From ce8c6d71f56e1b68e6dc48596a61d8a96dd32adb Mon Sep 17 00:00:00 2001
From: "Christian S.J. Peron" <csjp@FreeBSD.org>
Date: Sat, 4 Apr 2009 20:58:18 +0000
Subject: [PATCH] Fixup the parameters to audit_submit(3) the order is errno
 then return value.  This bug went un-noticed for so long because EPERM == 1

MFC after:	1 week
Spotted by:	sson, rwatson
---
 usr.bin/su/su.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c
index 36d832685cc7..5dcb24a4064e 100644
--- a/usr.bin/su/su.c
+++ b/usr.bin/su/su.c
@@ -231,7 +231,7 @@ main(int argc, char *argv[])
 	if (strlen(user) > MAXLOGNAME - 1) {
 #ifdef USE_BSM_AUDIT
 		if (audit_submit(AUE_su, auid,
-		    1, EPERM, "username too long: '%s'", user))
+		    EPERM, 1, "username too long: '%s'", user))
 			errx(1, "Permission denied");
 #endif
 		errx(1, "username too long");
@@ -264,7 +264,7 @@ main(int argc, char *argv[])
 		pwd = getpwuid(ruid);
 	if (pwd == NULL) {
 #ifdef USE_BSM_AUDIT
-		if (audit_submit(AUE_su, auid, 1, EPERM,
+		if (audit_submit(AUE_su, auid, EPERM, 1,
 		    "unable to determine invoking subject: '%s'", username))
 			errx(1, "Permission denied");
 #endif
@@ -305,7 +305,7 @@ main(int argc, char *argv[])
 	retcode = pam_authenticate(pamh, 0);
 	if (retcode != PAM_SUCCESS) {
 #ifdef USE_BSM_AUDIT
-		if (audit_submit(AUE_su, auid, 1, EPERM, "bad su %s to %s on %s",
+		if (audit_submit(AUE_su, auid, EPERM, 1, "bad su %s to %s on %s",
 		    username, user, mytty))
 			errx(1, "Permission denied");
 #endif
@@ -326,7 +326,7 @@ main(int argc, char *argv[])
 	pwd = getpwnam(user);
 	if (pwd == NULL) {
 #ifdef USE_BSM_AUDIT
-		if (audit_submit(AUE_su, auid, 1, EPERM,
+		if (audit_submit(AUE_su, auid, EPERM, 1,
 		    "unknown subject: %s", user))
 			errx(1, "Permission denied");
 #endif
@@ -342,7 +342,7 @@ main(int argc, char *argv[])
 			aerr = pam_strerror(pamh, retcode);
 			if (aerr == NULL)
 				aerr = "Unknown PAM error";
-			if (audit_submit(AUE_su, auid, 1, EPERM,
+			if (audit_submit(AUE_su, auid, EPERM, 1,
 			    "pam_chauthtok: %s", aerr))
 				errx(1, "Permission denied");
 #endif
@@ -353,7 +353,7 @@ main(int argc, char *argv[])
 	}
 	if (retcode != PAM_SUCCESS) {
 #ifdef USE_BSM_AUDIT
-		if (audit_submit(AUE_su, auid, 1, EPERM, "pam_acct_mgmt: %s",
+		if (audit_submit(AUE_su, auid, EPERM, 1, "pam_acct_mgmt: %s",
 		    pam_strerror(pamh, retcode)))
 			errx(1, "Permission denied");
 #endif
@@ -368,7 +368,7 @@ main(int argc, char *argv[])
 	else {
 		if (ruid != 0) {
 #ifdef USE_BSM_AUDIT
-			if (audit_submit(AUE_su, auid, 1, EPERM,
+			if (audit_submit(AUE_su, auid, EPERM, 1,
 			    "only root may use -c"))
 				errx(1, "Permission denied");
 #endif