diff options
| author | rwatson <rwatson@FreeBSD.org> | 2006-09-02 09:37:14 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2006-09-02 09:37:14 +0000 |
| commit | e86b2a5131a6575e8e4b17f21553484bf3b4e10a (patch) | |
| tree | f36e3bba2ecfb18a99c49d7889250decdf5482b4 /contrib/openbsm/bin | |
| parent | 8200abddc789c92675a0141579b02a8f3eb03c74 (diff) | |
| parent | 24713adf4396d925450ece7ee61082d0bed8b75a (diff) | |
| download | FreeBSD-src-e86b2a5131a6575e8e4b17f21553484bf3b4e10a.zip FreeBSD-src-e86b2a5131a6575e8e4b17f21553484bf3b4e10a.tar.gz | |
This commit was generated by cvs2svn to compensate for changes in r161863,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'contrib/openbsm/bin')
| -rw-r--r-- | contrib/openbsm/bin/auditd/auditd.c | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/contrib/openbsm/bin/auditd/auditd.c b/contrib/openbsm/bin/auditd/auditd.c index 3996081..838424e 100644 --- a/contrib/openbsm/bin/auditd/auditd.c +++ b/contrib/openbsm/bin/auditd/auditd.c @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#17 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#18 $ */ #include <sys/types.h> @@ -366,6 +366,7 @@ read_control_file(void) static int close_all(void) { + struct auditinfo ai; int err_ret = 0; char TS[POSTFIX_LEN]; int aufd; @@ -378,6 +379,17 @@ close_all(void) else { if ((tok = au_to_text("auditd::Audit shutdown")) != NULL) au_write(aufd, tok); + /* + * XXX we need to implement extended subject tokens so we can + * effectively represent terminal lines with this token type. + */ + bzero(&ai, sizeof(ai)); + if ((tok = au_to_subject32(getuid(), geteuid(), getegid(), + getuid(), getgid(), getpid(), getpid(), &ai.ai_termid)) + != NULL) + au_write(aufd, tok); + if ((tok = au_to_return32(0, 0)) != NULL) + au_write(aufd, tok); if (au_close(aufd, 1, AUE_audit_shutdown) == -1) syslog(LOG_ERR, "Could not close audit shutdown event."); @@ -745,6 +757,7 @@ config_audit_controls(void) static void setup(void) { + struct auditinfo ai; auditinfo_t auinfo; int aufd; token_t *tok; @@ -781,8 +794,20 @@ setup(void) if ((aufd = au_open()) == -1) syslog(LOG_ERR, "Could not create audit startup event."); else { + /* + * XXXCSJP Perhaps we wan't more robust audit records for + * audit start up and shutdown. This might include capturing + * failures to initialize the audit subsystem? + */ + bzero(&ai, sizeof(ai)); + if ((tok = au_to_subject32(getuid(), geteuid(), getegid(), + getuid(), getgid(), getpid(), getpid(), &ai.ai_termid)) + != NULL) + au_write(aufd, tok); if ((tok = au_to_text("auditd::Audit startup")) != NULL) au_write(aufd, tok); + if ((tok = au_to_return32(0, 0)) != NULL) + au_write(aufd, tok); if (au_close(aufd, 1, AUE_audit_startup) == -1) syslog(LOG_ERR, "Could not close audit startup event."); |
