From nobody Mon Dec 8 14:17:44 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dQ3wS4mllz6JsH9 for ; Mon, 08 Dec 2025 14:17:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dQ3wS28CPz3q2r for ; Mon, 08 Dec 2025 14:17:44 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1765203464; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LiBFO+rUoFlZRNT2zraQtUiiM/cen4I/zjAQoZ+HWOY=; b=N6o+Z1IzB+MSJ6AmbCazEZq+POgPPEsNgt/FykmGU627irUPqcZtL3DCw8U0kwwGjgYPQK 2QlJSuWIy0SHEW1Ujs6ymIuFPQix/n8cGkjwC00fU5F/yoHGvLGOh+4Dg5LF7fzDwfKKaS p6X5sfFqx0137KuR5t0pY13XBPWclnfHjP1Ep+OcfBiUU4cjpUhwPzZ9Vmobk7ufKHq0YZ duXQ2WlUK1drCbvU5P/jZLNE/l118WkcWXfRH/LE6NGGqcwDWzqvoRgaK/iAb8Clj2UtQ7 lsCgy+hLmSuvQCJQMTvJlZMxok8YyEBS2C08UL5QTMJ2f13inq1XTo65/jGIMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1765203464; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LiBFO+rUoFlZRNT2zraQtUiiM/cen4I/zjAQoZ+HWOY=; b=w55RE7UlfBJYnqIoLCAvh+igmRKkc0LjYmLv18cPM/BO9piR/9XnVs5gTcyVuDz7HpNfxb lQ4zpk4fClQ8ZEfaqhqA9GTZe3vcRZHHHzCRC5j2QAf7DxUl2DyeNiAbzgydsvQNO8SIcr tiW9Q5u6bje1iMDneNGEO6ho1IBx6ee1fZsl3bdbAifEStzBiqxQ6JdahvJvfB4igwOHJK hf9GVMoe8thNYWjDBdNEer31L0azuv1yQvkUhVuoAN9HSzMV4YCjDt4WqwruLF4UZ+jGKK wwSGkMiFu1oCAwXQ7qjHHZWuZFJYDAYobtfuxxoCgj7bNdv5G3Zjyglwf4GC+w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1765203464; a=rsa-sha256; cv=none; b=rhyH/N2RK9M8YuzeSZuHBhechiBa9fwB2PQzwPuXjXwomw0ghz9Nhg0S8T+UYK3X1Ukhag VVigTa6ntIlWiTgZd12xG3OpZcRWn54dI7cE9aOiX8V0eZXpE9HicAM0q5dhn0bv25gQKY Ic6vlM/7cRVcKGYBiZ6bm7YWVCrgN8u8igd8N9mEU19V7s0qNrEnCgMeRugJWA3lde5AGf nxDQ/8hZ9sj8+gS/Wa2LWTvtxokpELn7fVg9Pg0+0eEvreHL1UH7GJR2FM1xZWWNMEZ1tU xEqFVm3wWOgEFuA2+xDiwvT3PiFevgOjpjUkyaEeAf/Av0bNyInFPSEotfEWIQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dQ3wS1f9hz1Qg for ; Mon, 08 Dec 2025 14:17:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 30190 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Mon, 08 Dec 2025 14:17:44 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 80a089d4359a - stable/15 - setaudit: Add an update mode List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 80a089d4359ab014ee017860cc23da40f7a4c8fd Auto-Submitted: auto-generated Date: Mon, 08 Dec 2025 14:17:44 +0000 Message-Id: <6936de08.30190.3e423581@gitrepo.freebsd.org> The branch stable/15 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=80a089d4359ab014ee017860cc23da40f7a4c8fd commit 80a089d4359ab014ee017860cc23da40f7a4c8fd Author: Mark Johnston AuthorDate: 2025-11-17 16:45:29 +0000 Commit: Mark Johnston CommitDate: 2025-12-08 14:14:58 +0000 setaudit: Add an update mode By default, setaudit(8) overwrites the whole audit session state. For the purpose of overwriting only a single field, e.g., the audit user, this is inconvenient. Add -U to accomodate this case: when specified, setaudit(8) will first fetch the current session state block and then will only overwrite those fields specified on the command line. Reviewed by: csjp MFC after: 2 weeks Sponsored by: Modirum MDPay Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D53672 (cherry picked from commit 1238610a27d5bc0914f524296ff587d86eec4c52) --- usr.sbin/setaudit/setaudit.8 | 12 +++++++++++- usr.sbin/setaudit/setaudit.c | 38 ++++++++++++++++++++++++++++---------- 2 files changed, 39 insertions(+), 11 deletions(-) diff --git a/usr.sbin/setaudit/setaudit.8 b/usr.sbin/setaudit/setaudit.8 index 7dc3e05a4473..7dd66225979c 100644 --- a/usr.sbin/setaudit/setaudit.8 +++ b/usr.sbin/setaudit/setaudit.8 @@ -28,7 +28,7 @@ .Nd "specify audit configurations on a process" .Sh SYNOPSIS .Nm -.Op Fl 46 +.Op Fl 46U .Op Fl a Ar auid .Op Fl m Ar mask .Op Fl s Ar source @@ -44,6 +44,16 @@ The following options are available: Use IPv4. .It Fl 6 Use IPv6. +.It Fl U +Update audit session state rather than overwriting it. +By default, +.Nm +will overwrite the entire audit session state using the specified +parameters. +If +.Fl U +is specified, only the parameters given on the command line will be +updated, leaving the rest unchanged. .It Fl a Ar auid Audit user ID or user name. .It Fl m Ar mask diff --git a/usr.sbin/setaudit/setaudit.c b/usr.sbin/setaudit/setaudit.c index adea52a83a8d..af8f481afcb3 100644 --- a/usr.sbin/setaudit/setaudit.c +++ b/usr.sbin/setaudit/setaudit.c @@ -35,6 +35,7 @@ #include #include #include +#include #include #include #include @@ -44,7 +45,7 @@ static void usage(char *prog) { (void)fprintf(stderr, - "usage: %s [-46] [-a auid] [-m mask] [-s source] [-p port] command ...\n", + "usage: %s [-46U] [-a auid] [-m mask] [-p port] [-s source] command ...\n", prog); exit(1); } @@ -56,19 +57,21 @@ main(int argc, char *argv []) struct sockaddr_in *sin; struct addrinfo hints; auditinfo_addr_t aia; - struct addrinfo *res; - struct passwd *pwd; char *aflag, *mflag, *sflag, *prog; + dev_t term_port; + uint32_t term_type; int ch, error; + bool Uflag; aflag = mflag = sflag = NULL; + Uflag = false; prog = argv[0]; bzero(&aia, sizeof(aia)); bzero(&hints, sizeof(hints)); - aia.ai_termid.at_type = AU_IPv4; + term_type = AU_IPv4; hints.ai_family = PF_UNSPEC; - while ((ch = getopt(argc, argv, "46a:m:p:s:")) != -1) + while ((ch = getopt(argc, argv, "46a:m:p:s:U")) != -1) switch (ch) { case '4': hints.ai_family = PF_INET; @@ -83,11 +86,14 @@ main(int argc, char *argv []) mflag = optarg; break; case 'p': - aia.ai_termid.at_port = htons(atoi(optarg)); + term_port = htons(atoi(optarg)); break; case 's': sflag = optarg; break; + case 'U': + Uflag = true; + break; default: usage(prog); /* NOT REACHED */ @@ -96,7 +102,14 @@ main(int argc, char *argv []) argv += optind; if (argc == 0) usage(prog); + + if (Uflag) { + if (getaudit_addr(&aia, sizeof(aia)) < 0) + err(1, "getaudit_addr"); + } if (aflag) { + struct passwd *pwd; + pwd = getpwnam(aflag); if (pwd == NULL) { char *r; @@ -112,6 +125,8 @@ main(int argc, char *argv []) err(1, "getauditflagsbin"); } if (sflag) { + struct addrinfo *res; + error = getaddrinfo(sflag, NULL, &hints, &res); if (error) errx(1, "%s", gai_strerror(error)); @@ -121,20 +136,23 @@ main(int argc, char *argv []) bcopy(&sin6->sin6_addr.s6_addr, &aia.ai_termid.at_addr[0], sizeof(struct in6_addr)); - aia.ai_termid.at_type = AU_IPv6; + term_type = AU_IPv6; break; case PF_INET: sin = (struct sockaddr_in *)(void *)res->ai_addr; bcopy(&sin->sin_addr.s_addr, &aia.ai_termid.at_addr[0], sizeof(struct in_addr)); - aia.ai_termid.at_type = AU_IPv4; + term_type = AU_IPv4; break; } } - if (setaudit_addr(&aia, sizeof(aia)) < 0) { - err(1, "setaudit_addr"); + if (!Uflag || sflag) { + aia.ai_termid.at_port = term_port; + aia.ai_termid.at_type = term_type; } + if (setaudit_addr(&aia, sizeof(aia)) < 0) + err(1, "setaudit_addr"); (void)execvp(*argv, argv); err(1, "%s", *argv); }