9830 praudit should be able to map users and groups correctly
Review Request #1204 — Created Sept. 10, 2018 and submitted
| Information | |
|---|---|
| ptribble | |
| illumos-gate | |
| 9830 | |
| Reviewers | |
| general | |
It's common to aggregate audit logs on a central system. Currently, running praudit then resolves uids and gids back to names on the system where praudit runs, which may be completely wrong.
This fix allows the user to copy the group and passwd files to the aggregated system and point praudit at those files. It does this by preloading the uid and gid caches introduced in 9106.
Run praudit with the -p and -g flags, verified that it resolves uids and gids correctly. Verified that without the flags being used, we get the same (wrong) results as before.
jclulow
-
-
usr/src/cmd/praudit/format.c (Diff revision 1) We should be checking for and handling failures from
fgetpwent()here, so that the program doesn't silently accept an error and move on. -
-
usr/src/cmd/praudit/main.c (Diff revision 1) It looks like these definitions should go in
praudit.h, rather than directly here. -
usr/src/cmd/praudit/main.c (Diff revision 1) pfis a pointer, so we should compare againstNULL; i.e.,if (pf != NULL) { -
usr/src/cmd/praudit/main.c (Diff revision 1) We should check the return of
fclose()here, even if just viaVERIFY0(fclose(pf)). Same withfclose(gf)a couple of lines down. -
-
usr/src/man/man1m/praudit.1m (Diff revision 1) Is there a period missing on the front of the line here?
-
usr/src/man/man1m/praudit.1m (Diff revision 1) Is this behaviour desirable? If the audit file is from a foreign system, would it not be more correct to use only the provided file and not fall back to IDs from the local system?
Change Summary:
Address feedback: check fgetpwent (although that catches essentially nothing); also tidy up usage message and comments.
Diff: |
Revision 2 (+111 -7) |
|---|
