PERFORCE change 92112 for review

Christian S.J. Peron csjp at FreeBSD.org
Mon Feb 20 21:11:44 PST 2006 

http://perforce.freebsd.org/chv.cgi?CH=92112

Change 92112 by csjp at csjp_xor on 2006/02/21 05:10:49

	Overhaul error handling logic here. The subject shouldn't know anything about
	the auditing configuration concerning them. So, instead of printing errors
	to stderr which gives away information about auditing config, print a vague
	message to stderr and log the details to syslog (LOG_AUTH|LOG_ERR).
	This is a CAPP requirement.

Affected files ...

.. //depot/projects/trustedbsd/audit3/usr.bin/login/login_audit.c#12 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/usr.bin/login/login_audit.c#12 (text+ko) ====

@@ -43,6 +43,7 @@
 #include <errno.h>
 #include <pwd.h>
 #include <stdio.h>
+#include <syslog.h>
 
 #include "login.h"
 
@@ -72,37 +73,55 @@
  	if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
 		if (errno == ENOSYS)
 			return;
-		err(1, "login: Could not determine audit condition");
+		syslog(LOG_AUTH | LOG_ERR,
+		    "Could not determine audit condition: %s",
+		    strerror(errno));
+		errx(1, "Permission denied");
 	}
 	if (au_cond == AUC_NOAUDIT)
 		return;
 
 	/* Compute and set the user's preselection mask. */
-	if (au_user_mask(pwd->pw_name, &aumask) == -1)
-		errx(1, "login: Could not set audit mask\n");
+	if (au_user_mask(pwd->pw_name, &aumask) == -1) {
+		syslog(LOG_AUTH | LOG_ERR,
+		    "Could not set audit mask: %s", strerror(errno));
+		errx(1, "Permission denied");
+	}
 
 	/* Set the audit info for the user. */
 	auinfo.ai_auid = uid;
 	auinfo.ai_asid = pid;
 	bcopy(&tid, &auinfo.ai_termid, sizeof(auinfo.ai_termid));
 	bcopy(&aumask, &auinfo.ai_mask, sizeof(auinfo.ai_mask));
-	if (setaudit(&auinfo) != 0)
-		err(1, "login: setaudit failed");
+	if (setaudit(&auinfo) != 0) {
+		syslog(LOG_AUTH | LOG_ERR, "setaudit failed: %s",
+		    strerror(errno));
+		errx(1, "Permission denied");
+	}
 
-	if ((aufd = au_open()) == -1)
-		errx(1,"login: Audit Error: au_open() failed");
+	if ((aufd = au_open()) == -1) {
+		syslog(LOG_AUTH | LOG_ERR, "au_open failed: %s",
+		    strerror(errno));
+		errx(1,"Permission denied");
+	}
 
 	if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, pid,
-	    pid, &tid)) == NULL)
-		errx(1, "login: Audit Error: au_to_subject32() failed");
+	    pid, &tid)) == NULL) {
+		syslog(LOG_AUTH | LOG_ERR, "au_to_subject32 failed");
+		errx(1, "Permission denied");
+	}
 	au_write(aufd, tok);
 
-	if ((tok = au_to_return32(0, 0)) == NULL)
-		errx(1, "login: Audit Error: au_to_return32() failed");
+	if ((tok = au_to_return32(0, 0)) == NULL) {
+		syslog(LOG_AUTH | LOG_ERR, "au_to_return32 failed");
+		errx(1, "Permission denied");
+	}
 	au_write(aufd, tok);
 
-	if (au_close(aufd, 1, AUE_login) == -1)
-		errx(1, "login: Audit Record was not committed.");
+	if (au_close(aufd, 1, AUE_login) == -1) {
+		syslog(LOG_AUTH | LOG_ERR, "audit record not committed");
+		errx(1, "Permission denied");
+	}
 }
 
 /*
@@ -123,13 +142,19 @@
  	if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
 		if (errno == ENOSYS)
 			return;
-		err(1, "login: Could not determine audit condition");
+		syslog(LOG_AUTH | LOG_ERR,
+		    "could not determine audit condition: %s",
+		    strerror(errno));
+		errx(1, "Permission denied");
 	}
 	if (au_cond == AUC_NOAUDIT)
 		return;
 
-	if ((aufd = au_open()) == -1)
-		errx(1, "login: Audit Error: au_open() failed");
+	if ((aufd = au_open()) == -1) {
+		syslog(LOG_AUTH | LOG_ERR, "au_open failed: %s",
+		    strerror(errno));
+		errx(1, "Permission denied");
+	}
 
 	if (na) {
 		/*
@@ -137,29 +162,41 @@
 		 * within a user's session => auid,asid == -1.
 		 */
 		if ((tok = au_to_subject32(-1, geteuid(), getegid(), -1, -1,
-		    pid, -1, &tid)) == NULL)
-			errx(1, "login: Audit Error: au_to_subject32() failed");
+		    pid, -1, &tid)) == NULL) {
+			syslog(LOG_AUTH | LOG_ERR, "au_to_subject32 failed");
+			errx(1, "Permission denied");
+		}
 	} else {
 		/* We know the subject -- so use its value instead. */
 		uid = pwd->pw_uid;
 		gid = pwd->pw_gid;
 		if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid,
-		    gid, pid, pid, &tid)) == NULL)
-			errx(1, "login: Audit Error: au_to_subject32() failed");
+		    gid, pid, pid, &tid)) == NULL) {
+			syslog(LOG_AUTH | LOG_ERR, "au_to_subject32 failed");
+			errx(1, "Permission denied");
+		}
 	}
 	au_write(aufd, tok);
 
 	/* Include the error message. */
-	if ((tok = au_to_text(errmsg)) == NULL)
-		errx(1, "login: Audit Error: au_to_text() failed");
+	if ((tok = au_to_text(errmsg)) == NULL) {
+		syslog(LOG_AUTH | LOG_ERR, "au_to_text failed");
+		errx(1, "Permission denied");
+	}
 	au_write(aufd, tok);
 
-	if ((tok = au_to_return32(1, errno)) == NULL)
-		errx(1, "login: Audit Error: au_to_return32() failed");
+	if ((tok = au_to_return32(1, errno)) == NULL) {
+		syslog(LOG_AUTH | LOG_ERR,
+		    "login: Audit Error: au_to_return32() failed");
+		errx(1, "Permission denied");
+	}
 	au_write(aufd, tok);
 
-	if (au_close(aufd, 1, AUE_login) == -1)
-		errx(1, "login: Audit Error: au_close() was not committed");
+	if (au_close(aufd, 1, AUE_login) == -1) {
+		syslog(LOG_AUTH | LOG_ERR,
+		    "login: Audit Error: au_close() was not committed");
+		errx(1, "Permission denied");
+	}
 }
 
 /*
@@ -182,25 +219,39 @@
  	if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
 		if (errno == ENOSYS)
 			return;
-		errx(1, "login: Could not determine audit condition");
+		syslog(LOG_AUTH | LOG_ERR,
+		    "login: Could not determine audit condition: %s",
+		    strerror(errno));
+		errx(1, "Permission denied");
 	}
 	if (au_cond == AUC_NOAUDIT)
 		return;
 
-	if ((aufd = au_open()) == -1)
-		errx(1, "login: Audit Error: au_open() failed");
+	if ((aufd = au_open()) == -1) {
+		syslog(LOG_AUTH | LOG_ERR,
+		    "login: Audit Error: au_open() failed");
+		errx(1, "Permission denied");
+	}
 
 	/* The subject that is created (euid, egid of the current process). */
 	if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, pid,
-	    pid, &tid)) == NULL)
-		errx(1, "login: Audit Error: au_to_subject32() failed");
+	    pid, &tid)) == NULL) {
+		syslog(LOG_AUTH | LOG_ERR,
+		    "login: Audit Error: au_to_subject32() failed");
+		errx(1, "Permission denied");
+	}
 	au_write(aufd, tok);
 
-	if ((tok = au_to_return32(0, 0)) == NULL)
-		errx(1, "login: Audit Error: au_to_return32() failed");
+	if ((tok = au_to_return32(0, 0)) == NULL) {
+		syslog(LOG_AUTH | LOG_ERR,
+		    "login: Audit Error: au_to_return32() failed");
+		errx(1, "Permission denied");
+	}
 	au_write(aufd, tok);
 
-	if (au_close(aufd, 1, AUE_logout) == -1)
-		errx(1, "login: Audit Record was not committed.");
+	if (au_close(aufd, 1, AUE_logout) == -1) {
+		syslog(LOG_AUTH | LOG_ERR, "Audit Record was not committed.");
+		errx(1, "Permission denied");
+	}
 }
 #endif	/* USE_BSM_AUDIT */

More information about the trustedbsd-cvs mailing list