 |
diff -urp shadow-4.1.5.1.orig/lib/prototypes.h shadow-4.1.5.1/lib/prototypes.h
|
|
|
ac7df2 |
--- shadow-4.1.5.1.orig/lib/prototypes.h 2014-09-13 15:45:54.953829562 -0400
|
|
|
ac7df2 |
+++ shadow-4.1.5.1/lib/prototypes.h 2014-10-14 08:39:23.785884075 -0400
|
|
|
ac7df2 |
@@ -195,12 +195,21 @@ extern int audit_fd;
|
|
|
ac7df2 |
extern void audit_help_open (void);
|
|
|
ac7df2 |
/* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */
|
|
|
ac7df2 |
#define AUDIT_NO_ID ((unsigned int) -1)
|
|
|
ac7df2 |
+#ifndef AUDIT_GRP_MGMT
|
|
|
ac7df2 |
+#define AUDIT_GRP_MGMT 1132 /* Group account was modified */
|
|
|
ac7df2 |
+#endif
|
|
|
ac7df2 |
+#ifndef AUDIT_GRP_CHAUTHTOK
|
|
|
ac7df2 |
+#define AUDIT_GRP_CHAUTHTOK 1133 /* Group account password was changed */
|
|
|
ac7df2 |
+#endif
|
|
|
ac7df2 |
typedef enum {
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE = 0,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS = 1} shadow_audit_result;
|
|
|
ac7df2 |
extern void audit_logger (int type, const char *pgname, const char *op,
|
|
|
ac7df2 |
const char *name, unsigned int id,
|
|
|
ac7df2 |
shadow_audit_result result);
|
|
|
ac7df2 |
+void audit_logger_with_group (int type, unused const char *pgname,
|
|
|
ac7df2 |
+ const char *op, const char *name, unsigned int id,
|
|
|
ac7df2 |
+ const char *grp, shadow_audit_result result);
|
|
|
ac7df2 |
void audit_logger_message (const char *message, shadow_audit_result result);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
|
|
|
ac7df2 |
diff -urp shadow-4.1.5.1.orig/libmisc/audit_help.c shadow-4.1.5.1/libmisc/audit_help.c
|
|
|
ac7df2 |
--- shadow-4.1.5.1.orig/libmisc/audit_help.c 2010-08-21 07:41:28.000000000 -0400
|
|
|
ac7df2 |
+++ shadow-4.1.5.1/libmisc/audit_help.c 2014-10-14 08:39:23.785884075 -0400
|
|
|
ac7df2 |
@@ -68,7 +68,7 @@ void audit_help_open (void)
|
|
|
ac7df2 |
* This function will log a message to the audit system using a predefined
|
|
|
ac7df2 |
* message format. Parameter usage is as follows:
|
|
|
ac7df2 |
*
|
|
|
ac7df2 |
- * type - type of message: AUDIT_USER_CHAUTHTOK for changing any account
|
|
|
ac7df2 |
+ * type - type of message: AUDIT_USER_MGMT for changing any account
|
|
|
ac7df2 |
* attributes.
|
|
|
ac7df2 |
* pgname - program's name
|
|
|
ac7df2 |
* op - operation. "adding user", "changing finger info", "deleting group"
|
|
|
ac7df2 |
@@ -88,6 +88,39 @@ void audit_logger (int type, unused cons
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
+/*
|
|
|
ac7df2 |
+ * This function will log a message to the audit system using a predefined
|
|
|
ac7df2 |
+ * message format. Parameter usage is as follows:
|
|
|
ac7df2 |
+ *
|
|
|
ac7df2 |
+ * type - type of message: AUDIT_USER_MGMT for changing any account
|
|
|
ac7df2 |
+ * attributes.
|
|
|
ac7df2 |
+ * pgname - program's name
|
|
|
ac7df2 |
+ * op - operation. "adding user", "changing finger info", "deleting group"
|
|
|
ac7df2 |
+ * name - user's account or group name. If not available use NULL.
|
|
|
ac7df2 |
+ * id - uid or gid that the operation is being performed on. This is used
|
|
|
ac7df2 |
+ * only when user is NULL.
|
|
|
ac7df2 |
+ * grp - group name associated with event
|
|
|
ac7df2 |
+ */
|
|
|
ac7df2 |
+void audit_logger_with_group (int type, unused const char *pgname,
|
|
|
ac7df2 |
+ const char *op, const char *name, unsigned int id,
|
|
|
ac7df2 |
+ const char *grp, shadow_audit_result result)
|
|
|
ac7df2 |
+{
|
|
|
ac7df2 |
+ int len;
|
|
|
ac7df2 |
+ char enc_group[(GROUP_NAME_MAX_LENGTH*2)+1], buf[1024];
|
|
|
ac7df2 |
+ if (audit_fd < 0) {
|
|
|
ac7df2 |
+ return;
|
|
|
ac7df2 |
+ }
|
|
|
ac7df2 |
+ len = strnlen(grp, sizeof(enc_group)/2);
|
|
|
ac7df2 |
+ if (audit_value_needs_encoding(grp, len)) {
|
|
|
ac7df2 |
+ snprintf(buf, sizeof(buf), "%s grp=%s", op,
|
|
|
ac7df2 |
+ audit_encode_value(enc_group, grp, len));
|
|
|
ac7df2 |
+ } else {
|
|
|
ac7df2 |
+ snprintf(buf, sizeof(buf), "%s grp=\"%s\"", op, grp);
|
|
|
ac7df2 |
+ }
|
|
|
ac7df2 |
+ audit_log_acct_message (audit_fd, type, NULL, buf, name, id,
|
|
|
ac7df2 |
+ NULL, NULL, NULL, (int) result);
|
|
|
ac7df2 |
+}
|
|
|
ac7df2 |
+
|
|
|
ac7df2 |
void audit_logger_message (const char *message, shadow_audit_result result)
|
|
|
ac7df2 |
{
|
|
|
ac7df2 |
if (audit_fd < 0) {
|
|
|
ac7df2 |
diff -urp shadow-4.1.5.1.orig/libmisc/cleanup_group.c shadow-4.1.5.1/libmisc/cleanup_group.c
|
|
|
ac7df2 |
--- shadow-4.1.5.1.orig/libmisc/cleanup_group.c 2008-12-23 17:45:18.000000000 -0500
|
|
|
ac7df2 |
+++ shadow-4.1.5.1/libmisc/cleanup_group.c 2014-10-14 09:00:33.594753105 -0400
|
|
|
ac7df2 |
@@ -83,7 +83,7 @@ void cleanup_report_mod_group (void *cle
|
|
|
ac7df2 |
gr_dbname (),
|
|
|
ac7df2 |
info->action));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
ac7df2 |
+ audit_logger (AUDIT_GRP_MGMT, Prog,
|
|
|
ac7df2 |
info->audit_msg,
|
|
|
ac7df2 |
info->name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
@@ -101,7 +101,7 @@ void cleanup_report_mod_gshadow (void *c
|
|
|
ac7df2 |
sgr_dbname (),
|
|
|
ac7df2 |
info->action));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
ac7df2 |
+ audit_logger (AUDIT_GRP_MGMT, Prog,
|
|
|
ac7df2 |
info->audit_msg,
|
|
|
ac7df2 |
info->name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
@@ -122,7 +122,7 @@ void cleanup_report_add_group_group (voi
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, gr_dbname ()));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_ADD_GROUP, Prog,
|
|
|
ac7df2 |
- "adding group to /etc/group",
|
|
|
ac7df2 |
+ "adding-group",
|
|
|
ac7df2 |
name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -141,8 +141,8 @@ void cleanup_report_add_group_gshadow (v
|
|
|
ac7df2 |
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, sgr_dbname ()));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_GROUP, Prog,
|
|
|
ac7df2 |
- "adding group to /etc/gshadow",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_GRP_MGMT, Prog,
|
|
|
ac7df2 |
+ "adding-shadow-group",
|
|
|
ac7df2 |
name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -164,8 +164,8 @@ void cleanup_report_del_group_group (voi
|
|
|
ac7df2 |
"failed to remove group %s from %s",
|
|
|
ac7df2 |
name, gr_dbname ()));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_GROUP, Prog,
|
|
|
ac7df2 |
- "removing group from /etc/group",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_DEL_GROUP, Prog,
|
|
|
ac7df2 |
+ "removing-group",
|
|
|
ac7df2 |
name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -187,8 +187,8 @@ void cleanup_report_del_group_gshadow (v
|
|
|
ac7df2 |
"failed to remove group %s from %s",
|
|
|
ac7df2 |
name, sgr_dbname ()));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_GROUP, Prog,
|
|
|
ac7df2 |
- "removing group from /etc/gshadow",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_GRP_MGMT, Prog,
|
|
|
ac7df2 |
+ "removing-shadow-group",
|
|
|
ac7df2 |
name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -208,7 +208,7 @@ void cleanup_unlock_group (unused void *
|
|
|
ac7df2 |
Prog, gr_dbname ());
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger_message ("unlocking group file",
|
|
|
ac7df2 |
+ audit_logger_message ("unlocking-group",
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -228,7 +228,7 @@ void cleanup_unlock_gshadow (unused void
|
|
|
ac7df2 |
Prog, sgr_dbname ());
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger_message ("unlocking gshadow file",
|
|
|
ac7df2 |
+ audit_logger_message ("unlocking-gshadow",
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
diff -urp shadow-4.1.5.1.orig/libmisc/cleanup_user.c shadow-4.1.5.1/libmisc/cleanup_user.c
|
|
|
ac7df2 |
--- shadow-4.1.5.1.orig/libmisc/cleanup_user.c 2008-12-23 17:45:18.000000000 -0500
|
|
|
ac7df2 |
+++ shadow-4.1.5.1/libmisc/cleanup_user.c 2014-10-14 09:01:51.878745031 -0400
|
|
|
ac7df2 |
@@ -65,7 +65,7 @@ void cleanup_report_mod_passwd (void *cl
|
|
|
ac7df2 |
pw_dbname (),
|
|
|
ac7df2 |
info->action));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
info->audit_msg,
|
|
|
ac7df2 |
info->name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
@@ -86,7 +86,7 @@ void cleanup_report_add_user_passwd (voi
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to add user %s to %s", name, pw_dbname ()));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "adding user to /etc/passwd",
|
|
|
ac7df2 |
+ "adding-user",
|
|
|
ac7df2 |
name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -105,8 +105,8 @@ void cleanup_report_add_user_shadow (voi
|
|
|
ac7df2 |
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to add user %s to %s", name, spw_dbname ()));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "adding user to /etc/shadow",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "adding-shadow-user",
|
|
|
ac7df2 |
name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -125,7 +125,7 @@ void cleanup_unlock_passwd (unused void
|
|
|
ac7df2 |
Prog, pw_dbname ());
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger_message ("unlocking passwd file",
|
|
|
ac7df2 |
+ audit_logger_message ("unlocking-passwd",
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -144,7 +144,7 @@ void cleanup_unlock_shadow (unused void
|
|
|
ac7df2 |
Prog, spw_dbname ());
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger_message ("unlocking shadow file",
|
|
|
ac7df2 |
+ audit_logger_message ("unlocking-shadow",
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
diff -urp shadow-4.1.5.1.orig/src/chage.c shadow-4.1.5.1/src/chage.c
|
|
|
ac7df2 |
--- shadow-4.1.5.1.orig/src/chage.c 2011-11-19 17:54:47.000000000 -0500
|
|
|
ac7df2 |
+++ shadow-4.1.5.1/src/chage.c 2014-10-14 08:39:23.787884075 -0400
|
|
|
ac7df2 |
@@ -126,9 +126,10 @@ static /*@noreturn@*/void fail_exit (int
|
|
|
ac7df2 |
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
if (E_SUCCESS != code) {
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "change age",
|
|
|
ac7df2 |
- user_name, (unsigned int) user_uid, 0);
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "change-age",
|
|
|
ac7df2 |
+ user_name, (unsigned int) user_uid,
|
|
|
ac7df2 |
+ SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
|
|
|
ac7df2 |
@@ -873,11 +874,7 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
fprintf (stderr, _("%s: Permission denied.\n"), Prog);
|
|
|
ac7df2 |
fail_exit (E_NOPERM);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "display aging info",
|
|
|
ac7df2 |
- user_name, (unsigned int) user_uid, 1);
|
|
|
ac7df2 |
-#endif
|
|
|
ac7df2 |
+ /* Displaying fields is not of interest to audit */
|
|
|
ac7df2 |
list_fields ();
|
|
|
ac7df2 |
fail_exit (E_SUCCESS);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -896,41 +893,43 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
else {
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "change all aging information",
|
|
|
ac7df2 |
- user_name, (unsigned int) user_uid, 1);
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "change-all-aging-information",
|
|
|
ac7df2 |
+ user_name, (unsigned int) user_uid,
|
|
|
ac7df2 |
+ SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
} else {
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
if (Mflg) {
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "change max age",
|
|
|
ac7df2 |
- user_name, (unsigned int) user_uid, 1);
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "change-max-age",
|
|
|
ac7df2 |
+ user_name, (unsigned int) user_uid,
|
|
|
ac7df2 |
+ SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
if (mflg) {
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "change min age",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "change-min-age",
|
|
|
ac7df2 |
user_name, (unsigned int) user_uid, 1);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
if (dflg) {
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "change last change date",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "change-last-change-date",
|
|
|
ac7df2 |
user_name, (unsigned int) user_uid, 1);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
if (Wflg) {
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "change passwd warning",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "change-passwd-warning",
|
|
|
ac7df2 |
user_name, (unsigned int) user_uid, 1);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
if (Iflg) {
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "change inactive days",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "change-inactive-days",
|
|
|
ac7df2 |
user_name, (unsigned int) user_uid, 1);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
if (Eflg) {
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "change passwd expiration",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "change-passwd-expiration",
|
|
|
ac7df2 |
user_name, (unsigned int) user_uid, 1);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
diff -urp shadow-4.1.5.1.orig/src/gpasswd.c shadow-4.1.5.1/src/gpasswd.c
|
|
|
ac7df2 |
--- shadow-4.1.5.1.orig/src/gpasswd.c 2014-09-13 15:45:54.989829559 -0400
|
|
|
ac7df2 |
+++ shadow-4.1.5.1/src/gpasswd.c 2014-10-14 08:43:07.393861012 -0400
|
|
|
ac7df2 |
@@ -137,7 +137,7 @@ static void usage (int status)
|
|
|
ac7df2 |
(void) fputs (_(" -d, --delete USER remove USER from GROUP\n"), usageout);
|
|
|
ac7df2 |
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
|
|
|
ac7df2 |
(void) fputs (_(" -Q, --root CHROOT_DIR directory to chroot into\n"), usageout);
|
|
|
ac7df2 |
- (void) fputs (_(" -r, --remove-password remove the GROUP's password\n"), usageout);
|
|
|
ac7df2 |
+ (void) fputs (_(" -r, --delete-password remove the GROUP's password\n"), usageout);
|
|
|
ac7df2 |
(void) fputs (_(" -R, --restrict restrict access to GROUP to its members\n"), usageout);
|
|
|
ac7df2 |
(void) fputs (_(" -M, --members USER,... set the list of members of GROUP\n"), usageout);
|
|
|
ac7df2 |
#ifdef SHADOWGRP
|
|
|
ac7df2 |
@@ -397,21 +397,14 @@ static void open_files (void)
|
|
|
ac7df2 |
|
|
|
ac7df2 |
static void log_gpasswd_failure (const char *suffix)
|
|
|
ac7df2 |
{
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- char buf[1024];
|
|
|
ac7df2 |
-#endif
|
|
|
ac7df2 |
if (aflg) {
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR,
|
|
|
ac7df2 |
"%s failed to add user %s to group %s%s",
|
|
|
ac7df2 |
myname, user, group, suffix));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- snprintf (buf, 1023,
|
|
|
ac7df2 |
- "%s failed to add user %s to group %s%s",
|
|
|
ac7df2 |
- myname, user, group, suffix);
|
|
|
ac7df2 |
- buf[1023] = '\0';
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
ac7df2 |
- buf,
|
|
|
ac7df2 |
- group, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "add-user-to-group",
|
|
|
ac7df2 |
+ user, AUDIT_NO_ID, group,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
} else if (dflg) {
|
|
|
ac7df2 |
@@ -419,13 +412,9 @@ static void log_gpasswd_failure (const c
|
|
|
ac7df2 |
"%s failed to remove user %s from group %s%s",
|
|
|
ac7df2 |
myname, user, group, suffix));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- snprintf (buf, 1023,
|
|
|
ac7df2 |
- "%s failed to remove user %s from group %s%s",
|
|
|
ac7df2 |
- myname, user, group, suffix);
|
|
|
ac7df2 |
- buf[1023] = '\0';
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
ac7df2 |
- buf,
|
|
|
ac7df2 |
- group, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "delete-user-from-group",
|
|
|
ac7df2 |
+ user, AUDIT_NO_ID, group,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
} else if (rflg) {
|
|
|
ac7df2 |
@@ -433,13 +422,9 @@ static void log_gpasswd_failure (const c
|
|
|
ac7df2 |
"%s failed to remove password of group %s%s",
|
|
|
ac7df2 |
myname, group, suffix));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- snprintf (buf, 1023,
|
|
|
ac7df2 |
- "%s failed to remove password of group %s%s",
|
|
|
ac7df2 |
- myname, group, suffix);
|
|
|
ac7df2 |
- buf[1023] = '\0';
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- buf,
|
|
|
ac7df2 |
- group, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_GRP_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
+ "delete-group-password",
|
|
|
ac7df2 |
+ myname, AUDIT_NO_ID, group,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
} else if (Rflg) {
|
|
|
ac7df2 |
@@ -447,13 +432,9 @@ static void log_gpasswd_failure (const c
|
|
|
ac7df2 |
"%s failed to restrict access to group %s%s",
|
|
|
ac7df2 |
myname, group, suffix));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- snprintf (buf, 1023,
|
|
|
ac7df2 |
- "%s failed to restrict access to group %s%s",
|
|
|
ac7df2 |
- myname, group, suffix);
|
|
|
ac7df2 |
- buf[1023] = '\0';
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- buf,
|
|
|
ac7df2 |
- group, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_GRP_MGMT, Prog,
|
|
|
ac7df2 |
+ "restrict-group",
|
|
|
ac7df2 |
+ myname, AUDIT_NO_ID, group,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
} else if (Aflg || Mflg) {
|
|
|
ac7df2 |
@@ -463,13 +444,9 @@ static void log_gpasswd_failure (const c
|
|
|
ac7df2 |
"%s failed to set the administrators of group %s to %s%s",
|
|
|
ac7df2 |
myname, group, admins, suffix));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- snprintf (buf, 1023,
|
|
|
ac7df2 |
- "%s failed to set the administrators of group %s to %s%s",
|
|
|
ac7df2 |
- myname, group, admins, suffix);
|
|
|
ac7df2 |
- buf[1023] = '\0';
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
ac7df2 |
- buf,
|
|
|
ac7df2 |
- group, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_GRP_MGMT, Prog,
|
|
|
ac7df2 |
+ "set-admins-of-group",
|
|
|
ac7df2 |
+ admins, AUDIT_NO_ID, group,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -479,13 +456,9 @@ static void log_gpasswd_failure (const c
|
|
|
ac7df2 |
"%s failed to set the members of group %s to %s%s",
|
|
|
ac7df2 |
myname, group, members, suffix));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- snprintf (buf, 1023,
|
|
|
ac7df2 |
- "%s failed to set the members of group %s to %s%s",
|
|
|
ac7df2 |
- myname, group, members, suffix);
|
|
|
ac7df2 |
- buf[1023] = '\0';
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
ac7df2 |
- buf,
|
|
|
ac7df2 |
- group, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "add-users-to-group",
|
|
|
ac7df2 |
+ members, AUDIT_NO_ID, group,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -494,13 +467,9 @@ static void log_gpasswd_failure (const c
|
|
|
ac7df2 |
"%s failed to change password of group %s%s",
|
|
|
ac7df2 |
myname, group, suffix));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- snprintf (buf, 1023,
|
|
|
ac7df2 |
- "%s failed to change password of group %s%s",
|
|
|
ac7df2 |
- myname, group, suffix);
|
|
|
ac7df2 |
- buf[1023] = '\0';
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- buf,
|
|
|
ac7df2 |
- group, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_GRP_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
+ "change-password",
|
|
|
ac7df2 |
+ myname, AUDIT_NO_ID, group,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -531,21 +500,14 @@ static void log_gpasswd_failure_gshadow
|
|
|
ac7df2 |
|
|
|
ac7df2 |
static void log_gpasswd_success (const char *suffix)
|
|
|
ac7df2 |
{
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- char buf[1024];
|
|
|
ac7df2 |
-#endif
|
|
|
ac7df2 |
if (aflg) {
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO,
|
|
|
ac7df2 |
"user %s added by %s to group %s%s",
|
|
|
ac7df2 |
user, myname, group, suffix));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- snprintf (buf, 1023,
|
|
|
ac7df2 |
- "user %s added by %s to group %s%s",
|
|
|
ac7df2 |
- user, myname, group, suffix);
|
|
|
ac7df2 |
- buf[1023] = '\0';
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
ac7df2 |
- buf,
|
|
|
ac7df2 |
- group, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "add-user-to-group",
|
|
|
ac7df2 |
+ user, AUDIT_NO_ID, group,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
} else if (dflg) {
|
|
|
ac7df2 |
@@ -553,13 +515,9 @@ static void log_gpasswd_success (const c
|
|
|
ac7df2 |
"user %s removed by %s from group %s%s",
|
|
|
ac7df2 |
user, myname, group, suffix));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- snprintf (buf, 1023,
|
|
|
ac7df2 |
- "user %s removed by %s from group %s%s",
|
|
|
ac7df2 |
- user, myname, group, suffix);
|
|
|
ac7df2 |
- buf[1023] = '\0';
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
ac7df2 |
- buf,
|
|
|
ac7df2 |
- group, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "delete-user-from-group",
|
|
|
ac7df2 |
+ user, AUDIT_NO_ID, group,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
} else if (rflg) {
|
|
|
ac7df2 |
@@ -567,13 +525,9 @@ static void log_gpasswd_success (const c
|
|
|
ac7df2 |
"password of group %s removed by %s%s",
|
|
|
ac7df2 |
group, myname, suffix));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- snprintf (buf, 1023,
|
|
|
ac7df2 |
- "password of group %s removed by %s%s",
|
|
|
ac7df2 |
- group, myname, suffix);
|
|
|
ac7df2 |
- buf[1023] = '\0';
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- buf,
|
|
|
ac7df2 |
- group, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_GRP_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
+ "delete-group-password",
|
|
|
ac7df2 |
+ myname, AUDIT_NO_ID, group,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
} else if (Rflg) {
|
|
|
ac7df2 |
@@ -581,13 +535,9 @@ static void log_gpasswd_success (const c
|
|
|
ac7df2 |
"access to group %s restricted by %s%s",
|
|
|
ac7df2 |
group, myname, suffix));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- snprintf (buf, 1023,
|
|
|
ac7df2 |
- "access to group %s restricted by %s%s",
|
|
|
ac7df2 |
- group, myname, suffix);
|
|
|
ac7df2 |
- buf[1023] = '\0';
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- buf,
|
|
|
ac7df2 |
- group, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_GRP_MGMT, Prog,
|
|
|
ac7df2 |
+ "restrict-group",
|
|
|
ac7df2 |
+ myname, AUDIT_NO_ID, group,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
} else if (Aflg || Mflg) {
|
|
|
ac7df2 |
@@ -597,13 +547,9 @@ static void log_gpasswd_success (const c
|
|
|
ac7df2 |
"administrators of group %s set by %s to %s%s",
|
|
|
ac7df2 |
group, myname, admins, suffix));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- snprintf (buf, 1023,
|
|
|
ac7df2 |
- "administrators of group %s set by %s to %s%s",
|
|
|
ac7df2 |
- group, myname, admins, suffix);
|
|
|
ac7df2 |
- buf[1023] = '\0';
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
ac7df2 |
- buf,
|
|
|
ac7df2 |
- group, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_GRP_MGMT, Prog,
|
|
|
ac7df2 |
+ "set-admins-of-group",
|
|
|
ac7df2 |
+ admins, AUDIT_NO_ID, group,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -613,13 +559,9 @@ static void log_gpasswd_success (const c
|
|
|
ac7df2 |
"members of group %s set by %s to %s%s",
|
|
|
ac7df2 |
group, myname, members, suffix));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- snprintf (buf, 1023,
|
|
|
ac7df2 |
- "members of group %s set by %s to %s%s",
|
|
|
ac7df2 |
- group, myname, members, suffix);
|
|
|
ac7df2 |
- buf[1023] = '\0';
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
ac7df2 |
- buf,
|
|
|
ac7df2 |
- group, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "add-users-to-group",
|
|
|
ac7df2 |
+ members, AUDIT_NO_ID, group,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -628,13 +570,9 @@ static void log_gpasswd_success (const c
|
|
|
ac7df2 |
"password of group %s changed by %s%s",
|
|
|
ac7df2 |
group, myname, suffix));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- snprintf (buf, 1023,
|
|
|
ac7df2 |
- "password of group %s changed by %s%s",
|
|
|
ac7df2 |
- group, myname, suffix);
|
|
|
ac7df2 |
- buf[1023] = '\0';
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- buf,
|
|
|
ac7df2 |
- group, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_GRP_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
+ "change-password",
|
|
|
ac7df2 |
+ myname, AUDIT_NO_ID, group,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
diff -urp shadow-4.1.5.1.orig/src/groupadd.c shadow-4.1.5.1/src/groupadd.c
|
|
|
ac7df2 |
--- shadow-4.1.5.1.orig/src/groupadd.c 2011-11-18 16:23:30.000000000 -0500
|
|
|
ac7df2 |
+++ shadow-4.1.5.1/src/groupadd.c 2014-10-14 08:39:23.800884073 -0400
|
|
|
ac7df2 |
@@ -127,6 +127,15 @@ static /*@noreturn@*/void usage (int sta
|
|
|
ac7df2 |
exit (status);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
+static void fail_exit(int status)
|
|
|
ac7df2 |
+{
|
|
|
ac7df2 |
+#ifdef WITH_AUDIT
|
|
|
ac7df2 |
+ audit_logger(AUDIT_ADD_GROUP, Prog, "add-group", group_name,
|
|
|
ac7df2 |
+ AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
+#endif
|
|
|
ac7df2 |
+ exit (status);
|
|
|
ac7df2 |
+}
|
|
|
ac7df2 |
+
|
|
|
ac7df2 |
/*
|
|
|
ac7df2 |
* new_grent - initialize the values in a group file entry
|
|
|
ac7df2 |
*
|
|
|
ac7df2 |
@@ -210,7 +219,7 @@ static void grp_update (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: failed to prepare the new %s entry '%s'\n"),
|
|
|
ac7df2 |
Prog, gr_dbname (), grp.gr_name);
|
|
|
ac7df2 |
- exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
+ fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef SHADOWGRP
|
|
|
ac7df2 |
/*
|
|
|
ac7df2 |
@@ -220,7 +229,7 @@ static void grp_update (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: failed to prepare the new %s entry '%s'\n"),
|
|
|
ac7df2 |
Prog, sgr_dbname (), sgrp.sg_name);
|
|
|
ac7df2 |
- exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
+ fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#endif /* SHADOWGRP */
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -244,7 +253,7 @@ static void check_new_name (void)
|
|
|
ac7df2 |
fprintf (stderr, _("%s: '%s' is not a valid group name\n"),
|
|
|
ac7df2 |
Prog, group_name);
|
|
|
ac7df2 |
|
|
|
ac7df2 |
- exit (E_BAD_ARG);
|
|
|
ac7df2 |
+ fail_exit (E_BAD_ARG);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
/*
|
|
|
ac7df2 |
@@ -260,11 +269,11 @@ static void close_files (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: failure while writing changes to %s\n"),
|
|
|
ac7df2 |
Prog, gr_dbname ());
|
|
|
ac7df2 |
- exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
+ fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_ADD_GROUP, Prog,
|
|
|
ac7df2 |
- "adding group to /etc/group",
|
|
|
ac7df2 |
+ "add-group",
|
|
|
ac7df2 |
group_name, (unsigned int) group_id,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -282,11 +291,11 @@ static void close_files (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: failure while writing changes to %s\n"),
|
|
|
ac7df2 |
Prog, sgr_dbname ());
|
|
|
ac7df2 |
- exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
+ fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_GROUP, Prog,
|
|
|
ac7df2 |
- "adding group to /etc/gshadow",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_GRP_MGMT, Prog,
|
|
|
ac7df2 |
+ "add-shadow-group",
|
|
|
ac7df2 |
group_name, (unsigned int) group_id,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -300,12 +309,6 @@ static void close_files (void)
|
|
|
ac7df2 |
#endif /* SHADOWGRP */
|
|
|
ac7df2 |
|
|
|
ac7df2 |
/* Report success at the system level */
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_GROUP, Prog,
|
|
|
ac7df2 |
- "",
|
|
|
ac7df2 |
- group_name, (unsigned int) group_id,
|
|
|
ac7df2 |
- SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
-#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u",
|
|
|
ac7df2 |
group_name, (unsigned int) group_id));
|
|
|
ac7df2 |
del_cleanup (cleanup_report_add_group);
|
|
|
ac7df2 |
@@ -323,7 +326,7 @@ static void open_files (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: cannot lock %s; try again later.\n"),
|
|
|
ac7df2 |
Prog, gr_dbname ());
|
|
|
ac7df2 |
- exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
+ fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
add_cleanup (cleanup_unlock_group, NULL);
|
|
|
ac7df2 |
|
|
|
ac7df2 |
@@ -333,7 +336,7 @@ static void open_files (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: cannot lock %s; try again later.\n"),
|
|
|
ac7df2 |
Prog, sgr_dbname ());
|
|
|
ac7df2 |
- exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
+ fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
add_cleanup (cleanup_unlock_gshadow, NULL);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -349,7 +352,7 @@ static void open_files (void)
|
|
|
ac7df2 |
if (gr_open (O_RDWR) == 0) {
|
|
|
ac7df2 |
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
|
|
|
ac7df2 |
SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
|
|
|
ac7df2 |
- exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
+ fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
#ifdef SHADOWGRP
|
|
|
ac7df2 |
@@ -359,7 +362,7 @@ static void open_files (void)
|
|
|
ac7df2 |
_("%s: cannot open %s\n"),
|
|
|
ac7df2 |
Prog, sgr_dbname ());
|
|
|
ac7df2 |
SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ()));
|
|
|
ac7df2 |
- exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
+ fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#endif /* SHADOWGRP */
|
|
|
ac7df2 |
@@ -489,7 +492,7 @@ static void check_flags (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: group '%s' already exists\n"),
|
|
|
ac7df2 |
Prog, group_name);
|
|
|
ac7df2 |
- exit (E_NAME_IN_USE);
|
|
|
ac7df2 |
+ fail_exit (E_NAME_IN_USE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
if (gflg && (getgrgid (group_id) != NULL)) {
|
|
|
ac7df2 |
@@ -508,7 +511,7 @@ static void check_flags (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: GID '%lu' already exists\n"),
|
|
|
ac7df2 |
Prog, (unsigned long int) group_id);
|
|
|
ac7df2 |
- exit (E_GID_IN_USE);
|
|
|
ac7df2 |
+ fail_exit (E_GID_IN_USE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -536,7 +539,7 @@ static void check_perms (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: Cannot determine your user name.\n"),
|
|
|
ac7df2 |
Prog);
|
|
|
ac7df2 |
- exit (1);
|
|
|
ac7df2 |
+ fail_exit (1);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
retval = pam_start ("groupadd", pampw->pw_name, &conv, &pamh);
|
|
|
ac7df2 |
@@ -556,7 +559,7 @@ static void check_perms (void)
|
|
|
ac7df2 |
if (NULL != pamh) {
|
|
|
ac7df2 |
(void) pam_end (pamh, retval);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
- exit (1);
|
|
|
ac7df2 |
+ fail_exit (1);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
(void) pam_end (pamh, retval);
|
|
|
ac7df2 |
#endif /* USE_PAM */
|
|
|
ac7df2 |
@@ -588,7 +591,7 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: Cannot setup cleanup service.\n"),
|
|
|
ac7df2 |
Prog);
|
|
|
ac7df2 |
- exit (1);
|
|
|
ac7df2 |
+ fail_exit (1);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
/*
|
|
|
ac7df2 |
@@ -610,7 +613,7 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
|
|
|
ac7df2 |
if (!gflg) {
|
|
|
ac7df2 |
if (find_new_gid (rflg, &group_id, NULL) < 0) {
|
|
|
ac7df2 |
- exit (E_GID_IN_USE);
|
|
|
ac7df2 |
+ fail_exit (E_GID_IN_USE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
diff -urp shadow-4.1.5.1.orig/src/groupdel.c shadow-4.1.5.1/src/groupdel.c
|
|
|
ac7df2 |
--- shadow-4.1.5.1.orig/src/groupdel.c 2011-11-18 16:23:30.000000000 -0500
|
|
|
ac7df2 |
+++ shadow-4.1.5.1/src/groupdel.c 2014-10-14 08:39:23.801884073 -0400
|
|
|
ac7df2 |
@@ -100,6 +100,15 @@ static /*@noreturn@*/void usage (int sta
|
|
|
ac7df2 |
exit (status);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
+static void fail_exit(int status)
|
|
|
ac7df2 |
+{
|
|
|
ac7df2 |
+#ifdef WITH_AUDIT
|
|
|
ac7df2 |
+ audit_logger(AUDIT_GRP_MGMT, Prog, "delete-group", group_name,
|
|
|
ac7df2 |
+ AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
+#endif
|
|
|
ac7df2 |
+ exit (status);
|
|
|
ac7df2 |
+}
|
|
|
ac7df2 |
+
|
|
|
ac7df2 |
/*
|
|
|
ac7df2 |
* grp_update - update group file entries
|
|
|
ac7df2 |
*
|
|
|
ac7df2 |
@@ -126,7 +135,7 @@ static void grp_update (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: cannot remove entry '%s' from %s\n"),
|
|
|
ac7df2 |
Prog, group_name, gr_dbname ());
|
|
|
ac7df2 |
- exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
+ fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
#ifdef SHADOWGRP
|
|
|
ac7df2 |
@@ -138,7 +147,7 @@ static void grp_update (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: cannot remove entry '%s' from %s\n"),
|
|
|
ac7df2 |
Prog, group_name, sgr_dbname ());
|
|
|
ac7df2 |
- exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
+ fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#endif /* SHADOWGRP */
|
|
|
ac7df2 |
@@ -157,12 +166,12 @@ static void close_files (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: failure while writing changes to %s\n"),
|
|
|
ac7df2 |
Prog, gr_dbname ());
|
|
|
ac7df2 |
- exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
+ fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_DEL_GROUP, Prog,
|
|
|
ac7df2 |
- "removing group from /etc/group",
|
|
|
ac7df2 |
+ "delete-group",
|
|
|
ac7df2 |
group_name, (unsigned int) group_id,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -182,12 +191,12 @@ static void close_files (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: failure while writing changes to %s\n"),
|
|
|
ac7df2 |
Prog, sgr_dbname ());
|
|
|
ac7df2 |
- exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
+ fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_DEL_GROUP, Prog,
|
|
|
ac7df2 |
- "removing group from /etc/gshadow",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_GRP_MGMT, Prog,
|
|
|
ac7df2 |
+ "delete-shadow-group",
|
|
|
ac7df2 |
group_name, (unsigned int) group_id,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -201,13 +210,6 @@ static void close_files (void)
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#endif /* SHADOWGRP */
|
|
|
ac7df2 |
|
|
|
ac7df2 |
- /* Report success at the system level */
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_DEL_GROUP, Prog,
|
|
|
ac7df2 |
- "",
|
|
|
ac7df2 |
- group_name, (unsigned int) group_id,
|
|
|
ac7df2 |
- SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
-#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO, "group '%s' removed\n", group_name));
|
|
|
ac7df2 |
del_cleanup (cleanup_report_del_group);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -224,7 +226,7 @@ static void open_files (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: cannot lock %s; try again later.\n"),
|
|
|
ac7df2 |
Prog, gr_dbname ());
|
|
|
ac7df2 |
- exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
+ fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
add_cleanup (cleanup_unlock_group, NULL);
|
|
|
ac7df2 |
#ifdef SHADOWGRP
|
|
|
ac7df2 |
@@ -233,7 +235,7 @@ static void open_files (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: cannot lock %s; try again later.\n"),
|
|
|
ac7df2 |
Prog, sgr_dbname ());
|
|
|
ac7df2 |
- exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
+ fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
add_cleanup (cleanup_unlock_gshadow, NULL);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -251,7 +253,7 @@ static void open_files (void)
|
|
|
ac7df2 |
_("%s: cannot open %s\n"),
|
|
|
ac7df2 |
Prog, gr_dbname ());
|
|
|
ac7df2 |
SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
|
|
|
ac7df2 |
- exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
+ fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef SHADOWGRP
|
|
|
ac7df2 |
if (is_shadow_grp) {
|
|
|
ac7df2 |
@@ -260,7 +262,7 @@ static void open_files (void)
|
|
|
ac7df2 |
_("%s: cannot open %s\n"),
|
|
|
ac7df2 |
Prog, sgr_dbname ());
|
|
|
ac7df2 |
SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ()));
|
|
|
ac7df2 |
- exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
+ fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#endif /* SHADOWGRP */
|
|
|
ac7df2 |
@@ -301,7 +303,7 @@ static void group_busy (gid_t gid)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: cannot remove the primary group of user '%s'\n"),
|
|
|
ac7df2 |
Prog, pwd->pw_name);
|
|
|
ac7df2 |
- exit (E_GROUP_BUSY);
|
|
|
ac7df2 |
+ fail_exit (E_GROUP_BUSY);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
/*
|
|
|
ac7df2 |
@@ -379,7 +381,7 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: Cannot setup cleanup service.\n"),
|
|
|
ac7df2 |
Prog);
|
|
|
ac7df2 |
- exit (1);
|
|
|
ac7df2 |
+ fail_exit (1);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
process_flags (argc, argv);
|
|
|
ac7df2 |
@@ -393,7 +395,7 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: Cannot determine your user name.\n"),
|
|
|
ac7df2 |
Prog);
|
|
|
ac7df2 |
- exit (1);
|
|
|
ac7df2 |
+ fail_exit (1);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
retval = pam_start ("groupdel", pampw->pw_name, &conv, &pamh);
|
|
|
ac7df2 |
@@ -414,7 +416,7 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
if (NULL != pamh) {
|
|
|
ac7df2 |
(void) pam_end (pamh, retval);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
- exit (1);
|
|
|
ac7df2 |
+ fail_exit (1);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
(void) pam_end (pamh, retval);
|
|
|
ac7df2 |
#endif /* USE_PAM */
|
|
|
ac7df2 |
@@ -434,7 +436,7 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: group '%s' does not exist\n"),
|
|
|
ac7df2 |
Prog, group_name);
|
|
|
ac7df2 |
- exit (E_NOTFOUND);
|
|
|
ac7df2 |
+ fail_exit (E_NOTFOUND);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
group_id = grp->gr_gid;
|
|
|
ac7df2 |
@@ -458,7 +460,7 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
_("%s: %s is the NIS master\n"),
|
|
|
ac7df2 |
Prog, nis_master);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
- exit (E_NOTFOUND);
|
|
|
ac7df2 |
+ fail_exit (E_NOTFOUND);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
|
|
|
ac7df2 |
diff -urp shadow-4.1.5.1.orig/src/groupmod.c shadow-4.1.5.1/src/groupmod.c
|
|
|
ac7df2 |
--- shadow-4.1.5.1.orig/src/groupmod.c 2011-11-18 16:23:30.000000000 -0500
|
|
|
ac7df2 |
+++ shadow-4.1.5.1/src/groupmod.c 2014-10-14 08:49:28.517821702 -0400
|
|
|
ac7df2 |
@@ -438,7 +438,7 @@ static void close_files (void)
|
|
|
ac7df2 |
exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
ac7df2 |
+ audit_logger (AUDIT_GRP_MGMT, Prog,
|
|
|
ac7df2 |
info_group.audit_msg,
|
|
|
ac7df2 |
group_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
@@ -461,7 +461,7 @@ static void close_files (void)
|
|
|
ac7df2 |
exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
ac7df2 |
+ audit_logger (AUDIT_GRP_MGMT, Prog,
|
|
|
ac7df2 |
info_gshadow.audit_msg,
|
|
|
ac7df2 |
group_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
@@ -484,7 +484,7 @@ static void close_files (void)
|
|
|
ac7df2 |
exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
ac7df2 |
+ audit_logger (AUDIT_GRP_MGMT, Prog,
|
|
|
ac7df2 |
info_passwd.audit_msg,
|
|
|
ac7df2 |
group_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
@@ -499,8 +499,8 @@ static void close_files (void)
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
ac7df2 |
- "modifying group",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_GRP_MGMT, Prog,
|
|
|
ac7df2 |
+ "modify-group",
|
|
|
ac7df2 |
group_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -512,6 +512,8 @@ static void close_files (void)
|
|
|
ac7df2 |
*/
|
|
|
ac7df2 |
static void prepare_failure_reports (void)
|
|
|
ac7df2 |
{
|
|
|
ac7df2 |
+ char *nv_pair, nv[64];
|
|
|
ac7df2 |
+
|
|
|
ac7df2 |
info_group.name = group_name;
|
|
|
ac7df2 |
#ifdef SHADOWGRP
|
|
|
ac7df2 |
info_gshadow.name = group_name;
|
|
|
ac7df2 |
@@ -524,76 +526,106 @@ static void prepare_failure_reports (voi
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
info_passwd.audit_msg = xmalloc (512);
|
|
|
ac7df2 |
|
|
|
ac7df2 |
- (void) snprintf (info_group.audit_msg, 511,
|
|
|
ac7df2 |
- "changing %s; ", gr_dbname ());
|
|
|
ac7df2 |
+ info_group.action = xmalloc (512);
|
|
|
ac7df2 |
#ifdef SHADOWGRP
|
|
|
ac7df2 |
- (void) snprintf (info_gshadow.audit_msg, 511,
|
|
|
ac7df2 |
- "changing %s; ", sgr_dbname ());
|
|
|
ac7df2 |
+ info_gshadow.action = xmalloc (512);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
- (void) snprintf (info_passwd.audit_msg, 511,
|
|
|
ac7df2 |
- "changing %s; ", pw_dbname ());
|
|
|
ac7df2 |
+ info_passwd.action = xmalloc (512);
|
|
|
ac7df2 |
|
|
|
ac7df2 |
- info_group.action = info_group.audit_msg
|
|
|
ac7df2 |
- + strlen (info_group.audit_msg);
|
|
|
ac7df2 |
+ (void) snprintf (info_group.audit_msg, 511,
|
|
|
ac7df2 |
+ "changing-group");
|
|
|
ac7df2 |
#ifdef SHADOWGRP
|
|
|
ac7df2 |
- info_gshadow.action = info_gshadow.audit_msg
|
|
|
ac7df2 |
- + strlen (info_gshadow.audit_msg);
|
|
|
ac7df2 |
+ (void) snprintf (info_gshadow.audit_msg, 511,
|
|
|
ac7df2 |
+ "changing-shadow-group");
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
- info_passwd.action = info_passwd.audit_msg
|
|
|
ac7df2 |
- + strlen (info_passwd.audit_msg);
|
|
|
ac7df2 |
+ (void) snprintf (info_passwd.audit_msg, 511,
|
|
|
ac7df2 |
+ "changing-group-passwd");
|
|
|
ac7df2 |
|
|
|
ac7df2 |
+ nv_pair = audit_encode_nv_string(" grp", group_name,
|
|
|
ac7df2 |
+ strlen(group_name));
|
|
|
ac7df2 |
+ if(nv_pair) {
|
|
|
ac7df2 |
+ strncat(info_group.audit_msg, nv_pair,
|
|
|
ac7df2 |
+ 511 - strlen(info_group.audit_msg));
|
|
|
ac7df2 |
+#ifdef SHADOWGRP
|
|
|
ac7df2 |
+ strncat(info_gshadow.audit_msg, nv_pair,
|
|
|
ac7df2 |
+ 511 - strlen(info_gshadow.audit_msg));
|
|
|
ac7df2 |
+#endif
|
|
|
ac7df2 |
+ strncat(info_passwd.audit_msg, nv_pair,
|
|
|
ac7df2 |
+ 511 - strlen(info_passwd.audit_msg));
|
|
|
ac7df2 |
+ free(nv_pair);
|
|
|
ac7df2 |
+ }
|
|
|
ac7df2 |
+ snprintf(nv, sizeof(nv), " gid=%lu", (unsigned long)group_id);
|
|
|
ac7df2 |
+ strncat(info_group.audit_msg, nv, 511 - strlen(info_group.audit_msg));
|
|
|
ac7df2 |
+ strncat(info_passwd.audit_msg, nv, 511 - strlen(info_passwd.audit_msg));
|
|
|
ac7df2 |
+
|
|
|
ac7df2 |
(void) snprintf (info_group.action,
|
|
|
ac7df2 |
- 511 - strlen (info_group.audit_msg),
|
|
|
ac7df2 |
+ 511,
|
|
|
ac7df2 |
"group %s/%lu",
|
|
|
ac7df2 |
group_name, (unsigned long int) group_id);
|
|
|
ac7df2 |
#ifdef SHADOWGRP
|
|
|
ac7df2 |
(void) snprintf (info_gshadow.action,
|
|
|
ac7df2 |
- 511 - strlen (info_group.audit_msg),
|
|
|
ac7df2 |
+ 511,
|
|
|
ac7df2 |
"group %s", group_name);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
(void) snprintf (info_passwd.action,
|
|
|
ac7df2 |
- 511 - strlen (info_group.audit_msg),
|
|
|
ac7df2 |
+ 511,
|
|
|
ac7df2 |
"group %s/%lu",
|
|
|
ac7df2 |
group_name, (unsigned long int) group_id);
|
|
|
ac7df2 |
|
|
|
ac7df2 |
if (nflg) {
|
|
|
ac7df2 |
+ nv_pair = audit_encode_nv_string(" new_group", group_newname,
|
|
|
ac7df2 |
+ strlen(group_newname));
|
|
|
ac7df2 |
+ strncat(info_group.audit_msg, nv_pair,
|
|
|
ac7df2 |
+ 511 - strlen(info_group.audit_msg));
|
|
|
ac7df2 |
strncat (info_group.action, ", new name: ",
|
|
|
ac7df2 |
- 511 - strlen (info_group.audit_msg));
|
|
|
ac7df2 |
+ 511 - strlen (info_group.action));
|
|
|
ac7df2 |
strncat (info_group.action, group_newname,
|
|
|
ac7df2 |
- 511 - strlen (info_group.audit_msg));
|
|
|
ac7df2 |
+ 511 - strlen (info_group.action));
|
|
|
ac7df2 |
|
|
|
ac7df2 |
#ifdef SHADOWGRP
|
|
|
ac7df2 |
+ strncat(info_gshadow.audit_msg, nv_pair,
|
|
|
ac7df2 |
+ 511 - strlen(info_gshadow.audit_msg));
|
|
|
ac7df2 |
strncat (info_gshadow.action, ", new name: ",
|
|
|
ac7df2 |
- 511 - strlen (info_gshadow.audit_msg));
|
|
|
ac7df2 |
+ 511 - strlen (info_gshadow.action));
|
|
|
ac7df2 |
strncat (info_gshadow.action, group_newname,
|
|
|
ac7df2 |
- 511 - strlen (info_gshadow.audit_msg));
|
|
|
ac7df2 |
+ 511 - strlen (info_gshadow.action));
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
|
|
|
ac7df2 |
+ strncat(info_passwd.audit_msg, nv_pair,
|
|
|
ac7df2 |
+ 511 - strlen(info_passwd.audit_msg));
|
|
|
ac7df2 |
strncat (info_passwd.action, ", new name: ",
|
|
|
ac7df2 |
- 511 - strlen (info_passwd.audit_msg));
|
|
|
ac7df2 |
+ 511 - strlen (info_passwd.action));
|
|
|
ac7df2 |
strncat (info_passwd.action, group_newname,
|
|
|
ac7df2 |
- 511 - strlen (info_passwd.audit_msg));
|
|
|
ac7df2 |
+ 511 - strlen (info_passwd.action));
|
|
|
ac7df2 |
+ free(nv_pair);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
if (pflg) {
|
|
|
ac7df2 |
+ /* Note: audit doesn't want this value recorded */
|
|
|
ac7df2 |
strncat (info_group.action, ", new password",
|
|
|
ac7df2 |
- 511 - strlen (info_group.audit_msg));
|
|
|
ac7df2 |
+ 511 - strlen (info_group.action));
|
|
|
ac7df2 |
|
|
|
ac7df2 |
#ifdef SHADOWGRP
|
|
|
ac7df2 |
strncat (info_gshadow.action, ", new password",
|
|
|
ac7df2 |
- 511 - strlen (info_gshadow.audit_msg));
|
|
|
ac7df2 |
+ 511 - strlen (info_gshadow.action));
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
if (gflg) {
|
|
|
ac7df2 |
+ snprintf(nv, sizeof(nv), " new_gid=%lu", (unsigned long)group_newid);
|
|
|
ac7df2 |
+ strncat(info_group.audit_msg, nv,
|
|
|
ac7df2 |
+ 511 - strlen(info_group.audit_msg));
|
|
|
ac7df2 |
+ strncat(info_passwd.audit_msg, nv,
|
|
|
ac7df2 |
+ 511 - strlen(info_passwd.audit_msg));
|
|
|
ac7df2 |
+
|
|
|
ac7df2 |
strncat (info_group.action, ", new gid: ",
|
|
|
ac7df2 |
- 511 - strlen (info_group.audit_msg));
|
|
|
ac7df2 |
+ 511 - strlen (info_group.action));
|
|
|
ac7df2 |
(void) snprintf (info_group.action+strlen (info_group.action),
|
|
|
ac7df2 |
- 511 - strlen (info_group.audit_msg),
|
|
|
ac7df2 |
+ 511 - strlen (info_group.action),
|
|
|
ac7df2 |
"%lu", (unsigned long int) group_newid);
|
|
|
ac7df2 |
|
|
|
ac7df2 |
strncat (info_passwd.action, ", new gid: ",
|
|
|
ac7df2 |
- 511 - strlen (info_passwd.audit_msg));
|
|
|
ac7df2 |
+ 511 - strlen (info_passwd.action));
|
|
|
ac7df2 |
(void) snprintf (info_passwd.action+strlen (info_passwd.action),
|
|
|
ac7df2 |
- 511 - strlen (info_passwd.audit_msg),
|
|
|
ac7df2 |
+ 511 - strlen (info_passwd.action),
|
|
|
ac7df2 |
"%lu", (unsigned long int) group_newid);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
info_group.audit_msg[511] = '\0';
|
|
|
ac7df2 |
@@ -601,6 +633,11 @@ static void prepare_failure_reports (voi
|
|
|
ac7df2 |
info_gshadow.audit_msg[511] = '\0';
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
info_passwd.audit_msg[511] = '\0';
|
|
|
ac7df2 |
+ info_group.action[511] = '\0';
|
|
|
ac7df2 |
+#ifdef SHADOWGRP
|
|
|
ac7df2 |
+ info_gshadow.action[511] = '\0';
|
|
|
ac7df2 |
+#endif
|
|
|
ac7df2 |
+ info_passwd.action[511] = '\0';
|
|
|
ac7df2 |
|
|
|
ac7df2 |
// FIXME: add a system cleanup
|
|
|
ac7df2 |
add_cleanup (cleanup_report_mod_group, &info_group);
|
|
|
ac7df2 |
diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c
|
|
|
ac7df2 |
--- shadow-4.1.5.1.orig/src/newgrp.c 2014-09-13 15:45:55.010829557 -0400
|
|
|
ac7df2 |
+++ shadow-4.1.5.1/src/newgrp.c 2014-10-14 08:39:23.802884073 -0400
|
|
|
ac7df2 |
@@ -197,11 +197,12 @@ static void check_perms (const struct gr
|
|
|
ac7df2 |
strcmp (cpasswd, grp->gr_passwd) != 0) {
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
snprintf (audit_buf, sizeof(audit_buf),
|
|
|
ac7df2 |
- "authentication new-gid=%lu",
|
|
|
ac7df2 |
+ "authentication new_gid=%lu",
|
|
|
ac7df2 |
(unsigned long) grp->gr_gid);
|
|
|
ac7df2 |
audit_logger (AUDIT_GRP_AUTH, Prog,
|
|
|
ac7df2 |
audit_buf, NULL,
|
|
|
ac7df2 |
- (unsigned int) getuid (), 0);
|
|
|
ac7df2 |
+ (unsigned int) getuid (),
|
|
|
ac7df2 |
+ SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO,
|
|
|
ac7df2 |
"Invalid password for group '%s' from '%s'",
|
|
|
ac7df2 |
@@ -212,11 +213,12 @@ static void check_perms (const struct gr
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
snprintf (audit_buf, sizeof(audit_buf),
|
|
|
ac7df2 |
- "authentication new-gid=%lu",
|
|
|
ac7df2 |
+ "authentication new_gid=%lu",
|
|
|
ac7df2 |
(unsigned long) grp->gr_gid);
|
|
|
ac7df2 |
audit_logger (AUDIT_GRP_AUTH, Prog,
|
|
|
ac7df2 |
audit_buf, NULL,
|
|
|
ac7df2 |
- (unsigned int) getuid (), 1);
|
|
|
ac7df2 |
+ (unsigned int) getuid (),
|
|
|
ac7df2 |
+ SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
@@ -227,19 +229,6 @@ failure:
|
|
|
ac7df2 |
* harm. -- JWP
|
|
|
ac7df2 |
*/
|
|
|
ac7df2 |
closelog ();
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- if (groupname) {
|
|
|
ac7df2 |
- snprintf (audit_buf, sizeof(audit_buf),
|
|
|
ac7df2 |
- "changing new-group=%s", groupname);
|
|
|
ac7df2 |
- audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
|
ac7df2 |
- audit_buf, NULL,
|
|
|
ac7df2 |
- (unsigned int) getuid (), 0);
|
|
|
ac7df2 |
- } else {
|
|
|
ac7df2 |
- audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
|
ac7df2 |
- "changing", NULL,
|
|
|
ac7df2 |
- (unsigned int) getuid (), 0);
|
|
|
ac7df2 |
- }
|
|
|
ac7df2 |
-#endif
|
|
|
ac7df2 |
exit (EXIT_FAILURE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
@@ -308,15 +297,27 @@ static void syslog_sg (const char *name,
|
|
|
ac7df2 |
is_newgrp ? "newgrp" : "sg", strerror (errno));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
if (group) {
|
|
|
ac7df2 |
- snprintf (audit_buf, sizeof(audit_buf),
|
|
|
ac7df2 |
- "changing new-group=%s", group);
|
|
|
ac7df2 |
+ char enc_group[(GROUP_NAME_MAX_LENGTH*2)+1];
|
|
|
ac7df2 |
+ int len = strnlen(group, sizeof(enc_group)/2);
|
|
|
ac7df2 |
+ if (audit_value_needs_encoding(group, len)) {
|
|
|
ac7df2 |
+ snprintf (audit_buf, sizeof(audit_buf),
|
|
|
ac7df2 |
+ "changing new_group=%s",
|
|
|
ac7df2 |
+ audit_encode_value(enc_group,
|
|
|
ac7df2 |
+ group, len));
|
|
|
ac7df2 |
+ } else {
|
|
|
ac7df2 |
+ snprintf (audit_buf, sizeof(audit_buf),
|
|
|
ac7df2 |
+ "changing new_group=\"%s\"",
|
|
|
ac7df2 |
+ group);
|
|
|
ac7df2 |
+ }
|
|
|
ac7df2 |
audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
|
ac7df2 |
audit_buf, NULL,
|
|
|
ac7df2 |
- (unsigned int) getuid (), 0);
|
|
|
ac7df2 |
+ (unsigned int) getuid (),
|
|
|
ac7df2 |
+ SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
} else {
|
|
|
ac7df2 |
audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
|
ac7df2 |
"changing", NULL,
|
|
|
ac7df2 |
- (unsigned int) getuid (), 0);
|
|
|
ac7df2 |
+ (unsigned int) getuid (),
|
|
|
ac7df2 |
+ SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
exit (EXIT_FAILURE);
|
|
|
ac7df2 |
@@ -442,7 +443,7 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
|
ac7df2 |
"changing", NULL,
|
|
|
ac7df2 |
- (unsigned int) getuid (), 0);
|
|
|
ac7df2 |
+ (unsigned int) getuid (), SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)",
|
|
|
ac7df2 |
(unsigned long) getuid ()));
|
|
|
ac7df2 |
@@ -558,15 +559,26 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
perror ("getgroups");
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
if (group) {
|
|
|
ac7df2 |
- snprintf (audit_buf, sizeof(audit_buf),
|
|
|
ac7df2 |
- "changing new-group=%s", group);
|
|
|
ac7df2 |
+ char enc_group[(GROUP_NAME_MAX_LENGTH*2)+1];
|
|
|
ac7df2 |
+ int len = strnlen(group, sizeof(enc_group)/2);
|
|
|
ac7df2 |
+ if (audit_value_needs_encoding(group, len)) {
|
|
|
ac7df2 |
+ snprintf (audit_buf, sizeof(audit_buf),
|
|
|
ac7df2 |
+ "changing new_group=%s",
|
|
|
ac7df2 |
+ audit_encode_value(enc_group,
|
|
|
ac7df2 |
+ group, len));
|
|
|
ac7df2 |
+ } else {
|
|
|
ac7df2 |
+ snprintf (audit_buf, sizeof(audit_buf),
|
|
|
ac7df2 |
+ "changing new_group=\"%s\"", group);
|
|
|
ac7df2 |
+ }
|
|
|
ac7df2 |
audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
|
ac7df2 |
audit_buf, NULL,
|
|
|
ac7df2 |
- (unsigned int) getuid (), 0);
|
|
|
ac7df2 |
+ (unsigned int) getuid (),
|
|
|
ac7df2 |
+ SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
} else {
|
|
|
ac7df2 |
audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
|
ac7df2 |
"changing", NULL,
|
|
|
ac7df2 |
- (unsigned int) getuid (), 0);
|
|
|
ac7df2 |
+ (unsigned int) getuid (),
|
|
|
ac7df2 |
+ SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
exit (EXIT_FAILURE);
|
|
|
ac7df2 |
@@ -707,10 +719,10 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
perror ("setgid");
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
snprintf (audit_buf, sizeof(audit_buf),
|
|
|
ac7df2 |
- "changing new-gid=%lu", (unsigned long) gid);
|
|
|
ac7df2 |
+ "changing new_gid=%lu", (unsigned long) gid);
|
|
|
ac7df2 |
audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
|
ac7df2 |
audit_buf, NULL,
|
|
|
ac7df2 |
- (unsigned int) getuid (), 0);
|
|
|
ac7df2 |
+ (unsigned int) getuid (), SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
exit (EXIT_FAILURE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -719,10 +731,10 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
perror ("setuid");
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
snprintf (audit_buf, sizeof(audit_buf),
|
|
|
ac7df2 |
- "changing new-gid=%lu", (unsigned long) gid);
|
|
|
ac7df2 |
+ "changing new_gid=%lu", (unsigned long) gid);
|
|
|
ac7df2 |
audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
|
ac7df2 |
audit_buf, NULL,
|
|
|
ac7df2 |
- (unsigned int) getuid (), 0);
|
|
|
ac7df2 |
+ (unsigned int) getuid (), SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
exit (EXIT_FAILURE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -736,10 +748,10 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
execl (SHELL, "sh", "-c", command, (char *) 0);
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
snprintf (audit_buf, sizeof(audit_buf),
|
|
|
ac7df2 |
- "changing new-gid=%lu", (unsigned long) gid);
|
|
|
ac7df2 |
+ "changing new_gid=%lu", (unsigned long) gid);
|
|
|
ac7df2 |
audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
|
ac7df2 |
audit_buf, NULL,
|
|
|
ac7df2 |
- (unsigned int) getuid (), 0);
|
|
|
ac7df2 |
+ (unsigned int) getuid (), SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
perror (SHELL);
|
|
|
ac7df2 |
exit ((errno == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
|
|
|
ac7df2 |
@@ -803,11 +815,11 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- snprintf (audit_buf, sizeof(audit_buf), "changing new-gid=%lu",
|
|
|
ac7df2 |
+ snprintf (audit_buf, sizeof(audit_buf), "changing new_gid=%lu",
|
|
|
ac7df2 |
(unsigned long) gid);
|
|
|
ac7df2 |
audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
|
ac7df2 |
audit_buf, NULL,
|
|
|
ac7df2 |
- (unsigned int) getuid (), 1);
|
|
|
ac7df2 |
+ (unsigned int) getuid (), SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
/*
|
|
|
ac7df2 |
* Exec the login shell and go away. We are trying to get back to
|
|
|
ac7df2 |
@@ -831,15 +843,24 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
closelog ();
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
if (NULL != group) {
|
|
|
ac7df2 |
- snprintf (audit_buf, sizeof(audit_buf),
|
|
|
ac7df2 |
- "changing new-group=%s", group);
|
|
|
ac7df2 |
+ char enc_group[(GROUP_NAME_MAX_LENGTH*2)+1];
|
|
|
ac7df2 |
+ int len = strnlen(group, sizeof(enc_group)/2);
|
|
|
ac7df2 |
+ if (audit_value_needs_encoding(group, len)) {
|
|
|
ac7df2 |
+ snprintf (audit_buf, sizeof(audit_buf),
|
|
|
ac7df2 |
+ "changing new_group=%s",
|
|
|
ac7df2 |
+ audit_encode_value(enc_group,
|
|
|
ac7df2 |
+ group, len));
|
|
|
ac7df2 |
+ } else {
|
|
|
ac7df2 |
+ snprintf (audit_buf, sizeof(audit_buf),
|
|
|
ac7df2 |
+ "changing new_group=\"%s\"", group);
|
|
|
ac7df2 |
+ }
|
|
|
ac7df2 |
audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
|
ac7df2 |
audit_buf, NULL,
|
|
|
ac7df2 |
- (unsigned int) getuid (), 0);
|
|
|
ac7df2 |
+ (unsigned int) getuid (), SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
} else {
|
|
|
ac7df2 |
audit_logger (AUDIT_CHGRP_ID, Prog,
|
|
|
ac7df2 |
"changing", NULL,
|
|
|
ac7df2 |
- (unsigned int) getuid (), 0);
|
|
|
ac7df2 |
+ (unsigned int) getuid (), SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
exit (EXIT_FAILURE);
|
|
|
ac7df2 |
diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
|
|
|
ac7df2 |
--- shadow-4.1.5.1.orig/src/useradd.c 2014-09-13 15:45:54.957829561 -0400
|
|
|
ac7df2 |
+++ shadow-4.1.5.1/src/useradd.c 2014-10-14 08:52:53.066800605 -0400
|
|
|
ac7df2 |
@@ -205,6 +205,8 @@ static void create_mail (void);
|
|
|
ac7df2 |
*/
|
|
|
ac7df2 |
static void fail_exit (int code)
|
|
|
ac7df2 |
{
|
|
|
ac7df2 |
+ int type;
|
|
|
ac7df2 |
+
|
|
|
ac7df2 |
if (home_added) {
|
|
|
ac7df2 |
if (rmdir (user_home) != 0) {
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
@@ -218,12 +220,6 @@ static void fail_exit (int code)
|
|
|
ac7df2 |
if (spw_unlock () == 0) {
|
|
|
ac7df2 |
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "unlocking shadow file",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif
|
|
|
ac7df2 |
/* continue */
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -231,12 +227,6 @@ static void fail_exit (int code)
|
|
|
ac7df2 |
if (pw_unlock () == 0) {
|
|
|
ac7df2 |
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "unlocking passwd file",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif
|
|
|
ac7df2 |
/* continue */
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -244,12 +234,6 @@ static void fail_exit (int code)
|
|
|
ac7df2 |
if (gr_unlock () == 0) {
|
|
|
ac7df2 |
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "unlocking group file",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif
|
|
|
ac7df2 |
/* continue */
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -258,20 +242,19 @@ static void fail_exit (int code)
|
|
|
ac7df2 |
if (sgr_unlock () == 0) {
|
|
|
ac7df2 |
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "unlocking gshadow file",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif
|
|
|
ac7df2 |
/* continue */
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "adding user",
|
|
|
ac7df2 |
+ if (code == E_PW_UPDATE || code >= E_GRP_UPDATE)
|
|
|
ac7df2 |
+ type = AUDIT_USER_MGMT;
|
|
|
ac7df2 |
+ else
|
|
|
ac7df2 |
+ type = AUDIT_ADD_USER;
|
|
|
ac7df2 |
+
|
|
|
ac7df2 |
+ audit_logger (type, Prog,
|
|
|
ac7df2 |
+ "add-user",
|
|
|
ac7df2 |
user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -578,7 +561,7 @@ static int set_defaults (void)
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_USYS_CONFIG, Prog,
|
|
|
ac7df2 |
- "changing useradd defaults",
|
|
|
ac7df2 |
+ "changing-useradd-defaults",
|
|
|
ac7df2 |
NULL, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -848,12 +831,6 @@ static void grp_update (void)
|
|
|
ac7df2 |
_("%s: Out of memory. Cannot update %s.\n"),
|
|
|
ac7df2 |
Prog, gr_dbname ());
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name));
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "adding user to group",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif
|
|
|
ac7df2 |
fail_exit (E_GRP_UPDATE); /* XXX */
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
@@ -867,18 +844,12 @@ static void grp_update (void)
|
|
|
ac7df2 |
_("%s: failed to prepare the new %s entry '%s'\n"),
|
|
|
ac7df2 |
Prog, gr_dbname (), ngrp->gr_name);
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name));
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "adding user to group",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif
|
|
|
ac7df2 |
fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "adding user to group",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "add-user-to-group",
|
|
|
ac7df2 |
+ user_name, AUDIT_NO_ID, ngrp->gr_name,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO,
|
|
|
ac7df2 |
@@ -923,12 +894,6 @@ static void grp_update (void)
|
|
|
ac7df2 |
_("%s: Out of memory. Cannot update %s.\n"),
|
|
|
ac7df2 |
Prog, sgr_dbname ());
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name));
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "adding user to shadow group",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif
|
|
|
ac7df2 |
fail_exit (E_GRP_UPDATE); /* XXX */
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
@@ -942,18 +907,13 @@ static void grp_update (void)
|
|
|
ac7df2 |
_("%s: failed to prepare the new %s entry '%s'\n"),
|
|
|
ac7df2 |
Prog, sgr_dbname (), nsgrp->sg_name);
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name));
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "adding user to shadow group",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif
|
|
|
ac7df2 |
+
|
|
|
ac7df2 |
fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "adding user to shadow group",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "add-to-shadow-group",
|
|
|
ac7df2 |
+ user_name, AUDIT_NO_ID, nsgrp->sg_name,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO,
|
|
|
ac7df2 |
@@ -1296,7 +1256,7 @@ static void process_flags (int argc, cha
|
|
|
ac7df2 |
Prog, user_name);
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "adding user",
|
|
|
ac7df2 |
+ "add-user",
|
|
|
ac7df2 |
user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -1385,7 +1345,7 @@ static void close_files (void)
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "unlocking shadow file",
|
|
|
ac7df2 |
+ "unlocking-shadow-file",
|
|
|
ac7df2 |
user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -1398,7 +1358,7 @@ static void close_files (void)
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "unlocking passwd file",
|
|
|
ac7df2 |
+ "unlocking-passwd-file",
|
|
|
ac7df2 |
user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -1410,7 +1370,7 @@ static void close_files (void)
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "unlocking group file",
|
|
|
ac7df2 |
+ "unlocking-group-file",
|
|
|
ac7df2 |
user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -1424,7 +1384,7 @@ static void close_files (void)
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "unlocking gshadow file",
|
|
|
ac7df2 |
+ "unlocking-gshadow-file",
|
|
|
ac7df2 |
user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -1584,7 +1544,7 @@ static void grp_add (void)
|
|
|
ac7df2 |
Prog, gr_dbname (), grp.gr_name);
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_ADD_GROUP, Prog,
|
|
|
ac7df2 |
- "adding group",
|
|
|
ac7df2 |
+ "add-group",
|
|
|
ac7df2 |
grp.gr_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -1600,7 +1560,7 @@ static void grp_add (void)
|
|
|
ac7df2 |
Prog, sgr_dbname (), sgrp.sg_name);
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_ADD_GROUP, Prog,
|
|
|
ac7df2 |
- "adding group",
|
|
|
ac7df2 |
+ "add-group",
|
|
|
ac7df2 |
grp.gr_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -1610,7 +1570,7 @@ static void grp_add (void)
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", user_name, user_gid));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_ADD_GROUP, Prog,
|
|
|
ac7df2 |
- "adding group",
|
|
|
ac7df2 |
+ "add-group",
|
|
|
ac7df2 |
grp.gr_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -1725,17 +1685,11 @@ static void usr_update (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: failed to prepare the new %s entry '%s'\n"),
|
|
|
ac7df2 |
Prog, spw_dbname (), spent.sp_namp);
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "adding shadow password",
|
|
|
ac7df2 |
- user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif
|
|
|
ac7df2 |
fail_exit (E_PW_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "adding user",
|
|
|
ac7df2 |
+ "add-user",
|
|
|
ac7df2 |
user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -1771,12 +1725,6 @@ static void create_home (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: cannot create directory %s\n"),
|
|
|
ac7df2 |
Prog, user_home);
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "adding home directory",
|
|
|
ac7df2 |
- user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif
|
|
|
ac7df2 |
fail_exit (E_HOMEDIR);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
chown (user_home, user_id, user_gid);
|
|
|
ac7df2 |
@@ -1784,8 +1732,8 @@ static void create_home (void)
|
|
|
ac7df2 |
0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
|
|
|
ac7df2 |
home_added = true;
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "adding home directory",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "add-home-dir",
|
|
|
ac7df2 |
user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -1951,12 +1899,6 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
*/
|
|
|
ac7df2 |
if (getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */
|
|
|
ac7df2 |
fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name);
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "adding user",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif
|
|
|
ac7df2 |
fail_exit (E_NAME_IN_USE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
@@ -1972,12 +1914,6 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: group %s exists - if you want to add this user to that group, use -g.\n"),
|
|
|
ac7df2 |
Prog, user_name);
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "adding group",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif
|
|
|
ac7df2 |
fail_exit (E_NAME_IN_USE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -2007,12 +1943,6 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: UID %lu is not unique\n"),
|
|
|
ac7df2 |
Prog, (unsigned long) user_id);
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "adding user",
|
|
|
ac7df2 |
- user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif
|
|
|
ac7df2 |
fail_exit (E_UID_IN_USE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -2057,9 +1987,10 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
|
|
ac7df2 |
Prog, user_name, user_selinux);
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "adding SELinux user mapping",
|
|
|
ac7df2 |
- user_name, (unsigned int) user_id, 0);
|
|
|
ac7df2 |
+ audit_logger (AUDIT_ROLE_ASSIGN, Prog,
|
|
|
ac7df2 |
+ "add-selinux-user-mapping",
|
|
|
ac7df2 |
+ user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
+ SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
rv = E_SE_UPDATE;
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
|
|
|
ac7df2 |
--- shadow-4.1.5.1.orig/src/userdel.c 2014-09-13 15:45:55.001829558 -0400
|
|
|
ac7df2 |
+++ shadow-4.1.5.1/src/userdel.c 2014-10-14 08:44:52.714850149 -0400
|
|
|
ac7df2 |
@@ -201,9 +201,9 @@ static void update_groups (void)
|
|
|
ac7df2 |
* Update the DBM group file with the new entry as well.
|
|
|
ac7df2 |
*/
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "deleting user from group",
|
|
|
ac7df2 |
- user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "deleting-user-from-group",
|
|
|
ac7df2 |
+ user_name, (unsigned int) user_id, ngrp->gr_name,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO, "delete '%s' from group '%s'\n",
|
|
|
ac7df2 |
@@ -263,9 +263,9 @@ static void update_groups (void)
|
|
|
ac7df2 |
exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "deleting user from shadow group",
|
|
|
ac7df2 |
- user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "deleting-user-from-shadow-group",
|
|
|
ac7df2 |
+ user_name, (unsigned int) user_id, nsgrp->sg_name,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'\n",
|
|
|
ac7df2 |
@@ -342,9 +342,9 @@ static void remove_usergroup (void)
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_DEL_GROUP, Prog,
|
|
|
ac7df2 |
- "deleting group",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_DEL_GROUP, Prog,
|
|
|
ac7df2 |
+ "delete-group",
|
|
|
ac7df2 |
+ user_name, AUDIT_NO_ID, user_name,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO,
|
|
|
ac7df2 |
@@ -360,9 +360,9 @@ static void remove_usergroup (void)
|
|
|
ac7df2 |
fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_DEL_GROUP, Prog,
|
|
|
ac7df2 |
- "deleting shadow group",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_GRP_MGMT, Prog,
|
|
|
ac7df2 |
+ "delete-shadow-group",
|
|
|
ac7df2 |
+ user_name, AUDIT_NO_ID, user_name,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO,
|
|
|
ac7df2 |
@@ -478,7 +478,7 @@ static void fail_exit (int code)
|
|
|
ac7df2 |
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "deleting user",
|
|
|
ac7df2 |
+ "delete-user",
|
|
|
ac7df2 |
user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
@@ -498,24 +498,12 @@ static void open_files (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: cannot lock %s; try again later.\n"),
|
|
|
ac7df2 |
Prog, pw_dbname ());
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "locking password file",
|
|
|
ac7df2 |
- user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
fail_exit (E_PW_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
pw_locked = true;
|
|
|
ac7df2 |
if (pw_open (O_RDWR) == 0) {
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: cannot open %s\n"), Prog, pw_dbname ());
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "opening password file",
|
|
|
ac7df2 |
- user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
fail_exit (E_PW_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
if (is_shadow_pwd) {
|
|
|
ac7df2 |
@@ -523,12 +511,6 @@ static void open_files (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: cannot lock %s; try again later.\n"),
|
|
|
ac7df2 |
Prog, spw_dbname ());
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "locking shadow password file",
|
|
|
ac7df2 |
- user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
fail_exit (E_PW_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
spw_locked = true;
|
|
|
ac7df2 |
@@ -536,12 +518,6 @@ static void open_files (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: cannot open %s\n"),
|
|
|
ac7df2 |
Prog, spw_dbname ());
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "opening shadow password file",
|
|
|
ac7df2 |
- user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
fail_exit (E_PW_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -549,23 +525,11 @@ static void open_files (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: cannot lock %s; try again later.\n"),
|
|
|
ac7df2 |
Prog, gr_dbname ());
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "locking group file",
|
|
|
ac7df2 |
- user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
gr_locked = true;
|
|
|
ac7df2 |
if (gr_open (O_RDWR) == 0) {
|
|
|
ac7df2 |
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "opening group file",
|
|
|
ac7df2 |
- user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef SHADOWGRP
|
|
|
ac7df2 |
@@ -574,24 +538,12 @@ static void open_files (void)
|
|
|
ac7df2 |
fprintf (stderr,
|
|
|
ac7df2 |
_("%s: cannot lock %s; try again later.\n"),
|
|
|
ac7df2 |
Prog, sgr_dbname ());
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "locking shadow group file",
|
|
|
ac7df2 |
- user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
sgr_locked= true;
|
|
|
ac7df2 |
if (sgr_open (O_RDWR) == 0) {
|
|
|
ac7df2 |
fprintf (stderr, _("%s: cannot open %s\n"),
|
|
|
ac7df2 |
Prog, sgr_dbname ());
|
|
|
ac7df2 |
-#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "opening shadow group file",
|
|
|
ac7df2 |
- user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
- SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
-#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
fail_exit (E_GRP_UPDATE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -622,7 +574,7 @@ static void update_user (void)
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "deleting user entries",
|
|
|
ac7df2 |
+ "delete-user",
|
|
|
ac7df2 |
user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
@@ -716,7 +668,7 @@ static int remove_mailbox (void)
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno)));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "deleting mail file",
|
|
|
ac7df2 |
+ "delete-mail-file",
|
|
|
ac7df2 |
user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
@@ -732,7 +684,7 @@ static int remove_mailbox (void)
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno)));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "deleting mail file",
|
|
|
ac7df2 |
+ "delete-mail-file",
|
|
|
ac7df2 |
user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
@@ -742,8 +694,8 @@ static int remove_mailbox (void)
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
else
|
|
|
ac7df2 |
{
|
|
|
ac7df2 |
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "deleting mail file",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "delete-mail-file",
|
|
|
ac7df2 |
user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -760,7 +712,7 @@ static int remove_mailbox (void)
|
|
|
ac7df2 |
mailfile, strerror (errno)));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "deleting mail file",
|
|
|
ac7df2 |
+ "delete-mail-file",
|
|
|
ac7df2 |
user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
@@ -775,7 +727,7 @@ static int remove_mailbox (void)
|
|
|
ac7df2 |
SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno)));
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "deleting mail file",
|
|
|
ac7df2 |
+ "delete-mail-file",
|
|
|
ac7df2 |
user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
@@ -785,8 +737,8 @@ static int remove_mailbox (void)
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
else
|
|
|
ac7df2 |
{
|
|
|
ac7df2 |
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "deleting mail file",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "delete-mail-file",
|
|
|
ac7df2 |
user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -980,7 +932,7 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
Prog, user_name);
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "deleting user not found",
|
|
|
ac7df2 |
+ "deleting-user-not-found",
|
|
|
ac7df2 |
user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
@@ -1024,7 +976,7 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
if (!fflg) {
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "deleting user logged in",
|
|
|
ac7df2 |
+ "deleting-user-logged-in",
|
|
|
ac7df2 |
user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
@@ -1101,8 +1053,8 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
else
|
|
|
ac7df2 |
{
|
|
|
ac7df2 |
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "deleting home directory",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "deleting-home-directory",
|
|
|
ac7df2 |
user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -1111,7 +1063,7 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
if (0 != errors) {
|
|
|
ac7df2 |
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
ac7df2 |
- "deleting home directory",
|
|
|
ac7df2 |
+ "deleting-home-directory",
|
|
|
ac7df2 |
user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -1124,8 +1076,8 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
_("%s: warning: the user name %s to SELinux user mapping removal failed.\n"),
|
|
|
ac7df2 |
Prog, user_name);
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "removing SELinux user mapping",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_ROLE_REMOVE, Prog,
|
|
|
ac7df2 |
+ "delete-selinux-user-mapping",
|
|
|
ac7df2 |
user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
|
|
|
ac7df2 |
--- shadow-4.1.5.1.orig/src/usermod.c 2014-09-13 15:45:55.013829557 -0400
|
|
|
ac7df2 |
+++ shadow-4.1.5.1/src/usermod.c 2014-10-14 08:50:05.817817855 -0400
|
|
|
ac7df2 |
@@ -352,8 +352,8 @@ static char *new_pw_passwd (char *pw_pas
|
|
|
ac7df2 |
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "updating passwd",
|
|
|
ac7df2 |
- user_newname, (unsigned int) user_newid, 0);
|
|
|
ac7df2 |
+ "updating-password",
|
|
|
ac7df2 |
+ user_newname, (unsigned int) user_newid, 1);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO, "lock user '%s' password", user_newname));
|
|
|
ac7df2 |
strcpy (buf, "!");
|
|
|
ac7df2 |
@@ -372,8 +372,8 @@ static char *new_pw_passwd (char *pw_pas
|
|
|
ac7df2 |
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "updating password",
|
|
|
ac7df2 |
- user_newname, (unsigned int) user_newid, 0);
|
|
|
ac7df2 |
+ "updating-password",
|
|
|
ac7df2 |
+ user_newname, (unsigned int) user_newid, 1);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO, "unlock user '%s' password", user_newname));
|
|
|
ac7df2 |
s = pw_pass;
|
|
|
ac7df2 |
@@ -384,7 +384,7 @@ static char *new_pw_passwd (char *pw_pas
|
|
|
ac7df2 |
} else if (pflg) {
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "changing password",
|
|
|
ac7df2 |
+ "updating-password",
|
|
|
ac7df2 |
user_newname, (unsigned int) user_newid, 1);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO, "change user '%s' password", user_newname));
|
|
|
ac7df2 |
@@ -413,8 +413,8 @@ static void new_pwent (struct passwd *pw
|
|
|
ac7df2 |
fail_exit (E_NAME_IN_USE);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "changing name",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "changing-name",
|
|
|
ac7df2 |
user_newname, (unsigned int) user_newid, 1);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO,
|
|
|
ac7df2 |
@@ -434,8 +434,8 @@ static void new_pwent (struct passwd *pw
|
|
|
ac7df2 |
|
|
|
ac7df2 |
if (uflg) {
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "changing uid",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "changing-uid",
|
|
|
ac7df2 |
user_newname, (unsigned int) user_newid, 1);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO,
|
|
|
ac7df2 |
@@ -445,8 +445,8 @@ static void new_pwent (struct passwd *pw
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
if (gflg) {
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "changing primary group",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "changing-primary-group",
|
|
|
ac7df2 |
user_newname, (unsigned int) user_newid, 1);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO,
|
|
|
ac7df2 |
@@ -456,8 +456,8 @@ static void new_pwent (struct passwd *pw
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
if (cflg) {
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "changing comment",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "changing-comment",
|
|
|
ac7df2 |
user_newname, (unsigned int) user_newid, 1);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
pwent->pw_gecos = user_newcomment;
|
|
|
ac7df2 |
@@ -465,8 +465,8 @@ static void new_pwent (struct passwd *pw
|
|
|
ac7df2 |
|
|
|
ac7df2 |
if (dflg) {
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "changing home directory",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "changing-home-dir",
|
|
|
ac7df2 |
user_newname, (unsigned int) user_newid, 1);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO,
|
|
|
ac7df2 |
@@ -476,8 +476,8 @@ static void new_pwent (struct passwd *pw
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
if (sflg) {
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "changing user shell",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "changing-shell",
|
|
|
ac7df2 |
user_newname, (unsigned int) user_newid, 1);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO,
|
|
|
ac7df2 |
@@ -507,8 +507,8 @@ static void new_spent (struct spwd *spen
|
|
|
ac7df2 |
|
|
|
ac7df2 |
if (fflg) {
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "changing inactive days",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "changing-inactive-days",
|
|
|
ac7df2 |
user_newname, (unsigned int) user_newid, 1);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO,
|
|
|
ac7df2 |
@@ -524,8 +524,8 @@ static void new_spent (struct spwd *spen
|
|
|
ac7df2 |
date_to_str (old_exp, sizeof(old_exp),
|
|
|
ac7df2 |
user_expire * DAY);
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "changing expiration date",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "changing-expiration-date",
|
|
|
ac7df2 |
user_newname, (unsigned int) user_newid, 1);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO,
|
|
|
ac7df2 |
@@ -592,9 +592,9 @@ static /*@noreturn@*/void fail_exit (int
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "modifying account",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID, 0);
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "modify-account",
|
|
|
ac7df2 |
+ user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
exit (code);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
@@ -648,9 +648,12 @@ static void update_group (void)
|
|
|
ac7df2 |
user_newname);
|
|
|
ac7df2 |
changed = true;
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "changing group member",
|
|
|
ac7df2 |
- user_newname, AUDIT_NO_ID, 1);
|
|
|
ac7df2 |
+ audit_logger_with_group (
|
|
|
ac7df2 |
+ AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "update-member-in-group",
|
|
|
ac7df2 |
+ user_newname, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ ngrp->gr_name,
|
|
|
ac7df2 |
+ SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO,
|
|
|
ac7df2 |
"change '%s' to '%s' in group '%s'",
|
|
|
ac7df2 |
@@ -664,9 +667,11 @@ static void update_group (void)
|
|
|
ac7df2 |
ngrp->gr_mem = del_list (ngrp->gr_mem, user_name);
|
|
|
ac7df2 |
changed = true;
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "removing group member",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID, 1);
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "delete-user-from-group",
|
|
|
ac7df2 |
+ user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ ngrp->gr_name,
|
|
|
ac7df2 |
+ SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO,
|
|
|
ac7df2 |
"delete '%s' from group '%s'",
|
|
|
ac7df2 |
@@ -679,9 +684,11 @@ static void update_group (void)
|
|
|
ac7df2 |
ngrp->gr_mem = add_list (ngrp->gr_mem, user_newname);
|
|
|
ac7df2 |
changed = true;
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "adding user to group",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID, 1);
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "add-user-to-group",
|
|
|
ac7df2 |
+ user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ ngrp->gr_name,
|
|
|
ac7df2 |
+ SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO, "add '%s' to group '%s'",
|
|
|
ac7df2 |
user_newname, ngrp->gr_name));
|
|
|
ac7df2 |
@@ -756,9 +763,10 @@ static void update_gshadow (void)
|
|
|
ac7df2 |
nsgrp->sg_adm = add_list (nsgrp->sg_adm, user_newname);
|
|
|
ac7df2 |
changed = true;
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "changing admin name in shadow group",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID, 1);
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_GRP_MGMT, Prog,
|
|
|
ac7df2 |
+ "update-admin-name-in-shadow-group",
|
|
|
ac7df2 |
+ user_name, AUDIT_NO_ID, nsgrp->sg_name,
|
|
|
ac7df2 |
+ SHADOW_AUDIT_SUCCESS);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO,
|
|
|
ac7df2 |
"change admin '%s' to '%s' in shadow group '%s'",
|
|
|
ac7df2 |
@@ -778,9 +786,10 @@ static void update_gshadow (void)
|
|
|
ac7df2 |
user_newname);
|
|
|
ac7df2 |
changed = true;
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "changing member in shadow group",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID, 1);
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "update-member-in-shadow-group",
|
|
|
ac7df2 |
+ user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ nsgrp->sg_name, 1);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO,
|
|
|
ac7df2 |
"change '%s' to '%s' in shadow group '%s'",
|
|
|
ac7df2 |
@@ -794,9 +803,10 @@ static void update_gshadow (void)
|
|
|
ac7df2 |
nsgrp->sg_mem = del_list (nsgrp->sg_mem, user_name);
|
|
|
ac7df2 |
changed = true;
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "removing user from shadow group",
|
|
|
ac7df2 |
- user_name, AUDIT_NO_ID, 1);
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "delete-user-from-shadow-group",
|
|
|
ac7df2 |
+ user_name, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ nsgrp->sg_name, 1);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO,
|
|
|
ac7df2 |
"delete '%s' from shadow group '%s'",
|
|
|
ac7df2 |
@@ -809,9 +819,10 @@ static void update_gshadow (void)
|
|
|
ac7df2 |
nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_newname);
|
|
|
ac7df2 |
changed = true;
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "adding user to shadow group",
|
|
|
ac7df2 |
- user_newname, AUDIT_NO_ID, 1);
|
|
|
ac7df2 |
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "add-user-to-shadow-group",
|
|
|
ac7df2 |
+ user_newname, AUDIT_NO_ID,
|
|
|
ac7df2 |
+ nsgrp->sg_name, 1);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
SYSLOG ((LOG_INFO, "add '%s' to shadow group '%s'",
|
|
|
ac7df2 |
user_newname, nsgrp->sg_name));
|
|
|
ac7df2 |
@@ -1515,8 +1526,8 @@ static void move_home (void)
|
|
|
ac7df2 |
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
if (uflg || gflg) {
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "changing home directory owner",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "updating-home-dir-owner",
|
|
|
ac7df2 |
user_newname, (unsigned int) user_newid, 1);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -1534,8 +1545,8 @@ static void move_home (void)
|
|
|
ac7df2 |
fail_exit (E_HOMEDIR);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "moving home directory",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "moving-home-dir",
|
|
|
ac7df2 |
user_newname, (unsigned int) user_newid,
|
|
|
ac7df2 |
1);
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -1554,9 +1565,9 @@ static void move_home (void)
|
|
|
ac7df2 |
Prog, user_home);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK,
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT,
|
|
|
ac7df2 |
Prog,
|
|
|
ac7df2 |
- "moving home directory",
|
|
|
ac7df2 |
+ "moving-home-dir",
|
|
|
ac7df2 |
user_newname,
|
|
|
ac7df2 |
(unsigned int) user_newid,
|
|
|
ac7df2 |
1);
|
|
|
ac7df2 |
@@ -1760,8 +1771,8 @@ static void move_mailbox (void)
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
else {
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "changing mail file owner",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "updating-mail-file-owner",
|
|
|
ac7df2 |
user_newname, (unsigned int) user_newid, 1);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -1779,8 +1790,8 @@ static void move_mailbox (void)
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
else {
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "changing mail file name",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "updating-mail-file-name",
|
|
|
ac7df2 |
user_newname, (unsigned int) user_newid, 1);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#endif
|
|
|
ac7df2 |
@@ -1910,8 +1921,8 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
|
|
ac7df2 |
Prog, user_name, user_selinux);
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "modifying User mapping ",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_ROLE_ASSIGN, Prog,
|
|
|
ac7df2 |
+ "changing-selinux-user-mapping ",
|
|
|
ac7df2 |
user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
@@ -1923,8 +1934,8 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
_("%s: warning: the user name %s to SELinux user mapping removal failed.\n"),
|
|
|
ac7df2 |
Prog, user_name);
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
ac7df2 |
- "removing SELinux user mapping",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_ROLE_REMOVE, Prog,
|
|
|
ac7df2 |
+ "delete-selinux-user-mapping",
|
|
|
ac7df2 |
user_name, (unsigned int) user_id,
|
|
|
ac7df2 |
SHADOW_AUDIT_FAILURE);
|
|
|
ac7df2 |
#endif /* WITH_AUDIT */
|
|
|
ac7df2 |
@@ -1962,8 +1973,8 @@ int main (int argc, char **argv)
|
|
|
ac7df2 |
*/
|
|
|
ac7df2 |
#ifdef WITH_AUDIT
|
|
|
ac7df2 |
if (uflg || gflg) {
|
|
|
ac7df2 |
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
ac7df2 |
- "changing home directory owner",
|
|
|
ac7df2 |
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
ac7df2 |
+ "updating-home-dir-owner",
|
|
|
ac7df2 |
user_newname, (unsigned int) user_newid, 1);
|
|
|
ac7df2 |
}
|
|
|
ac7df2 |
#endif
|