From owner-p4-projects@FreeBSD.ORG Tue Feb 21 04:09:12 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 93B3B16A423; Tue, 21 Feb 2006 04:09:11 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E81716A420 for ; Tue, 21 Feb 2006 04:09:11 +0000 (GMT) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id E3E0543D49 for ; Tue, 21 Feb 2006 04:09:10 +0000 (GMT) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k1L49Atp083031 for ; Tue, 21 Feb 2006 04:09:10 GMT (envelope-from csjp@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k1L49AOj083028 for perforce@freebsd.org; Tue, 21 Feb 2006 04:09:10 GMT (envelope-from csjp@freebsd.org) Date: Tue, 21 Feb 2006 04:09:10 GMT Message-Id: <200602210409.k1L49AOj083028@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to csjp@freebsd.org using -f From: "Christian S.J. Peron" To: Perforce Change Reviews Cc: Subject: PERFORCE change 92109 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Feb 2006 04:09:12 -0000 http://perforce.freebsd.org/chv.cgi?CH=92109 Change 92109 by csjp@csjp_xor on 2006/02/21 04:09:03 CAPP says that failing to audit an auditable event should result in the event not happening. So, if auditing any of these events fails, terminate the process all together. Also, do not ignore au_write failures. This change needs to be made in the login(1) too. Affected files ... .. //depot/projects/trustedbsd/audit3/usr.bin/su/su.c#11 edit Differences ... ==== //depot/projects/trustedbsd/audit3/usr.bin/su/su.c#11 (text+ko) ==== @@ -650,13 +650,13 @@ return; syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s", strerror(errno)); - return; + errx(1, "Permission denied"); } afd = au_open(); if (afd < 0) { syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s", strerror(errno)); - return; + errx(1, "Permission denied"); } /* XXX what should we do for termid? */ bzero(&termid, sizeof(termid)); @@ -666,10 +666,13 @@ if (token == NULL) { syslog(LOG_AUTH | LOG_ERR, "audit: unable to build subject token"); - return; + errx(1, "Permission denied"); + } + if (au_write(afd, token) < 0) { + syslog(LOG_AUTH | LOG_ERR, + "audit: au_write failed: %s", strerror(errno)); + errx(1, "Permission denied"); } - /* XXX what if au_fails? */ - (void) au_write(afd, token); if (fmt != NULL) { va_start(ap, fmt); (void) vsnprintf(&text[0], sizeof(text) - 1, fmt, ap); @@ -678,9 +681,13 @@ if (token == NULL) { syslog(LOG_AUTH | LOG_ERR, "audit: failed to generate text token"); - return; + errx(1, "Permission denied"); + } + if (au_write(afd, token) < 0) { + syslog(LOG_AUTH | LOG_ERR, + "audit: au_write failed: %s", strerror(errno)); + errx(1, "Permission denied"); } - (void) au_write(afd, token); } switch (what) { case AUDIT_SU_FAILURE: @@ -693,10 +700,16 @@ if (token == NULL) { syslog(LOG_AUTH | LOG_ERR, "audit: enable to build return token"); - return; + errx(1, "Permission denied"); + } + if (au_write(afd, token) < 0) { + syslog(LOG_AUTH | LOG_ERR, + "audit: au_write failed: %s", strerror(errno)); + errx(1, "Permission denied"); } - (void) au_write(afd, token); - if (au_close(afd, 1, AUE_su) < 0) + if (au_close(afd, 1, AUE_su) < 0) { syslog(LOG_AUTH | LOG_ERR, "audit: record not committed"); + errx(1, "Permission denied"); + } } #endif