Use the correct AUDIT_CHGRP_ID event instead of

AUDIT_USER_START, when changing the user space group ID with
newgrp or sg. Thanks to sgrubb@redhat.com for the patch.

ChangeLog

@@ -1,3 +1,9 @@
+2008-02-14  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* NEWS, src/newgrp.c: Use the correct AUDIT_CHGRP_ID event instead of
+	AUDIT_USER_START, when changing the user space group ID with
+	newgrp or sg. Thanks to sgrubb@redhat.com for the patch.
+
 2008-02-10  Nicolas François  <nicolas.francois@centraliens.net>
 
 	* src/usermod.c: Reset oflg with uflg if the new UID is equal to

NEWS

@@ -32,6 +32,8 @@ shadow-4.1.0 -> shadow-4.1.1						UNRELEASED
   * Fix segfault when an user returns to an unknown GID (either the user
     was deleted during the user's newgrp session or the user's passwd
     entry referenced an invalid group). Add a syslog warning in that case.
+  * Use the correct AUDIT_CHGRP_ID event instead of AUDIT_USER_START, when
+    changing the user space group ID with newgrp or sg.
 - newusers
   * The new users are no more added to the list of members of their groups
     because the membership is already set by their primary group.

src/newgrp.c

@@ -245,8 +245,15 @@ static void syslog_sg (const char *name, const char *group)
 			fprintf (stderr, _("%s: failure forking: %s"),
 				 is_newgrp ? "newgrp" : "sg", strerror (errno));
 #ifdef WITH_AUDIT
-			audit_logger (AUDIT_USER_START, Prog, "changing",
-				      NULL, getuid (), 0);
+			if (group) {
+				snprintf (audit_buf, sizeof(audit_buf),
+				          "changing new-group=%s", group);
+				audit_logger (AUDIT_CHGRP_ID, Prog,
+				              audit_buf, NULL, getuid (), 0);
+			} else {
+				audit_logger (AUDIT_CHGRP_ID, Prog, "changing",
+				              NULL, getuid (), 0);
+			}
 #endif
 			exit (1);
 		} else if (child) {
@@ -322,6 +329,8 @@ int main (int argc, char **argv)
 #endif
 
 #ifdef WITH_AUDIT
+	char audit_buf[80];
+
 	audit_help_open ();
 #endif
 	setlocale (LC_ALL, "");
@@ -364,7 +373,7 @@ int main (int argc, char **argv)
 	if (!pwd) {
 		fprintf (stderr, _("unknown UID: %u\n"), getuid ());
 #ifdef WITH_AUDIT
-		audit_logger (AUDIT_USER_START, Prog, "changing", NULL,
+		audit_logger (AUDIT_CHGRP_ID, Prog, "changing", NULL,
 			      getuid (), 0);
 #endif
 		SYSLOG ((LOG_WARN, "unknown UID %u", getuid ()));
@@ -473,8 +482,15 @@ int main (int argc, char **argv)
 	if (ngroups < 0) {
 		perror ("getgroups");
 #ifdef WITH_AUDIT
-		audit_logger (AUDIT_USER_START, Prog,
-			      "changing", NULL, getuid (), 0);
+		if (group) {
+			snprintf (audit_buf, sizeof(audit_buf),
+			          "changing new-group=%s", group);
+			audit_logger (AUDIT_CHGRP_ID, Prog,
+			              audit_buf, NULL, getuid (), 0);
+		} else {
+			audit_logger (AUDIT_CHGRP_ID, Prog,
+			              "changing", NULL, getuid (), 0);
+		}
 #endif
 		exit (1);
 	}
@@ -595,14 +611,24 @@ int main (int argc, char **argv)
 	 * to the real UID. For root, this also sets the real GID to the
 	 * new group id.
 	 */
-	if (setgid (gid))
+	if (setgid (gid)) {
 		perror ("setgid");
+#ifdef WITH_AUDIT
+		snprintf (audit_buf, sizeof(audit_buf),
+		          "changing new-gid=%d", gid);
+		audit_logger (AUDIT_CHGRP_ID, Prog,
+		              audit_buf, NULL, getuid (), 0);
+#endif
+		exit (1);
+	}
 
 	if (setuid (getuid ())) {
 		perror ("setuid");
 #ifdef WITH_AUDIT
-		audit_logger (AUDIT_USER_START, Prog, "changing",
-			      NULL, getuid (), 0);
+		snprintf (audit_buf, sizeof(audit_buf),
+		          "changing new-gid=%d", gid);
+		audit_logger (AUDIT_CHGRP_ID, Prog,
+		              audit_buf, NULL, getuid (), 0);
 #endif
 		exit (1);
 	}
@@ -615,8 +641,10 @@ int main (int argc, char **argv)
 		closelog ();
 		execl ("/bin/sh", "sh", "-c", command, (char *) 0);
 #ifdef WITH_AUDIT
-		audit_logger (AUDIT_USER_START, Prog, "changing",
-			      NULL, getuid (), 0);
+		snprintf (audit_buf, sizeof(audit_buf),
+		          "changing new-gid=%d", gid);
+		audit_logger (AUDIT_CHGRP_ID, Prog,
+		              audit_buf, NULL, getuid (), 0);
 #endif
 		perror ("/bin/sh");
 		exit (errno == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
@@ -682,7 +710,8 @@ int main (int argc, char **argv)
 	}
 
 #ifdef WITH_AUDIT
-	audit_logger (AUDIT_USER_START, Prog, "changing", NULL, getuid (), 1);
+	snprintf (audit_buf, sizeof(audit_buf), "changing new-gid=%d", gid);
+	audit_logger (AUDIT_CHGRP_ID, Prog, audit_buf, NULL, getuid (), 1);
 #endif
 	/*
 	 * Exec the login shell and go away. We are trying to get back to
@@ -705,7 +734,15 @@ int main (int argc, char **argv)
 	 */
 	closelog ();
 #ifdef WITH_AUDIT
-	audit_logger (AUDIT_USER_START, Prog, "changing", NULL, getuid (), 0);
+	if (group) {
+		snprintf (audit_buf, sizeof(audit_buf),
+		          "changing new-group=%s", group);
+		audit_logger (AUDIT_CHGRP_ID, Prog, 
+		              audit_buf, NULL, getuid (), 0);
+	} else {
+		audit_logger (AUDIT_CHGRP_ID, Prog,
+		              "changing", NULL, getuid (), 0);
+	}
 #endif
 	exit (1);
 }