Print this page
11842 Want audit events for auditon(A_SETPMASK) and friends
Reviewed by: John Levon <john.levon@joyent.com>
Reviewed by: Andy Fiddaman <andy@omniosce.org>
@@ -3037,12 +3037,25 @@
e = AUE_AUDITON_GETCLASS;
break;
case A_SETCLASS:
e = AUE_AUDITON_SETCLASS;
break;
+ case A_GETPINFO:
+ case A_GETPINFO_ADDR:
+ e = AUE_AUDITON_GETPINFO;
+ break;
+ case A_SETPMASK:
+ e = AUE_AUDITON_SETPMASK;
+ break;
+ case A_GETKAUDIT:
+ e = AUE_AUDITON_GETKAUDIT;
+ break;
+ case A_SETKAUDIT:
+ e = AUE_AUDITON_SETKAUDIT;
+ break;
default:
- e = AUE_NULL;
+ e = AUE_AUDITON_OTHER;
break;
}
break;
default:
e = AUE_NULL;
@@ -3059,10 +3072,11 @@
{
klwp_t *clwp = ttolwp(curthread);
uintptr_t a1, a2;
STRUCT_DECL(auditinfo, ainfo);
STRUCT_DECL(auditinfo_addr, ainfo_addr);
+ STRUCT_DECL(auditpinfo, apinfo);
au_evclass_map_t event;
au_mask_t mask;
int auditstate, policy;
au_id_t auid;
@@ -3236,10 +3250,57 @@
au_uwrite(au_to_arg32(
2, "setclass:ec_event", (uint32_t)event.ec_number));
au_uwrite(au_to_arg32(
3, "setclass:ec_class", (uint32_t)event.ec_class));
break;
+ case AUE_AUDITON_SETPMASK:
+ STRUCT_INIT(apinfo, get_udatamodel());
+ if (copyin((caddr_t)uap->a2, STRUCT_BUF(apinfo),
+ STRUCT_SIZE(apinfo))) {
+ return;
+ }
+ au_uwrite(au_to_arg32(3, "setpmask:pid",
+ (uint32_t)STRUCT_FGET(apinfo, ap_pid)));
+ au_uwrite(au_to_arg32(3, "setpmask:as_success",
+ (uint32_t)STRUCT_FGET(apinfo, ap_mask.as_success)));
+ au_uwrite(au_to_arg32(3, "setpmask:as_failure",
+ (uint32_t)STRUCT_FGET(apinfo, ap_mask.as_failure)));
+ break;
+ case AUE_AUDITON_SETKAUDIT:
+ STRUCT_INIT(ainfo_addr, get_udatamodel());
+ if (copyin((caddr_t)a1, STRUCT_BUF(ainfo_addr),
+ STRUCT_SIZE(ainfo_addr))) {
+ return;
+ }
+ au_uwrite(au_to_arg32((char)1, "auid",
+ (uint32_t)STRUCT_FGET(ainfo_addr, ai_auid)));
+#ifdef _LP64
+ au_uwrite(au_to_arg64((char)1, "port",
+ (uint64_t)STRUCT_FGET(ainfo_addr, ai_termid.at_port)));
+#else
+ au_uwrite(au_to_arg32((char)1, "port",
+ (uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_port)));
+#endif
+ au_uwrite(au_to_arg32((char)1, "type",
+ (uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_type)));
+ if ((uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_type) ==
+ AU_IPv4) {
+ au_uwrite(au_to_in_addr(
+ (struct in_addr *)STRUCT_FGETP(ainfo_addr,
+ ai_termid.at_addr)));
+ } else {
+ au_uwrite(au_to_in_addr_ex(
+ (int32_t *)STRUCT_FGETP(ainfo_addr,
+ ai_termid.at_addr)));
+ }
+ au_uwrite(au_to_arg32((char)1, "as_success",
+ (uint32_t)STRUCT_FGET(ainfo_addr, ai_mask.as_success)));
+ au_uwrite(au_to_arg32((char)1, "as_failure",
+ (uint32_t)STRUCT_FGET(ainfo_addr, ai_mask.as_failure)));
+ au_uwrite(au_to_arg32((char)1, "asid",
+ (uint32_t)STRUCT_FGET(ainfo_addr, ai_asid)));
+ break;
case AUE_GETAUID:
case AUE_GETAUDIT:
case AUE_GETAUDIT_ADDR:
case AUE_AUDIT:
case AUE_AUDITON_GPOLICY:
@@ -3250,10 +3311,13 @@
case AUE_AUDITON_GETCAR:
case AUE_AUDITON_GETSTAT:
case AUE_AUDITON_SETSTAT:
case AUE_AUDITON_GETCOND:
case AUE_AUDITON_GETCLASS:
+ case AUE_AUDITON_GETPINFO:
+ case AUE_AUDITON_GETKAUDIT:
+ case AUE_AUDITON_OTHER:
break;
default:
break;
}