From 765993846d110820a6bc7992a1cbfeeafefdc906 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 15 Nov 2016 16:00:51 +0100 Subject: [PATCH 1/4] Print error message if SELinux file context manipulation fails. --- src/useradd.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/useradd.c b/src/useradd.c index 6c43e7e3..95e8ee7e 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -1896,6 +1896,9 @@ static void create_home (void) if (access (user_home, F_OK) != 0) { #ifdef WITH_SELINUX if (set_selinux_file_context (user_home) != 0) { + fprintf (stderr, + _("%s: cannot set SELinux context for home directory %s\n"), + Prog, user_home); fail_exit (E_HOMEDIR); } #endif @@ -1925,6 +1928,9 @@ static void create_home (void) #ifdef WITH_SELINUX /* Reset SELinux to create files with default contexts */ if (reset_selinux_file_context () != 0) { + fprintf (stderr, + _("%s: cannot reset SELinux file creation context\n"), + Prog); fail_exit (E_HOMEDIR); } #endif From 2b820c534d8b3cb49b2554238d729e6f71df7772 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 15 Nov 2016 16:03:40 +0100 Subject: [PATCH 2/4] Audit the home directory ownership change. --- src/usermod.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/usermod.c b/src/usermod.c index 687487d9..d72cf85f 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -1756,6 +1756,14 @@ static void move_home (void) fail_exit (E_HOMEDIR); } +#ifdef WITH_AUDIT + if (uflg || gflg) { + audit_logger (AUDIT_USER_CHAUTHTOK, Prog, + "changing home directory owner", + user_newname, (unsigned int) user_newid, 1); + } +#endif + if (rename (user_home, user_newhome) == 0) { /* FIXME: rename above may have broken symlinks * pointing to the user's home directory @@ -2252,6 +2260,13 @@ int main (int argc, char **argv) * ownership. * */ +#ifdef WITH_AUDIT + if (uflg || gflg) { + audit_logger (AUDIT_USER_CHAUTHTOK, Prog, + "changing home directory owner", + user_newname, (unsigned int) user_newid, 1); + } +#endif if (chown_tree (dflg ? user_newhome : user_home, user_id, uflg ? user_newid : (uid_t)-1, From 4471e5419dd3c9456409390f9640e8504e84d157 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 15 Nov 2016 16:04:24 +0100 Subject: [PATCH 3/4] Keep the permissions of the original file when creating a backup. --- lib/commonio.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/lib/commonio.c b/lib/commonio.c index 2e2f7785..b10da06a 100644 --- a/lib/commonio.c +++ b/lib/commonio.c @@ -301,15 +301,12 @@ static int create_backup (const char *backup, FILE * fp) struct utimbuf ub; FILE *bkfp; int c; - mode_t mask; if (fstat (fileno (fp), &sb) != 0) { return -1; } - mask = umask (077); - bkfp = fopen (backup, "w"); - (void) umask (mask); + bkfp = fopen_set_perms (backup, "w", &sb); if (NULL == bkfp) { return -1; } From 6401c5b4ee266d508e660c123cb1baf759af8488 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 15 Nov 2016 16:05:44 +0100 Subject: [PATCH 4/4] snprintf() always terminates output with \0 --- lib/groupio.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/groupio.c b/lib/groupio.c index 3ad4736b..ae2302b5 100644 --- a/lib/groupio.c +++ b/lib/groupio.c @@ -338,8 +338,7 @@ static /*@null@*/struct commonio_entry *merge_group_entries ( errno = ENOMEM; return NULL; } - snprintf(new_line, new_line_len, "%s\n%s", gr1->line, gr2->line); - new_line[new_line_len] = '\0'; + snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line); /* Concatenate the 2 list of members */ for (i=0; NULL != gptr1->gr_mem[i]; i++);