diff options
author | Laurent Bercot <ska-skaware@skarnet.org> | 2019-01-06 18:11:02 +0000 |
---|---|---|
committer | Laurent Bercot <ska-skaware@skarnet.org> | 2019-01-06 18:11:02 +0000 |
commit | 48c4cf945317e6fd397a8ec4a918461fad96265f (patch) | |
tree | 2ffd82bdc529749fab9f9c054eec108c882d050d | |
parent | 62ca2e2698fbd0cc94b40bdc8d355a3a5d1ea239 (diff) | |
download | utmps-e871cba246d790ccd5059ea4b57935db92d1926a.tar.xz |
version: 0.0.2.0v0.0.2.0
utmps-wtmpd bugfix
utmps-utmpd allows utmp group to write to utmp file
-rw-r--r-- | NEWS | 7 | ||||
-rw-r--r-- | doc/index.html | 2 | ||||
-rw-r--r-- | doc/overview.html | 3 | ||||
-rw-r--r-- | doc/upgrade.html | 8 | ||||
-rw-r--r-- | doc/utmps-utmpd.html | 2 | ||||
-rw-r--r-- | package/info | 2 | ||||
-rw-r--r-- | src/utmps/utmps-utmpd.c | 14 | ||||
-rw-r--r-- | src/utmps/utmps-wtmpd.c | 2 |
8 files changed, 32 insertions, 8 deletions
@@ -1,5 +1,12 @@ Changelog for utmps. +In 0.0.2.0 +---------- + + - Bugfixes. + - Members of the utmp group can use pututxline(). + + In 0.0.1.3 ---------- diff --git a/doc/index.html b/doc/index.html index d0c0ab4..be076da 100644 --- a/doc/index.html +++ b/doc/index.html @@ -76,7 +76,7 @@ suitable replacement for <h3> Download </h3> <ul> - <li> The current released version of utmps is <a href="utmps-0.0.1.3.tar.gz">0.0.1.3</a>. </li> + <li> The current released version of utmps is <a href="utmps-0.0.2.0.tar.gz">0.0.2.0</a>. </li> <li> Alternatively, you can checkout a copy of the <a href="//git.skarnet.org/cgi-bin/cgit.cgi/utmps/">utmps git repository</a>: diff --git a/doc/overview.html b/doc/overview.html index 6860eea..d24028a 100644 --- a/doc/overview.html +++ b/doc/overview.html @@ -89,7 +89,8 @@ needs to be suid or sgid, and permissions can actually be quite fine-grained. <ul> <li> <a href="utmps-utmpd.html">utmps-utmpd</a> will allow any user to -read from the utmp database, but will only allow root to write to it. </li> +read from the utmp database, but will only allow root, or members of the +same group utmps-utmpd runs as, to write to it. </li> <li> <a href="utmps-wtmpd.html">utmps-wtmpd</a> will only allow a user to add an entry to the wtmp database if the user is root, or if the <tt>ut_user</tt> field of the added entry resolves to the user's effective diff --git a/doc/upgrade.html b/doc/upgrade.html index f6bd05f..ea33541 100644 --- a/doc/upgrade.html +++ b/doc/upgrade.html @@ -18,6 +18,14 @@ <h1> What has changed in utmps </h1> +<h2> in 0.0.2.0 </h2> + +<ul> + <li> Members of the <em>utmp</em> group (if <em>utmp</em> is the name +of the group the <a href="utmps-utmpd.html">utmps-utmpd</a> daemon runs as) +can now use <tt>pututxline()</tt> to write to the utmp database. </li> +</ul> + <h2> in 0.0.1.3 </h2> <ul> diff --git a/doc/utmps-utmpd.html b/doc/utmps-utmpd.html index 78ca490..2bee9ad 100644 --- a/doc/utmps-utmpd.html +++ b/doc/utmps-utmpd.html @@ -56,7 +56,7 @@ for every client connection; every instance reads the effective uid of the client in an environment variable set by the superserver, which allows it to filter operations - for instance, it allows any user to read from the database but it only -allows root to write to it. +allows root, and members of the group utmps-utmpd runs as, to write to it. </p> <p> diff --git a/package/info b/package/info index 3c772e7..e157d35 100644 --- a/package/info +++ b/package/info @@ -1,4 +1,4 @@ package=utmps -version=0.0.1.3 +version=0.0.2.0 category=admin package_macro_name=UTMPS diff --git a/src/utmps/utmps-utmpd.c b/src/utmps/utmps-utmpd.c index cde2ea0..06f3e9e 100644 --- a/src/utmps/utmps-utmpd.c +++ b/src/utmps/utmps-utmpd.c @@ -140,12 +140,16 @@ static void do_getline (void) flush1() ; } -static void do_putline (uid_t uid) +static void do_putline (uid_t uid, gid_t gid) { struct utmpx u ; char buf[sizeof(struct utmpx)] ; get0(buf, sizeof(struct utmpx)) ; - if (uid) { answer(EPERM) ; return ; } + if (uid && gid != getegid()) + { + answer(EPERM) ; + return ; + } utmps_utmpx_unpack(buf, &u) ; maybe_open() ; for (;;) @@ -186,11 +190,15 @@ static void do_rewind (void) int main (void) { uid_t uid ; + gid_t gid ; char const *x ; PROG = "utmps-utmpd" ; x = ucspi_get("REMOTEEUID") ; if (!x) strerr_diefu1x(100, "get $IPCREMOTEEUID from environment") ; if (!uid0_scan(x, &uid)) strerr_dieinvalid(100, "IPCREMOTEEUID") ; + x = ucspi_get("REMOTEEGID") ; + if (!x) strerr_diefu1x(100, "get $IPCREMOTEEGID from environment") ; + if (!gid0_scan(x, &gid)) strerr_dieinvalid(100, "IPCREMOTEEGID") ; if (ndelay_on(0) < 0) strerr_diefu1sys(111, "set stdin non-blocking") ; tain_now_g() ; @@ -205,7 +213,7 @@ int main (void) case 'e' : do_getent() ; break ; case 'i' : do_getid() ; break ; case 'l' : do_getline() ; break ; - case 'E' : do_putline(uid) ; break ; + case 'E' : do_putline(uid, gid) ; break ; case 'r' : do_rewind() ; break ; default : errno = EPROTO ; diff --git a/src/utmps/utmps-wtmpd.c b/src/utmps/utmps-wtmpd.c index c38168a..7aff741 100644 --- a/src/utmps/utmps-wtmpd.c +++ b/src/utmps/utmps-wtmpd.c @@ -89,7 +89,7 @@ int main (void) answer(errno) ; strerr_diefu1sys(111, "lseek on wtmp") ; } - w = allwrite(fd, buf + 1, sizeof(struct utmpx)) ; + w = allwrite(fd, buf, sizeof(struct utmpx)) ; if (w < sizeof(struct utmpx)) { int e = errno ; |