PERFORCE change 97988 for review
Christian S.J. Peron
csjp at FreeBSD.org
Sat May 27 21:06:07 PDT 2006
http://perforce.freebsd.org/chv.cgi?CH=97988
Change 97988 by csjp at csjp_xor on 2006/05/28 03:55:13
Instead of zeroing out termid, resulting in a bogus origin, use getaudit
instead. This will allow remote host information to be propagated through
to the subject token.
Affected files ...
.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#23 edit
Differences ...
==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#23 (text+ko) ====
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#22 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#23 $
*/
#ifdef __APPLE__
@@ -62,12 +62,12 @@
int reterr, const char *fmt, ...)
{
char text[MAX_AUDITSTRING_LEN];
- au_tid_t termid;
token_t *token;
long acond;
va_list ap;
pid_t pid;
int error, afd;
+ struct auditinfo ai;
if (auditon(A_GETCOND, &acond, sizeof(acond)) < 0) {
/*
@@ -92,11 +92,16 @@
errno = error;
return (-1);
}
- /* XXX what should we do for termid? */
- bzero(&termid, sizeof(termid));
+ if (getaudit(&ai) < 0) {
+ error = errno;
+ syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s",
+ strerror(errno));
+ errno = error;
+ return (-1);
+ }
pid = getpid();
token = au_to_subject32(auid, geteuid(), getegid(),
- getuid(), getgid(), pid, pid, &termid);
+ getuid(), getgid(), pid, pid, &ai.ai_termid);
if (token == NULL) {
syslog(LOG_AUTH | LOG_ERR,
"audit: unable to build subject token");
More information about the trustedbsd-cvs
mailing list