components/sudo/patches/audit-event.patch
branchs11-sru
changeset 2285 cb43727425f0
parent 2273 f05fa0c3ac62
child 1209 5fd82ed384aa
--- a/components/sudo/patches/audit-event.patch	Tue May 29 15:25:04 2012 -0700
+++ b/components/sudo/patches/audit-event.patch	Tue Jun 05 09:51:55 2012 -0700
@@ -1,72 +1,63 @@
---- sudo-1.8.3p2/plugins/sudoers/bsm_audit.c	Fri Oct 21 14:01:25 2011
-+++ /tmp/bsm_audit.c	Mon Jan 30 17:06:00 2012
[email protected]@ -30,8 +30,10 @@
- #include <errno.h>
- #include <unistd.h>
- 
-+#include "gettext.h"
- #include "bsm_audit.h"
- 
-+
- /*
-  * Solaris auditon() returns EINVAL if BSM audit not configured.
-  * OpenBSM returns ENOSYS for unimplemented options.
[email protected]@ -100,7 +102,7 @@
+diff -rupN sudo-1.8.4p5.orig/plugins/sudoers/bsm_audit.c sudo-1.8.4p5/plugins/sudoers/bsm_audit.c
+--- sudo-1.8.4p5.orig/plugins/sudoers/bsm_audit.c	2012-03-29 10:37:01.000000000 -0700
++++ sudo-1.8.4p5/plugins/sudoers/bsm_audit.c	2012-05-18 14:20:39.003982000 -0700
[email protected]@ -104,7 +104,7 @@ bsm_audit_success(char **exec_args)
  		log_error(0, _("au_open: failed"));
  	if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) {
  		tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
 -		    getuid(), pid, pid, &ainfo_addr.ai_termid);
-+		    getuid(), pid, &ainfo_addr.ai_asid, &ainfo_addr.ai_termid);
++		    getuid(), pid, ainfo_addr.ai_asid, &ainfo_addr.ai_termid);
  	} else if (errno == ENOSYS) {
  		/*
  		 * NB: We should probably watch out for ERANGE here.
[email protected]@ -108,7 +110,7 @@
[email protected]@ -112,7 +112,7 @@ bsm_audit_success(char **exec_args)
  		if (getaudit(&ainfo) < 0)
  			log_error(0, _("getaudit: failed"));
  		tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
 -		    getuid(), pid, pid, &ainfo.ai_termid);
-+		    getuid(), pid, &ainfo.ai_asid, &ainfo.ai_termid);
++		    getuid(), pid, ainfo.ai_asid, &ainfo.ai_termid);
  	} else
  		log_error(0, _("getaudit: failed"));
  	if (tok == NULL)
[email protected]@ -122,7 +124,7 @@
[email protected]@ -126,7 +126,7 @@ bsm_audit_success(char **exec_args)
  	if (tok == NULL)
  		log_error(0, _("au_to_return32: failed"));
  	au_write(aufd, tok);
 -	if (au_close(aufd, 1, AUE_sudo) == -1)
 +	if (au_close(aufd, 1, AUE_sudo, PAD_FAILURE) == -1)
  		log_error(0, _("unable to commit audit record"));
+ 	debug_return;
  }
- 
[email protected]@ -142,7 +144,7 @@
[email protected]@ -148,7 +148,7 @@ bsm_audit_failure(char **exec_args, char
  	/*
  	 * If we are not auditing, don't cut an audit record; just return.
  	 */
 -	if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
 +	if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) {
  		if (errno == AUDIT_NOT_CONFIGURED)
- 			return;
+ 			debug_return;
  		log_error(0, _("Could not determine audit condition"));
[email protected]@ -157,12 +159,12 @@
[email protected]@ -163,12 +163,12 @@ bsm_audit_failure(char **exec_args, char
  		log_error(0, _("au_open: failed"));
  	if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { 
  		tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
 -		    getuid(), pid, pid, &ainfo_addr.ai_termid);
-+		    getuid(), pid, &ainfo_addr.ai_asid, &ainfo_addr.ai_termid);
++		    getuid(), pid, ainfo_addr.ai_asid, &ainfo_addr.ai_termid);
  	} else if (errno == ENOSYS) {
  		if (getaudit(&ainfo) < 0) 
  			log_error(0, _("getaudit: failed"));
  		tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
 -		    getuid(), pid, pid, &ainfo.ai_termid);
-+		    getuid(), pid, &ainfo.ai_asid, &ainfo.ai_termid);
++		    getuid(), pid, ainfo.ai_asid, &ainfo.ai_termid);
  	} else
  		log_error(0, _("getaudit: failed"));
  	if (tok == NULL)
[email protected]@ -181,6 +183,6 @@
[email protected]@ -187,7 +187,7 @@ bsm_audit_failure(char **exec_args, char
  	if (tok == NULL)
  		log_error(0, _("au_to_return32: failed"));
  	au_write(aufd, tok);
 -	if (au_close(aufd, 1, AUE_sudo) == -1)
 +	if (au_close(aufd, 1, AUE_sudo, PAD_FAILURE) == -1)
  		log_error(0, _("unable to commit audit record"));
+ 	debug_return;
  }