From nobody Tue Nov 18 16:24:43 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4d9qhD3lXFz6HP57 for ; Tue, 18 Nov 2025 16:24:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4d9qhD0L9hz4JbT for ; Tue, 18 Nov 2025 16:24:44 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1763483084; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=S0z3fN+RL+KlZgr6pzf6x2WnRAPmONPjtkLaBSk0U08=; b=S7X3M8g6y76AaePU+WxbSbTTjNYIttiUSBvyWqBaCUoQH+thq/E0YzmXsCePT+h9QaT6iA BGdMbQLCWzbGvYNokeSLaNTSMn3QZmHrauxLFJrAnrPVjZjpzM2aUNUj7ZIs+EHcPZbV/D w/H6uYIzbDYq7CdRQYqcDg79APuXjauE4DZN4+9M6hwGaTgBm8v6ex2G0WrYXRF1kofTRJ O+gOz5uPYMUqP1p65uaW9vDlZWigEbUIjLRUP0TtIV2YLy4xJUffFkHrX1MJvP9guR/hQ1 eclu0gLx5CboCCSErl7DY/wnyzfTUXKjdBB587LQw1p4T7kX2ctBE/a/8d9ZcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1763483084; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=S0z3fN+RL+KlZgr6pzf6x2WnRAPmONPjtkLaBSk0U08=; b=aG5cZAVFGe/4m/oUd+/Uvw3AY8/QsC9A6eXLM/f1TxWXp9xJjUpCtkrjDf21t9c5unpaGn 4GUDU2hyfOs4VcSrHHPtq6bKm9JfjAe7eq8A7SZ38d0O2W9a+X9XS6XW0U9BRWLIMvq2Tt JRAQYr1pBfITbwmXR7G12jq+w1gtB9ddvyFr3Lj3dPHIEHhI4jNctv1CKh8PtrFjl4wKPz pBwOyMy3SKh3eKBZI40qwZZV9mv4oiqveffPwDOAQ1m2ydxoCPIMcV0A0XpdCZrqyqTiGy uVZKSMWnotXKtJf1mhSuj7MhgSZk3+1G9PiBnvfoaFs3JZ9mtF6iZJflOmqBRQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1763483084; a=rsa-sha256; cv=none; b=u2DSLSLH69IciQ7cAJaBQmKKKkh4wadJMRxwHbk1iwCvrDUIPWAUnpG7gRxen6tQxbRPTU 2Kd/Zs/8ny6mKQSxFHcYy/xgKI+6EWtzfNFVoaKSepK/BBFyjzYvwtg7Q22EXWDq3kdL/p /nNUj1S6RfZpUGmhg1T7Ob2uaCWlvT9TzWwztH8eKsYwQ0+U1yd8H500QB9IRjg8T/cO3u 2wVaXfTGeveI0PjOAgBnM6y2YbFMuAAy48RFNaWaM47n8diXhl/PW+4Ce5Jk5Lo9Z4hP0P 4YHvJ38vzgq4+bH9ZY5T1M+yLwz/Z6MlljY0GhEqs49+PiNKKpFDVLmY/b/6wg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4d9qhC6pYLz11pN for ; Tue, 18 Nov 2025 16:24:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 8191 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Tue, 18 Nov 2025 16:24:43 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: 1238610a27d5 - main - setaudit: Add an update mode List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 1238610a27d5bc0914f524296ff587d86eec4c52 Auto-Submitted: auto-generated Date: Tue, 18 Nov 2025 16:24:43 +0000 Message-Id: <691c9dcb.8191.1e4921e0@gitrepo.freebsd.org> The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=1238610a27d5bc0914f524296ff587d86eec4c52 commit 1238610a27d5bc0914f524296ff587d86eec4c52 Author: Mark Johnston AuthorDate: 2025-11-17 16:45:29 +0000 Commit: Mark Johnston CommitDate: 2025-11-18 16:24:20 +0000 setaudit: Add an update mode By default, setaudit(8) overwrites the whole audit session state. For the purpose of overwriting only a single field, e.g., the audit user, this is inconvenient. Add -U to accomodate this case: when specified, setaudit(8) will first fetch the current session state block and then will only overwrite those fields specified on the command line. Reviewed by: csjp MFC after: 2 weeks Sponsored by: Modirum MDPay Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D53672 --- usr.sbin/setaudit/setaudit.8 | 12 +++++++++++- usr.sbin/setaudit/setaudit.c | 38 ++++++++++++++++++++++++++++---------- 2 files changed, 39 insertions(+), 11 deletions(-) diff --git a/usr.sbin/setaudit/setaudit.8 b/usr.sbin/setaudit/setaudit.8 index 7dc3e05a4473..7dd66225979c 100644 --- a/usr.sbin/setaudit/setaudit.8 +++ b/usr.sbin/setaudit/setaudit.8 @@ -28,7 +28,7 @@ .Nd "specify audit configurations on a process" .Sh SYNOPSIS .Nm -.Op Fl 46 +.Op Fl 46U .Op Fl a Ar auid .Op Fl m Ar mask .Op Fl s Ar source @@ -44,6 +44,16 @@ The following options are available: Use IPv4. .It Fl 6 Use IPv6. +.It Fl U +Update audit session state rather than overwriting it. +By default, +.Nm +will overwrite the entire audit session state using the specified +parameters. +If +.Fl U +is specified, only the parameters given on the command line will be +updated, leaving the rest unchanged. .It Fl a Ar auid Audit user ID or user name. .It Fl m Ar mask diff --git a/usr.sbin/setaudit/setaudit.c b/usr.sbin/setaudit/setaudit.c index adea52a83a8d..af8f481afcb3 100644 --- a/usr.sbin/setaudit/setaudit.c +++ b/usr.sbin/setaudit/setaudit.c @@ -35,6 +35,7 @@ #include #include #include +#include #include #include #include @@ -44,7 +45,7 @@ static void usage(char *prog) { (void)fprintf(stderr, - "usage: %s [-46] [-a auid] [-m mask] [-s source] [-p port] command ...\n", + "usage: %s [-46U] [-a auid] [-m mask] [-p port] [-s source] command ...\n", prog); exit(1); } @@ -56,19 +57,21 @@ main(int argc, char *argv []) struct sockaddr_in *sin; struct addrinfo hints; auditinfo_addr_t aia; - struct addrinfo *res; - struct passwd *pwd; char *aflag, *mflag, *sflag, *prog; + dev_t term_port; + uint32_t term_type; int ch, error; + bool Uflag; aflag = mflag = sflag = NULL; + Uflag = false; prog = argv[0]; bzero(&aia, sizeof(aia)); bzero(&hints, sizeof(hints)); - aia.ai_termid.at_type = AU_IPv4; + term_type = AU_IPv4; hints.ai_family = PF_UNSPEC; - while ((ch = getopt(argc, argv, "46a:m:p:s:")) != -1) + while ((ch = getopt(argc, argv, "46a:m:p:s:U")) != -1) switch (ch) { case '4': hints.ai_family = PF_INET; @@ -83,11 +86,14 @@ main(int argc, char *argv []) mflag = optarg; break; case 'p': - aia.ai_termid.at_port = htons(atoi(optarg)); + term_port = htons(atoi(optarg)); break; case 's': sflag = optarg; break; + case 'U': + Uflag = true; + break; default: usage(prog); /* NOT REACHED */ @@ -96,7 +102,14 @@ main(int argc, char *argv []) argv += optind; if (argc == 0) usage(prog); + + if (Uflag) { + if (getaudit_addr(&aia, sizeof(aia)) < 0) + err(1, "getaudit_addr"); + } if (aflag) { + struct passwd *pwd; + pwd = getpwnam(aflag); if (pwd == NULL) { char *r; @@ -112,6 +125,8 @@ main(int argc, char *argv []) err(1, "getauditflagsbin"); } if (sflag) { + struct addrinfo *res; + error = getaddrinfo(sflag, NULL, &hints, &res); if (error) errx(1, "%s", gai_strerror(error)); @@ -121,20 +136,23 @@ main(int argc, char *argv []) bcopy(&sin6->sin6_addr.s6_addr, &aia.ai_termid.at_addr[0], sizeof(struct in6_addr)); - aia.ai_termid.at_type = AU_IPv6; + term_type = AU_IPv6; break; case PF_INET: sin = (struct sockaddr_in *)(void *)res->ai_addr; bcopy(&sin->sin_addr.s_addr, &aia.ai_termid.at_addr[0], sizeof(struct in_addr)); - aia.ai_termid.at_type = AU_IPv4; + term_type = AU_IPv4; break; } } - if (setaudit_addr(&aia, sizeof(aia)) < 0) { - err(1, "setaudit_addr"); + if (!Uflag || sflag) { + aia.ai_termid.at_port = term_port; + aia.ai_termid.at_type = term_type; } + if (setaudit_addr(&aia, sizeof(aia)) < 0) + err(1, "setaudit_addr"); (void)execvp(*argv, argv); err(1, "%s", *argv); }