From owner-trustedbsd-cvs@FreeBSD.ORG Tue Feb 21 04:21:29 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B273316A42A for ; Tue, 21 Feb 2006 04:21:29 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id C62D443D46 for ; Tue, 21 Feb 2006 04:21:28 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 8CC8446B84 for ; Mon, 20 Feb 2006 23:21:12 -0500 (EST) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 8C16E55F8F; Tue, 21 Feb 2006 04:21:27 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 7E09016A423; Tue, 21 Feb 2006 04:21:27 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3AC5116A422 for ; Tue, 21 Feb 2006 04:21:27 +0000 (GMT) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id ACC4243D46 for ; Tue, 21 Feb 2006 04:21:26 +0000 (GMT) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k1L4LQQq083602 for ; Tue, 21 Feb 2006 04:21:26 GMT (envelope-from csjp@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k1L4LQc7083599 for perforce@freebsd.org; Tue, 21 Feb 2006 04:21:26 GMT (envelope-from csjp@freebsd.org) Date: Tue, 21 Feb 2006 04:21:26 GMT Message-Id: <200602210421.k1L4LQc7083599@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to csjp@freebsd.org using -f From: "Christian S.J. Peron" To: Perforce Change Reviews Cc: Subject: PERFORCE change 92111 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Feb 2006 04:21:29 -0000 http://perforce.freebsd.org/chv.cgi?CH=92111 Change 92111 by csjp@csjp_xor on 2006/02/21 04:21:22 Conditionally compile the login_audit and in login.c conditionally compile in calls to audit functions. This behaviour differs a bit from my previous change, where the audit functions were NOPs in the event audit was not wanted. Affected files ... .. //depot/projects/trustedbsd/audit3/usr.bin/login/login.c#15 edit .. //depot/projects/trustedbsd/audit3/usr.bin/login/login_audit.c#11 edit Differences ... ==== //depot/projects/trustedbsd/audit3/usr.bin/login/login.c#15 (text+ko) ==== @@ -292,19 +292,25 @@ pam_err = pam_start("login", username, &pamc, &pamh); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_start()"); +#ifdef USE_BSM_AUDIT au_login_fail("PAM Error", 1); +#endif bail(NO_SLEEP_EXIT, 1); } pam_err = pam_set_item(pamh, PAM_TTY, tty); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_set_item(PAM_TTY)"); +#ifdef USE_BSM_AUDIT au_login_fail("PAM Error", 1); +#endif bail(NO_SLEEP_EXIT, 1); } pam_err = pam_set_item(pamh, PAM_RHOST, hostname); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_set_item(PAM_RHOST)"); +#ifdef USE_BSM_AUDIT au_login_fail("PAM Error", 1); +#endif bail(NO_SLEEP_EXIT, 1); } @@ -338,7 +344,9 @@ * We are not exiting here, but this corresponds to a failed * login event, so set exitstatus to 1. */ +#ifdef USE_BSM_AUDIT au_login_fail("Login incorrect", 1); +#endif (void)printf("Login incorrect\n"); failures++; @@ -362,9 +370,11 @@ endpwent(); +#ifdef USE_BSM_AUDIT /* Audit successful login. */ if (auditsuccess) au_login_success(); +#endif /* * Establish the login class. @@ -951,7 +961,9 @@ { pam_cleanup(); +#ifdef USE_BSM_AUDIT audit_logout(); +#endif (void)sleep(sec); exit(eval); } ==== //depot/projects/trustedbsd/audit3/usr.bin/login/login_audit.c#11 (text+ko) ==== @@ -46,6 +46,7 @@ #include "login.h" +#ifdef USE_BSM_AUDIT /* * Audit data */ @@ -58,7 +59,6 @@ void au_login_success(void) { -#ifdef USE_BSM_AUDIT token_t *tok; int aufd; au_mask_t aumask; @@ -103,7 +103,6 @@ if (au_close(aufd, 1, AUE_login) == -1) errx(1, "login: Audit Record was not committed."); -#endif /* USE_BSM_AUDIT */ } /* @@ -113,7 +112,6 @@ void au_login_fail(char *errmsg, int na) { -#ifdef USE_BSM_AUDIT token_t *tok; int aufd; long au_cond; @@ -162,7 +160,6 @@ if (au_close(aufd, 1, AUE_login) == -1) errx(1, "login: Audit Error: au_close() was not committed"); -#endif /* USE_BSM_AUDIT */ } /* @@ -172,7 +169,6 @@ void audit_logout(void) { -#ifdef USE_BSM_AUDIT token_t *tok; int aufd; au_mask_t aumask; @@ -206,5 +202,5 @@ if (au_close(aufd, 1, AUE_logout) == -1) errx(1, "login: Audit Record was not committed."); +} #endif /* USE_BSM_AUDIT */ -}