PERFORCE change 160214 for review
Christian S.J. Peron
csjp at FreeBSD.org
Sat Apr 4 14:22:58 PDT 2009
http://perforce.freebsd.org/chv.cgi?CH=160214
Change 160214 by csjp at hvm02 on 2009/04/04 21:22:55
Further refine example:
- Make the example return void and in the case of failure, exit.
This should re-enforce to users that audit errors should be fatal.
- Add a return value section
- Show users how to handle ENOSYS on older kernels
Affected files ...
.. //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#17 edit
Differences ...
==== //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#17 (text+ko) ====
@@ -27,7 +27,7 @@
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#16 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#17 $
.\"
.Dd January 18, 2008
.Dt audit_submit 3
@@ -98,17 +98,28 @@
#include <stdarg.h>
#include <errno.h>
-int
+void
audit_bad_su(char *from_login, char *to_login)
{
struct auditinfo_addr aia;
+ struct auditinfo ai;
+ au_id_t aid;
int error;
- if (getaudit_addr(&aia, sizeof(aia) < 0)
+ error = getaudit_addr(&aia, sizeof(aia));
+ if (error < 0 && errno == ENOSYS) {
+ error = getaudit(&ai);
+ if (error < 0)
+ err(1, "getaudit");
+ aid = ai.ai_auid;
+ } else if (error < 0)
err(1, "getaudit_addr");
- error = audit_submit(AUE_su, aia.ai_auid, EPERM, 1,
+ else
+ aid = aia.ai_auid;
+ error = audit_submit(AUE_su, aid, EPERM, 1,
"bad su from %s to %s", from_login, to_login);
- return (error);
+ if (error != 0)
+ err(1, "audit_submit");
}
.Ed
.Pp
@@ -120,6 +131,13 @@
return,failure : Operation not permitted,1
trailer,94
.Ed
+.Sh RETURN VALUES
+If successful,
+.Nm
+will return zero.
+Otherwise a -1 is returned and the global variable
+.Va errno
+is set to indicate the error.
.Sh SEE ALSO
.Xr auditon 2 ,
.Xr getaudit 2 ,
More information about the p4-projects
mailing list