PERFORCE change 78719 for review

[Wayne Salamon]

http://perforce.freebsd.org/chv.cgi?CH=78719

Change 78719 by wsalamon at rickenbacker on 2005/06/19 13:48:50

	Update auditd and audit command to use the new triggering facility
	in auditon() syscall.

Affected files ...

.. //depot/projects/trustedbsd/audit3/contrib/audit_supt/audit/audit.c#5 edit
.. //depot/projects/trustedbsd/audit3/contrib/audit_supt/auditd/auditd.c#11 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/contrib/audit_supt/audit/audit.c#5 (text+ko) ====

@@ -6,13 +6,16 @@
  *
  */
 
+#include <sys/queue.h>
+#include <sys/types.h>
+#include <sys/uio.h>
+
+#include <bsm/audit.h>
+
 #include <fcntl.h>
+#include <stdio.h>
 #include <stdlib.h>
-#include <stdio.h>
 #include <unistd.h>
-#include <bsm/audit.h>
-#include <sys/types.h>
-#include <sys/uio.h>
 
 void usage()
 {
@@ -35,15 +38,15 @@
 		switch(ch) {
 
 		case 'n':
-			trigger = AUDITD_TRIGGER_OPEN_NEW;
+			trigger = AUDIT_TRIGGER_OPEN_NEW;
 			break;
 
 		case 's':   
-			trigger = AUDITD_TRIGGER_READ_FILE;
+			trigger = AUDIT_TRIGGER_READ_FILE;
 			break;
 
 		case 't':
-			trigger = AUDITD_TRIGGER_CLOSE_AND_DIE;
+			trigger = AUDIT_TRIGGER_CLOSE_AND_DIE;
 			break;
 
 		case '?':
@@ -52,7 +55,7 @@
 			break;
 		}
 	}
-	if (auditctl(AC_SENDTRIGGER, &trigger, sizeof(trigger)) < 0) {
+	if (auditon(A_SENDTRIGGER, &trigger, sizeof(trigger)) < 0) {
 		perror("Error sending trigger");
 		exit(-1);
 	} else {

==== //depot/projects/trustedbsd/audit3/contrib/audit_supt/auditd/auditd.c#11 (text+ko) ====

@@ -29,19 +29,19 @@
 #include <sys/types.h>
 #include <sys/wait.h>
 
+#include <bsm/audit.h>
+#include <bsm/audit_uevents.h>
+#include <bsm/libbsm.h>
+
+#include <errno.h>
 #include <fcntl.h>
-#include <time.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <time.h>
 #include <unistd.h>
-#include <errno.h>
-#include <syslog.h>
 #include <signal.h>
 #include <string.h>
-
-#include <bsm/audit.h>
-#include <bsm/audit_uevents.h>
-#include <bsm/libbsm.h>
+#include <syslog.h>
 
 #include "auditd.h"
 #define NA_EVENT_STR_SIZE 25
@@ -186,7 +186,7 @@
 		if (open(fn, O_RDONLY | O_CREAT, S_IRUSR | S_IRGRP) < 0) {
 			perror("File open");
 		}
-		else if (auditctl(AC_SETLOGFILE, &fn, sizeof(fn)) != 0) {
+		else if (auditctl(fn) != 0) {
 			syslog(LOG_ERR, 
 				"auditctl failed setting log file! : %s\n", 
 				strerror(errno));
@@ -288,6 +288,7 @@
 	char TS[POSTFIX_LEN];
 	int aufd;
 	token_t *tok;
+	long cond;
 
 	/* Generate an audit record */
 	if((aufd = au_open()) == -1) {
@@ -304,9 +305,10 @@
 	}
 
 	/* flush contents */
-	err_ret = auditctl(AC_SHUTDOWN, NULL, 0);
+	cond = AUC_DISABLED;
+	err_ret = auditon(A_SETCOND, &cond, sizeof(cond));
 	if (err_ret != 0) {
-		syslog(LOG_ERR, "auditctl failed! : %s\n", 
+		syslog(LOG_ERR, "Disabling audit failed! : %s\n", 
 			strerror(errno));
 		err_ret = 1;
 	}
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message