PERFORCE change 91655 for review

Sun Feb 12 16:51:38 PST 2006

http://perforce.freebsd.org/chv.cgi?CH=91655

Change 91655 by csjp at csjp_xor on 2006/02/13 00:50:26

	- Check to see if we are runing as root, if we aren't the drop the call to 
	  audit failure.
	- Re-arrange the max login name logic so we don't audit failure due to
	  excessive login name lengths when we are not root.
	- Don't attempt to audit after we have called setusercontext(), as it is
	  possible that we are no longer running with the required privilege.
	- Move successful audits to right after the authentication succeeds.
	
	Discussed with: wsalamon

Affected files ...

.. //depot/projects/trustedbsd/audit3/usr.bin/su/su.c#6 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/usr.bin/su/su.c#6 (text+ko) ====

@@ -209,22 +209,19 @@
 		usage();
 	/* NOTREACHED */
 
-	if (strlen(user) > MAXLOGNAME - 1) {
-#ifdef USE_BSM_AUDIT
-		audit_su(getuid(), AUDIT_SU_FAILURE);
-#endif
-		errx(1, "username too long");
-	}
-
 	/*
 	 * Try to provide more helpful debugging output if su(1) is running
 	 * non-setuid, or was run from a file system not mounted setuid.
 	 */
 	if (geteuid() != 0) {
+		errx(1, "not running setuid");
+	}
+
+	if (strlen(user) > MAXLOGNAME - 1) {
 #ifdef USE_BSM_AUDIT
 		audit_su(getuid(), AUDIT_SU_FAILURE);
 #endif
-		errx(1, "not running setuid");
+		errx(1, "username too long");
 	}
 
 	nargv = malloc(sizeof(char *) * (size_t)(argc + 4));
@@ -310,6 +307,9 @@
 		    username, user, mytty);
 		errx(1, "Sorry");
 	}
+#ifdef USE_BSM_AUDIT
+	audit_su(ruid, AUDIT_SU_SUCCESS);
+#endif
 	retcode = pam_get_item(pamh, PAM_USER, (const void **)&p);
 	if (retcode == PAM_SUCCESS)
 		user = p;
@@ -572,9 +572,6 @@
 		/* csh strips the first character... */
 		*np.a = asthem ? "-su" : iscsh == YES ? "_su" : "su";
 
-#ifdef USE_BSM_AUDIT
-		audit_su(ruid, AUDIT_SU_SUCCESS);
-#endif
 		if (ruid != 0) 
 			syslog(LOG_NOTICE, "%s to %s%s", username, user,
 			    ontty());
