From owner-p4-projects@FreeBSD.ORG Tue Feb 21 05:11:29 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id BDAE916A423; Tue, 21 Feb 2006 05:11:28 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7912F16A420 for ; Tue, 21 Feb 2006 05:11:28 +0000 (GMT) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 331A843D45 for ; Tue, 21 Feb 2006 05:11:28 +0000 (GMT) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k1L5BS7E092641 for ; Tue, 21 Feb 2006 05:11:28 GMT (envelope-from csjp@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k1L5BRlJ092638 for perforce@freebsd.org; Tue, 21 Feb 2006 05:11:27 GMT (envelope-from csjp@freebsd.org) Date: Tue, 21 Feb 2006 05:11:27 GMT Message-Id: <200602210511.k1L5BRlJ092638@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to csjp@freebsd.org using -f From: "Christian S.J. Peron" To: Perforce Change Reviews Cc: Subject: PERFORCE change 92112 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Feb 2006 05:11:29 -0000 http://perforce.freebsd.org/chv.cgi?CH=92112 Change 92112 by csjp@csjp_xor on 2006/02/21 05:10:49 Overhaul error handling logic here. The subject shouldn't know anything about the auditing configuration concerning them. So, instead of printing errors to stderr which gives away information about auditing config, print a vague message to stderr and log the details to syslog (LOG_AUTH|LOG_ERR). This is a CAPP requirement. Affected files ... .. //depot/projects/trustedbsd/audit3/usr.bin/login/login_audit.c#12 edit Differences ... ==== //depot/projects/trustedbsd/audit3/usr.bin/login/login_audit.c#12 (text+ko) ==== @@ -43,6 +43,7 @@ #include #include #include +#include #include "login.h" @@ -72,37 +73,55 @@ if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { if (errno == ENOSYS) return; - err(1, "login: Could not determine audit condition"); + syslog(LOG_AUTH | LOG_ERR, + "Could not determine audit condition: %s", + strerror(errno)); + errx(1, "Permission denied"); } if (au_cond == AUC_NOAUDIT) return; /* Compute and set the user's preselection mask. */ - if (au_user_mask(pwd->pw_name, &aumask) == -1) - errx(1, "login: Could not set audit mask\n"); + if (au_user_mask(pwd->pw_name, &aumask) == -1) { + syslog(LOG_AUTH | LOG_ERR, + "Could not set audit mask: %s", strerror(errno)); + errx(1, "Permission denied"); + } /* Set the audit info for the user. */ auinfo.ai_auid = uid; auinfo.ai_asid = pid; bcopy(&tid, &auinfo.ai_termid, sizeof(auinfo.ai_termid)); bcopy(&aumask, &auinfo.ai_mask, sizeof(auinfo.ai_mask)); - if (setaudit(&auinfo) != 0) - err(1, "login: setaudit failed"); + if (setaudit(&auinfo) != 0) { + syslog(LOG_AUTH | LOG_ERR, "setaudit failed: %s", + strerror(errno)); + errx(1, "Permission denied"); + } - if ((aufd = au_open()) == -1) - errx(1,"login: Audit Error: au_open() failed"); + if ((aufd = au_open()) == -1) { + syslog(LOG_AUTH | LOG_ERR, "au_open failed: %s", + strerror(errno)); + errx(1,"Permission denied"); + } if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, pid, - pid, &tid)) == NULL) - errx(1, "login: Audit Error: au_to_subject32() failed"); + pid, &tid)) == NULL) { + syslog(LOG_AUTH | LOG_ERR, "au_to_subject32 failed"); + errx(1, "Permission denied"); + } au_write(aufd, tok); - if ((tok = au_to_return32(0, 0)) == NULL) - errx(1, "login: Audit Error: au_to_return32() failed"); + if ((tok = au_to_return32(0, 0)) == NULL) { + syslog(LOG_AUTH | LOG_ERR, "au_to_return32 failed"); + errx(1, "Permission denied"); + } au_write(aufd, tok); - if (au_close(aufd, 1, AUE_login) == -1) - errx(1, "login: Audit Record was not committed."); + if (au_close(aufd, 1, AUE_login) == -1) { + syslog(LOG_AUTH | LOG_ERR, "audit record not committed"); + errx(1, "Permission denied"); + } } /* @@ -123,13 +142,19 @@ if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { if (errno == ENOSYS) return; - err(1, "login: Could not determine audit condition"); + syslog(LOG_AUTH | LOG_ERR, + "could not determine audit condition: %s", + strerror(errno)); + errx(1, "Permission denied"); } if (au_cond == AUC_NOAUDIT) return; - if ((aufd = au_open()) == -1) - errx(1, "login: Audit Error: au_open() failed"); + if ((aufd = au_open()) == -1) { + syslog(LOG_AUTH | LOG_ERR, "au_open failed: %s", + strerror(errno)); + errx(1, "Permission denied"); + } if (na) { /* @@ -137,29 +162,41 @@ * within a user's session => auid,asid == -1. */ if ((tok = au_to_subject32(-1, geteuid(), getegid(), -1, -1, - pid, -1, &tid)) == NULL) - errx(1, "login: Audit Error: au_to_subject32() failed"); + pid, -1, &tid)) == NULL) { + syslog(LOG_AUTH | LOG_ERR, "au_to_subject32 failed"); + errx(1, "Permission denied"); + } } else { /* We know the subject -- so use its value instead. */ uid = pwd->pw_uid; gid = pwd->pw_gid; if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, - gid, pid, pid, &tid)) == NULL) - errx(1, "login: Audit Error: au_to_subject32() failed"); + gid, pid, pid, &tid)) == NULL) { + syslog(LOG_AUTH | LOG_ERR, "au_to_subject32 failed"); + errx(1, "Permission denied"); + } } au_write(aufd, tok); /* Include the error message. */ - if ((tok = au_to_text(errmsg)) == NULL) - errx(1, "login: Audit Error: au_to_text() failed"); + if ((tok = au_to_text(errmsg)) == NULL) { + syslog(LOG_AUTH | LOG_ERR, "au_to_text failed"); + errx(1, "Permission denied"); + } au_write(aufd, tok); - if ((tok = au_to_return32(1, errno)) == NULL) - errx(1, "login: Audit Error: au_to_return32() failed"); + if ((tok = au_to_return32(1, errno)) == NULL) { + syslog(LOG_AUTH | LOG_ERR, + "login: Audit Error: au_to_return32() failed"); + errx(1, "Permission denied"); + } au_write(aufd, tok); - if (au_close(aufd, 1, AUE_login) == -1) - errx(1, "login: Audit Error: au_close() was not committed"); + if (au_close(aufd, 1, AUE_login) == -1) { + syslog(LOG_AUTH | LOG_ERR, + "login: Audit Error: au_close() was not committed"); + errx(1, "Permission denied"); + } } /* @@ -182,25 +219,39 @@ if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { if (errno == ENOSYS) return; - errx(1, "login: Could not determine audit condition"); + syslog(LOG_AUTH | LOG_ERR, + "login: Could not determine audit condition: %s", + strerror(errno)); + errx(1, "Permission denied"); } if (au_cond == AUC_NOAUDIT) return; - if ((aufd = au_open()) == -1) - errx(1, "login: Audit Error: au_open() failed"); + if ((aufd = au_open()) == -1) { + syslog(LOG_AUTH | LOG_ERR, + "login: Audit Error: au_open() failed"); + errx(1, "Permission denied"); + } /* The subject that is created (euid, egid of the current process). */ if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, pid, - pid, &tid)) == NULL) - errx(1, "login: Audit Error: au_to_subject32() failed"); + pid, &tid)) == NULL) { + syslog(LOG_AUTH | LOG_ERR, + "login: Audit Error: au_to_subject32() failed"); + errx(1, "Permission denied"); + } au_write(aufd, tok); - if ((tok = au_to_return32(0, 0)) == NULL) - errx(1, "login: Audit Error: au_to_return32() failed"); + if ((tok = au_to_return32(0, 0)) == NULL) { + syslog(LOG_AUTH | LOG_ERR, + "login: Audit Error: au_to_return32() failed"); + errx(1, "Permission denied"); + } au_write(aufd, tok); - if (au_close(aufd, 1, AUE_logout) == -1) - errx(1, "login: Audit Record was not committed."); + if (au_close(aufd, 1, AUE_logout) == -1) { + syslog(LOG_AUTH | LOG_ERR, "Audit Record was not committed."); + errx(1, "Permission denied"); + } } #endif /* USE_BSM_AUDIT */