PERFORCE change 92109 for review
Christian S.J. Peron
csjp at FreeBSD.org
Mon Feb 20 20:09:16 PST 2006
http://perforce.freebsd.org/chv.cgi?CH=92109
Change 92109 by csjp at csjp_xor on 2006/02/21 04:09:03
CAPP says that failing to audit an auditable event should result in the
event not happening. So, if auditing any of these events fails, terminate
the process all together. Also, do not ignore au_write failures. This change
needs to be made in the login(1) too.
Affected files ...
.. //depot/projects/trustedbsd/audit3/usr.bin/su/su.c#11 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/usr.bin/su/su.c#11 (text+ko) ====
@@ -650,13 +650,13 @@
return;
syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s",
strerror(errno));
- return;
+ errx(1, "Permission denied");
}
afd = au_open();
if (afd < 0) {
syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s",
strerror(errno));
- return;
+ errx(1, "Permission denied");
}
/* XXX what should we do for termid? */
bzero(&termid, sizeof(termid));
@@ -666,10 +666,13 @@
if (token == NULL) {
syslog(LOG_AUTH | LOG_ERR,
"audit: unable to build subject token");
- return;
+ errx(1, "Permission denied");
+ }
+ if (au_write(afd, token) < 0) {
+ syslog(LOG_AUTH | LOG_ERR,
+ "audit: au_write failed: %s", strerror(errno));
+ errx(1, "Permission denied");
}
- /* XXX what if au_fails? */
- (void) au_write(afd, token);
if (fmt != NULL) {
va_start(ap, fmt);
(void) vsnprintf(&text[0], sizeof(text) - 1, fmt, ap);
@@ -678,9 +681,13 @@
if (token == NULL) {
syslog(LOG_AUTH | LOG_ERR,
"audit: failed to generate text token");
- return;
+ errx(1, "Permission denied");
+ }
+ if (au_write(afd, token) < 0) {
+ syslog(LOG_AUTH | LOG_ERR,
+ "audit: au_write failed: %s", strerror(errno));
+ errx(1, "Permission denied");
}
- (void) au_write(afd, token);
}
switch (what) {
case AUDIT_SU_FAILURE:
@@ -693,10 +700,16 @@
if (token == NULL) {
syslog(LOG_AUTH | LOG_ERR,
"audit: enable to build return token");
- return;
+ errx(1, "Permission denied");
+ }
+ if (au_write(afd, token) < 0) {
+ syslog(LOG_AUTH | LOG_ERR,
+ "audit: au_write failed: %s", strerror(errno));
+ errx(1, "Permission denied");
}
- (void) au_write(afd, token);
- if (au_close(afd, 1, AUE_su) < 0)
+ if (au_close(afd, 1, AUE_su) < 0) {
syslog(LOG_AUTH | LOG_ERR, "audit: record not committed");
+ errx(1, "Permission denied");
+ }
}
#endif
More information about the trustedbsd-cvs
mailing list