Date: Tue, 21 Feb 2006 04:21:26 GMT From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 92111 for review Message-ID: <200602210421.k1L4LQc7083599@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=92111 Change 92111 by csjp@csjp_xor on 2006/02/21 04:21:22 Conditionally compile the login_audit and in login.c conditionally compile in calls to audit functions. This behaviour differs a bit from my previous change, where the audit functions were NOPs in the event audit was not wanted. Affected files ... .. //depot/projects/trustedbsd/audit3/usr.bin/login/login.c#15 edit .. //depot/projects/trustedbsd/audit3/usr.bin/login/login_audit.c#11 edit Differences ... ==== //depot/projects/trustedbsd/audit3/usr.bin/login/login.c#15 (text+ko) ==== @@ -292,19 +292,25 @@ pam_err = pam_start("login", username, &pamc, &pamh); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_start()"); +#ifdef USE_BSM_AUDIT au_login_fail("PAM Error", 1); +#endif bail(NO_SLEEP_EXIT, 1); } pam_err = pam_set_item(pamh, PAM_TTY, tty); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_set_item(PAM_TTY)"); +#ifdef USE_BSM_AUDIT au_login_fail("PAM Error", 1); +#endif bail(NO_SLEEP_EXIT, 1); } pam_err = pam_set_item(pamh, PAM_RHOST, hostname); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_set_item(PAM_RHOST)"); +#ifdef USE_BSM_AUDIT au_login_fail("PAM Error", 1); +#endif bail(NO_SLEEP_EXIT, 1); } @@ -338,7 +344,9 @@ * We are not exiting here, but this corresponds to a failed * login event, so set exitstatus to 1. */ +#ifdef USE_BSM_AUDIT au_login_fail("Login incorrect", 1); +#endif (void)printf("Login incorrect\n"); failures++; @@ -362,9 +370,11 @@ endpwent(); +#ifdef USE_BSM_AUDIT /* Audit successful login. */ if (auditsuccess) au_login_success(); +#endif /* * Establish the login class. @@ -951,7 +961,9 @@ { pam_cleanup(); +#ifdef USE_BSM_AUDIT audit_logout(); +#endif (void)sleep(sec); exit(eval); } ==== //depot/projects/trustedbsd/audit3/usr.bin/login/login_audit.c#11 (text+ko) ==== @@ -46,6 +46,7 @@ #include "login.h" +#ifdef USE_BSM_AUDIT /* * Audit data */ @@ -58,7 +59,6 @@ void au_login_success(void) { -#ifdef USE_BSM_AUDIT token_t *tok; int aufd; au_mask_t aumask; @@ -103,7 +103,6 @@ if (au_close(aufd, 1, AUE_login) == -1) errx(1, "login: Audit Record was not committed."); -#endif /* USE_BSM_AUDIT */ } /* @@ -113,7 +112,6 @@ void au_login_fail(char *errmsg, int na) { -#ifdef USE_BSM_AUDIT token_t *tok; int aufd; long au_cond; @@ -162,7 +160,6 @@ if (au_close(aufd, 1, AUE_login) == -1) errx(1, "login: Audit Error: au_close() was not committed"); -#endif /* USE_BSM_AUDIT */ } /* @@ -172,7 +169,6 @@ void audit_logout(void) { -#ifdef USE_BSM_AUDIT token_t *tok; int aufd; au_mask_t aumask; @@ -206,5 +202,5 @@ if (au_close(aufd, 1, AUE_logout) == -1) errx(1, "login: Audit Record was not committed."); +} #endif /* USE_BSM_AUDIT */ -}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602210421.k1L4LQc7083599>