From owner-p4-projects@FreeBSD.ORG Mon Feb 13 00:51:27 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id D8D9216A423; Mon, 13 Feb 2006 00:51:26 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9594416A420 for ; Mon, 13 Feb 2006 00:51:26 +0000 (GMT) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5EAF243D45 for ; Mon, 13 Feb 2006 00:51:26 +0000 (GMT) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k1D0pQ8Y032896 for ; Mon, 13 Feb 2006 00:51:26 GMT (envelope-from csjp@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k1D0pQN1032893 for perforce@freebsd.org; Mon, 13 Feb 2006 00:51:26 GMT (envelope-from csjp@freebsd.org) Date: Mon, 13 Feb 2006 00:51:26 GMT Message-Id: <200602130051.k1D0pQN1032893@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to csjp@freebsd.org using -f From: "Christian S.J. Peron" To: Perforce Change Reviews Cc: Subject: PERFORCE change 91655 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Feb 2006 00:51:27 -0000 http://perforce.freebsd.org/chv.cgi?CH=91655 Change 91655 by csjp@csjp_xor on 2006/02/13 00:50:26 - Check to see if we are runing as root, if we aren't the drop the call to audit failure. - Re-arrange the max login name logic so we don't audit failure due to excessive login name lengths when we are not root. - Don't attempt to audit after we have called setusercontext(), as it is possible that we are no longer running with the required privilege. - Move successful audits to right after the authentication succeeds. Discussed with: wsalamon Affected files ... .. //depot/projects/trustedbsd/audit3/usr.bin/su/su.c#6 edit Differences ... ==== //depot/projects/trustedbsd/audit3/usr.bin/su/su.c#6 (text+ko) ==== @@ -209,22 +209,19 @@ usage(); /* NOTREACHED */ - if (strlen(user) > MAXLOGNAME - 1) { -#ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE); -#endif - errx(1, "username too long"); - } - /* * Try to provide more helpful debugging output if su(1) is running * non-setuid, or was run from a file system not mounted setuid. */ if (geteuid() != 0) { + errx(1, "not running setuid"); + } + + if (strlen(user) > MAXLOGNAME - 1) { #ifdef USE_BSM_AUDIT audit_su(getuid(), AUDIT_SU_FAILURE); #endif - errx(1, "not running setuid"); + errx(1, "username too long"); } nargv = malloc(sizeof(char *) * (size_t)(argc + 4)); @@ -310,6 +307,9 @@ username, user, mytty); errx(1, "Sorry"); } +#ifdef USE_BSM_AUDIT + audit_su(ruid, AUDIT_SU_SUCCESS); +#endif retcode = pam_get_item(pamh, PAM_USER, (const void **)&p); if (retcode == PAM_SUCCESS) user = p; @@ -572,9 +572,6 @@ /* csh strips the first character... */ *np.a = asthem ? "-su" : iscsh == YES ? "_su" : "su"; -#ifdef USE_BSM_AUDIT - audit_su(ruid, AUDIT_SU_SUCCESS); -#endif if (ruid != 0) syslog(LOG_NOTICE, "%s to %s%s", username, user, ontty());