2024-06-18 09:56:02 +00:00
|
|
|
diff -up shadow-4.15.1/lib/audit_help.c.audit-update shadow-4.15.1/lib/audit_help.c
|
|
|
|
|
--- shadow-4.15.1/lib/audit_help.c.audit-update 2024-03-01 02:50:52.000000000 +0100
|
|
|
|
|
+++ shadow-4.15.1/lib/audit_help.c 2024-05-20 11:52:05.639758532 +0200
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -48,7 +48,7 @@ void audit_help_open (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
* This function will log a message to the audit system using a predefined
|
|
|
|
|
* message format. Parameter usage is as follows:
|
|
|
|
|
*
|
2022-01-26 08:29:37 +00:00
|
|
|
- * type - type of message: AUDIT_USER_CHAUTHTOK for changing any account
|
|
|
|
|
+ * type - type of message: AUDIT_USER_MGMT for changing any account
|
2014-10-17 15:03:29 +00:00
|
|
|
* attributes.
|
|
|
|
|
* pgname - program's name
|
|
|
|
|
* op - operation. "adding user", "changing finger info", "deleting group"
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -68,6 +68,39 @@ void audit_logger (int type, MAYBE_UNUSE
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
+/*
|
|
|
|
|
+ * This function will log a message to the audit system using a predefined
|
|
|
|
|
+ * message format. Parameter usage is as follows:
|
|
|
|
|
+ *
|
|
|
|
|
+ * type - type of message: AUDIT_USER_MGMT for changing any account
|
|
|
|
|
+ * attributes.
|
|
|
|
|
+ * pgname - program's name
|
|
|
|
|
+ * op - operation. "adding user", "changing finger info", "deleting group"
|
|
|
|
|
+ * name - user's account or group name. If not available use NULL.
|
|
|
|
|
+ * id - uid or gid that the operation is being performed on. This is used
|
|
|
|
|
+ * only when user is NULL.
|
|
|
|
|
+ * grp - group name associated with event
|
|
|
|
|
+ */
|
2024-04-03 07:49:58 +00:00
|
|
|
+void audit_logger_with_group (int type, MAYBE_UNUSED const char *pgname,
|
2014-10-17 15:03:29 +00:00
|
|
|
+ const char *op, const char *name, unsigned int id,
|
|
|
|
|
+ const char *grp, shadow_audit_result result)
|
|
|
|
|
+{
|
|
|
|
|
+ int len;
|
|
|
|
|
+ char enc_group[(GROUP_NAME_MAX_LENGTH*2)+1], buf[1024];
|
|
|
|
|
+ if (audit_fd < 0) {
|
|
|
|
|
+ return;
|
|
|
|
|
+ }
|
|
|
|
|
+ len = strnlen(grp, sizeof(enc_group)/2);
|
|
|
|
|
+ if (audit_value_needs_encoding(grp, len)) {
|
|
|
|
|
+ snprintf(buf, sizeof(buf), "%s grp=%s", op,
|
|
|
|
|
+ audit_encode_value(enc_group, grp, len));
|
|
|
|
|
+ } else {
|
|
|
|
|
+ snprintf(buf, sizeof(buf), "%s grp=\"%s\"", op, grp);
|
|
|
|
|
+ }
|
|
|
|
|
+ audit_log_acct_message (audit_fd, type, NULL, buf, name, id,
|
|
|
|
|
+ NULL, NULL, NULL, (int) result);
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
void audit_logger_message (const char *message, shadow_audit_result result)
|
|
|
|
|
{
|
|
|
|
|
if (audit_fd < 0) {
|
2024-06-18 09:56:02 +00:00
|
|
|
diff -up shadow-4.15.1/lib/cleanup_group.c.audit-update shadow-4.15.1/lib/cleanup_group.c
|
|
|
|
|
--- shadow-4.15.1/lib/cleanup_group.c.audit-update 2024-03-01 02:50:52.000000000 +0100
|
|
|
|
|
+++ shadow-4.15.1/lib/cleanup_group.c 2024-05-20 11:52:05.639758532 +0200
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -62,7 +62,7 @@ void cleanup_report_mod_group (void *cle
|
2014-10-17 15:03:29 +00:00
|
|
|
gr_dbname (),
|
|
|
|
|
info->action));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2022-01-26 08:29:37 +00:00
|
|
|
- audit_logger (AUDIT_USER_ACCT, log_get_progname(),
|
|
|
|
|
+ audit_logger (AUDIT_GRP_MGMT, log_get_progname(),
|
2014-10-17 15:03:29 +00:00
|
|
|
info->audit_msg,
|
|
|
|
|
info->name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -80,7 +80,7 @@ void cleanup_report_mod_gshadow (void *c
|
2014-10-17 15:03:29 +00:00
|
|
|
sgr_dbname (),
|
|
|
|
|
info->action));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2022-01-26 08:29:37 +00:00
|
|
|
- audit_logger (AUDIT_USER_ACCT, log_get_progname(),
|
|
|
|
|
+ audit_logger (AUDIT_GRP_MGMT, log_get_progname(),
|
2014-10-17 15:03:29 +00:00
|
|
|
info->audit_msg,
|
|
|
|
|
info->name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -101,7 +101,7 @@ void cleanup_report_add_group_group (voi
|
2014-10-17 15:03:29 +00:00
|
|
|
SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, gr_dbname ()));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2022-01-26 08:29:37 +00:00
|
|
|
audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
|
2014-10-17 15:03:29 +00:00
|
|
|
- "adding group to /etc/group",
|
|
|
|
|
+ "adding-group",
|
|
|
|
|
name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -120,8 +120,8 @@ void cleanup_report_add_group_gshadow (v
|
2014-10-17 15:03:29 +00:00
|
|
|
|
|
|
|
|
SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, sgr_dbname ()));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2022-01-26 08:29:37 +00:00
|
|
|
- audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
|
2014-10-17 15:03:29 +00:00
|
|
|
- "adding group to /etc/gshadow",
|
2022-01-26 08:29:37 +00:00
|
|
|
+ audit_logger (AUDIT_GRP_MGMT, log_get_progname(),
|
2014-10-17 15:03:29 +00:00
|
|
|
+ "adding-shadow-group",
|
|
|
|
|
name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -143,8 +143,8 @@ void cleanup_report_del_group_group (voi
|
2014-10-17 15:03:29 +00:00
|
|
|
"failed to remove group %s from %s",
|
|
|
|
|
name, gr_dbname ()));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2022-01-26 08:29:37 +00:00
|
|
|
- audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
|
2014-10-17 15:03:29 +00:00
|
|
|
- "removing group from /etc/group",
|
2022-01-26 08:29:37 +00:00
|
|
|
+ audit_logger (AUDIT_DEL_GROUP, log_get_progname(),
|
2014-10-17 15:03:29 +00:00
|
|
|
+ "removing-group",
|
|
|
|
|
name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -166,8 +166,8 @@ void cleanup_report_del_group_gshadow (v
|
2014-10-17 15:03:29 +00:00
|
|
|
"failed to remove group %s from %s",
|
|
|
|
|
name, sgr_dbname ()));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2022-01-26 08:29:37 +00:00
|
|
|
- audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
|
2014-10-17 15:03:29 +00:00
|
|
|
- "removing group from /etc/gshadow",
|
2022-01-26 08:29:37 +00:00
|
|
|
+ audit_logger (AUDIT_GRP_MGMT, log_get_progname(),
|
2014-10-17 15:03:29 +00:00
|
|
|
+ "removing-shadow-group",
|
|
|
|
|
name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -187,7 +187,7 @@ void cleanup_unlock_group (MAYBE_UNUSED
|
2022-01-26 08:29:37 +00:00
|
|
|
log_get_progname(), gr_dbname ());
|
2014-10-17 15:03:29 +00:00
|
|
|
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger_message ("unlocking group file",
|
|
|
|
|
+ audit_logger_message ("unlocking-group",
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
|
|
|
|
}
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -207,7 +207,7 @@ void cleanup_unlock_gshadow (MAYBE_UNUSE
|
2022-01-26 08:29:37 +00:00
|
|
|
log_get_progname(), sgr_dbname ());
|
2014-10-17 15:03:29 +00:00
|
|
|
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger_message ("unlocking gshadow file",
|
|
|
|
|
+ audit_logger_message ("unlocking-gshadow",
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
|
|
|
|
}
|
2024-06-18 09:56:02 +00:00
|
|
|
diff -up shadow-4.15.1/lib/cleanup_user.c.audit-update shadow-4.15.1/lib/cleanup_user.c
|
|
|
|
|
--- shadow-4.15.1/lib/cleanup_user.c.audit-update 2024-03-01 02:50:52.000000000 +0100
|
|
|
|
|
+++ shadow-4.15.1/lib/cleanup_user.c 2024-05-20 11:52:05.639758532 +0200
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -44,7 +44,7 @@ void cleanup_report_mod_passwd (void *cl
|
2014-10-17 15:03:29 +00:00
|
|
|
pw_dbname (),
|
|
|
|
|
info->action));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2022-01-26 08:29:37 +00:00
|
|
|
- audit_logger (AUDIT_USER_ACCT, log_get_progname(),
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT, log_get_progname(),
|
2014-10-17 15:03:29 +00:00
|
|
|
info->audit_msg,
|
|
|
|
|
info->name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -65,7 +65,7 @@ void cleanup_report_add_user_passwd (voi
|
2014-10-17 15:03:29 +00:00
|
|
|
SYSLOG ((LOG_ERR, "failed to add user %s to %s", name, pw_dbname ()));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2022-01-26 08:29:37 +00:00
|
|
|
audit_logger (AUDIT_ADD_USER, log_get_progname(),
|
2014-10-17 15:03:29 +00:00
|
|
|
- "adding user to /etc/passwd",
|
|
|
|
|
+ "adding-user",
|
|
|
|
|
name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -84,8 +84,8 @@ void cleanup_report_add_user_shadow (voi
|
2014-10-17 15:03:29 +00:00
|
|
|
|
|
|
|
|
SYSLOG ((LOG_ERR, "failed to add user %s to %s", name, spw_dbname ()));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2022-01-26 08:29:37 +00:00
|
|
|
- audit_logger (AUDIT_ADD_USER, log_get_progname(),
|
2014-10-17 15:03:29 +00:00
|
|
|
- "adding user to /etc/shadow",
|
2022-01-26 08:29:37 +00:00
|
|
|
+ audit_logger (AUDIT_USER_MGMT, log_get_progname(),
|
2014-10-17 15:03:29 +00:00
|
|
|
+ "adding-shadow-user",
|
|
|
|
|
name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -104,7 +104,7 @@ void cleanup_unlock_passwd (MAYBE_UNUSED
|
2022-01-26 08:29:37 +00:00
|
|
|
log_get_progname(), pw_dbname ());
|
2014-10-17 15:03:29 +00:00
|
|
|
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger_message ("unlocking passwd file",
|
|
|
|
|
+ audit_logger_message ("unlocking-passwd",
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
|
|
|
|
}
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -123,7 +123,7 @@ void cleanup_unlock_shadow (MAYBE_UNUSED
|
2022-01-26 08:29:37 +00:00
|
|
|
log_get_progname(), spw_dbname ());
|
2014-10-17 15:03:29 +00:00
|
|
|
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger_message ("unlocking shadow file",
|
|
|
|
|
+ audit_logger_message ("unlocking-shadow",
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
|
|
|
|
}
|
2024-06-18 09:56:02 +00:00
|
|
|
diff -up shadow-4.15.1/lib/prototypes.h.audit-update shadow-4.15.1/lib/prototypes.h
|
|
|
|
|
--- shadow-4.15.1/lib/prototypes.h.audit-update 2024-03-01 02:50:52.000000000 +0100
|
|
|
|
|
+++ shadow-4.15.1/lib/prototypes.h 2024-05-20 11:52:05.639758532 +0200
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -198,12 +198,21 @@ extern int audit_fd;
|
2014-11-26 14:58:28 +00:00
|
|
|
extern void audit_help_open (void);
|
|
|
|
|
/* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */
|
|
|
|
|
#define AUDIT_NO_ID ((unsigned int) -1)
|
|
|
|
|
+#ifndef AUDIT_GRP_MGMT
|
|
|
|
|
+#define AUDIT_GRP_MGMT 1132 /* Group account was modified */
|
|
|
|
|
+#endif
|
|
|
|
|
+#ifndef AUDIT_GRP_CHAUTHTOK
|
|
|
|
|
+#define AUDIT_GRP_CHAUTHTOK 1133 /* Group account password was changed */
|
|
|
|
|
+#endif
|
|
|
|
|
typedef enum {
|
|
|
|
|
SHADOW_AUDIT_FAILURE = 0,
|
|
|
|
|
SHADOW_AUDIT_SUCCESS = 1} shadow_audit_result;
|
|
|
|
|
extern void audit_logger (int type, const char *pgname, const char *op,
|
|
|
|
|
const char *name, unsigned int id,
|
|
|
|
|
shadow_audit_result result);
|
2024-04-03 07:49:58 +00:00
|
|
|
+void audit_logger_with_group (int type, MAYBE_UNUSED const char *pgname,
|
2014-11-26 14:58:28 +00:00
|
|
|
+ const char *op, const char *name, unsigned int id,
|
|
|
|
|
+ const char *grp, shadow_audit_result result);
|
|
|
|
|
void audit_logger_message (const char *message, shadow_audit_result result);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
|
|
|
|
|
2024-06-18 09:56:02 +00:00
|
|
|
diff -up shadow-4.15.1/src/chage.c.audit-update shadow-4.15.1/src/chage.c
|
|
|
|
|
--- shadow-4.15.1/src/chage.c.audit-update 2024-03-08 22:27:04.000000000 +0100
|
|
|
|
|
+++ shadow-4.15.1/src/chage.c 2024-05-20 11:52:05.639758532 +0200
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -110,8 +110,8 @@ fail_exit (int code)
|
2020-01-13 10:46:38 +00:00
|
|
|
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
if (E_SUCCESS != code) {
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- "change age", user_name, user_uid, 0);
|
2020-01-13 10:46:38 +00:00
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
+ "change-age", user_name, user_uid, SHADOW_AUDIT_FAILURE);
|
2020-01-13 10:46:38 +00:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -846,10 +846,7 @@ int main (int argc, char **argv)
|
2020-01-13 10:46:38 +00:00
|
|
|
fprintf (stderr, _("%s: Permission denied.\n"), Prog);
|
|
|
|
|
fail_exit (E_NOPERM);
|
|
|
|
|
}
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- "display aging info", user_name, user_uid, 1);
|
2020-01-13 10:46:38 +00:00
|
|
|
-#endif
|
|
|
|
|
+ /* Displaying fields is not of interest to audit */
|
|
|
|
|
list_fields ();
|
|
|
|
|
fail_exit (E_SUCCESS);
|
|
|
|
|
}
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -868,39 +865,39 @@ int main (int argc, char **argv)
|
2020-01-13 10:46:38 +00:00
|
|
|
}
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
else {
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "change all aging information",
|
2023-08-16 08:55:53 +00:00
|
|
|
- user_name, user_uid, 1);
|
2020-01-13 10:46:38 +00:00
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "change-all-aging-information",
|
2023-08-16 08:55:53 +00:00
|
|
|
+ user_name, user_uid, SHADOW_AUDIT_SUCCESS);
|
2020-01-13 10:46:38 +00:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
} else {
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
if (Mflg) {
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- "change max age", user_name, user_uid, 1);
|
2020-01-13 10:46:38 +00:00
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
+ "change-max-age", user_name, user_uid, SHADOW_AUDIT_SUCCESS);
|
2020-01-13 10:46:38 +00:00
|
|
|
}
|
|
|
|
|
if (mflg) {
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- "change min age", user_name, user_uid, 1);
|
2020-01-13 10:46:38 +00:00
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
+ "change-min-age", user_name, user_uid, 1);
|
2020-01-13 10:46:38 +00:00
|
|
|
}
|
|
|
|
|
if (dflg) {
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "change last change date",
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "change-last-change-date",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, user_uid, 1);
|
2020-01-13 10:46:38 +00:00
|
|
|
}
|
|
|
|
|
if (Wflg) {
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "change passwd warning",
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "change-passwd-warning",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, user_uid, 1);
|
2020-01-13 10:46:38 +00:00
|
|
|
}
|
|
|
|
|
if (Iflg) {
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "change inactive days",
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "change-inactive-days",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, user_uid, 1);
|
2020-01-13 10:46:38 +00:00
|
|
|
}
|
|
|
|
|
if (Eflg) {
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "change passwd expiration",
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "change-passwd-expiration",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, user_uid, 1);
|
2020-01-13 10:46:38 +00:00
|
|
|
}
|
|
|
|
|
#endif
|
2024-06-18 09:56:02 +00:00
|
|
|
diff -up shadow-4.15.1/src/gpasswd.c.audit-update shadow-4.15.1/src/gpasswd.c
|
|
|
|
|
--- shadow-4.15.1/src/gpasswd.c.audit-update 2024-03-08 22:27:04.000000000 +0100
|
|
|
|
|
+++ shadow-4.15.1/src/gpasswd.c 2024-05-20 11:52:05.640758536 +0200
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -125,7 +125,7 @@ static void usage (int status)
|
2014-10-17 15:03:29 +00:00
|
|
|
(void) fputs (_(" -d, --delete USER remove USER from GROUP\n"), usageout);
|
|
|
|
|
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
|
|
|
|
|
(void) fputs (_(" -Q, --root CHROOT_DIR directory to chroot into\n"), usageout);
|
|
|
|
|
- (void) fputs (_(" -r, --remove-password remove the GROUP's password\n"), usageout);
|
|
|
|
|
+ (void) fputs (_(" -r, --delete-password remove the GROUP's password\n"), usageout);
|
|
|
|
|
(void) fputs (_(" -R, --restrict restrict access to GROUP to its members\n"), usageout);
|
|
|
|
|
(void) fputs (_(" -M, --members USER,... set the list of members of GROUP\n"), usageout);
|
|
|
|
|
#ifdef SHADOWGRP
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -384,20 +384,14 @@ static void open_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
|
|
|
|
|
static void log_gpasswd_failure (const char *suffix)
|
|
|
|
|
{
|
|
|
|
|
-#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
- char buf[1024];
|
2014-10-17 15:03:29 +00:00
|
|
|
-#endif
|
2024-04-03 07:49:58 +00:00
|
|
|
-
|
2014-10-17 15:03:29 +00:00
|
|
|
if (aflg) {
|
|
|
|
|
SYSLOG ((LOG_ERR,
|
|
|
|
|
"%s failed to add user %s to group %s%s",
|
|
|
|
|
myname, user, group, suffix));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(buf, "%s failed to add user %s to group %s%s",
|
|
|
|
|
- myname, user, group, suffix);
|
2014-10-17 15:03:29 +00:00
|
|
|
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
|
|
- buf,
|
|
|
|
|
- group, AUDIT_NO_ID,
|
|
|
|
|
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "add-user-to-group",
|
|
|
|
|
+ user, AUDIT_NO_ID, group,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
|
|
|
|
} else if (dflg) {
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -405,11 +399,9 @@ static void log_gpasswd_failure (const c
|
2014-10-17 15:03:29 +00:00
|
|
|
"%s failed to remove user %s from group %s%s",
|
|
|
|
|
myname, user, group, suffix));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(buf, "%s failed to remove user %s from group %s%s",
|
|
|
|
|
- myname, user, group, suffix);
|
2014-10-17 15:03:29 +00:00
|
|
|
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
|
|
- buf,
|
|
|
|
|
- group, AUDIT_NO_ID,
|
|
|
|
|
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "delete-user-from-group",
|
|
|
|
|
+ user, AUDIT_NO_ID, group,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
|
|
|
|
} else if (rflg) {
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -417,11 +409,9 @@ static void log_gpasswd_failure (const c
|
2014-10-17 15:03:29 +00:00
|
|
|
"%s failed to remove password of group %s%s",
|
|
|
|
|
myname, group, suffix));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(buf, "%s failed to remove password of group %s%s",
|
|
|
|
|
- myname, group, suffix);
|
2014-10-17 15:03:29 +00:00
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- buf,
|
|
|
|
|
- group, AUDIT_NO_ID,
|
|
|
|
|
+ audit_logger_with_group (AUDIT_GRP_CHAUTHTOK, Prog,
|
|
|
|
|
+ "delete-group-password",
|
|
|
|
|
+ myname, AUDIT_NO_ID, group,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
|
|
|
|
} else if (Rflg) {
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -429,11 +419,9 @@ static void log_gpasswd_failure (const c
|
2014-10-17 15:03:29 +00:00
|
|
|
"%s failed to restrict access to group %s%s",
|
|
|
|
|
myname, group, suffix));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(buf, "%s failed to restrict access to group %s%s",
|
|
|
|
|
- myname, group, suffix);
|
2014-10-17 15:03:29 +00:00
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- buf,
|
|
|
|
|
- group, AUDIT_NO_ID,
|
|
|
|
|
+ audit_logger_with_group (AUDIT_GRP_MGMT, Prog,
|
|
|
|
|
+ "restrict-group",
|
|
|
|
|
+ myname, AUDIT_NO_ID, group,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
|
|
|
|
} else if (Aflg || Mflg) {
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -443,11 +431,9 @@ static void log_gpasswd_failure (const c
|
2014-10-17 15:03:29 +00:00
|
|
|
"%s failed to set the administrators of group %s to %s%s",
|
|
|
|
|
myname, group, admins, suffix));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(buf, "%s failed to set the administrators of group %s to %s%s",
|
|
|
|
|
- myname, group, admins, suffix);
|
2014-10-17 15:03:29 +00:00
|
|
|
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
|
|
- buf,
|
|
|
|
|
- group, AUDIT_NO_ID,
|
|
|
|
|
+ audit_logger_with_group (AUDIT_GRP_MGMT, Prog,
|
|
|
|
|
+ "set-admins-of-group",
|
|
|
|
|
+ admins, AUDIT_NO_ID, group,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
|
|
|
|
}
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -457,11 +443,9 @@ static void log_gpasswd_failure (const c
|
2014-10-17 15:03:29 +00:00
|
|
|
"%s failed to set the members of group %s to %s%s",
|
|
|
|
|
myname, group, members, suffix));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(buf, "%s failed to set the members of group %s to %s%s",
|
|
|
|
|
- myname, group, members, suffix);
|
2014-10-17 15:03:29 +00:00
|
|
|
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
|
|
- buf,
|
|
|
|
|
- group, AUDIT_NO_ID,
|
|
|
|
|
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "add-users-to-group",
|
|
|
|
|
+ members, AUDIT_NO_ID, group,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
|
|
|
|
}
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -470,11 +454,9 @@ static void log_gpasswd_failure (const c
|
2014-10-17 15:03:29 +00:00
|
|
|
"%s failed to change password of group %s%s",
|
|
|
|
|
myname, group, suffix));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(buf, "%s failed to change password of group %s%s",
|
|
|
|
|
- myname, group, suffix);
|
2014-10-17 15:03:29 +00:00
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- buf,
|
|
|
|
|
- group, AUDIT_NO_ID,
|
|
|
|
|
+ audit_logger_with_group (AUDIT_GRP_CHAUTHTOK, Prog,
|
|
|
|
|
+ "change-password",
|
|
|
|
|
+ myname, AUDIT_NO_ID, group,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
|
|
|
|
}
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -514,11 +496,9 @@ static void log_gpasswd_success (const c
|
2014-10-17 15:03:29 +00:00
|
|
|
"user %s added by %s to group %s%s",
|
|
|
|
|
user, myname, group, suffix));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(buf, "user %s added by %s to group %s%s",
|
|
|
|
|
- user, myname, group, suffix);
|
2014-10-17 15:03:29 +00:00
|
|
|
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
|
|
- buf,
|
|
|
|
|
- group, AUDIT_NO_ID,
|
|
|
|
|
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "add-user-to-group",
|
|
|
|
|
+ user, AUDIT_NO_ID, group,
|
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
|
#endif
|
|
|
|
|
} else if (dflg) {
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -526,11 +506,9 @@ static void log_gpasswd_success (const c
|
2014-10-17 15:03:29 +00:00
|
|
|
"user %s removed by %s from group %s%s",
|
|
|
|
|
user, myname, group, suffix));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(buf, "user %s removed by %s from group %s%s",
|
|
|
|
|
- user, myname, group, suffix);
|
2014-10-17 15:03:29 +00:00
|
|
|
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
|
|
- buf,
|
|
|
|
|
- group, AUDIT_NO_ID,
|
|
|
|
|
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "delete-user-from-group",
|
|
|
|
|
+ user, AUDIT_NO_ID, group,
|
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
|
#endif
|
|
|
|
|
} else if (rflg) {
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -540,9 +518,9 @@ static void log_gpasswd_success (const c
|
2014-10-17 15:03:29 +00:00
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
SNPRINTF(buf, "password of group %s removed by %s%s",
|
|
|
|
|
group, myname, suffix);
|
2014-10-17 15:03:29 +00:00
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- buf,
|
|
|
|
|
- group, AUDIT_NO_ID,
|
|
|
|
|
+ audit_logger_with_group (AUDIT_GRP_CHAUTHTOK, Prog,
|
|
|
|
|
+ "delete-group-password",
|
|
|
|
|
+ myname, AUDIT_NO_ID, group,
|
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
|
#endif
|
|
|
|
|
} else if (Rflg) {
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -552,9 +530,9 @@ static void log_gpasswd_success (const c
|
2014-10-17 15:03:29 +00:00
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
SNPRINTF(buf, "access to group %s restricted by %s%s",
|
|
|
|
|
group, myname, suffix);
|
2014-10-17 15:03:29 +00:00
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- buf,
|
|
|
|
|
- group, AUDIT_NO_ID,
|
|
|
|
|
+ audit_logger_with_group (AUDIT_GRP_MGMT, Prog,
|
|
|
|
|
+ "restrict-group",
|
|
|
|
|
+ myname, AUDIT_NO_ID, group,
|
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
|
#endif
|
|
|
|
|
} else if (Aflg || Mflg) {
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -564,11 +542,9 @@ static void log_gpasswd_success (const c
|
2014-10-17 15:03:29 +00:00
|
|
|
"administrators of group %s set by %s to %s%s",
|
|
|
|
|
group, myname, admins, suffix));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(buf, "administrators of group %s set by %s to %s%s",
|
|
|
|
|
- group, myname, admins, suffix);
|
2014-10-17 15:03:29 +00:00
|
|
|
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
|
|
- buf,
|
|
|
|
|
- group, AUDIT_NO_ID,
|
|
|
|
|
+ audit_logger_with_group (AUDIT_GRP_MGMT, Prog,
|
|
|
|
|
+ "set-admins-of-group",
|
|
|
|
|
+ admins, AUDIT_NO_ID, group,
|
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
|
#endif
|
|
|
|
|
}
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -578,11 +554,9 @@ static void log_gpasswd_success (const c
|
2014-10-17 15:03:29 +00:00
|
|
|
"members of group %s set by %s to %s%s",
|
|
|
|
|
group, myname, members, suffix));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(buf, "members of group %s set by %s to %s%s",
|
|
|
|
|
- group, myname, members, suffix);
|
2014-10-17 15:03:29 +00:00
|
|
|
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
|
|
- buf,
|
|
|
|
|
- group, AUDIT_NO_ID,
|
|
|
|
|
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "add-users-to-group",
|
|
|
|
|
+ members, AUDIT_NO_ID, group,
|
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
|
#endif
|
|
|
|
|
}
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -591,11 +565,9 @@ static void log_gpasswd_success (const c
|
2014-10-17 15:03:29 +00:00
|
|
|
"password of group %s changed by %s%s",
|
|
|
|
|
group, myname, suffix));
|
|
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(buf, "password of group %s changed by %s%s",
|
|
|
|
|
- group, myname, suffix);
|
2014-10-17 15:03:29 +00:00
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- buf,
|
|
|
|
|
- group, AUDIT_NO_ID,
|
|
|
|
|
+ audit_logger_with_group (AUDIT_GRP_CHAUTHTOK, Prog,
|
|
|
|
|
+ "change-password",
|
|
|
|
|
+ myname, AUDIT_NO_ID, group,
|
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
|
#endif
|
|
|
|
|
}
|
2024-06-18 09:56:02 +00:00
|
|
|
diff -up shadow-4.15.1/src/groupadd.c.audit-update shadow-4.15.1/src/groupadd.c
|
|
|
|
|
--- shadow-4.15.1/src/groupadd.c.audit-update 2024-03-08 22:27:04.000000000 +0100
|
|
|
|
|
+++ shadow-4.15.1/src/groupadd.c 2024-05-20 11:52:05.640758536 +0200
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -115,6 +115,15 @@ usage (int status)
|
2014-10-17 15:03:29 +00:00
|
|
|
exit (status);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
+static void fail_exit(int status)
|
|
|
|
|
+{
|
|
|
|
|
+#ifdef WITH_AUDIT
|
|
|
|
|
+ audit_logger(AUDIT_ADD_GROUP, Prog, "add-group", group_name,
|
|
|
|
|
+ AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
|
|
|
|
|
+#endif
|
|
|
|
|
+ exit (status);
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
/*
|
|
|
|
|
* new_grent - initialize the values in a group file entry
|
|
|
|
|
*
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -211,7 +220,7 @@ static void grp_update (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: failed to prepare the new %s entry '%s'\n"),
|
|
|
|
|
Prog, gr_dbname (), grp.gr_name);
|
|
|
|
|
- exit (E_GRP_UPDATE);
|
|
|
|
|
+ fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
#ifdef SHADOWGRP
|
|
|
|
|
/*
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -221,7 +230,7 @@ static void grp_update (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: failed to prepare the new %s entry '%s'\n"),
|
|
|
|
|
Prog, sgr_dbname (), sgrp.sg_name);
|
|
|
|
|
- exit (E_GRP_UPDATE);
|
|
|
|
|
+ fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
#endif /* SHADOWGRP */
|
|
|
|
|
}
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -245,7 +254,7 @@ static void check_new_name (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr, _("%s: '%s' is not a valid group name\n"),
|
|
|
|
|
Prog, group_name);
|
|
|
|
|
|
|
|
|
|
- exit (E_BAD_ARG);
|
|
|
|
|
+ fail_exit (E_BAD_ARG);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -261,11 +270,11 @@ static void close_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: failure while writing changes to %s\n"),
|
|
|
|
|
Prog, gr_dbname ());
|
|
|
|
|
- exit (E_GRP_UPDATE);
|
|
|
|
|
+ fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_ADD_GROUP, Prog,
|
|
|
|
|
- "adding group to /etc/group",
|
|
|
|
|
+ "add-group",
|
2023-08-16 08:55:53 +00:00
|
|
|
group_name, group_id, SHADOW_AUDIT_SUCCESS);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
2023-08-16 08:55:53 +00:00
|
|
|
SYSLOG ((LOG_INFO, "group added to %s: name=%s, GID=%u",
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -282,11 +291,11 @@ static void close_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: failure while writing changes to %s\n"),
|
|
|
|
|
Prog, sgr_dbname ());
|
|
|
|
|
- exit (E_GRP_UPDATE);
|
|
|
|
|
+ fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_ADD_GROUP, Prog,
|
|
|
|
|
- "adding group to /etc/gshadow",
|
|
|
|
|
+ audit_logger (AUDIT_GRP_MGMT, Prog,
|
|
|
|
|
+ "add-shadow-group",
|
2023-08-16 08:55:53 +00:00
|
|
|
group_name, group_id, SHADOW_AUDIT_SUCCESS);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
2023-08-16 08:55:53 +00:00
|
|
|
SYSLOG ((LOG_INFO, "group added to %s: name=%s",
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -299,10 +308,6 @@ static void close_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif /* SHADOWGRP */
|
|
|
|
|
|
|
|
|
|
/* Report success at the system level */
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_ADD_GROUP, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- "", group_name, group_id, SHADOW_AUDIT_SUCCESS);
|
2014-10-17 15:03:29 +00:00
|
|
|
-#endif
|
|
|
|
|
SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u",
|
|
|
|
|
group_name, (unsigned int) group_id));
|
|
|
|
|
del_cleanup (cleanup_report_add_group);
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -320,7 +325,7 @@ static void open_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: cannot lock %s; try again later.\n"),
|
|
|
|
|
Prog, gr_dbname ());
|
|
|
|
|
- exit (E_GRP_UPDATE);
|
|
|
|
|
+ fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
add_cleanup (cleanup_unlock_group, NULL);
|
|
|
|
|
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -330,7 +335,7 @@ static void open_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: cannot lock %s; try again later.\n"),
|
|
|
|
|
Prog, sgr_dbname ());
|
|
|
|
|
- exit (E_GRP_UPDATE);
|
|
|
|
|
+ fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
add_cleanup (cleanup_unlock_gshadow, NULL);
|
|
|
|
|
}
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -346,7 +351,7 @@ static void open_files (void)
|
2016-08-23 14:06:06 +00:00
|
|
|
if (gr_open (O_CREAT | O_RDWR) == 0) {
|
2024-04-03 07:49:58 +00:00
|
|
|
fprintf (stderr, _("%s: cannot open %s: %s\n"), Prog, gr_dbname (), strerror(errno));
|
|
|
|
|
SYSLOG ((LOG_WARN, "cannot open %s: %s", gr_dbname (), strerror(errno)));
|
2014-10-17 15:03:29 +00:00
|
|
|
- exit (E_GRP_UPDATE);
|
|
|
|
|
+ fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef SHADOWGRP
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -356,7 +361,7 @@ static void open_files (void)
|
|
|
|
|
_("%s: cannot open %s: %s\n"),
|
|
|
|
|
Prog, sgr_dbname (), strerror(errno));
|
|
|
|
|
SYSLOG ((LOG_WARN, "cannot open %s: %s", sgr_dbname (), strerror(errno)));
|
2014-10-17 15:03:29 +00:00
|
|
|
- exit (E_GRP_UPDATE);
|
|
|
|
|
+ fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif /* SHADOWGRP */
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -493,7 +498,7 @@ static void check_flags (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: group '%s' already exists\n"),
|
|
|
|
|
Prog, group_name);
|
|
|
|
|
- exit (E_NAME_IN_USE);
|
|
|
|
|
+ fail_exit (E_NAME_IN_USE);
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-28 13:25:08 +00:00
|
|
|
if (gflg && (prefix_getgrgid (group_id) != NULL)) {
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -512,7 +517,7 @@ static void check_flags (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: GID '%lu' already exists\n"),
|
2024-04-03 07:49:58 +00:00
|
|
|
Prog, (unsigned long) group_id);
|
2014-10-17 15:03:29 +00:00
|
|
|
- exit (E_GID_IN_USE);
|
|
|
|
|
+ fail_exit (E_GID_IN_USE);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -540,7 +545,7 @@ static void check_perms (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: Cannot determine your user name.\n"),
|
|
|
|
|
Prog);
|
|
|
|
|
- exit (1);
|
|
|
|
|
+ fail_exit (1);
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-03 07:49:58 +00:00
|
|
|
retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
|
|
|
|
|
@@ -560,7 +565,7 @@ static void check_perms (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
if (NULL != pamh) {
|
|
|
|
|
(void) pam_end (pamh, retval);
|
|
|
|
|
}
|
|
|
|
|
- exit (1);
|
|
|
|
|
+ fail_exit (1);
|
|
|
|
|
}
|
|
|
|
|
(void) pam_end (pamh, retval);
|
|
|
|
|
#endif /* USE_PAM */
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -591,7 +596,7 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: Cannot setup cleanup service.\n"),
|
|
|
|
|
Prog);
|
|
|
|
|
- exit (1);
|
|
|
|
|
+ fail_exit (1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -618,7 +623,7 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
|
|
|
|
|
if (!gflg) {
|
|
|
|
|
if (find_new_gid (rflg, &group_id, NULL) < 0) {
|
|
|
|
|
- exit (E_GID_IN_USE);
|
|
|
|
|
+ fail_exit (E_GID_IN_USE);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-18 09:56:02 +00:00
|
|
|
diff -up shadow-4.15.1/src/groupdel.c.audit-update shadow-4.15.1/src/groupdel.c
|
|
|
|
|
--- shadow-4.15.1/src/groupdel.c.audit-update 2024-03-08 22:27:04.000000000 +0100
|
|
|
|
|
+++ shadow-4.15.1/src/groupdel.c 2024-05-20 11:52:05.640758536 +0200
|
2023-08-16 08:55:53 +00:00
|
|
|
@@ -87,6 +87,15 @@ usage (int status)
|
2014-10-17 15:03:29 +00:00
|
|
|
exit (status);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
+static void fail_exit(int status)
|
|
|
|
|
+{
|
|
|
|
|
+#ifdef WITH_AUDIT
|
|
|
|
|
+ audit_logger(AUDIT_GRP_MGMT, Prog, "delete-group", group_name,
|
|
|
|
|
+ AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
|
|
|
|
|
+#endif
|
|
|
|
|
+ exit (status);
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
/*
|
|
|
|
|
* grp_update - update group file entries
|
|
|
|
|
*
|
2023-08-16 08:55:53 +00:00
|
|
|
@@ -113,7 +122,7 @@ static void grp_update (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: cannot remove entry '%s' from %s\n"),
|
|
|
|
|
Prog, group_name, gr_dbname ());
|
|
|
|
|
- exit (E_GRP_UPDATE);
|
|
|
|
|
+ fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef SHADOWGRP
|
2023-08-16 08:55:53 +00:00
|
|
|
@@ -125,7 +134,7 @@ static void grp_update (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: cannot remove entry '%s' from %s\n"),
|
|
|
|
|
Prog, group_name, sgr_dbname ());
|
|
|
|
|
- exit (E_GRP_UPDATE);
|
|
|
|
|
+ fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif /* SHADOWGRP */
|
2023-08-16 08:55:53 +00:00
|
|
|
@@ -144,12 +153,12 @@ static void close_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: failure while writing changes to %s\n"),
|
|
|
|
|
Prog, gr_dbname ());
|
|
|
|
|
- exit (E_GRP_UPDATE);
|
|
|
|
|
+ fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_DEL_GROUP, Prog,
|
|
|
|
|
- "removing group from /etc/group",
|
|
|
|
|
+ "delete-group",
|
2023-08-16 08:55:53 +00:00
|
|
|
group_name, group_id, SHADOW_AUDIT_SUCCESS);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
2023-08-16 08:55:53 +00:00
|
|
|
SYSLOG ((LOG_INFO,
|
|
|
|
|
@@ -168,12 +177,12 @@ static void close_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: failure while writing changes to %s\n"),
|
|
|
|
|
Prog, sgr_dbname ());
|
|
|
|
|
- exit (E_GRP_UPDATE);
|
|
|
|
|
+ fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_DEL_GROUP, Prog,
|
|
|
|
|
- "removing group from /etc/gshadow",
|
|
|
|
|
+ audit_logger (AUDIT_GRP_MGMT, Prog,
|
|
|
|
|
+ "delete-shadow-group",
|
2023-08-16 08:55:53 +00:00
|
|
|
group_name, group_id, SHADOW_AUDIT_SUCCESS);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
2023-08-16 08:55:53 +00:00
|
|
|
SYSLOG ((LOG_INFO,
|
|
|
|
|
@@ -186,11 +195,6 @@ static void close_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
|
|
|
|
#endif /* SHADOWGRP */
|
|
|
|
|
|
|
|
|
|
- /* Report success at the system level */
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_DEL_GROUP, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- "", group_name, group_id, SHADOW_AUDIT_SUCCESS);
|
2014-10-17 15:03:29 +00:00
|
|
|
-#endif
|
|
|
|
|
SYSLOG ((LOG_INFO, "group '%s' removed\n", group_name));
|
|
|
|
|
del_cleanup (cleanup_report_del_group);
|
|
|
|
|
}
|
2023-08-16 08:55:53 +00:00
|
|
|
@@ -207,7 +211,7 @@ static void open_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: cannot lock %s; try again later.\n"),
|
|
|
|
|
Prog, gr_dbname ());
|
|
|
|
|
- exit (E_GRP_UPDATE);
|
|
|
|
|
+ fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
add_cleanup (cleanup_unlock_group, NULL);
|
|
|
|
|
#ifdef SHADOWGRP
|
2023-08-16 08:55:53 +00:00
|
|
|
@@ -216,7 +220,7 @@ static void open_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: cannot lock %s; try again later.\n"),
|
|
|
|
|
Prog, sgr_dbname ());
|
|
|
|
|
- exit (E_GRP_UPDATE);
|
|
|
|
|
+ fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
add_cleanup (cleanup_unlock_gshadow, NULL);
|
|
|
|
|
}
|
2023-08-16 08:55:53 +00:00
|
|
|
@@ -234,7 +238,7 @@ static void open_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
_("%s: cannot open %s\n"),
|
|
|
|
|
Prog, gr_dbname ());
|
|
|
|
|
SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
|
|
|
|
|
- exit (E_GRP_UPDATE);
|
|
|
|
|
+ fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
#ifdef SHADOWGRP
|
|
|
|
|
if (is_shadow_grp) {
|
2023-08-16 08:55:53 +00:00
|
|
|
@@ -243,7 +247,7 @@ static void open_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
_("%s: cannot open %s\n"),
|
|
|
|
|
Prog, sgr_dbname ());
|
|
|
|
|
SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ()));
|
|
|
|
|
- exit (E_GRP_UPDATE);
|
|
|
|
|
+ fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif /* SHADOWGRP */
|
2023-08-16 08:55:53 +00:00
|
|
|
@@ -284,7 +288,7 @@ static void group_busy (gid_t gid)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: cannot remove the primary group of user '%s'\n"),
|
|
|
|
|
Prog, pwd->pw_name);
|
|
|
|
|
- exit (E_GROUP_BUSY);
|
|
|
|
|
+ fail_exit (E_GROUP_BUSY);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -368,7 +372,7 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: Cannot setup cleanup service.\n"),
|
|
|
|
|
Prog);
|
|
|
|
|
- exit (1);
|
|
|
|
|
+ fail_exit (1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
process_flags (argc, argv);
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -382,7 +386,7 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: Cannot determine your user name.\n"),
|
|
|
|
|
Prog);
|
|
|
|
|
- exit (1);
|
|
|
|
|
+ fail_exit (1);
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-03 07:49:58 +00:00
|
|
|
retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
|
|
|
|
|
@@ -403,7 +407,7 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
if (NULL != pamh) {
|
|
|
|
|
(void) pam_end (pamh, retval);
|
|
|
|
|
}
|
|
|
|
|
- exit (1);
|
|
|
|
|
+ fail_exit (1);
|
|
|
|
|
}
|
|
|
|
|
(void) pam_end (pamh, retval);
|
|
|
|
|
#endif /* USE_PAM */
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -423,7 +427,7 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: group '%s' does not exist\n"),
|
|
|
|
|
Prog, group_name);
|
|
|
|
|
- exit (E_NOTFOUND);
|
|
|
|
|
+ fail_exit (E_NOTFOUND);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
group_id = grp->gr_gid;
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -447,7 +451,7 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
_("%s: %s is the NIS master\n"),
|
|
|
|
|
Prog, nis_master);
|
|
|
|
|
}
|
|
|
|
|
- exit (E_NOTFOUND);
|
|
|
|
|
+ fail_exit (E_NOTFOUND);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2024-06-18 09:56:02 +00:00
|
|
|
diff -up shadow-4.15.1/src/groupmod.c.audit-update shadow-4.15.1/src/groupmod.c
|
|
|
|
|
--- shadow-4.15.1/src/groupmod.c.audit-update 2024-03-08 22:27:04.000000000 +0100
|
|
|
|
|
+++ shadow-4.15.1/src/groupmod.c 2024-05-20 11:52:05.640758536 +0200
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -474,7 +474,7 @@ static void close_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
|
|
+ audit_logger (AUDIT_GRP_MGMT, Prog,
|
|
|
|
|
info_group.audit_msg,
|
|
|
|
|
group_name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -497,7 +497,14 @@ static void close_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_ACCT, Prog,
|
2019-06-07 12:40:46 +00:00
|
|
|
+ /* If both happened, log password change as its more important */
|
|
|
|
|
+ if (pflg)
|
|
|
|
|
+ audit_logger (AUDIT_GRP_CHAUTHTOK, Prog,
|
|
|
|
|
+ info_gshadow.audit_msg,
|
|
|
|
|
+ group_name, AUDIT_NO_ID,
|
|
|
|
|
+ SHADOW_AUDIT_SUCCESS);
|
|
|
|
|
+ else
|
|
|
|
|
+ audit_logger (AUDIT_GRP_MGMT, Prog,
|
2014-10-17 15:03:29 +00:00
|
|
|
info_gshadow.audit_msg,
|
|
|
|
|
group_name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -520,7 +527,7 @@ static void close_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
|
|
+ audit_logger (AUDIT_GRP_MGMT, Prog,
|
|
|
|
|
info_passwd.audit_msg,
|
|
|
|
|
group_name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -535,8 +542,8 @@ static void close_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
|
|
- "modifying group",
|
|
|
|
|
+ audit_logger (AUDIT_GRP_MGMT, Prog,
|
|
|
|
|
+ "modify-group",
|
|
|
|
|
group_name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
|
#endif
|
2024-06-18 09:56:02 +00:00
|
|
|
diff -up shadow-4.15.1/src/newgrp.c.audit-update shadow-4.15.1/src/newgrp.c
|
|
|
|
|
--- shadow-4.15.1/src/newgrp.c.audit-update 2024-03-08 22:27:04.000000000 +0100
|
|
|
|
|
+++ shadow-4.15.1/src/newgrp.c 2024-05-20 11:52:05.640758536 +0200
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -188,10 +188,10 @@ static void check_perms (const struct gr
|
|
|
|
|
if (grp->gr_passwd[0] == '\0' ||
|
2014-10-17 15:03:29 +00:00
|
|
|
strcmp (cpasswd, grp->gr_passwd) != 0) {
|
|
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(audit_buf, "authentication new-gid=%lu",
|
|
|
|
|
+ SNPRINTF(audit_buf, "authentication new_gid=%lu",
|
|
|
|
|
(unsigned long) grp->gr_gid);
|
2014-10-17 15:03:29 +00:00
|
|
|
audit_logger (AUDIT_GRP_AUTH, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- audit_buf, NULL, getuid (), 0);
|
|
|
|
|
+ audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
|
|
|
|
SYSLOG ((LOG_INFO,
|
|
|
|
|
"Invalid password for group '%s' from '%s'",
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -201,10 +201,10 @@ static void check_perms (const struct gr
|
|
|
|
|
goto failure;
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
|
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(audit_buf, "authentication new-gid=%lu",
|
|
|
|
|
+ SNPRINTF(audit_buf, "authentication new_gid=%lu",
|
|
|
|
|
(unsigned long) grp->gr_gid);
|
2014-10-17 15:03:29 +00:00
|
|
|
audit_logger (AUDIT_GRP_AUTH, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- audit_buf, NULL, getuid (), 1);
|
|
|
|
|
+ audit_buf, NULL, getuid (), SHADOW_AUDIT_SUCCESS);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -215,16 +215,6 @@ failure:
|
2014-10-17 15:03:29 +00:00
|
|
|
* harm. -- JWP
|
|
|
|
|
*/
|
|
|
|
|
closelog ();
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- if (groupname) {
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(audit_buf, "changing new-group=%s", groupname);
|
2014-10-17 15:03:29 +00:00
|
|
|
- audit_logger (AUDIT_CHGRP_ID, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- audit_buf, NULL, getuid (), 0);
|
2014-10-17 15:03:29 +00:00
|
|
|
- } else {
|
|
|
|
|
- audit_logger (AUDIT_CHGRP_ID, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- "changing", NULL, getuid (), 0);
|
2014-10-17 15:03:29 +00:00
|
|
|
- }
|
|
|
|
|
-#endif
|
|
|
|
|
exit (EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -298,13 +288,23 @@ static void syslog_sg (const char *name,
|
2014-10-17 15:03:29 +00:00
|
|
|
is_newgrp ? "newgrp" : "sg", strerror (errno));
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
if (group) {
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(audit_buf,
|
|
|
|
|
- "changing new-group=%s", group);
|
2014-10-17 15:03:29 +00:00
|
|
|
+ char enc_group[(GROUP_NAME_MAX_LENGTH*2)+1];
|
|
|
|
|
+ int len = strnlen(group, sizeof(enc_group)/2);
|
|
|
|
|
+ if (audit_value_needs_encoding(group, len)) {
|
|
|
|
|
+ snprintf (audit_buf, sizeof(audit_buf),
|
|
|
|
|
+ "changing new_group=%s",
|
|
|
|
|
+ audit_encode_value(enc_group,
|
|
|
|
|
+ group, len));
|
|
|
|
|
+ } else {
|
|
|
|
|
+ snprintf (audit_buf, sizeof(audit_buf),
|
|
|
|
|
+ "changing new_group=\"%s\"",
|
|
|
|
|
+ group);
|
|
|
|
|
+ }
|
|
|
|
|
audit_logger (AUDIT_CHGRP_ID, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- audit_buf, NULL, getuid (), 0);
|
|
|
|
|
+ audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
} else {
|
|
|
|
|
audit_logger (AUDIT_CHGRP_ID, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- "changing", NULL, getuid (), 0);
|
|
|
|
|
+ "changing", NULL, getuid (), SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
exit (EXIT_FAILURE);
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -440,7 +440,7 @@ int main (int argc, char **argv)
|
2023-08-16 08:55:53 +00:00
|
|
|
Prog);
|
2014-10-17 15:03:29 +00:00
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_CHGRP_ID, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- "changing", NULL, getuid (), 0);
|
|
|
|
|
+ "changing", NULL, getuid (), SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
|
|
|
|
SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)",
|
|
|
|
|
(unsigned long) getuid ()));
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -556,12 +556,22 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
perror ("getgroups");
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
if (group) {
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(audit_buf, "changing new-group=%s", group);
|
2014-10-17 15:03:29 +00:00
|
|
|
+ char enc_group[(GROUP_NAME_MAX_LENGTH*2)+1];
|
|
|
|
|
+ int len = strnlen(group, sizeof(enc_group)/2);
|
|
|
|
|
+ if (audit_value_needs_encoding(group, len)) {
|
|
|
|
|
+ snprintf (audit_buf, sizeof(audit_buf),
|
|
|
|
|
+ "changing new_group=%s",
|
|
|
|
|
+ audit_encode_value(enc_group,
|
|
|
|
|
+ group, len));
|
|
|
|
|
+ } else {
|
|
|
|
|
+ snprintf (audit_buf, sizeof(audit_buf),
|
|
|
|
|
+ "changing new_group=\"%s\"", group);
|
|
|
|
|
+ }
|
|
|
|
|
audit_logger (AUDIT_CHGRP_ID, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- audit_buf, NULL, getuid (), 0);
|
|
|
|
|
+ audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
} else {
|
|
|
|
|
audit_logger (AUDIT_CHGRP_ID, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- "changing", NULL, getuid (), 0);
|
|
|
|
|
+ "changing", NULL, getuid (), SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
exit (EXIT_FAILURE);
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -715,9 +725,9 @@ int main (int argc, char **argv)
|
|
|
|
|
if (setgid (gid) != 0) {
|
2014-10-17 15:03:29 +00:00
|
|
|
perror ("setgid");
|
|
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
|
|
|
|
|
+ SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid);
|
2014-10-17 15:03:29 +00:00
|
|
|
audit_logger (AUDIT_CHGRP_ID, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- audit_buf, NULL, getuid (), 0);
|
|
|
|
|
+ audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
|
|
|
|
exit (EXIT_FAILURE);
|
|
|
|
|
}
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -725,9 +735,9 @@ int main (int argc, char **argv)
|
|
|
|
|
if (setuid (getuid ()) != 0) {
|
2014-10-17 15:03:29 +00:00
|
|
|
perror ("setuid");
|
|
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
|
|
|
|
|
+ SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid);
|
2014-10-17 15:03:29 +00:00
|
|
|
audit_logger (AUDIT_CHGRP_ID, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- audit_buf, NULL, getuid (), 0);
|
|
|
|
|
+ audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
|
|
|
|
exit (EXIT_FAILURE);
|
|
|
|
|
}
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -740,9 +750,9 @@ int main (int argc, char **argv)
|
|
|
|
|
closelog ();
|
2023-08-16 08:55:53 +00:00
|
|
|
execl (SHELL, "sh", "-c", command, (char *) NULL);
|
2014-10-17 15:03:29 +00:00
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
|
|
|
|
|
+ SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid);
|
2014-10-17 15:03:29 +00:00
|
|
|
audit_logger (AUDIT_CHGRP_ID, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- audit_buf, NULL, getuid (), 0);
|
|
|
|
|
+ audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
|
|
|
|
perror (SHELL);
|
|
|
|
|
exit ((errno == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -806,9 +816,9 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef WITH_AUDIT
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
|
|
|
|
|
+ SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid);
|
2014-10-17 15:03:29 +00:00
|
|
|
audit_logger (AUDIT_CHGRP_ID, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- audit_buf, NULL, getuid (), 1);
|
|
|
|
|
+ audit_buf, NULL, getuid (), SHADOW_AUDIT_SUCCESS);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
|
|
|
|
/*
|
|
|
|
|
* Exec the login shell and go away. We are trying to get back to
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -832,12 +842,22 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
closelog ();
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
if (NULL != group) {
|
2024-04-03 07:49:58 +00:00
|
|
|
- SNPRINTF(audit_buf, "changing new-group=%s", group);
|
2014-10-17 15:03:29 +00:00
|
|
|
+ char enc_group[(GROUP_NAME_MAX_LENGTH*2)+1];
|
|
|
|
|
+ int len = strnlen(group, sizeof(enc_group)/2);
|
|
|
|
|
+ if (audit_value_needs_encoding(group, len)) {
|
|
|
|
|
+ snprintf (audit_buf, sizeof(audit_buf),
|
|
|
|
|
+ "changing new_group=%s",
|
|
|
|
|
+ audit_encode_value(enc_group,
|
|
|
|
|
+ group, len));
|
|
|
|
|
+ } else {
|
|
|
|
|
+ snprintf (audit_buf, sizeof(audit_buf),
|
|
|
|
|
+ "changing new_group=\"%s\"", group);
|
|
|
|
|
+ }
|
2022-01-26 08:29:37 +00:00
|
|
|
audit_logger (AUDIT_CHGRP_ID, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- audit_buf, NULL, getuid (), 0);
|
|
|
|
|
+ audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
} else {
|
|
|
|
|
audit_logger (AUDIT_CHGRP_ID, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- "changing", NULL, getuid (), 0);
|
|
|
|
|
+ "changing", NULL, getuid (), SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
exit (EXIT_FAILURE);
|
2024-06-18 09:56:02 +00:00
|
|
|
diff -up shadow-4.15.1/src/useradd.c.audit-update shadow-4.15.1/src/useradd.c
|
|
|
|
|
--- shadow-4.15.1/src/useradd.c.audit-update 2024-05-20 11:52:05.635758519 +0200
|
|
|
|
|
+++ shadow-4.15.1/src/useradd.c 2024-05-20 11:52:05.640758536 +0200
|
|
|
|
|
@@ -245,6 +245,8 @@ static FILE *fmkstemp(char *template);
|
2014-10-17 15:03:29 +00:00
|
|
|
*/
|
|
|
|
|
static void fail_exit (int code)
|
|
|
|
|
{
|
|
|
|
|
+ int type;
|
|
|
|
|
+
|
2023-08-16 08:55:53 +00:00
|
|
|
if (home_added && rmdir(prefix_user_home) != 0) {
|
|
|
|
|
fprintf(stderr,
|
|
|
|
|
_("%s: %s was created, but could not be removed\n"),
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -255,38 +257,22 @@ static void fail_exit (int code)
|
2023-08-16 08:55:53 +00:00
|
|
|
if (spw_locked && spw_unlock() == 0) {
|
|
|
|
|
fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname());
|
|
|
|
|
SYSLOG((LOG_ERR, "failed to unlock %s", spw_dbname()));
|
2014-10-17 15:03:29 +00:00
|
|
|
-#ifdef WITH_AUDIT
|
2023-08-16 08:55:53 +00:00
|
|
|
- audit_logger(AUDIT_ADD_USER, Prog, "unlocking shadow file",
|
|
|
|
|
- user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
-#endif
|
2023-08-16 08:55:53 +00:00
|
|
|
/* continue */
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
2023-08-16 08:55:53 +00:00
|
|
|
if (pw_locked && pw_unlock() == 0) {
|
|
|
|
|
fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname());
|
|
|
|
|
SYSLOG((LOG_ERR, "failed to unlock %s", pw_dbname()));
|
2014-10-17 15:03:29 +00:00
|
|
|
-#ifdef WITH_AUDIT
|
2023-08-16 08:55:53 +00:00
|
|
|
- audit_logger(AUDIT_ADD_USER, Prog, "unlocking passwd file",
|
|
|
|
|
- user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
-#endif
|
2023-08-16 08:55:53 +00:00
|
|
|
/* continue */
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
2023-08-16 08:55:53 +00:00
|
|
|
if (gr_locked && gr_unlock() == 0) {
|
|
|
|
|
fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname());
|
|
|
|
|
SYSLOG((LOG_ERR, "failed to unlock %s", gr_dbname()));
|
2014-10-17 15:03:29 +00:00
|
|
|
-#ifdef WITH_AUDIT
|
2023-08-16 08:55:53 +00:00
|
|
|
- audit_logger(AUDIT_ADD_USER, Prog, "unlocking group file",
|
|
|
|
|
- user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
-#endif
|
2023-08-16 08:55:53 +00:00
|
|
|
/* continue */
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
2023-08-16 08:55:53 +00:00
|
|
|
#ifdef SHADOWGRP
|
|
|
|
|
if (sgr_locked && sgr_unlock() == 0) {
|
|
|
|
|
fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname());
|
|
|
|
|
SYSLOG((LOG_ERR, "failed to unlock %s", sgr_dbname()));
|
|
|
|
|
-# ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger(AUDIT_ADD_USER, Prog, "unlocking gshadow file",
|
|
|
|
|
- user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
|
|
|
|
|
-# endif
|
|
|
|
|
/* continue */
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -294,27 +280,23 @@ static void fail_exit (int code)
|
2023-08-16 08:55:53 +00:00
|
|
|
if (sub_uid_locked && sub_uid_unlock() == 0) {
|
|
|
|
|
fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname());
|
|
|
|
|
SYSLOG((LOG_ERR, "failed to unlock %s", sub_uid_dbname()));
|
|
|
|
|
-# ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger(AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "unlocking subordinate user file",
|
|
|
|
|
- user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
|
|
|
|
|
-# endif
|
|
|
|
|
/* continue */
|
|
|
|
|
}
|
|
|
|
|
if (sub_gid_locked && sub_gid_unlock() == 0) {
|
|
|
|
|
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname());
|
|
|
|
|
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname()));
|
|
|
|
|
-# ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger(AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "unlocking subordinate group file",
|
|
|
|
|
- user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
|
|
|
|
|
-# endif
|
|
|
|
|
/* continue */
|
|
|
|
|
}
|
|
|
|
|
#endif /* ENABLE_SUBIDS */
|
2014-10-17 15:03:29 +00:00
|
|
|
|
|
|
|
|
#ifdef WITH_AUDIT
|
2023-08-16 08:55:53 +00:00
|
|
|
- audit_logger(AUDIT_ADD_USER, Prog, "adding user",
|
2014-10-17 15:03:29 +00:00
|
|
|
+ if (code == E_PW_UPDATE || code >= E_GRP_UPDATE)
|
|
|
|
|
+ type = AUDIT_USER_MGMT;
|
|
|
|
|
+ else
|
|
|
|
|
+ type = AUDIT_ADD_USER;
|
|
|
|
|
+
|
|
|
|
|
+ audit_logger (type, Prog,
|
|
|
|
|
+ "add-user",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
2023-08-16 08:55:53 +00:00
|
|
|
SYSLOG((LOG_INFO, "failed adding user '%s', exit code: %d", user_name, code));
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -727,7 +709,7 @@ static int set_defaults (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_USYS_CONFIG, Prog,
|
|
|
|
|
- "changing useradd defaults",
|
|
|
|
|
+ "changing-useradd-defaults",
|
|
|
|
|
NULL, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
|
#endif
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -1056,12 +1038,6 @@ static void grp_update (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
_("%s: Out of memory. Cannot update %s.\n"),
|
|
|
|
|
Prog, gr_dbname ());
|
|
|
|
|
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name));
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "adding user to group",
|
|
|
|
|
- user_name, AUDIT_NO_ID,
|
|
|
|
|
- SHADOW_AUDIT_FAILURE);
|
|
|
|
|
-#endif
|
|
|
|
|
fail_exit (E_GRP_UPDATE); /* XXX */
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -1075,18 +1051,12 @@ static void grp_update (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
_("%s: failed to prepare the new %s entry '%s'\n"),
|
|
|
|
|
Prog, gr_dbname (), ngrp->gr_name);
|
|
|
|
|
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name));
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "adding user to group",
|
|
|
|
|
- user_name, AUDIT_NO_ID,
|
|
|
|
|
- SHADOW_AUDIT_FAILURE);
|
|
|
|
|
-#endif
|
|
|
|
|
fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "adding user to group",
|
|
|
|
|
- user_name, AUDIT_NO_ID,
|
|
|
|
|
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "add-user-to-group",
|
|
|
|
|
+ user_name, AUDIT_NO_ID, ngrp->gr_name,
|
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
|
#endif
|
|
|
|
|
SYSLOG ((LOG_INFO,
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -1131,12 +1101,6 @@ static void grp_update (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
_("%s: Out of memory. Cannot update %s.\n"),
|
|
|
|
|
Prog, sgr_dbname ());
|
|
|
|
|
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name));
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "adding user to shadow group",
|
|
|
|
|
- user_name, AUDIT_NO_ID,
|
|
|
|
|
- SHADOW_AUDIT_FAILURE);
|
|
|
|
|
-#endif
|
|
|
|
|
fail_exit (E_GRP_UPDATE); /* XXX */
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -1150,18 +1114,13 @@ static void grp_update (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
_("%s: failed to prepare the new %s entry '%s'\n"),
|
|
|
|
|
Prog, sgr_dbname (), nsgrp->sg_name);
|
|
|
|
|
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name));
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "adding user to shadow group",
|
|
|
|
|
- user_name, AUDIT_NO_ID,
|
|
|
|
|
- SHADOW_AUDIT_FAILURE);
|
|
|
|
|
-#endif
|
|
|
|
|
+
|
|
|
|
|
fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "adding user to shadow group",
|
|
|
|
|
- user_name, AUDIT_NO_ID,
|
|
|
|
|
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "add-to-shadow-group",
|
|
|
|
|
+ user_name, AUDIT_NO_ID, nsgrp->sg_name,
|
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
|
#endif
|
|
|
|
|
SYSLOG ((LOG_INFO,
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -1556,7 +1515,7 @@ static void process_flags (int argc, cha
|
2014-10-17 15:03:29 +00:00
|
|
|
Prog, user_name);
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "adding user",
|
|
|
|
|
+ "add-user",
|
|
|
|
|
user_name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -1656,7 +1615,7 @@ static void close_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "unlocking shadow file",
|
|
|
|
|
+ "unlocking-shadow-file",
|
|
|
|
|
user_name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -1669,7 +1628,7 @@ static void close_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "unlocking passwd file",
|
|
|
|
|
+ "unlocking-passwd-file",
|
|
|
|
|
user_name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -1686,7 +1645,7 @@ static void close_files (void)
|
2014-11-26 14:58:28 +00:00
|
|
|
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "unlocking subordinate user file",
|
|
|
|
|
+ "unlocking-subordinate-user-file",
|
|
|
|
|
user_name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -1700,7 +1659,7 @@ static void close_files (void)
|
2014-11-26 14:58:28 +00:00
|
|
|
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "unlocking subordinate group file",
|
|
|
|
|
+ "unlocking-subordinate-group-file",
|
|
|
|
|
user_name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -1963,7 +1922,7 @@ static void grp_add (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
Prog, gr_dbname (), grp.gr_name);
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_ADD_GROUP, Prog,
|
|
|
|
|
- "adding group",
|
|
|
|
|
+ "add-group",
|
|
|
|
|
grp.gr_name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -1979,7 +1938,7 @@ static void grp_add (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
Prog, sgr_dbname (), sgrp.sg_name);
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_ADD_GROUP, Prog,
|
|
|
|
|
- "adding group",
|
|
|
|
|
+ "add-group",
|
|
|
|
|
grp.gr_name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -1989,7 +1948,7 @@ static void grp_add (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", user_name, user_gid));
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_ADD_GROUP, Prog,
|
|
|
|
|
- "adding group",
|
|
|
|
|
+ "add-group",
|
|
|
|
|
grp.gr_name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
|
#endif
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -2191,11 +2150,6 @@ static void usr_update (unsigned long su
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: failed to prepare the new %s entry '%s'\n"),
|
|
|
|
|
Prog, spw_dbname (), spent.sp_namp);
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "adding shadow password",
|
2023-08-16 08:55:53 +00:00
|
|
|
- user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
-#endif
|
|
|
|
|
fail_exit (E_PW_UPDATE);
|
|
|
|
|
}
|
2014-11-26 14:58:28 +00:00
|
|
|
#ifdef ENABLE_SUBIDS
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -2222,7 +2176,7 @@ static void usr_update (unsigned long su
|
2023-08-16 08:55:53 +00:00
|
|
|
* and we can use the real ID thereafter.
|
|
|
|
|
*/
|
2014-10-17 15:03:29 +00:00
|
|
|
audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "adding user",
|
|
|
|
|
+ "add-user",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, AUDIT_NO_ID,
|
2014-10-17 15:03:29 +00:00
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
|
#endif
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -2317,10 +2271,6 @@ static void create_home (void)
|
2023-08-16 08:55:53 +00:00
|
|
|
if (mkdir(path, 0) != 0) {
|
|
|
|
|
fprintf(stderr, _("%s: cannot create directory %s\n"),
|
|
|
|
|
Prog, path);
|
2014-10-17 15:03:29 +00:00
|
|
|
-#ifdef WITH_AUDIT
|
2023-08-16 08:55:53 +00:00
|
|
|
- audit_logger(AUDIT_ADD_USER, Prog, "adding home directory",
|
|
|
|
|
- user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
-#endif
|
2023-08-16 08:55:53 +00:00
|
|
|
fail_exit(E_HOMEDIR);
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
2023-08-16 08:55:53 +00:00
|
|
|
if (chown(path, 0, 0) < 0) {
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -2345,7 +2295,7 @@ static void create_home (void)
|
2023-08-16 08:55:53 +00:00
|
|
|
}
|
|
|
|
|
home_added = true;
|
2014-10-17 15:03:29 +00:00
|
|
|
#ifdef WITH_AUDIT
|
2023-08-16 08:55:53 +00:00
|
|
|
- audit_logger(AUDIT_ADD_USER, Prog, "adding home directory",
|
|
|
|
|
+ audit_logger(AUDIT_USER_MGMT, Prog, "add-home-dir",
|
|
|
|
|
user_name, user_id, SHADOW_AUDIT_SUCCESS);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
2023-08-16 08:55:53 +00:00
|
|
|
#ifdef WITH_SELINUX
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -2586,12 +2536,6 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
*/
|
2018-05-28 13:25:08 +00:00
|
|
|
if (prefix_getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name);
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "adding user",
|
|
|
|
|
- user_name, AUDIT_NO_ID,
|
|
|
|
|
- SHADOW_AUDIT_FAILURE);
|
|
|
|
|
-#endif
|
|
|
|
|
fail_exit (E_NAME_IN_USE);
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -2607,12 +2551,6 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: group %s exists - if you want to add this user to that group, use -g.\n"),
|
|
|
|
|
Prog, user_name);
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "adding group",
|
|
|
|
|
- user_name, AUDIT_NO_ID,
|
|
|
|
|
- SHADOW_AUDIT_FAILURE);
|
|
|
|
|
-#endif
|
|
|
|
|
fail_exit (E_NAME_IN_USE);
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -2642,12 +2580,6 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: UID %lu is not unique\n"),
|
|
|
|
|
Prog, (unsigned long) user_id);
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "adding user",
|
2023-08-16 08:55:53 +00:00
|
|
|
- user_name, user_id,
|
2014-10-17 15:03:29 +00:00
|
|
|
- SHADOW_AUDIT_FAILURE);
|
|
|
|
|
-#endif
|
|
|
|
|
fail_exit (E_UID_IN_USE);
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -2722,9 +2654,9 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
|
|
|
|
Prog, user_name, user_selinux);
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "adding SELinux user mapping",
|
2023-08-16 08:55:53 +00:00
|
|
|
- user_name, user_id, 0);
|
2014-10-17 15:03:29 +00:00
|
|
|
+ audit_logger (AUDIT_ROLE_ASSIGN, Prog,
|
|
|
|
|
+ "add-selinux-user-mapping",
|
2023-08-16 08:55:53 +00:00
|
|
|
+ user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif /* WITH_AUDIT */
|
2021-08-04 08:14:14 +00:00
|
|
|
fail_exit (E_SE_UPDATE);
|
|
|
|
|
}
|
2024-06-18 09:56:02 +00:00
|
|
|
diff -up shadow-4.15.1/src/userdel.c.audit-update shadow-4.15.1/src/userdel.c
|
|
|
|
|
--- shadow-4.15.1/src/userdel.c.audit-update 2024-03-08 22:27:04.000000000 +0100
|
|
|
|
|
+++ shadow-4.15.1/src/userdel.c 2024-05-20 11:52:05.641758539 +0200
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -206,9 +206,9 @@ static void update_groups (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
* Update the DBM group file with the new entry as well.
|
|
|
|
|
*/
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "deleting user from group",
|
2023-08-16 08:55:53 +00:00
|
|
|
- user_name, user_id, SHADOW_AUDIT_SUCCESS);
|
2014-10-17 15:03:29 +00:00
|
|
|
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "deleting-user-from-group",
|
2023-08-16 08:55:53 +00:00
|
|
|
+ user_name, user_id, ngrp->gr_name, SHADOW_AUDIT_SUCCESS);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif /* WITH_AUDIT */
|
|
|
|
|
SYSLOG ((LOG_INFO, "delete '%s' from group '%s'\n",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, ngrp->gr_name));
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -267,9 +267,9 @@ static void update_groups (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "deleting user from shadow group",
|
2023-08-16 08:55:53 +00:00
|
|
|
- user_name, user_id, SHADOW_AUDIT_SUCCESS);
|
2014-10-17 15:03:29 +00:00
|
|
|
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "deleting-user-from-shadow-group",
|
2023-08-16 08:55:53 +00:00
|
|
|
+ user_name, user_id, nsgrp->sg_name, SHADOW_AUDIT_SUCCESS);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif /* WITH_AUDIT */
|
|
|
|
|
SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'\n",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, nsgrp->sg_name));
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -345,9 +345,9 @@ static void remove_usergroup (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_DEL_GROUP, Prog,
|
|
|
|
|
- "deleting group",
|
|
|
|
|
- user_name, AUDIT_NO_ID,
|
|
|
|
|
+ audit_logger_with_group (AUDIT_DEL_GROUP, Prog,
|
|
|
|
|
+ "delete-group",
|
|
|
|
|
+ user_name, AUDIT_NO_ID, user_name,
|
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
|
#endif /* WITH_AUDIT */
|
|
|
|
|
SYSLOG ((LOG_INFO,
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -363,9 +363,9 @@ static void remove_usergroup (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_DEL_GROUP, Prog,
|
|
|
|
|
- "deleting shadow group",
|
|
|
|
|
- user_name, AUDIT_NO_ID,
|
|
|
|
|
+ audit_logger_with_group (AUDIT_GRP_MGMT, Prog,
|
|
|
|
|
+ "delete-shadow-group",
|
|
|
|
|
+ user_name, AUDIT_NO_ID, user_name,
|
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
|
#endif /* WITH_AUDIT */
|
|
|
|
|
SYSLOG ((LOG_INFO,
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -527,7 +527,7 @@ static void fail_exit (int code)
|
2014-10-17 15:03:29 +00:00
|
|
|
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "deleting user",
|
|
|
|
|
+ "delete-user",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif /* WITH_AUDIT */
|
2023-08-16 08:55:53 +00:00
|
|
|
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -546,22 +546,12 @@ static void open_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: cannot lock %s; try again later.\n"),
|
|
|
|
|
Prog, pw_dbname ());
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "locking password file",
|
2023-08-16 08:55:53 +00:00
|
|
|
- user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
-#endif /* WITH_AUDIT */
|
|
|
|
|
fail_exit (E_PW_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
pw_locked = true;
|
2016-08-23 14:06:06 +00:00
|
|
|
if (pw_open (O_CREAT | O_RDWR) == 0) {
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: cannot open %s\n"), Prog, pw_dbname ());
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "opening password file",
|
2023-08-16 08:55:53 +00:00
|
|
|
- user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
-#endif /* WITH_AUDIT */
|
|
|
|
|
fail_exit (E_PW_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
if (is_shadow_pwd) {
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -569,11 +559,6 @@ static void open_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: cannot lock %s; try again later.\n"),
|
|
|
|
|
Prog, spw_dbname ());
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "locking shadow password file",
|
2023-08-16 08:55:53 +00:00
|
|
|
- user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
-#endif /* WITH_AUDIT */
|
|
|
|
|
fail_exit (E_PW_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
spw_locked = true;
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -581,11 +566,6 @@ static void open_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: cannot open %s\n"),
|
|
|
|
|
Prog, spw_dbname ());
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "opening shadow password file",
|
2023-08-16 08:55:53 +00:00
|
|
|
- user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
-#endif /* WITH_AUDIT */
|
|
|
|
|
fail_exit (E_PW_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -593,21 +573,11 @@ static void open_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: cannot lock %s; try again later.\n"),
|
|
|
|
|
Prog, gr_dbname ());
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "locking group file",
|
2023-08-16 08:55:53 +00:00
|
|
|
- user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
-#endif /* WITH_AUDIT */
|
|
|
|
|
fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
gr_locked = true;
|
2016-08-23 14:06:06 +00:00
|
|
|
if (gr_open (O_CREAT | O_RDWR) == 0) {
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "opening group file",
|
2023-08-16 08:55:53 +00:00
|
|
|
- user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
-#endif /* WITH_AUDIT */
|
|
|
|
|
fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
#ifdef SHADOWGRP
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -616,22 +586,12 @@ static void open_files (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: cannot lock %s; try again later.\n"),
|
|
|
|
|
Prog, sgr_dbname ());
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "locking shadow group file",
|
2023-08-16 08:55:53 +00:00
|
|
|
- user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
-#endif /* WITH_AUDIT */
|
|
|
|
|
fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
sgr_locked= true;
|
2016-08-23 14:06:06 +00:00
|
|
|
if (sgr_open (O_CREAT | O_RDWR) == 0) {
|
2014-10-17 15:03:29 +00:00
|
|
|
fprintf (stderr, _("%s: cannot open %s\n"),
|
|
|
|
|
Prog, sgr_dbname ());
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "opening shadow group file",
|
2023-08-16 08:55:53 +00:00
|
|
|
- user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
-#endif /* WITH_AUDIT */
|
|
|
|
|
fail_exit (E_GRP_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -642,22 +602,12 @@ static void open_files (void)
|
2014-11-26 14:58:28 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: cannot lock %s; try again later.\n"),
|
|
|
|
|
Prog, sub_uid_dbname ());
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "locking subordinate user file",
|
2023-08-16 08:55:53 +00:00
|
|
|
- user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-11-26 14:58:28 +00:00
|
|
|
-#endif /* WITH_AUDIT */
|
|
|
|
|
fail_exit (E_SUB_UID_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
sub_uid_locked = true;
|
2016-08-23 14:06:06 +00:00
|
|
|
if (sub_uid_open (O_CREAT | O_RDWR) == 0) {
|
2014-11-26 14:58:28 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: cannot open %s\n"), Prog, sub_uid_dbname ());
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "opening subordinate user file",
|
2023-08-16 08:55:53 +00:00
|
|
|
- user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-11-26 14:58:28 +00:00
|
|
|
-#endif /* WITH_AUDIT */
|
|
|
|
|
fail_exit (E_SUB_UID_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -666,22 +616,12 @@ static void open_files (void)
|
2014-11-26 14:58:28 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: cannot lock %s; try again later.\n"),
|
|
|
|
|
Prog, sub_gid_dbname ());
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "locking subordinate group file",
|
2023-08-16 08:55:53 +00:00
|
|
|
- user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-11-26 14:58:28 +00:00
|
|
|
-#endif /* WITH_AUDIT */
|
|
|
|
|
fail_exit (E_SUB_GID_UPDATE);
|
|
|
|
|
}
|
|
|
|
|
sub_gid_locked = true;
|
2016-08-23 14:06:06 +00:00
|
|
|
if (sub_gid_open (O_CREAT | O_RDWR) == 0) {
|
2014-11-26 14:58:28 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: cannot open %s\n"), Prog, sub_gid_dbname ());
|
|
|
|
|
-#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "opening subordinate group file",
|
2023-08-16 08:55:53 +00:00
|
|
|
- user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-11-26 14:58:28 +00:00
|
|
|
-#endif /* WITH_AUDIT */
|
|
|
|
|
fail_exit (E_SUB_GID_UPDATE);
|
|
|
|
|
}
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -726,7 +666,7 @@ static void update_user (void)
|
2014-11-26 14:58:28 +00:00
|
|
|
#endif /* ENABLE_SUBIDS */
|
2014-10-17 15:03:29 +00:00
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "deleting user entries",
|
|
|
|
|
+ "delete-user",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, user_id, SHADOW_AUDIT_SUCCESS);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif /* WITH_AUDIT */
|
2023-08-16 08:55:53 +00:00
|
|
|
SYSLOG ((LOG_INFO, "delete user '%s'\n", user_name));
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -824,7 +764,7 @@ static int remove_mailbox (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno)));
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "deleting mail file",
|
|
|
|
|
+ "delete-mail-file",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif /* WITH_AUDIT */
|
2023-08-16 08:55:53 +00:00
|
|
|
free(mailfile);
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -840,7 +780,7 @@ static int remove_mailbox (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno)));
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "deleting mail file",
|
|
|
|
|
+ "delete-mail-file",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif /* WITH_AUDIT */
|
2023-08-16 08:55:53 +00:00
|
|
|
errors = 1;
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -849,8 +789,8 @@ static int remove_mailbox (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "deleting mail file",
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "delete-mail-file",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, user_id, SHADOW_AUDIT_SUCCESS);
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
2023-08-16 08:55:53 +00:00
|
|
|
#endif /* WITH_AUDIT */
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -867,7 +807,7 @@ static int remove_mailbox (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
mailfile, strerror (errno)));
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "deleting mail file",
|
|
|
|
|
+ "delete-mail-file",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif /* WITH_AUDIT */
|
2023-08-16 08:55:53 +00:00
|
|
|
free(mailfile);
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -883,7 +823,7 @@ static int remove_mailbox (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno)));
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "deleting mail file",
|
|
|
|
|
+ "delete-mail-file",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif /* WITH_AUDIT */
|
2023-08-16 08:55:53 +00:00
|
|
|
errors = 1;
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -892,8 +832,8 @@ static int remove_mailbox (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "deleting mail file",
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "delete-mail-file",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, user_id, SHADOW_AUDIT_SUCCESS);
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
2023-08-16 08:55:53 +00:00
|
|
|
#endif /* WITH_AUDIT */
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -1104,7 +1044,7 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
Prog, user_name);
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "deleting user not found",
|
|
|
|
|
+ "deleting-user-not-found",
|
|
|
|
|
user_name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif /* WITH_AUDIT */
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -1154,7 +1094,7 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
if (!fflg) {
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "deleting user logged in",
|
|
|
|
|
+ "deleting-user-logged-in",
|
|
|
|
|
user_name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif /* WITH_AUDIT */
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -1248,8 +1188,8 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
- audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "deleting home directory",
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "deleting-home-directory",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, user_id, SHADOW_AUDIT_SUCCESS);
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
2023-08-16 08:55:53 +00:00
|
|
|
#endif /* WITH_AUDIT */
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -1257,7 +1197,7 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
if (0 != errors) {
|
|
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
|
- "deleting home directory",
|
|
|
|
|
+ "deleting-home-directory",
|
|
|
|
|
user_name, AUDIT_NO_ID,
|
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
}
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -1270,8 +1210,8 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
_("%s: warning: the user name %s to SELinux user mapping removal failed.\n"),
|
|
|
|
|
Prog, user_name);
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "removing SELinux user mapping",
|
|
|
|
|
+ audit_logger (AUDIT_ROLE_REMOVE, Prog,
|
|
|
|
|
+ "delete-selinux-user-mapping",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif /* WITH_AUDIT */
|
2023-08-16 08:55:53 +00:00
|
|
|
fail_exit (E_SE_UPDATE);
|
2024-06-18 09:56:02 +00:00
|
|
|
diff -up shadow-4.15.1/src/usermod.c.audit-update shadow-4.15.1/src/usermod.c
|
|
|
|
|
--- shadow-4.15.1/src/usermod.c.audit-update 2024-05-20 11:52:05.638758529 +0200
|
|
|
|
|
+++ shadow-4.15.1/src/usermod.c 2024-05-20 11:56:51.962509443 +0200
|
|
|
|
|
@@ -440,7 +440,7 @@ static char *new_pw_passwd (char *pw_pas
|
2014-10-17 15:03:29 +00:00
|
|
|
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- "updating passwd", user_newname, user_newid, 0);
|
|
|
|
|
+ "updating-passwd", user_newname, user_newid, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
|
|
|
|
SYSLOG ((LOG_INFO, "lock user '%s' password", user_newname));
|
|
|
|
|
strcpy (buf, "!");
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -457,14 +457,14 @@ static char *new_pw_passwd (char *pw_pas
|
2014-10-17 15:03:29 +00:00
|
|
|
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- "updating password", user_newname, user_newid, 0);
|
|
|
|
|
+ "updating-password", user_newname, user_newid, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
|
|
|
|
SYSLOG ((LOG_INFO, "unlock user '%s' password", user_newname));
|
2023-08-16 08:55:53 +00:00
|
|
|
memmove(pw_pass, pw_pass + 1, strlen(pw_pass));
|
2014-10-17 15:03:29 +00:00
|
|
|
} else if (pflg) {
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- "changing password", user_newname, user_newid, 1);
|
|
|
|
|
+ "updating-password", user_newname, user_newid, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
|
|
|
|
SYSLOG ((LOG_INFO, "change user '%s' password", user_newname));
|
2023-08-16 08:55:53 +00:00
|
|
|
pw_pass = xstrdup (user_pass);
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -492,8 +492,8 @@ static void new_pwent (struct passwd *pw
|
2014-10-17 15:03:29 +00:00
|
|
|
fail_exit (E_NAME_IN_USE);
|
|
|
|
|
}
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- "changing name", user_newname, user_newid, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
+ "changing-name", user_newname, user_newid, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
|
|
|
|
SYSLOG ((LOG_INFO,
|
2023-08-16 08:55:53 +00:00
|
|
|
"change user name '%s' to '%s'",
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -512,8 +512,8 @@ static void new_pwent (struct passwd *pw
|
2014-10-17 15:03:29 +00:00
|
|
|
|
|
|
|
|
if (uflg) {
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- "changing uid", user_newname, user_newid, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
+ "changing-uid", user_newname, user_newid, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
|
|
|
|
SYSLOG ((LOG_INFO,
|
2023-08-16 08:55:53 +00:00
|
|
|
"change user '%s' UID from '%d' to '%d'",
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -522,8 +522,8 @@ static void new_pwent (struct passwd *pw
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
|
|
|
|
if (gflg) {
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "changing primary group",
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "changing-primary-group",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_newname, user_newid, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
|
|
|
|
SYSLOG ((LOG_INFO,
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -533,16 +533,16 @@ static void new_pwent (struct passwd *pw
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
|
|
|
|
if (cflg) {
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
- "changing comment", user_newname, user_newid, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
2023-08-16 08:55:53 +00:00
|
|
|
+ "changing-comment", user_newname, user_newid, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
|
|
|
|
pwent->pw_gecos = user_newcomment;
|
2023-08-16 08:55:53 +00:00
|
|
|
}
|
2014-10-17 15:03:29 +00:00
|
|
|
|
|
|
|
|
if (dflg) {
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "changing home directory",
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "changing-home-dir",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_newname, user_newid, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
|
|
|
|
SYSLOG ((LOG_INFO,
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -558,8 +558,8 @@ static void new_pwent (struct passwd *pw
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
|
|
|
|
if (sflg) {
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "changing user shell",
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "changing-shell",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_newname, user_newid, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
|
|
|
|
SYSLOG ((LOG_INFO,
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -589,8 +589,8 @@ static void new_spent (struct spwd *spen
|
2014-10-17 15:03:29 +00:00
|
|
|
|
|
|
|
|
if (fflg) {
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "changing inactive days",
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "changing-inactive-days",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_newname, user_newid, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
|
|
|
|
SYSLOG ((LOG_INFO,
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -604,8 +604,8 @@ static void new_spent (struct spwd *spen
|
2022-01-26 08:29:37 +00:00
|
|
|
date_to_str (sizeof(new_exp), new_exp, user_newexpire * DAY);
|
|
|
|
|
date_to_str (sizeof(old_exp), old_exp, user_expire * DAY);
|
2014-10-17 15:03:29 +00:00
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "changing expiration date",
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "changing-expiration-date",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_newname, user_newid, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
|
|
|
|
SYSLOG ((LOG_INFO,
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -690,9 +690,9 @@ fail_exit (int code)
|
2014-11-26 14:58:28 +00:00
|
|
|
#endif /* ENABLE_SUBIDS */
|
2014-10-17 15:03:29 +00:00
|
|
|
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "modifying account",
|
|
|
|
|
- user_name, AUDIT_NO_ID, 0);
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "modify-account",
|
|
|
|
|
+ user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif
|
|
|
|
|
exit (code);
|
|
|
|
|
}
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -762,9 +762,12 @@ update_group(const struct group *grp)
|
|
|
|
|
user_newname);
|
2014-10-17 15:03:29 +00:00
|
|
|
changed = true;
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
2024-06-18 09:56:02 +00:00
|
|
|
- "changing group member",
|
|
|
|
|
- user_newname, AUDIT_NO_ID, 1);
|
|
|
|
|
+ audit_logger_with_group (
|
|
|
|
|
+ AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "update-member-in-group",
|
|
|
|
|
+ user_newname, AUDIT_NO_ID,
|
2014-10-17 15:03:29 +00:00
|
|
|
+ ngrp->gr_name,
|
|
|
|
|
+ SHADOW_AUDIT_SUCCESS);
|
|
|
|
|
#endif
|
|
|
|
|
SYSLOG ((LOG_INFO,
|
2024-06-18 09:56:02 +00:00
|
|
|
"change '%s' to '%s' in group '%s'",
|
|
|
|
|
@@ -778,9 +781,11 @@ update_group(const struct group *grp)
|
|
|
|
|
ngrp->gr_mem = del_list (ngrp->gr_mem, user_name);
|
2014-10-17 15:03:29 +00:00
|
|
|
changed = true;
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
2024-06-18 09:56:02 +00:00
|
|
|
- "removing group member",
|
|
|
|
|
- user_name, AUDIT_NO_ID, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
2024-06-18 09:56:02 +00:00
|
|
|
+ "delete-user-from-group",
|
2014-10-17 15:03:29 +00:00
|
|
|
+ user_name, AUDIT_NO_ID,
|
|
|
|
|
+ ngrp->gr_name,
|
|
|
|
|
+ SHADOW_AUDIT_SUCCESS);
|
|
|
|
|
#endif
|
2024-06-18 09:56:02 +00:00
|
|
|
SYSLOG ((LOG_INFO,
|
|
|
|
|
"delete '%s' from group '%s'",
|
|
|
|
|
@@ -793,9 +798,11 @@ update_group(const struct group *grp)
|
|
|
|
|
ngrp->gr_mem = add_list (ngrp->gr_mem, user_newname);
|
|
|
|
|
changed = true;
|
2014-10-17 15:03:29 +00:00
|
|
|
#ifdef WITH_AUDIT
|
2024-06-18 09:56:02 +00:00
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "adding user to group",
|
|
|
|
|
- user_name, AUDIT_NO_ID, 1);
|
|
|
|
|
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "add-user-to-group",
|
|
|
|
|
+ user_name, AUDIT_NO_ID,
|
|
|
|
|
+ ngrp->gr_name,
|
|
|
|
|
+ SHADOW_AUDIT_SUCCESS);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
2024-06-18 09:56:02 +00:00
|
|
|
SYSLOG ((LOG_INFO, "add '%s' to group '%s'",
|
|
|
|
|
user_newname, ngrp->gr_name));
|
|
|
|
|
@@ -888,9 +895,10 @@ update_gshadow(const struct sgrp *sgrp)
|
|
|
|
|
nsgrp->sg_adm = add_list (nsgrp->sg_adm, user_newname);
|
|
|
|
|
changed = true;
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "changing admin name in shadow group",
|
|
|
|
|
- user_name, AUDIT_NO_ID, 1);
|
|
|
|
|
+ audit_logger_with_group (AUDIT_GRP_MGMT, Prog,
|
|
|
|
|
+ "update-admin-name-in-shadow-group",
|
|
|
|
|
+ user_name, AUDIT_NO_ID, nsgrp->sg_name,
|
|
|
|
|
+ SHADOW_AUDIT_SUCCESS);
|
|
|
|
|
#endif
|
|
|
|
|
SYSLOG ((LOG_INFO,
|
|
|
|
|
"change admin '%s' to '%s' in shadow group '%s'",
|
|
|
|
|
@@ -910,9 +918,10 @@ update_gshadow(const struct sgrp *sgrp)
|
|
|
|
|
user_newname);
|
2014-10-17 15:03:29 +00:00
|
|
|
changed = true;
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
2024-06-18 09:56:02 +00:00
|
|
|
- "changing member in shadow group",
|
|
|
|
|
- user_name, AUDIT_NO_ID, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
2024-06-18 09:56:02 +00:00
|
|
|
+ "update-member-in-shadow-group",
|
2014-10-17 15:03:29 +00:00
|
|
|
+ user_name, AUDIT_NO_ID,
|
|
|
|
|
+ nsgrp->sg_name, 1);
|
|
|
|
|
#endif
|
|
|
|
|
SYSLOG ((LOG_INFO,
|
2024-06-18 09:56:02 +00:00
|
|
|
"change '%s' to '%s' in shadow group '%s'",
|
|
|
|
|
@@ -926,9 +935,10 @@ update_gshadow(const struct sgrp *sgrp)
|
|
|
|
|
nsgrp->sg_mem = del_list (nsgrp->sg_mem, user_name);
|
2014-10-17 15:03:29 +00:00
|
|
|
changed = true;
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
2024-06-18 09:56:02 +00:00
|
|
|
- "removing user from shadow group",
|
|
|
|
|
- user_name, AUDIT_NO_ID, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
2024-06-18 09:56:02 +00:00
|
|
|
+ "delete-user-from-shadow-group",
|
|
|
|
|
+ user_name, AUDIT_NO_ID,
|
2014-10-17 15:03:29 +00:00
|
|
|
+ nsgrp->sg_name, 1);
|
|
|
|
|
#endif
|
2024-06-18 09:56:02 +00:00
|
|
|
SYSLOG ((LOG_INFO,
|
|
|
|
|
"delete '%s' from shadow group '%s'",
|
|
|
|
|
@@ -941,9 +951,10 @@ update_gshadow(const struct sgrp *sgrp)
|
|
|
|
|
nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_newname);
|
|
|
|
|
changed = true;
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "adding user to shadow group",
|
|
|
|
|
- user_newname, AUDIT_NO_ID, 1);
|
|
|
|
|
+ audit_logger_with_group (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "add-user-to-shadow-group",
|
|
|
|
|
+ user_newname, AUDIT_NO_ID,
|
|
|
|
|
+ nsgrp->sg_name, 1);
|
|
|
|
|
#endif
|
|
|
|
|
SYSLOG ((LOG_INFO, "add '%s' to shadow group '%s'",
|
|
|
|
|
user_newname, nsgrp->sg_name));
|
|
|
|
|
@@ -1852,8 +1863,8 @@ static void move_home (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
if (uflg || gflg) {
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "changing home directory owner",
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "updating-home-dir-owner",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_newname, user_newid, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
|
|
|
|
#endif
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -1871,8 +1882,8 @@ static void move_home (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
fail_exit (E_HOMEDIR);
|
|
|
|
|
}
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "moving home directory",
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "moving-home-dir",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_newname, user_newid, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
#endif
|
2023-08-16 08:55:53 +00:00
|
|
|
return;
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -1899,9 +1910,9 @@ static void move_home (void)
|
2018-05-28 13:25:08 +00:00
|
|
|
Prog, prefix_user_home);
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK,
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT,
|
|
|
|
|
Prog,
|
|
|
|
|
- "moving home directory",
|
|
|
|
|
+ "moving-home-dir",
|
|
|
|
|
user_newname,
|
2023-08-16 08:55:53 +00:00
|
|
|
user_newid,
|
2014-10-17 15:03:29 +00:00
|
|
|
1);
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -2125,8 +2136,8 @@ static void move_mailbox (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
else {
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "changing mail file owner",
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "updating-mail-file-owner",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_newname, user_newid, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
|
|
|
|
#endif
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -2149,8 +2160,8 @@ static void move_mailbox (void)
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
else {
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "changing mail file name",
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "updating-mail-file-name",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_newname, user_newid, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
2023-08-16 08:55:53 +00:00
|
|
|
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -2347,8 +2358,8 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
|
|
|
|
Prog, user_name, user_selinux);
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "modifying User mapping ",
|
|
|
|
|
+ audit_logger (AUDIT_ROLE_ASSIGN, Prog,
|
|
|
|
|
+ "changing-selinux-user-mapping ",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, user_id,
|
2014-10-17 15:03:29 +00:00
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif /* WITH_AUDIT */
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -2360,8 +2371,8 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
_("%s: warning: the user name %s to SELinux user mapping removal failed.\n"),
|
|
|
|
|
Prog, user_name);
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
- audit_logger (AUDIT_ADD_USER, Prog,
|
|
|
|
|
- "removing SELinux user mapping",
|
|
|
|
|
+ audit_logger (AUDIT_ROLE_REMOVE, Prog,
|
|
|
|
|
+ "delete-selinux-user-mapping",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_name, user_id,
|
2014-10-17 15:03:29 +00:00
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
|
#endif /* WITH_AUDIT */
|
2024-06-18 09:56:02 +00:00
|
|
|
@@ -2404,8 +2415,8 @@ int main (int argc, char **argv)
|
2014-10-17 15:03:29 +00:00
|
|
|
*/
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
|
if (uflg || gflg) {
|
|
|
|
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
|
- "changing home directory owner",
|
|
|
|
|
+ audit_logger (AUDIT_USER_MGMT, Prog,
|
|
|
|
|
+ "updating-home-dir-owner",
|
2023-08-16 08:55:53 +00:00
|
|
|
user_newname, user_newid, 1);
|
2014-10-17 15:03:29 +00:00
|
|
|
}
|
|
|
|
|
#endif
|
