--- a/usr/src/cmd/audit/audit.c Tue Aug 01 14:01:35 2006 -0700
+++ b/usr/src/cmd/audit/audit.c Tue Aug 01 15:39:54 2006 -0700
@@ -2,9 +2,8 @@
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
@@ -61,7 +60,7 @@
static boolean_t is_audit_control_ok(char *); /* file validation */
static boolean_t is_valid_zone(boolean_t); /* operation ok in this zone? */
-static void start_auditd(); /* start audit daemon */
+static int start_auditd(); /* start audit daemon */
/*
* audit() - This program serves as a general administrator's interface to
@@ -129,21 +128,24 @@
else if (!is_audit_control_ok(NULL))
exit(7);
- start_auditd();
- break;
+ return (start_auditd());
case 't':
if (!is_valid_zone(0)) /* 0 == no error message display */
- exit(0);
- /* use bmsunconv to permanently disable, -t for temporary */
- if (smf_disable_instance(instance_name, SMF_TEMPORARY) != 0)
+ exit(10);
+ /* use bmsunconv to permanently disable, -t for temporary */
+ if (smf_disable_instance(instance_name, SMF_TEMPORARY) != 0) {
display_smf_error();
+ exit(11);
+ }
break;
case 'T':
+ silent = 1;
if (!is_valid_zone(0)) /* 0 == no error message display */
- exit(0);
+ exit(10);
- (void) smf_disable_instance(instance_name, SMF_TEMPORARY);
- silent = 1;
+ if (smf_disable_instance(instance_name, SMF_TEMPORARY) != 0) {
+ exit(11);
+ }
break;
case 'v':
if (is_audit_control_ok(first_option)) {
@@ -158,20 +160,15 @@
exit(6);
}
- if (get_auditd_pid(&pid) != 0) {
- if (silent) {
- exit(0);
- } else {
- (void) fprintf(stderr, "%s: %s\n", progname, gettext(
- "can't get process id of auditd from audit_data(4)"));
+ if (sig != 0) {
+ if (get_auditd_pid(&pid) != 0) {
+ (void) fprintf(stderr, "%s: %s\n", progname,
+ gettext("can't get process id of auditd from "
+ "audit_data(4)"));
exit(4);
}
- }
- if ((sig != 0) && (kill(pid, sig) != 0)) {
- if (silent) {
- exit(0);
- } else {
+ if (kill(pid, sig) != 0) {
perror(progname);
(void) fprintf(stderr,
gettext("%s: cannot signal auditd\n"), progname);
@@ -345,7 +342,7 @@
* First check to see if c2audit is loaded via the auditon()
* system call, then check SMF state.
*/
-static void
+static int
start_auditd()
{
int audit_state;
@@ -353,20 +350,27 @@
if (auditon(A_GETCOND, (caddr_t)&audit_state,
sizeof (audit_state)) != 0)
- return;
+ return (12);
if ((state = smf_get_state(instance_name)) == NULL) {
display_smf_error();
- return;
+ return (13);
}
if (strcmp(SCF_STATE_STRING_ONLINE, state) != 0) {
- if (smf_enable_instance(instance_name, 0) != 0)
+ if (smf_enable_instance(instance_name, 0) != 0) {
display_smf_error();
+ free(state);
+ return (14);
+ }
} else {
- if (smf_refresh_instance(instance_name) != 0)
+ if (smf_refresh_instance(instance_name) != 0) {
display_smf_error();
+ free(state);
+ return (15);
+ }
}
free(state);
+ return (0);
}
static void
@@ -381,7 +385,7 @@
instance_name);
break;
default:
- (void) fprintf(stderr, "SMF error %d\n", rc);
+ (void) fprintf(stderr, "SMF error: %s\n", scf_strerror(rc));
break;
}
}
--- a/usr/src/cmd/init/init.c Tue Aug 01 14:01:35 2006 -0700
+++ b/usr/src/cmd/init/init.c Tue Aug 01 15:39:54 2006 -0700
@@ -225,7 +225,6 @@
* Flags to indicate properties of various states.
*/
#define LSEL_RUNLEVEL 0x0001 /* runlevels you can transition to */
-#define LSEL_NOAUDIT 0x0002 /* levels with auditing disabled */
typedef struct lvl {
int lvl_state;
@@ -237,15 +236,15 @@
static lvl_t lvls[] = {
{ LVLQ, 0, 'Q', 0 },
{ LVLQ, 0, 'q', 0 },
- { LVL0, MASK0, '0', LSEL_RUNLEVEL | LSEL_NOAUDIT },
- { LVL1, MASK1, '1', LSEL_RUNLEVEL | LSEL_NOAUDIT },
+ { LVL0, MASK0, '0', LSEL_RUNLEVEL },
+ { LVL1, MASK1, '1', LSEL_RUNLEVEL },
{ LVL2, MASK2, '2', LSEL_RUNLEVEL },
{ LVL3, MASK3, '3', LSEL_RUNLEVEL },
{ LVL4, MASK4, '4', LSEL_RUNLEVEL },
- { LVL5, MASK5, '5', LSEL_RUNLEVEL | LSEL_NOAUDIT },
- { LVL6, MASK6, '6', LSEL_RUNLEVEL | LSEL_NOAUDIT },
- { SINGLE_USER, MASKSU, 'S', LSEL_RUNLEVEL | LSEL_NOAUDIT },
- { SINGLE_USER, MASKSU, 's', LSEL_RUNLEVEL | LSEL_NOAUDIT },
+ { LVL5, MASK5, '5', LSEL_RUNLEVEL },
+ { LVL6, MASK6, '6', LSEL_RUNLEVEL },
+ { SINGLE_USER, MASKSU, 'S', LSEL_RUNLEVEL },
+ { SINGLE_USER, MASKSU, 's', LSEL_RUNLEVEL },
{ LVLa, MASKa, 'a', 0 },
{ LVLb, MASKb, 'b', 0 },
{ LVLc, MASKc, 'c', 0 }
@@ -3479,7 +3478,6 @@
char *ln;
int init_signal;
struct stat sconbuf, conbuf;
- int turnoff = 0;
const char *usage_msg = "Usage: init [0123456SsQqabc]\n";
/*
@@ -3498,8 +3496,6 @@
exit(1);
}
- turnoff = LSEL_NOAUDIT & state_to_flags(init_signal);
-
if (init_signal == SINGLE_USER) {
/*
* Make sure this process is talking to a legal tty line
@@ -3555,17 +3551,7 @@
update_boot_archive(init_signal);
- if (audit_put_record(ADT_SUCCESS, ADT_SUCCESS, argv[1]) &&
- turnoff) {
- /* turn off audit daemon and try to flush audit queue */
-
- if (system("/usr/sbin/audit -t")) {
- (void) fprintf(stderr, "%s: can't turn off auditd\n",
- argv[0]);
- } else {
- (void) sleep(5);
- }
- }
+ (void) audit_put_record(ADT_SUCCESS, ADT_SUCCESS, argv[1]);
/*
* Signal init; init will take care of telling svc.startd.