Print this page
11842 Want audit events for auditon(A_SETPMASK) and friends
Reviewed by: John Levon <john.levon@joyent.com>
Reviewed by: Andy Fiddaman <andy@omniosce.org>

*** 3037,3048 **** e = AUE_AUDITON_GETCLASS; break; case A_SETCLASS: e = AUE_AUDITON_SETCLASS; break; default: ! e = AUE_NULL; break; } break; default: e = AUE_NULL; --- 3037,3061 ---- e = AUE_AUDITON_GETCLASS; break; case A_SETCLASS: e = AUE_AUDITON_SETCLASS; break; + case A_GETPINFO: + case A_GETPINFO_ADDR: + e = AUE_AUDITON_GETPINFO; + break; + case A_SETPMASK: + e = AUE_AUDITON_SETPMASK; + break; + case A_GETKAUDIT: + e = AUE_AUDITON_GETKAUDIT; + break; + case A_SETKAUDIT: + e = AUE_AUDITON_SETKAUDIT; + break; default: ! e = AUE_AUDITON_OTHER; break; } break; default: e = AUE_NULL;
*** 3059,3068 **** --- 3072,3082 ---- { klwp_t *clwp = ttolwp(curthread); uintptr_t a1, a2; STRUCT_DECL(auditinfo, ainfo); STRUCT_DECL(auditinfo_addr, ainfo_addr); + STRUCT_DECL(auditpinfo, apinfo); au_evclass_map_t event; au_mask_t mask; int auditstate, policy; au_id_t auid;
*** 3236,3245 **** --- 3250,3306 ---- au_uwrite(au_to_arg32( 2, "setclass:ec_event", (uint32_t)event.ec_number)); au_uwrite(au_to_arg32( 3, "setclass:ec_class", (uint32_t)event.ec_class)); break; + case AUE_AUDITON_SETPMASK: + STRUCT_INIT(apinfo, get_udatamodel()); + if (copyin((caddr_t)uap->a2, STRUCT_BUF(apinfo), + STRUCT_SIZE(apinfo))) { + return; + } + au_uwrite(au_to_arg32(3, "setpmask:pid", + (uint32_t)STRUCT_FGET(apinfo, ap_pid))); + au_uwrite(au_to_arg32(3, "setpmask:as_success", + (uint32_t)STRUCT_FGET(apinfo, ap_mask.as_success))); + au_uwrite(au_to_arg32(3, "setpmask:as_failure", + (uint32_t)STRUCT_FGET(apinfo, ap_mask.as_failure))); + break; + case AUE_AUDITON_SETKAUDIT: + STRUCT_INIT(ainfo_addr, get_udatamodel()); + if (copyin((caddr_t)a1, STRUCT_BUF(ainfo_addr), + STRUCT_SIZE(ainfo_addr))) { + return; + } + au_uwrite(au_to_arg32((char)1, "auid", + (uint32_t)STRUCT_FGET(ainfo_addr, ai_auid))); + #ifdef _LP64 + au_uwrite(au_to_arg64((char)1, "port", + (uint64_t)STRUCT_FGET(ainfo_addr, ai_termid.at_port))); + #else + au_uwrite(au_to_arg32((char)1, "port", + (uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_port))); + #endif + au_uwrite(au_to_arg32((char)1, "type", + (uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_type))); + if ((uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_type) == + AU_IPv4) { + au_uwrite(au_to_in_addr( + (struct in_addr *)STRUCT_FGETP(ainfo_addr, + ai_termid.at_addr))); + } else { + au_uwrite(au_to_in_addr_ex( + (int32_t *)STRUCT_FGETP(ainfo_addr, + ai_termid.at_addr))); + } + au_uwrite(au_to_arg32((char)1, "as_success", + (uint32_t)STRUCT_FGET(ainfo_addr, ai_mask.as_success))); + au_uwrite(au_to_arg32((char)1, "as_failure", + (uint32_t)STRUCT_FGET(ainfo_addr, ai_mask.as_failure))); + au_uwrite(au_to_arg32((char)1, "asid", + (uint32_t)STRUCT_FGET(ainfo_addr, ai_asid))); + break; case AUE_GETAUID: case AUE_GETAUDIT: case AUE_GETAUDIT_ADDR: case AUE_AUDIT: case AUE_AUDITON_GPOLICY:
*** 3250,3259 **** --- 3311,3323 ---- case AUE_AUDITON_GETCAR: case AUE_AUDITON_GETSTAT: case AUE_AUDITON_SETSTAT: case AUE_AUDITON_GETCOND: case AUE_AUDITON_GETCLASS: + case AUE_AUDITON_GETPINFO: + case AUE_AUDITON_GETKAUDIT: + case AUE_AUDITON_OTHER: break; default: break; }