Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/sudo/patches/audit-event.patch
author April Chin <april.chin@oracle.com>
Mon, 15 Apr 2013 14:29:47 -0700
branchs11u1-sru
changeset 2570 40da38c985e9
parent 840 926eb95ceab3
permissions -rw-r--r--
16424604 Upgrade sudo to 1.8.6p7 16424574 problem in UTILITY/SUDO

au_* calls need correct parameters.
This legacy auditing will later be replaced by Solaris adt_* calls,
so in the future, use of bsm_audit.c and configuring --with-bsm-audit will 
be removed.

--- sudo-1.8.6p7.orig/plugins/sudoers/bsm_audit.c	2012-09-18 06:56:29.000000000 -0700
+++ sudo-1.8.6p7/plugins/sudoers/bsm_audit.c	2013-03-07 10:18:20.309947000 -0800
@@ -31,8 +31,8 @@
 #include <unistd.h>
 
 #include "gettext.h"
-#include "error.h"
 #include "sudo_debug.h"
+#include "error.h"
 #include "bsm_audit.h"
 
 /*
@@ -103,7 +103,7 @@ bsm_audit_success(char **exec_args)
 		error(1, _("au_open: failed"));
 	if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) {
 		tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
-		    getuid(), pid, pid, &ainfo_addr.ai_termid);
+		    getgid(), pid, ainfo_addr.ai_asid, &ainfo_addr.ai_termid);
 	} else if (errno == ENOSYS) {
 		/*
 		 * NB: We should probably watch out for ERANGE here.
@@ -111,7 +111,7 @@ bsm_audit_success(char **exec_args)
 		if (getaudit(&ainfo) < 0)
 			error(1, _("getaudit: failed"));
 		tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
-		    getuid(), pid, pid, &ainfo.ai_termid);
+		    getgid(), pid, ainfo.ai_asid, &ainfo.ai_termid);
 	} else
 		error(1, _("getaudit: failed"));
 	if (tok == NULL)
@@ -125,7 +125,7 @@ bsm_audit_success(char **exec_args)
 	if (tok == NULL)
 		error(1, _("au_to_return32: failed"));
 	au_write(aufd, tok);
-	if (au_close(aufd, 1, AUE_sudo) == -1)
+	if (au_close(aufd, 1, AUE_sudo, PAD_FAILURE) == -1)
 		error(1, _("unable to commit audit record"));
 	debug_return;
 }
@@ -147,7 +147,7 @@ bsm_audit_failure(char **exec_args, char
 	/*
 	 * If we are not auditing, don't cut an audit record; just return.
 	 */
-	if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
+	if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) {
 		if (errno == AUDIT_NOT_CONFIGURED)
 			debug_return;
 		error(1, _("Could not determine audit condition"));
@@ -162,12 +162,12 @@ bsm_audit_failure(char **exec_args, char
 		error(1, _("au_open: failed"));
 	if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { 
 		tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
-		    getuid(), pid, pid, &ainfo_addr.ai_termid);
+		    getgid(), pid, ainfo_addr.ai_asid, &ainfo_addr.ai_termid);
 	} else if (errno == ENOSYS) {
 		if (getaudit(&ainfo) < 0) 
 			error(1, _("getaudit: failed"));
 		tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
-		    getuid(), pid, pid, &ainfo.ai_termid);
+		    getgid(), pid, ainfo.ai_asid, &ainfo.ai_termid);
 	} else
 		error(1, _("getaudit: failed"));
 	if (tok == NULL)
@@ -186,7 +186,7 @@ bsm_audit_failure(char **exec_args, char
 	if (tok == NULL)
 		error(1, _("au_to_return32: failed"));
 	au_write(aufd, tok);
-	if (au_close(aufd, 1, AUE_sudo) == -1)
+	if (au_close(aufd, 1, AUE_sudo, PAD_FAILURE) == -1)
 		error(1, _("unable to commit audit record"));
 	debug_return;
 }
upstream/oracle/userland-gate