# HG changeset patch # User paulson # Date 1154471994 25200 # Node ID 707ff18f999425f0e31460b76bd3000756ed4e1e # Parent 6c2485164a0801ae3af8de983e87e41b59c9ecf5 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() 6377862 init gratuitously calls 'audit -t' and does so using the wrong run-levels 6378200 audit(1M) incorrectly returns zero upon failure for some options diff -r 6c2485164a08 -r 707ff18f9994 usr/src/cmd/audit/audit.c --- a/usr/src/cmd/audit/audit.c Tue Aug 01 14:01:35 2006 -0700 +++ b/usr/src/cmd/audit/audit.c Tue Aug 01 15:39:54 2006 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" @@ -61,7 +60,7 @@ static boolean_t is_audit_control_ok(char *); /* file validation */ static boolean_t is_valid_zone(boolean_t); /* operation ok in this zone? */ -static void start_auditd(); /* start audit daemon */ +static int start_auditd(); /* start audit daemon */ /* * audit() - This program serves as a general administrator's interface to @@ -129,21 +128,24 @@ else if (!is_audit_control_ok(NULL)) exit(7); - start_auditd(); - break; + return (start_auditd()); case 't': if (!is_valid_zone(0)) /* 0 == no error message display */ - exit(0); - /* use bmsunconv to permanently disable, -t for temporary */ - if (smf_disable_instance(instance_name, SMF_TEMPORARY) != 0) + exit(10); + /* use bmsunconv to permanently disable, -t for temporary */ + if (smf_disable_instance(instance_name, SMF_TEMPORARY) != 0) { display_smf_error(); + exit(11); + } break; case 'T': + silent = 1; if (!is_valid_zone(0)) /* 0 == no error message display */ - exit(0); + exit(10); - (void) smf_disable_instance(instance_name, SMF_TEMPORARY); - silent = 1; + if (smf_disable_instance(instance_name, SMF_TEMPORARY) != 0) { + exit(11); + } break; case 'v': if (is_audit_control_ok(first_option)) { @@ -158,20 +160,15 @@ exit(6); } - if (get_auditd_pid(&pid) != 0) { - if (silent) { - exit(0); - } else { - (void) fprintf(stderr, "%s: %s\n", progname, gettext( - "can't get process id of auditd from audit_data(4)")); + if (sig != 0) { + if (get_auditd_pid(&pid) != 0) { + (void) fprintf(stderr, "%s: %s\n", progname, + gettext("can't get process id of auditd from " + "audit_data(4)")); exit(4); } - } - if ((sig != 0) && (kill(pid, sig) != 0)) { - if (silent) { - exit(0); - } else { + if (kill(pid, sig) != 0) { perror(progname); (void) fprintf(stderr, gettext("%s: cannot signal auditd\n"), progname); @@ -345,7 +342,7 @@ * First check to see if c2audit is loaded via the auditon() * system call, then check SMF state. */ -static void +static int start_auditd() { int audit_state; @@ -353,20 +350,27 @@ if (auditon(A_GETCOND, (caddr_t)&audit_state, sizeof (audit_state)) != 0) - return; + return (12); if ((state = smf_get_state(instance_name)) == NULL) { display_smf_error(); - return; + return (13); } if (strcmp(SCF_STATE_STRING_ONLINE, state) != 0) { - if (smf_enable_instance(instance_name, 0) != 0) + if (smf_enable_instance(instance_name, 0) != 0) { display_smf_error(); + free(state); + return (14); + } } else { - if (smf_refresh_instance(instance_name) != 0) + if (smf_refresh_instance(instance_name) != 0) { display_smf_error(); + free(state); + return (15); + } } free(state); + return (0); } static void @@ -381,7 +385,7 @@ instance_name); break; default: - (void) fprintf(stderr, "SMF error %d\n", rc); + (void) fprintf(stderr, "SMF error: %s\n", scf_strerror(rc)); break; } } diff -r 6c2485164a08 -r 707ff18f9994 usr/src/cmd/init/init.c --- a/usr/src/cmd/init/init.c Tue Aug 01 14:01:35 2006 -0700 +++ b/usr/src/cmd/init/init.c Tue Aug 01 15:39:54 2006 -0700 @@ -225,7 +225,6 @@ * Flags to indicate properties of various states. */ #define LSEL_RUNLEVEL 0x0001 /* runlevels you can transition to */ -#define LSEL_NOAUDIT 0x0002 /* levels with auditing disabled */ typedef struct lvl { int lvl_state; @@ -237,15 +236,15 @@ static lvl_t lvls[] = { { LVLQ, 0, 'Q', 0 }, { LVLQ, 0, 'q', 0 }, - { LVL0, MASK0, '0', LSEL_RUNLEVEL | LSEL_NOAUDIT }, - { LVL1, MASK1, '1', LSEL_RUNLEVEL | LSEL_NOAUDIT }, + { LVL0, MASK0, '0', LSEL_RUNLEVEL }, + { LVL1, MASK1, '1', LSEL_RUNLEVEL }, { LVL2, MASK2, '2', LSEL_RUNLEVEL }, { LVL3, MASK3, '3', LSEL_RUNLEVEL }, { LVL4, MASK4, '4', LSEL_RUNLEVEL }, - { LVL5, MASK5, '5', LSEL_RUNLEVEL | LSEL_NOAUDIT }, - { LVL6, MASK6, '6', LSEL_RUNLEVEL | LSEL_NOAUDIT }, - { SINGLE_USER, MASKSU, 'S', LSEL_RUNLEVEL | LSEL_NOAUDIT }, - { SINGLE_USER, MASKSU, 's', LSEL_RUNLEVEL | LSEL_NOAUDIT }, + { LVL5, MASK5, '5', LSEL_RUNLEVEL }, + { LVL6, MASK6, '6', LSEL_RUNLEVEL }, + { SINGLE_USER, MASKSU, 'S', LSEL_RUNLEVEL }, + { SINGLE_USER, MASKSU, 's', LSEL_RUNLEVEL }, { LVLa, MASKa, 'a', 0 }, { LVLb, MASKb, 'b', 0 }, { LVLc, MASKc, 'c', 0 } @@ -3479,7 +3478,6 @@ char *ln; int init_signal; struct stat sconbuf, conbuf; - int turnoff = 0; const char *usage_msg = "Usage: init [0123456SsQqabc]\n"; /* @@ -3498,8 +3496,6 @@ exit(1); } - turnoff = LSEL_NOAUDIT & state_to_flags(init_signal); - if (init_signal == SINGLE_USER) { /* * Make sure this process is talking to a legal tty line @@ -3555,17 +3551,7 @@ update_boot_archive(init_signal); - if (audit_put_record(ADT_SUCCESS, ADT_SUCCESS, argv[1]) && - turnoff) { - /* turn off audit daemon and try to flush audit queue */ - - if (system("/usr/sbin/audit -t")) { - (void) fprintf(stderr, "%s: can't turn off auditd\n", - argv[0]); - } else { - (void) sleep(5); - } - } + (void) audit_put_record(ADT_SUCCESS, ADT_SUCCESS, argv[1]); /* * Signal init; init will take care of telling svc.startd.