rpms/shadow-utils/devel shadow-4.1.0-audit-newgrp.patch, 1.1, 1.2 shadow-utils.spec, 1.111, 1.112
Peter Vrabec (pvrabec)
fedora-extras-commits at redhat.com
Fri Mar 7 15:06:26 UTC 2008
Author: pvrabec
Update of /cvs/extras/rpms/shadow-utils/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19374
Modified Files:
shadow-4.1.0-audit-newgrp.patch shadow-utils.spec
Log Message:
improve newgrp audit patch
shadow-4.1.0-audit-newgrp.patch:
Index: shadow-4.1.0-audit-newgrp.patch
===================================================================
RCS file: /cvs/extras/rpms/shadow-utils/devel/shadow-4.1.0-audit-newgrp.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- shadow-4.1.0-audit-newgrp.patch 13 Feb 2008 12:54:32 -0000 1.1
+++ shadow-4.1.0-audit-newgrp.patch 7 Mar 2008 15:06:15 -0000 1.2
@@ -1,7 +1,7 @@
diff -urp shadow-4.1.0.orig/src/newgrp.c shadow-4.1.0/src/newgrp.c
--- shadow-4.1.0.orig/src/newgrp.c 2007-11-18 18:15:05.000000000 -0500
-+++ shadow-4.1.0/src/newgrp.c 2008-02-12 16:45:20.000000000 -0500
-@@ -122,6 +122,8 @@ int main (int argc, char **argv)
++++ shadow-4.1.0/src/newgrp.c 2008-03-06 10:01:17.000000000 -0500
+@@ -122,6 +123,8 @@ int main (int argc, char **argv)
#endif
#ifdef WITH_AUDIT
@@ -10,7 +10,7 @@
audit_help_open ();
#endif
setlocale (LC_ALL, "");
-@@ -164,7 +166,7 @@ int main (int argc, char **argv)
+@@ -164,7 +167,7 @@ int main (int argc, char **argv)
if (!pwd) {
fprintf (stderr, _("unknown UID: %u\n"), getuid ());
#ifdef WITH_AUDIT
@@ -19,41 +19,69 @@
getuid (), 0);
#endif
SYSLOG ((LOG_WARN, "unknown UID %u", getuid ()));
-@@ -272,8 +274,14 @@ int main (int argc, char **argv)
+@@ -272,7 +275,13 @@ int main (int argc, char **argv)
if (ngroups < 0) {
perror ("getgroups");
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog,
-- "changing", NULL, getuid (), 0);
+ if (group) {
-+ snprintf(audit_buf, sizeof(audit_buf),
-+ "changing new-group=%s", group);
++ snprintf (audit_buf, sizeof(audit_buf),
++ "changing new_group=%s", group);
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ audit_buf, NULL, getuid (), 0);
+ } else
+ audit_logger (AUDIT_CHGRP_ID, Prog,
-+ "changing", NULL, getuid (), 0);
+ "changing", NULL, getuid (), 0);
#endif
exit (1);
+@@ -394,13 +403,26 @@ int main (int argc, char **argv)
+
+ if (grp->gr_passwd[0] == '\0' ||
+ strcmp (cpasswd, grp->gr_passwd) != 0) {
++#ifdef WITH_AUDIT
++ snprintf (audit_buf, sizeof(audit_buf),
++ "authentication new_gid=%d",
++ grp->gr_gid);
++ audit_logger (AUDIT_GRP_AUTH, Prog,
++ audit_buf, NULL, getuid (), 0);
++#endif
+ SYSLOG ((LOG_INFO,
+ "Invalid password for group `%s' from `%s'",
+ group, name));
+ sleep (1);
+- fputs (_("Invalid password."), stderr);
++ fputs (_("Invalid password.\n"), stderr);
+ goto failure;
+ }
++#ifdef WITH_AUDIT
++ snprintf (audit_buf, sizeof(audit_buf),
++ "authentication new_gid=%d", grp->gr_gid);
++ audit_logger (AUDIT_GRP_AUTH, Prog,
++ audit_buf, NULL, getuid (), 1);
++#endif
}
-@@ -461,8 +469,14 @@ int main (int argc, char **argv)
- fprintf (stderr, _("%s: failure forking: %s"),
+
+ /*
+@@ -458,10 +480,16 @@ int main (int argc, char **argv)
+ child = fork ();
+ if (child < 0) {
+ /* error in fork() */
+- fprintf (stderr, _("%s: failure forking: %s"),
++ fprintf (stderr, _("%s: failure forking: %s\n"),
is_newgrp ? "newgrp" : "sg", strerror (errno));
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog, "changing",
-- NULL, getuid (), 0);
+ if (group) {
-+ snprintf(audit_buf, sizeof(audit_buf),
-+ "changing new-group=%s", group);
++ snprintf (audit_buf, sizeof(audit_buf),
++ "changing new_group=%s", group);
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ audit_buf, NULL, getuid (), 0);
+ } else
+ audit_logger (AUDIT_CHGRP_ID, Prog, "changing",
-+ NULL, getuid (), 0);
+ NULL, getuid (), 0);
#endif
exit (1);
- } else if (child) {
-@@ -531,14 +545,24 @@ int main (int argc, char **argv)
+@@ -531,14 +559,24 @@ int main (int argc, char **argv)
* to the real UID. For root, this also sets the real GID to the
* new group id.
*/
@@ -61,8 +89,8 @@
+ if (setgid (gid)) {
perror ("setgid");
+#ifdef WITH_AUDIT
-+ snprintf(audit_buf, sizeof(audit_buf),
-+ "changing new-gid=%d", gid);
++ snprintf (audit_buf, sizeof(audit_buf),
++ "changing new_gid=%d", gid);
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ audit_buf, NULL, getuid (), 0);
+#endif
@@ -74,44 +102,44 @@
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog, "changing",
- NULL, getuid (), 0);
-+ snprintf(audit_buf, sizeof(audit_buf),
-+ "changing new-gid=%d", gid);
++ snprintf (audit_buf, sizeof(audit_buf),
++ "changing new_gid=%d", gid);
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ audit_buf, NULL, getuid (), 0);
#endif
exit (1);
}
-@@ -551,8 +575,10 @@ int main (int argc, char **argv)
+@@ -551,8 +589,10 @@ int main (int argc, char **argv)
closelog ();
execl ("/bin/sh", "sh", "-c", command, (char *) 0);
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog, "changing",
- NULL, getuid (), 0);
-+ snprintf(audit_buf, sizeof(audit_buf),
-+ "changing new-gid=%d", gid);
++ snprintf (audit_buf, sizeof(audit_buf),
++ "changing new_gid=%d", gid);
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ audit_buf, NULL, getuid (), 0);
#endif
perror ("/bin/sh");
exit (errno == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
-@@ -618,7 +644,8 @@ int main (int argc, char **argv)
+@@ -618,7 +658,8 @@ int main (int argc, char **argv)
}
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog, "changing", NULL, getuid (), 1);
-+ snprintf(audit_buf, sizeof(audit_buf), "changing new-gid=%d", gid);
++ snprintf (audit_buf, sizeof(audit_buf), "changing new_gid=%d", gid);
+ audit_logger (AUDIT_CHGRP_ID, Prog, audit_buf, NULL, getuid (), 1);
#endif
/*
* Exec the login shell and go away. We are trying to get back to
-@@ -641,7 +668,14 @@ int main (int argc, char **argv)
+@@ -641,7 +682,14 @@ int main (int argc, char **argv)
*/
closelog ();
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_START, Prog, "changing", NULL, getuid (), 0);
+ if (group) {
-+ snprintf(audit_buf, sizeof(audit_buf),
-+ "changing new-group=%s", group);
++ snprintf (audit_buf, sizeof(audit_buf),
++ "changing new_group=%s", group);
+ audit_logger (AUDIT_CHGRP_ID, Prog,
+ audit_buf, NULL, getuid (), 0);
+ } else
Index: shadow-utils.spec
===================================================================
RCS file: /cvs/extras/rpms/shadow-utils/devel/shadow-utils.spec,v
retrieving revision 1.111
retrieving revision 1.112
diff -u -r1.111 -r1.112
--- shadow-utils.spec 3 Mar 2008 14:14:07 -0000 1.111
+++ shadow-utils.spec 7 Mar 2008 15:06:15 -0000 1.112
@@ -5,7 +5,7 @@
Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils
Version: 4.1.0
-Release: 4%{?dist}
+Release: 5%{?dist}
Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/
Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2
@@ -22,6 +22,7 @@
Patch7: shadow-4.0.18.1-mtime.patch
Patch8: shadow-4.1.0-audit-newgrp.patch
Patch9: shadow-4.1.0-segfault.patch
+Patch10: shadow-4.1.0-fasterReset.patch
License: BSD
Group: System Environment/Base
@@ -56,6 +57,7 @@
%patch7 -p1 -b .mtime
%patch8 -p1 -b .auditNewgrp
%patch9 -p1 -b .segfault
+%patch10 -p1 -b .fasterReset
rm po/*.gmo
rm po/stamp-po
@@ -195,6 +197,9 @@
%{_mandir}/man8/vigr.8*
%changelog
+* Fri Mar 07 2008 Peter Vrabec <pvrabec at redhat.com> 2:4.1.0-5
+- improve newgrp audit patch
+
* Mon Mar 03 2008 Peter Vrabec <pvrabec at redhat.com> 2:4.1.0-4
- fix selinux labeling (#433757)
More information about the fedora-extras-commits
mailing list