PERFORCE change 92109 for review

Mon Feb 20 20:09:16 PST 2006

http://perforce.freebsd.org/chv.cgi?CH=92109

Change 92109 by csjp at csjp_xor on 2006/02/21 04:09:03

	CAPP says that failing to audit an auditable event should result in the
	event not happening. So, if auditing any of these events fails, terminate
	the process all together. Also, do not ignore au_write failures. This change
	needs to be made in the login(1) too.

Affected files ...

.. //depot/projects/trustedbsd/audit3/usr.bin/su/su.c#11 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/usr.bin/su/su.c#11 (text+ko) ====

@@ -650,13 +650,13 @@
 			return;
 		syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s",
 		    strerror(errno));
-		return;
+		errx(1, "Permission denied");
 	}
 	afd = au_open();
 	if (afd < 0) {
 		syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s",
 		    strerror(errno));
-		return;
+		errx(1, "Permission denied");
 	}
 	/* XXX what should we do for termid? */
 	bzero(&termid, sizeof(termid));
@@ -666,10 +666,13 @@
 	if (token == NULL) {
 		syslog(LOG_AUTH | LOG_ERR,
 		    "audit: unable to build subject token");
-		return;
+		errx(1, "Permission denied");
+	}
+	if (au_write(afd, token) < 0) {
+		syslog(LOG_AUTH | LOG_ERR,
+		    "audit: au_write failed: %s", strerror(errno));
+		errx(1, "Permission denied");
 	}
-	/* XXX what if au_fails? */
-	(void) au_write(afd, token);
 	if (fmt != NULL) {
 		va_start(ap, fmt);
 		(void) vsnprintf(&text[0], sizeof(text) - 1, fmt, ap);
@@ -678,9 +681,13 @@
 		if (token == NULL) {
 			syslog(LOG_AUTH | LOG_ERR,
 			    "audit: failed to generate text token");
-			return;
+			errx(1, "Permission denied");
+		}
+		if (au_write(afd, token) < 0) {
+			syslog(LOG_AUTH | LOG_ERR,
+			    "audit: au_write failed: %s", strerror(errno));
+			errx(1, "Permission denied");
 		}
-		(void) au_write(afd, token);
 	}
 	switch (what) {
 	case AUDIT_SU_FAILURE:
@@ -693,10 +700,16 @@
 	if (token == NULL) {
 		syslog(LOG_AUTH | LOG_ERR,
 		    "audit: enable to build return token");
-		return;
+		errx(1, "Permission denied");
+	}
+	if (au_write(afd, token) < 0) {
+		syslog(LOG_AUTH | LOG_ERR,
+		    "audit: au_write failed: %s", strerror(errno));
+		errx(1, "Permission denied");
 	}
-	(void) au_write(afd, token);
-	if (au_close(afd, 1, AUE_su) < 0) 
+	if (au_close(afd, 1, AUE_su) < 0) {
 		syslog(LOG_AUTH | LOG_ERR, "audit: record not committed");
+		errx(1, "Permission denied");
+	}
 }
 #endif
