From owner-p4-projects@FreeBSD.ORG Wed Feb 8 02:58:54 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 2A8FB16A423; Wed, 8 Feb 2006 02:58:54 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D5EC916A420 for ; Wed, 8 Feb 2006 02:58:53 +0000 (GMT) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8529D43D45 for ; Wed, 8 Feb 2006 02:58:53 +0000 (GMT) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k182wrLV040258 for ; Wed, 8 Feb 2006 02:58:53 GMT (envelope-from csjp@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k182wr5k040255 for perforce@freebsd.org; Wed, 8 Feb 2006 02:58:53 GMT (envelope-from csjp@freebsd.org) Date: Wed, 8 Feb 2006 02:58:53 GMT Message-Id: <200602080258.k182wr5k040255@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to csjp@freebsd.org using -f From: "Christian S.J. Peron" To: Perforce Change Reviews Cc: Subject: PERFORCE change 91365 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2006 02:58:55 -0000 http://perforce.freebsd.org/chv.cgi?CH=91365 Change 91365 by csjp@csjp_xor on 2006/02/08 02:58:51 Add neccessary bits for OpenSSH support: - Covert the cannot_audit() macro into a function prototype - Re-arrange the ifdefs a bit in bsm_notify so the cannot_audit() can utilize the included header files, too. - make cannot_audit() a function, which will in the Apple case, wrap au_get_state, and for everything else, call auditon(2) system call. This function will log the fact that the audit status check failed, but only if ENOSYS was not returned by the system call. Reviewed by: rwatson Affected files ... .. //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#16 edit .. //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#9 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#16 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#15 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#16 $ */ #ifndef _LIBBSM_H_ @@ -872,7 +872,7 @@ __END_DECLS /* OpenSSH compatibility */ -#define cannot_audit(x) (!(au_get_state() == AUC_AUDITING)) +int cannot_audit(int); __BEGIN_DECLS /* ==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#9 (text+ko) ==== @@ -26,15 +26,12 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#8 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#9 $ */ -#ifdef __APPLE__ - /* * Based on sample code from Marc Majka. */ -#include #include /* strerror() */ #include /* errno */ #include @@ -42,6 +39,8 @@ #include /* syslog() */ #include /* syslog() */ +#ifdef __APPLE__ +#include /* If 1, assumes a kernel that sends the right notification. */ #define AUDIT_NOTIFICATION_ENABLED 1 @@ -145,5 +144,25 @@ return (AUC_AUDITING); } } +#endif /* !__APPLE__ */ -#endif /* !__APPLE__ */ +int +cannot_audit(int val __unused) +{ +#ifdef __APPLE__ + return (!(au_get_state() == AUC_AUDITING)); +#else + unsigned long au_cond; + + if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { + if (errno != ENOSYS) { + syslog(LOG_ERR, "Audit status check failed (%s)", + strerror(errno)); + } + return (1); + } + if (au_cond == AUC_NOAUDIT || au_cond == AUC_DISABLED) + return (1); + return (0); +#endif /* !__APPLE__ */ +}