PERFORCE change 105138 for review
Christian S.J. Peron
csjp at FreeBSD.org
Sat Aug 26 20:33:10 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=105138
Change 105138 by csjp at csjp_xor on 2006/08/26 20:00:46
Write subject and return tokens. This is in preparation for some work
around parsing of BSM records in the kernel. At minimum it will expect
a header, subject, and return value so it can be properly preselected.
Affected files ...
.. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#18 edit
Differences ...
==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#18 (text+ko) ====
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#17 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#18 $
*/
#include <sys/types.h>
@@ -366,6 +366,7 @@
static int
close_all(void)
{
+ struct auditinfo ai;
int err_ret = 0;
char TS[POSTFIX_LEN];
int aufd;
@@ -378,6 +379,17 @@
else {
if ((tok = au_to_text("auditd::Audit shutdown")) != NULL)
au_write(aufd, tok);
+ /*
+ * XXX we need to implement extended subject tokens so we can
+ * effectively represent terminal lines with this token type.
+ */
+ bzero(&ai, sizeof(ai));
+ if ((tok = au_to_subject32(getuid(), geteuid(), getegid(),
+ getuid(), getgid(), getpid(), getpid(), &ai.ai_termid))
+ != NULL)
+ au_write(aufd, tok);
+ if ((tok = au_to_return32(0, 0)) != NULL)
+ au_write(aufd, tok);
if (au_close(aufd, 1, AUE_audit_shutdown) == -1)
syslog(LOG_ERR,
"Could not close audit shutdown event.");
@@ -745,6 +757,7 @@
static void
setup(void)
{
+ struct auditinfo ai;
auditinfo_t auinfo;
int aufd;
token_t *tok;
@@ -781,8 +794,20 @@
if ((aufd = au_open()) == -1)
syslog(LOG_ERR, "Could not create audit startup event.");
else {
+ /*
+ * XXXCSJP Perhaps we wan't more robust audit records for
+ * audit start up and shutdown. This might include capturing
+ * failures to initialize the audit subsystem?
+ */
+ bzero(&ai, sizeof(ai));
+ if ((tok = au_to_subject32(getuid(), geteuid(), getegid(),
+ getuid(), getgid(), getpid(), getpid(), &ai.ai_termid))
+ != NULL)
+ au_write(aufd, tok);
if ((tok = au_to_text("auditd::Audit startup")) != NULL)
au_write(aufd, tok);
+ if ((tok = au_to_return32(0, 0)) != NULL)
+ au_write(aufd, tok);
if (au_close(aufd, 1, AUE_audit_startup) == -1)
syslog(LOG_ERR,
"Could not close audit startup event.");
More information about the trustedbsd-cvs
mailing list