PERFORCE change 159952 for review

Stacey Son sson at FreeBSD.org
Sat Mar 28 10:36:53 PDT 2009 

http://perforce.freebsd.org/chv.cgi?CH=159952

Change 159952 by sson at sson_amd64 on 2009/03/28 17:36:37

	Bug fixes for 'audit -s'.
	
	'audit -s' didn't rotate the audit trail file and the kernel masks didn't
	get updated in the kernel. When audit_control go updated it was not re-
	read properly. 

Affected files ...

.. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#46 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#32 edit

Differences ...

==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#46 (text+ko) ====

@@ -26,7 +26,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#45 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#46 $
  */
 
 #include <sys/types.h>
@@ -537,9 +537,12 @@
 
 	case AUDIT_TRIGGER_READ_FILE:
 		auditd_log_info("Got read file trigger");
-		if (au_state == AUD_STATE_ENABLED && 
-		    auditd_config_controls() == -1)
-			auditd_log_err("Error setting audit controls");
+		if (au_state == AUD_STATE_ENABLED) {
+			if (auditd_config_controls() == -1)
+				auditd_log_err("Error setting audit controls");
+			else if (do_trail_file() == -1)
+				auditd_log_err("Error swapping audit file");
+		}
 		break;
 
 	case AUDIT_TRIGGER_CLOSE_AND_DIE:

==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#32 (text+ko) ====

@@ -27,7 +27,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#31 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#32 $
  */
 
 #include <config/config.h>
@@ -50,6 +50,8 @@
 #include <compat/strlcpy.h>
 #endif
 
+#include <sys/stat.h>
+
 /*
  * Parse the contents of the audit_control file to return the audit control
  * parameters.  These static fields are protected by 'mutex'.
@@ -287,10 +289,27 @@
 static void
 setac_locked(void)
 {
+	static time_t lastctime = 0;
+	struct stat sbuf;
 
 	ptrmoved = 1;
-	if (fp != NULL)
+	if (fp != NULL) {
+		/*
+		 * Check to see if the file on disk has changed.  If so,
+		 * force a re-read of the file by closing it.
+		 */
+		if (fstat(fileno(fp), &sbuf) < 0)
+			goto closefp;
+		if (lastctime != sbuf.st_ctimespec.tv_sec) {
+			lastctime = sbuf.st_ctimespec.tv_sec;
+closefp:
+			fclose(fp);
+			fp = NULL;
+			return;
+		}
+
 		fseek(fp, 0, SEEK_SET);
+	}
 }
 
 void

More information about the p4-projects mailing list