summary refs log tree commit diff
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2019-01-06 18:11:02 +0000
committerLaurent Bercot <ska-skaware@skarnet.org>2019-01-06 18:11:02 +0000
commit48c4cf945317e6fd397a8ec4a918461fad96265f (patch)
tree2ffd82bdc529749fab9f9c054eec108c882d050d
parent62ca2e2698fbd0cc94b40bdc8d355a3a5d1ea239 (diff)
downloadutmps-0.0.2.0.tar.gz
utmps-0.0.2.0.tar.xz
utmps-0.0.2.0.zip
version: 0.0.2.0 v0.0.2.0
 utmps-wtmpd bugfix
 utmps-utmpd allows utmp group to write to utmp file
-rw-r--r--NEWS7
-rw-r--r--doc/index.html2
-rw-r--r--doc/overview.html3
-rw-r--r--doc/upgrade.html8
-rw-r--r--doc/utmps-utmpd.html2
-rw-r--r--package/info2
-rw-r--r--src/utmps/utmps-utmpd.c14
-rw-r--r--src/utmps/utmps-wtmpd.c2
8 files changed, 32 insertions, 8 deletions
diff --git a/NEWS b/NEWS
index e385f1d..4009e5d 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,12 @@
 Changelog for utmps.
 
+In 0.0.2.0
+----------
+
+ - Bugfixes.
+ - Members of the utmp group can use pututxline().
+
+
 In 0.0.1.3
 ----------
 
diff --git a/doc/index.html b/doc/index.html
index d0c0ab4..be076da 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -76,7 +76,7 @@ suitable replacement for
 <h3> Download </h3>
 
 <ul>
- <li> The current released version of utmps is <a href="utmps-0.0.1.3.tar.gz">0.0.1.3</a>. </li>
+ <li> The current released version of utmps is <a href="utmps-0.0.2.0.tar.gz">0.0.2.0</a>. </li>
  <li> Alternatively, you can checkout a copy of the
 <a href="//git.skarnet.org/cgi-bin/cgit.cgi/utmps/">utmps
 git repository</a>:
diff --git a/doc/overview.html b/doc/overview.html
index 6860eea..d24028a 100644
--- a/doc/overview.html
+++ b/doc/overview.html
@@ -89,7 +89,8 @@ needs to be suid or sgid, and permissions can actually be quite fine-grained.
 
 <ul>
  <li> <a href="utmps-utmpd.html">utmps-utmpd</a> will allow any user to
-read from the utmp database, but will only allow root to write to it. </li>
+read from the utmp database, but will only allow root, or members of the
+same group utmps-utmpd runs as, to write to it. </li>
  <li> <a href="utmps-wtmpd.html">utmps-wtmpd</a> will only allow a user
 to add an entry to the wtmp database if the user is root, or if the
 <tt>ut_user</tt> field of the added entry resolves to the user's effective
diff --git a/doc/upgrade.html b/doc/upgrade.html
index f6bd05f..ea33541 100644
--- a/doc/upgrade.html
+++ b/doc/upgrade.html
@@ -18,6 +18,14 @@
 
 <h1> What has changed in utmps </h1>
 
+<h2> in 0.0.2.0 </h2>
+
+<ul>
+ <li> Members of the <em>utmp</em> group (if <em>utmp</em> is the name
+of the group the <a href="utmps-utmpd.html">utmps-utmpd</a> daemon runs as)
+can now use <tt>pututxline()</tt> to write to the utmp database. </li>
+</ul>
+
 <h2> in 0.0.1.3 </h2>
 
 <ul>
diff --git a/doc/utmps-utmpd.html b/doc/utmps-utmpd.html
index 78ca490..2bee9ad 100644
--- a/doc/utmps-utmpd.html
+++ b/doc/utmps-utmpd.html
@@ -56,7 +56,7 @@ for every client connection;
 every instance reads the effective uid of the client in an environment
 variable set by the superserver, which allows it to filter operations -
 for instance, it allows any user to read from the database but it only
-allows root to write to it.
+allows root, and members of the group utmps-utmpd runs as, to write to it.
 </p>
 
 <p>
diff --git a/package/info b/package/info
index 3c772e7..e157d35 100644
--- a/package/info
+++ b/package/info
@@ -1,4 +1,4 @@
 package=utmps
-version=0.0.1.3
+version=0.0.2.0
 category=admin
 package_macro_name=UTMPS
diff --git a/src/utmps/utmps-utmpd.c b/src/utmps/utmps-utmpd.c
index cde2ea0..06f3e9e 100644
--- a/src/utmps/utmps-utmpd.c
+++ b/src/utmps/utmps-utmpd.c
@@ -140,12 +140,16 @@ static void do_getline (void)
   flush1() ;
 }
 
-static void do_putline (uid_t uid)
+static void do_putline (uid_t uid, gid_t gid)
 {
   struct utmpx u ;
   char buf[sizeof(struct utmpx)] ;
   get0(buf, sizeof(struct utmpx)) ;
-  if (uid) { answer(EPERM) ; return ; }
+  if (uid && gid != getegid())
+  {
+    answer(EPERM) ;
+    return ;
+  }
   utmps_utmpx_unpack(buf, &u) ;
   maybe_open() ;
   for (;;)
@@ -186,11 +190,15 @@ static void do_rewind (void)
 int main (void)
 {
   uid_t uid ;
+  gid_t gid ;
   char const *x ;
   PROG = "utmps-utmpd" ;
   x = ucspi_get("REMOTEEUID") ;
   if (!x) strerr_diefu1x(100, "get $IPCREMOTEEUID from environment") ;
   if (!uid0_scan(x, &uid)) strerr_dieinvalid(100, "IPCREMOTEEUID") ;
+  x = ucspi_get("REMOTEEGID") ;
+  if (!x) strerr_diefu1x(100, "get $IPCREMOTEEGID from environment") ;
+  if (!gid0_scan(x, &gid)) strerr_dieinvalid(100, "IPCREMOTEEGID") ;
   if (ndelay_on(0) < 0) strerr_diefu1sys(111, "set stdin non-blocking") ;
   tain_now_g() ;
 
@@ -205,7 +213,7 @@ int main (void)
       case 'e' : do_getent() ; break ;
       case 'i' : do_getid() ; break ;
       case 'l' : do_getline() ; break ;
-      case 'E' : do_putline(uid) ; break ;
+      case 'E' : do_putline(uid, gid) ; break ;
       case 'r' : do_rewind() ; break ;
       default :
         errno = EPROTO ;
diff --git a/src/utmps/utmps-wtmpd.c b/src/utmps/utmps-wtmpd.c
index c38168a..7aff741 100644
--- a/src/utmps/utmps-wtmpd.c
+++ b/src/utmps/utmps-wtmpd.c
@@ -89,7 +89,7 @@ int main (void)
     answer(errno) ;
     strerr_diefu1sys(111, "lseek on wtmp") ;
   }
-  w = allwrite(fd, buf + 1, sizeof(struct utmpx)) ;
+  w = allwrite(fd, buf, sizeof(struct utmpx)) ;
   if (w < sizeof(struct utmpx))
   {
     int e = errno ;