VesperOS/shadow
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

New upstream version 4.17.4

Browse Source
This commit is contained in:
Chris Hofstaedtler
2025-03-29 13:24:20 +01:00
parent a475f464e0
commit a9c3448878
400 changed files with 1693 additions and 2293 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/chage.c
+19 -22
View File
@@ -110,8 +110,8 @@ fail_exit (int code)
#ifdef WITH_AUDIT
if (E_SUCCESS != code) {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"change age", user_name, user_uid, 0);
audit_logger (AUDIT_USER_MGMT, Prog,
"change-age", user_name, user_uid, SHADOW_AUDIT_FAILURE);
}
#endif
@@ -238,7 +238,7 @@ print_day_as_date(long day)
return;
}
if (localtime_r(&date, &tm) == NULL) {
if (gmtime_r(&date, &tm) == NULL) {
puts(_("future"));
return;
}
@@ -789,10 +789,7 @@ int main (int argc, char **argv)
fprintf (stderr, _("%s: Permission denied.\n"), Prog);
fail_exit (E_NOPERM);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"display aging info", user_name, user_uid, 1);
#endif
/* Displaying fields is not of interest to audit */
list_fields ();
fail_exit (E_SUCCESS);
}
@@ -811,39 +808,39 @@ int main (int argc, char **argv)
}
#ifdef WITH_AUDIT
else {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"change all aging information",
user_name, user_uid, 1);
audit_logger (AUDIT_USER_MGMT, Prog,
"change-all-aging-information",
user_name, user_uid, SHADOW_AUDIT_SUCCESS);
}
#endif
} else {
#ifdef WITH_AUDIT
if (Mflg) {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"change max age", user_name, user_uid, 1);
audit_logger (AUDIT_USER_MGMT, Prog,
"change-max-age", user_name, user_uid, SHADOW_AUDIT_SUCCESS);
}
if (mflg) {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"change min age", user_name, user_uid, 1);
audit_logger (AUDIT_USER_MGMT, Prog,
"change-min-age", user_name, user_uid, 1);
}
if (dflg) {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"change last change date",
audit_logger (AUDIT_USER_MGMT, Prog,
"change-last-change-date",
user_name, user_uid, 1);
}
if (Wflg) {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"change passwd warning",
audit_logger (AUDIT_USER_MGMT, Prog,
"change-passwd-warning",
user_name, user_uid, 1);
}
if (Iflg) {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"change inactive days",
audit_logger (AUDIT_USER_MGMT, Prog,
"change-inactive-days",
user_name, user_uid, 1);
}
if (Eflg) {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"change passwd expiration",
audit_logger (AUDIT_USER_MGMT, Prog,
"change-passwd-expiration",
user_name, user_uid, 1);
}
#endif
src/chfn.c
+9 -4
View File
@@ -36,6 +36,7 @@
#include "string/strcmp/streq.h"
#include "string/strcpy/strtcpy.h"
#include "string/strdup/xstrdup.h"
#include "string/strtok/stpsep.h"
/*
@@ -216,10 +217,13 @@ static void new_fields (void)
*/
static char *copy_field (char *in, char *out, char *extra)
{
while (NULL != in) {
char *f;
char *next = NULL;
f = strsep(&in, ",");
while (NULL != in) {
const char *f;
f = in;
next = stpsep(in, ",");
if (strchr(f, '=') == NULL)
break;
@@ -231,12 +235,13 @@ static char *copy_field (char *in, char *out, char *extra)
strcat(extra, f);
}
in = next;
}
if ((NULL != in) && (NULL != out)) {
strcpy (out, in);
}
return in;
return next;
}
/*
src/gpasswd.c
+42 -70
View File
@@ -382,20 +382,14 @@ static void open_files (void)
static void log_gpasswd_failure (const char *suffix)
{
#ifdef WITH_AUDIT
char buf[1024];
#endif
if (aflg) {
SYSLOG ((LOG_ERR,
"%s failed to add user %s to group %s%s",
myname, user, group, suffix));
#ifdef WITH_AUDIT
SNPRINTF(buf, "%s failed to add user %s to group %s%s",
myname, user, group, suffix);
audit_logger (AUDIT_USER_ACCT, Prog,
buf,
group, AUDIT_NO_ID,
audit_logger_with_group (AUDIT_USER_MGMT,
"add-user-to-group",
user, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_FAILURE);
#endif
} else if (dflg) {
@@ -403,11 +397,9 @@ static void log_gpasswd_failure (const char *suffix)
"%s failed to remove user %s from group %s%s",
myname, user, group, suffix));
#ifdef WITH_AUDIT
SNPRINTF(buf, "%s failed to remove user %s from group %s%s",
myname, user, group, suffix);
audit_logger (AUDIT_USER_ACCT, Prog,
buf,
group, AUDIT_NO_ID,
audit_logger_with_group (AUDIT_USER_MGMT,
"delete-user-from-group",
user, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_FAILURE);
#endif
} else if (rflg) {
@@ -415,11 +407,9 @@ static void log_gpasswd_failure (const char *suffix)
"%s failed to remove password of group %s%s",
myname, group, suffix));
#ifdef WITH_AUDIT
SNPRINTF(buf, "%s failed to remove password of group %s%s",
myname, group, suffix);
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
buf,
group, AUDIT_NO_ID,
audit_logger_with_group (AUDIT_GRP_CHAUTHTOK,
"delete-group-password",
myname, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_FAILURE);
#endif
} else if (Rflg) {
@@ -427,11 +417,9 @@ static void log_gpasswd_failure (const char *suffix)
"%s failed to restrict access to group %s%s",
myname, group, suffix));
#ifdef WITH_AUDIT
SNPRINTF(buf, "%s failed to restrict access to group %s%s",
myname, group, suffix);
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
buf,
group, AUDIT_NO_ID,
audit_logger_with_group (AUDIT_GRP_MGMT,
"restrict-group",
myname, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_FAILURE);
#endif
} else if (Aflg || Mflg) {
@@ -441,11 +429,9 @@ static void log_gpasswd_failure (const char *suffix)
"%s failed to set the administrators of group %s to %s%s",
myname, group, admins, suffix));
#ifdef WITH_AUDIT
SNPRINTF(buf, "%s failed to set the administrators of group %s to %s%s",
myname, group, admins, suffix);
audit_logger (AUDIT_USER_ACCT, Prog,
buf,
group, AUDIT_NO_ID,
audit_logger_with_group (AUDIT_GRP_MGMT,
"set-admins-of-group",
admins, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_FAILURE);
#endif
}
@@ -455,11 +441,9 @@ static void log_gpasswd_failure (const char *suffix)
"%s failed to set the members of group %s to %s%s",
myname, group, members, suffix));
#ifdef WITH_AUDIT
SNPRINTF(buf, "%s failed to set the members of group %s to %s%s",
myname, group, members, suffix);
audit_logger (AUDIT_USER_ACCT, Prog,
buf,
group, AUDIT_NO_ID,
audit_logger_with_group (AUDIT_USER_MGMT,
"add-users-to-group",
members, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_FAILURE);
#endif
}
@@ -468,11 +452,9 @@ static void log_gpasswd_failure (const char *suffix)
"%s failed to change password of group %s%s",
myname, group, suffix));
#ifdef WITH_AUDIT
SNPRINTF(buf, "%s failed to change password of group %s%s",
myname, group, suffix);
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
buf,
group, AUDIT_NO_ID,
audit_logger_with_group (AUDIT_GRP_CHAUTHTOK,
"change-password",
myname, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_FAILURE);
#endif
}
@@ -512,11 +494,9 @@ static void log_gpasswd_success (const char *suffix)
"user %s added by %s to group %s%s",
user, myname, group, suffix));
#ifdef WITH_AUDIT
SNPRINTF(buf, "user %s added by %s to group %s%s",
user, myname, group, suffix);
audit_logger (AUDIT_USER_ACCT, Prog,
buf,
group, AUDIT_NO_ID,
audit_logger_with_group (AUDIT_USER_MGMT,
"add-user-to-group",
user, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_SUCCESS);
#endif
} else if (dflg) {
@@ -524,11 +504,9 @@ static void log_gpasswd_success (const char *suffix)
"user %s removed by %s from group %s%s",
user, myname, group, suffix));
#ifdef WITH_AUDIT
SNPRINTF(buf, "user %s removed by %s from group %s%s",
user, myname, group, suffix);
audit_logger (AUDIT_USER_ACCT, Prog,
buf,
group, AUDIT_NO_ID,
audit_logger_with_group (AUDIT_USER_MGMT,
"delete-user-from-group",
user, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_SUCCESS);
#endif
} else if (rflg) {
@@ -538,9 +516,9 @@ static void log_gpasswd_success (const char *suffix)
#ifdef WITH_AUDIT
SNPRINTF(buf, "password of group %s removed by %s%s",
group, myname, suffix);
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
buf,
group, AUDIT_NO_ID,
audit_logger_with_group (AUDIT_GRP_CHAUTHTOK,
"delete-group-password",
myname, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_SUCCESS);
#endif
} else if (Rflg) {
@@ -550,9 +528,9 @@ static void log_gpasswd_success (const char *suffix)
#ifdef WITH_AUDIT
SNPRINTF(buf, "access to group %s restricted by %s%s",
group, myname, suffix);
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
buf,
group, AUDIT_NO_ID,
audit_logger_with_group (AUDIT_GRP_MGMT,
"restrict-group",
myname, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_SUCCESS);
#endif
} else if (Aflg || Mflg) {
@@ -562,11 +540,9 @@ static void log_gpasswd_success (const char *suffix)
"administrators of group %s set by %s to %s%s",
group, myname, admins, suffix));
#ifdef WITH_AUDIT
SNPRINTF(buf, "administrators of group %s set by %s to %s%s",
group, myname, admins, suffix);
audit_logger (AUDIT_USER_ACCT, Prog,
buf,
group, AUDIT_NO_ID,
audit_logger_with_group (AUDIT_GRP_MGMT,
"set-admins-of-group",
admins, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_SUCCESS);
#endif
}
@@ -576,11 +552,9 @@ static void log_gpasswd_success (const char *suffix)
"members of group %s set by %s to %s%s",
group, myname, members, suffix));
#ifdef WITH_AUDIT
SNPRINTF(buf, "members of group %s set by %s to %s%s",
group, myname, members, suffix);
audit_logger (AUDIT_USER_ACCT, Prog,
buf,
group, AUDIT_NO_ID,
audit_logger_with_group (AUDIT_USER_MGMT,
"add-users-to-group",
members, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_SUCCESS);
#endif
}
@@ -589,11 +563,9 @@ static void log_gpasswd_success (const char *suffix)
"password of group %s changed by %s%s",
group, myname, suffix));
#ifdef WITH_AUDIT
SNPRINTF(buf, "password of group %s changed by %s%s",
group, myname, suffix);
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
buf,
group, AUDIT_NO_ID,
audit_logger_with_group (AUDIT_GRP_CHAUTHTOK,
"change-password",
myname, AUDIT_NO_ID, "grp", group,
SHADOW_AUDIT_SUCCESS);
#endif
}
src/groupadd.c
+27 -22
View File
@@ -120,6 +120,15 @@ usage (int status)
exit (status);
}
static void fail_exit(int status)
{
#ifdef WITH_AUDIT
audit_logger(AUDIT_ADD_GROUP, Prog, "add-group", group_name,
AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
#endif
exit (status);
}
/*
* new_grent - initialize the values in a group file entry
*
@@ -222,7 +231,7 @@ grp_update(void)
fprintf (stderr,
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, gr_dbname (), grp.gr_name);
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP
/*
@@ -232,7 +241,7 @@ grp_update(void)
fprintf (stderr,
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, sgr_dbname (), sgrp.sg_namp);
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
#endif /* SHADOWGRP */
}
@@ -250,7 +259,7 @@ check_new_name(void)
fprintf(stderr, _("%s: '%s' is not a valid group name\n"),
Prog, group_name);
exit(E_BAD_ARG);
fail_exit (E_BAD_ARG);
}
return;
@@ -269,11 +278,11 @@ static void close_files (void)
fprintf (stderr,
_("%s: failure while writing changes to %s\n"),
Prog, gr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
"adding group to /etc/group",
"add-group",
group_name, group_id, SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO, "group added to %s: name=%s, GID=%u",
@@ -290,11 +299,11 @@ static void close_files (void)
fprintf (stderr,
_("%s: failure while writing changes to %s\n"),
Prog, sgr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
"adding group to /etc/gshadow",
audit_logger (AUDIT_GRP_MGMT, Prog,
"add-shadow-group",
group_name, group_id, SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO, "group added to %s: name=%s",
@@ -307,10 +316,6 @@ static void close_files (void)
#endif /* SHADOWGRP */
/* Report success at the system level */
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
"", group_name, group_id, SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u",
group_name, (unsigned int) group_id));
del_cleanup (cleanup_report_add_group);
@@ -328,7 +333,7 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, gr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
add_cleanup (cleanup_unlock_group, NULL);
@@ -338,7 +343,7 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sgr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
add_cleanup (cleanup_unlock_gshadow, NULL);
}
@@ -354,7 +359,7 @@ static void open_files (void)
if (gr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s: %s\n"), Prog, gr_dbname (), strerror(errno));
SYSLOG ((LOG_WARN, "cannot open %s: %s", gr_dbname (), strerror(errno)));
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP
@@ -364,7 +369,7 @@ static void open_files (void)
_("%s: cannot open %s: %s\n"),
Prog, sgr_dbname (), strerror(errno));
SYSLOG ((LOG_WARN, "cannot open %s: %s", sgr_dbname (), strerror(errno)));
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
}
#endif /* SHADOWGRP */
@@ -499,7 +504,7 @@ static void check_flags (void)
fprintf (stderr,
_("%s: group '%s' already exists\n"),
Prog, group_name);
exit (E_NAME_IN_USE);
fail_exit (E_NAME_IN_USE);
}
if (gflg && (prefix_getgrgid (group_id) != NULL)) {
@@ -518,7 +523,7 @@ static void check_flags (void)
fprintf (stderr,
_("%s: GID '%lu' already exists\n"),
Prog, (unsigned long) group_id);
exit (E_GID_IN_USE);
fail_exit (E_GID_IN_USE);
}
}
}
@@ -546,7 +551,7 @@ static void check_perms (void)
fprintf (stderr,
_("%s: Cannot determine your user name.\n"),
Prog);
exit (1);
fail_exit (1);
}
retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
@@ -566,7 +571,7 @@ static void check_perms (void)
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
exit (1);
fail_exit (1);
}
(void) pam_end (pamh, retval);
#endif /* USE_PAM */
@@ -597,7 +602,7 @@ int main (int argc, char **argv)
fprintf (stderr,
_("%s: Cannot setup cleanup service.\n"),
Prog);
exit (1);
fail_exit (1);
}
/*
@@ -624,7 +629,7 @@ int main (int argc, char **argv)
if (!gflg) {
if (find_new_gid (rflg, &group_id, NULL) < 0) {
exit (E_GID_IN_USE);
fail_exit (E_GID_IN_USE);
}
}
src/groupdel.c
+25 -21
View File
@@ -87,6 +87,15 @@ usage (int status)
exit (status);
}
static void fail_exit(int status)
{
#ifdef WITH_AUDIT
audit_logger(AUDIT_GRP_MGMT, Prog, "delete-group", group_name,
AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
#endif
exit (status);
}
/*
* grp_update - update group file entries
*
@@ -113,7 +122,7 @@ static void grp_update (void)
fprintf (stderr,
_("%s: cannot remove entry '%s' from %s\n"),
Prog, group_name, gr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP
@@ -125,7 +134,7 @@ static void grp_update (void)
fprintf (stderr,
_("%s: cannot remove entry '%s' from %s\n"),
Prog, group_name, sgr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
}
#endif /* SHADOWGRP */
@@ -144,12 +153,12 @@ static void close_files (void)
fprintf (stderr,
_("%s: failure while writing changes to %s\n"),
Prog, gr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_GROUP, Prog,
"removing group from /etc/group",
"delete-group",
group_name, group_id, SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO,
@@ -168,12 +177,12 @@ static void close_files (void)
fprintf (stderr,
_("%s: failure while writing changes to %s\n"),
Prog, sgr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_GROUP, Prog,
"removing group from /etc/gshadow",
audit_logger (AUDIT_GRP_MGMT, Prog,
"delete-shadow-group",
group_name, group_id, SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO,
@@ -186,11 +195,6 @@ static void close_files (void)
}
#endif /* SHADOWGRP */
/* Report success at the system level */
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_GROUP, Prog,
"", group_name, group_id, SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO, "group '%s' removed\n", group_name));
del_cleanup (cleanup_report_del_group);
}
@@ -207,7 +211,7 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, gr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
add_cleanup (cleanup_unlock_group, NULL);
#ifdef SHADOWGRP
@@ -216,7 +220,7 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sgr_dbname ());
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
add_cleanup (cleanup_unlock_gshadow, NULL);
}
@@ -234,7 +238,7 @@ static void open_files (void)
_("%s: cannot open %s\n"),
Prog, gr_dbname ());
SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP
if (is_shadow_grp) {
@@ -243,7 +247,7 @@ static void open_files (void)
_("%s: cannot open %s\n"),
Prog, sgr_dbname ());
SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ()));
exit (E_GRP_UPDATE);
fail_exit (E_GRP_UPDATE);
}
}
#endif /* SHADOWGRP */
@@ -284,7 +288,7 @@ static void group_busy (gid_t gid)
fprintf (stderr,
_("%s: cannot remove the primary group of user '%s'\n"),
Prog, pwd->pw_name);
exit (E_GROUP_BUSY);
fail_exit (E_GROUP_BUSY);
}
/*
@@ -368,7 +372,7 @@ int main (int argc, char **argv)
fprintf (stderr,
_("%s: Cannot setup cleanup service.\n"),
Prog);
exit (1);
fail_exit (1);
}
process_flags (argc, argv);
@@ -382,7 +386,7 @@ int main (int argc, char **argv)
fprintf (stderr,
_("%s: Cannot determine your user name.\n"),
Prog);
exit (1);
fail_exit (1);
}
retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
@@ -403,7 +407,7 @@ int main (int argc, char **argv)
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
exit (1);
fail_exit (1);
}
(void) pam_end (pamh, retval);
#endif /* USE_PAM */
@@ -423,7 +427,7 @@ int main (int argc, char **argv)
fprintf (stderr,
_("%s: group '%s' does not exist\n"),
Prog, group_name);
exit (E_NOTFOUND);
fail_exit (E_NOTFOUND);
}
group_id = grp->gr_gid;
src/groupmod.c
+12 -5
View File
@@ -488,7 +488,7 @@ static void close_files (void)
exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_ACCT, Prog,
audit_logger (AUDIT_GRP_MGMT, Prog,
info_group.audit_msg,
group_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
@@ -511,7 +511,14 @@ static void close_files (void)
exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_ACCT, Prog,
/* If both happened, log password change as its more important */
if (pflg)
audit_logger (AUDIT_GRP_CHAUTHTOK, Prog,
info_gshadow.audit_msg,
group_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
else
audit_logger (AUDIT_GRP_MGMT, Prog,
info_gshadow.audit_msg,
group_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
@@ -534,7 +541,7 @@ static void close_files (void)
exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_ACCT, Prog,
audit_logger (AUDIT_GRP_MGMT, Prog,
info_passwd.audit_msg,
group_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
@@ -549,8 +556,8 @@ static void close_files (void)
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_ACCT, Prog,
"modifying group",
audit_logger (AUDIT_GRP_MGMT, Prog,
"modify-group",
group_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
#endif
src/lastlog.c
+2 -1
View File
@@ -30,6 +30,7 @@
/*@-exitarg@*/
#include "exitcodes.h"
#include "shadowlog.h"
#include "sizeof.h"
#include "string/memset/memzero.h"
#include "string/strftime.h"
@@ -116,7 +117,7 @@ static void print_one (/*@null@*/const struct passwd *pw)
offset = (off_t) pw->pw_uid * sizeof (ll);
if (offset + sizeof (ll) <= statbuf.st_size) {
if (offset + ssizeof(ll) <= statbuf.st_size) {
/* fseeko errors are not really relevant for us. */
int err = fseeko (lastlogfile, offset, SEEK_SET);
assert (0 == err);
src/newgrp.c
+24 -35
View File
@@ -193,10 +193,10 @@ static void check_perms (const struct group *grp,
if (streq(grp->gr_passwd, "") ||
!streq(grp->gr_passwd, cpasswd)) {
#ifdef WITH_AUDIT
SNPRINTF(audit_buf, "authentication new-gid=%lu",
SNPRINTF(audit_buf, "authentication new_gid=%lu",
(unsigned long) grp->gr_gid);
audit_logger (AUDIT_GRP_AUTH, Prog,
audit_buf, NULL, getuid (), 0);
audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE);
#endif
SYSLOG ((LOG_INFO,
"Invalid password for group '%s' from '%s'",
@@ -206,10 +206,10 @@ static void check_perms (const struct group *grp,
goto failure;
}
#ifdef WITH_AUDIT
SNPRINTF(audit_buf, "authentication new-gid=%lu",
SNPRINTF(audit_buf, "authentication new_gid=%lu",
(unsigned long) grp->gr_gid);
audit_logger (AUDIT_GRP_AUTH, Prog,
audit_buf, NULL, getuid (), 1);
audit_buf, NULL, getuid (), SHADOW_AUDIT_SUCCESS);
#endif
}
@@ -220,16 +220,6 @@ failure:
* harm. -- JWP
*/
closelog ();
#ifdef WITH_AUDIT
if (groupname) {
SNPRINTF(audit_buf, "changing new-group=%s", groupname);
audit_logger (AUDIT_CHGRP_ID, Prog,
audit_buf, NULL, getuid (), 0);
} else {
audit_logger (AUDIT_CHGRP_ID, Prog,
"changing", NULL, getuid (), 0);
}
#endif
exit (EXIT_FAILURE);
}
@@ -303,13 +293,13 @@ static void syslog_sg (const char *name, const char *group)
is_newgrp ? "newgrp" : "sg", strerror (errno));
#ifdef WITH_AUDIT
if (group) {
SNPRINTF(audit_buf,
"changing new-group=%s", group);
audit_logger (AUDIT_CHGRP_ID, Prog,
audit_buf, NULL, getuid (), 0);
audit_logger_with_group(AUDIT_CHGRP_ID, "changing", NULL,
getuid(), "new_group", group,
SHADOW_AUDIT_FAILURE);
} else {
audit_logger (AUDIT_CHGRP_ID, Prog,
"changing", NULL, getuid (), 0);
"changing", NULL, getuid(),
SHADOW_AUDIT_FAILURE);
}
#endif
exit (EXIT_FAILURE);
@@ -447,7 +437,7 @@ int main (int argc, char **argv)
Prog);
#ifdef WITH_AUDIT
audit_logger (AUDIT_CHGRP_ID, Prog,
"changing", NULL, getuid (), 0);
"changing", NULL, getuid (), SHADOW_AUDIT_FAILURE);
#endif
SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)",
(unsigned long) getuid ()));
@@ -563,12 +553,11 @@ int main (int argc, char **argv)
perror("agetgroups");
#ifdef WITH_AUDIT
if (group) {
SNPRINTF(audit_buf, "changing new-group=%s", group);
audit_logger(AUDIT_CHGRP_ID, Prog,
audit_buf, NULL, getuid(), 0);
audit_logger_with_group(AUDIT_CHGRP_ID, "changing", NULL, getuid(),
"new_group", group, SHADOW_AUDIT_FAILURE);
} else {
audit_logger(AUDIT_CHGRP_ID, Prog,
"changing", NULL, getuid(), 0);
"changing", NULL, getuid(), SHADOW_AUDIT_FAILURE);
}
#endif
exit(EXIT_FAILURE);
@@ -704,9 +693,9 @@ int main (int argc, char **argv)
if (setgid (gid) != 0) {
perror ("setgid");
#ifdef WITH_AUDIT
SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid);
audit_logger (AUDIT_CHGRP_ID, Prog,
audit_buf, NULL, getuid (), 0);
audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE);
#endif
exit (EXIT_FAILURE);
}
@@ -714,9 +703,9 @@ int main (int argc, char **argv)
if (setuid (getuid ()) != 0) {
perror ("setuid");
#ifdef WITH_AUDIT
SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid);
audit_logger (AUDIT_CHGRP_ID, Prog,
audit_buf, NULL, getuid (), 0);
audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE);
#endif
exit (EXIT_FAILURE);
}
@@ -729,9 +718,9 @@ int main (int argc, char **argv)
closelog ();
execl (SHELL, "sh", "-c", command, (char *) NULL);
#ifdef WITH_AUDIT
SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid);
audit_logger (AUDIT_CHGRP_ID, Prog,
audit_buf, NULL, getuid (), 0);
audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE);
#endif
perror (SHELL);
exit ((errno == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
@@ -795,9 +784,9 @@ int main (int argc, char **argv)
}
#ifdef WITH_AUDIT
SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid);
audit_logger (AUDIT_CHGRP_ID, Prog,
audit_buf, NULL, getuid (), 1);
audit_buf, NULL, getuid (), SHADOW_AUDIT_SUCCESS);
#endif
/*
* Exec the login shell and go away. We are trying to get back to
@@ -821,9 +810,9 @@ int main (int argc, char **argv)
closelog ();
#ifdef WITH_AUDIT
if (NULL != group) {
SNPRINTF(audit_buf, "changing new-group=%s", group);
audit_logger (AUDIT_CHGRP_ID, Prog,
audit_buf, NULL, getuid (), 0);
audit_logger_with_group(AUDIT_CHGRP_ID, "changing", NULL,
getuid(), "new_group", group,
SHADOW_AUDIT_FAILURE);
} else {
audit_logger (AUDIT_CHGRP_ID, Prog,
"changing", NULL, getuid (), 0);
src/useradd.c
+32 -98
View File
@@ -253,6 +253,10 @@ static FILE *fmkomstemp(char *template, unsigned int flags, mode_t m);
*/
static void fail_exit (int code)
{
#ifdef WITH_AUDIT
int type;
#endif
if (home_added && rmdir(prefix_user_home) != 0) {
fprintf(stderr,
_("%s: %s was created, but could not be removed\n"),
@@ -263,38 +267,22 @@ static void fail_exit (int code)
if (spw_locked && spw_unlock() == 0) {
fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname());
SYSLOG((LOG_ERR, "failed to unlock %s", spw_dbname()));
#ifdef WITH_AUDIT
audit_logger(AUDIT_ADD_USER, Prog, "unlocking shadow file",
user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
#endif
/* continue */
}
if (pw_locked && pw_unlock() == 0) {
fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname());
SYSLOG((LOG_ERR, "failed to unlock %s", pw_dbname()));
#ifdef WITH_AUDIT
audit_logger(AUDIT_ADD_USER, Prog, "unlocking passwd file",
user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
#endif
/* continue */
}
if (gr_locked && gr_unlock() == 0) {
fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname());
SYSLOG((LOG_ERR, "failed to unlock %s", gr_dbname()));
#ifdef WITH_AUDIT
audit_logger(AUDIT_ADD_USER, Prog, "unlocking group file",
user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
#endif
/* continue */
}
#ifdef SHADOWGRP
if (sgr_locked && sgr_unlock() == 0) {
fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname());
SYSLOG((LOG_ERR, "failed to unlock %s", sgr_dbname()));
# ifdef WITH_AUDIT
audit_logger(AUDIT_ADD_USER, Prog, "unlocking gshadow file",
user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
# endif
/* continue */
}
#endif
@@ -302,27 +290,23 @@ static void fail_exit (int code)
if (sub_uid_locked && sub_uid_unlock() == 0) {
fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname());
SYSLOG((LOG_ERR, "failed to unlock %s", sub_uid_dbname()));
# ifdef WITH_AUDIT
audit_logger(AUDIT_ADD_USER, Prog,
"unlocking subordinate user file",
user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
# endif
/* continue */
}
if (sub_gid_locked && sub_gid_unlock() == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname());
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname()));
# ifdef WITH_AUDIT
audit_logger(AUDIT_ADD_USER, Prog,
"unlocking subordinate group file",
user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
# endif
/* continue */
}
#endif /* ENABLE_SUBIDS */
#ifdef WITH_AUDIT
audit_logger(AUDIT_ADD_USER, Prog, "adding user",
if (code == E_PW_UPDATE || code >= E_GRP_UPDATE)
type = AUDIT_USER_MGMT;
else
type = AUDIT_ADD_USER;
audit_logger (type, Prog,
"add-user",
user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
#endif
SYSLOG((LOG_INFO, "failed adding user '%s', exit code: %d", user_name, code));
@@ -729,7 +713,7 @@ set_defaults(void)
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_USYS_CONFIG, Prog,
"changing useradd defaults",
"changing-useradd-defaults",
NULL, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
#endif
@@ -1043,12 +1027,6 @@ static void grp_update (void)
_("%s: Out of memory. Cannot update %s.\n"),
Prog, gr_dbname ());
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"adding user to group",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
fail_exit (E_GRP_UPDATE); /* XXX */
}
@@ -1062,18 +1040,12 @@ static void grp_update (void)
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, gr_dbname (), ngrp->gr_name);
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"adding user to group",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
fail_exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"adding user to group",
user_name, AUDIT_NO_ID,
audit_logger_with_group (AUDIT_USER_MGMT,
"add-user-to-group",
user_name, AUDIT_NO_ID, "grp", ngrp->gr_name,
SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO,
@@ -1118,12 +1090,6 @@ static void grp_update (void)
_("%s: Out of memory. Cannot update %s.\n"),
Prog, sgr_dbname ());
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"adding user to shadow group",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
fail_exit (E_GRP_UPDATE); /* XXX */
}
@@ -1137,18 +1103,13 @@ static void grp_update (void)
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, sgr_dbname (), nsgrp->sg_namp);
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"adding user to shadow group",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
fail_exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"adding user to shadow group",
user_name, AUDIT_NO_ID,
audit_logger_with_group (AUDIT_USER_MGMT,
"add-to-shadow-group",
user_name, AUDIT_NO_ID, "grp", nsgrp->sg_namp,
SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO,
@@ -1547,7 +1508,7 @@ static void process_flags (int argc, char **argv)
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"adding user",
"add-user",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@@ -1647,7 +1608,7 @@ static void close_files (void)
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"unlocking shadow file",
"unlocking-shadow-file",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@@ -1660,7 +1621,7 @@ static void close_files (void)
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"unlocking passwd file",
"unlocking-passwd-file",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@@ -1677,7 +1638,7 @@ static void close_files (void)
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"unlocking subordinate user file",
"unlocking-subordinate-user-file",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@@ -1691,7 +1652,7 @@ static void close_files (void)
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"unlocking subordinate group file",
"unlocking-subordinate-group-file",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@@ -1954,7 +1915,7 @@ static void grp_add (void)
Prog, gr_dbname (), grp.gr_name);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
"adding group",
"add-group",
grp.gr_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@@ -1970,7 +1931,7 @@ static void grp_add (void)
Prog, sgr_dbname (), sgrp.sg_namp);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
"adding group",
"add-group",
grp.gr_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@@ -1980,7 +1941,7 @@ static void grp_add (void)
SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", user_name, user_gid));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
"adding group",
"add-group",
grp.gr_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
#endif
@@ -2178,11 +2139,6 @@ static void usr_update (unsigned long subuid_count, unsigned long subgid_count)
fprintf (stderr,
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, spw_dbname (), spent.sp_namp);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"adding shadow password",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif
fail_exit (E_PW_UPDATE);
}
#ifdef ENABLE_SUBIDS
@@ -2209,7 +2165,7 @@ static void usr_update (unsigned long subuid_count, unsigned long subgid_count)
* and we can use the real ID thereafter.
*/
audit_logger (AUDIT_ADD_USER, Prog,
"adding user",
"add-user",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
#endif
@@ -2304,10 +2260,6 @@ static void create_home (void)
if (mkdir(path, 0) != 0) {
fprintf(stderr, _("%s: cannot create directory %s\n"),
Prog, path);
#ifdef WITH_AUDIT
audit_logger(AUDIT_ADD_USER, Prog, "adding home directory",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif
fail_exit(E_HOMEDIR);
}
if (chown(path, 0, 0) < 0) {
@@ -2332,7 +2284,7 @@ static void create_home (void)
}
home_added = true;
#ifdef WITH_AUDIT
audit_logger(AUDIT_ADD_USER, Prog, "adding home directory",
audit_logger(AUDIT_USER_MGMT, Prog, "add-home-dir",
user_name, user_id, SHADOW_AUDIT_SUCCESS);
#endif
#ifdef WITH_SELINUX
@@ -2573,12 +2525,6 @@ int main (int argc, char **argv)
*/
if (prefix_getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */
fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"adding user",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
fail_exit (E_NAME_IN_USE);
}
@@ -2594,12 +2540,6 @@ int main (int argc, char **argv)
fprintf (stderr,
_("%s: group %s exists - if you want to add this user to that group, use -g.\n"),
Prog, user_name);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"adding group",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
fail_exit (E_NAME_IN_USE);
}
}
@@ -2629,12 +2569,6 @@ int main (int argc, char **argv)
fprintf (stderr,
_("%s: UID %lu is not unique\n"),
Prog, (unsigned long) user_id);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"adding user",
user_name, user_id,
SHADOW_AUDIT_FAILURE);
#endif
fail_exit (E_UID_IN_USE);
}
}
@@ -2709,9 +2643,9 @@ int main (int argc, char **argv)
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
Prog, user_name, user_selinux);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"adding SELinux user mapping",
user_name, user_id, 0);
audit_logger (AUDIT_ROLE_ASSIGN, Prog,
"add-selinux-user-mapping",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
fail_exit (E_SE_UPDATE);
}
src/userdel.c
+31 -89
View File
@@ -207,9 +207,10 @@ static void update_groups (void)
* Update the DBM group file with the new entry as well.
*/
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"deleting user from group",
user_name, user_id, SHADOW_AUDIT_SUCCESS);
audit_logger_with_group (AUDIT_USER_MGMT,
"deleting-user-from-group",
user_name, user_id, "grp", ngrp->gr_name,
SHADOW_AUDIT_SUCCESS);
#endif /* WITH_AUDIT */
SYSLOG ((LOG_INFO, "delete '%s' from group '%s'\n",
user_name, ngrp->gr_name));
@@ -268,9 +269,10 @@ static void update_groups (void)
exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"deleting user from shadow group",
user_name, user_id, SHADOW_AUDIT_SUCCESS);
audit_logger_with_group (AUDIT_USER_MGMT,
"deleting-user-from-shadow-group",
user_name, user_id, nsgrp->sg_namp, "grp",
SHADOW_AUDIT_SUCCESS);
#endif /* WITH_AUDIT */
SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'\n",
user_name, nsgrp->sg_namp));
@@ -346,9 +348,9 @@ static void remove_usergroup (void)
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_GROUP, Prog,
"deleting group",
user_name, AUDIT_NO_ID,
audit_logger_with_group (AUDIT_DEL_GROUP,
"delete-group",
user_name, AUDIT_NO_ID, "grp", user_name,
SHADOW_AUDIT_SUCCESS);
#endif /* WITH_AUDIT */
SYSLOG ((LOG_INFO,
@@ -364,9 +366,9 @@ static void remove_usergroup (void)
fail_exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_GROUP, Prog,
"deleting shadow group",
user_name, AUDIT_NO_ID,
audit_logger_with_group (AUDIT_GRP_MGMT,
"delete-shadow-group",
user_name, AUDIT_NO_ID, "grp", user_name,
SHADOW_AUDIT_SUCCESS);
#endif /* WITH_AUDIT */
SYSLOG ((LOG_INFO,
@@ -528,7 +530,7 @@ static void fail_exit (int code)
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"deleting user",
"delete-user",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
@@ -547,22 +549,12 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, pw_dbname ());
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"locking password file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
fail_exit (E_PW_UPDATE);
}
pw_locked = true;
if (pw_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"), Prog, pw_dbname ());
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"opening password file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
fail_exit (E_PW_UPDATE);
}
if (is_shadow_pwd) {
@@ -570,11 +562,6 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, spw_dbname ());
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"locking shadow password file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
fail_exit (E_PW_UPDATE);
}
spw_locked = true;
@@ -582,11 +569,6 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, spw_dbname ());
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"opening shadow password file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
fail_exit (E_PW_UPDATE);
}
}
@@ -594,21 +576,11 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, gr_dbname ());
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"locking group file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
fail_exit (E_GRP_UPDATE);
}
gr_locked = true;
if (gr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"opening group file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
fail_exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP
@@ -617,22 +589,12 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sgr_dbname ());
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"locking shadow group file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
fail_exit (E_GRP_UPDATE);
}
sgr_locked= true;
if (sgr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"),
Prog, sgr_dbname ());
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"opening shadow group file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
fail_exit (E_GRP_UPDATE);
}
}
@@ -643,22 +605,12 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sub_uid_dbname ());
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"locking subordinate user file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
fail_exit (E_SUB_UID_UPDATE);
}
sub_uid_locked = true;
if (sub_uid_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"), Prog, sub_uid_dbname ());
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"opening subordinate user file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
fail_exit (E_SUB_UID_UPDATE);
}
}
@@ -667,22 +619,12 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sub_gid_dbname ());
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"locking subordinate group file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
fail_exit (E_SUB_GID_UPDATE);
}
sub_gid_locked = true;
if (sub_gid_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"), Prog, sub_gid_dbname ());
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"opening subordinate group file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
fail_exit (E_SUB_GID_UPDATE);
}
}
@@ -727,7 +669,7 @@ static void update_user (void)
#endif /* ENABLE_SUBIDS */
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"deleting user entries",
"delete-user",
user_name, user_id, SHADOW_AUDIT_SUCCESS);
#endif /* WITH_AUDIT */
SYSLOG ((LOG_INFO, "delete user '%s'\n", user_name));
@@ -826,7 +768,7 @@ static bool remove_mailbox (void)
SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno)));
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"deleting mail file",
"delete-mail-file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
free(mailfile);
@@ -842,7 +784,7 @@ static bool remove_mailbox (void)
SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno)));
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"deleting mail file",
"delete-mail-file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
errors = true;
@@ -851,8 +793,8 @@ static bool remove_mailbox (void)
#ifdef WITH_AUDIT
else
{
audit_logger (AUDIT_DEL_USER, Prog,
"deleting mail file",
audit_logger (AUDIT_USER_MGMT, Prog,
"delete-mail-file",
user_name, user_id, SHADOW_AUDIT_SUCCESS);
}
#endif /* WITH_AUDIT */
@@ -869,7 +811,7 @@ static bool remove_mailbox (void)
mailfile, strerror (errno)));
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"deleting mail file",
"delete-mail-file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
free(mailfile);
@@ -885,7 +827,7 @@ static bool remove_mailbox (void)
SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno)));
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"deleting mail file",
"delete-mail-file",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
errors = true;
@@ -894,8 +836,8 @@ static bool remove_mailbox (void)
#ifdef WITH_AUDIT
else
{
audit_logger (AUDIT_DEL_USER, Prog,
"deleting mail file",
audit_logger (AUDIT_USER_MGMT, Prog,
"delete-mail-file",
user_name, user_id, SHADOW_AUDIT_SUCCESS);
}
#endif /* WITH_AUDIT */
@@ -1106,7 +1048,7 @@ int main (int argc, char **argv)
Prog, user_name);
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"deleting user not found",
"deleting-user-not-found",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
@@ -1136,7 +1078,7 @@ int main (int argc, char **argv)
if (!fflg) {
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
"deleting user logged in",
"deleting-user-logged-in",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
@@ -1232,8 +1174,8 @@ int main (int argc, char **argv)
#ifdef WITH_AUDIT
else
{
audit_logger (AUDIT_DEL_USER, Prog,
"deleting home directory",
audit_logger (AUDIT_USER_MGMT, Prog,
"deleting-home-directory",
user_name, user_id, SHADOW_AUDIT_SUCCESS);
}
#endif /* WITH_AUDIT */
@@ -1241,7 +1183,7 @@ int main (int argc, char **argv)
#ifdef WITH_AUDIT
if (errors) {
audit_logger (AUDIT_DEL_USER, Prog,
"deleting home directory",
"deleting-home-directory",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
}
@@ -1254,8 +1196,8 @@ int main (int argc, char **argv)
_("%s: warning: the user name %s to SELinux user mapping removal failed.\n"),
Prog, user_name);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"removing SELinux user mapping",
audit_logger (AUDIT_ROLE_REMOVE, Prog,
"delete-selinux-user-mapping",
user_name, user_id, SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
fail_exit (E_SE_UPDATE);
src/usermod.c
+70 -59
View File
@@ -431,7 +431,7 @@ static char *new_pw_passwd (char *pw_pass)
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"updating passwd", user_newname, user_newid, 0);
"updating-passwd", user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO, "lock user '%s' password", user_newname));
xasprintf(&buf, "!%s", pw_pass);
@@ -447,14 +447,14 @@ static char *new_pw_passwd (char *pw_pass)
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"updating password", user_newname, user_newid, 0);
"updating-password", user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO, "unlock user '%s' password", user_newname));
memmove(pw_pass, pw_pass + 1, strlen(pw_pass));
} else if (pflg) {
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing password", user_newname, user_newid, 1);
"updating-password", user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO, "change user '%s' password", user_newname));
pw_pass = xstrdup (user_pass);
@@ -482,8 +482,8 @@ static void new_pwent (struct passwd *pwent)
fail_exit (E_NAME_IN_USE);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing name", user_newname, user_newid, 1);
audit_logger (AUDIT_USER_MGMT, Prog,
"changing-name", user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
"change user name '%s' to '%s'",
@@ -502,8 +502,8 @@ static void new_pwent (struct passwd *pwent)
if (uflg) {
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing uid", user_newname, user_newid, 1);
audit_logger (AUDIT_USER_MGMT, Prog,
"changing-uid", user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
"change user '%s' UID from '%d' to '%d'",
@@ -512,8 +512,8 @@ static void new_pwent (struct passwd *pwent)
}
if (gflg) {
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing primary group",
audit_logger (AUDIT_USER_MGMT, Prog,
"changing-primary-group",
user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
@@ -523,16 +523,16 @@ static void new_pwent (struct passwd *pwent)
}
if (cflg) {
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing comment", user_newname, user_newid, 1);
audit_logger (AUDIT_USER_MGMT, Prog,
"changing-comment", user_newname, user_newid, 1);
#endif
pwent->pw_gecos = user_newcomment;
}
if (dflg) {
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing home directory",
audit_logger (AUDIT_USER_MGMT, Prog,
"changing-home-dir",
user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
@@ -548,8 +548,8 @@ static void new_pwent (struct passwd *pwent)
}
if (sflg) {
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing user shell",
audit_logger (AUDIT_USER_MGMT, Prog,
"changing-shell",
user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
@@ -579,8 +579,8 @@ static void new_spent (struct spwd *spent)
if (fflg) {
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing inactive days",
audit_logger (AUDIT_USER_MGMT, Prog,
"changing-inactive-days",
user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
@@ -595,8 +595,8 @@ static void new_spent (struct spwd *spent)
DAY_TO_STR(new_exp, user_newexpire);
DAY_TO_STR(old_exp, user_expire);
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing expiration date",
audit_logger (AUDIT_USER_MGMT, Prog,
"changing-expiration-date",
user_newname, user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
@@ -681,9 +681,9 @@ fail_exit (int code)
#endif /* ENABLE_SUBIDS */
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"modifying account",
user_name, AUDIT_NO_ID, 0);
audit_logger (AUDIT_USER_MGMT, Prog,
"modify-account",
user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
#endif
exit (code);
}
@@ -753,9 +753,12 @@ update_group(const struct group *grp)
user_newname);
changed = true;
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing group member",
user_newname, AUDIT_NO_ID, 1);
audit_logger_with_group (
AUDIT_USER_MGMT,
"update-member-in-group",
user_newname, AUDIT_NO_ID, "grp",
ngrp->gr_name,
SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO,
"change '%s' to '%s' in group '%s'",
@@ -769,9 +772,11 @@ update_group(const struct group *grp)
ngrp->gr_mem = del_list (ngrp->gr_mem, user_name);
changed = true;
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"removing group member",
user_name, AUDIT_NO_ID, 1);
audit_logger_with_group (AUDIT_USER_MGMT,
"delete-user-from-group",
user_name, AUDIT_NO_ID, "grp",
ngrp->gr_name,
SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO,
"delete '%s' from group '%s'",
@@ -784,9 +789,11 @@ update_group(const struct group *grp)
ngrp->gr_mem = add_list (ngrp->gr_mem, user_newname);
changed = true;
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"adding user to group",
user_name, AUDIT_NO_ID, 1);
audit_logger_with_group (AUDIT_USER_MGMT,
"add-user-to-group",
user_name, AUDIT_NO_ID, "grp",
ngrp->gr_name,
SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO, "add '%s' to group '%s'",
user_newname, ngrp->gr_name));
@@ -879,9 +886,10 @@ update_gshadow(const struct sgrp *sgrp)
nsgrp->sg_adm = add_list (nsgrp->sg_adm, user_newname);
changed = true;
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing admin name in shadow group",
user_name, AUDIT_NO_ID, 1);
audit_logger_with_group (AUDIT_GRP_MGMT,
"update-admin-name-in-shadow-group",
user_name, AUDIT_NO_ID, "grp", nsgrp->sg_namp,
SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO,
"change admin '%s' to '%s' in shadow group '%s'",
@@ -901,9 +909,10 @@ update_gshadow(const struct sgrp *sgrp)
user_newname);
changed = true;
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing member in shadow group",
user_name, AUDIT_NO_ID, 1);
audit_logger_with_group (AUDIT_USER_MGMT,
"update-member-in-shadow-group",
user_name, AUDIT_NO_ID, "grp",
nsgrp->sg_namp, 1);
#endif
SYSLOG ((LOG_INFO,
"change '%s' to '%s' in shadow group '%s'",
@@ -917,9 +926,10 @@ update_gshadow(const struct sgrp *sgrp)
nsgrp->sg_mem = del_list (nsgrp->sg_mem, user_name);
changed = true;
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"removing user from shadow group",
user_name, AUDIT_NO_ID, 1);
audit_logger_with_group (AUDIT_USER_MGMT,
"delete-user-from-shadow-group",
user_name, AUDIT_NO_ID, "grp",
nsgrp->sg_namp, 1);
#endif
SYSLOG ((LOG_INFO,
"delete '%s' from shadow group '%s'",
@@ -932,9 +942,10 @@ update_gshadow(const struct sgrp *sgrp)
nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_newname);
changed = true;
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"adding user to shadow group",
user_newname, AUDIT_NO_ID, 1);
audit_logger_with_group (AUDIT_USER_MGMT,
"add-user-to-shadow-group",
user_newname, AUDIT_NO_ID, "grp",
nsgrp->sg_namp, 1);
#endif
SYSLOG ((LOG_INFO, "add '%s' to shadow group '%s'",
user_newname, nsgrp->sg_namp));
@@ -1829,8 +1840,8 @@ static void move_home (void)
#ifdef WITH_AUDIT
if (uflg || gflg) {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing home directory owner",
audit_logger (AUDIT_USER_MGMT, Prog,
"updating-home-dir-owner",
user_newname, user_newid, 1);
}
#endif
@@ -1848,8 +1859,8 @@ static void move_home (void)
fail_exit (E_HOMEDIR);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"moving home directory",
audit_logger (AUDIT_USER_MGMT, Prog,
"moving-home-dir",
user_newname, user_newid, 1);
#endif
return;
@@ -1876,9 +1887,9 @@ static void move_home (void)
Prog, prefix_user_home);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK,
audit_logger (AUDIT_USER_MGMT,
Prog,
"moving home directory",
"moving-home-dir",
user_newname,
user_newid,
1);
@@ -2102,8 +2113,8 @@ static void move_mailbox (void)
}
#ifdef WITH_AUDIT
else {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing mail file owner",
audit_logger (AUDIT_USER_MGMT, Prog,
"updating-mail-file-owner",
user_newname, user_newid, 1);
}
#endif
@@ -2126,8 +2137,8 @@ static void move_mailbox (void)
}
#ifdef WITH_AUDIT
else {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing mail file name",
audit_logger (AUDIT_USER_MGMT, Prog,
"updating-mail-file-name",
user_newname, user_newid, 1);
}
@@ -2340,8 +2351,8 @@ int main (int argc, char **argv)
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
Prog, user_name, user_selinux);
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"modifying User mapping ",
audit_logger (AUDIT_ROLE_ASSIGN, Prog,
"changing-selinux-user-mapping ",
user_name, user_id,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
@@ -2353,8 +2364,8 @@ int main (int argc, char **argv)
_("%s: warning: the user name %s to SELinux user mapping removal failed.\n"),
Prog, user_name);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"removing SELinux user mapping",
audit_logger (AUDIT_ROLE_REMOVE, Prog,
"delete-selinux-user-mapping",
user_name, user_id,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
@@ -2397,8 +2408,8 @@ int main (int argc, char **argv)
*/
#ifdef WITH_AUDIT
if (uflg || gflg) {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing home directory owner",
audit_logger (AUDIT_USER_MGMT, Prog,
"updating-home-dir-owner",
user_newname, user_newid, 1);
}
#endif