PERFORCE change 91092 for review
Robert Watson
rwatson at FreeBSD.org
Sat Feb 4 18:52:17 GMT 2006
http://perforce.freebsd.org/chv.cgi?CH=91092
Change 91092 by rwatson at rwatson_peppercorn on 2006/02/04 18:51:55
Audit logout.
Affected files ...
.. //depot/projects/trustedbsd/audit3/usr.bin/login/login.c#11 edit
.. //depot/projects/trustedbsd/audit3/usr.bin/login/login_audit.c#4 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/usr.bin/login/login.c#11 (text+ko) ====
@@ -959,6 +959,7 @@
{
pam_cleanup();
+ audit_logout();
(void)sleep(sec);
exit(eval);
}
==== //depot/projects/trustedbsd/audit3/usr.bin/login/login_audit.c#4 (text+ko) ====
@@ -226,3 +226,57 @@
exit(1);
}
}
+
+/*
+ * The following tokens are included in the audit record for a logout:
+ * header, subject, return.
+ */
+void
+audit_logout(void)
+{
+ token_t *tok;
+ int aufd;
+ au_mask_t aumask;
+ auditinfo_t auinfo;
+ uid_t uid = pwd->pw_uid;
+ gid_t gid = pwd->pw_gid;
+ pid_t pid = getpid();
+ long au_cond;
+
+ /* If we are not auditing, don't cut an audit record; just return. */
+ if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
+ if (errno == ENOSYS)
+ return;
+ fprintf(stderr,
+ "login: Could not determine audit condition\n");
+ exit(1);
+ }
+ if (au_cond == AUC_NOAUDIT)
+ return;
+
+ if ((aufd = au_open()) == -1) {
+ fprintf(stderr, "login: Audit Error: au_open() failed\n");
+ exit(1);
+ }
+
+ /* The subject that is created (euid, egid of the current process). */
+ if ((tok = au_to_subject32(uid, geteuid(), getegid(),
+ uid, gid, pid, pid, &tid)) == NULL) {
+ fprintf(stderr,
+ "login: Audit Error: au_to_subject32() failed\n");
+ exit(1);
+ }
+ au_write(aufd, tok);
+
+ if ((tok = au_to_return32(0, 0)) == NULL) {
+ fprintf(stderr,
+ "login: Audit Error: au_to_return32() failed\n");
+ exit(1);
+ }
+ au_write(aufd, tok);
+
+ if (au_close(aufd, 1, AUE_logout) == -1) {
+ fprintf(stderr, "login: Audit Record was not committed.\n");
+ exit(1);
+ }
+}
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list