PERFORCE change 92111 for review

Mon Feb 20 20:21:29 PST 2006

http://perforce.freebsd.org/chv.cgi?CH=92111

Change 92111 by csjp at csjp_xor on 2006/02/21 04:21:22

	Conditionally compile the login_audit and in login.c conditionally
	compile in calls to audit functions. This behaviour differs a bit from
	my previous change, where the audit functions were NOPs in the event
	audit was not wanted.

Affected files ...

.. //depot/projects/trustedbsd/audit3/usr.bin/login/login.c#15 edit
.. //depot/projects/trustedbsd/audit3/usr.bin/login/login_audit.c#11 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/usr.bin/login/login.c#15 (text+ko) ====

@@ -292,19 +292,25 @@
 		pam_err = pam_start("login", username, &pamc, &pamh);
 		if (pam_err != PAM_SUCCESS) {
 			pam_syslog("pam_start()");
+#ifdef USE_BSM_AUDIT
 			au_login_fail("PAM Error", 1);
+#endif
 			bail(NO_SLEEP_EXIT, 1);
 		}
 		pam_err = pam_set_item(pamh, PAM_TTY, tty);
 		if (pam_err != PAM_SUCCESS) {
 			pam_syslog("pam_set_item(PAM_TTY)");
+#ifdef USE_BSM_AUDIT
 			au_login_fail("PAM Error", 1);
+#endif
 			bail(NO_SLEEP_EXIT, 1);
 		}
 		pam_err = pam_set_item(pamh, PAM_RHOST, hostname);
 		if (pam_err != PAM_SUCCESS) {
 			pam_syslog("pam_set_item(PAM_RHOST)");
+#ifdef USE_BSM_AUDIT
 			au_login_fail("PAM Error", 1);
+#endif
 			bail(NO_SLEEP_EXIT, 1);
 		}
 
@@ -338,7 +344,9 @@
 		 * We are not exiting here, but this corresponds to a failed
 		 * login event, so set exitstatus to 1.
 		 */
+#ifdef USE_BSM_AUDIT
 		au_login_fail("Login incorrect", 1);
+#endif
 
 		(void)printf("Login incorrect\n");
 		failures++;
@@ -362,9 +370,11 @@
 
 	endpwent();
 
+#ifdef USE_BSM_AUDIT
 	/* Audit successful login. */
 	if (auditsuccess)
 		au_login_success();
+#endif
 
 	/*
 	 * Establish the login class.
@@ -951,7 +961,9 @@
 {
 
 	pam_cleanup();
+#ifdef USE_BSM_AUDIT
 	audit_logout();
+#endif
 	(void)sleep(sec);
 	exit(eval);
 }

==== //depot/projects/trustedbsd/audit3/usr.bin/login/login_audit.c#11 (text+ko) ====

@@ -46,6 +46,7 @@
 
 #include "login.h"
 
+#ifdef USE_BSM_AUDIT
 /*
  * Audit data
  */
@@ -58,7 +59,6 @@
 void
 au_login_success(void)
 {
-#ifdef USE_BSM_AUDIT
 	token_t *tok;
 	int aufd;
 	au_mask_t aumask;
@@ -103,7 +103,6 @@
 
 	if (au_close(aufd, 1, AUE_login) == -1)
 		errx(1, "login: Audit Record was not committed.");
-#endif	/* USE_BSM_AUDIT */
 }
 
 /*
@@ -113,7 +112,6 @@
 void
 au_login_fail(char *errmsg, int na)
 {
-#ifdef USE_BSM_AUDIT
 	token_t *tok;
 	int aufd;
 	long au_cond;
@@ -162,7 +160,6 @@
 
 	if (au_close(aufd, 1, AUE_login) == -1)
 		errx(1, "login: Audit Error: au_close() was not committed");
-#endif	/* USE_BSM_AUDIT */
 }
 
 /*
@@ -172,7 +169,6 @@
 void
 audit_logout(void)
 {
-#ifdef USE_BSM_AUDIT
 	token_t *tok;
 	int aufd;
 	au_mask_t aumask;
@@ -206,5 +202,5 @@
 
 	if (au_close(aufd, 1, AUE_logout) == -1)
 		errx(1, "login: Audit Record was not committed.");
+}
 #endif	/* USE_BSM_AUDIT */
-}
