Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 233451 Details for
Bug 343891
audit updates for rsh
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
patch adding audit capabilities
rsh.patch (text/plain), 11.51 KB, created by
Steve Grubb
on 2007-10-20 15:58:30 UTC
(
hide
)
Description:
patch adding audit capabilities
Filename:
MIME Type:
Creator:
Steve Grubb
Created:
2007-10-20 15:58:30 UTC
Size:
11.51 KB
patch
obsolete
>diff -urN devel.orig/netkit-rsh-0.17-audit.patch devel/netkit-rsh-0.17-audit.patch >--- devel.orig/netkit-rsh-0.17-audit.patch 1969-12-31 19:00:00.000000000 -0500 >+++ devel/netkit-rsh-0.17-audit.patch 2007-10-20 11:54:29.000000000 -0400 >@@ -0,0 +1,256 @@ >+diff -urp netkit-rsh-0.17.orig/configure netkit-rsh-0.17/configure >+--- netkit-rsh-0.17.orig/configure 2007-10-20 08:27:09.000000000 -0400 >++++ netkit-rsh-0.17/configure 2007-10-20 10:57:52.000000000 -0400 >+@@ -19,8 +19,9 @@ >+ Usage: configure [options] >+ --help Show this message >+ --with-debug Enable debugging >+- --without-pam Disable PAM support >++ --without-pam Disable PAM support >+ --without-shadow Disable shadow password support >++ --without-audit Disable audit support >+ --prefix=path Prefix for location of files [/usr] >+ --exec-prefix=path Location for arch-depedent files [prefix] >+ --installroot=root Top of filesystem tree to install in [/] >+@@ -47,6 +48,7 @@ >+ --with-c-compiler=*) CC=`echo $1 | sed 's/^[^=]*=//'` ;; >+ --without-pam|--disable-pam) WITHOUT_PAM=1;; >+ --without-shadow|--disable-shadow) WITHOUT_SHADOW=1;; >++ --without-audit|--disable-audit) WITHOUT_AUDIT=1;; >+ *) echo "Unrecognized option: $1"; exit 1;; >+ esac >+ shift >+@@ -342,6 +344,32 @@ >+ >+ ################################################## >+ >++echo -n 'Checking for AUDIT... ' >++if [ x$WITHOUT_AUDIT != x ]; then >++ echo disabled >++else >++cat <<EOF >__conftest.c >++#include <stdio.h> >++#include <libaudit.h> >++int main() { >++ audit_log_acct_message(1, AUDIT_USER_LOGIN, NULL, NULL, NULL, 0, NULL, NULL, NULL, 0); >++ return 0; >++} >++ >++EOF >++if ( >++ $CC $CFLAGS __conftest.c -laudit -o __conftest || exit 1 >++ ) >/dev/null 2>&1; then >++ echo 'yes' >++ USE_AUDIT=1 >++ else >++ echo 'no' >++ fi >++fi >++rm -f __conftest* >++ >++################################################## >++ >+ echo -n 'Checking for crypt... ' >+ cat <<EOF >__conftest.c >+ int main() { crypt("aa", "bb"); } >+@@ -593,5 +621,6 @@ >+ echo "USE_PAM=$USE_PAM" >+ echo "USE_SHADOW=$USE_SHADOW" >+ echo "LIBSHADOW=$LIBSHADOW" >++ echo "USE_AUDIT=$USE_AUDIT" >+ ) > MCONFIG >+ >+diff -urp netkit-rsh-0.17.orig/rexecd/rexecd.c netkit-rsh-0.17/rexecd/rexecd.c >+--- netkit-rsh-0.17.orig/rexecd/rexecd.c 2007-10-20 08:27:09.000000000 -0400 >++++ netkit-rsh-0.17/rexecd/rexecd.c 2007-10-20 10:11:31.000000000 -0400 >+@@ -312,9 +312,12 @@ doit(struct sockaddr_in *fromp) >+ PAM_password = pass; >+ pam_error = pam_start("rexec", PAM_username, &PAM_conversation,&pamh); >+ PAM_BAIL; >+- pam_set_item (pamh, PAM_RUSER, user); >+- pam_set_item (pamh, PAM_RHOST, remote); >+- pam_set_item (pamh, PAM_TTY, "rexec"); /* we don't have a tty yet! */ >++ pam_error = pam_set_item (pamh, PAM_RUSER, user); >++ PAM_BAIL; >++ pam_error = pam_set_item (pamh, PAM_RHOST, remote); >++ PAM_BAIL; >++ pam_error = pam_set_item (pamh, PAM_TTY, "rexec"); /* we don't have a tty yet! */ >++ PAM_BAIL; >+ pam_error = pam_authenticate(pamh, 0); >+ PAM_BAIL; >+ pam_error = pam_acct_mgmt(pamh, 0); >+diff -urp netkit-rsh-0.17.orig/rlogind/auth.c netkit-rsh-0.17/rlogind/auth.c >+--- netkit-rsh-0.17.orig/rlogind/auth.c 2007-10-20 08:27:09.000000000 -0400 >++++ netkit-rsh-0.17/rlogind/auth.c 2007-10-20 09:06:54.000000000 -0400 >+@@ -117,17 +117,39 @@ int auth_checkauth(const char *remoteuse >+ retval = pam_start("rlogin", localuser, &conv, &pamh); >+ if (retval != PAM_SUCCESS) { >+ syslog(LOG_ERR, "pam_start: %s\n", pam_strerror(pamh, retval)); >++ pam_end(pamh, retval); >+ fatal(STDERR_FILENO, "initialization failed", 0); >+ } >+ >+- pam_set_item(pamh, PAM_USER, localuser); >+- pam_set_item(pamh, PAM_RUSER, remoteuser); >+- pam_set_item(pamh, PAM_RHOST, host); >+- pam_set_item(pamh, PAM_TTY, "rlogin"); /* we don't have a tty yet! */ >++ retval = pam_set_item(pamh, PAM_USER, localuser); >++ if (retval != PAM_SUCCESS) { >++ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retval)); >++ pam_end(pamh, retval); >++ fatal(STDERR_FILENO, "initialization failed", 0); >++ } >++ retval = pam_set_item(pamh, PAM_RUSER, remoteuser); >++ if (retval != PAM_SUCCESS) { >++ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retval)); >++ pam_end(pamh, retval); >++ fatal(STDERR_FILENO, "initialization failed", 0); >++ } >++ retval = pam_set_item(pamh, PAM_RHOST, host); >++ if (retval != PAM_SUCCESS) { >++ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retval)); >++ pam_end(pamh, retval); >++ fatal(STDERR_FILENO, "initialization failed", 0); >++ } >++ retval = pam_set_item(pamh, PAM_TTY, "rlogin"); /* we don't have a tty yet! */ >++ if (retval != PAM_SUCCESS) { >++ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retval)); >++ pam_end(pamh, retval); >++ fatal(STDERR_FILENO, "initialization failed", 0); >++ } >+ >+ network_confirm(); >+ retval = attempt_auth(); >+ if ((retval == PAM_ACCT_EXPIRED) || (retval == PAM_PERM_DENIED)) { >++ pam_end(pamh, retval); >+ syslog(LOG_ERR, "PAM authentication denied for in.rlogind"); >+ exit(1); >+ } else if (retval != PAM_SUCCESS) { >+diff -urp netkit-rsh-0.17.orig/rlogind/rlogind.c netkit-rsh-0.17/rlogind/rlogind.c >+--- netkit-rsh-0.17.orig/rlogind/rlogind.c 2007-10-20 08:27:09.000000000 -0400 >++++ netkit-rsh-0.17/rlogind/rlogind.c 2007-10-20 08:59:13.000000000 -0400 >+@@ -357,9 +357,9 @@ static void child(const char *hname, con >+ } >+ termenv[3] = NULL; >+ >++ auth_finish(); >++ closeall(); >+ if (authenticated) { >+- auth_finish(); >+- closeall(); >+ execle(_PATH_LOGIN, "login", "-p", >+ "-h", hname, "-f", localuser, NULL, termenv); >+ } >+@@ -368,8 +368,6 @@ static void child(const char *hname, con >+ syslog(LOG_AUTH|LOG_INFO, "rlogin with an option as a name!"); >+ exit(1); >+ } >+- auth_finish(); >+- closeall(); >+ execle(_PATH_LOGIN, "login", "-p", >+ "-h", hname, localuser, NULL, termenv); >+ } >+diff -urp netkit-rsh-0.17.orig/rshd/Makefile netkit-rsh-0.17/rshd/Makefile >+--- netkit-rsh-0.17.orig/rshd/Makefile 2007-10-20 08:27:09.000000000 -0400 >++++ netkit-rsh-0.17/rshd/Makefile 2007-10-20 11:00:49.000000000 -0400 >+@@ -9,6 +9,10 @@ ifeq ($(USE_PAM),1) >+ CFLAGS += -DUSE_PAM >+ LIBS += -ldl -lpam -lpam_misc >+ endif >++ifeq ($(USE_AUDIT),1) >++CFLAGS += -DUSE_AUDIT >++LIBS += -ldl -laudit >++endif >+ >+ rshd: $(OBJS) >+ $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ >+diff -urp netkit-rsh-0.17.orig/rshd/rshd.c netkit-rsh-0.17/rshd/rshd.c >+--- netkit-rsh-0.17.orig/rshd/rshd.c 2007-10-20 08:27:09.000000000 -0400 >++++ netkit-rsh-0.17/rshd/rshd.c 2007-10-20 11:04:16.000000000 -0400 >+@@ -90,6 +90,10 @@ char rcsid[] = >+ static pam_handle_t *pamh; >+ #endif /* USE_PAM */ >+ >++#ifdef USE_AUDIT >++#include <libaudit.h> >++#endif /* USE_AUDIT */ >++ >+ #define OPTIONS "aDhlLn" >+ >+ static int keepalive = 1; >+@@ -243,9 +247,21 @@ static struct passwd *doauth(const char >+ syslog(LOG_ERR, "pam_start: %s\n", pam_strerror(pamh, retcode)); >+ exit (1); >+ } >+- pam_set_item (pamh, PAM_RUSER, remuser); >+- pam_set_item (pamh, PAM_RHOST, hostname); >+- pam_set_item (pamh, PAM_TTY, "rsh"); /* we don't use a tty, so punt */ >++ retcode = pam_set_item (pamh, PAM_RUSER, remuser); >++ if (retcode != PAM_SUCCESS) { >++ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retcode)); >++ exit (1); >++ } >++ retcode = pam_set_item (pamh, PAM_RHOST, hostname); >++ if (retcode != PAM_SUCCESS) { >++ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retcode)); >++ exit (1); >++ } >++ retcode = pam_set_item (pamh, PAM_TTY, "rsh"); /* we don't use a tty, so punt */ >++ if (retcode != PAM_SUCCESS) { >++ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retcode)); >++ exit (1); >++ } >+ >+ retcode = pam_authenticate(pamh, 0); >+ if (retcode == PAM_SUCCESS) { >+@@ -365,6 +381,27 @@ static const char *findhostname(struct s >+ return NULL; /* not reachable */ >+ } >+ >++static int log_audit(const char *username, int uid, const char *hostname, >++ int success) >++{ >++#ifdef USE_AUDIT >++ int audit_fd = audit_open(); >++ if (audit_fd < 0) { >++ if (errno != EINVAL && errno != EPROTONOSUPPORT && >++ errno != EAFNOSUPPORT) >++ return 1; >++ } else { >++ int rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN, >++ NULL, "login", username, uid, hostname, NULL, >++ "rsh", success); >++ close(audit_fd); >++ if (rc <= 0) >++ return 1; >++ } >++#endif >++ return 0; >++} >++ >+ static void >+ doit(struct sockaddr_storage *fromp, socklen_t fromlen) >+ { >+@@ -435,14 +472,21 @@ doit(struct sockaddr_storage *fromp, soc >+ setpwent(); >+ pwd = doauth(remuser, hostname, locuser); >+ if (pwd == NULL) { >++ if (log_audit(remuser, pwd->pw_uid, hostname, 0) <= 0) { >++ fail("Error sending audit event.\n", >++ remuser, hostname, locuser, cmdbuf); >++ } >+ fail("Permission denied.\n", >+ remuser, hostname, locuser, cmdbuf); >+ } >+- >+ if (pwd->pw_uid != 0 && !access(_PATH_NOLOGIN, F_OK)) { >+ error("Logins currently disabled.\n"); >+ exit(1); >+ } >++ if (log_audit(remuser, pwd->pw_uid, hostname, 1) <= 0) { >++ fail("Error sending audit event.\n", >++ remuser, hostname, locuser, cmdbuf); >++ } >+ >+ (void) write(2, "\0", 1); >+ sent_null = 1; >diff -urN devel.orig/rexec.pam devel/rexec.pam >--- devel.orig/rexec.pam 2007-10-20 11:53:38.000000000 -0400 >+++ devel/rexec.pam 2007-10-20 11:54:29.000000000 -0400 >@@ -8,3 +8,4 @@ > account include system-auth > session optional pam_keyinit.so force revoke > session include system-auth >+session required pam_loginuid.so >diff -urN devel.orig/rlogin.pam devel/rlogin.pam >--- devel.orig/rlogin.pam 2007-10-20 11:53:38.000000000 -0400 >+++ devel/rlogin.pam 2007-10-20 11:54:29.000000000 -0400 >@@ -10,3 +10,4 @@ > password include system-auth > session optional pam_keyinit.so force revoke > session include system-auth >+session required pam_loginuid.so >diff -urN devel.orig/rsh.pam devel/rsh.pam >--- devel.orig/rsh.pam 2007-10-20 11:53:38.000000000 -0400 >+++ devel/rsh.pam 2007-10-20 11:54:29.000000000 -0400 >@@ -8,3 +8,4 @@ > account include system-auth > session optional pam_keyinit.so force revoke > session include system-auth >+session required pam_loginuid.so >diff -urN devel.orig/rsh.spec devel/rsh.spec >--- devel.orig/rsh.spec 2007-10-20 11:53:38.000000000 -0400 >+++ devel/rsh.spec 2007-10-20 11:54:29.000000000 -0400 >@@ -1,7 +1,7 @@ > Summary: Clients for remote access commands (rsh, rlogin, rcp). > Name: rsh > Version: 0.17 >-Release: 44%{?dist} >+Release: 45%{?dist} > License: BSD > Group: Applications/Internet > >@@ -10,6 +10,7 @@ > BuildPrereq: ncurses-devel > > BuildRequires: pam-devel >+BuildRequires: audit-libs-devel >= 1.5 > > Source: ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/netkit-rsh-%{version}.tar.gz > Source1: rexec.pam >@@ -52,6 +53,7 @@ > Patch31: netkit-rsh-0.17-pam_env.patch > Patch33: netkit-rsh-0.17-dns.patch > Patch34: netkit-rsh-0.17-nohostcheck-compat.patch >+Patch35: netkit-rsh-0.17-audit.patch > > %description > The rsh package contains a set of programs which allow users to run >@@ -115,6 +117,7 @@ > %patch31 -p1 -b .pam_env > %patch33 -p1 -b .dns > %patch34 -p1 -b .compat >+%patch35 -p1 -b .audit > > # No, I don't know what this is doing in the tarball. > rm -f rexec/rexec >@@ -183,6 +186,9 @@ > %{_mandir}/man8/*.8* > > %changelog >+* Sat Oct 20 2007 Steve Grubb <sgrubb@redhat.com> 0.17-45 >+- update for audit >+ > * Tue Oct 16 2007 Adam Tkac <atkac redhat com> 0.17-44 > - added -D option for compatibility with F8 test releases > - fixed rsh-server description
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 343891
: 233451