From nobody Tue Nov 18 16:24:43 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4d9qhK2sFdz6HNp2
	for <dev-commits-src-all@mlmmj.nyi.freebsd.org>; Tue, 18 Nov 2025 16:24:49 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4d9qhK0LwLz4Jr6
	for <dev-commits-src-all@FreeBSD.org>; Tue, 18 Nov 2025 16:24:49 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1763483089;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=S0z3fN+RL+KlZgr6pzf6x2WnRAPmONPjtkLaBSk0U08=;
	b=IgmyBGGU6YwUyEACpRdiIAEaBzLBvkRnAk2mDb0XQjn6+oNU02ZvCob5KxmvebR2AGvehm
	9yqvRKdEcFPDCo+8h385jvJsqzpYUxTU8u2xKlJGxUYSbdN1UDIPfy7nWDFJGb0QzRUEos
	ySfHM/0C110VAaRVyFcBDSYHrHK9ZF+2ZecwXci/xv3LmSC2YKOtdmToHmwaHOVJgRZwdA
	98RC3V7tZgoPnez/9NztHm1WhU09R7iROVUXnp3pHf9WoKKTgQ9Ih5hjmGfvDkHT2H/KkB
	4V+d+dK/8r8Z8OdWsNVoyuBWwHDg/YAujgqJmcu+ZmvONmx2ek9oeQ+m+K7f1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1763483089;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=S0z3fN+RL+KlZgr6pzf6x2WnRAPmONPjtkLaBSk0U08=;
	b=I2viyEiARRsvEwczkFxNINPZ7ZDfTVf9fsuAA2pj0Qx0Fr/MeTI4E3i6kJ731z93w9mlMn
	V4IcmdUpH0qz8HRIDDg8Bqr01xUFQmLIvi3rBCvTWLEHTeLg4wP1V48iu+qm/7ZKnOo/rN
	zl3dq2/bZ69l+TJE8DtcfIExxR4Xipyh69ixC50bkQadH8g0r+VdwaDBoG+2gFL7HJ8dIW
	vGriTyb9jFE4QERAbrFWWVGQiry5GrWWrwV4YP59/QSiMjXfjRPIEGPjfdeYCXLYCxdiwc
	b8n8zZ3vyeCQNoxXcKB4YGQxO82sKQod29iBMI/6dxt6iqwqkklnZf2CSevtbQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1763483089; a=rsa-sha256; cv=none;
	b=wLTvzTb9qwXUKRJVtAu3C2ZOaG2ADxyyGRQaTMvhLEcK87xm0+gCAXrIjQeRhrXwchQxf6
	pFbFMjpSKmW+nOwQbOfnOHvOicn8SmMs6zK/b/Kylb2oDpPRUOaUsSQKxoHpj9ciye8REU
	Z0gdGBAtD3SxIvTFIX4gdGXjZ8iCt4MSSjHTGMgzLK6tUJE3XNW3GnAZxf3lKW2ceo5q3S
	Ku0W8TjQLwHqKUNEvVwumPzkS7mV9W2/1OKjjyeqlOIH9mce7mwcIlunioloi5BSOxYmxW
	yk4GcvgYe6n5gB0QA8K6kv2TjmR++7A/E36/W5A6vYFrSrIxATWGiYT09dOqWA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4d9qhC6pcSz128n
	for <dev-commits-src-all@FreeBSD.org>; Tue, 18 Nov 2025 16:24:43 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 8191
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Tue, 18 Nov 2025 16:24:43 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: 1238610a27d5 - main - setaudit: Add an update mode
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 1238610a27d5bc0914f524296ff587d86eec4c52
Auto-Submitted: auto-generated
Date: Tue, 18 Nov 2025 16:24:43 +0000
Message-Id: <691c9dcb.8191.1e4921e0@gitrepo.freebsd.org>

The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=1238610a27d5bc0914f524296ff587d86eec4c52

commit 1238610a27d5bc0914f524296ff587d86eec4c52
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-11-17 16:45:29 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-11-18 16:24:20 +0000

    setaudit: Add an update mode
    
    By default, setaudit(8) overwrites the whole audit session state.  For
    the purpose of overwriting only a single field, e.g., the audit user,
    this is inconvenient.  Add -U to accomodate this case: when specified,
    setaudit(8) will first fetch the current session state block and then
    will only overwrite those fields specified on the command line.
    
    Reviewed by:    csjp
    MFC after:      2 weeks
    Sponsored by:   Modirum MDPay
    Sponsored by:   Klara, Inc.
    Differential Revision:  https://reviews.freebsd.org/D53672
---
 usr.sbin/setaudit/setaudit.8 | 12 +++++++++++-
 usr.sbin/setaudit/setaudit.c | 38 ++++++++++++++++++++++++++++----------
 2 files changed, 39 insertions(+), 11 deletions(-)

diff --git a/usr.sbin/setaudit/setaudit.8 b/usr.sbin/setaudit/setaudit.8
index 7dc3e05a4473..7dd66225979c 100644
--- a/usr.sbin/setaudit/setaudit.8
+++ b/usr.sbin/setaudit/setaudit.8
@@ -28,7 +28,7 @@
 .Nd "specify audit configurations on a process"
 .Sh SYNOPSIS
 .Nm
-.Op Fl 46
+.Op Fl 46U
 .Op Fl a Ar auid
 .Op Fl m Ar mask
 .Op Fl s Ar source
@@ -44,6 +44,16 @@ The following options are available:
 Use IPv4.
 .It Fl 6
 Use IPv6.
+.It Fl U
+Update audit session state rather than overwriting it.
+By default,
+.Nm
+will overwrite the entire audit session state using the specified
+parameters.
+If
+.Fl U
+is specified, only the parameters given on the command line will be
+updated, leaving the rest unchanged.
 .It Fl a Ar auid
 Audit user ID or user name.
 .It Fl m Ar mask
diff --git a/usr.sbin/setaudit/setaudit.c b/usr.sbin/setaudit/setaudit.c
index adea52a83a8d..af8f481afcb3 100644
--- a/usr.sbin/setaudit/setaudit.c
+++ b/usr.sbin/setaudit/setaudit.c
@@ -35,6 +35,7 @@
 #include <err.h>
 #include <netdb.h>
 #include <pwd.h>
+#include <stdbool.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -44,7 +45,7 @@ static void
 usage(char *prog)
 {
 	(void)fprintf(stderr,
-	    "usage: %s [-46] [-a auid] [-m mask] [-s source] [-p port] command ...\n",
+    "usage: %s [-46U] [-a auid] [-m mask] [-p port] [-s source] command ...\n",
 	    prog);
 	exit(1);
 }
@@ -56,19 +57,21 @@ main(int argc, char *argv [])
 	struct sockaddr_in *sin;
 	struct addrinfo hints;
 	auditinfo_addr_t aia;
-	struct addrinfo *res;
-	struct passwd *pwd;
 	char *aflag, *mflag, *sflag, *prog;
+	dev_t term_port;
+	uint32_t term_type;
 	int ch, error;
+	bool Uflag;
 
 	aflag = mflag = sflag = NULL;
+	Uflag = false;
 
 	prog = argv[0];
 	bzero(&aia, sizeof(aia));
 	bzero(&hints, sizeof(hints));
-	aia.ai_termid.at_type = AU_IPv4;
+	term_type = AU_IPv4;
 	hints.ai_family = PF_UNSPEC;
-	while ((ch = getopt(argc, argv, "46a:m:p:s:")) != -1)
+	while ((ch = getopt(argc, argv, "46a:m:p:s:U")) != -1)
 		switch (ch) {
 		case '4':
 			hints.ai_family = PF_INET;
@@ -83,11 +86,14 @@ main(int argc, char *argv [])
 			mflag = optarg;
 			break;
 		case 'p':
-			aia.ai_termid.at_port = htons(atoi(optarg));
+			term_port = htons(atoi(optarg));
 			break;
 		case 's':
 			sflag = optarg;
 			break;
+		case 'U':
+			Uflag = true;
+			break;
 		default:
 			usage(prog);
 			/* NOT REACHED */
@@ -96,7 +102,14 @@ main(int argc, char *argv [])
 	argv += optind;
 	if (argc == 0)
 		usage(prog);
+
+	if (Uflag) {
+		if (getaudit_addr(&aia, sizeof(aia)) < 0)
+			err(1, "getaudit_addr");
+	}
 	if (aflag) {
+		struct passwd *pwd;
+
 		pwd = getpwnam(aflag);
 		if (pwd == NULL) {
 			char *r;
@@ -112,6 +125,8 @@ main(int argc, char *argv [])
 			err(1, "getauditflagsbin");
 	}
 	if (sflag) {
+		struct addrinfo *res;
+
 		error = getaddrinfo(sflag, NULL, &hints, &res);
 		if (error)
 			errx(1, "%s", gai_strerror(error));
@@ -121,20 +136,23 @@ main(int argc, char *argv [])
 			bcopy(&sin6->sin6_addr.s6_addr,
 			    &aia.ai_termid.at_addr[0],
 			    sizeof(struct in6_addr));
-			aia.ai_termid.at_type = AU_IPv6;
+			term_type = AU_IPv6;
 			break;
 		case PF_INET:
 			sin = (struct sockaddr_in *)(void *)res->ai_addr;
 			bcopy(&sin->sin_addr.s_addr,
 			    &aia.ai_termid.at_addr[0],
 			    sizeof(struct in_addr));
-			aia.ai_termid.at_type = AU_IPv4;
+			term_type = AU_IPv4;
 			break;
 		}
 	}
-	if (setaudit_addr(&aia, sizeof(aia)) < 0) {
-		err(1, "setaudit_addr");
+	if (!Uflag || sflag) {
+		aia.ai_termid.at_port = term_port;
+		aia.ai_termid.at_type = term_type;
 	}
+	if (setaudit_addr(&aia, sizeof(aia)) < 0)
+		err(1, "setaudit_addr");
 	(void)execvp(*argv, argv);
 	err(1, "%s", *argv);
 }