svn commit: r190700 - head/usr.bin/su

Christian S.J. Peron csjp at FreeBSD.org
Sat Apr 4 13:58:19 PDT 2009 

Author: csjp
Date: Sat Apr  4 20:58:18 2009
New Revision: 190700
URL: http://svn.freebsd.org/changeset/base/190700

Log:
  Fixup the parameters to audit_submit(3) the order is errno then return
  value.  This bug went un-noticed for so long because EPERM == 1
  
  MFC after:	1 week
  Spotted by:	sson, rwatson

Modified:
  head/usr.bin/su/su.c

Modified: head/usr.bin/su/su.c
==============================================================================
--- head/usr.bin/su/su.c	Sat Apr  4 20:08:08 2009	(r190699)
+++ head/usr.bin/su/su.c	Sat Apr  4 20:58:18 2009	(r190700)
@@ -231,7 +231,7 @@ main(int argc, char *argv[])
 	if (strlen(user) > MAXLOGNAME - 1) {
 #ifdef USE_BSM_AUDIT
 		if (audit_submit(AUE_su, auid,
-		    1, EPERM, "username too long: '%s'", user))
+		    EPERM, 1, "username too long: '%s'", user))
 			errx(1, "Permission denied");
 #endif
 		errx(1, "username too long");
@@ -264,7 +264,7 @@ main(int argc, char *argv[])
 		pwd = getpwuid(ruid);
 	if (pwd == NULL) {
 #ifdef USE_BSM_AUDIT
-		if (audit_submit(AUE_su, auid, 1, EPERM,
+		if (audit_submit(AUE_su, auid, EPERM, 1,
 		    "unable to determine invoking subject: '%s'", username))
 			errx(1, "Permission denied");
 #endif
@@ -305,7 +305,7 @@ main(int argc, char *argv[])
 	retcode = pam_authenticate(pamh, 0);
 	if (retcode != PAM_SUCCESS) {
 #ifdef USE_BSM_AUDIT
-		if (audit_submit(AUE_su, auid, 1, EPERM, "bad su %s to %s on %s",
+		if (audit_submit(AUE_su, auid, EPERM, 1, "bad su %s to %s on %s",
 		    username, user, mytty))
 			errx(1, "Permission denied");
 #endif
@@ -326,7 +326,7 @@ main(int argc, char *argv[])
 	pwd = getpwnam(user);
 	if (pwd == NULL) {
 #ifdef USE_BSM_AUDIT
-		if (audit_submit(AUE_su, auid, 1, EPERM,
+		if (audit_submit(AUE_su, auid, EPERM, 1,
 		    "unknown subject: %s", user))
 			errx(1, "Permission denied");
 #endif
@@ -342,7 +342,7 @@ main(int argc, char *argv[])
 			aerr = pam_strerror(pamh, retcode);
 			if (aerr == NULL)
 				aerr = "Unknown PAM error";
-			if (audit_submit(AUE_su, auid, 1, EPERM,
+			if (audit_submit(AUE_su, auid, EPERM, 1,
 			    "pam_chauthtok: %s", aerr))
 				errx(1, "Permission denied");
 #endif
@@ -353,7 +353,7 @@ main(int argc, char *argv[])
 	}
 	if (retcode != PAM_SUCCESS) {
 #ifdef USE_BSM_AUDIT
-		if (audit_submit(AUE_su, auid, 1, EPERM, "pam_acct_mgmt: %s",
+		if (audit_submit(AUE_su, auid, EPERM, 1, "pam_acct_mgmt: %s",
 		    pam_strerror(pamh, retcode)))
 			errx(1, "Permission denied");
 #endif
@@ -368,7 +368,7 @@ main(int argc, char *argv[])
 	else {
 		if (ruid != 0) {
 #ifdef USE_BSM_AUDIT
-			if (audit_submit(AUE_su, auid, 1, EPERM,
+			if (audit_submit(AUE_su, auid, EPERM, 1,
 			    "only root may use -c"))
 				errx(1, "Permission denied");
 #endif

More information about the svn-src-all mailing list