PERFORCE change 105138 for review

Christian S.J. Peron csjp at FreeBSD.org
Sat Aug 26 20:33:10 UTC 2006


http://perforce.freebsd.org/chv.cgi?CH=105138

Change 105138 by csjp at csjp_xor on 2006/08/26 20:00:46

	Write subject and return tokens. This is in preparation for some work
	around parsing of BSM records in the kernel. At minimum it will expect
	a header, subject, and return value so it can be properly preselected.

Affected files ...

.. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#18 edit

Differences ...

==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#18 (text+ko) ====

@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#17 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#18 $
  */
 
 #include <sys/types.h>
@@ -366,6 +366,7 @@
 static int
 close_all(void)
 {
+	struct auditinfo ai;
 	int err_ret = 0;
 	char TS[POSTFIX_LEN];
 	int aufd;
@@ -378,6 +379,17 @@
 	else {
 		if ((tok = au_to_text("auditd::Audit shutdown")) != NULL)
 			au_write(aufd, tok);
+		/*
+		 * XXX we need to implement extended subject tokens so we can
+		 * effectively represent terminal lines with this token type.
+		 */
+		bzero(&ai, sizeof(ai));
+		if ((tok = au_to_subject32(getuid(), geteuid(), getegid(),
+		    getuid(), getgid(), getpid(), getpid(), &ai.ai_termid))
+		    != NULL)
+			au_write(aufd, tok);
+		if ((tok = au_to_return32(0, 0)) != NULL)
+			au_write(aufd, tok);
 		if (au_close(aufd, 1, AUE_audit_shutdown) == -1)
 			syslog(LOG_ERR,
 			    "Could not close audit shutdown event.");
@@ -745,6 +757,7 @@
 static void
 setup(void)
 {
+	struct auditinfo ai;
 	auditinfo_t auinfo;
 	int aufd;
 	token_t *tok;
@@ -781,8 +794,20 @@
 	if ((aufd = au_open()) == -1)
 		syslog(LOG_ERR, "Could not create audit startup event.");
 	else {
+		/*
+		 * XXXCSJP Perhaps we wan't more robust audit records for
+		 * audit start up and shutdown. This might include capturing
+		 * failures to initialize the audit subsystem?
+		 */
+		bzero(&ai, sizeof(ai));
+		if ((tok = au_to_subject32(getuid(), geteuid(), getegid(),
+		    getuid(), getgid(), getpid(), getpid(), &ai.ai_termid))
+		    != NULL)
+			au_write(aufd, tok);
 		if ((tok = au_to_text("auditd::Audit startup")) != NULL)
 			au_write(aufd, tok);
+		if ((tok = au_to_return32(0, 0)) != NULL)
+			au_write(aufd, tok);
 		if (au_close(aufd, 1, AUE_audit_startup) == -1)
 			syslog(LOG_ERR,
 			    "Could not close audit startup event.");


More information about the trustedbsd-cvs mailing list